Zano Development Update (17–12–2020) — Secure Seeds and Hidden Treasure
Season’s greetings all! Your hard-earned Zano can never be too well secured, so we're pleased to bring you news of the latest update to the Zano wallets (desktop and mobile) that adds an additional layer of protection for your funds.
What is a Secure Seed?
Seed phrases began their history back in 2013 with BIP39, and have since become widespread. In simple terms, the seed phrase is a “humanized” form of recording a secret key, which is encoded not with hex characters or some other complex encoding, such as wallet addresses, but with a set of words commonly used in human language (English words for example). This form of notation, although it is redundant, allows you to avoid typical “human” mistakes — typos or missing characters, so if a mistake has been made it should be easy to spot.
What is their purpose?
The virtual world is full of surprises, and not all of them are pleasant. Who has not experienced the loss of valuable data in our time? Accidental deletion, software / hardware failure, forgotten passwords, laptop choked with rum spilled on it, stolen phone… The idea behind seed phrases was to create a convenient way to transfer the information needed to recover the secret key from online to offline (with the seed likely recorded on paper). Some people believe that 12 words can be reliably memorized (hence the concept of the “brainwallet” — a seed phrase stored only in the mind), but many people overestimate their ability to memorize random sequences of words, which they then bitterly regret.
Safe storage issues
If you have money saved up for a new game console in your Zano wallet, then a phrase printed on paper that is somewhere in your mom’s safe will be an acceptable solution, but if you can buy a new Boeing from your wallet, then storing such a seed phrase, even in a safe, might cause some concern.
We decided to offer our holders the opportunity to protect the seed phrase with a special password, and thus protect themselves from cases of unauthorized access to wallet funds. In cases where the seed phrase is password protected, even if the attacker finds a piece of paper with the seed phrase written on it, he will not be able to use the money (provided the seed phrase password is not written on the same sheet!).
What, another password? What The — ?!
For many, the need to remember one more password will cause understandable bewilderment or annoyance. Why do I need another password? The answer is simple — the people asking those questions probably do not need a password — they can continue to use an open seed phrase as, most likely, the funds stored in their wallet are not critical for them.
This functionality will be truly appreciated by people for whom these coins mean something! Copies of the Secure Seed can be kept in several places, for example, keep one copy in your mom’s safe, hide the other one in the car, upload one to the cloud, and keep another under your pillow. The chances that all 4 copies will be destroyed are almost negligible, while the money remains safe.
How it works.
You need to understand that the password that protects the seed phrase and the password that encrypts the wallet file are different things (although the same password can be used for both of them). You can think of this password as an additional word to the seed phrase, which is why it’s sometimes referred to as a “seed extension”, or “extension word”.
Starting with the new builds of the Zano wallet, the page on which you get the seed phrase now prompts you to enter a password that will protect the seed phrase:
This field can be left blank, and then a regular unprotected seed phrase will be generated. If a password was entered, then a unique seed phrase secured by that password will be generated:
This phrase will be marked with a fancy green padlock on the right to indicate that the seed phrase is safe. Now this phrase can be stored anywhere — you could even get it inked across your chest — but do bear in mind, if an attacker gets hold of your Secure Seed phrase, the only thing standing between them and your funds is the password, so you should make sure it is strong enough not to be easily guessed or brute-forced.
Now, if you choose to restore a wallet from a Secure Seed, upon entering the seed phrase the application will determine that this seed phrase is password protected, and an additional field for entering the password will appear:
Now you can sleep well knowing that your Boeing is safe.
What about old seed phrases?
Any seed phrase that has ever been generated by a Zano wallet will continue to work as normal. If it isn’t password protected it will be interpreted as an “unsecured” seed phrase and can still be restored at any time, now or in future builds. However, if you decide you’d like to use a Secured Seed phrase with your old wallet there’s no need to move the funds, you can just generate a new Secure Seed phrase for it. Keep in mind that the previously generated unsecured seed phrase will remain “an open door” to your wallet, so it would be best to make sure it can never be discovered by destroying all copies.
Cherry on the cake
Following Apple’s guidelines, we added a signature to our builds on macOS, and also added the so-called “notarization” of these builds. This means that Apple validates our build before we release it to the public and confirms that this software is safe. In practice, this means that now it will be possible to launch a newly downloaded application without disabling macOS warnings.
Hidden Treasure
The seed phrase used in the article is a real seed phrase for a real wallet with real coins. The password to this seed phrase is the answer to this question: “What drink could turn a Russian’s favorite tipple into an empty glass?”.
Wallet Download Links:
Windows/Mac/Linux: https://github.com/hyle-team/zano/releases/tag/1.1.7.114
iPhone: https://apps.apple.com/app/zano-wallet/id1506829937
Android: https://play.google.com/store/apps/details?id=com.zano_mobile
Join the Zano community:
Twitter: https://twitter.com/zano_project
Reddit: https://www.reddit.com/r/Zano/
Discord: https://discordapp.com/invite/wE3rmYY
Telegram: https://t.me/zanocoin
Bitcointalk: https://bitcointalk.org/index.php?topic=5090272.0