Security

SeedShuffler Security Features

SeedShuffler is a server less web application only requiring a client browser to operate. The user never type in their wallet seed phrase anywhere using SeedShuffler. The tool is a read-only application and can be used offline as well.

All operations, such as generating the Seedbook, displaying it, creating the Seedbook PDF and saving the PDF to your device, are performed securely in the browser and does not rely on any remote servers or third-party services. SeedShuffler can therefore also work in offline mode.

  • Shuffle algorithm using a CSRPNG (Cryptographically secure pseudorandom number generator).
  • 100% client based application.
  • 100% open source code.
  • Offline mode.
  • Strict Content Security Policy (CSP)
  • Sub resource Integrity (SRI)
  • A+ score on ssllabs.com
  • A+ score on securityheaders.com

DieFi Security Features

Default End-to-End Encryption

DieFi uses the strongest encryption algorithms and techniques available, combined with Blockchain and AI technologies. Our FIPS 140-2 compliant end-to-end encryption design ensures that only you have access to your data and no one else — not even FortKnoxster can access any data. In fact, the only thing we can see is your email address used for signing up. The DieFi cryptography consists of AES-GCM 256-bit symmetric encryption, RSA-OAEP/RSA-PSS 4096-bit encryption with SHA-512, and Elliptic Curve ECDH/ECDSA P-521 encryption.

Dead Man’s Switch

The decentralized Dead Man’s Switch feature consists of strong end-to-end encryption combined with a decentralized Key Management System (KMS) approach. DMS is using proxy re-encryption for secret key sharing with timed-based policy encryption through blockchain smart contracts on the Polygon Blockchain.

Hybrid-Dapp

DieFi consists of various decentralized components, such as decentralized storage, blockchain technology, and decentralized KMS to protect time-based encrypted data with proxy re-encryption (PRE).

For more information, please read our white-paper.

Zero-Knowledge Architecture

DieFi uses a zero-knowledge authentication scheme in which the user’s password never leaves the user’s device, keeping you in control of your private keys and confidential security information. FortKnoxster never transmits or stores passwords in plain text, as these are protected with hash-based encryption for zero-knowledge authentication.

FIPS 140-2 Compliant Encryption

FIPS 140-2 is a mandatory standard for the protection of sensitive or valuable data at government and military level systems. FortKnoxster uses FIPS 140-2 compliant encryption for securing customer data and communication at rest and in transit, with hardware security modules (HSM).

Peer-to-Peer Encryption Protocol

FortKnoxster has developed a unique peer-to-peer encryption protocol between users’ client devices and DieFi crypto nodes to protect against MITM attacks and prevent unauthorized account access beside the TLS layer. All critical user actions, such as fetching contacts and their public keys, account synchronization, and user settings (like account recovery, password change, and two-factor authentication), are both encrypted and cryptographically signed bidirectionally between the user device and the crypto nodes.

Open Source

Our source codes are open-sourced on GitHub and allow security researchers to fully evaluate the DieFi end-to-end encryption implementation and security.

Security Auditing

All DieFi related smart contracts have all been security audited prior to deployment on the Ethereum and Polygon Blockchains.

     

    Bug Bounty Program

    We are looking forward to working with the security community in order to keep our app as safe as possible. If you are a security-researcher, white-hat hacker or developer and want to report a vulnerability, please visit our contact page.