DAWN-291 ⁃ Hacked Account Recovery / Lost Password Recovery

[bytemaster]

The purpose of this ticket is to outline the use case relative to simple multi-sig:

Recovering from Hacked Accounts
User has an active private key they use for day-to-day signing of transactions, this key is likely to be compromised at some point in time. In this event they should use their owner permission to reset their active key. Sensitive transactions should be delayed for enough time after being published that they can be canceled after resetting active key.

Assuming the owner key is kept secure, a user should never lose funds. In practice, the owner key should be a multi-sig with a 3rd party who verifies all transfers of ownership. Ideally the 3rd party should not be able to prevent the transfer of ownership. This could imply that the active authority can trigger a change in the owner authority with a 30 day delay.

If owner key is same as active key but with the added requirement of a 3rd party, then the 3rd party will always be required but the user would only have to remember 1 password.

Recovering from Lost Password
A lost password implies the account holder no longer controls their active or owner key and therefore has lost control of their account. Ideally the owner key could be reset by a 3rd party assuming no account activity for 30 days prior to attempt to reset and after a 1 week notice period during which the account active/owner key can become active.

Recovery permission enables:

1. create deferred transaction to change owner permission if account has been in active for 30 days. The deferred transaction will only validate when applied if the account is still inactive for 30 days + 1 week at time applied.

To implement these features the blockchain needs the ability to:

1. track the last time active or owner was used
2. demand that a transaction has seasoned for a period of time before being applied
3. verify the permission level (active or owner) used to take particular actions and to change the behavior based upon the permission level used.

ATC:

• Ensure tests/chain_test runs successfully.

To run the specific multi-sig recovery test:
cd build
./tests/chain_test --run_test=recovery_tests/test_recovery_multisig_owner

[blockone-syncclient]

➤ Dhanesh Valappil commented:

There are not enough details about ATC to test it.
Also this was never assigned to anyone and no work logs found in JIRA

[PaulCalabrese]

Adding some more info here:
Ciju added a new test (recovery_tests/test_recovery_multisig_owner) that tested this scenario as part of the commit 75dedbb (75dedbb#diff-43389902c0fc8805343eeaf9aa00994f).

[bytemaster]

This issue is beleived complete and just in need of more tests.

[andriantolie]

ATC passes

[EugeneChung]

if account has been in active for 30 days -> if account has been inactive for 30 days