This is a repository for https://www.wallet.iota.hr.
This project is created for several reasons:
-
Currently, users of IOTA cryptocurrency have only the official desktop wallet at their disposal, Android and iOS wallets are currently in Beta development. Therefore, an IOTA user cannot access his wallet through smart devices.
-
IOTA uses SEED as login key. For many new users this is confusing since everyone is used to standard Email/Password login access. Thats why that type of login has been implemented into this wallet, enabeling easy access along with removing "problems" with SEED login but still keeping security of user account. But of course, loging in with SEED alone is still kept as an option. It's up to user to decide.
-
By enabeling easier access with user-friendly interface this is a big step towards bigger adoption for many (especially new) users.
When accessing the wallet, you can choose to login with email and password, or with SEED:
-
To login with email and password you need to register. While registering, you can associate your own existing SEED or create new one. Then you will be asked for PIN. PIN is a 4 digit number that is used as a key for encrypting SEED (using cryptoJS). SEED is then encrypted with that PIN, and then it's sent to server - NOTE: PIN or SEED are NOT sent to server, only the AES-256 encrypted form of SEED. When preforming any important action in IOTA Web Wallet (updating balance, sending money, generating addresses...) user is asked for this PIN number - without it Crypto.JS cannot decrypt the SEED. Encrypted SEED is sent to server, but before it's saved in user DB, it's aditionally encrypted using a 64-character key
-
If a user decides to login with his SEED (or he can easily generate a new one) then he is prompted to write a 4-digit PIN. Again, this is just for security reasons, because this encrypted SEED is then saved in Browser Session Storage.
Why is encrypted again when registering?
To brut-force a 4 digit PIN (10,000 combinations) a average computer needs < 1 second. That's why if someone manages to steal user DB, he would still need to brut-force a key with 94^64 combinations decrypt a SEED.
What about the DB admin, he can decrpyt DB using server-side key and brut-force SEEDs?
Thats why when you login, you can change your PIN to a standard password ("advanced PIN") - 8-32 characters = min. 94^8 combinations.
Then, not even the DB admin with a supercomputer can brute-force your SEED.
NOTE: THAT ALSO MEANS THAT IF YOU FORGET YOUR PIN YOU CANNOT ACCESS YOUR ACCOUNT!
When you login, you can generate (browser-side) a .PDF containing your SEED. With it, you can login to other wallets and in case you forget your PIN, you can still access your funds.
- Login with SEED / Email + new SEED generator
- Scan QR code containing SEED to login
- Refresh account data
- Transactions (tx) display (sent/received) with linking to explorer
- "Auto-monitor" for transactions (check for new/confirmed tx every 3 minutes)
- re-attaching option for pending transactions
- Convert IOTA balance / tx value into USD
- Latest receiving address display - text + QR code
- Send IOTA: Scan QR code of address, switch between units (iota, Ki, Mi, Gi, Ti, Pi)
- Double spend warning
- PDF generator with account SEED = "Paper Wallet"
- Change email / password / PIN / delete account
- Contact support (tickets)
- Current IOT/USD price + chart (last month)
- Average Pow display time (footer)
- Node status display (footer)
- WebGL2 browser check
It's written in PHP using IOTA JS API.
This Web Wallet uses curl.lib.js to do local Proof of Work (PoW) (WebGL2 browser is required!).
Web wallet was inspired by danilind web wallet. Special thanks to pRizz for help with new curl implemmentation and developers on Slack, especially Frode Halvorsen (@frha).
Author: dr. Nikola Rogina, admin of local IOTA website for Croatia iota.hr
IOTA: 9CVEDRAKV9NMMVFXNTAAHDKYWCYQLZOXCB9JDHYBRQGYBCAZENFLLBXG9OQYUHHFGJGSRSZXUSZOLQUJXGFDINZIQX
BTC: 1EdSShMGQKdppzvZeEQougAKbuxeJXLPt3
ETH: 0x0CAd7d76AB6623c3bfe995A244ce5d3C7Bb75A0D