The initial idea behind the emergence of cryptocurrencies is to ensure anonymity and security when paying for goods and services with the associated depersonalization of finances; ensuring decentralized financial operations and eliminating the possibility of the existence of regulatory bodies as such.
The main problem of cryptocurrency availability for users is a high entry threshold. At the moment, an ordinary user who wants to plunge into the world of cryptocurrencies has only two main options:
1. Understand in detail the technological process of the currency of interest, deploy the node, synchronize the blockchain and learn how to receive / send funds through uncomfortable, complex or congested interfaces / consoles / API
2. Immediately start using “hot” wallets, for the most part completely destroying the pillars on which the idea of cryptocurrency stands
If the complexity of the first paragraph is clear, then what’s wrong with hot wallets, you ask?
Let’s get a look:
1. Hot wallets require data for authorization, at least email, often other, even more personal and personal information. This completely breaks the anonymity of the cryptocurrency user, opening the easy way to personalize your transactions and accounts.
2. Hot wallets store the secret keys to your cryptocurrency on their servers. In this case, you risk immediately in many directions – the server can be hacked and funds stolen; one of the service employees may turn out to be dishonest, or the entire service itself may unexpectedly close without explanation; your secret keys can be transmitted over the Internet without your knowledge and without the necessary conditions to ensure their safety. All these events can be combined and multiply the risks. This centralizes part of the system and breaks the security of cryptocurrency, depriving you of control over your finances – your funds are controlled by the wallet, not by you.
Not all web wallets are the same! After all, the requirement of e-mail, username and password, as well as verification is not an inevitable need, but only an approach that certain developers decided to take.
We found exceptions to the rule, carefully checked them all, talked with the developers, clarifying the nuances, and found an unequivocal leader providing a level of security of access to currency at a level comparable to “cold wallets” like Trezor!
Meet the best «hot» crypto wallet!
PRIZM Light Wallet
Crypto wallet PRIZM Light Wallet got rid of all the shortcomings of hot wallets and provided the best web wallet on the cryptocurrency market.
Security
Security is ensured by the fact that the wallet is just a set of cryptographic encryption and hashing functions, sufficient to perform any actions associated with the secret key directly in the user’s browser without transmitting sensitive information.
To gain access to the wallet, you must use a mnemonic phrase that is optimized for easy memorization by a person
1. Mnemonic phrase – words encoded secret key
2. The raw transaction is signed with the secret key in the browser and only the raw transaction with the finished signature is sent to the server
3. The encrypted data inside the transaction comes from the server, and is decrypted in the browser by the user key
4. The secret key is deleted from memory when you close the tab with the PRIZM Light Wallet.
5. The secret key is not stored on the server and is never sent to the server.
6. New secret keys are created using a complex algorithm in which three objects take part: a browser, a user, and a server hardware random number generator
Details on generating a mnemonic phrase
A new mnemonic phrase for a new wallet is created in several stages:
1. The browser generates a set of random numbers using a secure generator
2. The server generates a second set of random numbers with the Intel RdRand hardware generator and sends it to the browser
3. The browser combines both sets of numbers and creates a basic mnemonic phrase of 17 words (“prizm” plus 16 random)
4. The user adds his own additional 16 characters in the mnemonic phrase
5. A new wallet with a new phrase is ready
This approach makes it impossible for an attacker to reproduce the algorithm to generate identical password phrases, because for this it is necessary to reproduce the state of three systems: a hardware number generator, a user’s computer, and a user’s brain. If with a computer it’s even more or less clear, then fantastic problems await the hacker’s brain and hardware generator.
The created phrase consists of 17 basic words (16 effective, since the first word is always “prizm”) and 16 additional characters entered by the user.
The total size of the dictionary for creating a mnemonic phrase is 1626 words.
In total there are 1626¹⁶ (1626 to the 16th degree) = 2.387419079 × 10⁵¹ possible basic mnemonic phrases, and about 2.857942575 × 10²⁷ possible combinations of an additional 16 characters from the user
The potential number of possible mnemonic phrases created by wallet.prizm.space is 2,387419079 × 10⁵¹ * 2.857942575 × 10²⁷ =
6.82310663 × 10⁷⁸ (6.82310663 times 10 in the power of 78)
pieces, which makes collisions impossible even theoretically, like brute force of a passphrase (if you start breaking a passphrase with brute force, it will end after the heat death of the Universe).
An example of a mnemonic phrase:
prizm opposite crimson both shower precious hopefully here keep trace barelymany upset give image scream movement peaceful reveal
Cryptographic technologies used by wallet.prizm.space:
– Key exchange: Diffie-Hellman protocol on elliptic curves
Well-established and secure protocol
– Symmetric encryption: AES-256 GCM
It is used by the military to transmit classified data of the “Top Secret” class.
– Hashing: SHA-256
Assistive Technology:
– Reed-Solomon Code
It is used for a human-friendly representation of the wallet identifier and correction of user errors when entering it
Security is guaranteed by the approach used to work with the wallet – the online wallet works as a standalone client, using the server only as a source of information and a way to transmit transactions.
A truly outstanding method of creating mnemonic phrases is used.
Security Rating: 10/10
Anonymity and Depersonalization
There are two ways to enter your wallet:
1. Enter the identifier of your wallet – this allows you to view current balances and transactions without placing a secret key, even in browser memory
2. Enter a mnemonic phrase – this allows you to decrypt the contents of transactions and make an outgoing transaction to another wallet
Given that the mnemonic phrase and secret key are not sent over the Internet, the only information that the user reveals is wallet id. No other information is required that violates the anonymity of the wallet – there is no connection between the user’s wallet and his email and / or name. This approach also provides 100% protection against the “man in the middle” attack!
Anonymity is guaranteed by the lack of personal data.
Anonymity rating: 10/10
Decentralization and control
When each user is anonymous and contains his private keys, it is impossible to exercise control over users and there is simply nothing to centralize. However, the IP addresses of visitors can be tracked just like on any other site, however, the success of trying to associate IP with a specific wallet is extremely unlikely.
Decentralization score: 9/10
Entry threshold
To start using PRIZM Light Wallet to manage a personal wallet, you need to understand only 3 concepts:
1. Mnemonic phrase – wallet password
2. Public key
3. Wallet ID
The meanings of these concepts are close to intuitive for an ordinary user. This is the lowest entry threshold on the cryptocurrency market to date.
The interface is as minimalistic and conservative as possible, providing access to the necessary information – transactions, messages and balance – without distracting the eye with tinsel. The absence of “excesses” and “luxury” allows us to provide the maximum wallet performance – we have not yet met a web wallet for cryptocurrency without periodic juggling and loading. Even the same giant https://blockchain.com/wallet periodically raises performance questions.
We believe that minimalism increases accessibility for users – and cryptocurrencies are actively gaining popularity among non-IT people.
And that is important.
Availability Rating: 10/10
Final grade: 39/40
PRIZM Light Wallet is a real cryptocurrency wallet in its purest form, that is how direct access to cryptocurrency should be. He is quite capable сompete with hardware wallets regarding usage safety.
Let’s hope that other wallets will go in the same direction and increase not additional fields to fill in personal data, but cryptographic functions directly in the browser and try to ensure anonymity of users.
Afterword
When using wallet.prizm.space, you temporarily place your wallet key in the RAM of your computer / phone / tablet – for your part, you should take care of the safety of your devices. In the ideal case, the mnemonic phrase is stored permanently in only one place – in your head, which is the safest, but sometimes not the most reliable repository.
The threats that await while using wallet.prizm.space are only on our user conscience; You can lose your key in the following situations:
1. Lose the mnemonic phrase
2. Make the root of your phone or turn off the antivirus on the computer and have specialized viruses on the device
Let’s see what risks exist if you use the Trezor hardware wallet – the list of threats is identical:
1. Lose Trezor
2. Flash Trezor with unofficial “custom” firmware and have specialized viruses on the device
On the PRIZM Light Wallet side, all possible measures have been implemented in reality to provide the best service to cryptocurrency users, and we believe that other wallets should focus on it.