iroha icon indicating copy to clipboard operation
iroha copied to clipboard
verified publisher icon hyperledger

Deny external access to non-personal accounts

Open s8sato opened this issue 1 year ago • 3 comments

The stronger the trigger authority, the higher the risk of compromise of the corresponding private key. Such a system-side trigger authority should be a system-side account whose ID would be a pseudo public key that completely denies external access at authentication.

Addendum

With the resolution of #5441, data triggers now inherit the entrypoint authorities, eliminating that security risk. However, this issue still needs to be addressed for non-personal time trigger authorities, multisig accounts, and the genesis account.

s8sato avatar Aug 30 '24 16:08 s8sato

This also serves to prevent multisig monopoly: https://github.com/hyperledger/iroha/pull/5027#discussion_r1742295971

s8sato avatar Oct 03 '24 09:10 s8sato

Similar concepts:

s8sato avatar Jul 23 '25 22:07 s8sato

The genesis account will be replaced with a system account as well: https://github.com/hyperledger-iroha/iroha/pull/5488#discussion_r2226840113

s8sato avatar Jul 23 '25 23:07 s8sato