Hey all - I'm Roneil, one of the cofounders of Audius. We built Hedgehog to solve a specific pain point we faced - how can we get non crypto-native / non-technical users to sign up for a decentralized app? Current onboarding flows using Metamask and other alternatives were too cumbersome, time-consuming, and restrictive for our needs. We needed a way to generate a wallet on behalf of a user without them even knowing crypto was operating behind the scenes.
Hedgehog lives in your front end Javascript code. A user enters a username (or email) and password, which is used to secure a set of encrypted auth artifacts that are generated client-side and stored in the browser’s localStorage / on your (the application developer's) server. In this way, the encrypted auth artifacts can be retrieved and consumed on secondary devices without centralizing custody and control of the private key.
If the centralized server hosting the keys goes down, users can continue to access their wallet on the devices they already have. If the centralized server is compromised or operated by bad actors, the resources required to decrypt a stored auth artifact would be immense. However - this is why we recommend using Hedgehog only in low-to-no financial value use cases.
This approach is not without tradeoffs - but for the right use-cases we believe this will provide a needed alternative.
Assuming you've seen that project, how does Hedgehog compare?
Do you have recommendations on handling the initial funding of a wallet, especially for your target market of non-technical users? (after they have the wallet, how do they obtain ETH or other tokens to get started?)
Hey Roneil, I'm really new to crypto development and I'm having a hard time finding crypto communities for developers (the one who builds stuff). I've checked out eth's forum but it's not really developer focused, it's too general.
Where do you usually hang out? I would like to learn more about building crypto stuff and would like to participate in a community. Can you point me in the right direction?
Thank you!
PS: I have completely no idea what Audius is about, but it sounds cool. Good luck!
It looks very cool. Just skimming the documentation, there isn't anything on how to perform actual wallet functions, or whether encrypt/decrypt data using public/private keys is available (which is something I'd find super useful!). Am I missing it, or is it just a matter of looking through the code?
Thanks for making something as cool as this open source!
Has there been any thought as to how the REST API + database side of this could be replaced with ipfs/swarm? I'm not sure how it would work, and there would likely be additional trade-offs, but it would be nice if the "D" in DApps could be retained in full.
This is so badly needed in the Ethereum space. Metamask is a massive drag and a known onboarding blocker -- Hedgehog seems like a huge leap forward. Congrats team!
The hedgehog library is completely unsafe considering that any third party library or browser extension loaded in the website using the SDK can loop through localStorage to read the entropy value therefore recreating the hd wallet and stealing the user's account.
This is why FinneyFor uses an iFrame to keep the private key safe in localStorage only accessible from JS running on the same domain. FinneyFor uses postMessage to communicate between the parent frame when payment is processed, so you get the benefits of creating transactions in any kind of browser, but none of the risks as the parent rightfully points out.
Looks compelling, been waiting for something like this to come along. Built a couple dapps with Metamask and the popups and mnemonic phrases and browser extension installation were a serious UX issue that had no real workaround and seemingly no timeline for improvement. AFAIK, development seems to have slowed or stopped entirely on Metamask? Will try working with this and share any feedback. Nice work guys, thanks for moving the space forward
MetaMask is actually working hard on these problems, and building faster than ever, but they're big problems that aren't trivially fixed in a point release. You can expect some big announcements this summer.
The UX of the wallet being one difficulty for adoption. There are other even bigger reasons (in my opinion) - variable mining fees per transaction being a large one.
lol I made an account just to add this reply. Are you familiar with EIP 1559? There are solid efforts currently ramping up research to change the fee market from an auction to a flat fee:
roneil|6 years ago
Hedgehog lives in your front end Javascript code. A user enters a username (or email) and password, which is used to secure a set of encrypted auth artifacts that are generated client-side and stored in the browser’s localStorage / on your (the application developer's) server. In this way, the encrypted auth artifacts can be retrieved and consumed on secondary devices without centralizing custody and control of the private key.
If the centralized server hosting the keys goes down, users can continue to access their wallet on the devices they already have. If the centralized server is compromised or operated by bad actors, the resources required to decrypt a stored auth artifact would be immense. However - this is why we recommend using Hedgehog only in low-to-no financial value use cases.
This approach is not without tradeoffs - but for the right use-cases we believe this will provide a needed alternative.
Happy to answer any questions you all have!
thinkmassive|6 years ago
Assuming you've seen that project, how does Hedgehog compare?
Do you have recommendations on handling the initial funding of a wallet, especially for your target market of non-technical users? (after they have the wallet, how do they obtain ETH or other tokens to get started?)
vinliao|6 years ago
Where do you usually hang out? I would like to learn more about building crypto stuff and would like to participate in a community. Can you point me in the right direction?
Thank you!
PS: I have completely no idea what Audius is about, but it sounds cool. Good luck!
corbinpage|6 years ago
How do you handle the "Forgot Password" problem?
Say, if a user clears out local storage and forgets their password. Is there a way to recover it from what's stored on the server?
rladd|6 years ago
It looks very cool. Just skimming the documentation, there isn't anything on how to perform actual wallet functions, or whether encrypt/decrypt data using public/private keys is available (which is something I'd find super useful!). Am I missing it, or is it just a matter of looking through the code?
Thanks for making something as cool as this open source!
michaelsbradley|6 years ago
aey|6 years ago
atomical|6 years ago
tomhschmidt|6 years ago
aakilfernandes|6 years ago
michaelsbradley|6 years ago
miguelmota|6 years ago
xrd|6 years ago
This is why FinneyFor uses an iFrame to keep the private key safe in localStorage only accessible from JS running on the same domain. FinneyFor uses postMessage to communicate between the parent frame when payment is processed, so you get the benefits of creating transactions in any kind of browser, but none of the risks as the parent rightfully points out.
https://finneyfor.com/
alexgpark|6 years ago
danfinlay|6 years ago
ejanus|6 years ago
ErikAugust|6 years ago
As a blockchain game developer, I have talked ad nauseum (https://steemit.com/marketing/@steem.marketing/cache-the-gam...) about reasons why we switched away from Ethereum for most transactions (but not all).
The UX of the wallet being one difficulty for adoption. There are other even bigger reasons (in my opinion) - variable mining fees per transaction being a large one.
trentonv|6 years ago
https://ethereum-magicians.org/t/eip-1559-fee-market-change-...
asenna|6 years ago
Will give this a try on our Dapp.
emilyhou|6 years ago
zeroxfe|6 years ago
roneil|6 years ago
invalidmonk|6 years ago
ranidu|6 years ago