Wallet App Encryption & Security
The technology that makes the Liquidus wallet so secure.
Liquidus Wallet Security Features
Since there have been a couple of questions about the wallet encryption functionality of the Liquidus app, we want to give a quick overview of how we make sure that the user’s funds are safe:
The seed phrase and subsequently derived private keys are generated on the device only (not in the backend). The private key never leaves the device and is totally controlled by the user. Of course, you can export the seed phrase or private key and import it into another wallet if you like — the Liquidus app is essentially a fully non-custodial wallet, meaning you have full custody of your private keys and seed phrase.
After the generation (or import) of an account, the seed phrase and associated private keys are directly encrypted. We use the state-of-the-art Advanced Encryption Standard (AES) algorithm in counter mode to encrypt confidential wallet data. The encryption blob is saved in the private storage of the application (so-called application sandbox). This ensures that other apps cannot access the encrypted wallet data.
The encryption key for the wallet itself is composed of the user-defined pin code plus a randomly generated number (so-called salt value). These two components are used as input for a password-based key derivation function (PBKDF). The PBKDF outputs a cryptographically secure key for the AES encryption function. The AES key is not stored in memory but generated on-the-fly after the user entered his or her pin code following industry best practices for handling encryption keys.
When biometrics has been enabled, the pin code is stored in the secure storage of the device (iOS Keychain or Android Keystore). Both are backed by dedicated security hardware modules. The secure storage is only accessible after successful authentication with either fingerprint or face ID and is supposed to be the most secure way to store sensitive data on a mobile device (such as the app’s pin code).
Log-out manager: You may already have noticed that the app is locked automatically after two minutes of inactivity (time can be changed in user settings). Basically, after this period the wallet’s internal memory is wiped and it must be decrypted again before you can use it. That’s why you must re-enter the pin or authenticate via biometrics when you have not used the app for a couple of minutes. This ensures that the wallet is kept in memory in unencrypted format only for a limited amount of time, limiting the attack surface dramatically.
In general, we are following the OWASP Mobile Application Security guidelines as much as possible during implementation to ensure a very high level of security for the Liquidus app. Nevertheless, we plan to let the wallet be audited by an external consultancy for two reasons: First to make sure we have implemented all the mentioned security features correctly, and secondly, to get a certificate of the wallet’s integrity which states that there is no backdoor or similar that could lead to a loss of user funds.
Written by our software architect.