Session Key
When users authenticate on Ninja Blaze via Connect Wallet, a crucial element of the platform comes into play: the Session Key. The Session key plays a pivotal role in ensuring the security of the web3 environment while providing users with a seamless and familiar web2-like experience. Users are not required to sign each transaction individually, which makes interactions with blockchain applications and services quick and easy.
How Does It Work?
When a user authorizes via their wallet, a new private key is generated. This private key is unique to each session and is primarily responsible for facilitating secure interactions with the blockchain. Importantly, this private key is stored on the user's device and never revealed, ensuring the safety of user data. The next step involves the user granting the Session Key the ability to act on behalf of their wallet but within a strictly limited scope.
Why Is It Secure?
Security is paramount to the Session Key solution. We use the ready-made solution Auhz from Cosmos SDK solution to implement this functionality. Also several additional measures are in place to minimize the risk of users' funds being compromised.
1. Client-Side Operations
From key generation to transaction signing, all critical operations take place entirely on the user's device. As a result, the user's private key never leaves their device, guaranteeing the security of their funds. Ninja Blaze does not have access to the Session Key, ensuring that users' financial assets remain safe.
2. Security in the Event of Device Compromise
In the event of a compromised device where a malicious party gains access to the private Session Key, their actions are severely limited. They are incapable of stealing funds from the user's wallet, making such an attack largely ineffective since there is no direct financial gain available. The Session Key can only be used to interact with Ninja Blaze Contracts, preventing any transfer of tokens out of the wallet and placing restrictions on the amount of funds available for betting.
3. Session Key Validity
The Session Key is valid for a short period of time, further enhancing security by limiting its utility to a specific timeframe.
Summary
Ninja Blaze offers users the best of both worlds: the familiarity of Web2 and the security of Web3. With private key operations confined to the user's device and stringent limitations on what the Session Key can do, Ninja Blaze ensures the safety of user funds while providing a convenient and efficient blockchain interaction experience.
Last updated