Walletry.ai is a non-custodial wallet that gives users full control over their funds. The wallet operates through a web interface, ensuring accessibility from any internet-connected device. The architecture includes both client-side and server-side components that interact through secure communication channels, focusing on maximum security and privacy for users. The security measures, encryption, and hardware-software solutions are designed around the concept of maximum security and user control.
Security
Encryption
When registering, a key pair (public and private) is generated using a cryptographically secure random number generator (CSPRNG). The private key is encrypted using the robust AES-256 algorithm. AES (Advanced Encryption Standard) is a symmetric encryption algorithm. 256-bit AES encryption is an international standard that provides excellent data security and is endorsed, among others, by the US government. As of now, AES-256 encryption is the most reliable encryption standard.
Data Transmission
All data is transmitted through secure communication channels (HTTPS using TLS 1.3), providing protection against “man-in-the-middle” (MITM) attacks.
The backend operates online, polling blockchain nodes for transaction updates, additionally verifying data integrity.
Backup
Encrypted private keys of users are stored using professional hardware security modules (HSMs). These modules have been tested and certified according to the highest security standards.
For enhanced reliability, private keys are stored in a split form, with different parts stored in separate data centers and protected by different credentials. This significantly complicates unauthorized access attempts.
All operations related to access are under strict monitoring and logging, allowing for tracking unusual activity and quick responses to potential security incidents.
Attack Protection
The wallet employs a range of security measures, including:
– Anti-phishing measures: built-in mechanisms to protect against phishing attacks.
– Protection against XSS and CSRF: using modern security mechanisms such as Content Security Policy (CSP) and CSRF tokens (Cross-Site Request Forgery).
– Subresource Integrity (SRI): Ensuring the integrity of loaded resources.
– Rate Limiting: Limiting the number of requests to prevent DDoS attacks.
– HTTP Strict Transport Security (HSTS): Forcing browsers to use only HTTPS connections, preventing attempts to lower security levels.
For security reasons, not all organizational and technical measures are disclosed.
Hardware
Only certified high-performance server equipment is used for the infrastructure. Firewalls and intrusion detection systems (IDS) are employed on the equipment.
Additionally, regular security checks and audits are conducted to ensure the reliability of systems and security protocols.
The use of advanced cryptographic methods and security measures guarantees the safety of data and prevents unauthorized access to users’ funds.
