
Hedgehog Ethereum wallet: Build DApps like apps, without centralized keys - roneil
https://hedgehog.audius.co/
======
roneil
Hey all - I'm Roneil, one of the cofounders of Audius. We built Hedgehog to
solve a specific pain point we faced - how can we get non crypto-native / non-
technical users to sign up for a decentralized app? Current onboarding flows
using Metamask and other alternatives were too cumbersome, time-consuming, and
restrictive for our needs. We needed a way to generate a wallet on behalf of a
user without them even knowing crypto was operating behind the scenes.

Hedgehog lives in your front end Javascript code. A user enters a username (or
email) and password, which is used to secure a set of encrypted auth artifacts
that are generated client-side and stored in the browser’s localStorage / on
your (the application developer's) server. In this way, the encrypted auth
artifacts can be retrieved and consumed on secondary devices without
centralizing custody and control of the private key.

If the centralized server hosting the keys goes down, users can continue to
access their wallet on the devices they already have. If the centralized
server is compromised or operated by bad actors, the resources required to
decrypt a stored auth artifact would be immense. However - this is why we
recommend using Hedgehog only in low-to-no financial value use cases.

This approach is not without tradeoffs - but for the right use-cases we
believe this will provide a needed alternative.

Happy to answer any questions you all have!

~~~
vinliao
Hey Roneil, I'm really new to crypto development and I'm having a hard time
finding crypto communities for developers (the one who builds stuff). I've
checked out eth's forum but it's not really developer focused, it's too
general.

Where do you usually hang out? I would like to learn more about building
crypto stuff and would like to participate in a community. Can you point me in
the right direction?

Thank you!

PS: I have completely no idea what Audius is about, but it sounds cool. Good
luck!

~~~
roneil
Hi there! Unfortunately I haven't found any high-quality online communities of
crypto builders - most of my connections to other folks building are offline /
irl. Would encourage you to attend local developer groups to get to know
others in the space!

There are _tons_ of helpful resources online though, as lots of folks write
tutorials and other things. Googling most problems you face will yield good
results.

~~~
vinliao
Oh wow that's really unfortunate. I met some crypto people locally but almost
all of them are trading focused. I also attended some "blockchain events" but
most of them are just people shilling their coins/how to become a better
trader.

Maybe I haven't tried hard enough finding the builders.

Thank you Roneil, and good luck on your endeavors!

~~~
roneil
Sorry to hear that - I've had good experiences in the past at Hackathons and
other developer-focused events rather than general "crypto" or "blockchain"
events.

Good luck!

------
tomhschmidt
This is so badly needed in the Ethereum space. Metamask is a massive drag and
a known onboarding blocker -- Hedgehog seems like a huge leap forward.
Congrats team!

~~~
aakilfernandes
This could occupy a useful space, but it is by no means a Metamask replacement
(which they explain why).

------
miguelmota
The hedgehog library is completely unsafe considering that any third party
library or browser extension loaded in the website using the SDK can loop
through localStorage to read the entropy value therefore recreating the hd
wallet and stealing the user's account.

~~~
xrd
This.

This is why FinneyFor uses an iFrame to keep the private key safe in
localStorage only accessible from JS running on the same domain. FinneyFor
uses postMessage to communicate between the parent frame when payment is
processed, so you get the benefits of creating transactions in any kind of
browser, but none of the risks as the parent rightfully points out.

[https://finneyfor.com/](https://finneyfor.com/)

~~~
roneil
We documented this here: [https://audiusproject.github.io/hedgehog-
docs/#security-cons...](https://audiusproject.github.io/hedgehog-
docs/#security-considerations)

This is why we recommend that you audit all 3rd-party Javascript in your app
for accesses to localstorage, and avoid sourcing 3rd-party javascript from
uncontrolled origins (the code could be switched out from under you if it is
not baked into your application)

The post message model is an interesting one - we looked into designing
Hedgehog in that way, but decided it ultimately did not help solve this issue
and created unnecessary complexity. If you include Javascript from libraries
or other origins on your page, eg. Google Analytics, that Javascript could
still post-message into your iframe.

Perhaps we are wrong here though! Is FinneyFor open-source? Would love to see
how this is implemented.

~~~
xrd
We don't have any other js libraries on FinneyFor so there would never be that
problem.

Auditing the source code of all libraries is a tall order. And, even if you
don't find a bug, there still might be some that someone else could exploit
with bugs in your code and the js libraries.

Finney For is not open source.

------
alexgpark
Looks compelling, been waiting for something like this to come along. Built a
couple dapps with Metamask and the popups and mnemonic phrases and browser
extension installation were a serious UX issue that had no real workaround and
seemingly no timeline for improvement. AFAIK, development seems to have slowed
or stopped entirely on Metamask? Will try working with this and share any
feedback. Nice work guys, thanks for moving the space forward

~~~
danfinlay
MetaMask is actually working hard on these problems, and building faster than
ever, but they're big problems that aren't trivially fixed in a point release.
You can expect some big announcements this summer.

------
ErikAugust
Certainly a much needed application in the Ethereum space.

As a blockchain game developer, I have talked ad nauseum
([https://steemit.com/marketing/@steem.marketing/cache-the-
gam...](https://steemit.com/marketing/@steem.marketing/cache-the-game-
switching-from-ethereum-to-steem)) about reasons why we switched away from
Ethereum for most transactions (but not all).

The UX of the wallet being one difficulty for adoption. There are other even
bigger reasons (in my opinion) - variable mining fees per transaction being a
large one.

~~~
trentonv
lol I made an account just to add this reply. Are you familiar with EIP 1559?
There are solid efforts currently ramping up research to change the fee market
from an auction to a flat fee:

[https://ethereum-magicians.org/t/eip-1559-fee-market-
change-...](https://ethereum-magicians.org/t/eip-1559-fee-market-change-for-
eth-1-0-chain/2783)

------
throwayEngineer
Any Ethereum developers have a plan once ETH gets log jammed again?

Apps will be slow to respond and take minutes or hours between updates.

Is this accepted as you wait for a new solution to the byzantine generals
problem?

~~~
atomical
Sidechains like Loom network are making progress, but Ethereum 2.0 is a ways
off.

~~~
ejanus
Could you explain you statement with facts ?

~~~
atomical
Loom has better scalability. Most transactions can happen on a sidechain.

[https://medium.com/loom-network/everything-you-need-to-
know-...](https://medium.com/loom-network/everything-you-need-to-know-about-
loom-network-all-in-one-place-updated-regularly-64742bd839fe)

Ethereum 2.0 will have sharding. That should speed up transactions but
sidechains will probably always be cheaper and sometimes no fee.

------
asenna
This looks brilliant, addresses a very real pain point and your landing page
communicates it well with the demo. Kudos!

Will give this a try on our Dapp.

------
emilyhou
This is awesome! Looks so much more streamlined and easier to use. Excited to
see it used widely.

------
zeroxfe
I guess you can't change your password (while keeping the same private key),
can you?

~~~
roneil
You can! This would re-encrypt your locally decrypted wallet seed using the
new credential and store it under the newly generated lookup key

~~~
homakov
If old pw is considered leaked, new seed must be generated as well. Leaked
password is the main reason why users would change passwords.

~~~
roneil
True - was answering the general case of password change, eg. some folks like
to rotate passwords every so often in the absence of a known leak or breach.

In the case of a compromised password the entire wallet should be abandoned.

------
invalidmonk
Excited to see what people build with this

------
ranidu
Awesome launch!

