Who controls my private key?

u can also redeem to fiat from USD-C when they link bank accounts … there u hand custody over to centralised server

I have on question about 12 words BIP39,

Lets say that all nash servers goes down, earthquake or other act of god ,
it there any interface left i can put in 12 words to recover wallets ?

Your funds remain intact even if Nash servers go down. In fact, you can even restore your wallet in other platforms (e.g., Exodus) to verify that your balances are still there.
Please keep in mind that since you control your seed (and private keys), it doesn’t matter even if you lost your password or your computer was stolen.

3 Likes

For that reason I always reset my accounts after creating them and try to recover everything by using the seed words before moving my funds. Also did that with my Ledger. I don’t want to figure out in 10 years that I misspelled the words :sweat_smile:

3 Likes

thats why we had to confirm our 12 words when signing up

Yes, but still. I like to do the whole process. See how it works and just to be sure.

2 Likes

That’s only true if the stored password hash is strong.
I would like to know what algorithm they are using for password storage/hashing. If they are using a weak hash, then all hackers need to do is target the exchange and steal en masse.

Even though 2fa will be required to use the platform, the encrypted key and password might be enough to get your private key.

Are you for real ? What is your purpose with this thread ? Of course the hashing is strong, in fact Nash will give you $500,000.00 if you break the hash within the next year.

15 Likes

To summarize for the ones not following (consult Tim’s reply for more details):

  • Nash has no access to your keys and never will have.
  • Make sure to keep your 12 words safe, they generate all private keys.
  • The client must be secure, so be aware of phishing, 2nd gen auth will help here.
  • Your password is never sent to Nash, it is run through different algorithms locally. It is salted, stretched, hashed and used in a password based key derivation algorithms to generate the login key and similarly to generate another key to encrypt your secret data.
  • When we say the system is zero-knowledge means that our servers don’t have the capacity to recover this data, so as instructed in the account creation: keep your password safe and have a proper physical backup.
6 Likes

I still have a question. I’ve entered my 12 safe words into a Ledger Nano S. What amazes me is that I get completely different addresses than those of Nash. What can this be?

Thanks Fabio :blush:

I don’t think that ledger uses the same settings as us, would have to check the chain index and etc. We do provide the derived private keys in “My profile” > “Accounts” if you want to insert those in something like NEON or MyCrypto for NEO or ETH.

1 Like

Oh ok. I probably had a thinking error. Did that as an elegant alternative felt if nash should be offline times. :blush: