How the Steem account recovery works (and why your trustee can't steal your account)

Note: This article is aimed at both normal users and developers. The technical part of this post contains both a plain english explanation, as well as the Steem APIs to help developers

As some people may know, I run a service which lets people create anonymous Steemit accounts with BTC/LTC called AnonSteem. As part of the creation process, the account @anonsteem becomes a "trustee" of the created account.

I recently had an AnonSteem user lose their password within a few minutes of changing it. Luckily they never removed the original keys from the site, and I was able to get them some new keys through the recovery system.

There isn't much written about the recovery system, so I had to do a bit of my own digging in the Steem source code to figure out how this works.

Some people may have noticed the "Stolen Account Recovery" on the sidebar of Steemit. This is a built-in network function that allows hacked accounts to be recovered.

But what does that mean? Doesn't this mean you can recover a persons account from thin air?

Short answer: No. In most cases I cannot do ANYTHING at all. Neither can @steem (in the case of accounts created via steemit.com).

The reality is, unless the trustee has a copy of at least one of your owner private keys, they cannot recover your account without your help.

So how does it ACTUALLY work?

It looks really simple, right? Pop in your name, a recent password, and press recover.

They send you an email, you click a few more buttons, and suddenly you have your account back.

The important thing is the recent password.

The STEEM blockchain knows the history of your account, and every owner key that has ever been used for it. When you enter your recent password, it uses that to generate an owner key that can match up to a previous owner public key on the account.

Without that password, the trustee cannot do a thing.

Let's get a bit more technical

The first step in the procedure is to verify that the account holder is the REAL account holder. That's up to the trustee on how to verify.

In my case, I was already helping the user with payment problems on their transaction, so I knew they were the rightful creator.

Once you know it's the real person, they'll need to send you a new public owner key to be put onto the account. They need to make sure they have that private key nice and safe, because they'll need it to actually use the account after.

For this example, we're going to be using cli_wallet on both the user, and the trustee. This could also be done in python, or on the client in Javascript.

In each example we will call the trustee @anonsteem and the user who needs recovered @someguy123

Step 1) The user will generate a new owner key. This key will be used to log into the account later on

This step could be done using something like @xeroc's Paper Wallet Generator, but for sake of consistency with the rest of the article, here's how to do it via the cli_wallet.

On the user's CLI wallet:

unlocked>>> suggest_brain_key
{
  "brain_priv_key": "TROUSE HARPER COATED CURBER CORREAL FIASCO PRIOR EXPECT STOLEN COLOSS PADGE MELOID SUBITEM TENDENT ASHAMNU REBOLD",
  "wif_priv_key": "5JJkdbGadV1RfekzUaqkp9TKQ9MjpBHfQ4TwsHtRrRwC7FyyRyB",
  "pub_key": "STM5foN8y9VMznea9pKaRAVQxbbxWz3uYa7AYHkj42kE4bdT2Xvho"
}

Step 2) The user now sends proof of identity, and the new owner public key to the trustee:

STM5foN8y9VMznea9pKaRAVQxbbxWz3uYa7AYHkj42kE4bdT2Xvho

Now, the trustee has verified the account holder is the real person, and has their new public key ready to go. Let's begin the recovery process

Step 3) The trustee load their active key, and uses it to tell the network "hey, allow this person to change their key to THIS, as long as they have at least one of the previous owner keys"

On the trustee's (@anonsteem) CLI wallet (spaced out for readability):

unlocked>>> import_key TRUSTEE_ACTIVE_PRIVKEY

unlocked>>> request_account_recovery "anonsteem" "someguy123" 
{
    "weight_threshold": 1,
    "account_auths": [], 
    "key_auths": [
        ["STM5foN8y9VMznea9pKaRAVQxbbxWz3uYa7AYHkj42kE4bdT2Xvho",1]
    ]
} true

This tells the network that the trustee has proved the owners identity, and that the owner is now permitted to update their key to that public key, as long as they have access to at least one previous owner key.

Now, the users job is to load both their last accessible owner private key, and the NEW owner private key.

Once they're loaded, they will be able to broadcast a recover_account transaction, that will change the owner key of the account.

Step 4) The user loads both the old and new private keys. They tell the network they want to complete the recovery request by signing both public keys in a transaction with their private keys.

Small note: The "old owner key" has to be recent, which as far as I'm aware means active within the past 30 days (someone please correct me if I'm wrong)

On the user's (@someguy123) CLI wallet (spaced for readability):

(new owner private key, of which they sent the public key to the trustee)

unlocked>>> import_key 5JJkdbGadV1RfekzUaqkp9TKQ9MjpBHfQ4TwsHtRrRwC7FyyRyB

(old owner key that was hacked)

unlocked>>> import_key 5......

unlocked>>> recover_account "someguy123" 
{
    "weight_threshold": 1,
    "account_auths": [], 
    "key_auths": [["STM.......",1]]
} 
{
    "weight_threshold": 1,
    "account_auths": [], 
    "key_auths": [
        ["STM5foN8y9VMznea9pKaRAVQxbbxWz3uYa7AYHkj42kE4bdT2Xvho",1]
    ]
} true

Step 5) Good to go! The user has a new owner key on their account, and can log into Steemit and change their password.

After this, assuming everything is correct, the user will now have a brand new owner key! If you try to log into Steemit by using the owner key as your password, it will require you to set a normal password so that it can generate your other keys.

You would be able to see this recovery on the blockchain by looking at their account on https://steemd.com

The image above is an example from a real user I helped recover. To give the user a small amount of privacy, I've redacted the username and public keys. (yes I know if you really care enough, you can find this on the blockchain)


Conclusion

I originally thought that the account recovery system was basically a backdoor into any account. After experimenting with the recovery system, I learned that's not the case at all.

Without co-operation from you, the user, in most cases the trustee is NOT capable of "hacking your account" via the recovery system as you might think.

I hope my post has helped people to trust the account recovery system, and also helped developers understand this crucial part of the account authentication system within STEEM.


Do you like what I'm doing for STEEM/Steemit?

Vote for me to be a witness - every vote counts.

Don't forget to follow me for more like this.


H2
H3
H4
3 columns
2 columns
1 column
11 Comments