It is recommended that you diversify and hold your funds in multiple wallets.
We take security very seriously with high measures to ensure funds are safe.
All network communication is done over ssl.
Secrets are encrypted using AES with 256 bit cypher.
Wallet encryption key is created from your wallet password using a PBKDF2 with 512 bit salt and over 50k iteration.
All private keys are 256 bit and generated using a cryptographic PRNG.
We perpetuate the guidelines as recommended by OWASP
My Private Keys
You own your keys we do not have access to your private keys, only the user can unlock the coins using the wallet password.
The wallet private keys are encrypted using a key we control and a key you control, your wallet encryption key created from the wallet password (not to be confused with the login password).
This makes cracking the wallet password very resource intensive and will take over a year on modern computers.
A wallet backup is created every time the user updates the wallet password and should be kept safe and private.
To help with recovering access to your wallet (in case you forget the wallet password) the wallet password is also encrypted with a key we control.
Never store the wallet password together with the backup keys.
Important! If you lose the backup and forget the wallet password we cannot recover your coins!
Coinvault implements the HD Wallets (hierarchical deterministic wallets) protocol as documented in BIP32 for generating deterministic child keys.
Multi-Coin and Multi-Account Hierarchy for Deterministic Wallets as documented in BIP43 and BIP44.
When creating the wallet we'll provide a Mnemonic code BIP39 this will allow to easily import to other wallets.
We do not hold coins as credit, Coinvault is an on-chain wallet.
An on-chain wallet means transactions are sent only on the block-chain.
Check our Hackerone page to participate or report a security bug.
We use external companies to verify our security.
Issues and bugs
For any security issue please contact us at Email: firstname.lastname@example.org
Insuring funds stored with Coinvault will be available once we reach critical size.