Qortal Project

The future of blockchain platforms

User Tools

Site Tools


Qortal Project Wiki

Important Notices


Project Model



Trade Portal

Qortal Hosting (QDN)

Voting System

AT System


Frequently Asked Questions (FAQ)

How-To Guides

Node Setup Guides

Third-Party Services


State-of-the-Art Security

One of the main differences between the traditional Internet and Qortal overall, is the fact that there is no centralized authentication system, but at the same time, there is a system that can authenticate users that isn’t controlled by any one user or group. This opens the door for many different things to take place in a much more secure fashion. Another difference is the fact that all information that can be used to authenticate a user to an account is always encrypted when saved. The ‘seed phrase’ for a Qortal account’s authentication information (when created in the default method without the ‘advanced user’ checkbox) is saved locally on the device that created the account and encrypted with a passphrase made up by the user upon creation. The encrypted backup information can then be saved both in the Qortal UI app (if the option is checked) or web browser (if accessed that way) or by the saving of the encrypted backup file to a USB external drive (which we highly recommend saving your backup file to a USB drive, writing down your password, and storing somewhere safe for account recovery if ever needed. You could also add these things to a will and pass them along to a loved one).

All of these methods encrypt every bit of information which means the only way a user could access another user’s account, would be by either having the device/method/passphrase of a saved account, or the backup file/passphrase (which can be different on each backup saved) and access to a full Qortal Core / UI installation. When each user saves their account information in this fashion, Qortal becomes extremely secure at the base level.

Another aspect that makes Qortal more secure, is the fact that information is never sent outside the user’s local machine which could be utilized to gain authentication over a Qortal account. For example: A transaction in Qortal being created is fully started, created, and signed IN THE UI of Qortal. Then the SIGNED TX is sent to the Core (which is also local) for broadcast to the network.

There are two entirely separate encryption engines in Qortal: the Core and the User Interface (UI). The Core can verify the transaction created by the UI and ensure it was created correctly, but the Core doesn’t need the information that created the transaction. Traditional systems contain a database of username/password information that could be hacked. Qortal does not have a database of information, it merely allows transactions to be created, signed, and submitted as long as the user contains the keys necessary to do so. Therefore, there is NO DATABASE OF USER INFO TO HACK.

Qortal’s security when compared to credit cards, is a perfect example. If you lose your card, any other person could make use of it since the information to USE THE ACCOUNT is printed ON THE CARD. This is NO SECURITY AT ALL. So credit card companies often have to rely upon ‘fraud prevention’ and ‘refunds’ to people since they experience countless fraudulent transactions daily. In Qortal, it simply isn’t possible for any other user to access an account, unless the creator of the account gives the other user the passphrase to decrypt their locally saved backup information. Qortal’s security system is as simple as that, it just isn’t possible to access another user’s account without the account owner providing the information to do so.

Now if we take the same method of security used for the accounting side of Qortal, and apply it to on-chain services within Qortal, Qortal now provides secure INFRASTRUCTURE that can rebuild nearly every application, website, social media, communications, etc. that exist today in the world. On top of that, is the ability to utilize the verification system of Qortal - to verify other applications. Therefore, Qortal can make its own or host a third-party application securely, while at the same time not requiring users to need individual username/password combinations for each app. In other words, once the users verify with Qortal, they are verified for any application that utilizes Qortal!

Qortal can become a global authentication system so users NEVER NEED TO REMEMBER A BUNCH OF USER/PASSWORD COMBINATIONS AGAIN. This provides a level of security to the overall that has yet to be seen in the world. This means there is no centralized database to hack, no need for multiple different user/password combos for different apps/sites, and complete security for the world.

Taking the method Qortal uses for verification and applying it to other avenues is the overall goal of Qortal. Blockchains are by far the most secure databases in the world, and the methods Qortal uses are more secure than most blockchains. Therefore, making use of this security at the base level of Qortal and taking it to other aspects of the world’s needs is the overall goal. For example, Qortal can utilize its security for web hosting and data storage. Data that is put up is verified by the user’s account and can only be changed by the user. It’s truly as simple as that. Any other method will not allow the data to be changed so the account that created the data is the only account that can modify it.

Continuing to utilize these methods and improving them in the Qortal Network will allow a TRULY SECURE infrastructure that the future world may utilize to bring back SECURITY and individual sovereignty worldwide.

state-of-the-art_security.txt · Last modified: 04/27/2023 18:33 by gfactor