> For the complete documentation index, see [llms.txt](https://white-basics-2.gitbook.io/white-basics-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://white-basics-2.gitbook.io/white-basics-docs/publish-your-docs-1.md). # Security and Encryption **Security Protocols** White Basics prioritizes platform and user data security, implementing a multi-layered protection system: * **TLS/SSL:** All connections are encrypted using the TLS 1.3 protocol, ensuring secure data transmission between client and server. * **End-to-End Encryption (E2EE):** Applied to protect users' confidential information, such as private keys and personal messages. * **OAuth 2.0 Protocol:** Used for secure authorization and authentication of users when integrating with external services. * **HMAC (Hash-based Message Authentication Code):** Applied to verify data integrity when transmitting between microservices. * **Secure Multi-party Computation (MPC):** Used for distributed storage and management of cryptographic keys, minimizing the risk of compromise. **Key Management and Authentication** The key management and authentication system in White Basics is designed with best practices in cryptography and security in mind: * **Multi-Factor Authentication (MFA):** Mandatory for all users, with support for various second factor methods (SMS, email, TOTP, hardware keys). * **Password Storage:** The bcrypt algorithm with individual salt for each password is used, making it virtually impossible to crack them even in case of a database leak. * **Session Management:** A token rotation mechanism and limited session lifetime are applied to minimize risks in case of compromise. * **Hardware Security Modules (HSM):** Used for secure storage of master keys and performing critical cryptographic operations. * **Biometric Authentication:** Supported in the mobile application for an additional layer of protection. **Protection Against Attacks** White Basics implements a comprehensive approach to protection against various types of attacks: * **DDoS Protection:** A combination of cloud services (AWS Shield, Cloudflare) and proprietary solutions for traffic filtering and distribution is used. * **Web Application Firewall (WAF):** Applied to protect against common web vulnerabilities such as SQL injections, XSS, CSRF. * **Rate Limiting:** Implemented at the API level to prevent abuse and brute-force attacks. * **Sandbox for Smart Contracts:** All user smart contracts are executed in an isolated environment to prevent potential attacks on the main system. * **Monitoring and Anomaly Analysis:** Machine learning systems are used to detect suspicious activity and potential threats in real-time. * **Regular Security Audits:** Conducted by external cybersecurity experts to identify and address potential vulnerabilities. * **Bug Bounty Program:** Encourages white hat hackers to search for and report vulnerabilities in the system. * **Phishing Protection:** Mechanisms for verifying domains and email addresses are implemented to prevent phishing attacks on users. All these measures collectively create a reliable security system that is constantly being improved to counter new threats and ensure maximum protection of users and assets on the White Basics platform. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://white-basics-2.gitbook.io/white-basics-docs/publish-your-docs-1.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.