Bitcoin Forum

Hello everyone and welcome.  I'm thinking of starting an online secure wallet service.  Basically, the current Bitcoin architecture is fine, but it has some serious security flaws.  As we've seen lately with "allinvain" losing 25,000 BTC and the trojan that steals wallet.dat files, people need an easier way to secure their wallet and prevent theft of all their coins.

What I'm proposing is a secure website where anyone can create a Bitcoin wallet.  It is stored in an encrypted format on a server, and can be accessed from any web browser.  Whenever you want to send Bitcoins from your wallet, you need to authenticate with a password that you choose, and a text message is sent to your cellphone, which you type into the website.  This 2-factor authentication is more secure than most online banks and ensures that even if someone hacks your computer and captures your password, they still can't transfer funds out of your wallet.

To clarify - this would not be a Bitcoin bank.  The wallet belongs to you and you alone.  Nobody is going to lend your Bitcoins to other users like a traditional bank.  This is just a secure wallet storage facility with 2-factor authentication.

I plan to fund this project by charging a small transaction fee for sending coins - something like 0.05%.  I realize Bitcoin was designed to be a currency without transaction fees, but there is a cost to send the text messages and designing a website that is secure is not an easy challenge.

Would anyone be interested in such a service?

No offence, but noone is going to trust you with only one post :\

Counterparty risk is too high without any reasonable control available to mitigate it. This would be true even, if, say Satoshi himself offered such service.

I appreciate the quick replies.  I've been mining for a few months now but have just been lurking on the forums and didn't feel the need to create an account earlier.

Trust is a huge issue.  I plan on offering the service for free in the beginning - people can create a wallet, send a fraction of a coin, test it out, and see how it works.  Hopefully trust will be built in the system, as I share more details about the steps I am taking to secure your wallet.

I am also thinking about adding an "advanced" feature where your wallet is encrypted on our servers using a strong passphrase that you have to remember and use every time you login.  That would provide the ultimate level of security, in that even I couldn't decrypt your wallet, however, it also means that if you forget your passphrase, your wallet is truly lost forever, along with all of the coins in it.

I believe for most people, this is too high of a level of security.  Having some secondary security questions that must be answered for a password retrieval are needed, so that coins aren't lost forever.

But, for those advanced users that want the ultimate in security - a strong passphrase that only they know, combined with a second authentication token provided by SMS, will give a security level that is stronger than even using Truecrypt on your local drive - after all, truecrypt is vulnerable to keylogging software.

I wanted to detail some of the advantages of a secure wallet service, as I see it:

• New Bitcoin users would not have to download or install any software on their computer.
• No need for each user to download the entire blockchain or store it locally.  We keep the entire blockchain updated on our servers so it creates a much lighter load on the Bitcoin peer-to-peer network.
• Access to your wallet to send or receive coins from any computer with a web browser.
• Access to your wallet from mobile devices such as iPhone, Android and iPad.
• Possible future mobile payment applications similar to Dwolla - would require merchant APIs and integration.

When you think about it - in the future Bitcoin will have many banks.  Most Bitcoin users will not be downloading and installing software on their home computers.   It is too much for the average person that just wants to add some coins to their wallet and spend them to worry about backing up their wallet, securing it, and maintaining a Bitcoin client plus the entire blockchain on their computer.

Personally I don't like the fractional reserve banking system that we have in the US, where banks receive deposits and then lend out between 10-30 times the amount of money in the form of mortgages and credit card debt.  For this reason, I think a secure wallet service where no money is lended, but the money stays in your wallet forever, is keeping with the spirit of Bitcoin.

Trust can be verified through the blockchain - you will be able to verify that I never touch your wallet except when you authorize me to.

Thanks for reading this long post, and kind regards.

I would give anything a shot, but i dont trust anyone with a large portion of BTC.

So this is an online service like MyBitcoin.com except each transfer out requires a PIN that is received via SMS or other method? [edit: see my next reply]

While this is marginally better than simply username / password credentials, it still isn't the combination I'm looking for.  I'm wanting a wallet server, like what Webcoin promises to offer.
  - http://bitcoinjs.org/specs/wallet/1.0/draft/wallet-api.html
  - http://forum.bitcoin.org/index.php?topic=14128.0

But even if this is done right, on first use you would then have my decrypted wallet on your host.  I'm still having to trust that you don't keep a copy.

I think the Wallet API specification is a great starting point, but it does lack the security of 2-factor authentication.  What if we extended the Wallet API to allow you to not only host your wallet on our servers, but to also sync it to any of your devices?  The extension to the wallet API would be necessary to add the SMS text message as part of the wallet sync procedure for new clients, so that if your PIN is compromised your wallet is still secure.

This is only really useful for large sums of money IMO. I think it might be better to offer truly offline "storage wallets". When the user wants their wallet, you send them a copy GPG-encrypted to them along with a LiveCD for safely accessing the wallet. Obviously this is high-latency. There have been better solutions proposed, but in the short term this would work.

You'll need to build some trust, yes. I wonder, since I use my real name, have been around since the $0.06 days, and have a good trust rating in the forums, how much would people trust me to store their wallets? What if I did it through my company?

Right, you would have to trust that we only generated your decrypted wallet in memory, and it was not stored to persistent storage in unencrypted format.  Also, you would have to trust that every time we decrypt it to perform a transaction, we don't keep an unencrypted copy somewhere on persistent storage.

"a strong passphrase that only they know, combined with a second authentication token provided by SMS, will give a security level that is stronger than even using Truecrypt on your local drive - after all, truecrypt is vulnerable to keylogging software"

This would still allow a government to cease your assets, because there is nothing stopping the passphrase being logged by the site itself, under legal pressure.

Client --> Server
       SSL
           ^
           |
         Log passphrase after SSL

For an advanced user, I don't see how it adds anything. Here is all the cash I own, nice kind stranger, please protect it for me. No thanks.

(The real problem is that most of the people on this forum are not your target audience, but we are good people to point out flaws. Please don't take offense at any reply.)

Meatspace storage of wallets would be a good idea for very large sums of money, but I think most people are better off doing this themselves through a bank safe deposit box.  It's also a very customer service intensive business and requires hiring a lot of staff.

None taken.  This is why I wanted to discuss the idea first before implementing it, to let you guys poke holes in it and see if it's a worthy project.  For the advanced option, what if we took the same approach that Hushmail uses, where encryption is done in either client side javascript or a full java/flash app (although I dislike having to run plugins just to access your wallet)?  That would probably be a better option for the truly paranoid (which I admit I am one myself)...   ;D

Not that hard actually:

1. Write a script that creates a wallet, dumps an address from it, encrypts it, and then creates another wallet etc.
2. Keep list of addresses.
3. When someone wants to open an account, give them the address.
4. When they want to withdraw, decrypt wallet, encrypt to them, put on flash drive, mail.
5. When they confirm receipt, shred original.

No Java or flash on the iPhone/iPad's (which is really your target market), that and the Android (which has java and flash). Not that Java/Adobe are known for great security. There are just so many reports on CERT (http://search.us-cert.gov/ (http://search.us-cert.gov)) of Java and Adobe vulnerabilities.

Do I take it that if there's this Trojan about that nicks your bitcoins inside wallet.dat files then you'd actually be better off just not getting a wallet? Or is that less secure. Probably a stupid question.

Question: A Paid service? Hehe...?

Hello all I hadn't had a chance to get on the forum because been busy working on the service as with all the things going on out there the time is now ...

...we are  in the process of doing this and the response has been pretty good with over 300+ sign ups so far.

We plan on offering 2 ways to do this but our biggest benefit is we provide 100 percent coverage of your bitcoin wallet regardless of what happens to it.

(theft of coins out of the wallet,erasing/HD crashes,lost wallets to name a few)

The 2 ways are:

1.) to upload a copy of your wallet and we can provide a encrypted back it up  and still provide coverage against it.  Keep in mind this is a copy of it so still  you keep the original wallet. In other words, this isn't a pull down , put back service. 

2.) If you choose to not upload it we can still provide protected coverage. More details to come regarding this.

Feel free to check out my sig. and put your e-mail in for more information.

Just wanted to get into this forum and introduce myself!

Right, if you could do it in javascript, preferably (Wallet API or something similar) you could theoretically do it on any browser.  The paranoid among us could peruse the javascript to verify that passphrases are never sent across the wire.

This is an interesting concept as well, although it is different than what I had in mind.  I think your idea is great for a vaulting service for high value Bitcoin wallets, although I want my service to be much more liquid and easy to get BTC in and out.

Basically, by keeping your wallet on a remote server, if someone hacks your home computer, they never get a copy of it, so they can't spend your Bitcoins.  Even if that person installs a virus, trojan, or keylogger on your home computer and steals your password to our site, unless they steal your cellphone too, they can't spend your coins because our service will send you a text message with a 4 digit code every time you try to spend coins.

If done properly, it should be more secure than keeping an unencrypted wallet on your home computer.

Welcome.  It sounds like there is a demand for a service like this.  When you say you provide 100 percent coverage of your bitcoin wallet, regardless of what happens to it, what are you guaranteeing?  Are you refunding the contents of customers wallets in case they get compromised?  I don't see how you can do this if the customer keeps a copy.  If the customer uploads a copy that you encrypt, and they keep an unencrypted copy on their home computer, it will still be vulnerable to loss or theft.

Also, how can you prove the the coins were not just spent by the customer?  The only way to really guarantee that nobody will spend the coins except an authorized user is to keep a single copy of the wallet in a highly secure place, with strong encryption.

Thanks for the welcome!

Great questions. Little clarification we are only covering the wallet.dat if our encrypted server that holds your wallet is compromised and your wallet.dat file is taken - as the wallet.dat is the most important piece not the bitcoins inside it. If you loose your wallet.dat its gone forever. So via your upload of the wallet.dat and your payment of service we can verify the wallet is yours and how much you have as a balance via the blockexplorer ledger. Obviously, if you loose/erase your wallet on your home computer you can come retrieve the wallet.dat from us.  This eliminates anyone not trusting us because why would we spend your bitcoin wallets only to have pay out 100 percent coverage against us doing so? At some point there hast be mutual trust otherwise you can encrypt all day once you loose your wallet it doesn't matter.

How do you guarantee coverage you ask ? We know how many bitcoins you had in your wallet upon payment for service via the ledger/blockexplorer ( plus hopefully you are honest when you tell us just how much you have in your BTC so you can get coverage against it) and we can keep track of your balance via the payement link you give us ( we only deal with that payment link you send against). If your wallet.dat is taken from the encrypted server we pay you the amount of your ledger as coverage/insurance at the time of the taking against someone using your bitcoins assumming they took it to go use it. 

As for stolen Bitcoins this is a different situation. Since the amount of your bitcoins changes there is noway to tell if you are spending it all and then claiming it stolen as you said. At the moment we are going to do the honor system but also have some ideas how to deal with this :) 

We are also working on non-upload coverage.

There is more information but can't reveal it all! :)

http://www.bitprotection.info

Numerous servers are compromised daily,  Most of the time without the owners knowledge.
To have alot of Wallets in one place would not only make it a target but, assuming they are miners,  GPU Bruteforce would be rather achievable.  Whilst I commend your effort to secure the Wallet,  Personally I trust my own security other then the security of someone I don't know.

Good Luck with the Idea though :)

FRAUD WARNING

Don't send your wallet file to anybody, ever.  It's always a bad idea.  Unless your intent is to send them all your bitcoins, absolutely nothing good can come of it.

If you want to keep it safe, put it on a CD or a USB flash drive.  If you have a serious amount in coins, buy a dedicated computer and use it only as a bitcoin wallet (you obviously can afford it).  There is nothing to be gained from sending your wallet to anybody for any reason.  If you know how to find your wallet file, you know how to copy it to a USB flash drive, and that should be that.

(Edited this post to make this fraud warning blatantly obvious and higher up in the thread.  The moderator should probably axe this whole thread.  Sorry for such an annoying message, but hearing about people losing their coins to fraud is even more annoying.  The prior contents of this post may be found below.)

Thanks for the good luck! at least I'm attempting to help solve this issue has its just getting out of control!  :-\

"The Bitcoin software internally has the capability of sending Bitcoins to more than one address in a manner that requires BOTH private keys to unlock them. "

Not sure if this was directed toward my service or his but we only cover one payment address to one wallet at least for the moment. This assures the person is the rightful owner of the wallet.

Wait what? How do you create more than wallets for the user to put their coins on???

Also, I was thinking about this the other day. You should create a new wallet and encrypt it. Shred the non-secure wallet. Give the user the private key and store the private key on the server.
If the user wants to send the coins to his real wallet, he would have to provide the private key and a optional passkey to access his wallet.

It requires modification to the source code.

Bitcoin transactions don't technically go to addresses: what they really contain is instructions on how to determine who is allowed to spend them next.  This is called a script.

A transaction that goes out to address A actually goes out as a coded message that says: "A person attempting to re-spend these coins must provide signature that matches address A".

It is possible to have more complex messages.  For example: "A person attempting to re-spend these coins must provide signatures for any 2 of the following 3 addresses, A, B, C."

The owner could be A, and two wallet-securing recovery agents could be B and C.  The coins could be spent either by the owner with the assistance of either agent, or both agents could act together.  Whether or not the agents are trusted is not the point, my point is, the bitcoin software and P2P network already supports complex transactions like this and anyone seriously going to the effort of offering a "wallet securing" service ought to make use of them, rather than just saying "trust us".

Nope. I don't trust you in the slightest.

FRAUD WARNING

Don't send your wallet file to anybody, ever.  It's always a bad idea.  Unless your intent is to send them all your bitcoins, absolutely nothing good can come of it.

If you want to keep it safe, put it on a CD or a USB flash drive.  If you have a serious amount in coins, buy a dedicated computer and use it only as a bitcoin wallet (you obviously can afford it).  There is nothing to be gained from sending your wallet to anybody for any reason.  If you know how to find your wallet file, you know how to copy it to a USB flash drive, and that should be that.

Thanks for all the replies.  The more I consider this, it would need to be a service like LastPass, but integrated with the Bitcoin client.  So, essentially, all wallet decyption is done locally on your machine and we never get a copy of your wallet that is unencrypted.

If you have used LastPass you know how this works.  Never trust anyone with your wallet is right.  Personally I would not want to guarantee other people's wallets, because who knows what will happen?  MtGox being hacked has proven what the risk can be.

Nope, my computer is the only place I trust my wallet.

Personally, I wouldn't trust anyone with my wallet other than myself.  I'm not saying that there isn't a market for a secure wallet service, but I certainly wouldn't use it.  Now, the less tech-savvy bitcoin users may be drawn to something like that because they won't have the patience or aptitude to implement their own security measures.

However, if bitcoin is ever to "make it big", a standardized, secure solution to wallet management MUST be implemented.  So, you would need to keep in mind that your business could become obsolete very quickly if this happened.

Anyone thinking about creating or using an online wallet services should be thinking about offline reserves. See this thread:

https://bitcointalk.org/index.php?topic=34011.0

I really don't see the point. Far more secure on offline portable media.

No need really

Would this SMS service be global or US only?

(Not read entire thread so apologies if already answered.)

after what has happened with mybitcoin, I would not trust any wallet service.

That's my take too. I'll trust my LinuxCoin usb's and my backup system thank you.