Bitcoin Forum

This question has been asked previously ( https://bitcointalk.org/index.php?topic=170264.0 (https://bitcointalk.org/index.php?topic=170264.0) ) but the answers weren't as good as I was hoping (and as a newbie I can only post here for now).

I understand the principle of unlock-sendtoaddress-lock but this seems unduly risky to me. If a hacker can deploy key-loggers to a server they can also deploy wallet monitors that can scan the wallet.dat files for the private keys and in the brief milliseconds that the wallet is unlocked, the private keys will be read, tested and emptied.

So my questions are:

1. Will there ever be a password parameter to sendtoaddress? If so, any idea when? I see this has been a known issue for at least two years and as far as I can see, nothing has been done.

2. How do online wallet and exchange services protect their wallets (or for that matter, client solutions like armory). I can only assume they don't rely on the unlock-send-lock method.

3. Alternatively - are there methods for receiving and sending bitcoin (and other crypto currencies) that don't use a local bitcoind service? I would feel much safer knowing the private keys were never stored on disk in plain text at any time.

Regards,
Guyon

2: Exchanges use Cold Storage for %80 of their holdings (Paper Wallets)

Thanks, but I already know about cold storage, that wasn't the question. What I'm really interested in is - How do they protect their online coins?

Their Bitcoins withdrawals doesnt need to be instant, and every request might be reviewed

MtGox hours to several days delays for Bitcoins withdrawals makes sence

Don't think there is anything in the market that can achieve that. Paper wallets are the safest bet, you use the address to receive Bitcoins and you import the private key into your wallet when you want to spend the Bitcoins, that's it.