|
Title: Braincontrol Post by: Valerian77 on February 09, 2014, 10:39:33 PM Just found this by following Reddit braincontrol.me (http://tinyurl.com/pfszk6s)
This wallet looks pretty cool and judges Apple's Bitcoin ban to what it is - stupid and senseless. Title: Re: Braincontrol Post by: roslinpl on February 09, 2014, 10:42:53 PM Just found this by following Reddit braincontrol.me (http://tinyurl.com/pfszk6s) Very nice.This wallet looks pretty cool and judges Apples stupid to what it is - stupid and senseless. I hope this project will give a wallet to iphone users. Apple sux this a lot Title: Re: Braincontrol Post by: befuddled on February 09, 2014, 11:30:45 PM I just came here to post about this. I think it is brilliant.
Technically, it's a small step in that it's a twist on the brain wallet. The private keys are not stored anywhere. And yet it's so easy to use and almost foolproof. In principle I guess it could be vulnerable to a key logger, except that entering the pin is done in the manner of clicking on buttons. I don't know if that's enough to defeat all possible key loggers or not. And the logger would have to be there when the salt is first typed in. I'm a bit worried that if the particular website that hosts the html5 app goes away (braincontrol.me at the moment), then it would be a bit more work to get the coins back. You have to run the html5 app from the same URL as when you transferred the coins in, since the url is used to create the private key: <script> var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin))); </script> Not that you couldn't create your own script that hard codes the URL that was used when you transferred the coins in, so as to create the private keys when all the other factors are known. To me this is starting to look like the secure storage your grandmother could use. Or maybe someone more knowledgable could point out what I'm missing. Edit: Having read the Reddit thread, I see someone pointed out an obvious vulnerability that didn't occur to me. You have to trust that the html/javascript isn't malicious because it could record/compromise your private key. Doh. Not saying the website creator would do so, but the site could be hacked, obviously. Maybe what we need is a browser plug-in that performs a checksum/signing on all html and javascript that gets executed so you can see if it changes. Though that might require some independent (trusted) agent to determine that the code is safe at time of signing. Title: Re: Braincontrol Post by: zakoliverz on February 18, 2014, 08:45:31 AM too bad i cannot use braincontrol anymore.
Title: Re: Braincontrol Post by: madzooka on February 24, 2014, 05:45:20 AM Accordong the befuddled's comment this wallet for me doesn't seem to be good one. Maybe in future the siruation will change
|