Bitcoin Forum

Economy => Services => Topic started by: speeder on October 03, 2011, 05:15:24 PM



Title: I want a wallet with fixed adress!
Post by: speeder on October 03, 2011, 05:15:24 PM
Hello!

I do not trust my own security, so I want a wallet... Like MyBitcoin was before they turned out scammer...

Can someone recommend one? (hopefully, not a scammer)


Title: Re: I want a wallet with fixed adress!
Post by: BurtW on October 03, 2011, 05:42:08 PM
I really like what they are doing over at StrongCoin.com:

All private keys are individually encrypted with passwords of your choosing.
One nice feature is that as you create your passwords it give you an indication of the strength of the password in order to help you pick better passwords.
The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.
You can use StrongCoin to import the value from physical Bitcoins or Bitbill or paper wallets
It allows you to create paper backups of your private keys.
The web site itself is very clean and user friendly.

It is a work in progress but I really like what I see so far.


Title: Re: I want a wallet with fixed adress!
Post by: captainteemo on October 07, 2011, 09:50:58 PM
The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.

Already flawed, pack up and go home.


Title: Re: I want a wallet with fixed adress!
Post by: BurtW on October 07, 2011, 10:23:11 PM
Therefore you can unplug your computer from the Internet while you generate you private keys if you want to.  They private keys are then encrypted by a password.  One nice feature is the system helps guide you to a stronger password as you enter your password.


Title: Re: I want a wallet with fixed adress!
Post by: captainteemo on October 07, 2011, 11:48:30 PM
Therefore you can unplug your computer from the Internet while you generate you private keys if you want to.  They private keys are then encrypted by a password.  One nice feature is the system helps guide you to a stronger password as you enter your password.

Quote
The web hosts most of the world's new crypto functionality. A significant portion of that crypto has been implemented in Javascript, and is thus doomed. This is an issue worth discussing.

Quote
If you don't trust the network to deliver a password, or, worse, don't trust the server not to keep user secrets, you can't trust them to deliver security code. The same attacker who was sniffing passwords or reading diaries before you introduce crypto is simply hijacking crypto code after you do.

Quote
The problem with running crypto code in Javascript is that practically any function that the crypto depends on could be overridden silently by any piece of content used to build the hosting page.

Quote
“Any attacker who could swipe an unencrypted secret can, with almost total certainty, intercept and alter a web request.”
Quote

Quote
Using in-page Javascript without something to help with verification is untenable from a security perspective.

Having a plugin to verify the code sent from the server which is then used to actually perform the crypto is absurd. It unnecessarily increases the attack surface and complexity in comparison to a plugin that directly performs the crypto.


Quote
there is no reasonable argument that in-page Javascript crypto is useful


Title: Re: I want a wallet with fixed adress!
Post by: dogisland on October 10, 2011, 02:25:17 PM
The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.

Already flawed, pack up and go home.

The Javascript library used to encrypt the keys in StrongCoin is gibberish AES.

Implementing AES means producing the precise ciphertext that the standard mandates for a given plaintext and key; we are talking about exact values, down to the last bit, so the language used to code the algorthm is irrelevant.

The main argument against using Javascript for encryption is that the server could be hacked and the JavaScript changed.

Firstly, StrongCoin is deployed to Heroku, you can read their security policy http://policy.heroku.com/security.

Secondly, I will be shortly implementing a remote service to check any changes to the delivered JavaScript. I can then use PingDom to send me an SMS if the checks fail. That's a check every minute.

StrongCoin is probably the least risky way to store and spend Bitcoins.


Title: Re: I want a wallet with fixed adress!
Post by: pointbiz on November 05, 2011, 04:47:46 AM
you could make a paper wallet at bitaddress.org and to spend the btc you can import the private key to mtgox


Title: Re: I want a wallet with fixed adress!
Post by: Tuxavant on November 05, 2011, 06:03:47 PM
bitventory.com looks interesting (like strongcoin, but signable java instead of unsignable javascript).


Title: Re: I want a wallet with fixed adress!
Post by: ThomasV on November 05, 2011, 06:08:54 PM
Hello!

I do not trust my own security, so I want a wallet... Like MyBitcoin was before they turned out scammer...

Can someone recommend one? (hopefully, not a scammer)

what you want is a deterministic wallet. I just released one:
https://bitcointalk.org/index.php?topic=50936.0;topicseen