Bitcoin Forum

Bitcoin => Electrum => Topic started by: jseims on March 05, 2014, 11:18:10 PM


Title: Making Electrum safe to use on computers you can't trust
Post by: jseims on March 05, 2014, 11:18:10 PM
A huge security problem with Bitcoin wallets is they don't protect your funds if keylogging malware exists on your computer.

I recently launched a "cosigning as a service" company, TrustedCoin, to mitigate this threat.  The way it works is:

  • User creates 2 different keys (on 2 different devices, if you want to be extra careful).
  • TrustedCoin creates a 2-of-3 multisig P2SH address, where the user owns 2 of the 3 keys.
  • When anyone tries to spend coins from this address, TrustedCoin will email and SMS the user with details of the transaction, and give the user time (say, 24 hours) to cancel before signing and broadcasting it.

So if your computer gets infected with malware, the worst it can do is spam you with spending attempts.  If this should happen -- or if TrustedCoin were to disappear -- the user can combine both keys and instantly transfer funds to a new address.

Is there anyone interested in integrating our cosiging APIs into Electrum?  We also offer a 70% rev share on all transaction fees (0.0005 BTC per transaction) to the wallet developer.

API Documentation: https://api.trustedcoin.com/#/docs (https://api.trustedcoin.com/#/docs)

Reference web wallet implementation: https://api.trustedcoin.com/wallet (https://api.trustedcoin.com/wallet)

Reddit commentary of this product: http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/ (http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/)

Thanks,

Josh

Title: Re: Making Electrum safe to use on computers you can't trust
Post by: ThomasV on March 06, 2014, 09:53:49 AM
PM sent

Title: Re: Making Electrum safe to use on computers you can't trust
Post by: btcven on March 13, 2014, 04:32:45 AM
I described something like this service, but with the 3rd key unknown unless the service disappears or the user's key is compromised. How would you hide the 3rd key in that case?

Encrypting it with the users PGP key means that he can retrieved it any time, so there's no "green address" condition, but the user needs to be able to retrieve it somewhen.

Title: Re: Making Electrum safe to use on computers you can't trust
Post by: btcven on March 13, 2014, 04:40:16 AM
Transactions taking 24+~1 hours to confirm are useful in what cases?

Title: Re: Making Electrum safe to use on computers you can't trust
Post by: Abdussamad on March 13, 2014, 09:12:05 AM
So I tried TrustedCoin out and I don't see their SMS authentication as being reliable. They've said (http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/cftsk7u) that they support all countries that their gateway Twilio does but that doesn't seem to be the case. Pakistan is not supported by TrustedCoin even though Twilio supports it (http://www.twilio.com/sms/pricing/pk). I've contacted them and they don't seem to know what to do about it. Their responses have been less than confidence inspiring.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines