Bitcoin Forum
November 16, 2024, 05:32:57 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Poll
Question: Would you use an online secure wallet service with 2-factor authentication?
Yes, I would use it - 2 (10%)
No, I wouldn't use it - 9 (45%)
I might use it, but I need to know more - 9 (45%)
Total Voters: 20

Pages: « 1 [2]  All
  Print  
Author Topic: Secure Wallet Service - would you use it?  (Read 2611 times)
Stormy (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 17, 2011, 04:37:57 PM
 #21

Hello all I hadn't had a chance to get on the forum because been busy working on the service as with all the things going on out there the time is now ...

...we are  in the process of doing this and the response has been pretty good with over 300+ sign ups so far.

We plan on offering 2 ways to do this but our biggest benefit is we provide 100 percent coverage of your bitcoin wallet regardless of what happens to it.

(theft of coins out of the wallet,erasing/HD crashes,lost wallets to name a few)

The 2 ways are:

1.) to upload a copy of your wallet and we can provide a encrypted back it up  and still provide coverage against it.  Keep in mind this is a copy of it so still  you keep the original wallet. In other words, this isn't a pull down , put back service. 

2.) If you choose to not upload it we can still provide protected coverage. More details to come regarding this.

Feel free to check out my sig. and put your e-mail in for more information.

Just wanted to get into this forum and introduce myself!

Welcome.  It sounds like there is a demand for a service like this.  When you say you provide 100 percent coverage of your bitcoin wallet, regardless of what happens to it, what are you guaranteeing?  Are you refunding the contents of customers wallets in case they get compromised?  I don't see how you can do this if the customer keeps a copy.  If the customer uploads a copy that you encrypt, and they keep an unencrypted copy on their home computer, it will still be vulnerable to loss or theft.

Also, how can you prove the the coins were not just spent by the customer?  The only way to really guarantee that nobody will spend the coins except an authorized user is to keep a single copy of the wallet in a highly secure place, with strong encryption.
bitprotection
Member
**
Offline Offline

Activity: 103
Merit: 10



View Profile
June 17, 2011, 10:02:25 PM
 #22

Thanks for the welcome!

Great questions. Little clarification we are only covering the wallet.dat if our encrypted server that holds your wallet is compromised and your wallet.dat file is taken - as the wallet.dat is the most important piece not the bitcoins inside it. If you loose your wallet.dat its gone forever. So via your upload of the wallet.dat and your payment of service we can verify the wallet is yours and how much you have as a balance via the blockexplorer ledger. Obviously, if you loose/erase your wallet on your home computer you can come retrieve the wallet.dat from us.  This eliminates anyone not trusting us because why would we spend your bitcoin wallets only to have pay out 100 percent coverage against us doing so? At some point there hast be mutual trust otherwise you can encrypt all day once you loose your wallet it doesn't matter.

How do you guarantee coverage you ask ? We know how many bitcoins you had in your wallet upon payment for service via the ledger/blockexplorer ( plus hopefully you are honest when you tell us just how much you have in your BTC so you can get coverage against it) and we can keep track of your balance via the payement link you give us ( we only deal with that payment link you send against). If your wallet.dat is taken from the encrypted server we pay you the amount of your ledger as coverage/insurance at the time of the taking against someone using your bitcoins assumming they took it to go use it. 

As for stolen Bitcoins this is a different situation. Since the amount of your bitcoins changes there is noway to tell if you are spending it all and then claiming it stolen as you said. At the moment we are going to do the honor system but also have some ideas how to deal with this Smiley 

We are also working on non-upload coverage.

There is more information but can't reveal it all! Smiley

http://www.bitprotection.info


Working on protecting the community!
ArXiS
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile WWW
June 17, 2011, 11:51:16 PM
 #23

Numerous servers are compromised daily,  Most of the time without the owners knowledge.
To have alot of Wallets in one place would not only make it a target but, assuming they are miners,  GPU Bruteforce would be rather achievable.  Whilst I commend your effort to secure the Wallet,  Personally I trust my own security other then the security of someone I don't know.

Good Luck with the Idea though Smiley
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 17, 2011, 11:54:59 PM
Last edit: June 18, 2011, 03:33:18 AM by casascius
 #24

FRAUD WARNING

Don't send your wallet file to anybody, ever.  It's always a bad idea.  Unless your intent is to send them all your bitcoins, absolutely nothing good can come of it.

If you want to keep it safe, put it on a CD or a USB flash drive.  If you have a serious amount in coins, buy a dedicated computer and use it only as a bitcoin wallet (you obviously can afford it).  There is nothing to be gained from sending your wallet to anybody for any reason.  If you know how to find your wallet file, you know how to copy it to a USB flash drive, and that should be that.

(Edited this post to make this fraud warning blatantly obvious and higher up in the thread.  The moderator should probably axe this whole thread.  Sorry for such an annoying message, but hearing about people losing their coins to fraud is even more annoying.  The prior contents of this post may be found below.)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
bitprotection
Member
**
Offline Offline

Activity: 103
Merit: 10



View Profile
June 17, 2011, 11:59:43 PM
Last edit: June 18, 2011, 01:09:18 AM by bitprotection
 #25

Numerous servers are compromised daily,  Most of the time without the owners knowledge.
To have alot of Wallets in one place would not only make it a target but, assuming they are miners,  GPU Bruteforce would be rather achievable.  Whilst I commend your effort to secure the Wallet,  Personally I trust my own security other then the security of someone I don't know.

Good Luck with the Idea though Smiley

Thanks for the good luck! at least I'm attempting to help solve this issue has its just getting out of control!  Undecided

Working on protecting the community!
bitprotection
Member
**
Offline Offline

Activity: 103
Merit: 10



View Profile
June 18, 2011, 12:01:55 AM
 #26

"The Bitcoin software internally has the capability of sending Bitcoins to more than one address in a manner that requires BOTH private keys to unlock them. "

Not sure if this was directed toward my service or his but we only cover one payment address to one wallet at least for the moment. This assures the person is the rightful owner of the wallet.

Working on protecting the community!
Chick
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
June 18, 2011, 12:10:45 AM
 #27

Wait what? How do you create more than wallets for the user to put their coins on???

Also, I was thinking about this the other day. You should create a new wallet and encrypt it. Shred the non-secure wallet. Give the user the private key and store the private key on the server.
If the user wants to send the coins to his real wallet, he would have to provide the private key and a optional passkey to access his wallet.

casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 18, 2011, 12:25:16 AM
 #28

Wait what? How do you create more than wallets for the user to put their coins on???

It requires modification to the source code.

Bitcoin transactions don't technically go to addresses: what they really contain is instructions on how to determine who is allowed to spend them next.  This is called a script.

A transaction that goes out to address A actually goes out as a coded message that says: "A person attempting to re-spend these coins must provide signature that matches address A".

It is possible to have more complex messages.  For example: "A person attempting to re-spend these coins must provide signatures for any 2 of the following 3 addresses, A, B, C."

The owner could be A, and two wallet-securing recovery agents could be B and C.  The coins could be spent either by the owner with the assistance of either agent, or both agents could act together.  Whether or not the agents are trusted is not the point, my point is, the bitcoin software and P2P network already supports complex transactions like this and anyone seriously going to the effort of offering a "wallet securing" service ought to make use of them, rather than just saying "trust us".

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Twiddle
Newbie
*
Offline Offline

Activity: 11
Merit: 0



View Profile
June 18, 2011, 12:34:38 AM
 #29

Would anyone be interested in such a service?

Nope. I don't trust you in the slightest.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 18, 2011, 03:27:48 AM
 #30

FRAUD WARNING

Don't send your wallet file to anybody, ever.  It's always a bad idea.  Unless your intent is to send them all your bitcoins, absolutely nothing good can come of it.

If you want to keep it safe, put it on a CD or a USB flash drive.  If you have a serious amount in coins, buy a dedicated computer and use it only as a bitcoin wallet (you obviously can afford it).  There is nothing to be gained from sending your wallet to anybody for any reason.  If you know how to find your wallet file, you know how to copy it to a USB flash drive, and that should be that.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Stormy (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 22, 2011, 12:55:20 AM
 #31

Thanks for all the replies.  The more I consider this, it would need to be a service like LastPass, but integrated with the Bitcoin client.  So, essentially, all wallet decyption is done locally on your machine and we never get a copy of your wallet that is unencrypted.

If you have used LastPass you know how this works.  Never trust anyone with your wallet is right.  Personally I would not want to guarantee other people's wallets, because who knows what will happen?  MtGox being hacked has proven what the risk can be.
kwiky
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
June 22, 2011, 01:27:59 AM
 #32

Nope, my computer is the only place I trust my wallet.
cothoms
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 22, 2011, 02:49:03 AM
 #33

Personally, I wouldn't trust anyone with my wallet other than myself.  I'm not saying that there isn't a market for a secure wallet service, but I certainly wouldn't use it.  Now, the less tech-savvy bitcoin users may be drawn to something like that because they won't have the patience or aptitude to implement their own security measures.

However, if bitcoin is ever to "make it big", a standardized, secure solution to wallet management MUST be implemented.  So, you would need to keep in mind that your business could become obsolete very quickly if this happened.
dacoinminster
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 03, 2011, 04:32:07 PM
 #34

Anyone thinking about creating or using an online wallet services should be thinking about offline reserves. See this thread:

https://bitcointalk.org/index.php?topic=34011.0

Aceros
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
August 03, 2011, 09:46:24 PM
 #35

I really don't see the point. Far more secure on offline portable media.
JHen
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
August 03, 2011, 10:17:36 PM
 #36

No need really
Peter-Jan Celis (BitFlow)
Newbie
*
Offline Offline

Activity: 20
Merit: 0



View Profile WWW
August 04, 2011, 03:21:50 AM
 #37

Would this SMS service be global or US only?

(Not read entire thread so apologies if already answered.)
coincat
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
August 04, 2011, 03:53:33 AM
 #38

after what has happened with mybitcoin, I would not trust any wallet service.
Smalleyster
Member
**
Offline Offline

Activity: 84
Merit: 10


I yam what I yam. - Popeye


View Profile WWW
August 04, 2011, 04:29:53 AM
 #39

Numerous servers are compromised daily,  Most of the time without the owners knowledge.
To have alot of Wallets in one place would not only make it a target but, assuming they are miners,  GPU Bruteforce would be rather achievable.  Whilst I commend your effort to secure the Wallet,  Personally I trust my own security other then the security of someone I don't know.

Good Luck with the Idea though Smiley

That's my take too. I'll trust my LinuxCoin usb's and my backup system thank you.

Feel like investing in a Miner?:
http://bitcointalk.org/index.php?topic=30044.msg377773#msg377773
A soup to nuts newbee system for a secure, portable USB wallet (free instructions):
NoobHowTo: http://bitcointalk.org/index.php?topic=27088.msg341387#msg341387
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!