Is StrongCoin's 'hybrid wallet' a lie? (Or rather, are ALL hybrid wallet a lie?)

[Herbert]

All morality questions aside this is a clear warning:

If you use a hybrid/browser wallet you have a high risk of being compromised.

Although this has been discussed before multiple times i think this is the first time it actually happened. If the operator can do this kind of change the hacker of the site can do exactly the same.

[westkybitcoins]

Waiting for StrongCoin to be hacked in 3... 2... 1...

[crazy_rabbit]

All well and good sir gmaxwell, If I may suggest the issues is the ability to redirect funds in this way makes StongCoin and Blockchain.info fundamentally compromised

I believe that blockchain works in a different way then strongcoin.

[levino]

Leave StrongCoin. They lost all reason to trust them. It is like leaving your Bitcoins with a junkie. Your choice.

[Frozenlock]

All well and good sir gmaxwell, If I may suggest the issues is the ability to redirect funds in this way makes StongCoin and Blockchain.info fundamentally compromised

I believe that blockchain works in a different way then strongcoin.

If you use the browser extension I believe you are relatively safe from arbitrary code changes like the one we witnessed at StrongCoin.

Next step in security is probably to have an hardware wallet with the private key that can sign the transaction without ever letting the computer see the private key.

[gmaxwell]

I believe that blockchain works in a different way then strongcoin.

If you use the browser extension I believe you are relatively safe from arbitrary code changes like the one we witnessed at StrongCoin.[/quote]
That is not correct to the best of my understanding. The extension only makes sure the JS matches the JS on github and does not prevent additional pre-loaded JS from manipulating the execution environment.

Next step in security is probably to have an hardware wallet with the private key that can sign the transaction without ever letting the computer see the private key.

The makes a nice example of why security is hard: This isn't secure either— if you're using a single point of trust webwallet the wallet can still lie to you about having confirmed payments that aren't real or cause you to sign away the bulk of your coins to fees.

[Mike Hearn]

I have an Android phone and have some of my Bitcoins stored on it using Andreas Schildbach's bitcoin wallet for Android. I like many others update my software without looking at it particularly hard. I have not done much programming for a long time.

Andreas could easily pull the same stunt that StrongCoin did and put a special bit of code that steals back stolen funds. It gets worse even. Andreas's software depends on bitcoinj, written by Mike Hearn, who has repeatedly written about blacklists and also does not particularly value anonymity, and does believe Bitcoin can and should be regulated.

Would he sneak some code into bitcoinj itself to steal back stolen funds? Probably not but I can never be sure. (edit: to be clear I mention Mike not because I think he would, but rather because for someone whose views I oppose so strongly I still am trusting him surprisingly directly with hundreds of dollars)

Trust is a very hard problem.

Seeing as you invoked me here, allow me to respond.

Firstly, we are all aware that wallet developers are weak points in the trust chain. I have already started tackling this problem for the case of the Android wallet by researching and obtaining code that can do genuine RSA threshold signing using the Shoup algorithm. I can assure you it was not easy to track down a real threshold RSA library, as far as I can tell none are publicly available (fortunately the one I obtained is open source, just oddly enough it's not distributed).

At the moment the Android wallet isn't being signed using threshold keys but that's just because I didn't get around to it yet. This will come with time, assuming Andreas agrees of course. Once that's done only a quorum of people could make new releases that phones and the Play Store accept. It'd make backdooring a wallet much harder. At any rate, there's no good way to find out via block chain analysis that someone is using Bitcoin Wallet or MultiBit so the same kind of dilemma dogisland faced won't come up.

The second thing I want to comment on is your trolling about what I believe or my trustworthiness. Like a lot of other people, you seem incapable of distinguishing writing about a future possibility with actually supporting it or believing it's a good idea.

In my posts on this forum over the years I've explored many ideas - some of them people here really like such as peer to peer exchanges/credit or how to implement lightweight SPV clients ... and others that a lot of people don't, such as how governments might tax or regulate Bitcoin users. Exploring these ideas doesn't imply wanting to actually make them happen, no more than Gregory writing about StorJ implied that he thinks autonomous lifeforms that evolve and hire humans is a good idea. It's just an intriguing possibility that's worth thinking and writing about.

There's another distinction you're (probably deliberately) failing to make. Just because I think Bitcoin users can be regulated doesn't mean I think all those regulations are a great idea. The fact that users can be regulated is unarguable at this point, lots of people who were running exchanges have had their bank accounts shut down because they didn't follow all the rules, and in the past police (in the USA) have busted people as apparently innocuous as car dealerships for failing to do the right paperwork when accepting cash transactions. If you think using Bitcoin makes you immune to the law, then you're gonna get slapped in the face by reality the moment you scale up your business and get noticed. I mean, it's easy to bluster about sticking it to the man when all you do is generate forum posts. Once you start running a real business, unless you can somehow do it entirely online and perfectly anonymously like the Dread Pirate does, well you're going to have to get in line or go to jail. That's not an opinion, just fact.

Now no reasonable person would be stupid enough to argue blindly for or against "regulations" in general, all that word means is rules and only the most extreme anarchists believe society should have no rules at all. Even libertarians believe that the state should enforce contracts, and contract law is large and complex. Our worlds are full of regulations on everything from finance to the labelling of meat products. You have to weigh up the cost and benefit of specific rules on a case by case basis to figure out if you support them or not. As it happens, I feel the value of many financial regulations are rather questionable. You can easily see how they evolved the way they did and each step along the way probably seemed reasonable at the time, but it was a "road to hell paved with good intentions" type thing. The costs are really high and the benefits often don't seem to be there. Maybe the best possible solution is no financial regulations at all, or maybe there's some in-between sort of compromise solution that helps society keep a lid on thieves, hackers and other scummy types whilst not impinging on civil liberties or creating red-tape overload. That's a topic worth thinking about and exploring, and I personally haven't made my mind up yet. I don't much like the current way finance and crime-fighting intersect, but I haven't decided if I dislike the general concept or just the way it works today.

Regardless, my own opinions on the matter don't affect existing laws or enforcement of them.

[jubalix]

A large flaw in your position is in relation to the "law"

the Law is essentially an instrument of stupidity, unfairness and for the Govt and large Corps / Rich to crush you.

I would argue the the strongest point of CC's is the elision of sovereignty from the state to the individual, with all that entails

I have an Android phone and have some of my Bitcoins stored on it using Andreas Schildbach's bitcoin wallet for Android. I like many others update my software without looking at it particularly hard. I have not done much programming for a long time.

Andreas could easily pull the same stunt that StrongCoin did and put a special bit of code that steals back stolen funds. It gets worse even. Andreas's software depends on bitcoinj, written by Mike Hearn, who has repeatedly written about blacklists and also does not particularly value anonymity, and does believe Bitcoin can and should be regulated.

Would he sneak some code into bitcoinj itself to steal back stolen funds? Probably not but I can never be sure. (edit: to be clear I mention Mike not because I think he would, but rather because for someone whose views I oppose so strongly I still am trusting him surprisingly directly with hundreds of dollars)

Trust is a very hard problem.

Seeing as you invoked me here, allow me to respond.

Firstly, we are all aware that wallet developers are weak points in the trust chain. I have already started tackling this problem for the case of the Android wallet by researching and obtaining code that can do genuine RSA threshold signing using the Shoup algorithm. I can assure you it was not easy to track down a real threshold RSA library, as far as I can tell none are publicly available (fortunately the one I obtained is open source, just oddly enough it's not distributed).

At the moment the Android wallet isn't being signed using threshold keys but that's just because I didn't get around to it yet. This will come with time, assuming Andreas agrees of course. Once that's done only a quorum of people could make new releases that phones and the Play Store accept. It'd make backdooring a wallet much harder. At any rate, there's no good way to find out via block chain analysis that someone is using Bitcoin Wallet or MultiBit so the same kind of dilemma dogisland faced won't come up.

The second thing I want to comment on is your trolling about what I believe or my trustworthiness. Like a lot of other people, you seem incapable of distinguishing writing about a future possibility with actually supporting it or believing it's a good idea.

In my posts on this forum over the years I've explored many ideas - some of them people here really like such as peer to peer exchanges/credit or how to implement lightweight SPV clients ... and others that a lot of people don't, such as how governments might tax or regulate Bitcoin users. Exploring these ideas doesn't imply wanting to actually make them happen, no more than Gregory writing about StorJ implied that he thinks autonomous lifeforms that evolve and hire humans is a good idea. It's just an intriguing possibility that's worth thinking and writing about.

There's another distinction you're (probably deliberately) failing to make. Just because I think Bitcoin users can be regulated doesn't mean I think all those regulations are a great idea. The fact that users can be regulated is unarguable at this point, lots of people who were running exchanges have had their bank accounts shut down because they didn't follow all the rules, and in the past police (in the USA) have busted people as apparently innocuous as car dealerships for failing to do the right paperwork when accepting cash transactions. If you think using Bitcoin makes you immune to the law, then you're gonna get slapped in the face by reality the moment you scale up your business and get noticed. I mean, it's easy to bluster about sticking it to the man when all you do is generate forum posts. Once you start running a real business, unless you can somehow do it entirely online and perfectly anonymously like the Dread Pirate does, well you're going to have to get in line or go to jail. That's not an opinion, just fact.

Now no reasonable person would be stupid enough to argue blindly for or against "regulations" in general, all that word means is rules and only the most extreme anarchists believe society should have no rules at all. Even libertarians believe that the state should enforce contracts, and contract law is large and complex. Our worlds are full of regulations on everything from finance to the labelling of meat products. You have to weigh up the cost and benefit of specific rules on a case by case basis to figure out if you support them or not. As it happens, I feel the value of many financial regulations are rather questionable. You can easily see how they evolved the way they did and each step along the way probably seemed reasonable at the time, but it was a "road to hell paved with good intentions" type thing. The costs are really high and the benefits often don't seem to be there. Maybe the best possible solution is no financial regulations at all, or maybe there's some in-between sort of compromise solution that helps society keep a lid on thieves, hackers and other scummy types whilst not impinging on civil liberties or creating red-tape overload. That's a topic worth thinking about and exploring, and I personally haven't made my mind up yet. I don't much like the current way finance and crime-fighting intersect, but I haven't decided if I dislike the general concept or just the way it works today.

Regardless, my own opinions on the matter don't affect existing laws or enforcement of them.

[evilpete]

Strongcoin never knew the private keys.  If they did, even more BTC would have been recovered than was.

All its owner did was deliver modified JS to the thief (only) that replaced the change and "To" addresses with dogisland's address.  It took the thief (from what I can see) about 5 transactions before she realized she was 0wned.  Stilll the thief has done very well for herself with 300+ BTC.  I wonder if she was smart enough to figure out how to reclaim her remaining coins (if any) without using Strongcoin's WebUI..... or is she stuck.

I find the irony delicious.  The hacker injected some code to ozcoin's backend and caused ozcoin to pay the hacker instead of the miners.  The hacker showed the way and strongcoin used the same basic technique against them.

While I agree this is a slippery slope, I'm glad that the strongcoin folks chose to spend (burned) a considerable amount of goodwill to execute this.  I can't imagine it was an easy decision to make.  They would have known they'd take a lot of heat for it.

it's also a good reality check and a reminder that you Do Not(TM) trust a third party to hold your coins - even if the keys are encrypted.  Especially not when you're running third party javascript, sight unseen.

Personally, I feel that anyone that trusts putting coins in a browser environment is insane.

[P4man]

Personally, I feel that anyone that trusts putting coins in a browser environment is insane.

Trust isnt a binary thing. Its just a matter of how much you trust it.

For instance, like all miners I always have at least a tiny balance at the pool I mine. Am I certain it wont get hacked? Clearly not, but  Im only risking ~0.1 BTC there.
I tend to keep a bigger amount of BTC on my blockchain.info wallet, so I can access it from my smartphone. I absolutely do not have 100% trust in that either, but enough that its practicality warrants the risk of a few BTC. I have more BTC stored in Casascius coins. I dont have absolute trust in that either, but once again sufficient trust for the amount I invested in it. Well, at least at the price I paid almost 2 years ago. I may have to reassess. I have balances at exchanges, at online poker sites, betsofbitcoin and other places that are at risk of getting hacked or scamming me. Case in point, I will probably lose a fair amount of money on the bitcoin-24 debacle.

A significant portion of my BTC reside in my qt wallet, but one shouldnt fully trust that either, its not impossible my PC gets hacked or infected, no matter what OS you use or security provisions you take. Lastly, the bulk of my BTC are in cold storage. Thats as secure as it gets, but you guessed it, even that isnt 100% sure.

So its all a matter of weighing the risks. And that applies to investing in bitcoin anyway, no matter what medium you use to store them.

[tvbcof]

Geez, just look at the facts.

Strongcoin never knew the private keys.  If they did, even more BTC would have been recovered than was.

All its owner did was deliver modified JS to the thief (only) that replaced the change and "To" addresses with dogisland's address.  It took the thief (from what I can see) about 5 transactions before she realized she was 0wned.  Stilll the thief has done very well for herself with 300+ BTC.  I wonder if she was smart enough to figure out how to reclaim her remaining coins (if any) without using Strongcoin's WebUI..... or is she stuck.

Ha-ha-ha-ha!  Nice ownage!  I wish I could have seen the look on the perp's face as these 5+ transactions went down.  Especially at the magical moment when the lightbulb went on.

Happy-ish endings like this are rare in Bitcoinland so it's nice to see this little tidbit.  I didn't know much about Strongcoin but I do need to split up my on-line wallet holdings a bit more and this is a damn good reason to start a wallet there.

If course if there was a mis-understanding and the accused really did by a car with an NDA I'm sure they will have no problem going through the court system to obtain their rightful property.  I don't think I'll hold my breath waiting for this to go down.

[tvbcof]

...I didn't know much about Strongcoin but I do need to split up my on-line wallet holdings a bit more and this is a damn good reason to start a wallet there.

...Or maybe not.  I don't see a 'strongcoin' announcement on this forum...although the search functions are pretty broken it seems.  Nor do I see an 'about us' on the web page.

blockchain.info seems to be done by a guy who does not mind putting his name on things and supplying decent information about the business.  It also seems to let one use the service without supplying an e-mail addy (whether or not that is a good idea.)  Both of these things are meaningful to me.

[Rampion]

Well, what happened to this?

What is a hybrid wallet ?
A hybrid wallet allows you to send and receive Bitcoins just like any other wallet. However, the Bitcoin private key which is required to send money is encrypted in your browser before it reaches our servers.

Therefore our servers only hold encrypted private keys and neither we nor anyone else can spend your Bitcoins. Only you.

How was dogisland able to "seize" those funds to return them back to Graet? Maybe he modified the site, so all the transaction originated by the thief went to an address controlled by him?

IMO this confirms again that shared wallet/third party services are insecure by nature and thus should be avoided, regardless of super strong passwords, encryption, 2 factor authorization, etc. etc. etc.

It's a pity because really secure third party services are need for BTC (for example for trading)

[evilpete]

IMO this confirms again that shared wallet/third party services are insecure by nature and thus should be avoided, regardless of super strong passwords, encryption, 2 factor authorization, etc. etc. etc.

The weak link is the browser.  You're being sent javascript and having the browser execute it - sight unseen.  Are you really looking at the javascript crypto and *what* its signing?

Still, hybrid wallets are a step up from hosted wallets (where the host holds the private keys) in that it requires your action to spend something and the host (or some thief) can't just grab all the wallet.dat files from the server and make a run for it.

blockchain.info could presumably do the same sort of thing.

[Loozik]

The weak link is the browser.  You're being sent javascript and having the browser execute it - sight unseen.

Is biaddress.org service of generating keys and addresses safe then? You are using their java app that uses a browser, aren't you?