Bitcoin Forum
November 24, 2017, 02:19:31 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How secure is Blockchain.info  (Read 5421 times)
Seal
Donator
Hero Member
*
Offline Offline

Activity: 836


View Profile WWW
September 16, 2012, 01:58:46 PM
 #1

I know this has been discussed in the official post but I wanted to ask in a separate thread for clarity.

Just how secure is blockchain.info with my private keys?

From what I can gather, your info is all AES encrypted however its ultimately stored centrally on the blockchan.info server. This makes me feel a little uncomfortable.

Whats stopping someone with access to the server performing some kind of man in the middle attack?

1511489971
Hero Member
*
Offline Offline

Posts: 1511489971

View Profile Personal Message (Offline)

Ignore
1511489971
Reply with quote  #2

1511489971
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511489971
Hero Member
*
Offline Offline

Posts: 1511489971

View Profile Personal Message (Offline)

Ignore
1511489971
Reply with quote  #2

1511489971
Report to moderator
1511489971
Hero Member
*
Offline Offline

Posts: 1511489971

View Profile Personal Message (Offline)

Ignore
1511489971
Reply with quote  #2

1511489971
Report to moderator
1511489971
Hero Member
*
Offline Offline

Posts: 1511489971

View Profile Personal Message (Offline)

Ignore
1511489971
Reply with quote  #2

1511489971
Report to moderator
stepkrav
Full Member
***
Offline Offline

Activity: 182



View Profile
September 16, 2012, 02:04:20 PM
 #2

If you feel uncomfortable, why don't you use you own wallets (cold storage, offline etc) and have blockchain's wallet only for temporary storage of btc?
hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 16, 2012, 02:04:42 PM
 #3

Very secure, I'd venture to say it's as secure as an ewallet can possibly be.

Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.


My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
fivemileshigh
Full Member
***
Offline Offline

Activity: 136


View Profile
September 16, 2012, 03:26:43 PM
 #4

you can use two factor authentication and a javascript verifier.



Hey, what's this?

thanks

hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 16, 2012, 03:33:22 PM
 #5

you can use two factor authentication and a javascript verifier.



Hey, what's this?

thanks

https://blockchain.info/wallet/verifier

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
barbarousrelic
Hero Member
*****
Offline Offline

Activity: 675


View Profile
September 16, 2012, 03:59:49 PM
 #6

Who runs blockchain.info ? Is he a poster here?

Do not waste your time debating whether Bitcoin can work. It does work.

"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.

There is no such thing as "market manipulation." There is only buying and selling.
zoinky
Hero Member
*****
Offline Offline

Activity: 808


Web Developer


View Profile
September 16, 2012, 05:01:25 PM
 #7

Who runs blockchain.info ? Is he a poster here?
https://bitcointalk.org/index.php?action=profile;u=17928
hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 16, 2012, 05:26:37 PM
 #8

https://bitcointalk.org/index.php?topic=40264.0

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Gaff
Sr. Member
****
Offline Offline

Activity: 422



View Profile
September 16, 2012, 08:01:30 PM
 #9

Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.

Actually I reckon the backup is a weak point. One of the biggest risks you face is the possibility of a key-logger on your machine. Two factor authentication protects you against this (as long as an attacker can't use social engineering to get it removed). However if they can get the backup encrypted with the same password they can effectively bypass the two factor authentication.

A simple solution for this would be to encrypt the backups with a different (rarely typed in) password. I do hope blockchain.info offer this at some point.

      ▀███   ███   ████    ▄██████▄
       ████ █████ █████▄  ███▀  ▀███
        ███▄██▀██▄██████  ██████████
        ▀█████ █████▀████ ███▄  ▄▄▄
         ▀███   ███▀  ███▄ ▀██████▀▀
                      ▀███
███▄████▄     ▄█████▄  ████   ███   ███▀ ▄██████▄  ███▄██
████▀▀▀███▄ ▄███▀▀▀███▄ ███  █████  ███ ███▀  ▀███ █████▀
███     ███ ███     ███ ▀███ █████ ███  ██████████ ███
███▄   ▄███ ███▄   ▄███  ▀█████▀█████▀  ███▄  ▄▄▄  ███
█████████▀   ▀███████▀    ████▀ ▀████   ▀████████▀ ███
███ ▀▀▀▀       ▀▀▀▀▀       ▀▀▀   ▀▀▀      ▀▀▀▀▀▀   ▀▀▀
███
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 16, 2012, 08:40:59 PM
 #10

Does it really work that way? Is the backup only encrypted by my password?

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Kupsi
Legendary
*
Offline Offline

Activity: 1191


9.9.2012: I predict that single digits... <- FAIL


View Profile
September 16, 2012, 10:58:23 PM
 #11

You can send the backup to a gmail account with two factor authentication enabled.
hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
September 16, 2012, 11:14:56 PM
 #12

You can send the backup to a gmail account with two factor authentication enabled.

Are gmail accounts encrypted so google can't see inside?

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Kupsi
Legendary
*
Offline Offline

Activity: 1191


9.9.2012: I predict that single digits... <- FAIL


View Profile
September 16, 2012, 11:36:11 PM
 #13

You can send the backup to a gmail account with two factor authentication enabled.

Are gmail accounts encrypted so google can't see inside?
I guess they can read my mail. But they also need a keylogger on my machine to decrypt the backup.
Seal
Donator
Hero Member
*
Offline Offline

Activity: 836


View Profile WWW
September 17, 2012, 03:44:09 AM
 #14

Very secure, I'd venture to say it's as secure as an ewallet can possibly be.

Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.



How secure is the encryption on the wallets that are stored on blockchain.info's servers?

Also, there is the ability to use a second password to protect your wallets, am I right in saying that this is the same type of encryption used in the Bitcoin-qt's password where you need it to send funds?

invisiblehand
Jr. Member
*
Offline Offline

Activity: 49


View Profile
December 04, 2013, 10:23:28 PM
 #15

Also, there is the ability to use a second password to protect your wallets, am I right in saying that this is the same type of encryption used in the Bitcoin-qt's password where you need it to send funds?
Yes there is the ability to put a second password for sending coins

However, on QT the password is the same as the one used to encrypt the wallet

On blockchain it can be a different password, and it is entered using an on-screen keyboard to protect against keylogging
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!