Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred

[1base58]

ASICMINER shares are tied to addresses. Exchanges hold the shares themselves, they are passthroughs.

We use Google's 2FA security model - you can disable 2FA without entering the code in case you lost your phone - this requires you to have a signed in session. Sessions are both IP and user agent locked.

Our site is secure against XSS attacks, as well as CSRF attacks.

Thanks for your feedback! One of the directions we may be going into is a multicurrency wallet with a built in exchange. However, we also want to focus on the core for now.

I can accept 2FA being disabled without requiring the code. It is more concerning that the 2FA secret is shown on the account details page. I believe the best practice adopted by Google / Dropbox is to not reveal the secret once enabled, and to use a new secret if 2FA was disabled then reenabled.

Hey, thanks for answering my questions, and I certainly hope you support LTC in the future. You only have to read this thread to see how the lack of a secure & trusted online wallet for LTC is an opportunity for scammers and hurts the cryptocurrency community.

[1714672321]

1714672321

[1714672321]

1714672321

[1714672321]

1714672321

[1714672321]

1714672321

[btc4ever]

I am glad to see this service announcement.

Coincidentally, I just started a thread about using payment processors that support btc-to-email in order to implement a massive bitcoin moneybomb sending BTC to either:
  a) friends/family to promote awareness/adoption, and expand the btc economy.
  b) a single charity, to promote public image.

Perhaps inputs.io can help us pull this off.

https://bitcointalk.org/index.php?topic=248870.new#new

[🏰 TradeFortress 🏰]

I can accept 2FA being disabled without requiring the code. It is more concerning that the 2FA secret is shown on the account details page. I believe the best practice adopted by Google / Dropbox is to not reveal the secret once enabled, and to use a new secret if 2FA was disabled then reenabled.

Hey, thanks for answering my questions, and I certainly hope you support LTC in the future. You only have to read this thread to see how the lack of a secure & trusted online wallet for LTC is an opportunity for scammers and hurts the cryptocurrency community.

2FA code is now hidden entirely after it has been enabled, and a new secret is generated every time it is disabled.

UI on smaller screens also fixed. You'll need to do a hard refresh.

Thank you!

[Inputs.io]

Hi!

This is Inputs' forum account (along with Inputs.io Support).

[🏰 TradeFortress 🏰]

Hi!

This is Inputs' forum account (along with Inputs.io Support).

Confirmed.

[1base58]

2FA code is now hidden entirely after it has been enabled, and a new secret is generated every time it is disabled.

UI on smaller screens also fixed. You'll need to do a hard refresh.

Thank you!

That was quick It's working as expected.

I see you're making changes to the front page as well. I don't know what you had in mind for the spin effect graphic, but I can say it makes my head hurt.

[🏰 TradeFortress 🏰]

Tweaked it a bit and added a touch of color. Let me know what you think.

If it made your head spin,

[Herbert]

Created a wallet, sent 0.01 BTC to my deposit address. Transaction (https://blockchain.info/tx/f304d86fc093a178655844082211567139fdfbbd1e0a7da635b843ad21d8139b) has now 2 confirmations, but inputs.io wallet says it is still unconfirmed.
According to FAQ everything below 5BTC should be confirmed with one confirmation.

Whats up?

[🏰 TradeFortress 🏰]

Created a wallet, sent 0.01 BTC to my deposit address. Transaction (https://blockchain.info/tx/f304d86fc093a178655844082211567139fdfbbd1e0a7da635b843ad21d8139b) has now 2 confirmations, but inputs.io wallet says it is still unconfirmed.
According to FAQ everything below 5BTC should be confirmed with one confirmation.

Whats up?

Your TX has been credited.

[Herbert]

Created a wallet, sent 0.01 BTC to my deposit address. Transaction (https://blockchain.info/tx/f304d86fc093a178655844082211567139fdfbbd1e0a7da635b843ad21d8139b) has now 2 confirmations, but inputs.io wallet says it is still unconfirmed.
According to FAQ everything below 5BTC should be confirmed with one confirmation.

Whats up?

Your TX has been credited.

Got it, thanks!

[Turbonoodle]

Great site!

Some questions:

1. In the Send Bitcoins page, there is a USD calculator box. Any chance you could add a preference to change it to Euro, too? Also, where are you getting the exchange rate for that?

2. I undestand that you can withdraw from Coinlenders back to inputs.io. You also can send instantly to just-dice, but looks like you can't send back to inputs.io wallet from there. Any plans to allow instant withdrawals from just-dice to inputs.io wallet?

[Herbert]

2. I undestand that you can withdraw from Coinlenders back to inputs.io. You also can send instantly to just-dice, but looks like you can't send back to inputs.io wallet from there. Any plans to allow instant withdrawals from just-dice to inputs.io wallet?

I think in some thread Dooglus mentioned that withdrawal from just-dice to inputs.io will be implemented soon.

[whiskers75]

Awesome service! Yay, no more waiting for confirms.

[Herbert]

It seems you put a lot of thought into security measures. Still it seems the callback API is somehow lacking. The only proof that the callback is actually coming from your site is the IP-Address of the sender. There are possibilities to spoof the source IP of a TCP connection, especially in a case where the attacker has access to the subnet of the receiving system (see e.g. http://www.symantec.com/connect/articles/ip-spoofing-introduction).

You should consider adding another security layer here. For example on bitcoinmonitor.net callback notifications I added a signature to the callback data which makes sure that the callback was created by the server and not someone else (see http://www.bitcoinmonitor.net/help/ -> section "security").

As the signed data does not contain a time component this is probably still prone to replay attacks of the same request with same signature and spoofed sourceIP, but at least raises the bar. And I am sure there are advanced cryptotechniques that could also close this attack vector.

[🏰 TradeFortress 🏰]

Hi Hebert,

Thank you for your comments. We support adding secrets to your callback URL. Example:

https://www.example.com/callback?sec=putSomethingHere

Use that as your callback URL. Use SSL so others will not know your secret.

It is not open to replay attacks as for record keeping purposes you should be recording all transactions including the TXID.

[🏰 TradeFortress 🏰]

Great site!

Some questions:

1. In the Send Bitcoins page, there is a USD calculator box. Any chance you could add a preference to change it to Euro, too? Also, where are you getting the exchange rate for that?

2. I undestand that you can withdraw from Coinlenders back to inputs.io. You also can send instantly to just-dice, but looks like you can't send back to inputs.io wallet from there. Any plans to allow instant withdrawals from just-dice to inputs.io wallet?

1. Done. See the latest news update

2. Yes, dooglus should support that soon.

Thank you for all the feedback and suggestions. We want to make Inputs even better (not saying we're not already the best wallet out there, heh)

[dillpicklechips]

Very cool site.

A feature that I think would be popular is having a unique inputs.io address for each user. Then inputs.io users can have short little addresses for sending BTC to each other as long as they both have accounts. (Also helps publicity because a side effect will be that people will put input.io addresses in their signature)

I'd love something short like: "h8be"
Then I can say: sent payment to input.io user h8be!

Keep up the good work.

[🏰 TradeFortress 🏰]

Very cool site.

A feature that I think would be popular is having a unique inputs.io address for each user. Then inputs.io users can have short little addresses for sending BTC to each other as long as they both have accounts. (Also helps publicity because a side effect will be that people will put input.io addresses in their signature)

I'd love something short like: "h8be"
Then I can say: sent payment to input.io user h8be!

Keep up the good work.

Implemented usernames!

Mine is gladoscc / https://inputs.io/u/gladoscc

[tinus42]

Looks great. I will consider using this for small payments (I won't use any online service to keep serious amounts of coins).

Would be nice that when sending an amount for the total of the wallet the fee is deducted automatically and you see the max. withdrawable amount so you don't have to use a calculator.

BTW is there also going to be an Android app?

[dillpicklechips]

Any chance of a stats page? I'm most interested in watching off the chain transactions and shared wallet size!