Bitcoin Forum
April 23, 2019, 11:17:46 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Alternative clients, risks, pros, cons, security?  (Read 1188 times)
manuel
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
November 11, 2013, 10:43:12 AM
 #1

I'm having trouble understanding what are the security implications of using a light weight client?  Can somebody help clarify or point me to some good reading on the topic?

What I really don't understand are the various warnings given on bitcoin.org for different clients.  Why do some third party clients get a warning and others don't?

Quote
Bitcoin-Qt - Bitcoin-Qt is a full Bitcoin client and builds the backbone of the network. It offers the highest levels of security, privacy, and stability. However, it has fewer features and it takes a lot of space and memory.

OK this is obvious and straight forward.

Quote
MultiBit - MultiBit is a lightweight client that focuses on being fast and easy to use. It synchronizes with the network and is ready to use in minutes. MultiBit also supports many languages. It is a good choice for non-technical users.

What would be the risks of using a "lightweight client" versus the standard client?

Quote
Armory - Armory is an advanced Bitcoin client that expands its features for Bitcoin power users. It offers many backup and encryption features, and it allows secure cold-storage on offline computers.

Is it as secure as the original?  I guess needless to say you must store the blockchain locally if it works offline?


Quote
Bitcoin Wallet - Bitcoin Wallet for Android is easy to use and reliable, while also being secure and fast. Its vision is de-centralization and zero trust: No central service is needed for Bitcoin-related operations. The app is a good choice for non-technical people. It is also available for BlackBerry OS.

Why doesn't this have a warning like the clients below?  Obviously it cannot store the block chain on a phone.  How does it work then?  How can it not rely on any central service?  If it's possible to make a lightweight client that doesn't need a lot of storage or a central service then why are people making clients that rely on central services?

Quote
Mycelium Wallet - This wallet relies on a centralized service by default and requires a certain level of trust on a third party. This third party however does not control your wallet. Using backups and a strong password is always recommended when applicable.

Quote
Electrum - This wallet relies on a centralized service by default and requires a certain level of trust on a third party. This third party however does not control your wallet. Using backups and a strong password is always recommended when applicable.

Quote
Blockchain.info - This wallet relies on a centralized service by default and requires a certain level of trust on a third party. This third party however does not control your wallet. Using backups and a strong password is always recommended when applicable.

Quote
BIPS - Be careful. Web wallets host your bitcoins. That means it is possible for them to lose your bitcoins following any incident on their side. As of today, no web wallet services provide enough insurance to be used to store value like a bank.

Quote
Coinbase - Be careful. Web wallets host your bitcoins. That means it is possible for them to lose your bitcoins following any incident on their side. As of today, no web wallet services provide enough insurance to be used to store value like a bank.
1556061466
Hero Member
*
Offline Offline

Posts: 1556061466

View Profile Personal Message (Offline)

Ignore
1556061466
Reply with quote  #2

1556061466
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1556061466
Hero Member
*
Offline Offline

Posts: 1556061466

View Profile Personal Message (Offline)

Ignore
1556061466
Reply with quote  #2

1556061466
Report to moderator
1556061466
Hero Member
*
Offline Offline

Posts: 1556061466

View Profile Personal Message (Offline)

Ignore
1556061466
Reply with quote  #2

1556061466
Report to moderator
1556061466
Hero Member
*
Offline Offline

Posts: 1556061466

View Profile Personal Message (Offline)

Ignore
1556061466
Reply with quote  #2

1556061466
Report to moderator
Barek
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
November 11, 2013, 12:02:04 PM
 #2

Many questions. I'll get started answering with what I have some experience with.


Quote
Armory - Armory is an advanced Bitcoin client that expands its features for Bitcoin power users. It offers many backup and encryption features, and it allows secure cold-storage on offline computers.

Is it as secure as the original?  I guess needless to say you must store the blockchain locally if it works offline?

Armory interfaces with bitcoind from Bitcoin-Qt, so for that purpose it is like running Bitcoin-Qt, which means storing the full chain and requiring plenty of memory. On top of that, Armory adds additional security features like deterministic wallets and offline signing of transactions. In its current version it is a huge memory hog (you need about 8GB memory), which will be addressed in the next version.

Offline means that you have the option to sign a transaction on a seperate client. To use this feature, you create the transaction on the online client (which has bitcoind running and the full blockchain) by entering recipient and amount. This transaction is then saved to USB stick and can be copied to the offline computer. The idea here is to have a seperate computer, which was never connected to the internet. On this computer the private key was generated and never leaves it. Therefore an adversary would need to physically access the computer and know the passphrase to use the key. After copying the transaction to the offline computer, reviewing it, and signing it, it is again copied to the online computer (via USB stick), to be broadcast to the network. Note that the offline computer does not need a running bitcoind or the blockchain and, therefore, has low system requirements.
ajax3592
Full Member
***
Offline Offline

Activity: 210
Merit: 100

Crypto News & Tutorials - Coinramble.com


View Profile
November 11, 2013, 12:09:11 PM
 #3

Quote
MultiBit - MultiBit is a lightweight client that focuses on being fast and easy to use. It synchronizes with the network and is ready to use in minutes. MultiBit also supports many languages. It is a good choice for non-technical users.

What would be the risks of using a "lightweight client" versus the standard client?

I too have this question.
Plus I would also like to know how to best secure the Multibit wallet, beacuse I dont have a spare computer to store offline wallet.

Crypto news/tutorials >>CoinRamble<<                            >>Netcodepool<<                >>My graphics<<
Barek
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
November 11, 2013, 12:51:41 PM
 #4

The standard client gets much more attention, because there are more developers and users.

With lightweight clients there is always a chance that the parts that were cut out to make the implementation lighter had some sort of use. One example for this is address reuse.  Blockchain.info, for example, sends the change back to the original address. So each spending results in a signature with the same private key. In general, this is fine because each signing also involves a random number. If the RNG is broken (which happened to android devices recently), two random numbers can be very similar. This in turn makes it possible to calculate the private key from two signatures that used the same private key.

Yes, those are some odd circumstances. I'm not saying lightweight clients are bad, but I also would not keep too much money in them.
AndrewWilliams
Full Member
***
Offline Offline

Activity: 182
Merit: 100

Fourth richest fictional character


View Profile
November 11, 2013, 07:32:55 PM
 #5

I use MultiBit and am very satisfied. I could not imagine going back to the default client.


When will someone come out with a multi-coin wallet? One that can hold BTC, LTC, etc.
I'm tired of switching between all the different clients!  Cheesy
mprep
Diamond Member
Global Moderator
Legendary
*
Offline Offline

Activity: 2212
Merit: 1349


In a world of peaches, don't ask for apple sauce


View Profile WWW
November 11, 2013, 07:38:04 PM
 #6

@OP (Don't want to qoute the whole long post to answer only 1 question) The Bitcoin wallet for Android is a lightweight client. I think it only checks the parts of the blockchain that are associated with your addresses. However, don't qoute me on that, there might be someone who might know more about the software.


Advertisment:
▄█████████████████████████▄
███████████████████████████
███████████████▄███████████
██████▀████████████████████
███████████████████████████
▄████▄██████████████▄█████
█████████████████▄██▀███
▀██▄▄███████████████████
████▀██████▄██▄████████████
██▄▄████████████▀██▄██
▀█▀██▀████████████▀████▀

P O K E R

██████
███▀▀▀
███
███




███
███
███▄▄▄
██████
Bad Beat Jackpot
Multiple Clients
New Software
NLH Tournaments
Krill Rakeback
Run It Twice

██████
▀▀▀███
   ███
   ███




   ███
   ███
▄▄▄███
██████

.♣ Play Now! ♣.
Unofficial Bitcointalk API - get posts, boards, topics
Bitcointalk Post Iconizer - custom post editing buttons
|  Services advertised here are not endorsed by me
|  Want to advertise in my signature?
blockgenesis
Sr. Member
****
Offline Offline

Activity: 285
Merit: 250

Bitcoin.org maintainer


View Profile
November 12, 2013, 09:04:08 PM
 #7

Full node clients (Bitcoin-QT / Armory) download the full block chain. They are slower, but they also play a key role, which includes securing lightweight clients.

Lightweight clients (Bitcoin Wallet for Android, Multibit, and soon Hive) use SPV (simplified payment verification), these are also decentralized and only download specific parts of the block chain.
https://en.bitcoin.it/wiki/Thin_Client_Security#Simplified_Payment_Verification_.28SPV.29

Server-trusting clients ( Electrum / Mycelium ), these wallets connect to a remote server that handle the block chain for them, but the wallet is still controlled by the user. Electrum also lets users create their own servers.

Web wallets ( coinbase, BIPS ), are like banks for Bitcoin. They have 100% control over your wallet and must secure all of their users' funds. One huge difference, however, is that there is no security standard / insurance yet, so they still don't provide the basic protections all banks are required to provide.

Hybrid wallets ( blockchain.info ), Hybrid wallets usually are web wallets (no software) for which the private keys are generated locally in your browser, and encrypted before they are stored on the remote server. It's easier to compromise users' wallets by attacking this service than a software wallet, but it's still harder than usual web wallets.

Donation: 18XXXQs1vAQGBAZbXKA322r9Zy1nZac2H4
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!