mskryxz (OP)
|
|
January 03, 2014, 06:11:26 AM |
|
Basically it uses 3 private keys. 1 online say like codebase Your password or on your computer And a 3rd that you can print out or store offline You only need 2 to make a transaction But if coinbase gets hacked, the hacker would need your key so it makes it impossible Even if they hacked your computer, then they'd need the offline key or codebase key I suck at explaining it but just go here https://www.bitgo.com/p2sh_safe_address
|
|
|
|
empoweoqwj
|
|
January 03, 2014, 11:02:21 AM |
|
Get it independently audited by a security expert, and publish the report I mean that in all seriousness. Every one claims their wallet is super-secure, history proves otherwise in many cases ...
|
|
|
|
mbelshe
Newbie
Offline
Activity: 36
Merit: 0
|
|
January 03, 2014, 04:47:12 PM |
|
Get it independently audited by a security expert, and publish the report I mean that in all seriousness. Every one claims their wallet is super-secure, history proves otherwise in many cases ... This is excellent advice :-) I'm the creator of BitGo, so I know I am biased. For what it is worth, we've already done a full external security audit (expensive!) of the software both client and server side. The operational engineering that has gone into BitGo is also atypical and has been designed from the ground up for bitcoin security. We'll be doing another audit in the not-too-distant future. Peer reviews and security reviews are absolutely essential. I would never be so foolish as to claim that anything is impervious. But the concepts that we've pioneered in the BitGo architecture have held up to scrutiny so far. Hopefully these concepts are just a better starting point for anyone building a new wallet going forward. We love feedback, we know we're not perfect, and we will take seriously any potential exploits or vulnerabilities. Don't hesitate to reach out to me personally if you have any issues. Mike Belshe --- CTO & CoFounder, BitGo, Inc mike@belshe.commike@bitgo.com
|
|
|
|
guybrushthreepwood
Legendary
Offline
Activity: 1232
Merit: 1195
|
|
January 03, 2014, 04:54:25 PM |
|
This is an online wallet?
|
|
|
|
CoinPurse
Newbie
Offline
Activity: 8
Merit: 0
|
|
January 03, 2014, 05:28:50 PM |
|
Get it independently audited by a security expert, and publish the report I mean that in all seriousness. Every one claims their wallet is super-secure, history proves otherwise in many cases ... This is excellent advice :-) I'm the creator of BitGo, so I know I am biased. For what it is worth, we've already done a full external security audit (expensive!) of the software both client and server side. The operational engineering that has gone into BitGo is also atypical and has been designed from the ground up for bitcoin security. We'll be doing another audit in the not-too-distant future. Peer reviews and security reviews are absolutely essential. I would never be so foolish as to claim that anything is impervious. But the concepts that we've pioneered in the BitGo architecture have held up to scrutiny so far. Hopefully these concepts are just a better starting point for anyone building a new wallet going forward. We love feedback, we know we're not perfect, and we will take seriously any potential exploits or vulnerabilities. Don't hesitate to reach out to me personally if you have any issues. Mike Belshe --- CTO & CoFounder, BitGo, Inc mike@belshe.commike@bitgo.comA 2 of 3 wallet is an excellent idea! Kudos Mike! I would suggest using crowd spring or some other design service to spruce up the design and stock images on BitGo. Other than that the theory looks quite sound.
|
|
|
|
empoweoqwj
|
|
January 04, 2014, 03:42:13 AM |
|
Get it independently audited by a security expert, and publish the report I mean that in all seriousness. Every one claims their wallet is super-secure, history proves otherwise in many cases ... This is excellent advice :-) I'm the creator of BitGo, so I know I am biased. For what it is worth, we've already done a full external security audit (expensive!) of the software both client and server side. The operational engineering that has gone into BitGo is also atypical and has been designed from the ground up for bitcoin security. We'll be doing another audit in the not-too-distant future. Peer reviews and security reviews are absolutely essential. I would never be so foolish as to claim that anything is impervious. But the concepts that we've pioneered in the BitGo architecture have held up to scrutiny so far. Hopefully these concepts are just a better starting point for anyone building a new wallet going forward. We love feedback, we know we're not perfect, and we will take seriously any potential exploits or vulnerabilities. Don't hesitate to reach out to me personally if you have any issues. Mike Belshe --- CTO & CoFounder, BitGo, Inc mike@belshe.commike@bitgo.comThat sounds excellent Mike, great response My only other "advise" is that you should publish any company details about yourself. There are so many "one-man ops" in bitcoinland, some aren't even registered companies. The more you share about yourself, the more trust you engender.
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
January 04, 2014, 09:18:41 AM |
|
People are still using web wallets really? Did we not learn from instawallet, inputs.io, and blockchain.info. I see a couple problems with this one. How are they generating the 3 keys? If it isn't client side, it isn't safe. If they are holding on to the 3 keys even indirectly they are not safe. It isn't open source, so there is no way to verify or run this services on my own. Also all web wallets will be consider not safe until they implement trezor support.
So again don't use web wallets none of them are safe unless you are using a trezor or hardware option to sign the transaction.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3934
Merit: 2676
Join the world-leading crypto sportsbook NOW!
|
|
January 04, 2014, 10:27:03 AM |
|
People are still using web wallets really? Did we not learn from blockchain.info.
What's wrong with blockchain.info?
|
|
|
|
empoweoqwj
|
|
January 04, 2014, 01:18:15 PM |
|
People are still using web wallets really? Did we not learn from instawallet, inputs.io, and blockchain.info. I see a couple problems with this one. How are they generating the 3 keys? If it isn't client side, it isn't safe. If they are holding on to the 3 keys even indirectly they are not safe. It isn't open source, so there is no way to verify or run this services on my own. Also all web wallets will be consider not safe until they implement trezor support.
So again don't use web wallets none of them are safe unless you are using a trezor or hardware option to sign the transaction.
Yeah, not being open source is a big turn off.
|
|
|
|
bryant.coleman
Legendary
Offline
Activity: 3738
Merit: 1217
|
|
January 04, 2014, 02:34:42 PM |
|
I don't get it. Only 2 FA is needed for transactions. So if someone hacks in to an account he can withdraw the coins with just 2 passwords, right?
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
January 04, 2014, 03:23:08 PM |
|
People are still using web wallets really? Did we not learn from instawallet, inputs.io, and blockchain.info. I see a couple problems with this one. How are they generating the 3 keys? .
yep and there will always people who do this. you could say it every day and still people would store them online. i guess someday there will be an online wallet with high security AND insurance over the funds, maybe then you could store them online (but i wouldnt do that).
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
January 04, 2014, 06:11:58 PM |
|
I don't get it. Only 2 FA is needed for transactions. So if someone hacks in to an account he can withdraw the coins with just 2 passwords, right?
What about the people who run the service? This is where things like trezor will solve, and 2FA is a just a false sense of security for that attack.
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
January 04, 2014, 06:15:09 PM |
|
People are still using web wallets really? Did we not learn from blockchain.info.
What's wrong with blockchain.info? People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3934
Merit: 2676
Join the world-leading crypto sportsbook NOW!
|
|
January 04, 2014, 07:48:23 PM |
|
People are still using web wallets really? Did we not learn from blockchain.info.
What's wrong with blockchain.info? People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet. I think blockchain.info will probably be safer for a newb who doesn't really know waht they're doing, as long as they set up all the security features; 2 factor auth and a second password etc.
|
|
|
|
empoweoqwj
|
|
January 05, 2014, 03:05:52 AM |
|
Same advice as always for me. Keep as little as possible online, and use 2fa. I don't care what security features are promoted with web wallets, most of your coins should be safely offline.
|
|
|
|
charleshoskinson
Legendary
Offline
Activity: 1134
Merit: 1008
CEO of IOHK
|
|
January 05, 2014, 03:08:39 AM |
|
I'm the creator of BitGo, so I know I am biased. For what it is worth, we've already done a full external security audit (expensive!) of the software both client and server side. The operational engineering that has gone into BitGo is also atypical and has been designed from the ground up for bitcoin security. We'll be doing another audit in the not-too-distant future. Peer reviews and security reviews are absolutely essential.
Who did your full audit. I am looking for an auditor myself and it would be nice to grab someone who is now familiar with Bitcoin
|
The revolution begins with the mind and ends with the heart. Knowledge for all, accessible to all and shared by all
|
|
|
buumraw
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 05, 2014, 03:12:40 AM |
|
is that a new online bitcoin wallet?
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
January 05, 2014, 03:31:37 AM |
|
People are still using web wallets really? Did we not learn from blockchain.info.
What's wrong with blockchain.info? People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet. I think blockchain.info will probably be safer for a newb who doesn't really know waht they're doing, as long as they set up all the security features; 2 factor auth and a second password etc. Local clients are better for newbies, but lets be honest we need to teach newbies about all forms of security cause many sites use 2FA they should learn it now. What it is and how it helps from hackers but not backend hackers.
|
|
|
|
empoweoqwj
|
|
January 05, 2014, 04:10:31 AM |
|
People are still using web wallets really? Did we not learn from blockchain.info.
What's wrong with blockchain.info? People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet. I think blockchain.info will probably be safer for a newb who doesn't really know waht they're doing, as long as they set up all the security features; 2 factor auth and a second password etc. Local clients are better for newbies, but lets be honest we need to teach newbies about all forms of security cause many sites use 2FA they should learn it now. What it is and how it helps from hackers but not backend hackers. backend hackers or site owners that just run off with all the coins ......
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
January 05, 2014, 04:22:03 AM |
|
People are still using web wallets really? Did we not learn from blockchain.info.
What's wrong with blockchain.info? People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet. I think blockchain.info will probably be safer for a newb who doesn't really know waht they're doing, as long as they set up all the security features; 2 factor auth and a second password etc. Local clients are better for newbies, but lets be honest we need to teach newbies about all forms of security cause many sites use 2FA they should learn it now. What it is and how it helps from hackers but not backend hackers. backend hackers or site owners that just run off with all the coins ...... I put them in the backend hackers that have access to the machine.
|
|
|
|
|