Does anyone know if this is the same format as Electrum? I am away from my laptop or I would check.
I don't think so, Electrum has a more sophisticated deterministic algorithm.
Do you have any plans to implement this? If not what would you consider a decent bounty? I see two very useful use cases for this:
1. Import the master public key for watch only balance/notifications. I *love* the MyWallet service and the iPhone app. Being able to see my balance or if a payment has been confirmed / received is awesome. However this breaks when using Electrum because of the way it handles payments and change addresses. See http://acceptbit.com/
2. Actually importing the wallet seed (hex or mnemonic) and using MyWallet as a backup/clone/whatever. If you go this route please make sure that you don't limit yourself to the seed size that Electrum gives you, it actually supports much bigger seeds (I have successfully feed it a 512 bit seed and it worked).
I'll see what I can do.
Got this interesting error.
Error pushing transaction Error Pushing. Previous Tx is Double Spend 13e4e79afb4eb0f32896c6b611c88b2799f4bf0fa027d6d2e255c39e45f297a0
That transaction was newly generated coins from p2pool.
Any insight whats going on here?
First time i've seen this error message
This is a new error, blockchain will now refuse to relay transactions it deems as double spends. However in your case I think it was erroneously flagging the coinbase transaction as a double spend, it should be fixed now.
I mean, the wallet is synched to your Dropbox, where it is stored only encrypted with your main password. If a keylogger sniffs it, it can then find and decrypt your wallet.
You could setup a dedicated dropbox account. Blockchain should remember your dropbox login details for up to a month so you only need to login once to the dedicated account, mixing the window of opportunity for a keylogger to intercept your password.
But yes the only full-proof way is to keep a backup on an eternal USB drive or a paper wallet.
How hard would it be to write some malware or a browser expoit that would target blockchain.info wallets, duping the user in to entering his password and then stealing the coins?
The malware wouldn't be difficult to write, however getting it on your computer is more difficult. All bitcoin users need to be careful about what programs they install on their PC's. If any malware is installed that is able to modify the html of a page you are viewing virtually nothing is safe (including MT.Gox or other online wallets). The only practical solution to this is Multisig (paper wallets are good as well but not convient for everyday use).
Also, I understand blockchain itself doesn't have the private keys, but if someone manages to hack the server, it would still allow him to obtain the key from the user when he enters it, or not?
This is possible but would be very difficult in practice. There are lots of server side checks to ensure the the correct js is being served, if there are any unexpected file changes I get notified immediately. As hazek mentioned there is also https://www.blockchain.info/wallet/verifier
which is a simple browser extensions that checks that the js being served is identical to the js at https://github.com/blockchain/My-Wallet
The problem is it's not being advertised anywhere.. For instance if you go to blockchain.info and click the wallet link, you can't find the link you posted and I've said this to piuk before but it seems he hasn't had the time or perhaps forgot to address it.
I've added a link to it on the [Account Details] security page.
- SMS Notifications Now available. Currently limited to 5 free SMS's per day, you'll be able to purchase more shortly.
- Lots of bug fixes (Websocket permissions error, Problem with orphaned coinbase transactions, Fix js error in old versions of FF, Fixed blockchain.co.uk redirect (affects facebook), Fixed error on claiming SMS).
- Offering 0.25 BTC bounty for all bug reports. Must be repeatable by me and an expected error.