Bitcoin Forum
November 09, 2024, 03:55:11 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Braincontrol  (Read 1148 times)
Valerian77 (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
February 09, 2014, 10:39:33 PM
Last edit: February 09, 2014, 11:20:00 PM by Valerian77
 #1

Just found this by following Reddit braincontrol.me

This wallet looks pretty cool and judges Apple's Bitcoin ban to what it is - stupid and senseless.
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
February 09, 2014, 10:42:53 PM
 #2

Just found this by following Reddit braincontrol.me

This wallet looks pretty cool and judges Apples stupid to what it is - stupid and senseless.
Very nice.

I hope this project will give a wallet to iphone users.
Apple sux this a lot
befuddled
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
February 09, 2014, 11:30:45 PM
Last edit: February 10, 2014, 12:13:20 AM by befuddled
 #3

I just came here to post about this. I think it is brilliant.

Technically, it's a small step in that it's a twist on the brain wallet. The private keys are not stored anywhere. And yet it's so easy to use and almost foolproof.

In principle I guess it could be vulnerable to a key logger, except that entering the pin is done in the manner of clicking on buttons. I don't know if that's enough to defeat all possible key loggers or not. And the logger would have to be there when the salt is first typed in.

I'm a bit worried that if the particular website that hosts the html5 app goes away (braincontrol.me at the moment), then it would be a bit more work to get the coins back. You have to run the html5 app from the same URL as when you transferred the coins in, since the url is used to create the private key:

<script>
var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin)));
</script>

Not that you couldn't create your own script that hard codes the URL that was used when you transferred the coins in, so as to create the private keys when all the other factors are known.

To me this is starting to look like the secure storage your grandmother could use. Or maybe someone more knowledgable could point out what I'm missing.

Edit: Having read the Reddit thread, I see someone pointed out an obvious vulnerability that didn't occur to me. You have to trust that the html/javascript isn't malicious because it could record/compromise your private key. Doh. Not saying the website creator would do so, but the site could be hacked, obviously.

Maybe what we need is a browser plug-in that performs a checksum/signing on all html and javascript that gets executed so you can see if it changes. Though that might require some independent (trusted) agent to determine that the code is safe at time of signing.



zakoliverz
Hero Member
*****
Offline Offline

Activity: 536
Merit: 500


View Profile
February 18, 2014, 08:45:31 AM
 #4

too bad i cannot use braincontrol anymore.
madzooka
Full Member
***
Offline Offline

Activity: 150
Merit: 100


View Profile
February 24, 2014, 05:45:20 AM
 #5

Accordong the  befuddled's comment  this wallet for me doesn't seem to be good one. Maybe in future the siruation will change

Bytecoin (BCN) - true anonymity, privacy protection and only CPU-mining

Bytecoin address - 21eQrEa2wVcdnf8viyaDu78anS4aX3Kvqiyidan25UBCWRokFoTpAHk6hduLR1oBeJ7Map75dCQv4an r2meEiH4wKc1tbQh
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!