Bitcoin Forum
November 14, 2024, 09:58:31 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: I want a wallet with fixed adress!  (Read 1141 times)
speeder (OP)
Hero Member
*****
Offline Offline

Activity: 994
Merit: 501


PredX - AI-Powered Prediction Market


View Profile
October 03, 2011, 05:15:24 PM
 #1

Hello!

I do not trust my own security, so I want a wallet... Like MyBitcoin was before they turned out scammer...

Can someone recommend one? (hopefully, not a scammer)

BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
October 03, 2011, 05:42:08 PM
 #2

I really like what they are doing over at StrongCoin.com:

All private keys are individually encrypted with passwords of your choosing.
One nice feature is that as you create your passwords it give you an indication of the strength of the password in order to help you pick better passwords.
The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.
You can use StrongCoin to import the value from physical Bitcoins or Bitbill or paper wallets
It allows you to create paper backups of your private keys.
The web site itself is very clean and user friendly.

It is a work in progress but I really like what I see so far.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
captainteemo
Full Member
***
Offline Offline

Activity: 143
Merit: 101


View Profile
October 07, 2011, 09:50:58 PM
 #3

The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.

Already flawed, pack up and go home.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
October 07, 2011, 10:23:11 PM
 #4

Therefore you can unplug your computer from the Internet while you generate you private keys if you want to.  They private keys are then encrypted by a password.  One nice feature is the system helps guide you to a stronger password as you enter your password.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
captainteemo
Full Member
***
Offline Offline

Activity: 143
Merit: 101


View Profile
October 07, 2011, 11:48:30 PM
 #5

Therefore you can unplug your computer from the Internet while you generate you private keys if you want to.  They private keys are then encrypted by a password.  One nice feature is the system helps guide you to a stronger password as you enter your password.

Quote
The web hosts most of the world's new crypto functionality. A significant portion of that crypto has been implemented in Javascript, and is thus doomed. This is an issue worth discussing.

Quote
If you don't trust the network to deliver a password, or, worse, don't trust the server not to keep user secrets, you can't trust them to deliver security code. The same attacker who was sniffing passwords or reading diaries before you introduce crypto is simply hijacking crypto code after you do.

Quote
The problem with running crypto code in Javascript is that practically any function that the crypto depends on could be overridden silently by any piece of content used to build the hosting page.

Quote
“Any attacker who could swipe an unencrypted secret can, with almost total certainty, intercept and alter a web request.”
Quote

Quote
Using in-page Javascript without something to help with verification is untenable from a security perspective.

Having a plugin to verify the code sent from the server which is then used to actually perform the crypto is absurd. It unnecessarily increases the attack surface and complexity in comparison to a plugin that directly performs the crypto.


Quote
there is no reasonable argument that in-page Javascript crypto is useful
dogisland
Sr. Member
****
Offline Offline

Activity: 262
Merit: 250



View Profile
October 10, 2011, 02:25:17 PM
 #6

The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.

Already flawed, pack up and go home.

The Javascript library used to encrypt the keys in StrongCoin is gibberish AES.

Implementing AES means producing the precise ciphertext that the standard mandates for a given plaintext and key; we are talking about exact values, down to the last bit, so the language used to code the algorthm is irrelevant.

The main argument against using Javascript for encryption is that the server could be hacked and the JavaScript changed.

Firstly, StrongCoin is deployed to Heroku, you can read their security policy http://policy.heroku.com/security.

Secondly, I will be shortly implementing a remote service to check any changes to the delivered JavaScript. I can then use PingDom to send me an SMS if the checks fail. That's a check every minute.

StrongCoin is probably the least risky way to store and spend Bitcoins.
pointbiz
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
November 05, 2011, 04:47:46 AM
 #7

you could make a paper wallet at bitaddress.org and to spend the btc you can import the private key to mtgox

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Tuxavant
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1010

Bitcoin Mayor of Las Vegas


View Profile WWW
November 05, 2011, 06:03:47 PM
 #8

bitventory.com looks interesting (like strongcoin, but signable java instead of unsignable javascript).

ThomasV
Legendary
*
Offline Offline

Activity: 1896
Merit: 1353



View Profile WWW
November 05, 2011, 06:08:54 PM
 #9

Hello!

I do not trust my own security, so I want a wallet... Like MyBitcoin was before they turned out scammer...

Can someone recommend one? (hopefully, not a scammer)

what you want is a deterministic wallet. I just released one:
https://bitcointalk.org/index.php?topic=50936.0;topicseen

Electrum: the convenience of a web wallet, without the risks
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!