Bitcoin Forum
November 20, 2017, 05:36:57 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: I think I can build a more secure web wallet than any other so far.  (Read 1153 times)
Aleksei Richards
Jr. Member
*
Offline Offline

Activity: 38



View Profile
March 27, 2014, 11:07:34 AM
 #1

If I build the following web wallet, it will be the most secure web wallet currently on the market. Agree or disagree ?

1. The client will be a 1 page backbone.js app deployed directly from the repository on github. The page would be signed with my PGP public key.

Why?

a. Because it would then be possible to write a chrome or firefox plugin to verify the wallet downloaded to your machine corresponds to the code on the repository. Blockchain.info has a form of this already but without the PGP signing.

b. If any third party such as github/cloudflare tampered with the wallet the user would be able to see and flags would be raised.

2. All javascript in plain text and easy to read. (unobfuscated).

Why ? Because the wallet is then open for peer review. Like all solutions that use cryptography peer review is the way to go.

3. No naked private keys stored on the server. No naked keys ever passed to the server.
Why ?


a. Search for “Bitcoin wallet hacked” on google then come back here.
b. Because there is no technical reason why we should ever do this again. And that includes exchanges too.

4. Users shouldn't pick their own passwords.

Why ?

a. Because a lot of users, pick either very week password or re-use passwords on other sites.
b. Because we can then pick passwords with sufficient entropy to properly encrypt private keys.

5. Users should not be able to send coins to the wallet until 2FA is enabled. All operations requiring spends should also be protected with 2FA.

Why ? To defend against malware such as key loggers.

6. A way for users to recover their wallet if the operator goes away.

Recovery procedure should be quick and simple. i.e. electrum passphrase.

1511199417
Hero Member
*
Offline Offline

Posts: 1511199417

View Profile Personal Message (Offline)

Ignore
1511199417
Reply with quote  #2

1511199417
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511199417
Hero Member
*
Offline Offline

Posts: 1511199417

View Profile Personal Message (Offline)

Ignore
1511199417
Reply with quote  #2

1511199417
Report to moderator
1511199417
Hero Member
*
Offline Offline

Posts: 1511199417

View Profile Personal Message (Offline)

Ignore
1511199417
Reply with quote  #2

1511199417
Report to moderator
Cryddit
Legendary
*
Offline Offline

Activity: 840


View Profile
March 27, 2014, 07:17:26 PM
 #2


I don't really understand why anybody uses web wallets. 

Use a local wallet.  Keep it encrypted.  Unencrypted keys are never stored, and keys encrypted or not never leave the local machine.  Keep it on removable media and remove it when you're not using it.  Then just run an OS more secure than Windows to keep keyloggers etc off of it.

Onar
Member
**
Offline Offline

Activity: 84


View Profile
March 27, 2014, 10:22:23 PM
 #3

To become mainstream a simpler solution must be made, to encrypt, save it on external harddisk and use a os securer than windows. This might apply us that are into the technology, but others its to much hasle.


I don't really understand why anybody uses web wallets. 

Use a local wallet.  Keep it encrypted.  Unencrypted keys are never stored, and keys encrypted or not never leave the local machine.  Keep it on removable media and remove it when you're not using it.  Then just run an OS more secure than Windows to keep keyloggers etc off of it.


dewdeded
Legendary
*
Offline Offline

Activity: 1022


Monero Evangelist


View Profile WWW
March 28, 2014, 05:20:45 AM
 #4

So difference vs. blockchain.info is:

- no sending without 2FA
- GPG encryption of password

?
grau
Hero Member
*****
Offline Offline

Activity: 836


bits of proof


View Profile WWW
March 28, 2014, 06:41:23 AM
 #5

If you really after a web wallet, then watch out myTREZOR.

It will be as easy to use as any web application with no sign-up. Your keys will be in your hand, literally, in a high security special purpose device, safe from any hacks.

http://www.bitcointrezor.com/news/2014-02-10-mytrezor-bop-bitcoin-server

Here you have its first public demo in Berlin:
http://vimeo.com/90026733
counter
Hero Member
*****
Offline Offline

Activity: 728


Time is on our side, yes it is!


View Profile
March 28, 2014, 06:48:39 AM
 #6

Well you've got my attention and many others will come I'm sure.  Wallet security is always a good thing and if you can outdo the current top wallets in you opinion I'd like to know more about it.  Subscribed.
jiangkand1
Jr. Member
*
Offline Offline

Activity: 42


View Profile
March 28, 2014, 07:59:23 AM
 #7

Use a local wallet is the safest!

ShareCoin Free and Fair Distribution. SWhFQ1yZzw61ofVfcPErd5BB2Q8Q5zTZau
monsterer
Legendary
*
Offline Offline

Activity: 1008


View Profile
March 28, 2014, 09:34:25 AM
 #8

If your service can withstand someone stealing your wallet.dat file without losing funds, you are headed in the right direction.
timecoin
Member
**
Offline Offline

Activity: 70


View Profile
March 29, 2014, 09:42:15 AM
 #9

Wallet security is always a problem if more secure than it is now purse, I think is definitely good.

serje
Legendary
*
Offline Offline

Activity: 1106


Ibiza baby!


View Profile
March 29, 2014, 09:46:00 AM
 #10

If your service can withstand someone stealing your wallet.dat file without losing funds, you are headed in the right direction.

qt can withstands this as far as I know if you use a nice pass-phrase!

timecoin
Member
**
Offline Offline

Activity: 70


View Profile
March 29, 2014, 01:43:10 PM
 #11

Well you've got my attention and many others will come I'm sure.  Wallet security is always a good thing and if you can outdo the current top wallets in you opinion I'd like to know more about it.  Subscribed.
+1
Agree with what you said, I also very the attention of the wallet safe.

b!z
Legendary
*
Offline Offline

Activity: 1568



View Profile
March 29, 2014, 01:52:04 PM
 #12

If you really after a web wallet, then watch out myTREZOR.

It will be as easy to use as any web application with no sign-up. Your keys will be in your hand, literally, in a high security special purpose device, safe from any hacks.

http://www.bitcointrezor.com/news/2014-02-10-mytrezor-bop-bitcoin-server

Here you have its first public demo in Berlin:
http://vimeo.com/90026733


Agreed. TREZOR and other hardware wallets are strong security made simple, they're what's needed for bitcoin to go mainstream
dexX7
Legendary
*
Offline Offline

Activity: 1050



View Profile WWW
March 29, 2014, 05:21:58 PM
 #13

If you are looking to build a secure wallet, you may take a look at the 2-of-3 multi signature approaches by trustedcoin.com and bitgo.com.

CryptKeeper
Legendary
*
Offline Offline

Activity: 1414


Byteball Community Manager


View Profile WWW
March 29, 2014, 05:33:04 PM
 #14

If you really after a web wallet, then watch out myTREZOR.

It will be as easy to use as any web application with no sign-up. Your keys will be in your hand, literally, in a high security special purpose device, safe from any hacks.

http://www.bitcointrezor.com/news/2014-02-10-mytrezor-bop-bitcoin-server

Here you have its first public demo in Berlin:
http://vimeo.com/90026733


Agreed. TREZOR and other hardware wallets are strong security made simple, they're what's needed for bitcoin to go mainstream

I am really looking forward to the Trezor (I ordered 2 last year) but I think it will not be for everyone. The retail price for this thing is yet TBA and I doubt that it will be anything below $100! Not much for total security if you are a "whale" and have lots of bitcoins in your wallet, but too much for the bitcoin starter.

So there is still room for another "middle security" wallet solution, easy to use for the average joe but still secure enough so that it is not easily hacked.

Follow me on twitter for the latest news on bitcoin and altcoins and I'll follow you back the same day!
Byteball - Smart payments made simple
hjdt4fd1
Newbie
*
Offline Offline

Activity: 28


View Profile
March 30, 2014, 01:55:03 AM
 #15

If you really after a web wallet, then watch out myTREZOR.

It will be as easy to use as any web application with no sign-up. Your keys will be in your hand, literally, in a high security special purpose device, safe from any hacks.

http://www.bitcointrezor.com/news/2014-02-10-mytrezor-bop-bitcoin-server

Here you have its first public demo in Berlin:
http://vimeo.com/90026733


Agreed. TREZOR and other hardware wallets are strong security made simple, they're what's needed for bitcoin to go mainstream

I am really looking forward to the Trezor (I ordered 2 last year) but I think it will not be for everyone. The retail price for this thing is yet TBA and I doubt that it will be anything below $100! Not much for total security if you are a "whale" and have lots of bitcoins in your wallet, but too much for the bitcoin starter.

So there is still room for another "middle security" wallet solution, easy to use for the average joe but still secure enough so that it is not easily hacked.
You're right, now the main wallet is safe and simple to use.

ShareCoin: ST9i672195N9V9rCKxiXBgkL9WphPvbQxT
which2say
Newbie
*
Offline Offline

Activity: 28


View Profile
March 30, 2014, 03:09:41 AM
 #16

If you really after a web wallet, then watch out myTREZOR.

It will be as easy to use as any web application with no sign-up. Your keys will be in your hand, literally, in a high security special purpose device, safe from any hacks.

http://www.bitcointrezor.com/news/2014-02-10-mytrezor-bop-bitcoin-server

Here you have its first public demo in Berlin:
http://vimeo.com/90026733


Agreed. TREZOR and other hardware wallets are strong security made simple, they're what's needed for bitcoin to go mainstream

I am really looking forward to the Trezor (I ordered 2 last year) but I think it will not be for everyone. The retail price for this thing is yet TBA and I doubt that it will be anything below $100! Not much for total security if you are a "whale" and have lots of bitcoins in your wallet, but too much for the bitcoin starter.

So there is still room for another "middle security" wallet solution, easy to use for the average joe but still secure enough so that it is not easily hacked.
You're right, now the main wallet is safe and simple to use.
Only safe and easy to use in order to be widely used, so you have to consider these two questions.

ShareCoin: SehZ7QnVSBbxsQSSDB1UXjYEhbmcmjNCY6
NewLiberty
Legendary
*
Offline Offline

Activity: 1162


Gresham's Lawyer


View Profile WWW
March 30, 2014, 04:02:02 AM
 #17

greenaddress.it is more secure than your suggested method.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
E.exchanger
Hero Member
*****
Offline Offline

Activity: 560


NEED CRYPTO CODER? COIN DEVELOPER? PM ME FOR HELP!


View Profile
March 31, 2014, 01:03:01 AM
 #18

I think using of web wallets can never be safe so i prefer just filling mine with the amount needed at a particular time and for that blockchain is doing well so far, so i guess another online wallet is not what's needed right now. Good luck with your project though and hope to see it soon in action.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!