easy?
I carry a blockchain.info wallet on my smartphone with small amounts for payments when an opportunity presents itself.
It was VERY easy.
I didn't think you'd be a fan of blockchain.info or any online wallets. I use blockchain.info for my 'current' account and for daily purchases etc as well. Hasn't failed me yet.
Blockchain.info is a hybrid wallet.
As long as you don't have any malware running on your system and you use a strong enough password, blockchain.info doesn't have access to your private keys or your password.
With blockchain.info you have exclusive control of your private keys. This is the important point in keeping your bitcoins safe. If you don't have exclusive control of the private keys, then you don't really have any bitcoins. If you do have exclusive control, then you are completely responsible for keeping that access secure and for backing up that data to prevent loss.
Lets consider the following imaginary scenario:
- You install Bitcoin Core
- You create your wallet
- You encrypt the wallet.dat file with a strong password
- You store your encypted wallet.dat file on some "cloud drive" (dropbox, google drive, icloud, whatever)
- You delete Bitcoin Core from your computer
Now you have your private keys securely encrypted and stored "online".
Any time you want to access your bitcoins on any computer, you can just:
- Download Bitcoin Core onto that computer
- Wait for it to sync with the blockchain
- Download your encrypted wallet from the online storage
- Decrypt the wallet.dat locally with your password
- Install your wallet.dat in the Bitcoin Core that you just downloaded
- Use Bitcoin Core to send and receive bitcoins
- When you are done, re-encrypt your wallet.dat
- Replace the online storage of your wallet.dat with the updated one
- Delete Bitcoin Core from the computer you are using
And there you have it, Bitcoin Core
IS an online wallet (as long as you download a new copy every time you use it and you store your wallet.dat encrypted online).
This is essentially what blockchain.info is doing.
When you go to their website, you download wallet software into your browser which runs locally on your computer (much like downloading Bitcoin Core every time you want to use it in my imaginary example). Then you download a copy of your private keys that blockchain.info stores for you in encrypted form.
When you type your password, it is not sent to blockchain.info. Instead it is used locally by the software that was downloaded from the website to decrypt your private keys in your computer. If you add any new addresses, they are encrypted locally on your computer with the same password and then sent (in encrypted form) to blockchain.info to be stored for you.
When you send a transaction, blockchain.info sends the information about the unspent outputs down to your browser, and the software running on your computer creates and signs the transaction locally on your computer.
The main risk that you take, (other than malware running on your computer) is that blockchain.info could lie to you about the unspent outputs in your wallet. In other words, they could fool you into believing that you received bitcoins from them (or from people that they are colluding with) that they never really sent. They can do this because the software that is running in your browser gets its list of unspent outputs from them without verifying the validity through the entire blockchain. Of course, a quick check with other trusted block explorers whenever accepting bitcoins is an easy way to make sure that they haven't done that.
