Best practices or guidelines for managing live-service wallets

SikoSoft (OP)

Newbie

Offline

Activity: 30
Merit: 0

Best practices or guidelines for managing live-service wallets

May 08, 2014, 03:34:02 PM

Another programmer and myself are in the planning process for setting up a cryptocoin-based betting service. We have a very good idea regarding pretty much... well everything except one major crucial detail: wallet management.

Obviously, because we want to allow people to place bets immediately (without waiting for confirmations) and receive money immediately, this means we'll need to have wallets on our servers.

I was hoping someone who has already tread this scary path has some input regarding the best way to approach this. For example, some of my questions are:

1) is there an optimal ratio of how much of the funds you keep in cold storage versus hot storage?
2) is there a specific wallet format we should use - do we just swing it with the standard QT wallet.dat files? If so, is there a common API that is used to decipher these wallets?
3) is it better to immediately move funds over to one "master" wallet, or is it better in terms of security to keep all the funds in each users' respective wallet?
4) what approach do you use for generating wallet passwords?
5) or... perhaps I am looking at this all wrong and you don't even use wallet files, rather just a collection of public addresses and private keys?

My apologies if I am asking a question I should know the answer to already if I'm considering this, but well... I simply do not know.

Thanks for any advice you may have.

1715504240

Hero Member

Offline

Posts: 1715504240

Ignore

1715504240

1715504240


	Report to moderator

1715504240

Hero Member

Offline

Posts: 1715504240

Ignore

1715504240


	Report to moderator

1715504240

Hero Member

Offline

Posts: 1715504240

Ignore

1715504240


	Report to moderator

Whoever mines the block which ends up containing your transaction will get its fee.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715504240

Hero Member

Offline

Posts: 1715504240

Ignore

1715504240


	Report to moderator

1715504240

Hero Member

Offline

Posts: 1715504240

Ignore

1715504240


	Report to moderator

1715504240

Hero Member

Offline

Posts: 1715504240

Ignore

1715504240


	Report to moderator

christopherdebeer

Newbie

Offline

Activity: 14
Merit: 0

Re: Best practices or guidelines for managing live-service wallets

June 04, 2014, 01:26:41 PM

BTCump

SikoSoft (OP)

Newbie

Offline

Activity: 30
Merit: 0

Re: Best practices or guidelines for managing live-service wallets

August 22, 2014, 03:51:24 PM

Thank you for your very helpful feedback.

This will no doubt help me a lot. I've learned a lot since I last posted this, and you've only confirmed what I've been learning, so thanks.

As for #4, I'm not positive what I meant when I wrote it, but I think I was talking in terms of like how do you supply entropy for the RNG when generating the address. But I've tried out a NodeJS Bitcoin API and it generates addresses without me feeding it anything, so I think it is taking care of that part for me.

I appreciate your expertise, and thanks for the link to your project; I will check it out!

dexX7

Legendary

Offline

Activity: 1106
Merit: 1024

Re: Best practices or guidelines for managing live-service wallets

August 24, 2014, 01:16:53 AM

Seperate wallet and website, the later brings a lot of exposure.

Secure the wallet server as much as possible. The only connection that may be established should be between those two servers and the P2P network.

Add guards and failsafes, maximal limits to spent over a given time, alerts and rather be safe, than sorry.

The Mastercoin faucet | Redeem unspent multisig outputs

Pages: [1]

Bitcoin Forum > Bitcoin > Project Development > Best practices or guidelines for managing live-service wallets

« previous topic next topic »