Bitcoin Forum
July 17, 2019, 01:55:23 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Best practices or guidelines for managing live-service wallets  (Read 877 times)
SikoSoft
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
May 08, 2014, 03:34:02 PM
 #1

Another programmer and myself are in the planning process for setting up a cryptocoin-based betting service. We have a very good idea regarding pretty much... well everything except one major crucial detail: wallet management.

Obviously, because we want to allow people to place bets immediately (without waiting for confirmations) and receive money immediately, this means we'll need to have wallets on our servers.

I was hoping someone who has already tread this scary path has some input regarding the best way to approach this. For example, some of my questions are:

1) is there an optimal ratio of how much of the funds you keep in cold storage versus hot storage?
2) is there a specific wallet format we should use - do we just swing it with the standard QT wallet.dat files? If so, is there a common API that is used to decipher these wallets?
3) is it better to immediately move funds over to one "master" wallet, or is it better in terms of security to keep all the funds in each users' respective wallet?
4) what approach do you use for generating wallet passwords?
5) or... perhaps I am looking at this all wrong and you don't even use wallet files, rather just a collection of public addresses and private keys?

My apologies if I am asking a question I should know the answer to already if I'm considering this, but well... I simply do not know.

Thanks for any advice you may have.
1563371723
Hero Member
*
Offline Offline

Posts: 1563371723

View Profile Personal Message (Offline)

Ignore
1563371723
Reply with quote  #2

1563371723
Report to moderator
1563371723
Hero Member
*
Offline Offline

Posts: 1563371723

View Profile Personal Message (Offline)

Ignore
1563371723
Reply with quote  #2

1563371723
Report to moderator
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563371723
Hero Member
*
Offline Offline

Posts: 1563371723

View Profile Personal Message (Offline)

Ignore
1563371723
Reply with quote  #2

1563371723
Report to moderator
1563371723
Hero Member
*
Offline Offline

Posts: 1563371723

View Profile Personal Message (Offline)

Ignore
1563371723
Reply with quote  #2

1563371723
Report to moderator
1563371723
Hero Member
*
Offline Offline

Posts: 1563371723

View Profile Personal Message (Offline)

Ignore
1563371723
Reply with quote  #2

1563371723
Report to moderator
christopherdebeer
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 04, 2014, 01:26:41 PM
 #2

BTCump
gweedo
Legendary
*
Offline Offline

Activity: 1246
Merit: 1000


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 05, 2014, 06:27:04 AM
 #3

1) is there an optimal ratio of how much of the funds you keep in cold storage versus hot storage?

You should take in some data about the average transaction value you are sending then figure out a good ratio. At first I would do 90% cold, 10% hot.

2) is there a specific wallet format we should use - do we just swing it with the standard QT wallet.dat files? If so, is there a common API that is used to decipher these wallets?

Once you get more and more users, you will have to figure out a good database to hold private keys offline and public addresses online. QT wallets once they get to a huge amount of addresses starts crashing more and becoming slow. This is also why I developed https://apicoin.io as this is a huge problem for bigger companies I seen it first hand with sites I ran, and now I see these huge companies just having to reinvent this over and over.

3) is it better to immediately move funds over to one "master" wallet, or is it better in terms of security to keep all the funds in each users' respective wallet?

Just move it to one wallet. I thinking users will be using your site will be seeing the credits or units of measure on your site, they don't care as long as you have the coins you say you have.

4) what approach do you use for generating wallet passwords?

I don't understand this question, but if you can, keep cold storage in multi-sig addresses and offline.

5) or... perhaps I am looking at this all wrong and you don't even use wallet files, rather just a collection of public addresses and private keys?

This, public addresses in a web database like mysql and private keys offline either in a multi-sig address.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
SikoSoft
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
August 22, 2014, 03:51:24 PM
 #4

Thank you for your very helpful feedback.

This will no doubt help me a lot. I've learned a lot since I last posted this, and you've only confirmed what I've been learning, so thanks. Smiley

As for #4, I'm not positive what I meant when I wrote it, but I think I was talking in terms of like how do you supply entropy for the RNG when generating the address. But I've tried out a NodeJS Bitcoin API and it generates addresses without me feeding it anything, so I think it is taking care of that part for me.

I appreciate your expertise, and thanks for the link to your project; I will check it out!
dexX7
Legendary
*
Offline Offline

Activity: 1106
Merit: 1005



View Profile WWW
August 24, 2014, 01:16:53 AM
 #5

Seperate wallet and website, the later brings a lot of exposure.

Secure the wallet server as much as possible. The only connection that may be established should be between those two servers and the P2P network.

Add guards and failsafes, maximal limits to spent over a given time, alerts and rather be safe, than sorry.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!