Idea for "hybrid hosted" wallet

[coinsentry]

I have an idea for a bitcoin wallet system that works like this:

1. You go to a website. Enter you credit card / pay with bitcoin.
2. Once the card has been charged / the transaction confirms, a new VPS instance is created for you.
3. On that VPS instance, bitcoind, nginx, and the CoinSentry software is installed. (basically a django based web wallet)
4. A domain name is set to that VPS instance (something like bob.coinsentry.com)
5. A SSL cert is installed
6. An email is sent to the user when the server has been built giving them their hostname and login details. Also they get the SSH keys so they can ssh into their newly created VPS instance.

Not the user has a hosted wallet running in their own server. Think something like blockchain.info wallet, but running in their own private server. You get the advantage of a hosted wallet, without giving up your private keys.

The user can change the SSH keys which locks out EVERYBODY to that machine.

The downside to this architecture is that you'd have to pay $5 a month to keep the VPS going. But you'd be the only person using that server, so it would be super fast.

Another problem is making sure no one else can get into the VPS server except for the user. Some VPS providers (such as AWS and Digital Ocean) provide an "out of band" console to the instance, which we would need to disable.

What do you all think? Is this something that sounds interesting? Basically the idea is split into two parts: The VPS creator (which is like a single purpose heroku), and the wallet software itself (which I'm calling CoinSentry). I had the idea for a project using a similar architecture (for performance reasons), but realized that this architecture may also work for a bitcoin wallet as well.

[onemorebtc]

the hoster of the vps has physical access to the machine and can read your keys.

[shorena]

the hoster of the vps has physical access to the machine and can read your keys.

There are also possible side channel attacks from other VM's on the same host.

see here:
https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

Not sure how much bitcoin you need to make this a worthwhile attack. On the other hand I dont see a need for a server wallet anyway. Whats the benefit here?

[coinsentry]

the hoster of the vps has physical access to the machine and can read your keys.

There are also possible side channel attacks from other VM's on the same host.

see here:
https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

Not sure how much bitcoin you need to make this a worthwhile attack. On the other hand I dont see a need for a server wallet anyway. Whats the benefit here?

The benefit is that you can access your bitcoin wallet from anywhere.

Blockchain.info is designed so that the private keys are stored in the client's browser and never make it to the server. Some people think this is more secure because blockchain.info never sees the private key, but now the private keys live in your browser's localStorage. Its just as likely to get hacked there is it is to get hacked on blockchain.info

[Coin Sentry]

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck

[dabura667]

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck

Just a heads up to both of you, I have copyrighted "Coin Dysentery" in Zimbabwe.

Just so we all cool, k.

[Coin Sentry]

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck

Just a heads up to both of you, I have copyrighted "Coin Dysentery" in Zimbabwe.

Just so we all cool, k.

damn that ruins my next plan!

[coinsentry]

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck

DAMNIT its a good thing I only registered coinsentry.pw which is only like 3 bucks a year

[btchris]

The benefit is that you can access your bitcoin wallet from anywhere.

Blockchain.info is designed so that the private keys are stored in the client's browser and never make it to the server. Some people think this is more secure because blockchain.info never sees the private key, but now the private keys live in your browser's localStorage. Its just as likely to get hacked there is it is to get hacked on blockchain.info

There are some things that sound interesting to me... you get most of the advantages of both running a full node and an SPV or web client (full blockchain validation but lightweight on your client devices).

I'm not sure what you mean with regards to blockchain.info though. Keys are stored encrypted both on their server and in localStorage (but not in RAM). If you enable two factor auth, even the encrypted keys are no longer stored in localStorage by default. Not that it's perfect, in particular their default key stretching is pretty minimal.

Also I wonder how long a $5/mo. DigitalOcean VPS with it's 512M of RAM would take to do the initial blockchain indexing.... you could always beef it up during the initial indexing I suppose.

[coinsentry]

Here is a screenshot of what I have so far:

https://i.imgur.com/hCMNadds.png

Basically its just a crypto coin price watcher. You can enter a public key and the app will pull the amount (sourced from various block explorer's json api), and the price (sourced from various exchanges json api's) and calculate the total for each wallet entered. I built it with python and django 1.6. I'll put the code up on github probably this weekend. The nest tasks are to implement displaying different fiat currencies (for instance changing the display fiat from USD to EUR or GBP), and to implement this: https://github.com/LazarSoft/jsqrcode

btw I'm calling it "CoinStove" until I can come up with a better name