Bitcoin Forum
September 23, 2018, 03:21:09 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Idea for "hybrid hosted" wallet  (Read 973 times)
coinsentry
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
June 12, 2014, 07:31:02 AM
 #1

I have an idea for a bitcoin wallet system that works like this:

1. You go to a website. Enter you credit card / pay with bitcoin.
2. Once the card has been charged / the transaction confirms, a new VPS instance is created for you.
3. On that VPS instance, bitcoind, nginx, and the CoinSentry software is installed. (basically a django based web wallet)
4. A domain name is set to that VPS instance (something like bob.coinsentry.com)
5. A SSL cert is installed
6. An email is sent to the user when the server has been built giving them their hostname and login details. Also they get the SSH keys so they can ssh into their newly created VPS instance.

Not the user has a hosted wallet running in their own server. Think something like blockchain.info wallet, but running in their own private server. You get the advantage of a hosted wallet, without giving up your private keys.

The user can change the SSH keys which locks out EVERYBODY to that machine.

The downside to this architecture is that you'd have to pay $5 a month to keep the VPS going. But you'd be the only person using that server, so it would be super fast.

Another problem is making sure no one else can get into the VPS server except for the user. Some VPS providers (such as AWS and Digital Ocean) provide an "out of band" console to the instance, which we would need to disable.

What do you all think? Is this something that sounds interesting? Basically the idea is split into two parts: The VPS creator (which is like a single purpose heroku), and the wallet software itself (which I'm calling CoinSentry). I had the idea for a project using a similar architecture (for performance reasons), but realized that this architecture may also work for a bitcoin wallet as well.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537716069
Hero Member
*
Offline Offline

Posts: 1537716069

View Profile Personal Message (Offline)

Ignore
1537716069
Reply with quote  #2

1537716069
Report to moderator
1537716069
Hero Member
*
Offline Offline

Posts: 1537716069

View Profile Personal Message (Offline)

Ignore
1537716069
Reply with quote  #2

1537716069
Report to moderator
onemorebtc
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


View Profile
June 12, 2014, 07:35:26 AM
 #2

the hoster of the vps has physical access to the machine and can read your keys.

transfer 3 onemorebtc.k1024.de 1
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1470
Merit: 1271


No I dont escrow anymore.


View Profile WWW
June 12, 2014, 08:42:31 AM
 #3

the hoster of the vps has physical access to the machine and can read your keys.

There are also possible side channel attacks from other VM's on the same host.

see here:
https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

Not sure how much bitcoin you need to make this a worthwhile attack. On the other hand I dont see a need for a server wallet anyway. Whats the benefit here?
coinsentry
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
June 15, 2014, 06:34:43 PM
 #4

the hoster of the vps has physical access to the machine and can read your keys.

There are also possible side channel attacks from other VM's on the same host.

see here:
https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf

Not sure how much bitcoin you need to make this a worthwhile attack. On the other hand I dont see a need for a server wallet anyway. Whats the benefit here?

The benefit is that you can access your bitcoin wallet from anywhere.

Blockchain.info is designed so that the private keys are stored in the client's browser and never make it to the server. Some people think this is more secure because blockchain.info never sees the private key, but now the private keys live in your browser's localStorage. Its just as likely to get hacked there is it is to get hacked on blockchain.info

Coin Sentry
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile WWW
June 16, 2014, 05:50:11 PM
 #5

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck
dabura667
Sr. Member
****
Offline Offline

Activity: 478
Merit: 250


View Profile
June 16, 2014, 06:00:10 PM
 #6

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck

Just a heads up to both of you, I have copyrighted "Coin Dysentery" in Zimbabwe.

Just so we all cool, k.

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
Coin Sentry
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile WWW
June 16, 2014, 06:16:41 PM
 #7

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck

Just a heads up to both of you, I have copyrighted "Coin Dysentery" in Zimbabwe.

Just so we all cool, k.

Wink damn that ruins my next plan!
coinsentry
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
June 16, 2014, 06:47:35 PM
 #8

Hey coinsentry,

Just a heads up. You may want to find another name for the product as I have a pending copyright on it. It sounds like a worthwhile idea though.

Goodluck
DAMNIT its a good thing I only registered coinsentry.pw which is only like 3 bucks a year
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 501

a.k.a. gurnec on GitHub


View Profile WWW
June 16, 2014, 09:54:44 PM
 #9

The benefit is that you can access your bitcoin wallet from anywhere.

Blockchain.info is designed so that the private keys are stored in the client's browser and never make it to the server. Some people think this is more secure because blockchain.info never sees the private key, but now the private keys live in your browser's localStorage. Its just as likely to get hacked there is it is to get hacked on blockchain.info

There are some things that sound interesting to me... you get most of the advantages of both running a full node and an SPV or web client (full blockchain validation but lightweight on your client devices).

I'm not sure what you mean with regards to blockchain.info though. Keys are stored encrypted both on their server and in localStorage (but not in RAM). If you enable two factor auth, even the encrypted keys are no longer stored in localStorage by default. Not that it's perfect, in particular their default key stretching is pretty minimal.

Also I wonder how long a $5/mo. DigitalOcean VPS with it's 512M of RAM would take to do the initial blockchain indexing.... you could always beef it up during the initial indexing I suppose.
coinsentry
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
June 17, 2014, 01:15:08 AM
 #10

Here is a screenshot of what I have so far:

http://i.imgur.com/hCMNadds.png

Basically its just a crypto coin price watcher. You can enter a public key and the app will pull the amount (sourced from various block explorer's json api), and the price (sourced from various exchanges json api's) and calculate the total for each wallet entered. I built it with python and django 1.6. I'll put the code up on github probably this weekend. The nest tasks are to implement displaying different fiat currencies (for instance changing the display fiat from USD to EUR or GBP), and to implement this: https://github.com/LazarSoft/jsqrcode

btw I'm calling it "CoinStove" until I can come up with a better name
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!