[2014-08-07] CD - RushWallet Delivers Fast, Frictionless and Login-Free Bitcoin

[Kprawn]

http://www.coindesk.com/rushwallet-delivers-fast-frictionless-login-free-bitcoin-wallets/

My concerns ----> "Created in 2011, Instawallet had over 1 million accounts and was once lauded by bitcoin developers for its ability to quickly create and use bitcoin addresses. But, a 2013 hack saw it fraudulently relieved of all user funds.
 
Hackers were able to gain access to users’ secret URLs, which were stored online. Instawallet later replaced most users’ balances after a 90-day claims process."

[1714164240]

1714164240

[southern]

http://www.coindesk.com/rushwallet-delivers-fast-frictionless-login-free-bitcoin-wallets/

My concerns ----> "Created in 2011, Instawallet had over 1 million accounts and was once lauded by bitcoin developers for its ability to quickly create and use bitcoin addresses. But, a 2013 hack saw it fraudulently relieved of all user funds.
 
Hackers were able to gain access to users’ secret URLs, which were stored online. Instawallet later replaced most users’ balances after a 90-day claims process."

Doesnt seem very secure to me, but looks good.

[elliwilli]

Looks sexy as hell but it has a bad history, i will probably use it for a small hot wallet as i love the UI but i wont hold anything big in it.

[betafall]

Instawallet and Rushwallet have nothing to do with each other expect for being instant wallets. I think you misunderstood that they are related in some way beyond that.

RushWallet is a product of KryptoKit and is more secure than InstaWallet in two specific ways:

1. Funds are stored client side, not server-side.
2. The private key is stored in the URL after the hashtag. By HTTP standards, that part of the URL is not sent to the server when you make a request; it remains purely client-side, so the server never sees what any of the private keys are.

[Kprawn]

" The private key is stored in the URL after the hashtag. By HTTP standards, ...."

There is no way, that this is secure enough to hold any of my coins. One "Screen capture" and you have the private key. No other hacking / bruteforcing passwords or keyloggers needed.

Nope, sorry .... I will not use this for "store value" It's a toy to be used for education on how not to store your coins.

[CIYAM]

" The private key is stored in the URL after the hashtag. By HTTP standards, ...."

There is no way, that this is secure enough to hold any of my coins. One "Screen capture" and you have the private key. No other hacking / bruteforcing passwords or keyloggers needed.

I'd have to agree that this seems like a very bad idea when it comes to securing bitcoins.

[LiteCoinGuy]

could be okay for pocket money

[medicine]

I had an Instawallet back in the day and I would like a much more detailed explanation of the security before I used Rush Wallet.
Does anyone have a link to the details explaining the cryptography and hashing/private key movement?

Thanks

[rushwallet]

http://www.coindesk.com/rushwallet-delivers-fast-frictionless-login-free-bitcoin-wallets/

My concerns ----> "Created in 2011, Instawallet had over 1 million accounts and was once lauded by bitcoin developers for its ability to quickly create and use bitcoin addresses. But, a 2013 hack saw it fraudulently relieved of all user funds.
 
Hackers were able to gain access to users’ secret URLs, which were stored online. Instawallet later replaced most users’ balances after a 90-day claims process."

Please know that RushWallet is not in any way related to Instawallet.

RushWallet is more secure than InstaWallet in two specific ways:

Funds are stored client side, not server-side. Meaning that RushWallet neither holds, nor has access to users wallets or bitcoin.

The private key is stored in the URL after the hashtag. By HTTP standards, that part of the URL is not sent to the server when you make a request; it remains purely client-side, so the server never sees what any of the private keys are.

You can add an encrypted password in the URL should you so choose meaning that you'd have to enter a password every time you open your wallet.

Check out this reddit post http://www.reddit.com/r/Bitcoin/comments/2cvr33/rushwallet_by_kryptokit_finally_an_easy_way_to/

And here's the official BitcoinTalk thread. https://bitcointalk.org/index.php?topic=730490.0

[bryant.coleman]

Never trust these people. I lost a few mBTCs when Instawallet closed down. I am not falling in to these sort of traps ever again. For me, the only reliable online wallet is Blockchain.info. That said, I am only keeping less than 1% of my stash with online wallets. The remainder is safely stored in various offline wallets, including paper wallets and USB sticks.

[adamas]

I couldn't figure out how to create a password protected brainwallet.

I believe there is a checkbox when you first visit the site and are creating a random number with your mouse.

  Yes, but how to create a passsword protected brainwallet with an own passphrase?
  www.rushwallet.com/#*my pass phrase*!password