what is the "scratch"? it's FUD or truth?

[rjk]

Brainstorm:

If the user have zero in his wallet, do not warn that it doesnt have password.

If the user have X amount advice the user to chose a long password they will never forget.
And some advice on how to chose such a password.

If the user have Huge amount of Bitcoins give warnings to encrypt right away?

Question is, what is considered huge and for one user 5 Btc can be much, for another 500 is much.

That's pretty much what I proposed in post 33 up above. ^^

Although I didn't mention the advice on choosing a good password. A strength meter and a reminder to REMEMBER THE DAMN PASSWORD would be appropriate.

[1714064941]

1714064941

[1714064941]

1714064941

[1714064941]

1714064941

[triplehelix]

i don't think i have the most correct answer.  i just think that security isn't as hardened as it could be, and there is at least one area where it could be relatively easily strengthened, and an open discussion would probably be beneficial.

You mean like:

https://bitcointalk.org/index.php?topic=34562.0
  or
https://bitcointalk.org/index.php?topic=19080.80
  or
http://gavinthink.blogspot.com/2011/06/why-arent-bitcoin-wallets-encrypted.html
  or
https://bitcointalk.org/index.php?topic=2574.0

It has been a while since I wrote a "State of Bitcoin Development" update (too busy...), but wallet security was my second priority, behind network stability, the last time I did one. It is still right at the top of my priority list.

would have been really cool if your first post told me the discussion is ongoing, and gave me those links.  your a spokesman for bitcoin.  i know how easy it is to get frustrated and take things personal, but nobody benefits from that kind of reaction.

[Syke]

i think the general population is very much used to entering passwords and remembering them for their bank account, their utility providers, email, netflix, facebook, etc.  i also don't think entering a password is more difficult or off putting than waiting for the blockchain to download.

Because for every one of those examples a password recovery option is available. People use password recoveries all the time. There is no password recovery for an encrypted wallet. Encrypted wallets by default would be a disaster.

[DeathAndTaxes]

Because for every one of those examples a password recovery option is available. People use password recoveries all the time. There is no password recovery for an encrypted wallet. Encrypted wallets by default would be a disaster.

Worse many "casual" users may be confused by the very concept of irrecoverable password.  Since almost no services exist that have irrecoverable passwords casual users likely need an education.  

I would imagine enabling encryption on the 1.0 client would need to be pretty comprehensive.   Something more like a wizard explaining that losing password means a complete and irrecoverable loss of funds and that there is no "forgot password" option.  

It would also be good to:
* compare the user's password against a known password list ("your attempted password is already known to attackers please try another one")
* give the user a password strength meter with practical strengths ("your password can be guessed in less than 4 days by an attacker with a single computer"
* providing a "print out page" for safe keeping (with warnings like store this in a safe, all your funds can be stolen is this document is lost)

It would also be a good idea to provide "popup" warnings with frequency and intrusiveness directly related to the balance.

Gavin is absolutely correct in pointing out Bitcoin is 0.x.  It is 0.x for a reason. 

[Dusty]

Since almost no services exist that have irrecoverable passwords casual users likely need an education.

Nothing educates better than losing a bunch of money 

[MaxSan]

Since almost no services exist that have irrecoverable passwords casual users likely need an education.

Nothing educates better than losing a bunch of money 

Never herd more true words, but sadly any new regulars to bitcoin would be considerably disheartened if they lost a whack of funds, even if it was through their own stupidity.

[cbeast]

I would like to see a physical Bitcoin only option available someday. A client that only works via scanning a barcode or OCR that manages the physical wallets would eliminate the fear of electrons vaporizing due to forgetting a pw.