Bitcoin Forum
December 04, 2016, 04:21:15 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: [ANN] Instawallet will we down for a few hours  (Read 2263 times)
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
April 27, 2012, 04:15:39 PM
 #21

I'd imagine attackers can check bitcoin keys a lot faster than they can try to access instawallets. Short ones will become more vulnerable.

Ah, I was just trying things out and it seems you can't make a new wallet with your own private part anymore? Is that intended?
Yes.

That's part of the security improvements.

1480868475
Hero Member
*
Offline Offline

Posts: 1480868475

View Profile Personal Message (Offline)

Ignore
1480868475
Reply with quote  #2

1480868475
Report to moderator
1480868475
Hero Member
*
Offline Offline

Posts: 1480868475

View Profile Personal Message (Offline)

Ignore
1480868475
Reply with quote  #2

1480868475
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480868475
Hero Member
*
Offline Offline

Posts: 1480868475

View Profile Personal Message (Offline)

Ignore
1480868475
Reply with quote  #2

1480868475
Report to moderator
1480868475
Hero Member
*
Offline Offline

Posts: 1480868475

View Profile Personal Message (Offline)

Ignore
1480868475
Reply with quote  #2

1480868475
Report to moderator
1480868475
Hero Member
*
Offline Offline

Posts: 1480868475

View Profile Personal Message (Offline)

Ignore
1480868475
Reply with quote  #2

1480868475
Report to moderator
mcorlett
Donator
Sr. Member
*
Offline Offline

Activity: 308



View Profile
April 27, 2012, 04:25:02 PM
 #22

I'd imagine attackers can check bitcoin keys a lot faster than they can try to access instawallets. Short ones will become more vulnerable.

Ah, I was just trying things out and it seems you can't make a new wallet with your own private part anymore? Is that intended?
Yes.

That's part of the security improvements.
I'm disappointed. At least allow us to do it at our own risk.

davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
April 27, 2012, 04:45:40 PM
 #23

I'm disappointed. At least allow us to do it at our own risk.
The point is not to protect users against themselves, I hate it when applications try to do that.
The rationale behind it is to protect the backend against malicious input.

That doesn't mean we can't create whatever custom wallet ID you desire for you (and for anyone who requests so) if it makes you happy Cheesy

SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
April 27, 2012, 04:54:36 PM
 #24

I'd imagine attackers can check bitcoin keys a lot faster than they can try to access instawallets. Short ones will become more vulnerable.

Ah, I was just trying things out and it seems you can't make a new wallet with your own private part anymore? Is that intended?
How short are the short ones?

Just make the calculation complex enough to where brute-forcing it would be impossible.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
April 27, 2012, 05:15:03 PM
 #25

Just make the calculation complex enough to where brute-forcing it would be impossible.
Yep, just replace SHA256 by bcrypt in my original idea and we're good to go Smiley

giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
April 27, 2012, 05:28:32 PM
 #26

And regarding the discussions about what would happen in the case Instawallet's service was to be discontinued here's what we would do :
  • A notice would be posted a long time in advance,
  • We would generate a private key for each account, in a publicly documented way, using the wallet URL as seed,
  • We'd compute the public key from the private key,
  • We'd compute the address from the public key,
  • We'd send the balance to this generated address,
  • And that's it!

Now all you'd need to regain control of your coins is to follow the steps using your wallet key, you'll get a private key you can import into any client, or into any service.

Even a user without any technical knowledge could use a third-party service that could perform these steps given a wallet URL, for a fee obviously, but in perfect market conditions, therefore the fee would always be as competitive as possible.

Thoughts ?

That's smart.

It is very smart and only possible with bitcoin. You can go offline without people loosing access to their coins Smiley

I think this is the most noble of all possible solutions. With your solution coins people forgot will really be lost (until computers can brute force those by then weak keys). I guess I would have a problem seeing lost coins and count on x% never asking back their money. Most likely you could even get an insurance for that x% risk.

FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
April 27, 2012, 05:46:32 PM
 #27

I'd imagine attackers can check bitcoin keys a lot faster than they can try to access instawallets. Short ones will become more vulnerable.

Ah, I was just trying things out and it seems you can't make a new wallet with your own private part anymore? Is that intended?
How short are the short ones?

Just make the calculation complex enough to where brute-forcing it would be impossible.

You used to be able to make them 1 character even.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
April 27, 2012, 05:51:17 PM
 #28

I'd imagine attackers can check bitcoin keys a lot faster than they can try to access instawallets. Short ones will become more vulnerable.

Ah, I was just trying things out and it seems you can't make a new wallet with your own private part anymore? Is that intended?
How short are the short ones?

Just make the calculation complex enough to where brute-forcing it would be impossible.

You used to be able to make them 1 character even.
Oh, yeah, that would be a problem indeed.
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
April 27, 2012, 05:55:12 PM
 #29

Oh, yeah, that would be a problem indeed.
Previously these strings were passed as account names to the bitcoin client.
And I think it's wiser not to trust the JSON-RPC API to properly sanitize everything in every possible edge case.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!