You think you don't need to trust blockchain.info ? Think again

[realnowhereman]

But I disagree on the safest option to store coins. The safest is to use a full client or light client (light client that doesn't get served any code whatsoever). That's the only way to not have to trust anyone.

"The safest" assuming you are better/equal at security than the guys running the web services.

How many non-techies do you know with computers?  How many of them have had viruses?  Should any of them rely on their local wallet installation to protect them?  Desktop computers are, statistically, far more likely to be compromised than servers.

[1714855693]

1714855693

[1714855693]

1714855693

[1714855693]

1714855693

[1714855693]

1714855693

[cypherdoc]

I don't consider leaving $100k in one bitcoin address a wise security decision, I don't care how "offline" it is. Mistakes happen in the worst ways possible.

what's the difference btwn holding that amount in one vs. many addresses?

[ErebusBat]

I don't consider leaving $100k in one bitcoin address a wise security decision, I don't care how "offline" it is. Mistakes happen in the worst ways possible.

what's the difference btwn holding that amount in one vs. many addresses?

With multiple wallets/addresses you need to capture multiple private keys tO spend the coins. As Ben said: mistakes happen in the worse way. If you only have one address run onmistake and EVERYTHING is gone.

[cypherdoc]

I don't consider leaving $100k in one bitcoin address a wise security decision, I don't care how "offline" it is. Mistakes happen in the worst ways possible.

what's the difference btwn holding that amount in one vs. many addresses?

With multiple wallets/addresses you need to capture multiple private keys tO spend the coins. As Ben said: mistakes happen in the worse way. If you only have one address run onmistake and EVERYTHING is gone.

i think it depends on the situation.

first of all, i'm assuming we're talking about rarely accessed savings wallets here where most of one's coins would be stored as in the $100K example piuk presented.

second, i'm assuming one has enough security knowledge to store these encrypted coins offline.

third, lets ignore rubber hose techniques for now.

thus, in this scenario, it wouldn't matter if one had the $100K worth of coins in one vs. many different addresses as the only possible attack vector would be a brute force attack of SHA 256 which is currently impossible.

[doobadoo]

This is true for all wallets that advertise in-browser cryptography.

They are all vulnerable to code-poisoning when the central server gets compromised.

To properly do javascript cryptography you need to publish a signed browser extension that therefore doesn't get served dynamically and therefore is invulnerable to server-side code-poisoning.

Basically, that means that blockchain.info, strongcoin.com, {insert client-side JS wallet here} is inherently less safe than a standalone client, and not much safer than a hosted wallet.

Thoughts welcome !

It may be better in terms of detection.  If hacked and rooted and poison code sent which scoops up wallet.dat maybe it would be noticed before it got them all.  Hosted wallet, crack the box, get all wallets.  No time to detect and evade.  but you are right, code must be signed.  Maybe an app through the app store?

[doobadoo]

This is true for all wallets that advertise in-browser cryptography.

They are all vulnerable to code-poisoning when the central server gets compromised.

To properly do javascript cryptography you need to publish a signed browser extension that therefore doesn't get served dynamically and therefore is invulnerable to server-side code-poisoning.

Basically, that means that blockchain.info, strongcoin.com, {insert client-side JS wallet here} is inherently less safe than a standalone client, and not much safer than a hosted wallet.

Thoughts welcome !

It may be better in terms of detection.  If hacked and rooted and poison code sent which scoops up wallet.dat maybe it would be noticed before it got them all.  Hosted wallet, crack the box, get all wallets.  No time to detect and evade.  but you are right, code must be signed.  Maybe an app through the app store?

A Hash collision isn't inpossible.  Imagine a noob installing Bitcoin and upon downloading the block chain he sees 20,000 BTC ready to roll in his client?  Will he know what to do?

[Boussac]

I don't consider leaving $100k in one bitcoin address a wise security decision, I don't care how "offline" it is. Mistakes happen in the worst ways possible.

what's the difference btwn holding that amount in one vs. many addresses?

If you only have one address run onmistake and EVERYTHING is gone.

Davout did not say he was using just one address, did he ?
Even he was using one address why would you assume carelessness one his part more than on the part of piuk or any other bitcoin service operators ?
If one does not believe in the possibility to manage safely a cold storage address, one might as well keep using traditional bank services..

[piuk]

Davout did not say he was using just one address, did he ?

He said http://blockchain.info/address/1FrtkNXastDoMAaorowys27AKQERxgmZjY was Instawallet cold storage address.

Even he was using one address why would you assume carelessness one his part more than on the part of piuk or any other bitcoin service operators ?

In my view it's best to plan for the worst - The best laid plans of mice and men often go awry. Bitcoin doesn't exactly have a stelar history of services operators not making mistakes.

Client side encryption puts much less risk on the operator. Individually encrypted wallets, operator has no access to funds, User's balances are stored in the blockchain rather than an SQL db and users can backup their own wallets etc.

[ErebusBat]

After sleeping on this something else has occured to me on the topic.

Certain hosted walelts that "do it right" (namely strongcoin and blockchain.info) may actually be *more* secure for many of the reasons stated in this thread aginst them.

The biggest one, that I have yet to see mentioned, is the isolation imparted by the browser. 

I think it has been hashed to death and we all agree that unless you are implementing your own bitcoin clcient 100% from scratch or you review each and every line of library code each time it changes that you are imparting some level of trust on someone.

In this regard the browser/javascript based wallets are acutally more secure IMHO because they are isolated and can only access the funds I give them the private keys for.  As opposed to a desktop client that feasbly could capture every bit-cent that flowwed through that system.

I just think the whole FUD against the managed wallets (again those who "get it right") is unbiased.  If you want to take a walk down the road of "what could happen if a solution provider woke up evil this mornign" then consider...

Most people install the desktop clients in binary form, and even those who compile their own don't check the source code.  Lets say that the Armory/Electrum/Satoshi (seems how we are picking clients with absolutly no proof or knowledge) developers decided tthey were evil and deployed slightly modified client that say for the enxt six months gathered every private key that ever passed through it, even paper wallets.

Then on a "bitcoin black friday" the evil dooers decided to empty all of those addresses.  Most people wouldn't even know until it was WAY too late, and the few people that were actually taking the propper precautions to prevent this would be inconsiquential compared to the funds they would actually capture.  Furthermore because they are desktop clients there are about 1000 and 1 ways that they could capture the wallet.dat files of other applications and exfiltrate them.

My point is: Unless you are one of a very few people in the community who write this from scratch, you are trusting someone.  That doesn't really matter if you are trusting them to write a library, a desktop client, or a website.

Also web clients have certain features I find very attractive such as:
 - There is no wallet.dat on any of my systems to steal.
 - I have two factor authentication to my wallet, so even if my password if compromised I still have a window of protection from my two factor which would be impossible to do correctly in a non-hosted solution.
 - I have access to my wallet on all of my devices, including my un-jailbroken iDevices.
 - It looks better than any of the other desktop clients I have tried.
 - I don't have to wait 2+ hours for the blockchain to download
 - Payment notifications

These are just a few of the things I can count off the top of my head.  If you decide that you would rather use a desktop client then that is great.  That is the great thing about choice, and we have alot of great (and for the record I believe trustworthy) sources to choose from.  But to spread FUD that is opinionated and uneducated is just irresponsible.

[Boussac]

But to spread FUD that is opinionated and uneducated is just irresponsible.

+1
I could not agree more. It seems that OP was trying to get the message across how relative these different perceptions of trust or trust model are.

Hosted wallets like paytunia or instawallet have been the target of biased and uneducated criticism.

I have said before how damaging it can be for an emerging technology like bitcoin to be subjected to an ideological stance regarding security and trust models when usability and reliability are equally important factors of adoption.

OP does not deserve accusations of being biased or uneducated, quite the opposite.

[davout]

He said http://blockchain.info/address/1FrtkNXastDoMAaorowys27AKQERxgmZjY was Instawallet cold storage address.

I stand by my words. I don't see how spreading the balance among multiple addresses would make the security model any stronger when they're stored in the same bank safe. But that's just my 25000 BTC. Plus I really like the transparency that it provides.

After sleeping on this something else has occured to me on the topic.
[...]
But to spread FUD that is opinionated and uneducated is just irresponsible.

I'm stating precise facts. If a JS wallet operator wakes up one day and decides to steal your funds, he has a variety of options to pick from depending on whether he cares about getting caught or not, whether he has time on his hands or not etc. I think reminding this simple fact is a quite responsible attitude actually, because I believe that people tend to forget it or were never aware of it in the first place.

Stating a fact does not imply making a judgement one way or another.

If you think you do not need to trust the operator of a JS wallet when you use it, then you need to think again. It's not sensationalist, it's not an opinion, it's not a comparison, it's just a fact. It doesn't mean JS wallets are good, bad, better than X or worse than Y, it's just something that I wanted to remind to people who have an interest in JS wallets.

[hazek]

I for one appreciate you highlighting this fact since I was under the mistaken impression I didn't need to trust the operator of for example the blockchain ewallet on any level given the use of local encryption.

So thank you.

[cypherdoc]

this is precisely why some of us like offline solutions like Armory.

[Red Emerald]

I for one appreciate you highlighting this fact since I was under the mistaken impression I didn't need to trust the operator of for example the blockchain ewallet on any level given the use of local encryption.

So thank you.

Maybe piuk should make a link to this page in more places.  https://blockchain.info/wallet/verifier

this is precisely why some of us like offline solutions like Armory.

Armory is a completely different use case than web clients.  I can't use armory from my phone to quickly send funds.

[hazek]

I for one appreciate you highlighting this fact since I was under the mistaken impression I didn't need to trust the operator of for example the blockchain ewallet on any level given the use of local encryption.

So thank you.

Maybe piuk should make a link to this page in more places.  https://blockchain.info/wallet/verifier

Yes absolutely. It's the first time I'm seeing it and I thought I thoroughly explored his site.

[realnowhereman]

He said http://blockchain.info/address/1FrtkNXastDoMAaorowys27AKQERxgmZjY was Instawallet cold storage address.

I stand by my words. I don't see how spreading the balance among multiple addresses would make the security model any stronger when they're stored in the same bank safe. But that's just my 25000 BTC. Plus I really like the transparency that it provides.

What transparency?  Without publishing every account balance, and having every user publicly verify that their balance is listed in that publication, the presence of an address with a balance doesn't tell us anything.  The site operator might have skimmed 10% off the total -- how does publishing the address with 90% of the balance on prove that that hasn't happened?

After sleeping on this something else has occured to me on the topic.
[...]
But to spread FUD that is opinionated and uneducated is just irresponsible.

I'm stating precise facts. If a JS wallet operator wakes up one day and decides to steal your funds, he has a variety of options to pick from depending on whether he cares about getting caught or not, whether he has time on his hands or not etc. I think reminding this simple fact is a quite responsible attitude actually, because I believe that people tend to forget it or were never aware of it in the first place.

None of this conversation is FUD; it's an informative debate.

You've missed out one key option that JS wallets offer and hosted wallets don't: the ability to use exactly the same API as the JS does, but on a custom, unchanging binary.  Just like the blockchain.info app does.

In that case, the fully encrypted data is accessed only by the binary I obtained once and only once; would not be affected by any amount of site compromises and the encrypted wallet can be kept backed up on the device, so even in the event of a malicious site deletion (Bitcoinica anyone?) the wallet is still in my possession.  To me this is the optimum point in the convenience/security trade off.  The wost a compromised site can do is lie about new transactions being received or not received, and not forward transactions issued to its API.  It cannot steal funds from anyone.

If you think you do not need to trust the operator of a JS wallet when you use it, then you need to think again. It's not sensationalist, it's not an opinion, it's not a comparison, it's just a fact. It doesn't mean JS wallets are good, bad, better than X or worse than Y, it's just something that I wanted to remind to people who have an interest in JS wallets.

I don't think that's true; the debate and comparisons going on in this thread definitely are to decide whether JS wallets are better/more secure than a hosted wallet.  It's my opinion that they are.

That doesn't mean every instawallet-like service is a scam or even untrustworthy.

[ErebusBat]

If you think you do not need to trust the operator of a JS wallet when you use it, then you need to think again. It's not sensationalist, it's not an opinion, it's not a comparison, it's just a fact. It doesn't mean JS wallets are good, bad, better than X or worse than Y, it's just something that I wanted to remind to people who have an interest in JS wallets.

I never said you didn't need to trust them, my point was you need to trust the publisher of any client you use.  This fact is no different with a desktop or web based client.

And while your quote above is correct it is also, in my opinion, misleading.  I believe that it implies that you do not have to trust the developers of other bitcoin clients, which is of course not the case at all.

[davout]

I never said you didn't need to trust them, my point was you need to trust the publisher of any client you use.  This fact is no different with a desktop or web based client.

You are correct, however the trust models are quite different for the official client versus a JS wallet.
The official client's code is extensively peer-reviewed and enables multiple different developers to check for the binary hash consistence.
A JS wallet dynamically serves code to you, it opens a LOT more possibilities.

A bitcoin developer cannot wake up one morning and decide he'll steal funds from already installed clients. A JS wallet operator has a variety of options if he wants to do that.

[ErebusBat]

I never said you didn't need to trust them, my point was you need to trust the publisher of any client you use.  This fact is no different with a desktop or web based client.

You are correct, however the trust models are quite different for the official client versus a JS wallet.
The official client's code is extensively peer-reviewed and enables multiple different developers to check for the binary hash consistence.
A JS wallet dynamically serves code to you, it opens a LOT more possibilities.

A bitcoin developer cannot wake up one morning and decide he'll steal funds from already installed clients. A JS wallet operator has a variety of options if he wants to do that.

I would agree with the highlighted statements above.

And for my turn to somewhat spread FUD: I would venture to say that most people don't check the signatures when they download, so they are relying on others to do that for them and check for discrepancies.  Also not all clients either can or do that (Bitcoin-Qt on OSX for one).  So most are just assuming that the clients are valid when we don't really know for sure.

HOWEVER, I believe it is highly unlikely that any well known client developer (or commiter) would sneak in some back-door code to turn on at a later date.  Possibility vs probability.  Now Uncle Jimmy's S00per S3kr1t Wallet on the other I might not trust so much....

[samadamsbeer]

When I goto https://blockchain.info/wallet/ my wallet verifier extension gives the below message?

https://chrome.google.com/webstore/detail/kcapglakfcodkajgllmkiddclghogkic

Message: "*** Serious Error - Javascript inconsistencies found. Maybe malicious - Do not Login! Please contact support@pi.uk.com"

Also in the reviews one of the guy was saying the permissions seemed to have changed on the extension?

What's going on?