Blockchain.info - where are the private keys?

[mikewirth]

So when I 'import' an address, I have to put my private key into a textbox.  Does this private key leave my machine and go out on the Internet?  Blockchain clearly says they don't keep private keys.  So where does this private key 'live' after I import an address into Blockchain.info wallet?

[1714005243]

1714005243

[1714005243]

1714005243

[1714005243]

1714005243

[DannyHamilton]

So when I 'import' an address, I have to put my private key into a textbox.  Does this private key leave my machine and go out on the Internet?

Yes, but as long as blockchain.info is working properly it should be encrypted before it is sent out.

Blockchain clearly says they don't keep private keys.

Where does it say that?  I'm nearly certain that blockchain.info stores all the private keys in encrypted form.

So where does this private key 'live' after I import an address into Blockchain.info wallet?

Unless they've changed their service recently (and I don't think they have), the private key is encrypted with your password in your browser, then the encrypted private key is sent to their servers where it is stored in their database.

Whenever you want to spend any bitcoins that require that private key, the encrypted form of it is sent from their database back to your browser where it is decrypted with your password and used to create the transaction.

[mikewirth]

So when I 'import' an address, I have to put my private key into a textbox.  Does this private key leave my machine and go out on the Internet?

Yes, but as long as blockchain.info is working properly it should be encrypted before it is sent out.

Blockchain clearly says they don't keep private keys.

Where does it say that?  I'm nearly certain that blockchain.info stores all the private keys in encrypted form.

So where does this private key 'live' after I import an address into Blockchain.info wallet?

Unless they've changed their service recently (and I don't think they have), the private key is encrypted with your password in your browser, then the encrypted private key is sent to their servers where it is stored in their database.

Whenever you want to spend any bitcoins that require that private key, the encrypted form of it is sent from their database back to your browser where it is decrypted with your password and used to create the transaction.

So if they keep private keys (in encrypted form), why haven't they been hacked.  It seems like they'd have a shitload of keys and after someone got those they'd have very little trouble 'guessing' passwords against them.  Are you sure they keep private keys in their database?  Seems like a very big target to me.

[DannyHamilton]

So if they keep private keys (in encrypted form), why haven't they been hacked.  It seems like they'd have a shitload of keys and after someone got those they'd have very little trouble 'guessing' passwords against them.  Are you sure they keep private keys in their database?  Seems like a very big target to me.

On many occasions in the past people that have used weak passwords have had their blockchain.info wallets emptied by hackers, and those with strong passwords have had their blockchain.info wallet emptied by malicious browser plug-ins.

It happened right in front of me once:

https://bitcointalk.org/index.php?topic=602250.0

You can see here (from the https://blockchain.info/wallet webpage) that they are still storing the encrypted private keys in their database:

[instagibbs]

So if they keep private keys (in encrypted form), why haven't they been hacked.  It seems like they'd have a shitload of keys and after someone got those they'd have very little trouble 'guessing' passwords against them.  Are you sure they keep private keys in their database?  Seems like a very big target to me.

You're 100% right. bc.info is not a safe wallet. Javascript/password based wallets are dangerous, and bc.info doesn't have a great track record.

[TrianglePythagoras]

Browser plugins? Flip shit. I go crazy installing random plug ins

[mikewirth]

Browser plugins? Flip shit. I go crazy installing random plug ins

I know right?  Every time I see: "do you want to install xxxxx plugin?" all I see is: "would you like to send naked pictures of your famous wife to TMZ?"  How can you trust ANY plugin?  They all are trying to get your keys.

[foxkyu]

Browser plugins? Flip shit. I go crazy installing random plug ins

I know right?  Every time I see: "do you want to install xxxxx plugin?" all I see is: "would you like to send naked pictures of your famous wife to TMZ?"  How can you trust ANY plugin?  They all are trying to get your keys.

so the problem is in your browser plugin
just delete unused plugin, that's very dangerous..
if you still see that message try to install another browser
btw, can you tell me what plugin? so i will be more carefull