Author

Topic: [ALPHA] Double signed wallet with a patternlock (Read 1449 times)

sr. member
Activity: 284
Merit: 250
September 29, 2012, 05:23:38 PM
#13
To fully use the service one has to send BTC to the wallet she generated.
It's worth mentioning that sending BTC to the created multisig address (starting with the 3) is currently supported by:
http://instawallet.org/
satoshi client
(Android) Bitcoin Wallet (2.20)

Sending funds to a multisig address is NOT supported by:
electrum (1.0)
multibit (0.4.10)
bitcoinspinner (0.7.2b)

Grazcoin

bitcoinspinner (0.7.3b) already supports sending funds to multisig address.
example tx sent by the spinner:
http://blockchain.info/tx/368afc1e3be84dd11912c0e90eeacd4395a2d49eddf122d25e3a1aabda5b05f9

so, you can top up your double signed wallet with the spinner now as well.
Grazcoin
sr. member
Activity: 284
Merit: 250
Do not keep more than 42 BTC in a wallet.
I managed to hit the 32 bit bug, since I keep a positive integer for the amount of satoshis.
Fixed.
It was only changing PositiveIntegerField to BigIntegerField in models.py
https://github.com/grazcoin/ubtcbank/commit/24528cf2d2e95fdda4a801cb1e8e169ec3ca76b1
updating in the database:
ALTER TABLE ubtcbank_secureaddr MODIFY balance BIGINT;
ALTER TABLE ubtcbank_txlog MODIFY amount BIGINT;
ALTER TABLE ubtcbank_txlog MODIFY fee BIGINT;
and running syncdb
Grazcoin
sr. member
Activity: 284
Merit: 250
The problem is that the current code uses blockchain.info api, and this is not available for testnet (correct?).

The code uses some api from blockchain.info:
http://blockchain.info/unspent?address=3JEFRC6tuXRjxG6YUDtYzEmYEphf5pb86C
http://blockchain.info/q/pubkeyaddr/12oESJ63gKmf7EtqEdrV7Xnid8dmYTBKE3

any suggestions how to get this info for the testnet?
I could think of reimplementing this api on top of abe blockchain explorer, but I expect it to be a major effort.
sr. member
Activity: 284
Merit: 250
OK, that's a very amateur error :/

Indeed. It is still in first alpha stage, and the code is only few days old.
As the code is open, I expect the bugs to vanish fast.

You would have probably found that a lot quicker running a testnet version.

The testnet Faucet is giving away 500 play bitcoins at a time right now:
  http://testnet.freebitcoins.appspot.com/


That's definitely a good idea.
I will try add also a testnet version in parallel.
The problem is that the current code uses blockchain.info api, and this is not available for testnet (correct?).
It may take some time to set it up.

Grazcoin
legendary
Activity: 1652
Merit: 2301
Chief Scientist
You would have probably found that a lot quicker running a testnet version.

The testnet Faucet is giving away 500 play bitcoins at a time right now:
  http://testnet.freebitcoins.appspot.com/
legendary
Activity: 1795
Merit: 1208
This is not OK.
Warning:
=====
Do not keep more than 42 BTC in a wallet.
I managed to hit the 32 bit bug, since I keep a positive integer for the amount of satoshis.
So, anything more than 42.94967295 BTC may be problematic (and even cause tx fees to be much larger than you expect).
Very good that it was found before any coins got lost ...

A fix will be coming next week (after London bitcoin2012 conference), probably with a short downtime.
No problem to play with lower amounts though.

Grazcoin

OK, that's a very amateur error :/
sr. member
Activity: 284
Merit: 250
Warning:
=====
Do not keep more than 42 BTC in a wallet.
I managed to hit the 32 bit bug, since I keep a positive integer for the amount of satoshis.
So, anything more than 42.94967295 BTC may be problematic (and even cause tx fees to be much larger than you expect).
Very good that it was found before any coins got lost ...

A fix will be coming next week (after London bitcoin2012 conference), probably with a short downtime.
No problem to play with lower amounts though.

Grazcoin
sr. member
Activity: 284
Merit: 250
To fully use the service one has to send BTC to the wallet she generated.
It's worth mentioning that sending BTC to the created multisig address (starting with the 3) is currently supported by:
http://instawallet.org/
satoshi client
(Android) Bitcoin Wallet (2.20)

Sending funds to a multisig address is NOT supported by:
electrum (1.0)
multibit (0.4.10)
bitcoinspinner (0.7.2b)

Grazcoin
sr. member
Activity: 284
Merit: 250
I like the idea of having a savings account that can not be broken into after braking into my laptop. But I wonder if this service is also an additional threat that You loose Your coins by forgetting a pin code. An automated release of the additional security after a certain period [a year] would help to retrieve the funds by people who inherited the access to the primary account.

Although you are advised to keep a paper backup of the secondary key (and then forgetting the pincode is not a big issue, since you can simply recreate the key with a new pincode), losing both the secondary private key and the credentials does not mean you lost your funds.
From the  https://www.ubtcbank.com/faq.html (#12):

I forgot my pincode, my key got disabled and I don't have a backup of the secondary private key. What now?

This is a delicate situation requiring few steps:

*    Send me the primary private key encrypted to grazcoin (at) ubtcbank.com using my gpg key, and a new destination address.
*    First I will send all funds to ubtc main address.
*    If no conflicting claims come within 100 days, I will send the funds minus a fee of 1BTC to the requested new destination address.
*    If there are conflicting claims, I will be the judge or let some other entity serve as a judge. The same fee of 1BTC applies.

As for your suggestion of an "automated release" - this cannot be done, since the service cannot spend the coins without the your primary private key signature.
The above procedure is the secure variant of the "automated release".

Instead of sending the private key, it would be enough to send the following tx signed by your primary key:
"Send the whole sum to 3BTChqkFai51wFwrHSVdvSW9cPXifrJ7jC"
Then the service would sign this tx as well, and the rest of the procedure holds.
I would add an option for creating this tx, for the "I lost everything" case.

Grazcoin
hero member
Activity: 931
Merit: 500
watching
sr. member
Activity: 250
Merit: 250
I like the idea of having a savings account that can not be broken into after braking into my laptop. But I wonder if this service is also an additional threat that You loose Your coins by forgetting a pin code. An automated release of the additional security after a certain period [a year] would help to retrieve the funds by people who inherited the access to the primary account.
sr. member
Activity: 284
Merit: 250
reserved
sr. member
Activity: 284
Merit: 250
Eventually a simple multisig protection to your wallet.
It may save your bitcoins also if your private key is compromised.

The basic service is a free way to secure your wallet using a secondary remote signature, activated by a patternlock
This is an alpha release of the service.

Few links:
https://ubtcbank.com/basic/  - directly the service
https://ubtcbank.com/  - some marketing, example, faq and more
https://github.com/grazcoin/ubtcbank  - the source code

Please your comments.
Grazcoin
Jump to: