Pages:
Author

Topic: Announcing BCCAPI - page 3. (Read 7580 times)

legendary
Activity: 1526
Merit: 1134
August 15, 2011, 06:39:07 AM
#21
Congrats on the release! Great stuff!
donator
Activity: 2772
Merit: 1019
August 15, 2011, 03:19:30 AM
#20
Hmmm. Salted seeds, yummy!

Joke aside: this is awesome, Jan! Hadn't heard of the deterministic wallet idea up until now. It makes huge sense and seems secure to me.

It was clear something like this had to be done. Congrats and a donation for actually doing it!

Jan
legendary
Activity: 1043
Merit: 1002
August 15, 2011, 03:00:46 AM
#19
Hello Jan and congratulations for this project, I'll watch it very close Smiley

I would like to better understand this:
Deterministic private keys
While I find this a very intriguing concept, does this means that the password can't be changed?

I mean: if the password is leaked may I simply change the password or the needed procedure is to create another wallet and transfer the funds there?

Thanks

Sorry, but the answer got quite long, please bear with me.

There is both a passphrase, salt, and a password (or PIN if you like) in play.

First time you start the client it asks for a passphrase and a salt. The passphrase should be long, secret and hard to guess. The salt should be a value that is easy to remember and preferably unique (I suggest you use your email address, which has these properties). The passphrase and salt are used for calculating the seed for a pseudo random number generator (PRNG). This calculation in complex and takes about 2 minutes on a decent Android device, and a few seconds on a standard desktop computer. It is based on Scrypt (http://www.tarsnap.com/scrypt/scrypt.pdf), which is designed for being hard to brute force using dedicated hardware.

Once the seed is calculated we can go ahead and generate private keys using the random generator. The nice thing about the PRNG is that if you use the same seed you generate the same series of keys. So the only thing we need to backup is the seed. Since the seed is generated deterministically from the passphrase and salt we do not need to back it up as long as we can remember those values.

Now, entering the passphrase and salt every time you launch the client is cumbersome, and on a slow device it will take rather long time to calculate the seed. Therefore the SimpleClient asks the user for a password (which could be shorter than the passphrase), which is hashed with the salt and used for encrypting the seed. The encrypted seed is stored on the device along with the salt. Next time the client is launched it simply asks for the password and decrypts the seed.

So how come the password can be shorter than the passphrase? The password can only be attempted brute forced if the seed file is leaked (stored on your device). The seed or passphrase+salt can be attempted brute forced once someone sees one of your transactions. However if the passphrase is long enough and your salt unique it will take until the end of the universe to do so.

Short answer:

  • If your passphrase + salt is leaked anyone can get to your bitcoins. (The passphrase is not stored anywhere in the SimpleClient)
  • If you password is leaked you are safe as long as your encrypted seed file is safe. Change your password and you are good. (The password is not stored anywhere in the SimpleClient)
  • If your encrypted seed file is leaked you have a window to move your coins to another wallet. It will take some time to brute force your password and reach the seed. You need to create a new wallet using a different passphrase.

Using the BCCAPI you can make a client that does not store the seed at all. This is uber secure as everything is handled in memory. However, the user will have to enter the passphrase and salt every time the client is launched, and spend the time it takes to calculate the seed. This could however be an option for a client with two accounts.
  • The one with small change, which uses a short password.
  • The one with large amounts, which uses a long passphrase + salt.


newbie
Activity: 42
Merit: 0
August 15, 2011, 02:35:30 AM
#18
Hello Jan and congratulations for this project, I'll watch it very close Smiley

I would like to better understand this:
Deterministic private keys
While I find this a very intriguing concept, does this means that the password can't be changed?

I mean: if the password is leaked may I simply change the password or the needed procedure is to create another wallet and transfer the funds there?

Thanks

There's a thread on deterministic wallets. Basically this prevents the lost of wallets as long as you have the original private key, every subsequent key can be regenerated from it, unlike the current process.

The drawback here is the possibility of your transactions being monitored (and possibly abused) once somebody manages to figure out what is yours. As always it's a trade-off between security and convenience.
hero member
Activity: 731
Merit: 503
Libertas a calumnia
August 15, 2011, 01:38:19 AM
#17
Hello Jan and congratulations for this project, I'll watch it very close Smiley

I would like to better understand this:
Deterministic private keys
While I find this a very intriguing concept, does this means that the password can't be changed?

I mean: if the password is leaked may I simply change the password or the needed procedure is to create another wallet and transfer the funds there?

Thanks
Jan
legendary
Activity: 1043
Merit: 1002
August 15, 2011, 01:11:50 AM
#16
will any server software be released to the public, so we can run internal servers.

No. At least not yet.My top priority is to get an easy, stable and safe way of handling bitcoins. And who knows, maybe I can make a dime or two on providing this service going forward. As noted on the wiki, my goal is to provide this for free, and running it on donations. If this is not enough for paying the Rackspace bills I may add the option of paying a small fee for getting connected to a priority server, which provides faster/extended service.
Jan
legendary
Activity: 1043
Merit: 1002
August 15, 2011, 01:01:08 AM
#15
You should say "Zero backup needed", otherwise it sounds like a negative point.
Good point. Fixed.
sr. member
Activity: 350
Merit: 251
August 14, 2011, 09:00:54 PM
#14
will any server software be released to the public, so we can run internal servers.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
August 14, 2011, 05:09:52 PM
#13
You should say "Zero backup needed", otherwise it sounds like a negative point.
sr. member
Activity: 350
Merit: 251
August 14, 2011, 03:05:31 PM
#12
now this is exactly what i wanted to be made, and you done it. (although my idea was never original in any way)
ffe
sr. member
Activity: 308
Merit: 250
August 14, 2011, 03:01:00 PM
#11
Beautiful. Thanks for doing this!
Jan
legendary
Activity: 1043
Merit: 1002
August 14, 2011, 01:04:50 PM
#10
This looks very interesting! Thanks for releasing this.

Can you say a little bit more about the server side? Is that part open source as well? And is it based on the Satoshi client or have you reimplemented the Bitcoin protocol yourself for the server side?

The server side uses BitcoinJ for keeping track of the block chain. While developing the server side I have found a few bugs in BitcoinJ, and have participated in fixing those for everybody's benefit. The server side is however not as clean and well documented as the client side, and I am not ready to make the server side open source. At least not yet.
newbie
Activity: 14
Merit: 0
August 14, 2011, 06:25:36 AM
#9
I've been waiting for somebody to create something like this for a while. I expect that eventually it will be commonplace for people to use clients that are retrieving the blockchain from elsewhere rather than downloading and storing it on their computer.
jav
sr. member
Activity: 249
Merit: 251
August 14, 2011, 03:14:46 AM
#8
This looks very interesting! Thanks for releasing this.

Can you say a little bit more about the server side? Is that part open source as well? And is it based on the Satoshi client or have you reimplemented the Bitcoin protocol yourself for the server side?
legendary
Activity: 1500
Merit: 1022
I advocate the Zeitgeist Movement & Venus Project.
August 14, 2011, 03:00:37 AM
#7
Thanks, looking forward to some useful clients now.
hero member
Activity: 772
Merit: 501
August 14, 2011, 02:27:44 AM
#6
I've added this to the Bitcoin wiki's client page:

https://en.bitcoin.it/wiki/Software#Bitcoin_clients

I copied and pasted the description you provided here.
Jan
legendary
Activity: 1043
Merit: 1002
August 14, 2011, 01:30:48 AM
#5
This looks pretty cool, nice work Smiley

I doubt I'll have time to make an Android client from this, but I'd be more than happy to test one!

Thanks.
There is a text-based client that You can test right away: http://code.google.com/p/bccapi/wiki/SimpleClient
Jan
legendary
Activity: 1043
Merit: 1002
August 14, 2011, 12:52:32 AM
#4
In what stage is this project?

The project is in the beta testing stage. There is a text-based console client implemented on top of the API, which allows you to connect to the production net or test net, and send/receive coins. I know that text-based UI sucks, but UI is not what I am good at. I need an Android developer grab this and make a cool app.

More info: http://code.google.com/p/bccapi/
sr. member
Activity: 321
Merit: 250
Firstbits: 1gyzhw
August 13, 2011, 04:49:50 PM
#3
This looks pretty cool, nice work Smiley

I doubt I'll have time to make an Android client from this, but I'd be more than happy to test one!
full member
Activity: 196
Merit: 100
August 13, 2011, 04:22:20 PM
#2
Great stuff, might be "the thing" to build smartphone apps on. Wallet on the phone with blockchain on server is the best combination IMO. In what stage is this project?
Pages:
Jump to: