Topic: Announcing BCCAPI - page 3. (Read 7568 times)

Congrats on the release! Great stuff!

Hmmm. Salted seeds, yummy!

Joke aside: this is awesome, Jan! Hadn't heard of the deterministic wallet idea up until now. It makes huge sense and seems secure to me.

It was clear something like this had to be done. Congrats and a donation for actually doing it!

Sorry, but the answer got quite long, please bear with me.

There is both a passphrase, salt, and a password (or PIN if you like) in play.

First time you start the client it asks for a passphrase and a salt. The passphrase should be long, secret and hard to guess. The salt should be a value that is easy to remember and preferably unique (I suggest you use your email address, which has these properties). The passphrase and salt are used for calculating the seed for a pseudo random number generator (PRNG). This calculation in complex and takes about 2 minutes on a decent Android device, and a few seconds on a standard desktop computer. It is based on Scrypt (http://www.tarsnap.com/scrypt/scrypt.pdf), which is designed for being hard to brute force using dedicated hardware.

Once the seed is calculated we can go ahead and generate private keys using the random generator. The nice thing about the PRNG is that if you use the same seed you generate the same series of keys. So the only thing we need to backup is the seed. Since the seed is generated deterministically from the passphrase and salt we do not need to back it up as long as we can remember those values.

Now, entering the passphrase and salt every time you launch the client is cumbersome, and on a slow device it will take rather long time to calculate the seed. Therefore the SimpleClient asks the user for a password (which could be shorter than the passphrase), which is hashed with the salt and used for encrypting the seed. The encrypted seed is stored on the device along with the salt. Next time the client is launched it simply asks for the password and decrypts the seed.

So how come the password can be shorter than the passphrase? The password can only be attempted brute forced if the seed file is leaked (stored on your device). The seed or passphrase+salt can be attempted brute forced once someone sees one of your transactions. However if the passphrase is long enough and your salt unique it will take until the end of the universe to do so.

Short answer:

• If your passphrase + salt is leaked anyone can get to your bitcoins. (The passphrase is not stored anywhere in the SimpleClient)
• If you password is leaked you are safe as long as your encrypted seed file is safe. Change your password and you are good. (The password is not stored anywhere in the SimpleClient)
• If your encrypted seed file is leaked you have a window to move your coins to another wallet. It will take some time to brute force your password and reach the seed. You need to create a new wallet using a different passphrase.

Using the BCCAPI you can make a client that does not store the seed at all. This is uber secure as everything is handled in memory. However, the user will have to enter the passphrase and salt every time the client is launched, and spend the time it takes to calculate the seed. This could however be an option for a client with two accounts.

• The one with small change, which uses a short password.
• The one with large amounts, which uses a long passphrase + salt.

There's a thread on deterministic wallets. Basically this prevents the lost of wallets as long as you have the original private key, every subsequent key can be regenerated from it, unlike the current process.

The drawback here is the possibility of your transactions being monitored (and possibly abused) once somebody manages to figure out what is yours. As always it's a trade-off between security and convenience.

Hello Jan and congratulations for this project, I'll watch it very close

I would like to better understand this:
While I find this a very intriguing concept, does this means that the password can't be changed?

I mean: if the password is leaked may I simply change the password or the needed procedure is to create another wallet and transfer the funds there?

Thanks

No. At least not yet.My top priority is to get an easy, stable and safe way of handling bitcoins. And who knows, maybe I can make a dime or two on providing this service going forward. As noted on the wiki, my goal is to provide this for free, and running it on donations. If this is not enough for paying the Rackspace bills I may add the option of paying a small fee for getting connected to a priority server, which provides faster/extended service.

Good point. Fixed.

will any server software be released to the public, so we can run internal servers.

You should say "Zero backup needed", otherwise it sounds like a negative point.

now this is exactly what i wanted to be made, and you done it. (although my idea was never original in any way)

Beautiful. Thanks for doing this!

The server side uses BitcoinJ for keeping track of the block chain. While developing the server side I have found a few bugs in BitcoinJ, and have participated in fixing those for everybody's benefit. The server side is however not as clean and well documented as the client side, and I am not ready to make the server side open source. At least not yet.

I've been waiting for somebody to create something like this for a while. I expect that eventually it will be commonplace for people to use clients that are retrieving the blockchain from elsewhere rather than downloading and storing it on their computer.

This looks very interesting! Thanks for releasing this.

Can you say a little bit more about the server side? Is that part open source as well? And is it based on the Satoshi client or have you reimplemented the Bitcoin protocol yourself for the server side?

Thanks, looking forward to some useful clients now.

I've added this to the Bitcoin wiki's client page:

https://en.bitcoin.it/wiki/Software#Bitcoin_clients

I copied and pasted the description you provided here.

Thanks.
There is a text-based client that You can test right away: http://code.google.com/p/bccapi/wiki/SimpleClient

The project is in the beta testing stage. There is a text-based console client implemented on top of the API, which allows you to connect to the production net or test net, and send/receive coins. I know that text-based UI sucks, but UI is not what I am good at. I need an Android developer grab this and make a cool app.

More info: http://code.google.com/p/bccapi/

This looks pretty cool, nice work

I doubt I'll have time to make an Android client from this, but I'd be more than happy to test one!

Great stuff, might be "the thing" to build smartphone apps on. Wallet on the phone with blockchain on server is the best combination IMO. In what stage is this project?