Author

Topic: Blockchain.info - where are the private keys? (Read 2564 times)

hero member
Activity: 938
Merit: 1000
February 24, 2015, 11:10:37 AM
#8
Browser plugins? Flip shit. I go crazy installing random plug ins
I know right?  Every time I see: "do you want to install xxxxx plugin?" all I see is: "would you like to send naked pictures of your famous wife to TMZ?"  How can you trust ANY plugin?  They all are trying to get your keys.
so the problem is in your browser plugin
just delete unused plugin, that's very dangerous..
if you still see that message try to install another browser
btw, can you tell me what plugin? so i will be more carefull
sr. member
Activity: 532
Merit: 250
February 23, 2015, 01:07:30 PM
#7
Browser plugins? Flip shit. I go crazy installing random plug ins
I know right?  Every time I see: "do you want to install xxxxx plugin?" all I see is: "would you like to send naked pictures of your famous wife to TMZ?"  How can you trust ANY plugin?  They all are trying to get your keys.
sr. member
Activity: 274
Merit: 250
February 23, 2015, 11:09:24 AM
#6
Browser plugins? Flip shit. I go crazy installing random plug ins
member
Activity: 114
Merit: 12
February 23, 2015, 10:40:32 AM
#5

So if they keep private keys (in encrypted form), why haven't they been hacked.  It seems like they'd have a shitload of keys and after someone got those they'd have very little trouble 'guessing' passwords against them.  Are you sure they keep private keys in their database?  Seems like a very big target to me.


You're 100% right. bc.info is not a safe wallet. Javascript/password based wallets are dangerous, and bc.info doesn't have a great track record.
legendary
Activity: 3472
Merit: 4801
February 23, 2015, 10:22:27 AM
#4
So if they keep private keys (in encrypted form), why haven't they been hacked.  It seems like they'd have a shitload of keys and after someone got those they'd have very little trouble 'guessing' passwords against them.  Are you sure they keep private keys in their database?  Seems like a very big target to me.

On many occasions in the past people that have used weak passwords have had their blockchain.info wallets emptied by hackers, and those with strong passwords have had their blockchain.info wallet emptied by malicious browser plug-ins.

It happened right in front of me once:

https://bitcointalksearch.org/topic/stolen-bitcoins-help-602250

You can see here (from the https://blockchain.info/wallet webpage) that they are still storing the encrypted private keys in their database:

sr. member
Activity: 532
Merit: 250
February 23, 2015, 10:00:45 AM
#3
So when I 'import' an address, I have to put my private key into a textbox.  Does this private key leave my machine and go out on the Internet?

Yes, but as long as blockchain.info is working properly it should be encrypted before it is sent out.

Blockchain clearly says they don't keep private keys.

Where does it say that?  I'm nearly certain that blockchain.info stores all the private keys in encrypted form.

So where does this private key 'live' after I import an address into Blockchain.info wallet?

Unless they've changed their service recently (and I don't think they have), the private key is encrypted with your password in your browser, then the encrypted private key is sent to their servers where it is stored in their database.

Whenever you want to spend any bitcoins that require that private key, the encrypted form of it is sent from their database back to your browser where it is decrypted with your password and used to create the transaction.

So if they keep private keys (in encrypted form), why haven't they been hacked.  It seems like they'd have a shitload of keys and after someone got those they'd have very little trouble 'guessing' passwords against them.  Are you sure they keep private keys in their database?  Seems like a very big target to me.
legendary
Activity: 3472
Merit: 4801
February 23, 2015, 09:48:22 AM
#2
So when I 'import' an address, I have to put my private key into a textbox.  Does this private key leave my machine and go out on the Internet?

Yes, but as long as blockchain.info is working properly it should be encrypted before it is sent out.

Blockchain clearly says they don't keep private keys.

Where does it say that?  I'm nearly certain that blockchain.info stores all the private keys in encrypted form.

So where does this private key 'live' after I import an address into Blockchain.info wallet?

Unless they've changed their service recently (and I don't think they have), the private key is encrypted with your password in your browser, then the encrypted private key is sent to their servers where it is stored in their database.

Whenever you want to spend any bitcoins that require that private key, the encrypted form of it is sent from their database back to your browser where it is decrypted with your password and used to create the transaction.
sr. member
Activity: 532
Merit: 250
February 23, 2015, 09:40:51 AM
#1
So when I 'import' an address, I have to put my private key into a textbox.  Does this private key leave my machine and go out on the Internet?  Blockchain clearly says they don't keep private keys.  So where does this private key 'live' after I import an address into Blockchain.info wallet?
Jump to: