Topic: BTCapsule is a Bitcoin Time Capsule to leave your private keys as an inheritance - page 2. (Read 538 times)

How can be you sure that is your features extremely hard to find? have you ever had a third party do the test?
I'm not going to cast doubt on your ability, but I have seen serious systems with a lot of hard work behind them, and yet they had certain flaws.


therefore, anyone who decides on your application must also take care of your health and willingness to change things after 20 years.

I can see a concern here. I will temporarily make the download link unavailable until I fix this. What I will do is allow you to move the text file that has the private keys to another folder or device. Then you can check if the year has occurred, and when it’s ready, the program will notify you to move the private keys into the same directory. Then you can turn off the internet, and your private keys will be available without ever being online.

I mean the website you are using to pull the time from. If that website no longer exists, then your product no longer functions. That's a single point of failure and requires complete trust in a third party.

So again you are admitting a single point of failure.

And how do the people with keys locked in the current version using a defunct website overcome this issue? And again, here is another single point of failure - you updating the code.

This is incorrect. I have multiple cold wallets which I spend from without them ever touching the internet. That's the whole point of a cold wallet.

It would be trivial for you to set up a bot which automatically sweeps any coins in a second or two, far quicker than any normal user would be able to spend their coins.

Again, I wouldn't touch this ever. 100% trust based and multiple points of failure. And you are charging $12 for something anyone can do themselves 100% trustless, for free, via timelocked transactions?

The encryption is built into the executable, so that is how you’re able to encrypt without using the internet. BTCapsule uses AES 128-bit encryption. I won’t say what website is used to check the time, because if BTCapsule becomes popular, then nobody wants the website to be hacked and the time changed. If the website is ever offline, then I will use another website. BTCapsule is not a hardware wallet, so it should never be your only storage of your private keys.

When using a cold wallet, if you want to spend your Bitcoin, then it must be connected to the internet. That means we’re trusting Ledger not to steal our coins. This can be avoided by immediately moving the coins to another wallet the moment they are exposed to the internet, so it’s impossible for me to steal any Bitcoin.

---

The encryption key is built into the executable. I have added other unique security features, so it will be extremely hard to find.


If the website is offline, then I will change the website and the program can easily be updated.

[moderator's note: consecutive posts merged]

Encrypted how? With what algorithm?
Which website? How can you be sure it won't be offline? If it is offline, are the keys permanently inaccessible?
How can we be sure the program doesn't send off the encrypted file when it accesses the internet, and how can we be sure you don't know the encryption key it is using and can steal the funds?

This is entirely based on trust, and has multiple completely unnecessary points of failure. There is zero benefit over a timelocked transaction. I wouldn't touch it.

The private key is encrypted in a text file, and cannot be decrypted until the year arrives. It is possible the website used to check the UTC will be gone, but it is an established website that has been online for a very long time. In other words, you’re not trusting me to keep the UTC time online.



I agree, but I chose to keep the software closed so that it is harder to hack. Ledger has never been hacked, but Trezor has. Both are great options for Bitcoin wallets, but my program uses some unique methods to ensure protection.

How does the program protect the private key locally when it doesn't ask for password/PIN? What'll happen if website used to check UTC time already gone by year 2XXX?


Personally i would avoid closed source software.

If you give the keys to a loved one, then you are trusting them not to lose or expose them. BTCapsule doesn’t require your loved one to remember a password. The year that you choose is the password, and when it arrives, they have access to your keys.

What's the benefit of this instead of locking your BTC while giving the keys and stuff to the loved ones directly? If it just adds a password I don't see the benefits. Timelocking also guarantees that it will stay there until the date arrives, while software might fail to hide the keys completely if a bug was exploited.

***

This version of BTCapsule is no longer available. Please see the new thread here:

https://bitcointalksearch.org/topic/btcapsule-is-a-gui-to-timelock-your-btc-and-allows-you-to-change-your-mind-5420600

***




I have created a program that allows you to leave your private keys as an inheritance, or it can replace Timelock by allowing you to hide your private keys until a specific year.

The program is very simple. Move it to a thumb drive, turn off your internet, and enter a future year and your private keys. You can give the thumb drive to a loved one, and when the year arrives, they will have access to your keys.

There is no need to trust lawyers or any third party.

https://btcapsule.com

Please let me know what you think. Thanks!


EDIT

I have worked very hard on my program, and I hope I have addressed all concerns.

More sources for UTC time

I have added multiple sources for checking UTC time online. I will now post them, as I’m not concerned about them being hacked. Time is now coming from the Network Time Protocol from various sources. These are the sources, in order of possible failure:

time.google.com

time-a-g.nist.gov (United States government servers)

pool.ntp.org (a mostly decentralized pool on distributed networks. Used by major Linux distributions)

Keys are NEVER online

I have added a feature that can keep your private keys from ever seeing the internet. Basically, you turn off the internet and move the keys.txt file to another thumb drive. Then turn the internet back on to check the date. If successful, it will create another encrypted file. Turn the internet off, move the keys.txt back into the folder with BTCapsule, and your private keys will be available. You can read the directions here:

https://btcapsule.com/offline.html

The only concern I haven’t addressed is making the program Open Source. I am considering this, but I fear Open Source will make it easier to exploit. I am thinking about providing the code without sensitive data, but I’m not sure yet.