Author

Topic: How secure is Blockchain.info (Read 5542 times)

newbie
Activity: 49
Merit: 0
December 04, 2013, 05:23:28 PM
#15
Also, there is the ability to use a second password to protect your wallets, am I right in saying that this is the same type of encryption used in the Bitcoin-qt's password where you need it to send funds?
Yes there is the ability to put a second password for sending coins

However, on QT the password is the same as the one used to encrypt the wallet

On blockchain it can be a different password, and it is entered using an on-screen keyboard to protect against keylogging
donator
Activity: 848
Merit: 1078
September 16, 2012, 10:44:09 PM
#14
Very secure, I'd venture to say it's as secure as an ewallet can possibly be.

Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.



How secure is the encryption on the wallets that are stored on blockchain.info's servers?

Also, there is the ability to use a second password to protect your wallets, am I right in saying that this is the same type of encryption used in the Bitcoin-qt's password where you need it to send funds?
legendary
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
September 16, 2012, 06:36:11 PM
#13
You can send the backup to a gmail account with two factor authentication enabled.

Are gmail accounts encrypted so google can't see inside?
I guess they can read my mail. But they also need a keylogger on my machine to decrypt the backup.
legendary
Activity: 1078
Merit: 1003
September 16, 2012, 06:14:56 PM
#12
You can send the backup to a gmail account with two factor authentication enabled.

Are gmail accounts encrypted so google can't see inside?
legendary
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
September 16, 2012, 05:58:23 PM
#11
You can send the backup to a gmail account with two factor authentication enabled.
legendary
Activity: 1078
Merit: 1003
September 16, 2012, 03:40:59 PM
#10
Does it really work that way? Is the backup only encrypted by my password?
hero member
Activity: 924
Merit: 502
September 16, 2012, 03:01:30 PM
#9
Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.

Actually I reckon the backup is a weak point. One of the biggest risks you face is the possibility of a key-logger on your machine. Two factor authentication protects you against this (as long as an attacker can't use social engineering to get it removed). However if they can get the backup encrypted with the same password they can effectively bypass the two factor authentication.

A simple solution for this would be to encrypt the backups with a different (rarely typed in) password. I do hope blockchain.info offer this at some point.
hero member
Activity: 811
Merit: 1000
Web Developer
hero member
Activity: 675
Merit: 502
September 16, 2012, 10:59:49 AM
#6
Who runs blockchain.info ? Is he a poster here?
legendary
Activity: 1078
Merit: 1003
September 16, 2012, 10:33:22 AM
#5
full member
Activity: 136
Merit: 100
September 16, 2012, 10:26:43 AM
#4
you can use two factor authentication and a javascript verifier.



Hey, what's this?

thanks

legendary
Activity: 1078
Merit: 1003
September 16, 2012, 09:04:42 AM
#3
Very secure, I'd venture to say it's as secure as an ewallet can possibly be.

Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.

full member
Activity: 188
Merit: 100
September 16, 2012, 09:04:20 AM
#2
If you feel uncomfortable, why don't you use you own wallets (cold storage, offline etc) and have blockchain's wallet only for temporary storage of btc?
donator
Activity: 848
Merit: 1078
September 16, 2012, 08:58:46 AM
#1
I know this has been discussed in the official post but I wanted to ask in a separate thread for clarity.

Just how secure is blockchain.info with my private keys?

From what I can gather, your info is all AES encrypted however its ultimately stored centrally on the blockchan.info server. This makes me feel a little uncomfortable.

Whats stopping someone with access to the server performing some kind of man in the middle attack?
Jump to: