I want a wallet with fixed adress! | Bitcointalksearch.org

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: speeder on October 03, 2011, 12:15:24 PM

Hello!

I do not trust my own security, so I want a wallet... Like MyBitcoin was before they turned out scammer...

Can someone recommend one? (hopefully, not a scammer)

what you want is a deterministic wallet. I just released one:
https://bitcointalk.org/index.php?topic=50936.0;topicseen

Tuxavant

hero member

Activity: 784

Merit: 1010

Bitcoin Mayor of Las Vegas

bitventory.com looks interesting (like strongcoin, but signable java instead of unsignable javascript).

pointbiz

sr. member

Activity: 437

Merit: 415

1ninja

you could make a paper wallet at bitaddress.org and to spend the btc you can import the private key to mtgox

dogisland

sr. member

Activity: 262

Merit: 250

Quote from: captainteemo on October 07, 2011, 04:50:58 PM

Quote from: BurtW on October 03, 2011, 12:42:08 PM

The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.

Already flawed, pack up and go home.

The Javascript library used to encrypt the keys in StrongCoin is gibberish AES.

Implementing AES means producing the precise ciphertext that the standard mandates for a given plaintext and key; we are talking about exact values, down to the last bit, so the language used to code the algorthm is irrelevant.

The main argument against using Javascript for encryption is that the server could be hacked and the JavaScript changed.

Firstly, StrongCoin is deployed to Heroku, you can read their security policy http://policy.heroku.com/security.

Secondly, I will be shortly implementing a remote service to check any changes to the delivered JavaScript. I can then use PingDom to send me an SMS if the checks fail. That's a check every minute.

StrongCoin is probably the least risky way to store and spend Bitcoins.

captainteemo

full member

Activity: 143

Merit: 101

Quote from: BurtW on October 07, 2011, 05:23:11 PM

Therefore you can unplug your computer from the Internet while you generate you private keys if you want to. They private keys are then encrypted by a password. One nice feature is the system helps guide you to a stronger password as you enter your password.

Quote

The web hosts most of the world's new crypto functionality. A significant portion of that crypto has been implemented in Javascript, and is thus doomed. This is an issue worth discussing.

Quote

If you don't trust the network to deliver a password, or, worse, don't trust the server not to keep user secrets, you can't trust them to deliver security code. The same attacker who was sniffing passwords or reading diaries before you introduce crypto is simply hijacking crypto code after you do.

Quote

The problem with running crypto code in Javascript is that practically any function that the crypto depends on could be overridden silently by any piece of content used to build the hosting page.

Quote

“Any attacker who could swipe an unencrypted secret can, with almost total certainty, intercept and alter a web request.”

Quote

Using in-page Javascript without something to help with verification is untenable from a security perspective.

Having a plugin to verify the code sent from the server which is then used to actually perform the crypto is absurd. It unnecessarily increases the attack surface and complexity in comparison to a plugin that directly performs the crypto.

Quote

there is no reasonable argument that in-page Javascript crypto is useful

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Therefore you can unplug your computer from the Internet while you generate you private keys if you want to. They private keys are then encrypted by a password. One nice feature is the system helps guide you to a stronger password as you enter your password.

captainteemo

full member

Activity: 143

Merit: 101

Quote from: BurtW on October 03, 2011, 12:42:08 PM

The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.

Already flawed, pack up and go home.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

I really like what they are doing over at StrongCoin.com:

All private keys are individually encrypted with passwords of your choosing.
One nice feature is that as you create your passwords it give you an indication of the strength of the password in order to help you pick better passwords.
The unencrypted private keys never leave your computer - all computations involving private keys are done using JavaScript on you computer instead of on the server.
You can generate your own pubic/private key pairs to your hearts content.
You can use StrongCoin to import the value from physical Bitcoins or Bitbill or paper wallets
It allows you to create paper backups of your private keys.
The web site itself is very clean and user friendly.

It is a work in progress but I really like what I see so far.

speeder

hero member

Activity: 966

Merit: 501

PredX - AI-Powered Prediction Market

Hello!

I do not trust my own security, so I want a wallet... Like MyBitcoin was before they turned out scammer...

Can someone recommend one? (hopefully, not a scammer)

Topic: I want a wallet with fixed adress! (Read 1139 times)