Author

Topic: [IDEA] BitBackup (Read 1040 times)

legendary
Activity: 1498
Merit: 1000
July 30, 2012, 11:30:09 AM
#8
hero member
Activity: 868
Merit: 1000
July 30, 2012, 02:13:05 PM
#6
Agree with the comments. This would be a project that would be needed to be done seriously if done at all.

At the moment I don't have the time, but obv. all critism would have to be answered for such a project to suceed.

I think such a 'newbe' and friendly solution will be developed eventually.
hero member
Activity: 868
Merit: 1000
July 30, 2012, 08:54:52 AM
#5
Nice suggestions on the storage part of this project.
The encryption methods used would be known, and the source code would be available.

Chosing strong walletpassphrases + using strong encryption on the entire wallet (after it's already protected by a walletpassphrase), and keeping the secrets only on the client side, client could of course make multiple backups of his wallet pass phrase and/or private PGP-key and store it in safe locations.

Point is, if it's done correctly, cracking the encryption and the wallet pass phrase, should be practically impossible.

Just imagine having your wallet pass phrase set to 'Santa Claus loves all children in the world!' and then encrypt it with a private PGP-key holding the keyphrase 'I met my wife Alice at Garden Inn'.

To get access to the wallet and transfer the coins, the attacker would need.

1. Access to the PGP-encrypted wallet.dat (trivial, esp. if you have access to a storage server, or it's stored with bittorrent and you can download it)
2. Access to the private PGP key of the wallet owner. (Very hard, local computer needs to be compromised, and if local computer is compromised anyway, it might be game over anyway)
3. Access to the passphrase for the private PGP key.
4. Now that the attacker has decrypted the wallet, and it can now be acessed, apart from sending coins, which would need the wallet pass phrase.
5. Wallet passhrase would need to be cracked.

Brute force of long passhrases are computably unfeasible, you could check with the calculator here:
https://www.grc.com/haystack.htm. I guess a variant where you combine a dictionary attack with bruteforcing (words instead of letters) would be quicker, but instead of 'I met my wife Alice at Garden inn', using something like '#¤&%554ll_\44DFss-@3-6\\' for the passphrase would take 93.83 billion trillion trillion centuries assuming 1000 brute force attempts pr. second.

To give peace to the user, such a calculator could even be included with the program, so the user could check the strength of his passphrases.

Obviously for such a project, a more specific draft would have to be made, and input from the community would be required.

So in many cases it would be actually a larger likelyhood of the users residence to burn down than having those wallets being cracked. The only ones being afraid of storing their wallet online would be those who doesn't understand the technology properly. Use weak protection and distribute the wallet, and do expect to lose the coins. Done right, the danger is in my view so small that it is non existant.

But anyway, perhaps something like this is already worked on, or partly or fully incorporated in existing software.
NRF
sr. member
Activity: 279
Merit: 250
July 30, 2012, 02:32:01 AM
#4
HTTP post has no concept of replication, storage, fault tolerance and even with SSL has far less encryption then the bittorrent protocol is capable of.

Writing an app to do all of this is of course possible, but why re-invent the wheel (with possible dangerous bo bo's) when there is an extensively audited and trusted open source alternative with library's written in just about a bijilion languages?

Still, I do like tin foil hat's, the girls love em.
NRF
sr. member
Activity: 279
Merit: 250
July 30, 2012, 01:56:19 AM
#3
Bittorrent protocol do what work? Give my wallet to everyone. Bittorrent protocol has no purpose in this, and just seed your wallet to anyone who can crack the code. Even if it is in a truecypt container, i don't want other computers that I don't give permission to have it.

The actual distribution of the files, bittorrent is a very robust P2P way (and open source) of storing information.  It can be used in many more ways than just downloading movies and music. 

It could be used as a storage mechanism that fits Herodes proposal.

If, as you say " i don't want other computers that I don't give permission to have it" what Herodes proposes is probably not for you.  I think it is quite a good idea and already do something similar using bittorrent, its not an application though, just bittorrent and bash scripts running on geographically distributed computers.
NRF
sr. member
Activity: 279
Merit: 250
July 30, 2012, 12:54:04 AM
#2
This may sound insane but until you get your project underway,

You could put it all into a truecrypt container with a strong password and keyfile and seed it with bittorrent.  Seed it on every computer you own, ask your friends to seed it. upload it to pirate bay, title it bitcoin wallet.dat with 1000 bitcoin's in it.  Even ask people here to seed it.

Bittorrent is great like that (As long as your password isn't "1234" ).

Regardless, I would look into the bittorrent protocol to do the actual work behind what you propose.
hero member
Activity: 868
Merit: 1000
July 29, 2012, 07:19:34 PM
#1
I am putting this here for future reference, loss of coins is a real problem in the community, and let's face it, most people want it easy, so also with backups.

What I propose is the following piece of software, it could be made in QT or Java to run on a multitude of platforms.

- Open source (so it could be verified nothing nefarious is going on.
- Free remote backup of encrypted wallets, possibly also encrypted with users private PGP key too, this should be redundant, I thought of 3 different servers. A small fee could be charged by such backup server operators to cover costs. Or free accounts with lesser features, and premium accounts with more features.
- Option to copy wallet to a safe location on disk or external media.
- Option to give wallets nicknames, so they could be swapped.
- Option to save to a paper wallet.
- Some kind of emergency restoration feature (perhaps a physical yubi-key could save the passphrase.)

In short, keep all secrets (walletpassphrase, PGP-keys) local, but spread the risk (wallets), ideally extra copy of wallet on another location on same harddisk, +on external media, + 3 remote locations.

By doing it open source, those interested can verify nothing nefarious goes on, and most users can just happily use the program. These features could also be plugged into the main client, or as an addition to the standard client, perhaps there should be a 'plugin API' to the standard client, and there could be one repository with 'verified' plugins that are verified by community members, still it should all be open source.

I'd love to do this, but at the moment, my hands are tied with other projects, but I'll keep it here in the event I'll get back to this idea again in the future. I don't think this is a big commercial project, but it would benefit the community.

I haven't checked if something like this already exists. But the point is: It should be supereasy to use for newbs, all point and click.

Jump to: