Topic: Making Electrum safe to use on computers you can't trust (Read 824 times)
So I tried TrustedCoin out and I don't see their SMS authentication as being reliable. They've said that they support all countries that their gateway Twilio does but that doesn't seem to be the case. Pakistan is not supported by TrustedCoin even though Twilio supports it. I've contacted them and they don't seem to know what to do about it. Their responses have been less than confidence inspiring.
Transactions taking 24+~1 hours to confirm are useful in what cases?
I described something like this service, but with the 3rd key unknown unless the service disappears or the user's key is compromised. How would you hide the 3rd key in that case?
Encrypting it with the users PGP key means that he can retrieved it any time, so there's no "green address" condition, but the user needs to be able to retrieve it somewhen.
Encrypting it with the users PGP key means that he can retrieved it any time, so there's no "green address" condition, but the user needs to be able to retrieve it somewhen.
PM sent
A huge security problem with Bitcoin wallets is they don't protect your funds if keylogging malware exists on your computer.
I recently launched a "cosigning as a service" company, TrustedCoin, to mitigate this threat. The way it works is:
So if your computer gets infected with malware, the worst it can do is spam you with spending attempts. If this should happen -- or if TrustedCoin were to disappear -- the user can combine both keys and instantly transfer funds to a new address.
Is there anyone interested in integrating our cosiging APIs into Electrum? We also offer a 70% rev share on all transaction fees (0.0005 BTC per transaction) to the wallet developer.
API Documentation: https://api.trustedcoin.com/#/docs
Reference web wallet implementation: https://api.trustedcoin.com/wallet
Reddit commentary of this product: http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/
Thanks,
Josh
I recently launched a "cosigning as a service" company, TrustedCoin, to mitigate this threat. The way it works is:
- User creates 2 different keys (on 2 different devices, if you want to be extra careful).
- TrustedCoin creates a 2-of-3 multisig P2SH address, where the user owns 2 of the 3 keys.
- When anyone tries to spend coins from this address, TrustedCoin will email and SMS the user with details of the transaction, and give the user time (say, 24 hours) to cancel before signing and broadcasting it.
So if your computer gets infected with malware, the worst it can do is spam you with spending attempts. If this should happen -- or if TrustedCoin were to disappear -- the user can combine both keys and instantly transfer funds to a new address.
Is there anyone interested in integrating our cosiging APIs into Electrum? We also offer a 70% rev share on all transaction fees (0.0005 BTC per transaction) to the wallet developer.
API Documentation: https://api.trustedcoin.com/#/docs
Reference web wallet implementation: https://api.trustedcoin.com/wallet
Reddit commentary of this product: http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/
Thanks,
Josh
Jump to: