Author

Topic: Making MultiBit safe to use on computers you can't trust (Read 683 times)

legendary
Activity: 1708
Merit: 1066
I think co-signing services as you describe will be very useful.

There are other teams working on similar proposals so a unifying standard would be the way to go.
legendary
Activity: 1526
Merit: 1134
That's great. The best place to integrate this would be bitcoinj, IMHO, then wallet authors just need to wire it up to their GUIs.
newbie
Activity: 4
Merit: 0
A huge security problem with Bitcoin wallets is they don't protect your funds if keylogging malware exists on your computer.

I recently launched a "cosigning as a service" company, TrustedCoin, to mitigate this threat.  The way it works is:

  • User creates 2 different keys (on 2 different devices, if you want to be extra careful).
  • TrustedCoin creates a 2-of-3 multisig P2SH address, where the user owns 2 of the 3 keys.
  • When anyone tries to spend coins from this address, TrustedCoin will email and SMS the user with details of the transaction, and give the user time (say, 24 hours) to cancel before signing and broadcasting it.

So if your computer gets infected with malware, the worst it can do is spam you with spending attempts.  If this should happen -- or if TrustedCoin were to disappear -- the user can combine both keys and instantly transfer funds to a new address.

Is there anyone interested in integrating our cosiging APIs into MultiBit?  We also offer a 70% rev share on all transaction fees (0.0005 BTC per transaction) to the wallet developer.

API Documentation: https://api.trustedcoin.com/#/docs

Reference web wallet implementation: https://api.trustedcoin.com/wallet

Reddit commentary of this product: http://www.reddit.com/r/Bitcoin/comments/1zhief/id_like_to_present_a_bitcoin_wallet_thats_safe_to/

Thanks,

Josh
Jump to: