Author

Topic: Public distribution of wallet.dat? (Read 1047 times)

newbie
Activity: 10
Merit: 0
August 02, 2011, 12:15:54 PM
#4
Yes, they could of course send us backups of their encrypted wallet.dat. Nobody would be able to access this file. However, this totally isn't necessary. An exchange service should backup their wallet.dat files on different servers spread all over the world.

I also think that exchanges shouldn't only have one wallet containing all Bitcoins. It's too dangerous that a security flaw would allow it someone to withdraw all Bitcoins to his account. Therefore, an exchange should actually only have a small amount of Bitcoins in the wallet they use for their internet service. The rest of the money should be on another computer that is as far as possible isolated from the internet (only allowed to connect to other Bitcoin nodes). Should it come to a situation when the majority of customers wants to withdraw lots of Bitcoins, the withdrawal form would show an error and the administrator would have to intervene manually and transfer more Bitcoins to the main wallet. Now the online application could continue sending Bitcoins.
legendary
Activity: 1680
Merit: 1035
August 02, 2011, 10:47:36 AM
#3
Stupidly done backups still fail stupidly. And even good backups can get screwed. We use this system for our website, where important parts are available and distributed to site supporters. When something like a hard drive crash happens (we lost a chunk of our backup once), we put out a request and had people with their own backup copies send us the lost files back.
hero member
Activity: 655
Merit: 500
August 02, 2011, 06:33:06 AM
#2
well, sort version , no.
long version..
an online backup of wallet.dat would not reasure me (an maybe other people) of the practices of the exchange/online wallet service.
how would you know that the encrypted wallet is the wallet of the exchange?
its at least amateurish to not backup. 
hero member
Activity: 504
Merit: 502
August 02, 2011, 06:11:52 AM
#1
I ask this only half seriously.

Would it be sensible to ask of our exchanges and online wallets that they post a regularly-updated link to an encrypted version of the wallet.dat that they use?

Is the encryption from, say, GnuPG, solid enough that we could trust that it wouldn't be broken, while at the same time making us all feel a little more secure that a mybitcoin/bitomat situation at least has a potential resolution in the event of a catastrophic failure?

I suspect that anyone who implemented such a policy wouldn't ever need to take advantage of it (having done the work, you would certainly make it email you a copy of the backup as well) -- but it would publicly demonstrate that a backup exists, making us all feel a little more secure (only a little though).
Jump to: