Topic: Secure Wallet Service - would you use it? (Read 2632 times)

That's my take too. I'll trust my LinuxCoin usb's and my backup system thank you.

after what has happened with mybitcoin, I would not trust any wallet service.

Would this SMS service be global or US only?

(Not read entire thread so apologies if already answered.)

No need really

I really don't see the point. Far more secure on offline portable media.

Anyone thinking about creating or using an online wallet services should be thinking about offline reserves. See this thread:

https://bitcointalksearch.org/topic/open-letter-to-online-exchanges-and-wallets-store-coins-offline-34011

Personally, I wouldn't trust anyone with my wallet other than myself.  I'm not saying that there isn't a market for a secure wallet service, but I certainly wouldn't use it.  Now, the less tech-savvy bitcoin users may be drawn to something like that because they won't have the patience or aptitude to implement their own security measures.

However, if bitcoin is ever to "make it big", a standardized, secure solution to wallet management MUST be implemented.  So, you would need to keep in mind that your business could become obsolete very quickly if this happened.

Nope, my computer is the only place I trust my wallet.

Thanks for all the replies.  The more I consider this, it would need to be a service like LastPass, but integrated with the Bitcoin client.  So, essentially, all wallet decyption is done locally on your machine and we never get a copy of your wallet that is unencrypted.

If you have used LastPass you know how this works.  Never trust anyone with your wallet is right.  Personally I would not want to guarantee other people's wallets, because who knows what will happen?  MtGox being hacked has proven what the risk can be.

FRAUD WARNING

Don't send your wallet file to anybody, ever.  It's always a bad idea.  Unless your intent is to send them all your bitcoins, absolutely nothing good can come of it.

If you want to keep it safe, put it on a CD or a USB flash drive.  If you have a serious amount in coins, buy a dedicated computer and use it only as a bitcoin wallet (you obviously can afford it).  There is nothing to be gained from sending your wallet to anybody for any reason.  If you know how to find your wallet file, you know how to copy it to a USB flash drive, and that should be that.

Nope. I don't trust you in the slightest.

It requires modification to the source code.

Bitcoin transactions don't technically go to addresses: what they really contain is instructions on how to determine who is allowed to spend them next.  This is called a script.

A transaction that goes out to address A actually goes out as a coded message that says: "A person attempting to re-spend these coins must provide signature that matches address A".

It is possible to have more complex messages.  For example: "A person attempting to re-spend these coins must provide signatures for any 2 of the following 3 addresses, A, B, C."

The owner could be A, and two wallet-securing recovery agents could be B and C.  The coins could be spent either by the owner with the assistance of either agent, or both agents could act together.  Whether or not the agents are trusted is not the point, my point is, the bitcoin software and P2P network already supports complex transactions like this and anyone seriously going to the effort of offering a "wallet securing" service ought to make use of them, rather than just saying "trust us".

Wait what? How do you create more than wallets for the user to put their coins on???

Also, I was thinking about this the other day. You should create a new wallet and encrypt it. Shred the non-secure wallet. Give the user the private key and store the private key on the server.
If the user wants to send the coins to his real wallet, he would have to provide the private key and a optional passkey to access his wallet.

"The Bitcoin software internally has the capability of sending Bitcoins to more than one address in a manner that requires BOTH private keys to unlock them. "

Not sure if this was directed toward my service or his but we only cover one payment address to one wallet at least for the moment. This assures the person is the rightful owner of the wallet.

Thanks for the good luck! at least I'm attempting to help solve this issue has its just getting out of control!  

FRAUD WARNING

Don't send your wallet file to anybody, ever.  It's always a bad idea.  Unless your intent is to send them all your bitcoins, absolutely nothing good can come of it.

If you want to keep it safe, put it on a CD or a USB flash drive.  If you have a serious amount in coins, buy a dedicated computer and use it only as a bitcoin wallet (you obviously can afford it).  There is nothing to be gained from sending your wallet to anybody for any reason.  If you know how to find your wallet file, you know how to copy it to a USB flash drive, and that should be that.

(Edited this post to make this fraud warning blatantly obvious and higher up in the thread.  The moderator should probably axe this whole thread.  Sorry for such an annoying message, but hearing about people losing their coins to fraud is even more annoying.  The prior contents of this post may be found below.)

Numerous servers are compromised daily,  Most of the time without the owners knowledge.
To have alot of Wallets in one place would not only make it a target but, assuming they are miners,  GPU Bruteforce would be rather achievable.  Whilst I commend your effort to secure the Wallet,  Personally I trust my own security other then the security of someone I don't know.

Good Luck with the Idea though

Thanks for the welcome!

Great questions. Little clarification we are only covering the wallet.dat if our encrypted server that holds your wallet is compromised and your wallet.dat file is taken - as the wallet.dat is the most important piece not the bitcoins inside it. If you loose your wallet.dat its gone forever. So via your upload of the wallet.dat and your payment of service we can verify the wallet is yours and how much you have as a balance via the blockexplorer ledger. Obviously, if you loose/erase your wallet on your home computer you can come retrieve the wallet.dat from us.  This eliminates anyone not trusting us because why would we spend your bitcoin wallets only to have pay out 100 percent coverage against us doing so? At some point there hast be mutual trust otherwise you can encrypt all day once you loose your wallet it doesn't matter.

How do you guarantee coverage you ask ? We know how many bitcoins you had in your wallet upon payment for service via the ledger/blockexplorer ( plus hopefully you are honest when you tell us just how much you have in your BTC so you can get coverage against it) and we can keep track of your balance via the payement link you give us ( we only deal with that payment link you send against). If your wallet.dat is taken from the encrypted server we pay you the amount of your ledger as coverage/insurance at the time of the taking against someone using your bitcoins assumming they took it to go use it. 

As for stolen Bitcoins this is a different situation. Since the amount of your bitcoins changes there is noway to tell if you are spending it all and then claiming it stolen as you said. At the moment we are going to do the honor system but also have some ideas how to deal with this  

We are also working on non-upload coverage.

There is more information but can't reveal it all!

http://www.bitprotection.info

Welcome.  It sounds like there is a demand for a service like this.  When you say you provide 100 percent coverage of your bitcoin wallet, regardless of what happens to it, what are you guaranteeing?  Are you refunding the contents of customers wallets in case they get compromised?  I don't see how you can do this if the customer keeps a copy.  If the customer uploads a copy that you encrypt, and they keep an unencrypted copy on their home computer, it will still be vulnerable to loss or theft.

Also, how can you prove the the coins were not just spent by the customer?  The only way to really guarantee that nobody will spend the coins except an authorized user is to keep a single copy of the wallet in a highly secure place, with strong encryption.

Basically, by keeping your wallet on a remote server, if someone hacks your home computer, they never get a copy of it, so they can't spend your Bitcoins.  Even if that person installs a virus, trojan, or keylogger on your home computer and steals your password to our site, unless they steal your cellphone too, they can't spend your coins because our service will send you a text message with a 4 digit code every time you try to spend coins.

If done properly, it should be more secure than keeping an unencrypted wallet on your home computer.