Topic: Size of blockchain and clients that don't require a full download? (Read 2205 times)

The javascript verifier was replaced a long time ago for precisely this reason, the new browser extensions come bundled with all code. I would estimate at least 50% of users use a client which downloads no code from blockchain (Browser extensions, Mac App, iPhone App, Android App).

In practice there is a pretty substantial difference between software which is manually updated by users and software where the normal practice is to invisibly download new code at every execution. There is still the issue of additional code. E.g. XSS on blockchain.info's explorer service (which there have been several easily exploitable ones) has no parallel risk in multibit or electrum.

There is also the issue of the centralized service receiving an encrypted copy of the wallet (usually encrypted with some weak user selected key) which also doesn't exist for multibit/electrum. There are fast (e.g. >1 million attempts per second) gpu crackers for bc.i wallets...  So the user of a cryptographically strong passphrase is another conditional.

Note that in this particular case, I only stated that blockchain.info provides you exclusive control over your private keys, not that it is stronger (or weaker) than Electrum/ MultiBit/etc.


Electrum/MultiBit/etc. can also provide updated code that behaves differently than the current client.  Just like any user that downloads new blockchain.info JS could be subject to altered behavior, any user that downloads a new version of Electrum/MultiBit would be subject to altered behavior.



In the same way that avoiding updating Alectrum/MultiBit/etc. doesn't prevent _additional_ programs that are running on your computer from accessing your wallets.


Agreed.  The OP really didn't specify what they meant by "total security".  Even Bitcoin-Qt isn't "totally secure", and is vulnerable to many exploits if the user is uninformed and careless.

I call shenanigans on this. The site can replace the JS at any time, in theory you could do some extension js pinning stuff, but the code I've seen only verifies that a couple scripts are the same as in git.  Pinning particular scripts does not prevent _additional_ scripts from changing the state, and I don't believe the pinning is widely used in any case.

You might be happy with what it provides, but I think its not unfair to say that it is categorically weaker than Electrum/Multibit/etc.

All of the reduced storage clients listed in these thread use a reduced security model where the wallet itself does not validate network rules (such as honest spending, or no unpermitted inflation) and instead trust their peers to do it for them (or in the case of Electrum a user selected server). Thin clients are also somewhat more vulnerable to being tricked by fake deposits (an issue exacerbated by the fact that most (all?) show a single confirmation as "confirmed"). There is also a privacy tradeoff, as all the thin clients send address lists or bloom filters to the systems serving them to indicate which transactions they are interested in...

AFAIK there is currently no software that gives equivalent security of all kinds to bitcoin-qt that has reduced storage requirements, but it's possible to do so (and bitcoin-qt will in the future).

At the moment there are 5 wallets that I know of that allow you to retain complete exclusive control of your private keys:

• Armory
• Bitcoin-Qt
• MultiBit
• Electrum
• https://blockchain.info/wallet

Thanks.  I've heard of Multibit.  Any others that come highly recommended?  (Must be for OS X).

There are various clients that don't need to download the entire blockchain, but can still operate 100% locally, so you'll have your wallet-file that you can encrypt and backup and functionality similar to what Bitcoin-QT offers.

A popular example of such a client is Multibit. It has its own subforum on bitcointalk as well if you have questions.

What is the current size of the blockchain in GB?  My Bitcoin data directory is 13.67 GB - is that right?

Are there any clients that don't require you to download the whole blockchain but still give you total security and control over your wallet?  I don't like the idea of having my wallet stored on a third party server and I know those clients/services exist.

I'm not that good with the technical aspects - is it even possible to retain total security over your wallet, your coins, your addresses if you aren't operating the standard client which requires download of the entire blockchain?