Topic: StrongCoin Security (Read 761 times)
Ah, I didn't think it through. Of course the broadcast can't contain the private key; otherwise, everyone could still the rest of the amount in your wallet after the first transaction. Thanks. I made a strong coin account and imported the wallet into my local client. This way, I have convenience when I'm at my computer (not to mention I don't have to pay the 1% fee), but I can still access my funds anywhere. Still don't like downloading the blockchain, though (I pay ~4 USD per GB for internet access). Maybe a thin client with import/export capabilities will come along soon...
The one thing I'm still not quite sure on is: how does StrongCoin spend your BTC without your un-encrypted private key? Are browsers actually capable of broadcasting transactions to the bitcoin network without any server involvement?
The transaction is signed with the private keys on the client side, using javascript in the user's web browser. The signed transaction message is then submitted to StrongCoin who will broadcast it to the Bitcoin network for you. It's important to realize that they can't derive the private key from this digitally signed message; they can only validate the signature against the message using the public keys. And a digitally signed message cannot be altered without invalidating the signature in the process, so StrongCoin can't just change the output addresses to their own, or do anything nefarious like that. If they attempted to do something like that, and then submitted it to the Bitcoin network, honest nodes will refuse to propagate it to others and honest miners will reject it because the signature won't be valid any more. Hope that helps.
If I understand correctly, the browser does the unencryption and then provides the data which the StrongCoin server sends to the network.
I am very intrigued by StrongCoin. Not having to keep the blockchain on my computer is very enticing, and StrongCoin looks like the only service that'll also tell you your private keys. So, if it disappears tomorrow, I could still spend my BTC.
The one thing I'm still not quite sure on is: how does StrongCoin spend your BTC without your un-encrypted private key? Are browsers actually capable of broadcasting transactions to the bitcoin network without any server involvement?
The one thing I'm still not quite sure on is: how does StrongCoin spend your BTC without your un-encrypted private key? Are browsers actually capable of broadcasting transactions to the bitcoin network without any server involvement?
Jump to: