Author

Topic: To all exchanges: Please do this... (Read 2793 times)

legendary
Activity: 1526
Merit: 1002
Waves | 3PHMaGNeTJfqFfD4xuctgKdoxLX188QM8na
June 21, 2011, 04:39:32 PM
#15
News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.
Uh, Fail? How is that more secure?

someone does not understand sarcasm...

Everyone understands sarcasm....
full member
Activity: 230
Merit: 100
June 21, 2011, 04:00:04 PM
#14
News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.
Uh, Fail? How is that more secure?

someone does not understand sarcasm...
newbie
Activity: 28
Merit: 0
June 21, 2011, 03:58:23 PM
#13
News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.
Uh, Fail? How is that more secure?

"Whooosh" (sound of the joke flying over your head)  Wink
newbie
Activity: 28
Merit: 0
June 21, 2011, 03:51:23 PM
#12
News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.
Uh, Fail? How is that more secure?
newbie
Activity: 59
Merit: 0
June 21, 2011, 03:48:09 PM
#11
Thanks for the info, mtgox is down right now is there a backup address I can send my file? I have many coins I need to secure them ASAP. thx!

 Shocked Shocked Shocked

 Grin
member
Activity: 103
Merit: 10
June 21, 2011, 03:45:09 PM
#10
Thanks for the info, mtgox is down right now is there a backup address I can send my file? I have many coins I need to secure them ASAP. thx!
legendary
Activity: 1526
Merit: 1002
Waves | 3PHMaGNeTJfqFfD4xuctgKdoxLX188QM8na
June 21, 2011, 03:12:09 PM
#9
We're considering all options.
The downside to a fixed address is when someone wants to cash out to someone else, which happens all the time.

We're looking at the best way to authenticate and will implement something soon.

-Jered

It's not a downside.
I can send the BTC to my own wallet and then transfer them to the wallet of another person.
So there is no need to have the option to send it to another person...
hero member
Activity: 540
Merit: 500
June 21, 2011, 03:07:47 PM
#8
We're considering all options.
The downside to a fixed address is when someone wants to cash out to someone else, which happens all the time.

We're looking at the best way to authenticate and will implement something soon.

-Jered

When this patch will be accepted in bitcoin (it allows to sign a message with a bitcoin address), you could require a bitcoin address at the registration time and if people wan't to withdraw to another address, they just have to sign the new address with the default address. This allow you to :
- prove you own the original address (you can only sign messages with this address if it is in your wallet and you own the private key)
- give your trust to other addresses

Signing a message :
1L5zqFahc8Ahu9wtgJqCeJMendvD174xsG is the address given at registration time.
Code:
./bitcoind signmessage 1L5zqFahc8Ahu9wtgJqCeJMendvD174xsG "New address : xxxxxxxxxxxxxxxxxxxxxxxx"

Then, you need to give the output of the command to the website which will verify it (another "simple" command line). And it's done :
- identity verified
- the new address is provided by the verified identity in a secured way

newbie
Activity: 28
Merit: 0
June 21, 2011, 02:47:05 PM
#7
E-mail verifcation on all transactions.
The idea of the address is that even if your E-mail gets compromised, the hacker cannot send the coins to himself.

I also think sites related to Bitcoin should try to think more in terms of addresses rather than users.
In this regards, I wish I could select the address to send coins from. This way it could serve to prove my identity (And that's why reusing addresses like in MyBitcoin is a bad idea IMHO).
Signing stuff with the private key of an address would open some perspectives too.

Cashing out to someone else would just need to cash out to himself first and then transfer (less privacy though).
Protection should be number one, The value of the BTC is to high even after all this commotion to worry about a little less privacy versus the loss of BTC.
jr. member
Activity: 56
Merit: 1
June 21, 2011, 02:29:20 PM
#6
E-mail verifcation on all transactions.
The idea of the address is that even if your E-mail gets compromised, the hacker cannot send the coins to himself.

I also think sites related to Bitcoin should try to think more in terms of addresses rather than users.
In this regards, I wish I could select the address to send coins from. This way it could serve to prove my identity (And that's why reusing addresses like in MyBitcoin is a bad idea IMHO).
Signing stuff with the private key of an address would open some perspectives too.

Cashing out to someone else would just need to cash out to himself first and then transfer (less privacy though).
newbie
Activity: 59
Merit: 0
June 21, 2011, 02:24:45 PM
#5
didn't hackers go in and change email addresses?

So have email address verification to change the email :p

Lots of sites do this and it works well.

Of course if you used the same password for your email and your exchange, you're hosed.. but there's only so much you can protect against.
hero member
Activity: 616
Merit: 500
June 21, 2011, 02:23:00 PM
#4
E-mail verifcation on all transactions.
JS.


didn't hackers go in and change email addresses?
sr. member
Activity: 420
Merit: 250
June 21, 2011, 02:21:50 PM
#3
We're considering all options.
The downside to a fixed address is when someone wants to cash out to someone else, which happens all the time.

We're looking at the best way to authenticate and will implement something soon.

-Jered
newbie
Activity: 28
Merit: 0
June 21, 2011, 02:06:11 PM
#2
E-mail verifcation on all transactions.
JS.
legendary
Activity: 2198
Merit: 1311
June 21, 2011, 02:04:28 PM
#1
I think every bitcoin exchange needs to require a bitcoin address at registration.  Then, something like what deepbit does needs to be implemented where that address cannot be changed except by email verification to the email associated with the account.  That way if something crazy happens the exchange can return what's ours more easily without everybody needing to go through some crazy verification process.
Jump to: