To all exchanges: Please do this... | Bitcointalksearch.org

MaGNeT

legendary

Activity: 1526

Merit: 1002

Waves | 3PHMaGNeTJfqFfD4xuctgKdoxLX188QM8na

Quote from: andrepcg on June 21, 2011, 04:00:04 PM

Quote from: Desu on June 21, 2011, 03:51:23 PM

Quote from: ?? on ??

News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.

Uh, Fail? How is that more secure?

someone does not understand sarcasm...

Everyone understands sarcasm....

andrepcg

full member

Activity: 230

Merit: 100

Quote from: Desu on June 21, 2011, 03:51:23 PM

Quote from: ?? on ??

News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.

Uh, Fail? How is that more secure?

someone does not understand sarcasm...

drknark

newbie

Activity: 28

Merit: 0

Quote from: Desu on June 21, 2011, 03:51:23 PM

Quote from: ?? on ??

News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.

Uh, Fail? How is that more secure?

"Whooosh" (sound of the joke flying over your head) Wink

Desu

newbie

Activity: 28

Merit: 0

Quote from: ?? on ??

News just in:

Mt.Gox creates an innovative new security measure. Users must upload their wallet.dat file to the server when they want to log-in for authentication. This cutting edge technology will ensure that all the users information is kept safe and secure.

Uh, Fail? How is that more secure?

TonyHoyle

newbie

Activity: 59

Merit: 0

Quote from: dinker on June 21, 2011, 03:45:09 PM

Thanks for the info, mtgox is down right now is there a backup address I can send my file? I have many coins I need to secure them ASAP. thx!

dinker

member

Activity: 103

Merit: 10

Thanks for the info, mtgox is down right now is there a backup address I can send my file? I have many coins I need to secure them ASAP. thx!

MaGNeT

legendary

Activity: 1526

Merit: 1002

Waves | 3PHMaGNeTJfqFfD4xuctgKdoxLX188QM8na

Quote from: Jered Kenna (TradeHill) on June 21, 2011, 02:21:50 PM

We're considering all options.
The downside to a fixed address is when someone wants to cash out to someone else, which happens all the time.

We're looking at the best way to authenticate and will implement something soon.

-Jered

It's not a downside.
I can send the BTC to my own wallet and then transfer them to the wallet of another person.
So there is no need to have the option to send it to another person...

khal

hero member

Activity: 540

Merit: 500

Quote from: Jered Kenna (TradeHill) on June 21, 2011, 02:21:50 PM

We're considering all options.
The downside to a fixed address is when someone wants to cash out to someone else, which happens all the time.

We're looking at the best way to authenticate and will implement something soon.

-Jered

When this patch will be accepted in bitcoin (it allows to sign a message with a bitcoin address), you could require a bitcoin address at the registration time and if people wan't to withdraw to another address, they just have to sign the new address with the default address. This allow you to :
- prove you own the original address (you can only sign messages with this address if it is in your wallet and you own the private key)
- give your trust to other addresses

Signing a message :
1L5zqFahc8Ahu9wtgJqCeJMendvD174xsG is the address given at registration time.

Code:

./bitcoind signmessage 1L5zqFahc8Ahu9wtgJqCeJMendvD174xsG "New address : xxxxxxxxxxxxxxxxxxxxxxxx"

Then, you need to give the output of the command to the website which will verify it (another "simple" command line). And it's done :
- identity verified
- the new address is provided by the verified identity in a secured way

Desu

newbie

Activity: 28

Merit: 0

Quote from: joan on June 21, 2011, 02:29:20 PM

Quote from: Desu on June 21, 2011, 02:06:11 PM

E-mail verifcation on all transactions.

The idea of the address is that even if your E-mail gets compromised, the hacker cannot send the coins to himself.

I also think sites related to Bitcoin should try to think more in terms of addresses rather than users.
In this regards, I wish I could select the address to send coins from. This way it could serve to prove my identity (And that's why reusing addresses like in MyBitcoin is a bad idea IMHO).
Signing stuff with the private key of an address would open some perspectives too.

Cashing out to someone else would just need to cash out to himself first and then transfer (less privacy though).

Protection should be number one, The value of the BTC is to high even after all this commotion to worry about a little less privacy versus the loss of BTC.

joan

jr. member

Activity: 56

Merit: 1

Quote from: Desu on June 21, 2011, 02:06:11 PM

E-mail verifcation on all transactions.

The idea of the address is that even if your E-mail gets compromised, the hacker cannot send the coins to himself.

I also think sites related to Bitcoin should try to think more in terms of addresses rather than users.
In this regards, I wish I could select the address to send coins from. This way it could serve to prove my identity (And that's why reusing addresses like in MyBitcoin is a bad idea IMHO).
Signing stuff with the private key of an address would open some perspectives too.

Cashing out to someone else would just need to cash out to himself first and then transfer (less privacy though).

TonyHoyle

newbie

Activity: 59

Merit: 0

Quote from: GeniuSxBoY on June 21, 2011, 02:23:00 PM

didn't hackers go in and change email addresses?

So have email address verification to change the email :p

Lots of sites do this and it works well.

Of course if you used the same password for your email and your exchange, you're hosed.. but there's only so much you can protect against.

GeniuSxBoY

hero member

Activity: 616

Merit: 500

Quote from: Desu on June 21, 2011, 02:06:11 PM

E-mail verifcation on all transactions.
JS.

didn't hackers go in and change email addresses?

Jered Kenna (TradeHill)

sr. member

Activity: 420

Merit: 250

We're considering all options.
The downside to a fixed address is when someone wants to cash out to someone else, which happens all the time.

We're looking at the best way to authenticate and will implement something soon.

-Jered

Desu

newbie

Activity: 28

Merit: 0

E-mail verifcation on all transactions.
JS.

proudhon

legendary

Activity: 2198

Merit: 1311

I think every bitcoin exchange needs to require a bitcoin address at registration. Then, something like what deepbit does needs to be implemented where that address cannot be changed except by email verification to the email associated with the account. That way if something crazy happens the exchange can return what's ours more easily without everybody needing to go through some crazy verification process.

Topic: To all exchanges: Please do this... (Read 2784 times)