Author

Topic: web wallet with same incoming and outgoing bitcoin address (Read 2318 times)

hero member
Activity: 504
Merit: 502
That's not quite true.  If the site was hacked such that the attacker was able to modify the javascript to collect all typed passwords then the attacker would indeed have your money if you logged in after the hack happened but before it was detected.

Agreed.  But as you say, you have to access it before it's detected.

It's certainly better than the private-keys-in-database system.  It's also independently checkable if you were so motivated, by downloading and hashing all the files regularly (I'd guess the site operators are doing this themselves).
sr. member
Activity: 262
Merit: 250
Is there a way to detect such changes in the code?
For example by installing a browser plugin that checks to see if the code matches and alerts the users if the code have changed?



I've detailed on the StrongCoin FAQ https://strongcoin.com/blog/frequently_asked_questions how I handle security. I do have an external monitoring tool that would alert me if the sites code is changed.

I still think Javascript based wallets give the best risk vs user experience for Bitcoin.

donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
i don't think this tool will report script changes just straight site text content no changes in
legendary
Activity: 1102
Merit: 1014
Is there a way to detect such changes in the code?
For example by installing a browser plugin that checks to see if the code matches and alerts the users if the code have changed?

Here's that: http://sitedelta.schierla.de/index.en.php

donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
i think that this free websecurity (websecuritymonitor.com) service can monitor code changes and alarm the owner in case the site was hacked.
hero member
Activity: 523
Merit: 500
Is there a way to detect such changes in the code?
For example by installing a browser plugin that checks to see if the code matches and alerts the users if the code have changed?

legendary
Activity: 2940
Merit: 1333
If they are true to their word, then even were their site completely and utterly hacked, the attacker would not have your money.

That's not quite true.  If the site was hacked such that the attacker was able to modify the javascript to collect all typed passwords then the attacker would indeed have your money if you logged in after the hack happened but before it was detected.
donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
with android or iPhone, I tried with an iPhone but standard version was shown.
hero member
Activity: 504
Merit: 502
Just went to the website on my phone and it detected it and showed a nice minimal version.
donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
how do you access the mobile version?
hero member
Activity: 504
Merit: 502
It's worth noting as well that (apparently), blockchain.info does not have access to your private keys at all.  Instead they store them AES encrypted and when you "logon" you're actually decrypting that AES block in the browser.

Now, there is nothing to stop them writing any javascript they want and making your browser hand over the keys; but a quick bit of monitoring with firebug would show that up and their reputation would be shot.

In short: about as good as it's possible to get for an online wallet I think.  My coins are still mine, and completely controlled by me.  If they are true to their word, then even were their site completely and utterly hacked, the attacker would not have your money.

The mobile version of the site is nice too.
donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
I tested out both and must say that the blockchain.info wallet seems more intuitive and a lot cheaper to our players that prefer to make multiple small deposits (the median deposit amount is 2.8 BTC). We will be redirecting them to blockchain.info and the to the multibit local client (http://multibit.org) for those that like to stay more independent.

Unfortunately the official client create a lot of confusions to newbies and generate lot of support requests as either they don't receive their money because the blockchain didn't finish to download or they are mixing up incoming and depositing addresses.

Anyway I'm happy to have found some good alternatives that will support our business.

Thanks for your help
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
There's also StrongCoin (https://strongcoin.com) which I use.

Don't know how the fees compare to those at blockchain.info


Strongcoin is 1% (including mining fees).

Blockchain.info is 0.01 BTC per transaction  (including mining fees).


Ah. You may have yourselves a new customer then. Smiley
hero member
Activity: 910
Merit: 1005
There's also StrongCoin (https://strongcoin.com) which I use.

Don't know how the fees compare to those at blockchain.info


Strongcoin is 1% (including mining fees).

Blockchain.info is 0.01 BTC per transaction  (including mining fees).
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
There's also StrongCoin (https://strongcoin.com) which I use.

Don't know how the fees compare to those at blockchain.info
donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
correct, it let you even pick out sending addresses where the incoming address can be selected.

thank you very much, we will now advise our players to use this web wallet.
newbie
Activity: 58
Merit: 0
As far as I can tell, https://blockchain.info/wallet does not have this issue.
donator
Activity: 199
Merit: 100
YOU WIN . WE PAY
Hi

For our members and players we are looking to recommend some instant Bitcoin web wallet that support deposits and withdrawals from the same address (we process players withdrawals back to their depositing address).

We have add multiple issues with players using https://www.instawallet.org or https://walletbit.com/ to  make deposits and cashouts are then lost if they don't realize that their depositing address is generic and not unique to their web wallet.

We have then to keep our players happy re-credited their withdrawals to a new address of their choice so losing for ever our first payment.

Please advise if you know online wallets that would support this functionality.

Thank you
Jump to: