From rudiger.koch@gmail.com Fri Jul 6 02:32:48 2018 From: R|diger Koch To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [ZS] Bitcoin, Empire of void* Date: Fri, 06 Jul 2018 02:32:48 +0000 Message-ID: <172289273311.3881296.12263452318876526387.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8106940997229730855==" --===============8106940997229730855== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit 2012/6/30 Lodewijk andri de la porte > I can't help but plug my e-wallet, bitvau.lt. And about time! Don't keep us oblivious about your progress. > It's going to get a lot more work the next half year but it does what the > reference wallet does already (balance/history/transact/addressmange). > > I intent to offer much more usability oriented services. I don't really > see the value of an online but javascript and encrypted wallet, why not use > a deterministic wallet and seed it with full name, place and date of birth, > etc. and a normal password? You'd get much more security, which is what you > wanted right? > I agree - I actually tried to convince Thomas (author of Electrum) to do it that way. Name, birthplace.... is not really a password, but it's a salt that chages the situation of an attacker. Instead of trying out a passphrase and checking if *any* address matches, he needs to target specifically you. But Thomas doesn't see the difference. Prefixing a good password with an unknown, but guessable salt "R|diger Koch - Anu - Haidelberga - 19121965" is making life of an attacker really miserable - particularly if you add deliberate spelling errors in. The beauty of JS from your POV is that you can shift the responsibility 100% to the user. And there is no point to hack your server, because you hold no user data on your server if the wallet is re-created from the passphrase every time the user "logs in". So you don't need to back-up anything and you can't be taken legally responsible for data loss. -Anu -- Zero State mailing list: http://groups.google.com/group/DoctrineZero ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============8106940997229730855==--