2012/6/30 Lodewijk andri de la porte <l@odewijk.nl>

I can't help but plug my e-wallet, bitvau.lt.

And about time! Don't keep us oblivious about your progress.

It's going to get a lot more work the next half year but it does what the reference wallet does already (balance/history/transact/addressmange).

I intent to offer much more usability oriented services. I don't really see the value of an online but javascript and encrypted wallet, why not use a deterministic wallet and seed it with full name, place and date of birth, etc. and a normal password? You'd get much more security, which is what you wanted right?

I agree - I actually tried to convince Thomas (author of Electrum) to do it that way. Name, birthplace.... is not really a password, but it's a salt that chages the situation of an attacker. Instead of trying out a passphrase and checking if *any* address matches, he needs to target specifically you. But Thomas doesn't see the difference. Prefixing a good password with an unknown, but guessable salt "R|diger Koch - Anu - Haidelberga - 19121965" is making life of an attacker really miserable - particularly if you add deliberate spelling errors in. The beauty of JS from your POV is that you can shift the responsibility 100% to the user. And there is no point to hack your server, because you hold no user data on your server if the wallet is re-created from the passphrase every time the user "logs in". So you don't need to back-up anything and you can't be taken legally responsible for data loss. -Anu -- Zero State mailing list: http://groups.google.com/group/DoctrineZero ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE