[ZS] Bitcoin, Empire of void*

[R|diger Koch]

2012/6/30 Lodewijk andri de la porte <l at odewijk.nl>

> I can't help but plug my e-wallet, bitvau.lt.


And about time! Don't keep us oblivious about your progress.


> It's going to get a lot more work the next half year but it does what the
> reference wallet does already (balance/history/transact/addressmange).
>
> I intent to offer much more usability oriented services. I don't really
> see the value of an online but javascript and encrypted wallet, why not use
> a deterministic wallet and seed it with full name, place and date of birth,
> etc. and a normal password? You'd get much more security, which is what you
> wanted right?
>

I agree - I actually tried to convince Thomas (author of Electrum) to do it
that way. Name, birthplace.... is not really a password, but it's a salt
that chages the situation of an attacker. Instead of trying out a
passphrase and checking if *any* address matches, he needs to target
specifically you. But Thomas doesn't see the difference. Prefixing a good
password with an unknown, but guessable salt "R|diger Koch - Anu -
Haidelberga - 19121965" is making life of an attacker really miserable -
particularly if you add deliberate spelling errors in.

The beauty of JS from your POV is that you can shift the responsibility
100% to the user. And there is no point to hack your server, because you
hold no user data on your server if the wallet is re-created from the
passphrase every time the user "logs in". So you don't need to back-up
anything and you can't be taken legally responsible for data loss.

-Anu

-- 
Zero State mailing list:
http://groups.google.com/group/DoctrineZero

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE