

Coinpunk - Run your own Bitcoin wallet service - kyledrake
http://coinpunk.org

======
GigabyteCoin
This is the last thing we need in the Bitcoin world... online wallet services
run by people not even smart enough to roll their own.

Kudos to you and spending time on this project, it looks pretty slick, but
it's a horrible thing for Bitcoin in general.

If the only thing it manages to accomplish is accelerate the rejection of
online wallet services then I suppose it's a good thing.

~~~
mcantelon
A lot of folks "smart enough to roll their own" have gotten hacked. A common,
peer-reviewed implementation could be a long-term win.

~~~
wmf
Unless this provides the entire distro it seems like people are still going to
get hacked through vulnerabilities in other software.

~~~
fragsworth
I agree. But I wouldn't use this argument to discount the product - this
really should be implemented. It seems like the solution would be to provide a
specialized "Coinpunk Ubuntu distribution" that you can install on the
cheapest Amazon instance or any other cloud server.

I think this a pretty the ideal way to have a bitcoin wallet. You can probably
trust Amazon better than you can trust your own machine at home (Companies
with much larger assets than you'll ever have are able to trust Amazon), and
you can also count on something like S3 or gmail for backups.

The ability to log in from anywhere without having to install a client is
really important for usability.

------
jere
>Help me buy cheap beer and fixed gear bikes

I think the name you were looking for is "Coin Hipster"

~~~
stcredzero
"Coinster?" "Coin Hipster" just seems too tautological as two words. Coinster
wold be no less so, but just seems less that way because it's "one word."

------
ianpurton
Is this storing the private keys on the server ?

~~~
nwh
Probably, and you can't really get around that.

Client side encryption in JavaScript isn't at all secure either, no matter how
much Blockchain.info would like you to think otherwise.

~~~
alptrv
can you elaborate why is client side encryption isn't secure at all?

~~~
nwh
Alright. I'm going to use <https://blockchain.info/wallet/> as an example.

The website presents to the user a page that asks for their identifier or
username, if they can provide either of those, the server returns an AES
encrypted file containing all of the private keys for the bitcoin wallet.
Using JavaScript, these are decrypted with the users password when and if they
can supply it. At face value, this means that the server will never be able to
see the wallet, or spend from it. There's quite a few very nasty attack
vectors against this service though.

• Any browser plugins have full access to everything in the wallet, at any
time. Most people run AdBlock, or Ghostery, or SSL Everywhere, a compromise of
any plugin (or a malicious author) can steal coins at their will.

• The server can modify the client code at any time, which means that it could
be changed to send back the private keys once they have been decrypted, or to
simply send back the password when entered.

• The website offers a "verifier plugin" for their users to use, which
supposedly verifies the contents of blockchain.info for malicious activity. If
you look at the source of the plugin on github, it pretty much prevents XSS
and nothing else. There's absolutely nothing stopping somebody at
blockchain.info from modifying the code.

• Any person in the world can download the encrypted wallet, and preform an
offline attack on it in their own time. Due to the way wallets are stored the
public key is exposed, meaning a malicious entity can check the balance of the
wallet before launching the full power of their GPUs against it. This
particular attack was noted by the community, and blockchain.info started
sending email notifications out to their users; many users noticed quickly how
many people were downloading wallets to attack. It's not like the bitcoin
community suffer a deficit of graphics cards.

• The encryption of the wallet files is hilarious; AES and 20 rounds of
PBKDF2. I doubt that there's any off-the-shelf implementations that can handle
it, but I wager oclHashCat could probably be easily modified to attack them.
If it can manage 3 million attempts against 1Password keychains, it would be
magnitudes faster against this.

The author is well aware of all of this, and still keeps the misleading
statements about the security of the service on the introduction page.

~~~
kyledrake
Thank you for posting this. I think this highlights really well how
complicated Bitcoin security issues are.

I will come right out and admit that there is an intrinsic risk to leaving
your Bitcoin wallet on a 24/7 server that an attacker can potentially break
into. I think that running your own (vs a centralized hosted wallet service)
potentially mitigates some of this risk, but of course, if there was a
security issue with Coinpunk, an attacker could theoretically write a script
to spider for servers. I do believe that it does help to reduce the "single
point of failure" problem though.

I do think that the added convenience of 24/7 bitcoin transactions is worth
the risk. I think that there is a threshold of acceptable risk that people
will take for convenience. After all, even if you're running Bitcoin-qt on a
desktop, what's to stop a trojan horse from infecting that machine and
stealing its wallet file?

There are a few things I want to implement eventually to improve the security
of Coinpunk. One thing I want to do is allow accounts to remove and backup
their private address keys. This would in effect turn the account into a
"savings account" that is locked from changes. You could move a large portion
of your funds to that account, and then keep the rest available for quick
transactions.

Another thing I want to do is enable the wallet encryption feature. It's not a
huge security gain because the attacker probably has access to that password,
but I don't think it hurts. This could perhaps be combined with a chroot jail
that doesn't have access to the config file after loading, requiring the user
to figure out how to pry the password out of memory on a running program
(which isn't impossible, but it's definitely more work).

I wanted to get the basic system running, and then explore these security
improvements in a systematic way with help from the community. So these
features will eventually go in, I just want to go slow and make sure we get
things right.

~~~
nwh
Please keep in mind that I have nothing against developing Bitcoin services,
and absolutely nothing against your project.

My main gripe is with services like Blockchain.info and Strongcoin.com who
make claims that are provably false. Both have large banners on their main
pages claiming that their services are the safest most secure store for
currency. We—both they and I—know it to be a lie.

~~~
kyledrake
Yeah I didn't take any offense to your comments, I found them to be very
reasonable and I think it's important that we have an honest discussion about
these issues. :-)

------
flatfilefan
Can somebody please describe the most basic use case for this server?

~~~
Anderkent
Accessing bitcoins from your smartphone, I guess? Assuming you don't want to
host your wallet with someone else.

~~~
flatfilefan
There is the android wallet app already. I wonder why would one want to keep
his wallet on a server?

~~~
grimtrigger
Because its easier.

I only have about $20 in bitcoin. I would much rather use a server, because
the thought of losing $20 in case of security breach doesn't really keep me up
at night.

------
f055
Sweet, exactly what I was looking for.

------
rdl
I wonder how many people from hn will be at the Bitcoin 2013 conference this
weekend. The Thursday meetup thing was pretty cool, standing in the conference
reg line right now.

------
drivebyacct2
I find Bitcoin cool. I love open source and I love web services. That having
been said, I will very happily use an offline client for my Bitcoin needs. Not
one that connects to the Internet and not one that primarily or even
secondarily works via it.

(Yes, I'm more paranoid than most, I do keep them on an "offline" jump drive
and sign transactions offline. But at the very least, I'd use Bitcoin-Qt, or
Armory with encryption. I'll give this a closer look but it gives me the
heebie-jeebies, maybe I'm wrong for feeling that.)

It certainly looks nice and usable, though!

~~~
NoahTheDuke
How do you send/receive transactions to/from the blockchain, then?

~~~
drivebyacct2
Note that I sign transaction offline. To put it simply your address is a
private key, from which a public key (the public address) is derived. You can
have one client, synced to the Blockchain, displaying your balanced, able to
make transactions.

Then you take that transaction to an offline computer or source and sign it,
take it back to the online computer and transmit it to the network. /roughly,
see the other link for better information

~~~
rommelvr
Are you signing it manually? Or just doing some go-arounds with Bitcoin-qt?
I'm really interested in this, but never found any python scripts or how-to's.

How do you allocate change address' etc as well?

~~~
ChrisClark
Look into the Armory client and some guides on how to do offline signing with
it. It is also a deterministic wallet so your backups and offline computer
will never run out of change addresses.

