I agree. But I wouldn't use this argument to discount the product - this really should be implemented. It seems like the solution would be to provide a specialized "Coinpunk Ubuntu distribution" that you can install on the cheapest Amazon instance or any other cloud server.
I think this a pretty the ideal way to have a bitcoin wallet. You can probably trust Amazon better than you can trust your own machine at home (Companies with much larger assets than you'll ever have are able to trust Amazon), and you can also count on something like S3 or gmail for backups.
The ability to log in from anywhere without having to install a client is really important for usability.
I agree, but mostly because it doesn't sound like there's any focus on security, and it's too "high level" to really bake in enough security. By "high level" I mean you bring your own Ubuntu/webserver/bitcoind/database installation.
I wish there were a project that focused on providing an extremely secure platform (Linux/BSD distro + bitcoind securely configured out of the box, if that's even possible, or maybe a Bitcoin PaaS) for Bitcoin applications, then you could layer stuff like Coinpunk on top of that.
Absolute rubbish. Bitcoin needs to become easy to use. This is open-source, so it can eventually be turned into a full linux distribution that you can run on your own cloud server. You don't have to know shit about shit to have one of these.
Once we have that, you'll be able to run your own secure bitcoin wallet online (on a server that you own) and access it from anywhere without having to install any clients. For something like $10/month.
"Coinster?" "Coin Hipster" just seems too tautological as two words. Coinster wold be no less so, but just seems less that way because it's "one word."
The website presents to the user a page that asks for their identifier or username, if they can provide either of those, the server returns an AES encrypted file containing all of the private keys for the bitcoin wallet. Using JavaScript, these are decrypted with the users password when and if they can supply it. At face value, this means that the server will never be able to see the wallet, or spend from it. There's quite a few very nasty attack vectors against this service though.
• Any browser plugins have full access to everything in the wallet, at any time. Most people run AdBlock, or Ghostery, or SSL Everywhere, a compromise of any plugin (or a malicious author) can steal coins at their will.
• The server can modify the client code at any time, which means that it could be changed to send back the private keys once they have been decrypted, or to simply send back the password when entered.
• The website offers a "verifier plugin" for their users to use, which supposedly verifies the contents of blockchain.info for malicious activity. If you look at the source of the plugin on github, it pretty much prevents XSS and nothing else. There's absolutely nothing stopping somebody at blockchain.info from modifying the code.
• Any person in the world can download the encrypted wallet, and preform an offline attack on it in their own time. Due to the way wallets are stored the public key is exposed, meaning a malicious entity can check the balance of the wallet before launching the full power of their GPUs against it. This particular attack was noted by the community, and blockchain.info started sending email notifications out to their users; many users noticed quickly how many people were downloading wallets to attack. It's not like the bitcoin community suffer a deficit of graphics cards.
• The encryption of the wallet files is hilarious; AES and 20 rounds of PBKDF2. I doubt that there's any off-the-shelf implementations that can handle it, but I wager oclHashCat could probably be easily modified to attack them. If it can manage 3 million attempts against 1Password keychains, it would be magnitudes faster against this.
The author is well aware of all of this, and still keeps the misleading statements about the security of the service on the introduction page.
Thank you for posting this. I think this highlights really well how complicated Bitcoin security issues are.
I will come right out and admit that there is an intrinsic risk to leaving your Bitcoin wallet on a 24/7 server that an attacker can potentially break into. I think that running your own (vs a centralized hosted wallet service) potentially mitigates some of this risk, but of course, if there was a security issue with Coinpunk, an attacker could theoretically write a script to spider for servers. I do believe that it does help to reduce the "single point of failure" problem though.
I do think that the added convenience of 24/7 bitcoin transactions is worth the risk. I think that there is a threshold of acceptable risk that people will take for convenience. After all, even if you're running Bitcoin-qt on a desktop, what's to stop a trojan horse from infecting that machine and stealing its wallet file?
There are a few things I want to implement eventually to improve the security of Coinpunk. One thing I want to do is allow accounts to remove and backup their private address keys. This would in effect turn the account into a "savings account" that is locked from changes. You could move a large portion of your funds to that account, and then keep the rest available for quick transactions.
Another thing I want to do is enable the wallet encryption feature. It's not a huge security gain because the attacker probably has access to that password, but I don't think it hurts. This could perhaps be combined with a chroot jail that doesn't have access to the config file after loading, requiring the user to figure out how to pry the password out of memory on a running program (which isn't impossible, but it's definitely more work).
I wanted to get the basic system running, and then explore these security improvements in a systematic way with help from the community. So these features will eventually go in, I just want to go slow and make sure we get things right.
Please keep in mind that I have nothing against developing Bitcoin services, and absolutely nothing against your project.
My main gripe is with services like Blockchain.info and Strongcoin.com who make claims that are provably false. Both have large banners on their main pages claiming that their services are the safest most secure store for currency. We—both they and I—know it to be a lie.
Yeah I didn't take any offense to your comments, I found them to be very reasonable and I think it's important that we have an honest discussion about these issues. :-)
Would security be significantly improved (or at least only really require trust of blockchain.info) if a username/password pair was also required to even get the encrypted private key?
Maybe, but that only takes out one of five attacks. The remote server still has access to all your private data, your backups are still weak, and plugins can still access everything.
Blockchain.info is also behind CloudFlare, so you have to trust them too.
I only have about $20 in bitcoin. I would much rather use a server, because the thought of losing $20 in case of security breach doesn't really keep me up at night.
I wonder how many people from hn will be at the Bitcoin 2013 conference this weekend. The Thursday meetup thing was pretty cool, standing in the conference reg line right now.
I find Bitcoin cool. I love open source and I love web services. That having been said, I will very happily use an offline client for my Bitcoin needs. Not one that connects to the Internet and not one that primarily or even secondarily works via it.
(Yes, I'm more paranoid than most, I do keep them on an "offline" jump drive and sign transactions offline. But at the very least, I'd use Bitcoin-Qt, or Armory with encryption. I'll give this a closer look but it gives me the heebie-jeebies, maybe I'm wrong for feeling that.)
I don't think this is paranoid at all, so far all the online hosted wallet services, including exchanges, are young companies run by few people with usually questionable technical competence, and hence are very prone to being hacked every now and then. There's no "Google" of Bitcoin yet that you could to some extent trust.
Note that I sign transaction offline. To put it simply your address is a private key, from which a public key (the public address) is derived. You can have one client, synced to the Blockchain, displaying your balanced, able to make transactions.
Then you take that transaction to an offline computer or source and sign it, take it back to the online computer and transmit it to the network. /roughly, see the other link for better information
Are you signing it manually? Or just doing some go-arounds with Bitcoin-qt? I'm really interested in this, but never found any python scripts or how-to's.
Look into the Armory client and some guides on how to do offline signing with it. It is also a deterministic wallet so your backups and offline computer will never run out of change addresses.
Kudos to you and spending time on this project, it looks pretty slick, but it's a horrible thing for Bitcoin in general.
If the only thing it manages to accomplish is accelerate the rejection of online wallet services then I suppose it's a good thing.