A state-less browser-based Bitcoin wallet that connects to the p2p network using WebSocket? Using a deterministic wallet seeded with a password you type once when opening the page? Is this the technical core of what Dark Wallet is about?
Wow, I have been in Bitcoin for 3 years, and I can't believe I never put thin web client + deterministic seeded wallet together... Even without implementing anything else[1] this would be HUGE, INSANELY useful.
- There would be zero efforts in getting started using Bitcoin.
- No software/app to install.
- Open a Dark Wallet page (hosted anywhere), type in a password, that's it you can see your Bitcoin addresses and receive coins.
- If you received coins in the past, you see your balance, and are ready to send coins. Dark Wallet can use SPV[2] to automatically discover the balance of your addresses. It could use HTML5 local storage just to cache a few things to speed up auto-discovery.
- You could even save the Dark Wallet html/js on your local harddrive and just open this up next time.
- If Bitcoin nodes have native support for acting as WebSocket servers, this would make Dark Wallet completely server-less.
- Dark Wallet would dynamically find p2p Bitcoin nodes via DNS, just like Bitcoin-QT does it today.
- No need to back up or save anything. Coins cannot be accidentally lost as long as you remember your password and as long as the password is strong. The password you type is the seed generating your wallet's private keys.
EDIT: Looking more into Dark Wallet, it seems they want to implement it as a browser extension, which would involve a non-zero effort to install. Argh! There is a huge value to have NOTHING to install. Another way to understand what I suggest is a server-less blockchain.info wallet.
I used the code from brainwallet to make a system that allows you to create a bitcoin address, encode the address in your gravatar image, and then send secret messages / get the bitcoin address of anyone who's done this with their gravatar. It's nice because you only need their email or the hash of their email. http://kybernetikos.github.io/VisualSecrecy/
It can either generate a key pair from your password or use your password to encrypt an imported keypair. If you use the address generated from the password, it is stateless, just as the parent suggested.
Yeah. I mentioned carbonwallet, because it tracks the balance, while brainwallet only shows the address. I personally prefer the latter, but the former matches parent's description more closely.
Yes. That's a feature. You can log on any computer, and access your coins, with no server and no state.
But note that "if 2 people have the same password" means you can guess someone's password. And not being able to guess passwords is an assumption that any and all password-based systems have to make.
Avoiding guessable passwords is easy: implement verification of the password strength.
>And not being able to guess passwords is an assumption that any and all password-based systems have to make
The difference being that you're not testing against everyone's password at the same time. Also using an extremely strong password means a large number of people are going to forget and thus completely lose access to their wallet. I'm not sure this is a solution to the problem of barrier to entry to bitcoin.
I disagree about an inability to remember/store a password, creating a "large" barrier to entry.
There exists many ways to securely store passwords. For one, educate users that it is OK to write down the password offline as long as it is stored securely in a safe, or in your wallet, which you already trust for your cash and important documents.
Not really. A username of 8 characters and a password of 8 characters ensures no more entropy than a password of 16 characters and not bothering with a username.
It might even provide less, given that the user is more likely to share their username with others than they are to share half their password.
How about a long-ish memorable phrase and password, encrypted with scrypt? Hit the output with base64 and use the first N characters of the, possibly hashed, result (haven't tried it, so I'm not sure what stage of the output would be most memorable). The results should be about as easy to remember as a routing number + bank account, which is something my friends and I all do.
Not quite. Say user "fortunate_sonar" uses "arkansas" for a password, and "fortunate_son" uses "kansas" as a password. You can use a delimiter to reduce the chances of that happening, but it's not strictly unique.
Even if the Bitcoin protocol adopted WebSockets, the browser wouldn't be able to initiate the connections between peers. They would only be able to receive them from regular Bitcoin clients that can initiate connections [1].
> - If Bitcoin nodes have native support for acting as WebSocket servers, this would make Dark Wallet completely server-less.
we are working on this with btcd - the wallet and gui are decoupled from the blockchain maintenance. all blockchain-related operations can be done via json/websockets.
The problem I have with this, and the newly announced Dark Mail Alliance is that "dark" sounds sexy these days that bookshops are full of "paranormal romance" books (yes this really is an entire section now) but you can't go mainstream with it precisely because of the name. The mail guys should have called themselves the "Privacy Guard Alliance" or something.
I think it speaks more to the motivations of the people involved. They want to imagine themselves untouchable by the law, while simultaneously claiming they have no desire to break it.
"if you've nothing to hide you've nothing to fear" has been used as a scare-phrase about surveillance for far too long without anyone comprehending what it actually is supposed to mean.
I agree with most things Cody Wilson stands for, but I just can't stand those videos he makes. It makes it sound like this wallet (and a few months ago, the 3D printed gun) is going to destroy the U.S. government in one fell swoop. This wallet isn't really bringing anything new to the table. Zerocoin / Blockchain.info already exist.
I cringe aswell when I see such videos but they're for media attention not to people very well informed like yourself. They do no harm to you except for cringing for a few seconds. On the other hand these kind of videos appeal to sheeple on an emotional level.
Does anyone have an idea how this would practically work?
I understand if the money stays in the black market economy, but once the government is serious about Bitcoin and has a few data centers following all transactions in the block chain, we'll have to be accountable for all transactions into and out of our wallet.
It'll be the perfect system for taxation, and I can't imagine how some of these anonymous funds will ever interact with your real identity without sending up a million red flags.
What's the functional difference? It's a way of combining assets then removing them such that tracing becomes difficult/impossible. The link I gave warns about hiding transactions over $10k, as I understand it doing that with zerocoin would be illegal.
I agree, we need to make bitcoin even better before releasing it and see it fail because anonymity is currently not part of it, though people still claim it is.
Zerocoin and whatnot!
If a government declares all anonymous digital money to be dirty by default then technologies like CoinJoin or Zerocoin just make everyone who uses them into criminals. If people want to successfully move money between the dark and light economies they need technology that creates a plausible audit trail... but pointing in the wrong direction. I don't know if that is even possible.
Anyone else notice that that is the same guy who was behind Defense Distributed? I haven't heard anything about him since he was served with a notice that he was violating the ITAR laws.
this sounds similar to torwallet, except that you don't need to trust ppl running a service. it's a fine idea and will be possible without a browser plugin in the next month or two... ;)
Wow, I have been in Bitcoin for 3 years, and I can't believe I never put thin web client + deterministic seeded wallet together... Even without implementing anything else[1] this would be HUGE, INSANELY useful.
- There would be zero efforts in getting started using Bitcoin.
- No software/app to install.
- Open a Dark Wallet page (hosted anywhere), type in a password, that's it you can see your Bitcoin addresses and receive coins.
- If you received coins in the past, you see your balance, and are ready to send coins. Dark Wallet can use SPV[2] to automatically discover the balance of your addresses. It could use HTML5 local storage just to cache a few things to speed up auto-discovery.
- You could even save the Dark Wallet html/js on your local harddrive and just open this up next time.
- If Bitcoin nodes have native support for acting as WebSocket servers, this would make Dark Wallet completely server-less.
- Dark Wallet would dynamically find p2p Bitcoin nodes via DNS, just like Bitcoin-QT does it today.
- No need to back up or save anything. Coins cannot be accidentally lost as long as you remember your password and as long as the password is strong. The password you type is the seed generating your wallet's private keys.
[1] https://darkwallet.unsystem.net lists: auto-anonymizer, broadcasters, encrypted messaging, encrypted shop-front, contracts, escrows, etc. [2] Simple Payment Verification.
EDIT: Looking more into Dark Wallet, it seems they want to implement it as a browser extension, which would involve a non-zero effort to install. Argh! There is a huge value to have NOTHING to install. Another way to understand what I suggest is a server-less blockchain.info wallet.