A state-less browser-based Bitcoin wallet that connects to the p2p network using WebSocket? Using a deterministic wallet seeded with a password you type once when opening the page? Is this the technical core of what Dark Wallet is about?
Wow, I have been in Bitcoin for 3 years, and I can't believe I never put thin web client + deterministic seeded wallet together... Even without implementing anything else[1] this would be HUGE, INSANELY useful.
- There would be zero efforts in getting started using Bitcoin.
- No software/app to install.
- Open a Dark Wallet page (hosted anywhere), type in a password, that's it you can see your Bitcoin addresses and receive coins.
- If you received coins in the past, you see your balance, and are ready to send coins. Dark Wallet can use SPV[2] to automatically discover the balance of your addresses. It could use HTML5 local storage just to cache a few things to speed up auto-discovery.
- You could even save the Dark Wallet html/js on your local harddrive and just open this up next time.
- If Bitcoin nodes have native support for acting as WebSocket servers, this would make Dark Wallet completely server-less.
- Dark Wallet would dynamically find p2p Bitcoin nodes via DNS, just like Bitcoin-QT does it today.
- No need to back up or save anything. Coins cannot be accidentally lost as long as you remember your password and as long as the password is strong. The password you type is the seed generating your wallet's private keys.
EDIT: Looking more into Dark Wallet, it seems they want to implement it as a browser extension, which would involve a non-zero effort to install. Argh! There is a huge value to have NOTHING to install. Another way to understand what I suggest is a server-less blockchain.info wallet.
I used the code from brainwallet to make a system that allows you to create a bitcoin address, encode the address in your gravatar image, and then send secret messages / get the bitcoin address of anyone who's done this with their gravatar. It's nice because you only need their email or the hash of their email. http://kybernetikos.github.io/VisualSecrecy/
It can either generate a key pair from your password or use your password to encrypt an imported keypair. If you use the address generated from the password, it is stateless, just as the parent suggested.
Yeah. I mentioned carbonwallet, because it tracks the balance, while brainwallet only shows the address. I personally prefer the latter, but the former matches parent's description more closely.
Yes. That's a feature. You can log on any computer, and access your coins, with no server and no state.
But note that "if 2 people have the same password" means you can guess someone's password. And not being able to guess passwords is an assumption that any and all password-based systems have to make.
Avoiding guessable passwords is easy: implement verification of the password strength.
>And not being able to guess passwords is an assumption that any and all password-based systems have to make
The difference being that you're not testing against everyone's password at the same time. Also using an extremely strong password means a large number of people are going to forget and thus completely lose access to their wallet. I'm not sure this is a solution to the problem of barrier to entry to bitcoin.
I disagree about an inability to remember/store a password, creating a "large" barrier to entry.
There exists many ways to securely store passwords. For one, educate users that it is OK to write down the password offline as long as it is stored securely in a safe, or in your wallet, which you already trust for your cash and important documents.
Not really. A username of 8 characters and a password of 8 characters ensures no more entropy than a password of 16 characters and not bothering with a username.
It might even provide less, given that the user is more likely to share their username with others than they are to share half their password.
How about a long-ish memorable phrase and password, encrypted with scrypt? Hit the output with base64 and use the first N characters of the, possibly hashed, result (haven't tried it, so I'm not sure what stage of the output would be most memorable). The results should be about as easy to remember as a routing number + bank account, which is something my friends and I all do.
Not quite. Say user "fortunate_sonar" uses "arkansas" for a password, and "fortunate_son" uses "kansas" as a password. You can use a delimiter to reduce the chances of that happening, but it's not strictly unique.
Even if the Bitcoin protocol adopted WebSockets, the browser wouldn't be able to initiate the connections between peers. They would only be able to receive them from regular Bitcoin clients that can initiate connections [1].
> - If Bitcoin nodes have native support for acting as WebSocket servers, this would make Dark Wallet completely server-less.
we are working on this with btcd - the wallet and gui are decoupled from the blockchain maintenance. all blockchain-related operations can be done via json/websockets.
Wow, I have been in Bitcoin for 3 years, and I can't believe I never put thin web client + deterministic seeded wallet together... Even without implementing anything else[1] this would be HUGE, INSANELY useful.
- There would be zero efforts in getting started using Bitcoin.
- No software/app to install.
- Open a Dark Wallet page (hosted anywhere), type in a password, that's it you can see your Bitcoin addresses and receive coins.
- If you received coins in the past, you see your balance, and are ready to send coins. Dark Wallet can use SPV[2] to automatically discover the balance of your addresses. It could use HTML5 local storage just to cache a few things to speed up auto-discovery.
- You could even save the Dark Wallet html/js on your local harddrive and just open this up next time.
- If Bitcoin nodes have native support for acting as WebSocket servers, this would make Dark Wallet completely server-less.
- Dark Wallet would dynamically find p2p Bitcoin nodes via DNS, just like Bitcoin-QT does it today.
- No need to back up or save anything. Coins cannot be accidentally lost as long as you remember your password and as long as the password is strong. The password you type is the seed generating your wallet's private keys.
[1] https://darkwallet.unsystem.net lists: auto-anonymizer, broadcasters, encrypted messaging, encrypted shop-front, contracts, escrows, etc. [2] Simple Payment Verification.
EDIT: Looking more into Dark Wallet, it seems they want to implement it as a browser extension, which would involve a non-zero effort to install. Argh! There is a huge value to have NOTHING to install. Another way to understand what I suggest is a server-less blockchain.info wallet.