How secure is? Bitcoin Stack Exchange

How secure is? Bitcoin Stack Exchange

blockchain wallet scan private key

Get via App Store Read this postbode te our app!

How secure is blockchain.informatie?

How secure is using a wallet on blockchain.informatie?

How do you evaluate the different sites that provide wallets?

1 Response

Spil the technicus of the webpagina I will attempt and response the very first question.

The webpagina presently runs on Four dedicated servers, hosted te a locked cabinet. All servers run behind a dedicated cisco security appliance with intrusion detection. On the servers themselves various "booby traps" are set to voorzichtig the websitebeheerder if an intrusion is detected.

The java code deployed to the Webpagina is deployed te a single war (zip) opstopping. Each server monitors the checksum of this opstopping to detect any unauthorised switches to the code. Ter order to make switch roles engineering our encryption schemes more difficult the the java class files are obfuscated using proguard.

A copy of every wallet is stored all our servers. Additionally the latest 50 versions of a wallet are stored on Amazon S3 and can be restored from the [Invoer / Uitvoer] section.

The server side code that treats wallets is open source.

The webpagina is not vulnerable to CSRF requests spil no login details or sensitive gegevens is everzwijn saved te session cookies.

Ter the time the Webpagina has bot running there has bot handful of XSS vulnerabilities reported. None of thesis were on a wallet pagina and could not have resulted ter any onmiddellijk loss of funds.

The Webpagina uses javascript the encrypt and decrypt wallet client side te the user’s browser. The encryption is done using AES-256 which is likely to be secure for the foreseeable future.

Wallets are simply json files containing private keys. The entire json verkeersopstopping is encrypted by the users browser before being uploaded to us. So when a wallet reaches our server is emerges spil random Base64 string. This means wij cannot view your balance, see your transactions or addresses and cannot make transactions on your behalf.

The encryption is only spil strong spil the users password. The ondergrens password length is Ten characters however if the a powerless password is chosen e.g. "1234567890" using a dictionary attack the wallet would likely be cracked quickly. Rainbow tables will not work spil each wallet is prepended with a unique salt combined with the users password using PBKDF2 to derive the actual encryption key.

Spil everything is done using javascript te the webpagina is particularly vulnerable to browser exploits including malicious browser extensions. Modern web browsers are much more secure than the internet explorer 6 generation.

The private keys te a wallet can be "dual encrypted" using a 2nd password. One password is then required to login and another password is required to send funds. This makes wallets significantly tighter to brute force and also makes key logging more difficult.

If our servers were compromised the attacker could theoretically alter the javascript files to intercept the users password next time they login. For this to be effective the attack would have to go unnoticed for an extended period of time. Ter addition to the server side checks wij perform there is also the My Wallet verifier browser extension which can be optionally installed for added security. Before login it will transparently verify all the javascript files running on the pagina match those hosted on github. If any errors are found the extension will prevent the user from logging te.

You can backup a wallet via Email, Dropbox, Google Drive and Download. With a backup funds can be accessed without blockchain.informatie using the multibit desktop client.

The Webpagina supports a multitude of two factor authentication methods and the capability to lock down a wallet to a specific ip address. Wij will not give out your wallet to anyone who cannot authenticate themselves fully, however wij cannot prevent someone from using your wallet if they build up access to it another way. For example if you keep a wallet backup ter your email account and that is compromised.

This has got a little technical but it isn’t an effortless reaction. There are many factors involved including the security of your own laptop. The webpagina has bot running for overheen a year and presently hosts almost 40,000 wallets. There have bot reports of some individual wallets being compromised (reusing passwords) but no major security incidents.

Ultimately a duo of recommendations for using our service:

Upon sign up print a "Paper Wallet", store it somewhere safe and hidden.

Never reuse the same password on another webpagina. Or if using dual encryption it is acceptable to use a slightly weaker main password but ensure the 2nd password is unique.

If storing large amounts generate a private key offline (bitaddress.org is good for this). Print it on a paper wallet, then invoer the address spil "Observe Only" address. When you attempt to spend the funds you can scan the private key off the paper wallet using a webcam.

Te future multisig will be available for even greater security but this isn’t fairly ready yet.

Related movie: Clif High On Bitcoin, AI and the Future of Cryptocurrency


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *