Quote from: jcalfee1 on January 29, 2015, 06:02:03 pm

I may have memorized a password but have not yet memorized the brain key.

If a brain key is unmemorized, doesn't it lose all its advantages?

Ok, you're making me think  .... Guess that is right on topic.  It is a matter of personal preference I guess.  My goal is to give my brain key to my close ones incase I die.  Also, I don't want get a head injury and loose track of all my money.  So I have immediate backup requirements on any private key before I send money to it.  Since I have what I believe are secure locations for my backups I don't mind using the backup as much as needed.  If I do that enough I will end up memorizing it to make it easier.

If you don't want the password you can likely use the browser's incognito mode.   I will have to see it all working before I make any promises on this.  Basically, once you close that window the wallet is gone and you'll have to use the brain key again.  Is this more to your taste?

I can't find the laptop I had picked out now, and it is hit or miss with the agent you get in the Chat.  Don't even thing about talking to Dell if you have a Bitcoin payment problem.  They are clueless and just want to transfer people around in a circle (very unprofessional).  Coinbase is at least responsive, but now they need to take responsibility and fix there payment system.  I would hint that BitUSD is low hanging fruit when you consider what BitShares went through to actually make it work.  All they have to do is use it...

I finally decided to get a really good laptop because I need to demo a BTS/BitUSD web project in a few weeks in Virginia.  It would also help to get something faster to build the code too.  This is pushing my time-line  .

Please review, better if this does not have to change later...

An extension provides a third party version of the code that, as far as I know, we can not modify.  Chrome made it easy to deploy any working website into their browser from the store.  I will be research this.

Login process for the web-browser wallet / plug-in...

This should help avoid the issues of making sure wallet is not deleted by accident and that the user does not get locked out of the entire wallet due to a lost password or a lost brain-key (as long as one or the other is known).  This is all done client-side so the server is not used in this process.

It has the side-effect (or feature if you will) of allowing you to have multiple wallets that are not easily visible to an observer. 

Basically, the idea is to use your password as access to the wallet.  Different password different wallet.  Of course, the password is hashed and stored locally (not on a server) so it is not retrievable without a full dictionary attack and access to someones files.   Multiple wallets are useful in the same way as one might have multiple bank accounts or multiple trading accounts.

Basically the wallet is password encrypted and stored in the browser. Think of that as a cache... It is not uploaded or backed up automatically. So, that is where the brain-key is really necessary. You can re-generate the wallet from a brain-key and the wallet will find your information from the blockchain.

A delete wallet feature can be added, but you should be required to login first (know the password) so you can delete it. I like this idea because it forces you to look in the wallet before deleting.  The user should also re-enter or copy/paste the brain-key as a delete confirmation as that is how one could restore the wallet anyways. 

The under-the-hood side effect is that the only way to recover from a lost password is to use the brain-key and create a new password.  That will leave some clutter not so large clutter: a second copy of the wallet laying around unaccessed.  I don't think that will be any less secure unless one intends to move the wallet and can't remember the password.  In that unlikely event the user can use the browser to delete all of the data and wallets on that computer (after making sure the important ones exist somewhere else). 

To recover a brain-key, the user can use the password and the computer that created the wallet and access a feature to display the brain key.  Even in a unlocked wallet, the password will be re-prompted before displaying the brain-key.

Here are the screens:
-----------------------------------------------------------
Open or Create Wallet

[ Password                         ]

[Login]

= if the password is found, the wallet opens .. if not:
-----------------------------------------------------------
Create Wallet

A wallet with this password was not found on this computer.  Re-enter your password to setup a new wallet.  Your password is mandatory and controls when and how your funds may be spent. If you forget this password you will be unable to transfer your shares and must recover using a brain-key that will be provided to you.  This password is used only on this computer.

[ Confirm Password               ]

[Create] [Back to Login]
-----------------------------------------------------------
=== User will select one of two options to enable one section:
[X] New Brain-key

Use this brain-key to recover your wallet on any computer.  This brain-key is as strong as the industry standard for private keys.  Do not shorten it.  Make a backup, print it out, write it down, etc.. but always keep this information secret.  This brain-key is not password protected and is all that is needed to access all accounts you will create in this wallet.

[ xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz ]

WARNING: Anyone with access to your brain key will have access to this wallet. It is not possible to recover a lost brain-key.  This brain-key will be saved for you on this computer only so you will need to make another backup to be sure you can access your wallet.

=== The other option
[X] Existing Brain-key

[ Brain-key                                                                                                                    ]

[Open]

= wallet will find public accounts and transactions
= recover by registered account name feature
-----------------------------------------------------------

It is a smaller JavaScript version of Bitshares.  This makes it possible to run Bitshares secure functions (like the wallet) in the browser and it helps so the server does not have to store any user's private keys.

The wallpapers are nice, except I need one at 5120x2880.

Beyond 4k and not even squinting!