I had some questions to which answers were difficult to find. I want to understand the trustlessness and privacy aspect of using BitShares through the combo of the BitShares 2 light client and Openledger.info as the API provider (or any other site that hosts such an API). I'd be thankful for any input on these matters.
/* There's still something to remark about hosted wallets. One of their benefits (plus all the ones they can choose to bring to users, and that's a lot), is being able to access your accounts from everywhere while still being the only one in control of keys. But there's still a little trade off that's being worked on: private keys resides only on your browser's cache until you make a backup. Web wallet users should backup their keys just after creating an account in case they miss access to that computer, or if cache is cleaned, before a backup is done. Please correct mi if I'm missing something here. Peermit is working on a promising 2FA implementation for example. You can have 2FA providers who you only need to trust the funds (active keys) you want to, without compromising the ownership of your account (owner keys). A mail confirmation could be enough to approve a transaction from any device without messing with keys, wallet backups or seed brain keys. You could fund that account from the funds in your secure light wallet). Also remember to lock your account when you leave a public machine, and if your want to ensure privacy over your accounts clean browser cache, as password only prevents operations (remember you are not logged in anywhere really, you just bring your encrypted keys to talk with the blockchain through the interface. */ |
1. Regarding the above use environment, which of these are known (even if just minimally, but to the extent of being able to identify users) to API provider site?
- wallet name #I guess wallets works is client side only, clarification would be great.
- account name # yes, they are public
- transactions # they are also public
- addresses # yes just public addesses
- account password # client side
- private keys # client side
- brainkey # client side
hey xeroc, I started writing before you posted . Could you review my answers when you can? We can complement good answers to make all this very clear.looks great!
hey xeroc, I started writing before you posted . Could you review my answers when you can? We can complement good answers to make all this very clear.looks great!
As for brain key entropy: The entropy of brain keys is exactly 256 bit .. so the same as private keys.
Side remark: Considering Security, BitShares has a slight advantage over most satoshi/bitcoin based blockchains because it does NOT use addresses but only public keys.
Since addresses are only 150bits, there are multiple (2^(256-150)) public keys that theoretically derive to the same address and if you never spend from your bitcoin address, they all could do so.
Because BitShares does NOT use addresses but the full length public key, you could consider it slightly more secure. Cheers