The BitShares Hosted Web Wallet is ready...

[arhag]

Add in mandatory 2fa and the site should be more secure than any local client.

If someone hacked the web server all they could really do is turn it off.

Nope. And here is why.

If an attacker wants to steal the funds of everyone using the local client, they need to hack into each of their personal computers. If the attacker wants to steal the funds of everyone using the web wallet, they need to only hack into the web wallet server. They then replace the javascript served with one that extracts the locally stored brain keys and sends it to the attacker's server. Everyone that opens and unlocks the web wallet next time will have their funds stolen (it makes more sense to wait until the attacker has a critical mass of brain keys before stealing a single satoshi to not tip them off of the compromise).

Does multisig and 2FA solve anything? No, because the multisig is provided by the web wallet server and if that is compromised then the multisig is also compromised and useless.

It gets worse. It doesn't even require compromising the server, although the following attack is on the local scale rather than the global scale like the previous one. If the attacker can get between the victim and his internet connection, the attacker can use SSLstrip to feed their malicious javascript with a high probability of the victim not noticing that anything is wrong. Most people will not notice if the green lock icon is missing before typing their wallet passphrase. Another approach is to provide an HTTPS protected site (green lock icon included) but to a domain that looks like but is not actually wallet.bitshares.org (e.g. wallet.bltshares.org).

Edit: I just realized the SSLstrip hack would not allow the attacker to steal the brain key. If a homograph attack is used the site will not have access to the wallet.bitshares.org local storage. If the HTTPS is stripped, I believe the HTTP version of the site should also not be allowed to access the local storage that was set up under HTTPS. So the worst an attacker can do if they use the SSLstrip hack is to steal your wallet passphrase but not the encrypted master key or the brain key. Now if they were able to obtain the encrypted master key through other means (for example, use the SSLstrip attack to get your Dropbox/Google password and then use that to get your backed up encrypted JSON wallet, assuming you actually stored in a cloud service) then they could use that along with the captured passphrase to get access to the funds. But as you can see this attack is less of a threat. Also, keep in mind the original attack where the wallet.bitshares.org server is hacked still is valid and that is the more dangerous attack (and more worthwhile attack for the attacker) anyway.

[Average Guy on Street]

What are the thoughts/recommendations/advise when using the webwallet on a mobile devise?


Sent from my iPad using Tapatalk

[jamesc]

Hi,

I can't register an account.
I've got enough funds in the account.
This is the error I get:

Code: [Select]

31010 expired_transaction: expired transaction
...


https://github.com/BitShares/BitShares-JS/issues/58

[bluebit]

When will it be released?

[Mysto]

This is huge  !

[Riverhead]

What is exactly the use case of the web wallet?

Regarding security, this seems catastrophically risky. The browser is an insecure environment [1], and hacking a server is common once money is involved, as illustrated multiple times with exchanges.

Genuinely interested to learn more, hoping these problems have been taken into account when developing the web wallet.

[1] http://matasano.com/articles/javascript-cryptography/

While I can't speak to the robustness of js-crypto I can assure you that your funds are not stored on the server; at least not in the sense they are with a centralized exchange. The browser stores the encrypted keys locally and sends signed transactions to the node running on the server. If someone hacked the web server all they could really do is turn it off. I doubt the web server node even has a wallet.

[clayop]

This will be easy to market if we make the default main page the Exchange Asset
It means, you can view the inside without even logging in.
Change the name to Exchange instead of Wallet.
Integrate bitcoin and altcoins gateway
Then let's promote to crypto world as a web decentralize exchange, instead of just web wallet.

Just my

And fiat gateways too! 

I think that someone can fork the code and make an integrated one.

[liondani]

Change the name to Exchange instead of Wallet.
Integrate bitcoin and altcoins gateway
Then let's promote to crypto world as a web decentralize exchange, instead of just web wallet.
Just my

 

it make sense!
 

[kenCode]

Change the name to Exchange instead of Wallet.
Integrate bitcoin and altcoins gateway
Then let's promote to crypto world as a web decentralize exchange, instead of just web wallet.
Just my

 

[fundomatic]

Hi,

I can't register an account.
I've got enough funds in the account.
This is the error I get:

Code: [Select]

31010 expired_transaction: expired transaction

    {"trx_arg":{"expiration":"2015-02-26T13:19:06","reserved":null,"operations":[{"type":"register_account_op_type","data":{"name":"fiatcure","public_data":null,"owner_key":"BTS8XBcCY5JXaxqf7iyrSihJwWtBe9vezHWeHALDN2UKXQ651yi36","active_key":"BTS53gRUmLM5xtZndpRcichBasbuxAXUYTshhvdCaN3cRZEW6LL1m","delegate_pay_rate":255,"meta_data":{"type":"public_account","data":""}}},{"type":"withdraw_op_type","data":{"balance_id":"BTSEZwdHSeVNhe7u7K7BsZADwhFhAw2tBRrk","amount":50000,"claim_input_data":""}}],"signatures":["1f7fed31bba0638145ea41eefaeb68977e2ff5fdeeee8d3b082449df3e15bdf5a75782574093e36a2d5bc892c9755d4b899b03438517fe45b5dc7d4bce26ad7153"]},"_current_state->now()":"2015-02-26T15:19:00","expired_by_sec":7194}
    th_a  transaction_evaluation_state.cpp:214 evaluate

    {"trx_arg":{"expiration":"2015-02-26T13:19:06","reserved":null,"operations":[{"type":"register_account_op_type","data":{"name":"fiatcure","public_data":null,"owner_key":"BTS8XBcCY5JXaxqf7iyrSihJwWtBe9vezHWeHALDN2UKXQ651yi36","active_key":"BTS53gRUmLM5xtZndpRcichBasbuxAXUYTshhvdCaN3cRZEW6LL1m","delegate_pay_rate":255,"meta_data":{"type":"public_account","data":""}}},{"type":"withdraw_op_type","data":{"balance_id":"BTSEZwdHSeVNhe7u7K7BsZADwhFhAw2tBRrk","amount":50000,"claim_input_data":""}}],"signatures":["1f7fed31bba0638145ea41eefaeb68977e2ff5fdeeee8d3b082449df3e15bdf5a75782574093e36a2d5bc892c9755d4b899b03438517fe45b5dc7d4bce26ad7153"]}}
    th_a  transaction_evaluation_state.cpp:256 evaluate

    {"trx":{"expiration":"2015-02-26T13:19:06","reserved":null,"operations":[{"type":"register_account_op_type","data":{"name":"fiatcure","public_data":null,"owner_key":"BTS8XBcCY5JXaxqf7iyrSihJwWtBe9vezHWeHALDN2UKXQ651yi36","active_key":"BTS53gRUmLM5xtZndpRcichBasbuxAXUYTshhvdCaN3cRZEW6LL1m","delegate_pay_rate":255,"meta_data":{"type":"public_account","data":""}}},{"type":"withdraw_op_type","data":{"balance_id":"BTSEZwdHSeVNhe7u7K7BsZADwhFhAw2tBRrk","amount":50000,"claim_input_data":""}}],"signatures":["1f7fed31bba0638145ea41eefaeb68977e2ff5fdeeee8d3b082449df3e15bdf5a75782574093e36a2d5bc892c9755d4b899b03438517fe45b5dc7d4bce26ad7153"]}}
    th_a  chain_database.cpp:1613 evaluate_transaction

    {"trx":{"expiration":"2015-02-26T13:19:06","reserved":null,"operations":[{"type":"register_account_op_type","data":{"name":"fiatcure","public_data":null,"owner_key":"BTS8XBcCY5JXaxqf7iyrSihJwWtBe9vezHWeHALDN2UKXQ651yi36","active_key":"BTS53gRUmLM5xtZndpRcichBasbuxAXUYTshhvdCaN3cRZEW6LL1m","delegate_pay_rate":255,"meta_data":{"type":"public_account","data":""}}},{"type":"withdraw_op_type","data":{"balance_id":"BTSEZwdHSeVNhe7u7K7BsZADwhFhAw2tBRrk","amount":50000,"claim_input_data":""}}],"signatures":["1f7fed31bba0638145ea41eefaeb68977e2ff5fdeeee8d3b082449df3e15bdf5a75782574093e36a2d5bc892c9755d4b899b03438517fe45b5dc7d4bce26ad7153"]},"override_limits":false}
    th_a  chain_database.cpp:2062 store_pending_transaction

    {}
    th_a  common_api_client.cpp:2772 blockchain_broadcast_transaction


[joele]

This will be easy to market if we make the default main page the Exchange Asset
It means, you can view the inside without even logging in.
Change the name to Exchange instead of Wallet.
Integrate bitcoin and altcoins gateway
Then let's promote to crypto world as a web decentralize exchange, instead of just web wallet.

Just my

[Helikopterben]

What is exactly the use case of the web wallet?

Regarding security, this seems catastrophically risky. The browser is an insecure environment [1], and hacking a server is common once money is involved, as illustrated multiple times with exchanges.

Genuinely interested to learn more, hoping these problems have been taken into account when developing the web wallet.

[1] http://matasano.com/articles/javascript-cryptography/

I agree with these concerns. The use of the web wallet seems to me less about serious trading/holding funds and more as an easy way for people to learn about the exchange and get interested.

The Web wallet is absolutely key to the whole project IMHO.  This much more closely resembles the user experience of a centralized exchange with all the benefits and security of a decentralized exchange working behind the scenes.  A blockchain.info-style site will give users control over their assets.  Add in mandatory 2fa and the site should be more secure than any local client.

[kenCode]

What is exactly the use case of the web wallet?
Regarding security, this seems catastrophically risky. The browser is an insecure environment [1], and hacking a server is common once money is involved, as illustrated multiple times with exchanges.
...
[1] http://matasano.com/articles/javascript-cryptography/

I agree with these concerns. The use of the web wallet seems to me less about serious trading/holding funds and more as an easy way for people to learn about the exchange and get interested.

I agree too. I wish everything was web based and lightweight. I hate downloading apps. BUT, until we are sure where the content is being served up from, we are risking quite a bit by going web based right now.
 
Storj [Driveshare] could be a great solution to this. The js that gets distributed to the clients needs to be served up in shards via multiple trusted nodes. NO SERVERS. Even the domain itself needs to be decentralized via .p2p .bit .dac whatever. 

[CLains]

What is exactly the use case of the web wallet?

Regarding security, this seems catastrophically risky. The browser is an insecure environment [1], and hacking a server is common once money is involved, as illustrated multiple times with exchanges.

Genuinely interested to learn more, hoping these problems have been taken into account when developing the web wallet.

[1] http://matasano.com/articles/javascript-cryptography/

I agree with these concerns. The use of the web wallet seems to me less about serious trading/holding funds and more as an easy way for people to learn about the exchange and get interested.

People use their browser for their bank, trading stocks, etc. From what I've seen it is the centralized accounting and vaults that have been compromised with the traditional crypto exchanges. Easy to use multi-sig and 2FA will do more for security than any fort knox ever could.

[speedy]

What is exactly the use case of the web wallet?

Regarding security, this seems catastrophically risky. The browser is an insecure environment [1], and hacking a server is common once money is involved, as illustrated multiple times with exchanges.

Genuinely interested to learn more, hoping these problems have been taken into account when developing the web wallet.

[1] http://matasano.com/articles/javascript-cryptography/

I agree with these concerns. The use of the web wallet seems to me less about serious trading/holding funds and more as an easy way for people to learn about the exchange and get interested.