The BitShares Hosted Web Wallet is ready...

[VoR0220]

Hmmmm....I haven't read the rest of the thread. How do I link my current account into the web wallet?

[ag]

my transaction from the 0.6.1 client to my unregistered light-wallet account is not showing up.

added contact:
>> wallet_add_contact_account test2 BTS5ihT3L2zY4cYfJ2qvY85m7FAPSjyK191U28qBiTV8cz9qzweqP

OK

 I did not use the transfer_public method because it fails:
>> wallet_transfer_to_public_account 0.9 BTS americansilver test2

10 assert_exception: Assert Exception
account_record.valid() && !account_record->is_retracted():
    {}
    th_a  wallet_api.cpp:348 wallet_transfer_to_public_account

    {}
    th_a  common_api_client.cpp:4042 wallet_transfer_to_public_account

    {"command":"wallet_transfer_to_public_account"}
    th_a  cli.cpp:626 execute_command

normal transfer goes through but I don't see it on bitshares.org wallet:
>> transfer 0.9 BTS americansilver test2

TIMESTAMP           BLOCK     FROM                TO                  AMOUNT                  MEMO                                        FEE                 ID     
======================================================================================================================================================================
2015-02-26T21:39:57 PENDING   americansilver      test2               0.90000 BTS                                                         0.10000 BTS         239b3768

It is easier to use:

Code: [Select]

wallet_transfer_to_address .01 BTS americansilver BTS5ihT3L2zY4cYfJ2qvY85m7FAPSjyK191U28qBiTV8cz9qzweqP
Vikram tells me that those commands will be going away and eventually combined into the wallet_transfer command.  Also, I believe it did work I was able to add a contact and my transfer did show up in the wallet..  You would have seen your balance update but the Recent Transactions tab does not update as often as it should (guess it is acting like more like "old transactions" then "recent transactions").  Click on the dashboard and you should see it there.

wallet_transfer_to_address works. but my account on the web wallet still does not receive the transaction in question above. Also the reason I used the cli in the first place is because transfer I made by the GUI did not show up, and still has not.

[speedy]

Can I only access the web wallet from my computer and only on the browser I used to create the wallet?  Can I access it from another location or another computer?  What does the brain key do?

If you load the brain key onto another computer's browser, it can regenerate your keys allowing you to spend from that machine.

[lil_jay890]

Can I only access the web wallet from my computer and only on the browser I used to create the wallet?  Can I access it from another location or another computer?  What does the brain key do?

[LRENZ]

Definatelly need a 'security' page or something in this web wallet somewhere explaining what security measures are in place and what risks there are.

[jamesc]

my transaction from the 0.6.1 client to my unregistered light-wallet account is not showing up.

added contact:
>> wallet_add_contact_account test2 BTS5ihT3L2zY4cYfJ2qvY85m7FAPSjyK191U28qBiTV8cz9qzweqP

OK

 I did not use the transfer_public method because it fails:
>> wallet_transfer_to_public_account 0.9 BTS americansilver test2

10 assert_exception: Assert Exception
account_record.valid() && !account_record->is_retracted():
    {}
    th_a  wallet_api.cpp:348 wallet_transfer_to_public_account

    {}
    th_a  common_api_client.cpp:4042 wallet_transfer_to_public_account

    {"command":"wallet_transfer_to_public_account"}
    th_a  cli.cpp:626 execute_command

normal transfer goes through but I don't see it on bitshares.org wallet:
>> transfer 0.9 BTS americansilver test2

TIMESTAMP           BLOCK     FROM                TO                  AMOUNT                  MEMO                                        FEE                 ID     
======================================================================================================================================================================
2015-02-26T21:39:57 PENDING   americansilver      test2               0.90000 BTS                                                         0.10000 BTS         239b3768

It is easier to use:

Code: [Select]

wallet_transfer_to_address .01 BTS americansilver BTS5ihT3L2zY4cYfJ2qvY85m7FAPSjyK191U28qBiTV8cz9qzweqP
Vikram tells me that those commands will be going away and eventually combined into the wallet_transfer command.  Also, I believe it did work I was able to add a contact and my transfer did show up in the wallet..  You would have seen your balance update but the Recent Transactions tab does not update as often as it should (guess it is acting like more like "old transactions" then "recent transactions").  Click on the dashboard and you should see it there.

[merivercap]

This BitShares web wallet has the same trust/security model as blockchain.info. So if you trust blockchain.info you can (in theory) trust this web wallet (although I cannot vouch for the security practices of whoever is managing the wallet.bitshares.org host compared to the blockchain.info servers). Now call me paranoid, but I personally do not trust blockchain.info with my BTC for the reasons I already stated earlier in this thread, so you can imagine I would feel the same way with this BitShares web wallet.

It's good to be paranoid for security.  Hopefully it's at least as good as Blockchain.

I didn't watch the video, but the problem isn't if the server has encrypted secrets. The problem is that you are trusting the third-party server to deliver the code that will run on your local computer every time you load the page. That javascript code running on your computer has access to the local storage in the browser that stores your encrypted secrets. It also has access to the wallet password you type into the password box. If this code is compromised, then your funds will be compromised. Because you trust the server to deliver you the trusted code, if the server gets compromised the attacker can feed you malicious code instead. To prevent this you need to have a model where you manually approve of the initial installation of the code and any upgrades so that the server cannot feed you new malicious code without you knowing. Furthermore, you need a way to verify that the initial installation or the upgrade is good. This requires deterministic builds (not a problem with javascript) and signatures on the builds from trusted parties (e.g. the core devs). You need to be able to verify the upgrade is good before installing it. You also want the private keys of the trusted people that can sign the code to be stored offline (cold storage) to be secure and not stored on a hot server that can be hacked.

If the code is bad I hear what you are saying.  It seems there should be a protocol in place to certify the code on updates, especially the important parts (ie. if the code splits the secret keys between client and server and does the encryption, that part should especially be certified.)  Furthermore the 2FA code should also be certified to be good so that it can't be disabled without 2FA with any malicious external code... Anyways I remember hearing as long as the cost of hacking is more expensive than a successful hack things should work out.  Hope that's the case here. 

[konelectric]

Got it up and going. I'm  bitninja. When BTER releases my bitshares I"ll test it out.

[arhag]

I'm not a programmer so you're scaring me Arhag.   In terms of ease of use the web wallet has tremendous advantages.   How about Blockchain.info, the Ripple & Stellar web wallets etc?  I know Blockchain was hacked before.  I think it was a bug on an software update.  It's been very solid  overall and now has 3 million wallets.

This BitShares web wallet has the same trust/security model as blockchain.info. So if you trust blockchain.info you can (in theory) trust this web wallet (although I cannot vouch for the security practices of whoever is managing the wallet.bitshares.org host compared to the blockchain.info servers). Now call me paranoid, but I personally do not trust blockchain.info with my BTC for the reasons I already stated earlier in this thread, so you can imagine I would feel the same way with this BitShares web wallet.

I came across a Stellar Dev meetup where Andrew Rogers spoke about a solution to allow a client to keep control of the secret keys across multiple devices: http://youtu.be/K8oaHql5aHU?t=32m50s
Something like this where the server only holds part of the encrypted secret key and the client has the other seems to prevent a server-side attack being as devastating no?

I didn't watch the video, but the problem isn't if the server has encrypted secrets. The problem is that you are trusting the third-party server to deliver the code that will run on your local computer every time you load the page. That javascript code running on your computer has access to the local storage in the browser that stores your encrypted secrets. It also has access to the wallet password you type into the password box. If this code is compromised, then your funds will be compromised. Because you trust the server to deliver you the trusted code, if the server gets compromised the attacker can feed you malicious code instead. To prevent this you need to have a model where you manually approve of the initial installation of the code and any upgrades so that the server cannot feed you new malicious code without you knowing. Furthermore, you need a way to verify that the initial installation or the upgrade is good. This requires deterministic builds (not a problem with javascript) and signatures on the builds from trusted parties (e.g. the core devs). You need to be able to verify the upgrade is good before installing it. You also want the private keys of the trusted people that can sign the code to be stored offline (cold storage) to be secure and not stored on a hot server that can be hacked.

[vlight]

I cannot load registered account when using Dolphin browser on Android OS and i get error:

"Cannot read property 'private_data' of null".

The wallet itself is loaded and i am able to login, but the registered account is not listed.

[merivercap]

Does multisig and 2FA solve anything? No, because the multisig is provided by the web wallet server and if that is compromised then the multisig is also compromised and useless.

Can this be solved by having one or more of the multisig providers reside on another unknown server, or possibly from some or all of the delegates themselves?

You can distribute this keys of the multisig over multiple servers but at the end of the day there will only be a handful of servers to attack to gain access to all users.

The better solution is to force the attacker to hack into each user's computer at a minimum if they want to steal their funds. Adding multisig on top of that of course adds more security and I highly recommend that.

And as I explained, serving this as a typical web page (even if HTTPS protected) allows the attacker to avoid hacking into each user's computer. I think a browser extension that you have to manually install once and need to explicitly approve of any upgrades would help a lot. Personally, I don't feel very comfortable with using any browser-based solution for serious money. I would want to download a deterministically-compiled executable that is signed by enough of the core devs with their PGP keys which I have already established on my local computer (actually I would want the source archive signed by the devs and then would want to compile it myself, but the deterministic build is a better solution if you don't want to compile yourself). To make this easier, it should be possible to use the previous version of the client and the web-of-trust on the blockchain to validate the signatures of the new version of the client. That way upgrades can be very simple for regular users (no PGP required). The only issue then is how to establish the first installation of the client on a new computer. Still, even if we rely on HTTPS for the security of that initial download, the attack surface becomes so much smaller that it is difficult for an attacker to be very successful.

I'm not a programmer so you're scaring me Arhag.   In terms of ease of use the web wallet has tremendous advantages.   How about Blockchain.info, the Ripple & Stellar web wallets etc?  I know Blockchain was hacked before.  I think it was a bug on an software update.  It's been very solid  overall and now has 3 million wallets.  I came across a Stellar Dev meetup where Andrew Rogers spoke about a solution to allow a client to keep control of the secret keys across multiple devices: http://youtu.be/K8oaHql5aHU?t=32m50s
Something like this where the server only holds part of the encrypted secret key and the client has the other seems to prevent a server-side attack being as devastating no?  Anyways what security measures are taken with the current bitShares wallet?  What methods were used with prevous web wallet hacks in the past?

[ag]

my transaction from the 0.6.1 client to my unregistered light-wallet account is not showing up.

added contact:
>> wallet_add_contact_account test2 BTS5ihT3L2zY4cYfJ2qvY85m7FAPSjyK191U28qBiTV8cz9qzweqP

OK

 I did not use the transfer_public method because it fails:
>> wallet_transfer_to_public_account 0.9 BTS americansilver test2

10 assert_exception: Assert Exception
account_record.valid() && !account_record->is_retracted():
    {}
    th_a  wallet_api.cpp:348 wallet_transfer_to_public_account

    {}
    th_a  common_api_client.cpp:4042 wallet_transfer_to_public_account

    {"command":"wallet_transfer_to_public_account"}
    th_a  cli.cpp:626 execute_command

normal transfer goes through but I don't see it on bitshares.org wallet:
>> transfer 0.9 BTS americansilver test2

TIMESTAMP           BLOCK     FROM                TO                  AMOUNT                  MEMO                                        FEE                 ID     
======================================================================================================================================================================
2015-02-26T21:39:57 PENDING   americansilver      test2               0.90000 BTS                                                         0.10000 BTS         239b3768

[arhag]

Does multisig and 2FA solve anything? No, because the multisig is provided by the web wallet server and if that is compromised then the multisig is also compromised and useless.

Can this be solved by having one or more of the multisig providers reside on another unknown server, or possibly from some or all of the delegates themselves?

You can distribute this keys of the multisig over multiple servers but at the end of the day there will only be a handful of servers to attack to gain access to all users.

The better solution is to force the attacker to hack into each user's computer at a minimum if they want to steal their funds. Adding multisig on top of that of course adds more security and I highly recommend that.

And as I explained, serving this as a typical web page (even if HTTPS protected) allows the attacker to avoid hacking into each user's computer. I think a browser extension that you have to manually install once and need to explicitly approve of any upgrades would help a lot. Personally, I don't feel very comfortable with using any browser-based solution for serious money. I would want to download a deterministically-compiled executable that is signed by enough of the core devs with their PGP keys which I have already established on my local computer (actually I would want the source archive signed by the devs and then would want to compile it myself, but the deterministic build is a better solution if you don't want to compile yourself). To make this easier, it should be possible to use the previous version of the client and the web-of-trust on the blockchain to validate the signatures of the new version of the client. That way upgrades can be very simple for regular users (no PGP required). The only issue then is how to establish the first installation of the client on a new computer. Still, even if we rely on HTTPS for the security of that initial download, the attack surface becomes so much smaller that it is difficult for an attacker to be very successful.

[fluxer555]

Does multisig and 2FA solve anything? No, because the multisig is provided by the web wallet server and if that is compromised then the multisig is also compromised and useless.

Can this be solved by having one or more of the multisig providers reside on another unknown server, or possibly from some or all of the delegates themselves?

[davidpbrown]

Excellent work! This is a huge step forward for making BitShares accessible and useful.

Perhaps add:
- the version detail to the Dashboard.
- a link back to https://bitshares.org
- a statement that the private key is browser and not sent to server.. and then add a necessary confirmation that user has safely saved their brain key and password.. and a warning to back that up. Too easy for noobs to not appreciate they are responsible: that bit needs to be fool proof.

Do we need to worry about bitshares.com and other confusions?