h a l f b a k e r yThe halfway house for at-risk ideas
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
A website that will restore your lost bitcoin private key, upon
verified evidence that you are the authentic owner of that key.
Marked-For-Category (please tell me of a more appropriate
category or move it there yourself
[link]
|
|
How do you stop the site running away with your dosh? |
|
|
Dang it pomloc, don't give away his business model! |
|
|
The website allows you to store a series of questions and answers that it uses to generate an encryption key, client side. Things like birthday, public key, dog's name etc. |
|
|
You enter your private key and it's encrypted using this key, still client side. |
|
|
The website then uploads your questions, and encrypted key to its server (never seeing the answers or the private key). |
|
|
To retrieve, it would present you with the list of questions and the encrypted key. |
|
|
On the client side it would reconstruct the original private key using the answers given, along with the encrypted key it stored. |
|
|
This way the site never has an unencrypted copy of the private key on its server. |
|
|
I've no idea if this would actually work... and for me, encrypting the key using winzip then emailing myself might be easier. |
|
|
Explicitly storing keys in a dedicated site is just inherently
weak. It's too tempting a target. |
|
|
If outside hackers don't break it, then inside laziness or
blind points (we all have them) will leave things exposed.
Or, insiders get social-engineered to give away keys. |
|
|
Just stuff your keys into the bottom of a JPG file, & upload
those files to any server, along with your other family
photos that no hacker would ever care about. |
|
|
Security through obscurity. |
|
|
Why not just store your Bitcoin keys in your LastPass
vault with the rest of your passwords? Strong client-side
encryption, cloud storage, multiple options
for multi-factor authentication. Seems perfect. |
|
|
There's a book Microsoft put out in the 90's about computer
jokes. It had a guy wearing a big badge with the word
REAGAN, and the caption read: "Always wear your passwords
out in the open" |
|
| |