On Fri, Sep 13, 2013 at 01:05:05AM -0400, Peter Todd wrote:
> On Fri, Sep 13, 2013 at 01:56:33AM +0200, Vitalik Buterin wrote:
> > Exclusive preview:
> >
> > A Google Authenticator two-factor-authentication enabled wallet using
> > 2-of-3 multisig. Basically, it creates the multisig between the server, a
> > private key deterministically generated from your username+password, and a
> > randomly generated pair that you are instructed to save using some external
> > backup mechanism that is necessary for backup in case you lose your
> > password or your second factor.
> >
> > http://46.4.92.107:3191/
> >
> > Try and sign up, and deposit and withdraw a bitcent. I'm deliberately
> > withholding any clearer explanation as a usability test; you should be able
> > to figure out what's going on on your own.
>
> Issues:
>
> Why does it always create two change outputs?
>
> What exactly are the three addresses in the 2-of-3 for?
>
> Needs to calculate fees + give user option for how much fees/KB they
> want to pay. Current version makes tx's that will get stuck:
> 5ca25677fcb2b385437ce4ea90cb9af1e7ee8f6ee13cc8ecd3277030c9ecabfa
One more issue: you let users use the same one-time-password code more
than once...
--
'peter'[:-1]@petertodd.org