I haven't been able to test (no mobile phone). Is this a tool for
having a wallet that is backed up but without trusting the person
backing up the wallet?

On 13/09/13 07:30, Vitalik Buterin wrote:
> Great feedback, Peter!
>
> 1. Suppost you just got your 10 BTC month's salary in one
> transaction and you go on a shopping spree. On the first day, you
> buy a new keyboard for 0.5 BTC, and send 9.5 BTC back to yourself
> in change. On the second day, you buy a chocolate bar for 0.03 BTC,
> and send one change output of 9.47 BTC to yourself. You then buy a
> sandwich for 0.05 BTC, and send a change output of 9.42 BTC back to
> yourself. However, the 0.05 BTC payment is an unconfirmed
> transaction dependent on an unconfirmed transaction. Some Bitcoin
> clients register that as invalid, so you might be forced to
> awkwardly wait beside the merchant for five minutes for the
> transaction to clear. Now, suppose you had two 4.75 BTC outputs.
> Then, the chocolate bar would come out of the first output and the
> sandwich from the second, so everything would work fine. I haven't
> implemented this yet fully; at this point, the system would
> actually make a chain of two outputs, but if you make lots of
> transactions you will eventually have dozens of unspent outputs so
> everything should usually work fine. 2. Address 1 is myself,
> address 2 is your private key generated deterministically from your
> username and password (open up the dev console and run
> slowsha(user+":"+pass) and you see it in hex form), address 3 is
> the backup the app told you to take a screenshot of or copy down
> when you created the account. Normal transactions use 1+2. If you
> lose your 2FA device, or I become evil and/or co-opted by the US
> government, then you can use 2+3 to get your money out. If you lose
> your password, you can ask me and get your money out with 1+3 (soon
> I will have an automatic system for doing this) 3. Thanks! Will
> fix. 4. Right, I suppose I will need to make my TOTP setup more
> advanced, otherwise the current setup is vulnerable to replay
> attacks. A running online database of used name+key pairs should do
> the trick. 4b. Now that we're thinking of security, I'm thinking of
> requiring the payment message to have a signature from your private
> key, to make the wallet secure even if SSL is absent.
>
>
>
>
> On Fri, Sep 13, 2013 at 7:08 AM, Peter Todd <pete@???
> <mailto:pete@petertodd.org>> wrote:
>
> On Fri, Sep 13, 2013 at 01:05:05AM -0400, Peter Todd wrote:
>> On Fri, Sep 13, 2013 at 01:56:33AM +0200, Vitalik Buterin wrote:
>>> Exclusive preview:
>>>
>>> A Google Authenticator two-factor-authentication enabled
>>> wallet
> using
>>> 2-of-3 multisig. Basically, it creates the multisig between
>>> the
> server, a
>>> private key deterministically generated from your
> username+password, and a
>>> randomly generated pair that you are instructed to save using
> some external
>>> backup mechanism that is necessary for backup in case you lose
>>> your password or your second factor.
>>>
>>> http://46.4.92.107:3191/
>>>
>>> Try and sign up, and deposit and withdraw a bitcent. I'm
> deliberately
>>> withholding any clearer explanation as a usability test; you
> should be able
>>> to figure out what's going on on your own.
>>
>> Issues:
>>
>> Why does it always create two change outputs?
>>
>> What exactly are the three addresses in the 2-of-3 for?
>>
>> Needs to calculate fees + give user option for how much fees/KB
>> they want to pay. Current version makes tx's that will get
>> stuck:
>> 5ca25677fcb2b385437ce4ea90cb9af1e7ee8f6ee13cc8ecd3277030c9ecabfa
>
> One more issue: you let users use the same one-time-password code
> more than once...
>
> -- 'peter'[:-1]@petertodd.org <http://petertodd.org>
>
> _______________________________________________ unSYSTEM mailing
> list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>
>
>
>
> _______________________________________________ unSYSTEM mailing
> list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>