/bitcoin.org

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Added Strongcoin #321

Closed
wants to merge 1 commit into
from

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
Wallets
Projects
None yet
Milestone
No milestone
5 participants
@ianpurton @saivann @sunnankar @harding @Cobra-Bitcoin
@ianpurton

ianpurton commented Feb 19, 2014

StrongCoin has been around 2.5 years now and we're actively developing the site to make it easy to use whilst still keeping the cryptography in the browser.

Let me know any amendments you think I would need to make to get this included. Thanks.
@saivann
Contributor

saivann commented Feb 19, 2014

For the record, strongcoin has been previously submitted, and got hacked before being accepted:
bitcoin#73

There is also various other concerning claims about strongcoin on bitcointalk and reddit, although I don't know if they are true.
@ianpurton

ianpurton commented Feb 19, 2014

Previously we had a problem where a ruby on rails upgrade caused our encrypted private keys to become visible. We fixed that as soon as we became aware and notified all users.

We have now been almost 1 year without incident.

We are hosted on heroku which has the following security policy. https://www.heroku.com/policy/security

We are also fronted by cloudflare which protects us from DDOS and various other attacks.

We have several warnings on our account creation to ensure users select strong passwords for the AES key encryption.

But, at the end of the day Strongcoin was designed such that a major server hack would still save our clients Bitcoins.

I feel that we provide a clean and easy to use experience for new users and would be a valuable addition to the web wallets.
@saivann
Contributor

saivann commented Feb 26, 2014

AFAIK, no wallet currently listed on bitcoin.org have an history of being hacked and not reimbursing customers ( it is my understanding that no customer has been reimbursed ). BIPS was removed not so long ago for the same reason. Just my opinion, but I am uncertain if StrongCoin should be listed for this reason.

Also, the description of the previous security issue seems very concerning:
"It was possible to change the id in a URL and see another users encrypted key."
https://bitcointalk.org/index.php?topic=165588.msg1729785#msg1729785

Perhaps this pull request should be kept on hold until clearer guidelines for wallets inclusion on bitcoin.org are discussed.
@sunnankar
Contributor

sunnankar commented Apr 17, 2014

Perhaps we need to be clearer for new users about what is important for control of funds (private keys) and help new users understand better who has or could have access to them. For example, some wallets can generate and store them completely offline (Armory) while others 'touch' or 'hold' the private keys in some way (Blockchain.info, Bitgo, Coinbase, etc.). Helping new users understand some of these concepts are important.

@saivann saivann added the Wallets label Oct 8, 2014

@harding harding added the Help Needed label Feb 27, 2015

@harding harding removed the Help Needed label Apr 12, 2015

@Cobra-Bitcoin Cobra-Bitcoin closed this Mar 23, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment