Added Ciphrex Bitcoin Vault

[CodeShark]

Added Ciphrex Bitcoin Vault application to wallets.

Bitcoin Vault is a full-featured account management system supporting individual accounts as well as shared multisignature accounts. Features simple backups, full BIP32 support, fast synchronization between devices, native GUI and command line tools, reusable libraries, and API.

[saivann]

For the record, I asked @CodeShark if he could collect some public users' feedback and/or get some known Bitcoin developers to peer-review his project similarly to other software wallets.

Related thread:
https://bitcointalk.org/index.php?topic=601177.0

[saivann]

It has been a while that this pull request has been put on hold. Since then, there hasn't been much public comments about the wallet, but nothing concerning either. Meanwhile, the app still seems well maintained, the source code is properly tagged under version control and the app seems to provide useful multisig security features not provided by other wallets.

I suggest we consider adding this wallet soon, with the usual checkfailtransparencynew score given that it's still uncertain how much users have used or reviewed the app and source code.

@CodeShark Can you update your branch for the new wallet page?

https://github.com/bitcoin/bitcoin.org#wallets

[tigereye]

Michael Perklin here. (https://keybase.io/mperklin)

In May 2014, my company, Bitcoinsultants, was contracted to perform a security audit on the CoinVault application by Ethereum as they were considering using CoinVault to secure the coins raised during their upcoming crowdsale.

The security audit identified no "back doors" and no misuse of cryptographic algorithms in the code and confirmed that proper sources of entropy were being used. As a result, Bitcoinsultants recommended the use of CoinVault to Ethereum, who now currently use the application to secure thousands of coins raised during their crowdsale: https://blockchain.info/address/36PrZ1KHYMpqSyAQXSG8VwbUiq2EogxLo2

Since that audit was completed, Bitcoinsultants continues to recommend the use of CoinVault to its clients and has seen it evolve, mature, and gain a new name: mSigna. We recognize that mSigna is the only application currently available that combines both BIP32-compliant extended key functionality with multiple signatures, meaning that each keyholder has their own BIP32 seed from which all multi-signature addresses are generated. I know of no other wallet software that supports this.

These features, combined with mSigna's native node connection methodology (you can point mSigna to ANY bitcoind node on the Internet for syncing) make mSigna a highly-secure lightweight wallet that is not dependant on a complete local copy of the blockchain (like Armory) or custom blockchain servers (like Electrum).

Bitcoinsultants can share the audit report with any bitcoin.org maintainers who wish to verify this post.

[saivann]

@tigereye Thanks, your comments are very appreciated. Did you audit the code for bugs that may lead users to lose funds in transaction fees (not just unsafe use of floating point numbers, but any bug that may lead the software to do some miscalculations)?

@CodeShark Can you shorten the description to 6 lines? Your current text takes 9 lines and 3 are hidden. Also, the following superlatives need to be removed (or replaced), and BIP0032 should be written BIP32 (consistently with other BIPs on bitcoin.org).

ultimate security - (maybe strong security)
s/full support for/support for

[tigereye]

The audit of CoinVault last May did confirm that appropriate "change addresses" were created and used to send change to the next address in the BIP32 chain.

Bitcoinsultants staff conducted numerous tests with the software on Windows, Linux, and OS X environments, as well as on x86 and ARM architectures and all tests showed proper handling of change addresses and produced transactions whose details matched the expected results. To-date, none of our clients that make use of CoinVault (now mSigna) have contacted us with problems or concerns related to lost funds or unexpected outputs on their transactions.

As an opinion, I find CoinVault to be more difficult to use than simple wallets due to the advanced features it provides, but easier to use than "expert" wallets like Armory due to the simplicity of the UI. Setting up multi-sig accounts in mSigna requires a solid understanding of public key cryptography to ensure the right key halves (private or public) are transmitted and loaded into the appropriate vaults. This is to be expected, and despite the difficulty with the concepts in general, the application simplifies the process with explicit labeling of menu items ("Export Private Keychain" vs "Export Public Keychain") and icons (a "lock" icon vs a "group of people" icon) so that users who understand the concepts can make informed decisions and know exactly what the application is doing on their behalf.

For full disclosure, I am not affiliated with Ciphrex in any way. I'm not an employee and I don't hold any stake - financially or otherwise - in Ciphrex. However, I was asked by them to comment in this thread due to my use of their system and the deployments my company has completed with mSigna. All comments made here are my own and have not been reviewed by Ciphrex prior to posting.

[saivann]

@CodeShark Except for the following remaining superlative, this LGTM.

s/very strong security/strong security

[saivann]

@tigereye Thanks again for your answers.

[saivann]

I have tested the app today and didn't find any bugs either, mSIGMA looks pretty solid in general. Given the absence of negative feedback for more than 6 months, good code transparency and positive audit results from Bitcoinsultants, I think adding mSIGMA at this point is reasonable.

In the absence of critical feedback, this pull request will be merged on October 27th.

[CodeShark]

@saivann Thanks for reviewing this. Small nit regarding your last post: it's mSIGNA with an N, not an M :)

[saivann]

@CodeShark Good thing you have written the name and description then ;) . Your wallet should be displayed live in the next minutes.