Wallet Technical FAQ
Are wallets deterministic?
No. Addresses are generated from a large random number generated by your browser. Therefore, private keys are non-deterministic. This means you do not have to backup or remember an additional seed. However, if you lose your encryption password there is no way recover your keys.
Does the client generate a pool of addresses?
As of yet, no. Initially wallets only contain a single address, but you may generate more. “Change” from transactions is returned to the sending address by default, but can be sent to a different, or new, address in your wallet.
What does "Watch Only" mean?
Bitcoin addresses come in two parts - a public key and a private key. The public key can be used to view an address’s balance and transactions, but it cannot be used to make transactions without the private key. The private key is the important part which proves ownership of an account and allows Bitcoins to be spent.
When addresses are labeled with “no private key”, it means the private key is not contained in your My Wallet data. You must have a backup of this key elsewhere (e.g. paper wallet) in order to make transactions.
Where is my wallet stored?
We use MySQL Cluster to store your wallet data. Upon creation your wallet is synchronously saved on at least 2 separate privately owner servers. Our servers are collocated in a locked cabinet at a datacenter with a dedicated security guard. Every 24 hours a database backup is saved to an off site location.
You can access your wallet.aes.json file either from an email notification every time there is a change in your account, or through the 'Import / Export' tab when logged into your wallet. Then, you can take that wallet.aes.json and import the backup with this page.
What fees do you charge?
The service is free of charge. An additional network fee maybe required for some smaller transactions which goes to the bitcoin miners.
What if an attacker knows my wallet identifier?
If you do not have two factor authentication enabled, the attacker can gain access to your encrypted wallet data. The attacker can then attempt to decrypt your wallet by brute force.
An attacker cannot delete or update your wallet without also having the shared key. The shared key is contained within the wallet but can only be accessed after the wallet has been decrypted.
What if an attacker knows my wallet identifier and shared key?
The attacker can remove your wallet from our online backup. Unless he also has the full plaintext wallet data, your private keys are still safe.What information do you store about my wallet
- Wallet identifier
- Shared Key
- Time the wallet was created
- Time the wallet was updated
- Time the wallet was last accessed
- Encrypted JSON wallet data
- Wallet alias - Optional short link if set by the user
- Notifications email - Optional if you want to receive transaction notifications by email
What information do you store about my transactions
We log no transaction information which is not available publicly on the Site. Transactions data is accessed using our publicly available API and we are unable to determine the difference been transactions that have been submitted publicly or those that have been created in our online wallet. No API calls include your wallet identifier or any other information linking that transaction to your wallet.
Online transactions are created and pushed to our API in binary form, exactly how it will appear when it is relayed through the bitcoin network.
What information do you include in API calls
The following is a list of the API calls the client will make and any attached data.
| Method | Purpose | When | Attached data |
|---|---|---|---|
| /multiaddr | Get summary data about the provided bitcoin addresses | Called when the wallet is opened | Hash 160 of each address |
| /unpsent | Get any upsent TxOuts from the provided bitcoin addresses | Called before a transaction is made | Hash 160 of each address |
If javascript can be used to sign transactions why does it need to use your sever at all?
At the time of writing the bitcoin block chain is around 750MB in size. We index this data on our servers so that you do need to download or sync it every time you open your wallet. Also, it is not possible to open native sockets from within a browser so the javascript client cannot communicate directly with other bitcoin nodes, for this reason the transaction is relayed through our servers.
How can I trust the javascript I am running is not malicious?
You can never totally trust javascript which is downloaded from another server as the provider is able to modify the code freely with no easy way to detect or differentiate between malicious or necessary changes.
We provide a Chrome app for blockchain.info My Wallet, which is available in the Chrome app store. Using this will significantly decrease your risk of falling victim to a phishing site or modified javascript.
We make all efforts to be as transparant as possible. All the javascript files are available on our github repository at https://github.com/blockchain/My-Wallet you can view the commit messages to see changes we have made.
What programming language is the site written in.
Please describe the wallet decryption and transaction creation routine.
| Server | Client |
|---|---|
| Client Requests encrypted wallet data for an identifier | |
| Sever responds with encrypted payload | |
| Client uses password to decrypt the wallet in browser | |
| Client request transaction data from our API | |
| Client creates and signs transaction in the browser | |
| Client pushes raw transaction data to http://blockchain.info/pushtx | |
| Server relays transaction to bitcoin network |
Please describe the wallet creation routine.
| Server | Client |
|---|---|
| Client generates wallet identifier and private key | |
| Client generates JSON data containing private key | |
| Client encrypts JSON payload | |
| Client requests encrypted payload is stored on server with a provided identifier | |
| Server Stores encrypted data |
Please describe the wallet update routine.
| Server | Client |
|---|---|
| Client Requests encrypted wallet data for an identifier | |
| Sever responds with encrypted payload | |
| Client decrypts wallet and shared key | |
| Client modifies wallet data and rencrypts JSON output | |
| Client request wallet is updated providing both the identifier and shared key | |
| Server Stores encrypted data |
What is double spending?
A double spending is where a user inadvertently or maliciously tries to spend his Bitcoins twice. It may be a result of multiple devices using the same Bitcoin wallets, as well as from unconfirmed transactions that never get approved because they have no transaction fees and the user eventually tries to spend his Bitcoin again.
Author Name
Author Description!
Get Free Email Updates to your Inbox!
Post a Comment