Bitcoin Authenticate

Here is some info about this and what’s going on.


Bitcoin Authentication Open Protocol

Pure Bitcoin sites and applications shouldn’t have to rely on artificial identification methods such as usernames and passwords. BitID is an open protocol allowing simple and secure authentication using public-key cryptography.

Classical password authentication is an insecure process that could be solved with public key cryptography. The problem however is that it theoretically offloads a lot of complexity and responsibility on the user. Managing private keys securely is complex. However this complexity is already being addressed in the Bitcoin ecosystem. So doing public key authentication is practically a free lunch to bitcoiners.

Video demonstration of the user flow :

Slides presentation of the project :

Implementation example (server) :

Implementation example (client) :

The protocol is described on the following BIP draft and is open for discussion :


Some security concers:

Security concerns

BitID offers a secure authentication method :

  • As secure as sending funds through Bitcoin
  • out-of-band, keyless authentication using a smartphone wallet, allowing login through an untrusted computer
  • anti-phishing protection when using a desktop wallet (IP address matching verification)
  • no third party, no external compromission possible, no storage of user sensitive data on the server
  • resistant to arbitrary signature requests: challenges are syntaxically verified by the wallet as valid bitid URIs
  • resistant to brute force or dictionary attacks

However many responsibilities are in the hands of the user :

  • the user must protect his private keys and make backups (this should already be the case)
  • the user must pay attention to the URL shown in authentication requests in order to avoid man-in-the-middle attacks; the out-of-band authentication process does not allow any protection against these attacks.
  • Finally, a major drawback of this protocol is the absence of revocation procedures. If the user loses her private key or if it is compromised, there is no native possibility of revoking the authentication access. The only way to revoke the user’s identity is then to to establish a back-channel communication with the website using email, security questions, or a password.

Buying Bitcoin on eBay


Missed it!

I’m pretty upset I never got in on the Bitcoin early, I keep reading stories of people buying bitcoin on eBay or other places and it’s upsetting.  People were selling them as low as $10 I have seen, probably even lower.   Did you ever buy them cheap on an auction site? I want to hear your story.

Now it looks like they don’t sell bitcoin anymore on eBay, it’s more hardware or software, real gold plated coins etc.  I think Bitcoin is a real threat to Paypal, although seem to be sort of embracing it but I think it’s more out of fear.

For Sellers

Here is an exerpt from the eBay forum on the subject:

Although it’s obvious to many people out there that ‘digitally delivered goods’ are a no-no to sell on eBay, it may not be immediately obvious that you cannot protect yourself from applying to this policy (and from scammers) by utilizing physical shipment methods. Some of these methods include the sale of a physical coin (such as a penny) or a physical wallet preloaded with BTC.

After speaking on the phone with eBay listing policy management, and the PayPal claims department, any hopes of legitimately and safely selling Bitcoin here have been successfully erased. I was told by the eBay rep that I’m not allowed to list Bitcoin. That much is obvious; but what about selling it in a more legitimate sense? What about selling it like a gift card via a paper wallet? I was informed this too is a shaky practice at best.

The final blow to my hopes was decided after speaking with PayPal. I recently sold a few Bitcoins and had two very similar cases opened against me stating very suspiciously similar things: claiming they had not authorized these transactions and their account must have been ‘hacked.’ They both claimed they had ‘never heard of Bitcoin’ and one even threatened me before opening the case. These two (eelaroc, lunarbaby22) are scammers, plain and simple. I called in regarding these disheartening cases and was bluntly told PayPal does not support Bitcoin in any form, paper wallet or otherwise.

You’re basically putting yourself at risk whener you decide to list Bitcoin, no matter what form or how you attempt to protect yourself. I learned my lesson

So ya, it was nice being able to have a mainstream company sell bitcoins while it lasted but that’s ok.  There are some solid places to buy bitcoin now so it’s ok.   Maybe they will jump back on board when they can’t deny it.

I don’t know what this post is trying to present more than, getting nostalgic about eBay selling Bitcoins and wondering what’s going to come of it in the future.