[Multi-Sig] BitSign v1.0 Release - Now easy, still safe

Hello /r/DarkNetMarkets,

As you can probably tell from the title, I am here today to post about version 1.0 of BitSigner. However, before I go into any details I would like to ask you one thing; please read the whole post before drawing any conclusions about BitSigner.


What is BitSigner?

BitSigner is an open-source multi-sig signing Javascript application based off of the popular Coinb.in.


What exactly does BitSigner do?

BitSigner makes creating keys, storing keys, verifying scripts, and verifying/signing transactions easy and streamlined without sacrificing the security of Multi-Sig.

Creating/Storing keys: Based on a username and password you provide, a public key and private key will be generated for you. Every time you put in that username and password, the same keys will be generated. That means no more storing keys anywhere! You just have to remember your username and password.

Verifying scripts: Paste a raw transaction, redeem script, pubkey or wif key to convert it into a readable format that can be verified manually.

Verifying/signing transactions (Main Feature): If you are using a compatible script or string of scripts, the transactions will be laid out for you in an easy to read format and will let you sign or skip the transaction with a click of a button. Then, BitSigner gives the signed transactions back to you, separated by commas.


Isn't Javascript unsafe?

It is true that malicious Javascript has been used in the past to deanonymize users. However, this requires that 1, the Javascript is malicious and 2, the user is online. It is for these reasons we have made BitSigner open-source and recommend that BitSigner be used offline. If you use BitSigner offline, it is impossible to deanonymize you, even if it is a malicious version. IMPORTANT: Only download BitSigner from the official BitSigner repository below. If you download it from somewhere else it may be a malicious version.


Where can I use BitSigner?

Currently, only one market has integrated with BitSigner. That market is Havana; a Multi-Sig only/drugs only market for which I am one of the developers. Havana is currently in Beta so if you are a vendor that is interested in using easy but secure Multi-Sig or would like to help Beta test a new market, please head over to our Hub post to see if you are eligible to participate in our Beta program.


Is this the same Havana from the Name Game Giveaway?

Yes. You can verify this via my Reddit profile.


I invite anyone that knows Javascript to start auditing BitSigner v1.0 on Github.

Good day,

ProbableFire


BitSigner:

https://github.com/ProbableFire/BitSigner

Havana Beta Hub post:

http://thehub7gqe43miyc.onion/index.php?topic=7970.0


edit: formatting


Comments


[2 Points] None:

[deleted]


[2 Points] blackflag909:

I'm extremely skeptical. What sort of audits have been conducted. Also what's to stop a virus to manipulate the program even when it's offline


[1 Points] attilathehunn:

Creating/Storing keys: Based on a username and password you provide, a public key and private key will be generated for you. Every time you put in that username and password, the same keys will be generated. That means no more storing keys anywhere! You just have to remember your username and password.

Sounds like a brainwallet, which is a really really bad idea.

So if I write software to guess lots of different usernames and passwords I can find and steal people's bitcoins?


[1 Points] AussieCryptoCurrency:

Any reason why your code needs to check for a connection, here?

Seems odd. For offline wallet. Also, you've disabled the sendTx method but the functionality is still reading the WIFs.

VERDICT: stay far away


[1 Points] ProbableFire:

I just updated BitSigner to version 1.0.1

This is the new version's changelog:


[1 Points] None:

Let put some of these criticisms in the comments in perspective here. The developer is trying to create a usable functional mutlisig escrow market. If he was looking to steal coins there's a much, much easier way to do that. Open a traditional escrow market and you can steal all the coins you want and there's nothing anyone can do to stop you. If you really believe that this developer is trying to steal bitcoins with this app, you need to think a little before you post. Compare the risk of this app with the risk of Agora or Blackbank or Nucleus. Honestly, where is there a bigger risk of massive theft?? The other point I want to make is that I'm very happy to be signed up as a launch vendor on Havana after participating in the alpha testing for this market. This app is not required for either buyers or vendors on Havana. It's a way to make signing multisig transactions easier for vendors. It is a really functional well designed app. OP did a great job making a tedious, error prone task (signing with Bitcoin-QT command line) into a fast, efficient, just more reliable procedure. Kudos to him for that. The people who wear their tin foil hats a little too tight can use bitcoin QT and still benefit from the immense security advantages of multisig escrow vs traditional escrow markets.