Author: Peter Todd 2013-08-08 18:20:14
Published on: 2013-08-08T18:20:14+00:00
In a mailing list conversation, Peter Todd discusses the need for careful handling of incoming funds in a multi-party wallet to prevent attackers from fooling users into giving the wrong address. He suggests that funds sent to the wallet should be split up into discrete authorization amounts by all parties involved in authorizing outgoing payments. Todd also mentions that giving customers a physical private key, such as on a sheet of paper, could be legally desirable for transferring large amounts of Bitcoin. With multi-factor wallets, the customer provides one or more keys, while the final key is given to them on a sheet of paper with instructions to scan it on their phone via QR code. One-time passwords could also be used, and the final approval could be done over the phone by telling the customer magic words that unlock their funds. In both methods, there is still a risk of funds ending up locked due to a mistake, but there isn't financial incentive for it to happen. Todd concludes by expressing disappointment that OP_EVAL was not implemented, which would have allowed customers to provide a P2SH script to unlock funds easily.
Updated on: 2023-06-07T14:40:37.002431+00:00