The most powerful part of multi-sig is not that you can have arbitrarily many M of N, but that you can outsource complex policy in a trusted way. E.g., create policy that lower level employees can control a small percentage of a company's holdings, while higher level employees can control a higher percent. It allows you to implement flexibility that exists in the credit system, without giving up the trust/control that comes from the blockchain system. This is a very valuable upgrade to Coinbase's feature set. Great work guys!
<i>Keys are created and encrypted in the browser</i><p>Key hijack in 5... 4... 3...<p>Browser crypto isn't secure. One way to offset the risk is to use a browser plugin to perform the crypto operations, and even that isn't really a security guarantee.<p>When you combine an incentive to break crypto (money) with a straightforward route to breaking it (browser crypto), you get a pretty dangerous situation.
<p><pre><code> > COINBASE KEY: The only key that Coinbase stores.
> SHARED KEY: Encrypted with your password and stored
> both by you and Coinbase.
</code></pre>
Are these the same key, or is there an inconsistency with the language here? How many keys does Coinbase store?
<i>coinbase-graig</i>: is it possible with your current API to connect a third party service outside Coinbase to sign the transaction? say I want to do a retinal scan before the transaction is approved.
I wouldn't trust any third party to keep my bitcoins except for the money in transit. I have my local client and local wallet, and that's where I do my transactions from.
Sorry if this is off topic. But I wonder how many websites like these the US government creates in an attempt to control their environment. Maybe I'm paranoid but what if (as an example) companies like Popcorn Time were shutdown and replaced with a government version? All the more reason open source is important.