There is so much misunderstanding around cryptography.
Steps To Hack Blockchain.info
1) Discover a zero-day exploit in the operating system that Blockchain.info runs on
2) Hack it
3) Compromise the javascript that it delivers to the client
4) For the next 10 minutes or so (or up to the point the hack is discovered), anyone who logs into Blockchain.info via the web app and types in their password is compromised. Period.
Now, granted, this won't affect EVERYONE who has a Blockchain.info account, only the ones who log in while it's hacked.
Please see any of the very many recent in-depth discussions about the security of webapp-based cryptography. Sure, it "works" in the sense that it's very easy to use, but it is by no means secure.
I'm sure all of those other "online wallet" services that lost or disappeared with everyone's BTC also had plenty of users.
Moxie, given your background in cryptography, do you have any ideas on how the Bitcoin community could improve the user experience without compromising security?
you realize that they dont have your private key right? and that you can verify the javascript wasnt poisoned by having a hash of the legit javascript and comparing it? with a handy toolbar?
Steps To Hack Blockchain.info
1) Discover a zero-day exploit in the operating system that Blockchain.info runs on
2) Hack it
3) Compromise the javascript that it delivers to the client
4) For the next 10 minutes or so (or up to the point the hack is discovered), anyone who logs into Blockchain.info via the web app and types in their password is compromised. Period.
Now, granted, this won't affect EVERYONE who has a Blockchain.info account, only the ones who log in while it's hacked.