RE: SteemWorld ~ Weekly Support ~ #17
The create_account
blockchain operation only takes the owner, active, posting and memo public keys. The calculation of those from the master password has to be somewhere inside steemworld. It is not necessary for the account creator to know the corresponding private keys. It is correct that these keys can be changed by changing the master password, however the account creator can still recover the created account within the first 30 days if he/she knows the initial keys/master password.
Edit: a possible workflow could be that the the new user uses the steemworld Key Generator tool to generate a set of keys, stores the master password and the private keys safely, and forwards the corresponding public keys to the account creator. Given support for that, the account creator could then create the new account with these public keys. This way, the account creator doesn't know any of the private keys at any point in time and the new users doesn't have to trust the creator (or fear a take-back with recovery).
Thanks, now I know what you mean! Of course, the API call just requires the public keys. The client would just need to send the account name + public keys (+ fee maybe) to the creator... Would be way easier than the solution I roughly planned before. I like the idea, will think about it ;)