A functioning implementation of BIP38, Two-Factor Bitcoin allows individuals to engage in two-party transactions who do not necessarily trust each other.
Reddit user slavik0329 posted the following explanation as to how it works:
- Seller makes an intermediate code by entering a passcode.
- Buyer enters in the intermediate code which generates a Bitcoin address for payment , a corresponding encrypted private key, and a confirmation code. This key can only be decrypted with the sellers passcode. Buyer then pays the generated payment address and keeps the encrypted key. Buyer also sends confirmation code to seller (used to verify that the address corresponds to the original passocode)
- Seller verifies confirmation code with address. Checks payment was made to address. Ships item. At this point, the bitcoins are in limbo. There is no way to access them without the sellers password and the buyers encrypted key. This gives no incentive to the seller to scam the buyer. The only problem is if the buyer decides not to release the encrypted key to the address. However, the buyer would not have access to the funds either.
- Buyer gets item and hopefully sends the encrypted key to the seller
- Seller decrypts private key with original passcode and redeems Bitcoins