|
Title: Building the Most Basic Bitcoin Wallet Ever (in Facebook Messenger) Post by: ftreml on February 22, 2017, 08:46:21 AM Here is an article I wrote for the Chatbots Magazine:
https://chatbotsmagazine.com/building-the-most-basic-bitcoin-wallet-ever-in-facebook-messenger-a71014d46258 Title: Re: Building the Most Basic Bitcoin Wallet Ever (in Facebook Messenger) Post by: ArcCsch on February 23, 2017, 05:41:27 PM Quote Actually, the private key for the generated Bitcoin address is encrypted with this PIN code, so as long as the PIN code is safe, the Bitcoin are safe. In Itipu, you can send your Bitcoins to your friend’s wallet by telling the bot to do so, like, “Send 2 dollars to joe.” (You have to enter your PIN code of course). First, how long is this PIN?If it is four digits, and the phone is hacked (encrypted key leaked), that would be broken pretty quickly, even with key stretching. For example, if decrypting takes one minute on your phone, cracking would on average take a bit over eight hours on an identical phone, a powerful GPU could probably crack it in a few minutes. You could fix that by replacing the PIN with a pass-phrase, until it becomes essentially a salted brain-wallet. Also, if this is a bitcoin wallet, why does the article say "send 2 dollars to joe", instead of "send two millies to Joe"? Title: Re: Building the Most Basic Bitcoin Wallet Ever (in Facebook Messenger) Post by: bob123 on February 24, 2017, 01:09:07 PM Quote Actually, the private key for the generated Bitcoin address is encrypted with this PIN code, so as long as the PIN code is safe, the Bitcoin are safe. In Itipu, you can send your Bitcoins to your friend’s wallet by telling the bot to do so, like, “Send 2 dollars to joe.” (You have to enter your PIN code of course). First, how long is this PIN?If it is four digits, and the phone is hacked (encrypted key leaked), that would be broken pretty quickly, even with key stretching. For example, if decrypting takes one minute on your phone, cracking would on average take a bit over eight hours on an identical phone, a powerful GPU could probably crack it in a few minutes. You could fix that by replacing the PIN with a pass-phrase, until it becomes essentially a salted brain-wallet. Also, if this is a bitcoin wallet, why does the article say "send 2 dollars to joe", instead of "send two millies to Joe"? If you affect the Computing time with dummy operations you dont need a long passphrase.. Generally.. you could just use a 4 digit code.. and on 3 wrong enters.. the wallets blocks or deletes the priv keys.. With this option available.. you should make sure that the user of the wallet writes down a "passphrase" to recover the Priv keys (or write down the priv keys itself). Title: Re: Building the Most Basic Bitcoin Wallet Ever (in Facebook Messenger) Post by: ArcCsch on February 27, 2017, 02:17:20 AM If you affect the Computing time with dummy operations you dont need a long passphrase.. It is relatively easy to set up a cluster thousands of times faster than a phone, this would crack the key about as fast as the phone can decrypt it.I covered this in my previous post. Generally.. you could just use a 4 digit code.. and on 3 wrong enters.. the wallets blocks or deletes the priv keys.. Most smartphones do not have a secure cryptoprocessor on board, a hacker can take the phone apart, remove the memory storage, and extract the encrypted keys.With this option available.. you should make sure that the user of the wallet writes down a "passphrase" to recover the Priv keys (or write down the priv keys itself). After this, the hacker would not have any trouble cracking your key-stretching scheme. This may require some effort, but it it well worth the stash of bitcoin. Title: Re: Building the Most Basic Bitcoin Wallet Ever (in Facebook Messenger) Post by: coinableS on February 27, 2017, 04:29:59 AM Quote To be on the safe side, my wallet grants 2 Satoshi per byte. I hope this is a typo. 2 sats/byte is very low. Other than that, very cool article and project! Title: Re: Building the Most Basic Bitcoin Wallet Ever (in Facebook Messenger) Post by: bustedsynx on February 27, 2017, 04:31:36 AM Do be careful: Even someone with experience can read the thousands of lines of code in
a coins source and not spot a 'payload' or virus. Just because you compiled it yourself does not mean you are safe from malware. Use virus scanners, websites like virustotal.com and run unknown sources on separate machines or best in virtual machines for safety. Title: Re: Building the Most Basic Bitcoin Wallet Ever (in Facebook Messenger) Post by: maxi_malism on March 09, 2017, 11:49:08 PM Quote Actually, the private key for the generated Bitcoin address is encrypted with this PIN code, so as long as the PIN code is safe, the Bitcoin are safe. In Itipu, you can send your Bitcoins to your friend’s wallet by telling the bot to do so, like, “Send 2 dollars to joe.” (You have to enter your PIN code of course). First, how long is this PIN?If it is four digits, and the phone is hacked (encrypted key leaked), that would be broken pretty quickly, even with key stretching. For example, if decrypting takes one minute on your phone, cracking would on average take a bit over eight hours on an identical phone, a powerful GPU could probably crack it in a few minutes. You could fix that by replacing the PIN with a pass-phrase, until it becomes essentially a salted brain-wallet. Also, if this is a bitcoin wallet, why does the article say "send 2 dollars to joe", instead of "send two millies to Joe"? You're right, but i think this type of wallet can still be usable to do casual transactions/tipping. The attacker still needs to have access to the phone, no? I mean, one could totally refute piggy banks as worthless because they're easily broken into. I for one liked this tutorial :) |