Bitcoin Forum

.

Nothing here on my side, although I might be missing out.
No, just modify a smart watch, add encryption and btc wallet.

http://www.bitcointrezor.com/


This is not specifically for btc but it can be developed for it.  http://www.getnymi.com

Hope in near future some Chines companies try this watch  :D

Chines have big heads and surely they accept all these seeds and now start work on your project

A g-shock btc wallet/watch. I could see that in the future

I agree, and i'm disappointed we have not got them yet.  The Trezor lacks NFC and a keypad.

I want a credit card sized hardware wallet.  Cheap. NFC, so that I can stage the payment on my phone, and then get the hardware wallet to sign the transaction by holding it to the back of my phone, and enter pin.

There's also this thing (or will be soon?):
http://www.butterflylabs.com/bitcoin-hardware-wallet/

Although not entirely convinced are the hardware wallets really the safest way of storing bitcoins. They may be resistant to hackers/trojans etc, but you entirely rely on physical device which can be lost/stolen/destroyed (unless I'm missing something here).

Yeah your missing something. You use a seed to generate the key, and keep that locked away.

A hardware wallet will never give up its key. In theory safer than using paper wallets, as there is less chance of you making a mistake.

Wow, I hadn't seen that. Looks really nice. Waterproof and with multi-signature support too? Very nice.

The butterfly labs thing is going to be too expensive, and duplicates a lot of functionality you already carry around in your pocket. I can see it making a good POS device for traders, but for ordinary folk, we want small and cheap.

Pre-order one today then, you will receive it when Gox processes withdrawals, guaranteed.  ;D

To be fair we've been waiting for Bitcoin Trezor (http://www.bitcointrezor.com/) for a while too. Producing hardware products has extra considerations than strictly software ones :)

I wouldn't buy this unless you plan on waiting two weeks^tm for it.

Hardware wallets would be a big target for virus relating to Bitcoin so I would rather just have a paper wallet where no virus will affect me.

Hardware wallets don't have an OS (or shouldn't have), and only communicate using a verifiable protocol. Just how would they get a virus?

There is also the http://www.pi-wallet.com/ which seems pretty good and is available to buy now, but they probably have to improve the design of it a bit if they want to sell it to the general public!  :)

It's not really a hardware wallet, in the sense that it can sign transactions for you, and not give up it's key.

I heard about the BFL wallet. I wouldn't consider dropping a penny until they are in stock though. Never preorder from them - although this is something that time isn't really of the greatest importance in receiving.

Also shameless self advertising http://www.hardwarewallet.com - available soon, after some lengthy redesigning process, target price around 10€

As I understand it, the Trezor will let you write down the seed for the keys when they are generated, in case the wallet is lost/stolen/destroyed. A thief shouldn't be able to brute-force the PIN on the device for some time, giving the original owner time to regenerate the keys elsewhere and move the funds.

I don't see a display; how does the user verify the transaction details haven't been modified by malware before signing the transaction?

You submit the transaction to the dongle, then remove it, then insert it again into the same computer and a different application (f.e. Windows login screen) / another device supporting HID keyboards, depending how much you fear being compromised, the dongle types (as a keyboard) a summary of the transaction and a unique PIN code, finally you plug it back into the original computer (or just remove it / plug it back again) then type this PIN code to validate the transaction.

and it's easier than it sounds  :)
  

Ah, clever. I'll buy one when they are available. Seems like you could use a modified version of this to verify transactions/account changes on an exchange or mining pool.

thanks. there's already some minimal server API available (specification at http://htmlpreview.github.io/?https://github.com/btchip/btchip-python/blob/master/doc/bitcoin-technical.html) but all suggestions are welcomed for the next version, or the current one if they are small / easy enough to implement.

Still waiting for Trezor

I'm looking forward to these.  There is defiantly a place in the market for something like this, and judging by the technical spec, a lot of thought has gone into it.  I can see myself using a bunch of these for cold storage, and then getting something with a screen & NFC for regular use.

Hope they don't melt too easily, for use in a fire safe. :)

Thanks, yes, I think that there's definitely some market share to grab for cheap & secure products :)

NFC will very likely be available in a future version as we upgrade our generic card platform, and regarding fire resistance, you only care about the chip which should follow ISO 7816-1 guidelines (so basically fine up to 70 degrees celsius for limited periods of time)

Also, a video that shows how the second factor works in a sample KryptoKit integration is available at http://www.hardwarewallet.com/video.html (webm, so Chrome recommended)

Oh nice, it works with KryptoKit.

Got a launch date yet?

Yes, that was easy, but more intended as a proof of concept & quick hack than a final product until their licensing is clear ;D

Launch date, well, soon now. Not in two weeks (c) but probably in a few weeks.

Interesting. I wonder if a BlackBerry phone (BB10) would work just as well. Encrypt the phone, Password protect the phone and password protect the app. Some of the BB10 phones are also equipped with NFC making for a Google Wallet type of experience using Bitcoins if a proper app is made.

I currently have a Q10 and think it would be killer if I could carry my Bitcoins around on my encrypted BlackBerry phone.

Any smartphone with NFC will do.  The idea of a hardware wallet, is that you don't need to trust the hardware it connects to any more.

I think that's the general direction we are heading in, with all computing.  Expect to hear a lot about U2F later this year.

I wonder if it's possible to use the verification scripting language to avoid the need for a specialized Hardware wallet.
https://en.bitcoin.it/wiki/Transactions#Verification

I imagine "spending"  into a dedicated holding wallet  to secure my coins -- with a transaction that has a custom verification script for collecting the inputs of the transaction.

In addition to the normal signing restriction, the script would need to make sure that "Holding" wallet  would ONLY be allowed to spend EXCLUSIVELY to a designated  Bitcoin address.

The designated address would be my "spending" wallet,  normally kept empty or loaded with a small amount for ordinary transactions.

For example...   I would have a web server somewhere with access to the private keys of the holding wallet,  that I can login to,  and a  more traditional two-factor auth method would be required ---  it may have lots of coins on it,  but the verification script   will  allow   it to spend the coins to my   Cell phone's Bitcoin address and no other Bitcoin address.

I could have paper copies of both keys,  AND  never  put the two private keys on the same device.

Don't you feel like having some kind of a cryptowallet combined with a password manager and U2f? Am I the only one who is tired of all this hustle with many devices for different security needs?

Not paying attention to where you send the btc.
not backing up your shit
backing up your shit and storing the backup improperly (or in the open or near flames)
not secure enough pin
not keeping your btc secret
пocтoяннaя ccылкaembedcoxpaнитьнaчaльный

I want to buy Hardware Wallets

Not keeping your seed secret (hint split 2 copies of the seed into 3rds and store 2 different 3rds in each of 3 locations)

And don't tell anyone, not your wife, not your boyfriend, not your siblings.... No one!

So what happens when you die and your total networth is lost on the blockchain?

We all get a little richer

That is when the clue leading them to the first puzzle arrives in the mail.

You could have a dead man switch where private keys are only released upon death

Sounds like you have the making of the next overvalued ICO

Except you don't need an ico for that. I'm pretty sure theres email services with dead man switches as features. Just put your clues/instructions for private keys in the email.

Sounds like an exciting treasure hunt!

And also malware (just a malicious browser extension is enough) that changes the addresses that you see in your browser.
It seems pretty difficult to protect against these attacks at a reasonable cost. Any idea? (better that always double-checking on a second device that it dedicated to that. Without much stuff installed on to limit the risks)

One nice trick I've heard is a malware that changes your copy text, so you copy a destination address, it gets changes but when pasting but you don't notice, and process to securely sign the tx with your hardware wallet.

No. The most glaring defect of hardware wallets is the presence of the physical device itself, which identifies you as an owner of bitcoins. It's like painting a bullseye on your back. How can you answer “What bitcoins, sir?” to the customs officer, when he's looking right at your Trezor or Ledger device? Or to your nosy neighbor? Or to the random house guest?
Use an online/offline software wallet with freely-available, open source code. Never put your keys on a network-connected machine. Sign all your transactions offline. Memorize your seed mnemonic. That way, wherever you go, your bitcoins go with you. Invisibly, without leaving any physical trace.
Once you've arrived at your new location, buy a Raspberry Pi and an SD card and download and install the wallet software on it for use as a signing machine. Sign transactions using your mnemonic, so your seed is never stored on any physical medium. Run a full node with a watch-only wallet for broadcasting transactions and tracking your balances.
Difficult? Yes, but true security is always difficult. All the “easy” solutions involve relinquishing control to some trusted third party, and reliance on third parties is exactly what Bitcoin was created to free us from.

I am not a big fan of having to keep the master seed of hardware wallets stored. Even if you keep it somewhere safe, someone can still get to it and have access to your funds. So this is my setup: *1) Live-usb ubuntu, network disconnected. *2) Generate addresses using bitcoin paper wallet downloaded offline site, printing PDFs. *3) Save these PDF on an encripted container using veracrypt, with a very strong password. This encripted file you can store safely online on google drive or something. *4) Split your BTC across some addresses, thinking of how you'll use them. Keep the public addresses handy. *5) When you want to use it, just boot ubuntu again, open the PDF, and use a mobile phone wallet like Mycelium to import the private key using QR Code. *6) Spend the amount needed and send the remaining amount to a new paper wallet and don't use the old one anymore.
Edit: never type the veracrypt password anywhere but the ubuntu live cd and dont store it online.

You might find it easier just to memorize your master seed and store it only in your head. The risk of forgetting it is no greater than the risk of forgetting a password. And there's no physical backup to get lost, stolen or hacked.
I use the MMGen wallet and do all my address generation and signing offline using a memorized seed.
https://github.com/mmgen/mmgen

Nope! https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/

So what happens when you forget your "very strong password"?

You don't forget it, you write it down and store it safely, preferably in two or more places.
You may ask how is this different from the seed for a Trezor/Ledger. Its a password for a file. If you have the password but not the file, you have nothing. This does not happen with seeds from wallets, because they can be used to recover a wallet to a fully operational state.

"Bitcoins? Oh, you must mean my U2F device. That's for two factor authentication."

Secure against what? Against random hackers trying to steal your coins, they are pretty solid. Against malware that compromises your PC, they are designed to be highly resistant. Against disassembly and hardware hacking of the device, possibly not so much. Against rubber hose cryptography, not at all. They also can't prevent you from sending your coins to an address given on a spoof email or web page (although fiat bank accounts aren't immune to that either). You also need to think carefully about writing down the device seed and then keeping it secure; if someone can steal the seed they don't need the device.
(Actually the Trezor, and possibly other devices, do have a defense against rubber hose cryptography: you can have an arbitrary number of secret passwords with other wallets behind them, and the attacker has no way of knowing if you have revealed all of them. But then maybe they just keep on beating you to be sure)

To a point. I would worry about plugging that thing in 10 years from now and it doesnt work.
I run a VM on my desktop that contains my desktop wallets. The VM is backed up to multiple sources both local and in the cloud. that way if the VM or my desktop crash, I can always just get a new computer, install HyperV, and import the VM from backup.

They are more secure than any other option that you have readily available right now.

Compared to what? Your phone? Or your shitty windows box? Fuck yea. Are they 100% secure. Maybe.

I'm skeptical. I had a Ledger HW wallet which I used to hold coin while traveling.
I initialized on my phone using mycelium, wrote down the seed excluding 5 words, and carried the seed in a notebook I always had with me (the seed was written in the middle of other normal writing).
2 months go, the entire wallet was swept. I lost most of my savings. I have no idea how this happened.
I'm moving towards multisig solutions.

Could the 5 remaining words have been found by brute-forcing? Brute-forcing 12 words isn't feasible, but 5 is way easier, considering this is exponential. (assuming phone compromission)
But that would be a targeted attack (which could be possible, you're the one that could know if this should be in your treat model)

Of course not. Nothing is 100% secure. But it's more secure than everything else at least for now.

I've got a pretty big bounty that says that they are...