Bitcoin Forum

Though the bitcoin network may be incredibly secure. There is one flaw in the bitcoin system. And that is fraud.  Right now, If i steal your computer. or infect your computer with a simple program that would email me your wallet.dat file I would have access to all your money. No problem. There is 0 security for fruad.

How ever! The solution is incredibly simple. A simple key based encryption algorithm of the wallet.dat file(For example: AES, RC4, and RSA) . The wallet.dat file would be kept encrypted but the bitcoin application will simply prompt you with a "Pin" dialog where you enter your specific passkey to decrypt the wallet.dat file.

And this information would be temporarily stored in memory. Now no one but you could ever access your wallet.

Why wouldn't the attacker wait for you to decrypt the wallet (so that you can use it), and then read the private keys out of memory?

An attacker could use a keylogger and get your password but.. thats it. And the decrypted wallet.dat file would be stored in memory until the app is closed.

or he is just hit you by wrench. or kidnap you family and then demand "surrender me your BTC's !!" or promise hit Liberty island/UN/RedCross with airbus or kill little cute kitty and etc and etc.

maybe an encrypted wallet + virtual keyboard against keyloggers

that should work along with two-way auth.
for example, smart card or iris scanner[just recently one company breached market with inexpensive $99 iris USB-scanners] - baked.

Really I think the virtual keyboard is actually a step too far. I hate them. maybe a slide out option to open one, but don't force it. But I mean.. they way things stand as they are right now... In about 20 mins I could could a fairly undetectable "Virus" that gives me a copy of your wallet.dat and I could sit back watch you gain money and take it when I please. And the way to fix this problem is VERY simple.

you shouldn't "hate" then, cuz kbd wiretapping is so usual practice for both gov't and corporate spies so you can't rely on it at all :[

We're way ahead of you (https://github.com/bitcoin/bitcoin/pull/232).

This would give users a false sense of security.  It would offer very little protection against viruses or hackers who know what they are doing.  All they have to do is sit around and wait until you spend some coins.

The weakest link in the security chain IMO is not lack of wallet encryption but lack of a good firewall.

What we need more badly than automatic wallet encryption is a live CD/ live USB stick with a pre-configured firewall that has been tested for intrustion.

Ha XD look at that. This is already being done almost exactly as I suggested. Great minds think alike.

Then how come every competent person uses passphrases for their SSH keys and GPG keys and considers it a good thing? I guess we should remove the feature from those programs because it provides a false sense of security?

It provides security against some threats but not all. It's still good to have, especially on servers.

For the case of sending Bitcoins from a malware compromised machine, cloud based wallets with 2-factor auth are probably the only real solution.

Competent people already encrypt their savings wallet with something like Truecrypt.  This isn't too hard to do.  So I am assuming this feature is aimed primarily at non-technical users.

It's not a bad thing to this include feature in the client, as long as you make it clear to non-technical users that the feature by itself will not protect them against thief viruses, and that additional measures are required.

backed up by physical security ["thief ! thief !! someone, call BitCoin policy !!" ]
and run with tamper-proof[including hijacked/wired interface/peripherals]hardware.
so TPM-alike stuff become requirement ? with fully-covered[by crypto in hardware]dataflow ?