Bitcoin Forum

In Germany we use these devices called "tanJack" for secure online banking:
http://www.reiner-sct.com/content/view/189/
http://www.reiner-sct.com/component/option,com_docman/task,doc_view/gid,134/

What is does is when you do a bank transfer online the website displays some flashing blocks on a screen.
You put your bank card into the reader and hold it up against the screen where the website displays some flashing black&white blocks.
A photo-receptor in the device reads in the data and a small screen on the device shows the bank account and amount being transferred.
You then press a button on the device and it gives you a short (5 digit?) number (called "TAN") which you enter into the website to "sign" your bank transfer.

Here is a video how this works:
http://www.youtube.com/watch?v=GOQeZGe83YM

Question/Idea:
Could we use these devices for making bitcoin wallets or transfers secure?
Apparently you can buy them for ony 15 Euros (http://www.starmoney.de/index.php?id=tanjack-optic-sr).
I'm imagining a modified bitcoin client that uses either an encrypted or incomplete wallet file.
The only way the client can send money (i.e sign a transaction) is when it gets a proper TAN-number generated by the device (plus some card that is inserted into the device that contains the access key(?). This TAN-number would either enable the client to access the wallet file or it would be used to complete the incomplete private keys (I'm not exactly sure how this would work). Alternatively, this might be used for an online service like Mybitcoin.

Since you have a separate, trusted device with a separate screen this should be hacker-proof. It should work even on a totally compromised computer.

Do you think this would work for Bitcoin?

lol at first I was like wtf does flashing boxes and typing in the code help security but I read a little bit more and yes if we have a way for bitcoin clients to be set so nothing is sent with out an external device. I would probubly buy into this actually. This sounds very safe.

What happens to your bitcoins if the device breaks?

Get a new one?
I guess you need to have a smartcard with the passphrase/key on it.

Why don't we as the bitcoin community group invest in bio-metric scanning devices for bitcoin clients :D then mass produce. Everyone that was involved in the project gets a piece :D

I'd buy one.  This sounds like a great idea.

Any idea how it works internally?

Just start the company and put it up on the GLBSE

I just might do that as soon as I have a viable business plan ;)

I like this idea. I don't like the idea of biometrics though. There are lots of discussion about why linking biometrics to anything important are a bad idea (I like to use "Demolition Man" test).

I'm working on something that will partially fill the solution you are proposing, but I may borrow some of your ideas to make it better. I've been working on it in my spare time for over a month now, it's a similar concept but think QR codes/web cams instead of flashing screens. It's a bit clunkier but you can do it with commodity hardware. I believe there is just one more critical bug before the Proof of Concept is complete and it starts moving toward Alpha quality software.

I watched the TAN video... it looked brilliant.

The flashing thing on the screens appeared to be a way to simply get a packet of information into the device.  That packet is presumably a random nonce and the details of the transaction.  It looked like it sent 4 bits of data at a time - there were 5 bars, one of the bars flashed a very consistent pattern as though it was the "clock" bar, the one that tells the device that we've moved on to the next 4 bits.

The device likely displays the transaction details, and if the user approves, passes the information to the smartcard inserted by the user, where the smartcard performs some crypto operation to give the code to be displayed on screen for the user to type in.

The whole system proves a lot to all of the transacting parties.  The bank can be certain the person doing the transaction is in possession of the smart card, and the person doing the transaction can be certain he is authorizing the transaction he thinks he is.  As long as both sides properly verify what they see, it seems bulletproof to man-in-the-middle attacks.

Scaled to Bitcoins, the same idea would work as long as it was tolerable for the user to have to enter a much larger number than 6 digits (such as if the device could type keys on the keyboard like a YubiKey) so that it could type an entire ECDSA signature rather than just a simple check code.  Basically, if the smart card contained Bitcoin private keys, it could sign a transaction pulsed into it, the user could verify the transaction amount on-screen, and then the smart card could sign the transaction with private keys.  Backup would be relatively simple - simply give the user a copy of their private keys on paper at the same time same keys are loaded into the smart card.