|
Title: Intermediate signing device Post by: Cred on June 09, 2014, 07:08:44 PM After just reading on another thread about the difficulty of entered a high entropy private it seems that what is needed is a device that has no connectivity and whose purpose is only to sign transactions.
How about a device with a camera that can scan a destination address then a private 256 QR code key like Armory's, lets you enter an amount and then displays a QR for the signed tx that can then be scanned by an online device? If you could make this trustworthy it would make secure signing of txs user friendly. Is anyone working on something like this or is the idea flawed? Title: Re: Intermediate signing device Post by: Ron~Popeil on June 09, 2014, 07:11:05 PM After just reading on another thread about the difficulty of entered a high entropy private it seems that what is needed is a device that has no connectivity and whose purpose is only to sign transactions. How about a device with a camera that can scan a destination address then a private 256 QR code key like Armory's, lets you enter an amount and then displays a QR for the signed tx that can then be scanned by an online device? If you could make this trustworthy it would make secure signing of txs user friendly. Is anyone working on something like this or is the idea flawed? I don't pretend to be an expert on all of this but it sounds like something that would work. I know there are some reprogrammed phones being used as cold wallets so adding that kind of function might be simple. Title: Re: Intermediate signing device Post by: twistyfy on June 09, 2014, 07:12:17 PM After just reading on another thread about the difficulty of entered a high entropy private it seems that what is needed is a device that has no connectivity and whose purpose is only to sign transactions. How about a device with a camera that can scan a destination address then a private 256 QR code key like Armory's, lets you enter an amount and then displays a QR for the signed tx that can then be scanned by an online device? If you could make this trustworthy it would make secure signing of txs user friendly. Is anyone working on something like this or is the idea flawed? It sounds like it could happen. Title: Re: Intermediate signing device Post by: Cred on June 09, 2014, 07:16:48 PM I like the idea. I just wouldn't trust a device with any kind of connectivity. I guess recycling an old disabled smart phone (no wifi, no sim, no bluetooth) would be a good starting point. Maybe I should get the patent in now.
Title: Re: Intermediate signing device Post by: franky1 on June 09, 2014, 09:03:04 PM I like the idea. I just wouldn't trust a device with any kind of connectivity. I guess recycling an old disabled smart phone (no wifi, no sim, no bluetooth) would be a good starting point. Maybe I should get the patent in now. research "hardbit" your a bit late on the patent :D and as for the inspiration for the idea.. although i brought it up in the other thread, it has been an idea being left idle for months, i see no purpose in any web wallet needing login's 2 factors and long entropy passwords. all a webwallet needs to do is receive a signed TX from a client side script that forms the signed tx, where the online server never see's nor touches a privkey. but you are right simple QR code scanning is the easiest way Title: Re: Intermediate signing device Post by: Peter R on June 09, 2014, 10:19:52 PM After just reading on another thread about the difficulty of entered a high entropy private it seems that what is needed is a device that has no connectivity and whose purpose is only to sign transactions. Is anyone working on something like this or is the idea flawed? I am working on something like this. It’s called “sigsafe” and it is an electronic key tag that signs bitcoin transactions over a non-exploitable air gap. The device is probably too simple to be considered a hardware wallet; instead, it’s more like a paper wallet that can produce ECDSA signatures. The device has both high-security applications such as implementing a cold/hot wallet system where the cold wallet can only send coins to the hot wallet, and low-security applications such as a “tap and pay” tag for purchasing retail items at PoS terminals. Because the device uses the NFC standard, it is highly interoperable with existing phones, laptops, PoS terminals, and other RFID readers. In fact, when HTML5 browsers begin to support the Web NFC API (http://www.w3.org/TR/nfc/), it should be possible to create webpages that request signatures from the sigsafe to complete an online payment or to login to a website using the bitID (https://bitcointalk.org/index.php?topic=557037.0) protocol and a single tap. Here's the project development thread: https://bitcointalk.org/index.php?topic=610453.0 (https://bitcointalk.org/index.php?topic=610453.0) And here's a rendering of the device: https://i.imgur.com/NOWuP0L.jpg |
