Bitcoin Forum
November 07, 2024, 06:08:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Poll
Question: How much would you donate for the development of an opensource single purpose bitcoin hardware wallet ?
0.1 bitcoin
1 bitcoin
10 bitcoins
100 bitcoins
nothing, this is a stupid

Pages: « 1 [2]  All
  Print  
Author Topic: Why isn't there a single purpose bitcoin hardware wallet ???  (Read 3442 times)
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
September 12, 2013, 02:03:35 PM
 #21

I won't be interested in hardware wallets until I see signs that the people implementing them are serious about hardening them against malware and side channel attacks.

Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

Implementing a hardware wallet properly does not allow for shortcuts, like using general-purpose computers in the design.
super3
Legendary
*
Offline Offline

Activity: 1094
Merit: 1006


View Profile WWW
September 12, 2013, 05:09:25 PM
 #22

I was looking into developing a hardware wallet a few weeks ago. It definitely is quite possible, but it requires much work with embedded stuff(which simple put isn't easy). Trezor is going to be your best bet for now, many of the people I've seen working on hardware wallets have fallen by the wayside.

For a hardware wallet to work, you have to have some sort of screen and perhaps some input buttons. This is not something you can just pick up from Walmart. It took me some searching to find a Chinese manufacture, but they want me to pay $500 for a dev kit. So unless someone wants to donate that, I'll going to continue to work on other more useful Bitcoin products and services.

So in summary, making a hardware wallet is extremely hard and takes lots of time and money.

Bitcoin Dev / Storj - Decentralized Cloud Storage. Winner of Texas Bitcoin Conference Hackathon 2014. / Peercoin Web Lead / Primecoin Web Lead / Armory Guide Author / "Am I the only one that trusts Dogecoin more than the Federal Reserve?"
cor
Full Member
***
Offline Offline

Activity: 121
Merit: 100



View Profile WWW
September 12, 2013, 05:44:55 PM
 #23

Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

For those who are not programmers and don't know how to read the code (or have nobody to do that for them) we are planning to undergo an independent security audit.

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...

justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
September 12, 2013, 08:47:14 PM
 #24

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...
I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.
Trongersoll
Hero Member
*****
Offline Offline

Activity: 490
Merit: 501



View Profile
September 13, 2013, 01:09:03 AM
 #25

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...
I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.

They don't need an asic, they could jut put the software in ROM.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
September 13, 2013, 02:44:33 AM
 #26

They don't need an asic, they could jut put the software in ROM.
That does not accomplish anything in terms of the vulnerabilities inherent to running software.
viboracecata
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000


Varanida : Fair & Transparent Digital Ecosystem


View Profile
September 13, 2013, 02:51:34 AM
 #27

Smart devices are enough, I think.

iBuilding A Better Interneti
━━━━━━━━━━━━━━━━━━━━ ━━━━━━━━━━━━━━━━━━━━

 
 █b
▐█=
║█
██                                         ¡▄▄▄▄▄▄▄▄┌
██M                                  ╒▄▄▄▄█▀    ▂▂ ╙▀▀▆▄
██▌                                ╓, ,██╨      ▀▀▀    ╜▀█▌
███                                ▀▀██╙     ▄▄▄▄▄      ╓█L
█ █▌                            ▄▄▄▄█▀          └▀▀▀▀█Φ█▀"
█▌ █▄                            ██▀           ▄█▀
▐▌  ▀▌                       ▀▄██▀            ▄▀
▐█     ▂▂▂                ▄  ▄█▀           ▄▄▀
 █▌  ╙▀▀▀▀▀█▄         ▄   ███▀     ▁▂▃▄▄▄█▀▀
  █▄        █▌    █▄  ██▄█▀        ▔▔╙▀▐█
   █▄       █▌ ▀▀████▀▀▀               ▐▌
    ▀█     █▀                          ▐▌
     ╙█▄  ▄▌                        ╓█ ▐█
       └▀██  ╓▄▄µ╓▄▄µ            ,▄█▀┘  █▌    ▄▄ ╓▄▄µ
         ██▄█▀▀███▀▀█▄       ╓▄▄█▀▀      ▀█▄█▀▀▀██▄╙▀█▄▄
          ▀╙    ▀▀▀  ▀▀▀  ▀▀▀▀╙           `      "▀▀  └╙
You Can See Me Now, Hi :}
VARANIDA

 
 
 
 
               ▄██   ▄███▄
              ▄███████  ██
              ██    ▀████▀
             ██
  ▄▄  ▄▄█████████████▄▄  ▄▄
▄███████████████████████████▄
█████████████████████████████
▀███████    █████    ███████▀
  ▀█████    █████    █████▀
   ███████████████████████
    █████▄  ▀▀▀▀▀  ▄█████
     ▀█████▄▄▄▄▄▄▄█████▀
        ▀▀█████████▀▀
|Hello Again
GWhitePaperG
GAnn ThreadG
teukon
Legendary
*
Offline Offline

Activity: 1246
Merit: 1011



View Profile
September 13, 2013, 03:57:03 AM
 #28

I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.
westkybitcoins
Legendary
*
Offline Offline

Activity: 980
Merit: 1004

Firstbits: Compromised. Thanks, Android!


View Profile
September 13, 2013, 04:15:03 PM
 #29

I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.


I'd urge you to reconsider; I think you're missing out.

As cheap as they are now, they're affordable enough to buy one just as a dedicated mobile spending wallet. And once you have that, it may very well change the way you use (and view) Bitcoin.

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
fpgaminer
Hero Member
*****
Offline Offline

Activity: 560
Merit: 517



View Profile WWW
September 14, 2013, 05:42:11 AM
 #30

Quote
The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place.
Flashing firmware is not an attack vector, if the firmware is signed by a trusted party.  An ASIC would be far worse; there are no ways for third parties to truly audit the ASIC.  Open source code, on the other hand, can be audited by a large swath of programmers.

Quote
with specific attention payed to avoiding information leaks that could lead to a successful side channel attack.
What side channel attacks are you specifically worried about on a hardware wallet?  The only opportunity for a hardware wallet to leak secret information through a side channel is during signing.  When the hardware wallet is secured by a password, this will only occur when the user is using the device for signing legitimate transactions.  This will occur infrequently, to put it lightly.  Power and timing side channel attacks require huge sample sizes, relative to the number of transactions a user will ever have signed.  Not to mention that it's impossible for the host to time the actual signing, unless it's correlating with power consumption and I don't believe a PC can extract that information from their USB host chips.

Trongersoll
Hero Member
*****
Offline Offline

Activity: 490
Merit: 501



View Profile
September 14, 2013, 09:47:09 PM
 #31

To be truely useful, wouldn't a hardware wallet have to be Wifi enabled? or maybe Data enabled like a smart phone? Would it need it's own copy of the blockchain? Would it keep it up to date so you don't have to wait 10 minutes for it to Sync before making a transaction? Huh
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
September 14, 2013, 09:52:21 PM
 #32

Why do we still have to use multiple purpose hardware like smartphones and pc for wallets ? Ever since I have known bitcoin I have been waiting for a secure hardware wallet for sending and receiving bitcoins so to introduce bitcoin to my family and people around me that aren't tech savy enough to keep their bitcoins safe. And don't tell me that trezor is a wallet it is just way secure your wallet.

We could put up a bounty for the development of of an open source hardware wallet.




by single purpose hardware wallet I mean something like the bitcoincard but no need for the mesh network nor for it to be this thin and small =v        

If you really want one, you could've just made one yourself...

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
tclo
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
September 15, 2013, 04:54:37 AM
 #33

Is http://www.bitcointrezor.com/ just being poorly marketed or what?

The market is smaller than people think.

I don't know about that. I think it's pretty small, but not sure what others think.   Few to none of my friends have heard of bitcoin and the ones who have....don't care about it.

It is still very early on in its adoption rate for sure. 

And yes Apple is a good analogy.  I had mp3 players long before Apple came out with the Ipod...years before.  But they just waited until the market matured and then introduced their device (and marketed it like crazy)
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!