Creating a real wallet for bitcoins

[nostrum]

I think I have an excessive level of paranoia, because I rejected all general purpose computers (like phones, tablets, etc) because they are too connected.  I want something that ONLY knows bitcoin JSON over serial.

Whispercore will save your ass if someone physically steals your phone, but I don't think it'll help if the phone gets owned from the inside.

Yes, there will always be dangers like malware and wire(less) intrusion. Usually one can afford to lose money that is in a wallet, especially if it is you have it on your person.
I think buying a cheap android device dedicated to the bitcoin wallet app could be a fairly good wallet. If you make sure everything is encrypted, enable 3G (or WIFI/Bluethooth/NFC) on demand, all other radios disabled and with a secure screenlock it would be pretty safe. A data self destruct mechanism could also be implemented.

[SgtSpike]

I thought something like this was already in development?  Called BitPay or BitWallet or something along those lines... but it was a dedicated device to act as a bitcoin wallet.

[nostrum]

Another option for people with NFC on their phone

• 1 SheevaPlug http://www.newit.co.uk/shop/proddetail.php?prod=SheevaPlug
• 1 RDIF/NFC reader and writer
• 1 or more RDIF/NFC tokens
• Customized bitcoin wallet/client with RDIF/NFC reader and writer capabilities

The wallet.dat would be stored in the SheevaPlug with backup over internet or by hardware.
You would use the SheevaPlug as a bank and your phone as a wallet.
The token(s) would be used to transfer money between the two with the help of a program capable of securely transferring private keys as well as creating and importing them.

With your phone you send a request code (could include desired amout), only readable by the SheevaPlug, to the token. The SheevaPlug then reads the token and generates a new response which has everything the phone needs to be able to import the private key(s) to the phones wallet. It could also go the other way around.

Im not a programmer so I have no idea how hard it is to create a program like that.

[NF6X]

I haven't fully thought this through, so there are probably holes in it. I have a mental picture of what a lightweight wallet client for a smartphone might look like. For the sake of argument, let's say that this client has some way to not require a full time connection to stay in sync with the full block chain. That in itself is a substantial problem to solve, but I'll gloss over it because it's not central to the point I'll make in a moment. Let's further stipulate that this lightweight client has its own wallet in order to carry around a small amount of spending money. Most of the user's savings are in a separate wallet, probably secured back at home, and possibly implemented as we are discussing here.

It seems to me that barcodes such as QR codes would be a natural way to transfer numbers between two devices in person. If you and I both have these hypothetical smart phone apps, and I want to give some BTC to you, then you could display your receiving address as a QR code, I scan it with my phone's camera, and then my client initiates a new BTC transaction using whatever method it has to do that. I like the idea of exchanging addresses via barcodes better than NFC, bluetooth, wifi, etc. because it requires deliberate user action, and it is easy to see that it is going on. In contrast, an attack over Bluetooth could go on silently without the user's knowledge. There may be a potential shoulder surfing problem... Needs more thought. A vendor might display their receiving address on a poster or display, depending on whether they want to use a different address for each transaction.

So, if a standard is developed for using QR codes to communicate between mobile clients, then maybe the same mechanism could be used to interface with a dedicated wallet device? I do like the idea of a purpose-built device that handles a wallet and does nothing else. While an existing device like an off the shelf Android device could be reprogrammed to serve this purpose, I'd feel safer with a device that has no network connectivity at all (not even hardware that normally is not turned on), in order to reduce potential remote attack vectors. There may be some security flaw that lets the device get owned by showing it malicious barcodes, but it would be hard to invoke if the device has a physical cover over its camera and it is locked in a drawer or safe.

[natman3400]

I thought something like this was already in development?  Called BitPay or BitWallet or something along those lines... but it was a dedicated device to act as a bitcoin wallet.

Yes, this was mine, bitclip. It would, in all common sense, be more secure then an Android device, as it would be ONLY for the bitcoin wallet, and be running not much more then the linux kernel, networking services, x, and the bitcoin client itself. Not much on the inside to own. I am also aiming for low hardware costs by making it unsuitable to run anything else.

[CD-RW]

More like these, http://biticon.wordpress.com/2011/03/31/bitcoin-atm/ and http://biticon.wordpress.com/2011/04/16/atm-progress/

[TraderTimm]

Closest thing to secure remote storage is IronKey. You still have to handle the transfer steps yourself, of course.