Bitcoin Forum
November 08, 2024, 03:41:45 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Proposal: Hardware wallet (Win 3 BTC)  (Read 5658 times)
Eridani
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile
October 08, 2012, 02:31:01 AM
 #41

  • Bitcoinaire.
  • Bitplug.
  • Bitwallet.
  • Coinmaster.
  • Coinplug.
  • Credstick.
  • Kudofob.
  • Kudokey.
  • Mobiwallet.
  • Portawallet.
  • Stealthy.
  • Transactoid.

Even with all the provided name suggestions in mind, I like where cedivad is going with his post a lot:

If you want my suggestion, don't lose your time asking for a name on a forum. Keep thinking about the design of the thing and the name will come out by its own with a bit of time.
Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
October 11, 2012, 04:53:08 PM
 #42

I am becoming more and more convinced that hardware wallets will be the way to go. I think I'll spend the weekend studying the rockbox project and seeing if it could be leveraged. I'm also wondering about smartcard options



$4, runs Java. There are security issues with these that I don't think would be surmountable but they may be "good enough" for many purposes.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
firefop
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
October 11, 2012, 05:10:50 PM
 #43

I am becoming more and more convinced that hardware wallets will be the way to go. I think I'll spend the weekend studying the rockbox project and seeing if it could be leveraged. I'm also wondering about smartcard options

$4, runs Java. There are security issues with these that I don't think would be surmountable but they may be "good enough" for many purposes.

removed the image.

Smartcards are an interesting idea. Is there any way to prevent someone from being able to extract the private key once it's loaded on the card?

The concern being someone steals a card, drops it into a reader and has full access to whatever's stored on it, including the private key.

Maybe the POS device uses some sort of biometric reading to feed another private key to the card to dectypt the one stored on the card?

That way, the card card could still sign in - but wouldn't have only an encrypted copy of the private key on it...

so without the POS machine, the smart card and the owner's proof of life - nobody would be able to do anything with it.

Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
October 11, 2012, 06:14:07 PM
 #44

Smartcards are an interesting idea. Is there any way to prevent someone from being able to extract the private key once it's loaded on the card?

The concern being someone steals a card, drops it into a reader and has full access to whatever's stored on it, including the private key.

Maybe the POS device uses some sort of biometric reading to feed another private key to the card to dectypt the one stored on the card?

That way, the card card could still sign in - but wouldn't have only an encrypted copy of the private key on it...

so without the POS machine, the smart card and the owner's proof of life - nobody would be able to do anything with it.


I just ordered several cards and a reader so I'm about to find out Smiley

Though I do have a little experience as I ordered the java ibutton kit when it first came out. The card actually runs a Java machine with protected memory etc. It's basically a fairly retarded computer. You can talk to it and it talks back. The cards also have some built-in crypto that may or may not be useful.

The one thing you possibly can't trust is the reader device. It can lie to the card and to the user. Though maybe the reader and the card could be considered as a unit and you would own the reader. It could have the buttons and display but be fairly dumb and the smarts are in the java card. Then you can have multiple cheap wallets you can swap into a relatively more expensive reader. You might trust your friend's reader but then again, maybe only as much as a low-value hot wallet.


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
firefop
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
October 12, 2012, 12:31:34 AM
 #45

I just ordered several cards and a reader so I'm about to find out Smiley

Though I do have a little experience as I ordered the java ibutton kit when it first came out. The card actually runs a Java machine with protected memory etc. It's basically a fairly retarded computer. You can talk to it and it talks back. The cards also have some built-in crypto that may or may not be useful.

The one thing you possibly can't trust is the reader device. It can lie to the card and to the user. Though maybe the reader and the card could be considered as a unit and you would own the reader. It could have the buttons and display but be fairly dumb and the smarts are in the java card. Then you can have multiple cheap wallets you can swap into a relatively more expensive reader. You might trust your friend's reader but then again, maybe only as much as a low-value hot wallet.

Well let us know how that goes.

I still like the idea of a encrypting the private key and storing it on the card - then the reader can do the biometric scan, pass that the jvm on the card - along with the amount and desitination address, and the card can pass back a signed transaction - after decrypting the private key.

I guess the important question would be - could the reader be made to snag the entire contents of the card - if so then this wouldn't be secure either. In that case, we need a dongle that the user owns, to make sure that the POS machine can't read out the card - and once we're getting into designing hardware, might as well go fully custom and just use flash.



Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
October 12, 2012, 01:33:43 AM
 #46


Well let us know how that goes.

I still like the idea of a encrypting the private key and storing it on the card - then the reader can do the biometric scan, pass that the jvm on the card - along with the amount and desitination address, and the card can pass back a signed transaction - after decrypting the private key.

I guess the important question would be - could the reader be made to snag the entire contents of the card - if so then this wouldn't be secure either. In that case, we need a dongle that the user owns, to make sure that the POS machine can't read out the card - and once we're getting into designing hardware, might as well go fully custom and just use flash.

I likely won't even be considering biometrics. It's extremely tricky to revoke an eyeball or fingerprint. My understanding is that the card cannot be dumped (or at least it's an optional setting). If it's possible to dump the card at all (barring scanning electron microscopes), it's not going to work as it will always be possible to find a way but I'm confident that won't be an issue.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
firefop
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
October 12, 2012, 03:29:07 AM
 #47

I likely won't even be considering biometrics. It's extremely tricky to revoke an eyeball or fingerprint. My understanding is that the card cannot be dumped (or at least it's an optional setting). If it's possible to dump the card at all (barring scanning electron microscopes), it's not going to work as it will always be possible to find a way but I'm confident that won't be an issue.

Hm - seems like you'd need to setup some second factor auth otherwise you run the risk of having the card stolen and being unable to prevent anyone from using it.


Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
October 12, 2012, 04:34:55 AM
 #48

I likely won't even be considering biometrics. It's extremely tricky to revoke an eyeball or fingerprint. My understanding is that the card cannot be dumped (or at least it's an optional setting). If it's possible to dump the card at all (barring scanning electron microscopes), it's not going to work as it will always be possible to find a way but I'm confident that won't be an issue.

Hm - seems like you'd need to setup some second factor auth otherwise you run the risk of having the card stolen and being unable to prevent anyone from using it.



I have been thinking about that. It would likely be a passcode or pin but optional in case you are likely to be using the card on an untrusted system (though even with a keylogger or hacks, you'd still need the wallet physically attached so that may not be a big deal to have mandatory).

Also up for consideration are wallet backups and/or importing external wallets. Likely I would require a passphrase on first use. But in theory, it should be possible to set up a fresh wallet on a compromised system with no security risk.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
October 27, 2012, 07:44:27 PM
 #49


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
rainbyte
Newbie
*
Offline Offline

Activity: 12
Merit: 0



View Profile
October 28, 2012, 05:48:48 AM
 #50

it seems a very interesting proposal.
mpx
Newbie
*
Offline Offline

Activity: 14
Merit: 0



View Profile WWW
October 28, 2012, 11:19:40 AM
 #51

once you've got the app running on the card, why not put it in the nfc chip in a mobile phone ?
Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
October 28, 2012, 02:37:14 PM
 #52

once you've got the app running on the card, why not put it in the nfc chip in a mobile phone ?

Totally different use case.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
underminer
Full Member
***
Offline Offline

Activity: 210
Merit: 100

Not for hire.


View Profile
October 28, 2012, 05:57:04 PM
 #53

I don't put potato chips into my phone either--technically they are both chips.

Keep your bitcoins my .02 are free.
Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
October 28, 2012, 06:31:42 PM
 #54

Absolutely Smiley

The primary use of the card is to allow secure storage of the private key and on-card signing of transactions. In theory, it would be impossible to obtain the private key from the card without extremely sophisticated techniques (though this does raise some questions about private key backups).

Secondarily, the card may be use to cache transactions known to belong to the private key (keeping a balance if you will). This should not, strictly speaking, be a requirement but will be more of a convenience function.

Most of the functionality will still be in software running on an external computer except for the addition of a usb broker dongle to act as a gatekeeper for approving transactions.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
Arcavum
Newbie
*
Offline Offline

Activity: 58
Merit: 0


View Profile
October 28, 2012, 06:49:00 PM
 #55

Is it too late to suggest a name?

I think it should be called Encrybito!!!!

The Encrypted Bit O' Goodness!!

firefop
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
November 01, 2012, 12:24:55 AM
 #56

I likely won't even be considering biometrics. It's extremely tricky to revoke an eyeball or fingerprint. My understanding is that the card cannot be dumped (or at least it's an optional setting). If it's possible to dump the card at all (barring scanning electron microscopes), it's not going to work as it will always be possible to find a way but I'm confident that won't be an issue.

Hm - seems like you'd need to setup some second factor auth otherwise you run the risk of having the card stolen and being unable to prevent anyone from using it.



I have been thinking about that. It would likely be a passcode or pin but optional in case you are likely to be using the card on an untrusted system (though even with a keylogger or hacks, you'd still need the wallet physically attached so that may not be a big deal to have mandatory).

Also up for consideration are wallet backups and/or importing external wallets. Likely I would require a passphrase on first use. But in theory, it should be possible to set up a fresh wallet on a compromised system with no security risk.

Right just include the code to generate and address in the program on the card...

I think we've come full circle here tho, if we're going to require a user to enter auth on a device/machine they don't own, and might be unsecure... then we need some sort of security measure in place to prevent malicious action on the part of the vendors machine. If that's a 4(or really even a 10) digit pin... then it's vulnerable to being stolen and cracked... just plug it up to a computer and throw pins at it until it breaks. Which leads us back to a customer owned dongle... or biometric device.

So how do we protect from cracking the card once it's stolen?






Richy_T
Legendary
*
Offline Offline

Activity: 2604
Merit: 2320


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
November 01, 2012, 12:56:22 AM
 #57


So how do we protect from cracking the card once it's stolen?


I'm going to say for my project that that's largely out-of-scope and that this allows you to execute physical security. Think of it like a paper wallet in that context.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
firefop
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
November 01, 2012, 12:59:27 AM
 #58


So how do we protect from cracking the card once it's stolen?


I'm going to say for my project that that's largely out-of-scope and that this allows you to execute physical security. Think of it like a paper wallet in that context.

Fair enough - ok - you make the initial card... and I'll see about the security dongle that does biometrics once you've got specs out on the card's api.


josephliton
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
November 09, 2012, 11:09:02 AM
 #59

if our wallet is safe then I think we are also save ...................... Undecided

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!