Bitcoin Forum
November 13, 2024, 05:55:05 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Hardware Bitcoin Wallet  (Read 4810 times)
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
October 06, 2012, 08:27:12 PM
 #21

Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
That's why the destination address is displayed on the hardware display.
And how many people will be comparing them? We are talking about people with IQ consisting of only two digits who infect their own computers with malware and still operate them.

Generate addresses that have matching few first digits like 1dice for every starting digits and have the malware to select address with matching start digits to display on LCD.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 06, 2012, 08:38:28 PM
 #22

And how many people will be comparing them? We are talking about people with IQ consisting of only two digits who infect their own computers with malware and still operate them.

Generate addresses that have matching few first digits like 1dice for every starting digits and have the malware to select address with matching start digits to display on LCD.
I can do many things, but I can't fix stupid.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
October 06, 2012, 08:41:12 PM
 #23

Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
That's why the destination address is displayed on the hardware display.

It should be pronounced for blind users.
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 06, 2012, 08:50:55 PM
 #24

It should be pronounced for blind users.
What about the deaf-blind? two metal handles that would shock you in Morse code? Smiley
franky1
Legendary
*
Offline Offline

Activity: 4396
Merit: 4761



View Profile
October 06, 2012, 09:10:57 PM
Last edit: October 06, 2012, 09:23:34 PM by franky1
 #25

no need to build a device just use a USB stick MP3 player such as
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..

or secondly if your just trying to prevent someone from just using your pc to hack coins by requiring a USB stick to confirm payments..then just use a plain usb stick. make it so the new client wont transmit payment unless a USB stick is inserted containing the wallet or even a special file which the client references. then just dont plug it in untill u need to send payments.

or thirdly why even need a extra usb stick hanging off your keyring.. phones have bluetooth and wifi these days so transmitting a transaction does not require a USB stick insertion into a PC and if u were thinking of using it to plug into merchants POS terminal at stores. it saves risks of some savvy merchant adding a trojan to their POS terminal to clone wallets plugged in.

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
October 06, 2012, 09:53:57 PM
 #26

And how many people will be comparing them? We are talking about people with IQ consisting of only two digits who infect their own computers with malware and still operate them.

Generate addresses that have matching few first digits like 1dice for every starting digits and have the malware to select address with matching start digits to display on LCD.
I can do many things, but I can't fix stupid.
Many people try to do just that. Wallet encryption in original Bitcoin client is just that. How many trojan horses don't came with a keylogger?
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
That's why the destination address is displayed on the hardware display.

It should be pronounced for blind users.
What should the wallet do for retarded users? Make a USB-powered lobotomy?

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 06, 2012, 10:11:16 PM
 #27

no need to build a device just use a USB stick MP3 player such as
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..
Yes, but that would be more expensive.
Quote
or secondly if your just trying to prevent someone from just using your pc to hack coins by requiring a USB stick to confirm payments..then just use a plain usb stick. make it so the new client wont transmit payment unless a USB stick is inserted containing the wallet or even a special file which the client references. then just dont plug it in untill u need to send payments.
That wouldn't work. A skilled malware writer could modify the client so the client didn't need the USB stick, or sent the money to the wrong account.

Quote
or thirdly why even need a extra usb stick hanging off your keyring.. phones have bluetooth and wifi these days so transmitting a transaction does not require a USB stick insertion into a PC and if u were thinking of using it to plug into merchants POS terminal at stores. it saves risks of some savvy merchant adding a trojan to their POS terminal to clone wallets plugged in.
First of all, this thing isn't for POS terminals. It's designed to keep you secure if your own computer gets malware.
Second, even if you inserted this into a malicious terminal, it can't extract the wallet. The device only knows a very limited set of commands: "install this wallet" and "sign his transaction", so you can't clone a wallet from it.
camem
Newbie
*
Offline Offline

Activity: 45
Merit: 0


View Profile
October 06, 2012, 10:16:50 PM
Last edit: October 06, 2012, 10:31:25 PM by camem
 #28

So, I have an idea for a secure, cheap and easy to use "hardware wallet".

It will be a small USB stick with a display and two buttons
Expected price: USD 12-15
More info: https://bitcointalk.org/index.php?topic=115294

good idea on securing the display and not trusting the PC OS. But I think your bill of materials (BoM) cost will be closer to $12-15 - so at your potential volumes you might need to retail at more like $40-50 in order to cover your development, production, tooling, and distribution costs and make a dollar per device for yourself. Just a heads up. Also if you open source your software the only intellectual property you've got left is in adding the display to the device nicely (which usb stick providers don't do because it would make the product too expensive), so watch out for competition too...

Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
October 06, 2012, 10:21:21 PM
 #29


I think your bill of materials (BoM) cost will be closer to $12-15 - so at your potential volumes you might meed to retail at more like $40-50 in order to cover your development and distribution costs and make a dollar per device for yourself. Just a heads up. Also if you open source your software the only intellectual property you've got left is in adding the display to the device nicely (which usb stick providers don't do because it would make the product too expensive), so watch out for competition too...


He can remove buttons to make it $2 cheaper. Instead of pressing NO a user can just plug the device out.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
October 06, 2012, 10:27:37 PM
 #30

Why TrueCrypt does not even attempt to stop malware from compromising encrypted data? Read the TrueCrypt manuals if You don't want to listen what I say. The same with Bitcoins.

What You can do with computer malware can do too!

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
October 06, 2012, 10:31:22 PM
 #31

You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
October 06, 2012, 10:44:21 PM
 #32

You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.

A touchscreen replaces buttons.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
October 06, 2012, 10:46:15 PM
 #33

You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.

A touchscreen replaces buttons.
More expensive and awkward solution replaces cheaper solutions. And there is no need for up/down buttons as the amount is planned to be entered by software.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
legolouman
Hero Member
*****
Offline Offline

Activity: 504
Merit: 504


Decent Programmer to boot!


View Profile
October 06, 2012, 11:04:36 PM
 #34

Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.

I was going to say something about using a hashed protocol, however if malware is on the computer it doesn't matter. The idea here is golden, as it does not involve a computer. This is for receiving only if I understand correctly.

If you love me, you'd give me a Satoshi!
BTC - 1MSzGKh5znbrcEF2qTrtrWBm4ydH5eT49f
LTC - LYeJrmYQQvt6gRQxrDz66XTwtkdodx9udz
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
October 06, 2012, 11:21:14 PM
 #35

Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.

I was going to say something about using a hashed protocol, however if malware is on the computer it doesn't matter. The idea here is golden, as it does not involve a computer. This is for receiving only if I understand correctly.
For receiving not even electronic device is needed to generate private key and address. Or the wallet can be generated on offline computer never connected to network. You can get a old used Pentium3 class computer for as little as 8 USD just for this purpose. And it is much harder to accidentally lose an ATX-size tower and for thief also it is much more physical work to do to steal a system block instead of small dongle.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
chris200x9
Legendary
*
Offline Offline

Activity: 1316
Merit: 1011


View Profile
October 06, 2012, 11:23:05 PM
 #36

Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 06, 2012, 11:52:35 PM
 #37

Here is another way to go about this:

Look on eBay for the "VeriFone VX510" credit card machine.  This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable. 

I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs.  I have already demonstrated the printer can print QR codes.

These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 07, 2012, 12:06:30 AM
 #38

Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
You don't need to enter any amount on this thing, you enter it on the PC.
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 07, 2012, 12:11:06 AM
 #39

Here is another way to go about this:

Look on eBay for the "VeriFone VX510" credit card machine.  This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable. 

I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs.  I have already demonstrated the printer can print QR codes.

These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.
No need for an entire credit card machine. And $50 is way more than this thing costs.

Also, the thing about this machine is it's supposed to be easy. No need for rs232, command lines or reflashing old hardware. If you want to install the software on a credit card machine, be my guest, it's just not where I'm headed.
chris200x9
Legendary
*
Offline Offline

Activity: 1316
Merit: 1011


View Profile
October 07, 2012, 12:14:27 AM
 #40

Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
You don't need to enter any amount on this thing, you enter it on the PC.
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.

So you need a client on your PC to communicate with it, i.e send the ammount? Isn't this then just basically keeping your wallet on a USB drive?

Why do you need the buttons or a screen?

I'm confused.
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!