Bitcoin Forum
November 13, 2024, 02:17:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Hardware Bitcoin Wallet  (Read 4810 times)
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 07, 2012, 12:35:17 AM
 #41

Why TrueCrypt does not even attempt to stop malware from compromising encrypted data? Read the TrueCrypt manuals if You don't want to listen what I say. The same with Bitcoins.

What You can do with computer malware can do too!
TrueCrypt doesn't run on dedicated hardware. This runs on a microprocessor that's a computer in its own right. And that microprocessor can only do one thing (there is a fuse inside it, and when that is burned, you can't reprogram it).
Also, TrueCrypt and this are very different things.

So you need a client on your PC to communicate with it, i.e send the ammount? Isn't this then just basically keeping your wallet on a USB drive?

Why do you need the buttons or a screen?
Not, it's not the same thing. On a USB drive, you (or a piece of malware) can extract the wallet. On this thing, you can only write the wallet, not read it again. Instead, it takes care of that one crucial step in any bitcoin transaction: signing the transaction. That's why it needs a display, so you can confirm that it signs the right transaction.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
October 07, 2012, 12:45:24 AM
 #42

The payment address selection are still performed on computer before being sent to hardware wallet DERP!

Truecrypt and Bitcoin are different, but they both can be compromised with malware on computers they operate. The only way to protect the computer is - don't run any malicious or insecure code on it!

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
sebicas
Member
**
Offline Offline

Activity: 69
Merit: 20


View Profile WWW
October 07, 2012, 12:51:44 AM
 #43

Kalleguld, I think is a great idea and I would order one for sure! Will you produce it??
TheBible
Full Member
***
Offline Offline

Activity: 125
Merit: 100


View Profile
October 07, 2012, 04:27:24 AM
 #44

So what stores will my grandma be using this at?
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
October 07, 2012, 08:06:31 AM
 #45

So what stores will my grandma be using this at?

SilkRoad I guess  Grin
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 07, 2012, 08:19:54 AM
 #46

The payment address selection are still performed on computer before being sent to hardware wallet DERP!
Yes, that's why there is a display on the hardware wallet, so you have a chance to discover the error before you sign the transaction.

Quote
Truecrypt and Bitcoin are different, but they both can be compromised with malware on computers they operate. The only way to protect the computer is - don't run any malicious or insecure code on it!
Absolutely correct. That's why the crucial step - signing a transaction - is run on a microprocessor that no malware can reprogram
eldentyrell
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1004


felonious vagrancy, personified


View Profile WWW
October 07, 2012, 12:48:07 PM
 #47

Specifically, I need:
  • A businessman, who will keep track of orders, outsourcing production, making bulletpoins, etc.
  • An electrical engineer, who can design a PCB with the needed components.
  • A programmer, who can help me in making the PC UI, the µc firmware, auditing etc.
Why do they need you?

Heh Smiley

By the way, this is about the fiftieth time this idea has been posted.  But at least there's a nice drawing this time.  Maybe someday somebody will actually sell these things, but if they were marketed as a way to store your BTC I'm not sure I'd trust them.

In the meantime you can buy a USB stick with an AVR, flash memory, and two buttons on it for about $10.  That's probably the easier route, and since they're sold mainly for non-bitcoin applications you don't have to worry quite as much about being trojaned.

The printing press heralded the end of the Dark Ages and made the Enlightenment possible, but it took another three centuries before any country managed to put freedom of the press beyond the reach of legislators.  So it may take a while before cryptocurrencies are free of the AML-NSA-KYC surveillance plague.
eldentyrell
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1004


felonious vagrancy, personified


View Profile WWW
October 07, 2012, 12:50:25 PM
 #48

Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.

Yep.  That's exactly why you should only buy one of these things if it specifically isn't marketed as a bitcoin-related device.  Catch-22.

The printing press heralded the end of the Dark Ages and made the Enlightenment possible, but it took another three centuries before any country managed to put freedom of the press beyond the reach of legislators.  So it may take a while before cryptocurrencies are free of the AML-NSA-KYC surveillance plague.
Beans
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
October 07, 2012, 01:04:41 PM
 #49

What's wrong with blockchain app from the app store? Besides the fact that not everyone has a device that can support it.
2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1073



View Profile
October 07, 2012, 03:46:50 PM
Last edit: October 07, 2012, 04:34:12 PM by 2112
 #50

By the way, this is about the fiftieth time this idea has been posted.  But at least there's a nice drawing this time.
Yeah, those threads are fun to watch. This one was started by a pure wannabe. The previous ones were started by various pretenders, for example the pretend-programmer that proposed BitClip:

https://bitcointalk.org/index.php?topic=24852.msg308635#msg308635
https://bitcointalk.org/index.php?topic=24852.msg643656#msg643656

Now if there was a way to mine the deposits of comedy gold that are hidden in BitcoinTalk we would all be rich.

Edit:

Poking fun is too easy. Here's the link for some hardware wallet device proposal from somebody with an actual skill:

https://bitcointalk.org/index.php?topic=94119.0

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
franky1
Legendary
*
Offline Offline

Activity: 4396
Merit: 4761



View Profile
October 07, 2012, 04:43:13 PM
 #51

my earlier post about using an USB mp3 player at the cost of £8 ~ $13 is far cheaper then the OP's suggestion..
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html

the link is just one example. theres many more i seen with a couple buttons and a screen for under $6.

the costs of a small business to produce circuit boards with labour time added far exceeds that of existent larger businesses that use machines that churn out products by the second.

plus the example i used has more then 2 buttons.. use the fastforward button to increase amount, rewind button to decrease the amounts, the play button to accept payment and the stop button to cancel payment.

all you need is someone with firmware experience to reprogram it and your complete. no soldering/ special machinary required.


I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
October 07, 2012, 04:47:01 PM
Last edit: October 07, 2012, 05:09:58 PM by BkkCoins
 #52

If you want to build one of these I'd suggest getting in touch with Austria Micro Systems and see how much it would cost for a previous gen ARM chip like they used in the Sansa Fuze or Sansa Clip.

These devices are supported by Rockbox and so you have a wealth of ready to use open source code and ready to go dev tools. The clip already has a minimal display but in either case you would reduce the device to just the chip, one line display and button. No battery, no wheel or sound or other stuff. Just chip, usb connector, display, button on a pcb. Your main cost is the AMS chip and I don't know what the volume price on those is but I'm sure it's capable enough to do the needed crypto functions, unlike the cheap 8 bit PICS and AVRs etc. One line LCD display can be very cheap. I bought mobile phone LCD displays for $2-3 and they were multi-line like on Nokia phones.

You might also look at some of the Broadcom chips available like they use in the Raspberry PI, though you could get by with one much less capable than they use for that. I don't know what the cheapest ARM chips on the market - you should search for the lowest priced one as you don't need much more than cpu+usb+some flash memory.

The nice thing about using the AMS chips is you can buy a second hand Fuze off ebay and do all the dev work and hack in a display and test it fully before you even make a PCB and order anything. So you could do a prototype for almost nothing and look for funding to do a real production run.

BTW I contributed to the Rockbox project and did dev work on my Fuze so I know all this to be doable quite easily. Heck, you could probably just market the open source Sansa Fuze/Clip compatible code to make this thing work with the millions of Clips/Fuzes kicking around now. It's pretty easy for an average user to upgrade the firmware too and it can become a Bitcoin wallet device.

RockCoin ... Bitcoin Wallet for Rockbox. Solid Like A Rock. Or CoinBox sounds better.

Fuzes with broken display are dumped on ebay for like $5-10 or so. Or they were, I haven't checked recently.

Edit: Just saw on AMS web site 1k qty chip is $9 each. A bit high but maybe they have a lower end chip available. USB conn stk#10019 from4uconnector.com about 0.13 each, PCB 0.5"x2" from China low qty about 0.50 each. May need a volt reg if not already on chip, 5V > 3.3V likely.

insight
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
October 07, 2012, 05:44:12 PM
 #53

You know, someone could probably build the app to do this in C, targeting Linux as the OS, using serial as the interface, and it would probably run on gobs of hardware that's already out there for nearly free.  People could root their old 2nd generation iPod or whatever, and use it as a transaction verifier and be able to get into it for zero hardware cost (or pick one up on eBay).

Sure, but that's a nerd thing.

We are targeting grandma's here.

Not exactly.  The goal isn't to make it a hobby project for nerds, the goal is to get the hardware cheap.  There is SO MUCH obsolete hardware that could run an application like this that people are throwing in the garbage.  It would be a sustainable business model to pick some old gadget, refurbish and recycle it into a low-cost bitcoin transaction verifier, and sell it on the open market to grandma.  An iPod modified to be a transaction verifier would be very grandma-friendly (if someone else does the modification, of course).

Would you trust your bank if the gave you a secondhand device, that they had reconfigured? Would you trust me if I gave you one?
Here, safewallet for you my friend, only 2,5 Btc Wink

To get to grandma and avarage joe, it has to be something that is comes in a plastic package and can be bought in stores.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 07, 2012, 05:49:09 PM
 #54

The best way to start doing this without putting the cart before the horse would be to write the C code that will run on all this magical dream hardware.

Once there's a Linux-based program and a well-defined serial protocol that can serve as the proof-of-concept (even if the program runs on another whole computer), then the hardware discussion will be much more fruitful I think... (and the serial protocol can be adapted to run over USB, TCP, etc.)

Whether a piece of hardware has been secretly backdoored is relatively moot, because the only action the hardware could take would be to sign a transaction it wasn't supposed to sign, which would only be possible if the same person who provided the backdoored hardware also happens to have control over the host computer.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
kalleguld (OP)
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 07, 2012, 06:02:01 PM
 #55

In the meantime you can buy a USB stick with an AVR, flash memory, and two buttons on it for about $10.  That's probably the easier route, and since they're sold mainly for non-bitcoin applications you don't have to worry quite as much about being trojaned.
Surely you mean cheaper, not easier.

Yep.  That's exactly why you should only buy one of these things if it specifically isn't marketed as a bitcoin-related device.  Catch-22.
Can I assume that you also make your own OS and bitcoin client?
cedivad
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
October 07, 2012, 06:16:50 PM
 #56

Specifically, I need:
  • A businessman, who will keep track of orders, outsourcing production, making bulletpoins, etc.
  • An electrical engineer, who can design a PCB with the needed components.
  • A programmer, who can help me in making the PC UI, the µc firmware, auditing etc.
Why do they need you?

Heh Smiley

By the way, this is about the fiftieth time this idea has been posted.  But at least there's a nice drawing this time.  Maybe someday somebody will actually sell these things, but if they were marketed as a way to store your BTC I'm not sure I'd trust them.

In the meantime you can buy a USB stick with an AVR, flash memory, and two buttons on it for about $10.  That's probably the easier route, and since they're sold mainly for non-bitcoin applications you don't have to worry quite as much about being trojaned.

Hi, could you link me to this hardware?

It would be interesting for other projects i have, non bitcoin related.

Thank you!

My anger against what is wrong in the Bitcoin community is productive:
Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)
Hashfast.org - Wiki for screwed customers
allten
Sr. Member
****
Offline Offline

Activity: 455
Merit: 250


You Don't Bitcoin 'till You Mint Coin


View Profile WWW
October 07, 2012, 10:06:30 PM
 #57

I've been working on a Hardware Bitcoin Wallet for a few weeks now.

It's going to use MICROCHIP PIC32.
I was able to get ECDSA working and prove the concept on the hardware chosen, but the firmware/software is still seriously lacking.

In 6 to 8 weeks, I will have a prototype PCB.

Was going to wait to post, but since so many our focused on the same thing I don't want to duplicate the work.
It is going to be open source hardware and open source firmware/software.

However, I wanted to do it with one button. a quick press for one function and a long press (3 seconds) for a different function.

Also, I was looking for different ways to get away with not having a display to keep cost and size down. One thought was to have the
USB Security device to disconnect and reconnect as a keyboard and with a quick press - what is about to be signed would be displayed
with a signature (not the signature for the transaction), but from the USB device (to make sure its not some malware in between the user and the data that's being received).
If all is good, then a long button press produces the desired signature.

Anyways, please keep me informed if anyone else is working on this. I do have a PCB being designed and it's 20% complete.
Also have the design ready for a development board for those interested in developing the firmware and software. The will Start working on the PCB design after I build a prototype.
The final price looks to be between $12.00 to $15.00, but that is no guarantee and that may not even be conservative.
allten
Sr. Member
****
Offline Offline

Activity: 455
Merit: 250


You Don't Bitcoin 'till You Mint Coin


View Profile WWW
October 08, 2012, 04:12:13 AM
 #58

My Wife and a I were discussing the name tonight. Here's what we came up with:


Name: The BitSafe
Slogan: It's much more than a little-bit safe.
Minor
Member
**
Offline Offline

Activity: 85
Merit: 10



View Profile
October 08, 2012, 07:44:01 AM
 #59

Whatever micro-controller you chose, make sure it cannot be reprogrammed over the USB connection otherwise the device would be way too easily compromised.

Also, I think the use of an on-board display is essential for visual confirmation of the destination address before accepting to sign the transaction.

BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
October 08, 2012, 08:07:56 AM
 #60

Also, I think the use of an on-board display is essential for visual confirmation of the destination address before accepting to sign the transaction.
Absolutely. Without a display any method of confirmation via the usb port can be easily faked. The display is the only thing that makes this worthwhile and it doesn't need to cost much at all. You just need to source them from Asia. Some time ago there was quite a discussion of this type of device on Schneier's security blog and the display was the key component (though that discussion was not talking about Bitcoin).

Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!