Bitcoin Forum
July 27, 2017, 06:46:15 PM *
News: BIP91 seems stable: there's probably only slightly increased risk of confirmations disappearing. You should still prepare for Aug 1.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Idea: Secure wallet on USB MP3 players  (Read 1401 times)
bubblerider
Newbie
*
Offline Offline

Activity: 4


View Profile
June 16, 2011, 04:48:11 PM
 #1

Hi,

there are lots of cheap USB MP3 players on the market. These are basically small embedded computers, and they usually have a small display and some means of input. One could write a modified firmware for such a device, which enables the user to upload (and not download again!) a wallet.dat. The bitcoin client would then, instead of signing a transaction itself, request the USB device to sign the transaction. This way, the private keys would never leave the MP3 player, so stealing bitcoins via trojans/viruses like it happened recently would be a lot harder. Of course, one would still need to make (encrypted) backups of the wallet in case the MP3 player gets broken or lost.

There is already a project that writes modified firmwares for such devices (http://www.rockbox.org/). Maybe it would be easier to write a plugin for that instead of starting from scratch.

What do you think?

(@Admins: Please move this topic to "Development & Technical Discussion".)

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Bittie
Newbie
*
Offline Offline

Activity: 4



View Profile
June 16, 2011, 05:14:36 PM
 #2

The way I look at it. The Spy/Mal/Trojan/Virus will be looking for wallet.dat..

Just go to the bitcoin folder in userdata and rename it to roger.dat
Cut and paste to any folder you want..
Open the client again and a new wallet is created.
Rename roger back to wallet when you want to use it.
Rename dummy wallet1 etc and back again.

Leaving the dummy wallet is just a reward if there's an attack (once wallet found it leaves)

My rig runs @300khash/s.. Now that's power!
bubblerider
Newbie
*
Offline Offline

Activity: 4


View Profile
June 16, 2011, 06:12:21 PM
 #3

Hmm, nobody interested? Roll Eyes
ben-abuya
Sr. Member
****
Offline Offline

Activity: 323



View Profile WWW
June 16, 2011, 06:18:07 PM
 #4

Hi,

there are lots of cheap USB MP3 players on the market. These are basically small embedded computers, and they usually have a small display and some means of input. One could write a modified firmware for such a device, which enables the user to upload (and not download again!) a wallet.dat. The bitcoin client would then, instead of signing a transaction itself, request the USB device to sign the transaction. This way, the private keys would never leave the MP3 player, so stealing bitcoins via trojans/viruses like it happened recently would be a lot harder. Of course, one would still need to make (encrypted) backups of the wallet in case the MP3 player gets broken or lost.

There is already a project that writes modified firmwares for such devices (http://www.rockbox.org/). Maybe it would be easier to write a plugin for that instead of starting from scratch.

What do you think?

(@Admins: Please move this topic to "Development & Technical Discussion".)



Actually that's a really good idea. Try it! One thing I would change though: don't upload the wallet to the device, just generate the private keys on the device itself.

http://lamassubtc.com/
Lamassu Bitcoin Ventures
bubblerider
Newbie
*
Offline Offline

Activity: 4


View Profile
June 16, 2011, 06:26:15 PM
 #5

Actually that's a really good idea. Try it! One thing I would change though: don't upload the wallet to the device, just generate the private keys on the device itself.

Well, if I only had more free time... Grin

Would you like to re-post this topic to the proper section in this forum? I would like to get more developers interested into this, but I think in the newbie section this is hopeless, and I can't post elsewhere. FAIL...
nwolf
Newbie
*
Offline Offline

Activity: 26


View Profile
June 17, 2011, 12:47:46 AM
 #6

This is actually a quite nice idea, security-wise. Better than using an old cell phone and "manually removing the wireless transmitters", as I've seen suggested.
thinkweis
Jr. Member
*
Offline Offline

Activity: 42


View Profile WWW
June 17, 2011, 01:16:45 AM
 #7

If you are going to do something like this, make sure it looks like a cheap one. Last thing you need is someone stealing a couple hundred bitcoins for a $100 mp3 player they will format anyway.

Beginners guide to mining bitcoin http://startbitcoin.com Bitcoin mining for beginners
New Secure Wallet Guide http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/
Order the Blockchain by mail on dvd http://startbitcoin.com/blockchain-on-dvd/
If you found this information helpful - Please Donate 1HbdRpinMDQ2cgUWsKiMPDN2icC8rNpS1i
SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700


View Profile
June 17, 2011, 01:31:27 AM
 #8

Moved
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!