Idea: Secure wallet on USB MP3 players

[bubblerider]

Hi,

there are lots of cheap USB MP3 players on the market. These are basically small embedded computers, and they usually have a small display and some means of input. One could write a modified firmware for such a device, which enables the user to upload (and not download again!) a wallet.dat. The bitcoin client would then, instead of signing a transaction itself, request the USB device to sign the transaction. This way, the private keys would never leave the MP3 player, so stealing bitcoins via trojans/viruses like it happened recently would be a lot harder. Of course, one would still need to make (encrypted) backups of the wallet in case the MP3 player gets broken or lost.

There is already a project that writes modified firmwares for such devices (http://www.rockbox.org/). Maybe it would be easier to write a plugin for that instead of starting from scratch.

What do you think?

(@Admins: Please move this topic to "Development & Technical Discussion".)

[Bittie]

The way I look at it. The Spy/Mal/Trojan/Virus will be looking for wallet.dat..

Just go to the bitcoin folder in userdata and rename it to roger.dat
Cut and paste to any folder you want..
Open the client again and a new wallet is created.
Rename roger back to wallet when you want to use it.
Rename dummy wallet1 etc and back again.

Leaving the dummy wallet is just a reward if there's an attack (once wallet found it leaves)

[bubblerider]

Hmm, nobody interested?

[ben-abuya]

Hi,

there are lots of cheap USB MP3 players on the market. These are basically small embedded computers, and they usually have a small display and some means of input. One could write a modified firmware for such a device, which enables the user to upload (and not download again!) a wallet.dat. The bitcoin client would then, instead of signing a transaction itself, request the USB device to sign the transaction. This way, the private keys would never leave the MP3 player, so stealing bitcoins via trojans/viruses like it happened recently would be a lot harder. Of course, one would still need to make (encrypted) backups of the wallet in case the MP3 player gets broken or lost.

There is already a project that writes modified firmwares for such devices (http://www.rockbox.org/). Maybe it would be easier to write a plugin for that instead of starting from scratch.

What do you think?

(@Admins: Please move this topic to "Development & Technical Discussion".)

Actually that's a really good idea. Try it! One thing I would change though: don't upload the wallet to the device, just generate the private keys on the device itself.

[bubblerider]

Actually that's a really good idea. Try it! One thing I would change though: don't upload the wallet to the device, just generate the private keys on the device itself.

Well, if I only had more free time...

Would you like to re-post this topic to the proper section in this forum? I would like to get more developers interested into this, but I think in the newbie section this is hopeless, and I can't post elsewhere. FAIL...

[nwolf]

This is actually a quite nice idea, security-wise. Better than using an old cell phone and "manually removing the wireless transmitters", as I've seen suggested.

[thinkweis]

If you are going to do something like this, make sure it looks like a cheap one. Last thing you need is someone stealing a couple hundred bitcoins for a $100 mp3 player they will format anyway.

[SomeoneWeird]

Moved