Bitcoin Forum
March 29, 2024, 12:17:37 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 25824 times)
Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 17, 2011, 10:42:22 AM
 #21

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.
That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.

In environment when almost weaponized viruses are created specifically to harvest bitcoins this might do more harm than good.

Many people will rely on this encryption instead of taking their bitcoin wallets offline or use specialised devices or services to secure wallets. There is lots of merit in original bitcoin stance that bitcoin deals with money and it is up to the users to take care of their wallets security.

At the same time, as you correctly noted, wallet encryption functionality would protect from some attacks. This is not a black and white thing.

It looks like bitcoin devs will bow to popular demand for false sense of security and bitcoin encryption will be in the next version of bitcoin client. I would prefer to have instead of encryption, possibility to chose which exact coins are being spend and to have more than one wallet.


My view is that doing encryption in official bitcoin client is like hanging this thing on your regular wallet (with cash and credit cards)



-
1711714657
Hero Member
*
Offline Offline

Posts: 1711714657

View Profile Personal Message (Offline)

Ignore
1711714657
Reply with quote  #2

1711714657
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000



View Profile
June 17, 2011, 10:46:02 AM
 #22

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.
That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.
This could be combined with an on-screen keyboard with shifted keys, such that a keylogger would be useless. You would then need a way to protect the user from having his screen recorded or seen. This would be getting absurd, as you can't use bitcoin offline and secluded in the basement every time you need to make a transaction.

It's still better than having a wallet in "clear-text" where you upload it like an idiot to a site that checks it if it's ok, or someone steals it on an usb or with a remote file browser or a javascript applet uploader.
flug
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250



View Profile
June 17, 2011, 10:55:52 AM
 #23

Banks get around this (still not completely) with second factor auth and I do not see how bitcoin can do second factor auth without losing decentralisation. (unless Satoshi comes out of the woods with invention of proofofwork/blockhain for second factor auth)

I can imagine an evolution where the bulk of the clients on the main network are large *secure* vaults of bitcoins (either private or bank holdings). Most people's bitcoins would be held in these locally-centralized banking funds, and accessed via a separate service layer similar to how banks work today.
LeFBI
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 17, 2011, 11:01:41 AM
 #24

Many people will rely on this encryption instead of taking their bitcoin wallets offline or use specialised devices or services to secure wallets. There is lots of merit in original bitcoin stance that bitcoin deals with money and it is up to the users to take care of their wallets security.
That's a point but if the dev team decides to keep it the unencrypted way, they should at least tell the user how to treat the wallet.dat correctly, with a step-by-step-understandable-for-none-geek-users-tutorial. but i really don't think you can transport linuxCoin,truecrypt etc etc to the average user. they will say "fuck that, too complicated. i'll stick with paypal".
and as already said, in the current bitcoin client it doesn't even tell the user that the wallet file exists. After creating the wallet it should be prompted to the user that it exist, what is for and how to secure it. and the gui user should at least be given a choice where to store the file and/or encrypt it/not.
flug
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250



View Profile
June 17, 2011, 11:20:25 AM
 #25

..in the current bitcoin client it doesn't even tell the user that the wallet file exists. After creating the wallet it should be prompted to the user that it exist, what is for and how to secure it. and the gui user should at least be given a choice where to store the file and/or encrypt it/not.

That's the crux of the problem, really. Awareness. We need to ensure that people are aware of the issues. I downloaded the client a while back and bought some bitcoins and watched them shoot up in price, but it's only the fact that I've been following this forum that I've any idea of the risks, and that I should be doing something to protect the investment. Otherwise I might have suddenly found them stolen, and never trusted Bitcoin again. All of the effort, PR, etc, that's gone into Bitcoin, but only takes a moment for trust to be lost.
Nefario (OP)
Hero Member
*****
Offline Offline

Activity: 602
Merit: 512


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 11:51:20 AM
 #26

I'd like to be able to rename my wallet.dat to some other file, and the client asks for the file on startup.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000



View Profile
June 17, 2011, 12:00:40 PM
 #27

My view is that doing encryption in official bitcoin client is like hanging this thing on your regular wallet (with cash and credit cards)



What about these things you can do with a regular wallet:


mintymark
Sr. Member
****
Offline Offline

Activity: 286
Merit: 251


View Profile
June 17, 2011, 12:16:22 PM
 #28

Surely, it should be obvious to all, including the banks that the days of passwords as protection is passed. (excuse the pun!) Something more revolutionary is needed, and bitcoin is nothing if not revolutionary.

There are many things that might be used as alternative, aimed to mess up a keylogger, because I do agree with Vladimir, if your computer is infected, you are probably scr**d, (Even though wallet encryption might help a lot of  people, so should be done as soon as possible.)

So just to put a mark in the sand, what alternatives to passwords? You could have a sentence and a enter the 5th and 7th word type thing. Yes the keylogger would eventually get it, but would have to wait a while. Even enter the 3rd, 9th and 2nd charters from the 4 and 5th words. That would take some beating!

You could add (to a simple password) a capatcha question, like what colour is the sky?

You could do something with the timing of key entry, so that the cleverness was not in what you enter but the rythem and timing of it.

You could even do basic statistic analysis on timing of a sentence, maybe.

But I do not think a simple password should be used.

Hardest thing of course is to remember it. Because I do not see any simple way to recover a lost wallet key.

[[ All Tips gratefully received!!  ]]
15ta5d1N8mKkgC47SRWmnZABEFyP55RrqD
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2164


Chief Scientist


View Profile WWW
June 17, 2011, 12:42:54 PM
 #29

If your device (computer, mobile phone) is infected and your bitcoin wallet keys are stored on that device (encrypted or not), then the bad guys will get your coins sooner or later.

Sooner if the wallet is not encrypted. Later if it is encrypted.

Come up with all the fancy "measure timing and enter your fingerprints and choose an 80-character-long password and store your private keys inside the Trusted Platform Module Chip" pseudo-security measures you like; if your device is infected they will not work.

The bad guys will simply hack the software so that you THINK you're securely sending 1 bitcoin to your cousin (because that's what it says on the screen), but instead you're REALLY authorizing sending your entire bitcoin balance to the bad guys.

How often do you get the chance to work on a potentially world-changing project?
adaman
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 17, 2011, 12:48:02 PM
 #30

Also with current online banking there is a risk to loos money. Even eTAN will not provide you with 100% security or any kind of token or smart cards. Especially if your system is already compromised. But each step to get more security for the wallet.dat is a good step. Sure it will give some people an false sense of security but thats the game. On the other hand each bit of an little more secure wallet.dat will help to prevent stealing and misuse by increasing the barrier for an possibel thief. To encrypt an wallet is for sure not the final solution but should be a part of an larger security concept.
MikesMechanix
Member
**
Offline Offline

Activity: 70
Merit: 10



View Profile
June 17, 2011, 01:23:41 PM
 #31

Vladimir's inference was that this 'solving' the issue at the client level would be giving a false sense of security, which is the worst of all worlds.

An age-old fallacy. Anything that helps, helps.

Do you not install locks and burglar alarms because they aren't 100 % proof?
Should we not install airbags in cars even though they don't guarantee survival?
etc etc
I could come up with hundreds of examples.

Having wallet.dat encrypted is just the last wall of defence, which could potentially give its owner enough time to realize his computer has been compromised, and allow him to move the coins to a safe wallet. The private keys really only need to be unencrypted when payments are made, so the attack surface is reduced by much more than most people probably realize. It also requires the thief to target Bitcoin specifically, pretty much eliminating opportunity-made-thieves, and reducing the risk from random break-ins.

It's also somewhat easy to implement.

No, it's not 100 % hacker-proof, but to have any usability wallet.dat needs to be available relatively easily. All the suggestions of having an extra computer not routed to the internet, or booting from a thumbdrive, just to make the occasional online payment are laughable. Make those kinds of requirements, and Bitcoin is guaranteed to not take off, ever.

Please send your extra Bitcoins to 17miTorGDBUh3yNTYJtodJPw9wzrcNcf6y. Thank you!

Sign up on TradeHill Instant Bitcoin Exchange using this link to get a lifetime 10 % discount on trades!
EpicFail
Member
**
Offline Offline

Activity: 94
Merit: 10


View Profile
June 17, 2011, 01:36:22 PM
 #32

I am trying to comprehend why in the Open Source community there is this prevalent attitude that if a security measure is not 100% foolproof then it is not worth the trouble to implement it. It is often further asserted that implementing these partial measures would be counter productive because doing so would give the average user a false sense of security leading to careless behavior in other areas.

The solution these people propose typically run along the lines of: "Secure your outer (Linux) shell!! You don't have to worry about anything else! You can now leave plain text sensitive data lying around your file system because Linux is inherently safe!" Roll Eyes Well, OK, not to that extent but you get the idea ....

Anyway, is it really that difficult to add an optional on-the-fly encryption to the standard client, with the keys stored in a removable smart card (or even USB stick for that matter)? No smart card inserted, no decryption. It should be possible to keep the client running accepting block information without the smart card inserted. The keys should also be based on a password, effectively giving you 2-factor authentication (password and physical device). This is not really complicated and should considerably reduce the attack surface.



Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 17, 2011, 01:43:27 PM
 #33

MikesMechanix, all the laughable suggestions were made to get offline 4 digit BTC wallets which effectively contain 5 soon to be 6 digit of USD equivalent. In other words, more than annual income of most people and more than 10-20 years or even lifetime saving of most people.

Quote
All the suggestions of having an extra computer not routed to the internet, or booting from a thumbdrive, just to make the occasional online payment are laughable.

Ask the former owner of 25k bitcoin if he is in laughing mood...

Fell free to laugh at recommendations of Information Security professional (in retirement), who've done proper risk assessment, at your own peril.

BTW I am not advocating 'not implementing' wallet encryption, I am just saying that this is not really a solution for fat wallets and there may be more useful things to do for developers.

If your wallet has 10 BTC (at present valuation), I would not even bother encrypting anything... just keeping OS reasonably secure would be enough. If there is 10k BTC it would be completely different thing.


-
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322
Merit: 252



View Profile
June 17, 2011, 01:46:41 PM
 #34

Why would someone want to steal old Trojans out of a man's wallet?  Wink

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
LeFBI
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 17, 2011, 01:59:38 PM
 #35

If your device (computer, mobile phone) is infected and your bitcoin wallet keys are stored on that device (encrypted or not), then the bad guys will get your coins sooner or later.

Sooner if the wallet is not encrypted. Later if it is encrypted.
but not even trying to protect the users doesn't make any better. do you also not update antivirus software, just because there will always be some new trojan version? or do you never update any a linux machine just because hackers will always find new ways to get root access?
with not encrypting the wallet.dat you open the doors for much broader range of thieves who don't even need a lot of knowledge about computers,operating systems,exploits etc to rob someone.

oh, and targeting the wallet.dat has already been actively used:
http://buttcoin.org/bitcoin-verifier-will-verify-the-integrity-of-your-wallet
scam site was: http://walletinspector.info/

it asked the visitor to upload the wallet file, to "verify" it.
if the file was encrypted, the site would have needed to ask for the password and Joe-Averge-None-Geek would might have gotten suspicious too. assuming that he was told what the wallet.dat is...
MikesMechanix
Member
**
Offline Offline

Activity: 70
Merit: 10



View Profile
June 17, 2011, 02:04:25 PM
 #36

BTW I am not advocating 'not implementing' wallet encryption, I am just saying that this is not really a solution for fat wallets and there may be more useful things to do for developers.

It really does look to me like a lot of people actually oppose client encryption of wallet.dat, as if it didn't bring ANY security, when in fact it probably has more protective value than a firewall or an antivirus program.

It's easy agree if you have a relatively large amount of bitcoins, you should take extra measures to protect them.

Please send your extra Bitcoins to 17miTorGDBUh3yNTYJtodJPw9wzrcNcf6y. Thank you!

Sign up on TradeHill Instant Bitcoin Exchange using this link to get a lifetime 10 % discount on trades!
Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 17, 2011, 02:05:22 PM
 #37

windows vs. unix debate all over again

or a swiss army knife versus a professional tool set.

bloating bitcoin client with all kinds of stuff as poor innocent naive users demand versus doing one thing very well and using other tools that are doing well other things, like securing wallets.



-
LeFBI
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 17, 2011, 02:22:03 PM
 #38

bloating bitcoin client with all kinds of stuff as poor innocent naive users demand versus doing one thing very well and using other tools that are doing well other things, like securing wallets.
do you want it to be simple&secure to get bitcoin as widely accepted&spreaded as possible by the users or do you want bitcoin to be stigmatized as hacker-,nerd- and black market currency forever?
you can't expect the simple user to use 3 different tools just to make it secure, no none-geek will do that. a simple "choose wallet&enter password" won't bloat anything at all. the gui still can look like it was made in the 1990's for windows 3.11 ...plain, simple, not overloaded.  Cheesy
oneforall
Full Member
***
Offline Offline

Activity: 140
Merit: 100



View Profile
June 17, 2011, 02:27:19 PM
 #39

If your device (computer, mobile phone) is infected and your bitcoin wallet keys are stored on that device (encrypted or not), then the bad guys will get your coins sooner or later.

Sooner if the wallet is not encrypted. Later if it is encrypted.

Come up with all the fancy "measure timing and enter your fingerprints and choose an 80-character-long password and store your private keys inside the Trusted Platform Module Chip" pseudo-security measures you like; if your device is infected they will not work.

The bad guys will simply hack the software so that you THINK you're securely sending 1 bitcoin to your cousin (because that's what it says on the screen), but instead you're REALLY authorizing sending your entire bitcoin balance to the bad guys.


What this sounds like to me is "As long as there are mean people making viruses, bitcoin can't work." is this really the case?
adaman
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
June 17, 2011, 02:48:56 PM
 #40

I totally agree there are other tools and solutions out in the wild that will do better than just encrypting your wallet. And normally users should be aware of it. But "normall" users are more like my mother for example.

Last time i talked to here on the phone we spoke about here notebook. She mentioned something about warning messages popping up informing about infections. I hope it was the virus scanner that inform here preventing some malicious software from executing, hopefully. Believe me i tried my very best to get a clear description of the issue, it was impossibel.  Roll Eyes

It took me hours to explain my mother some basic steps of computer security (automatic updates for OS and virus scanner). All she asked me afterwards was "Aha, do you wish another cup of coffee?".

All she sees and knows is this colorfull GUI of what ever she is using. What is working behind this is a complete mystery to this group of users. And it will be a mystery for them.

And now i shall come up with changing OS, install and using TC or other "complicate" IT stuff?

This kind of normal users are minimum more than 80% of potential users who could use crypto currency as digital payment. And this is the largest group of users you are dealing with if we are talking about spreading bitcoins under the masses.

These users i talking about will never start studying HowTo´s, manuals etc etc. They are only users and they will never be something else.

Thats why i think to give this people trust into Bitcoin its not a bad idea to implement some security features into the client.

Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!