TraderTimm
Legendary
Offline
Activity: 2408
Merit: 1121
|
|
June 27, 2011, 03:18:11 PM |
|
|
fortitudinem multis - catenum regit omnia
|
|
|
dukejer
Jr. Member
Offline
Activity: 42
Merit: 2
|
|
June 27, 2011, 03:38:03 PM |
|
This would be a shitty security method that would protect you only from the most noob script kiddie. Two ways to hack it: * the simple: wait for the window asking the password to appear and take the password (keyloggers)
I would hope the Bitcoin client uses a different method to receive your password like an on screen keyboard but this will open the client to a screen capture on mouse event. Still it is better then what we have now. * the "a little harder": You know (by looking at the source, the client is open source, you know?) in which function the key is unencrypted, you wait for the exe of the client to be loaded (you are a trojan, you are resident in memory), put a breakpoint there and snoop the memory. Each time a new version of the client is created you lose half an hour to "expand" your library of possible breakpoints. Hackers do more complex things to games that are protected by latest generation protections. You think that an open source software that anyone can compile is more resistant? Encryption will only make the wallet.dat more resistant to "one shot" trojans that enter, steal and exit (or to trojans written by script kiddies that don't know assembly). This would steal one private key at a time, if the program is well written (but then, if you are already putting a bp in the code, you can directly steal the password).
If we make the client more resistant to fly by the night attacks this would cut down on the successful thefts on the Bitcoin wallets. There will be intelligent viruses and trojans that overcome all security methods but these would be more specialized. We need to make it more difficult for hackers to even want to steal the bitcoins and find some other low hanging fruit like the real banks. The only "possible" way would be to make the program polymorphic, like the viruses, so it would be more difficult to put a breakpoint in memory, but it's quite complex... And it would protect only against the second method. And in the end the Trojan would simply replace your exe with another one that would only ask you the password and send it to the hacker.
I like your polymorphic moving target memory idea. Can you send the code to the developers. I understand what your are talking about but what do we do? Put our head in the sand and let Bitcoin go away or centralize and put our Bitcoins back in a digital bank that is insured by the FDIC and end back where we are now. I doubt I will lose my Bitcoins on my secure Linux box but everyone I work with that is not technical would not be able to run their own secure Linux box. They can not even secure Windows. I gave up supporting Windows for my family and friends. I only run Linux Systems at my home and I only support Linux for family and friends that are willing to go in a different direction and not use Windows. Maybe we need a hardware device that is not on the Internet that holds our wallet private keys and uses an API over the local LAN to request that you send money. Then you have to walk over to this secure hardware widget and put in your password there. Of course this would put Bitcoin out of the hands of everyday users who would not want to spend any additional money to send and receive Bitcoins. -Dukejer
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
June 27, 2011, 03:59:26 PM |
|
This site would have to be American ran, and willing to fight a NASTY fight with Paypal. Right now the community is divided. We can't seem to get anything off the ground here . Who the hells motivated to make new currency solutions when they see informational forums getting hacked, where there's virtually 0 money to be gained. I don't get people.. I really don't SMH. I am contemplating joining a local Credit Union and preparing a proposal for their next general meeting (whenever that is). They have bricks and mortar, a website, and all deposits are guaranteed by the (provincial) government (even foreign currencies). The only thing that really concerns me is that I expect Bitcoin to ultimately fail. I am not sure how an institution like a Credit Union would be able to accept Bitcoin on the one hand, yet make it clear how risky the "experiment" is on the other. I would be surprised if this happens in less than a year.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
June 27, 2011, 04:40:05 PM |
|
It'd probably be a good idea for everyone to use something like LittleSnitch to add to security. It won't make you bulletproof but with something like LittleSnitch (or ZoneAlarm's solution) you can be alerted to any ingoing or outgoing activity from your computer and you have to either deny it or approve it.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
xanatos
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 27, 2011, 05:07:59 PM |
|
I understand what your are talking about but what do we do? Put our head in the sand and let Bitcoin go away or centralize and put our Bitcoins back in a digital bank that is insured by the FDIC and end back where we are now. I doubt I will lose my Bitcoins on my secure Linux box but everyone I work with that is not technical would not be able to run their own secure Linux box. They can not even secure Windows. I gave up supporting Windows for my family and friends. I only run Linux Systems at my home and I only support Linux for family and friends that are willing to go in a different direction and not use Windows.
Maybe we need a hardware device that is not on the Internet that holds our wallet private keys and uses an API over the local LAN to request that you send money. Then you have to walk over to this secure hardware widget and put in your password there. Of course this would put Bitcoin out of the hands of everyday users who would not want to spend any additional money to send and receive Bitcoins. -Dukejer
The cheapest android device is 99€ here in italy. It can be used as a "close" system. You install a thin client, install the fat client on your PC and keep on your PC the encrypted private keys (AES encrypted). These keys are downloaded from the android and decrypted by the cell phone on demand (your phone have the AES key). The PC needs "rearming" if the AES key sent is wrong. The AES key on your phone is PIN protected. You can send from your PC to your cell phone the public keys of persons you want to pay. You want to pay someone? In some "sicure" way you send the public key of the person to your cell phone, use the key to decrypt, and send the signed transaction to your PC. You don't use the phone in any other way than a client of bitcoin. You don't put a sim in the phone. You don't browse internet. Done.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
June 27, 2011, 05:36:43 PM |
|
Someone else is working on a script that generates a Bitcoin address from a Live CD. Although I'd love to sell lots of Paper Bitcoin Wallets, when this script is tested and finished and assured to work properly, the Live CD (for someone who can manage it) is in theory a very airtight method to generate a safe address that requires minimal trust.
If you generate a bitcoin address from a Live CD with no network connection, you can be assured it's safe, and there's nobody to trust. It's also simple enough that most people could manage it, the worst case is their computer is set to not boot CD's and has to have a setting changed.
Of course, you must trust the maker of the script - however, the script is fairly simple - it merely calls OpenSSL to generate a keypair and reformats it into a Bitcoin address - so even if you don't know the nuances of the scripting language, it's not too hard for the conscientious observer to tell there's no shenanigans in it.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
dukejer
Jr. Member
Offline
Activity: 42
Merit: 2
|
|
June 27, 2011, 05:48:34 PM |
|
The cheapest android device is 99€ here in italy. It can be used as a "close" system. You install a thin client, install the fat client on your PC and keep on your PC the encrypted private keys (AES encrypted). These keys are downloaded from the android and decrypted by the cell phone on demand (your phone have the AES key). The PC needs "rearming" if the AES key sent is wrong. The AES key on your phone is PIN protected. You can send from your PC to your cell phone the public keys of persons you want to pay. You want to pay someone? In some "sicure" way you send the public key of the person to your cell phone, use the key to decrypt, and send the signed transaction to your PC. You don't use the phone in any other way than a client of bitcoin. You don't put a sim in the phone. You don't browse internet. Done.
Why even download the private key from the Android device instead of leaving them on the Android device? I think for this to work the Android device would have to be locked down very tight which maybe hard if it is connected to the PC using USB. All it would take is for a hacker or virus to know it exists and root the device from the PC. A device with Ethernet and only a listening API would be more secure to the PC. I am also not sure if I would trust the Android device on Wifi. The PC could send a transmit BTC request to the Android device with the recipient public key and amount. After the user enters his pin or password on the Android device it would sign the transaction and transmit it to the PC like it was a Bitcoin node to pass on to the Internet. -Dukejer
|
|
|
|
joepie91
|
|
June 27, 2011, 06:02:08 PM |
|
ZOMG people! You have real money on your computers now. Stop using Windows. That is all... Oh come on. While I absolutely agree that Linux is more secure and generally a better idea to use it, this could not have been prevented by using Linux.Your wallet.dat is in your home directory, in the .bitcoin folder. That means it is freely accessible by any binary you run. All it has to do is grab that file, and ftp/email/something else it to someone. That is all perfectly possible, even from a severely limited Linux user account. Supporting Linux for its features is all fine, but don't go run around like a blind fanboy, saying the entire world could be saved by running Linux. Oh here we go..attack of the Linux nerds!
OMG OMG the default bitcoin cleint's security sucks..OMG unencrypted wallet.dat is such a good idea!
Anyways, this is the standard response most of you give...so yeah..moving on.
Keep proving the world that you are a bitter troll with no clue about computer security. A wallet.dat encryption is a false security feature, go troll somewhere else. Bullshit. A wallet.dat with a password (and said wallet.dat never touching the disk in unencrypted form) prevents outright stealing of a wallet.dat file, as you would need the password and/or keyfile to unlock it. That means that simple hit-and-run wallet.dat stealers are practically useless. This is also why third-party encryption is practically useless. Either your virtual disk with wallet is mounted (and it can be read off said disk as if it was never encrypted, doing a simple filesystem search) or it's not, in which case you can't use Bitcoin. Having to decrypt the wallet every time you want to use it (and thus leaving an unencrypted copy on your hard drive) is not an option either. This is why the client ITSELF should provide encryption that only happens when the wallet is actually needed, and that doesn't let the unencrypted wallet touch the drive, ever. This sucks and is really putting me off investing in bitcoin.
What is the point if some hacker can just come in under my nose and steal everything?
There is no security in bitcoin, it's ridiculous.
There is security in bitcoin, but it has to be YOU! Don't count on security by default... I've been thinking and I've come to the conclusion that Satoshi and the dev team should have never released a bitcoin client for windows!!! Then right now we'd all be a bunch of Linux geeks enjoying our geeky little currency and nobody would've had the opportunity to steal from us. Later on maybe once the security of the default client is vastly improved, then and only then release a windows version. Just my 2 cents. Where is the security? One unencrypted desktop file compromised and, hey presto, your money is gone. This doesn't happen with internet banking. Even a web client that you install to your own hosting would have been WAY better than a dumb desktop client. And what if your server is compromised? Exactly. how about we add a few bits and let people do wallet locks? i think most of us at this time are hoarders who know bitcoisn will be worth 100,000$ per bitcoin one day
a wallet lock is something that only honest users would be interested in imho.. u can use a password to lock/unlock but not to send coins
the fact is.. yeah windows has exploits that pretty much allow hackers at anytime to own your system, they are in the wild before they're even patched and no windows box is ever totally secure at any given time.. a 0-day hacker can always rape yer bitcoinZ
But then the virus would have to just wait longer until you type your password. I favor a "secure keypad" that you input your password via mouse clicks. Next question is how to trick viruses that may take screenshots? Screen flickering and/or hiding the numbers/letters when mousing over them (funnily enough Runescape uses a system like this for their bank PINs). -snip-
In which case you have to rely more on the security of the platform you are running it on. I actually think Windows can be secure, in principal if not in practice. Microsoft improved things greatly by giving their users an anti-virus solution that users could upgrade for free. Perhaps they finally observed that DRM was counter-productive to security because average users would not pay for it, just as they won't pay to upgrade their OS.
Linux does not have this problem, so has better use effectiveness of its security features. Users are more likely to keep it updated.
There have been proper free antivirus solutions for years. The problem is that the antivirus solution offered by Microsoft is really only a patch to something that should have been prevented before. They should have made a properly secured architecture for Windows from the very beginning. Look at it like this: Linux uses a condom, Microsoft relies on the morning-after pill.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
xanatos
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 27, 2011, 06:15:20 PM |
|
The cheapest android device is 99€ here in italy. It can be used as a "close" system. You install a thin client, install the fat client on your PC and keep on your PC the encrypted private keys (AES encrypted). These keys are downloaded from the android and decrypted by the cell phone on demand (your phone have the AES key). The PC needs "rearming" if the AES key sent is wrong. The AES key on your phone is PIN protected. You can send from your PC to your cell phone the public keys of persons you want to pay. You want to pay someone? In some "sicure" way you send the public key of the person to your cell phone, use the key to decrypt, and send the signed transaction to your PC. You don't use the phone in any other way than a client of bitcoin. You don't put a sim in the phone. You don't browse internet. Done.
Why even download the private key from the Android device instead of leaving them on the Android device? I think for this to work the Android device would have to be locked down very tight which maybe hard if it is connected to the PC using USB. All it would take is for a hacker or virus to know it exists and root the device from the PC. A device with Ethernet and only a listening API would be more secure to the PC. I am also not sure if I would trust the Android device on Wifi. The PC could send a transmit BTC request to the Android device with the recipient public key and amount. After the user enters his pin or password on the Android device it would sign the transaction and transmit it to the PC like it was a Bitcoin node to pass on to the Internet. -Dukejer You don't connect the Android to the PC with a cable. You use Wi-Fi or Bluetooth. You don't keep the private key on the cellular because it can be easily stolen. Stealing the PC AND the cellular is more complex (you can easily hide the cellular when you don't need it). Yes, it's perhaps possible to hack a cellular through wi-fi, but it's quite complex, and it's model-by-model. There isn't a single-hack that works for everything. It isn't totally fool-proof but it raises the difficulty of an hack very much. Especially if you consider that economical Android cellulars will multiply in the next year or so.
|
|
|
|
aral
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 27, 2011, 06:26:39 PM |
|
Oh come on. While I absolutely agree that Linux is more secure and generally a better idea to use it, this could not have been prevented by using Linux. Your wallet.dat is in your home directory, in the .bitcoin folder. That means it is freely accessible by any binary you run. All it has to do is grab that file, and ftp/email/something else it to someone. That is all perfectly possible, even from a severely limited Linux user account. Supporting Linux for its features is all fine, but don't go run around like a blind fanboy, saying the entire world could be saved by running Linux.
So, create a new user for bitcoin, use it just for bitcoin and it won't be accessible from your normal user login. I haven't actually done this but it seems like an easy way to get extra protection.
|
|
|
|
joepie91
|
|
June 27, 2011, 06:29:56 PM |
|
Oh come on. While I absolutely agree that Linux is more secure and generally a better idea to use it, this could not have been prevented by using Linux. Your wallet.dat is in your home directory, in the .bitcoin folder. That means it is freely accessible by any binary you run. All it has to do is grab that file, and ftp/email/something else it to someone. That is all perfectly possible, even from a severely limited Linux user account. Supporting Linux for its features is all fine, but don't go run around like a blind fanboy, saying the entire world could be saved by running Linux.
So, create a new user for bitcoin, use it just for bitcoin and it won't be accessible from your normal user login. I haven't actually done this but it seems like an easy way to get extra protection. Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
dukejer
Jr. Member
Offline
Activity: 42
Merit: 2
|
|
June 27, 2011, 06:32:34 PM |
|
You don't connect the Android to the PC with a cable. You use Wi-Fi or Bluetooth. You don't keep the private key on the cellular because it can be easily stolen. Stealing the PC AND the cellular is more complex (you can easily hide the cellular when you don't need it). Yes, it's perhaps possible to hack a cellular through wi-fi, but it's quite complex, and it's model-by-model. There isn't a single-hack that works for everything. It isn't totally fool-proof but it raises the difficulty of an hack very much. Especially if you consider that economical Android cellulars will multiply in the next year or so.
I am just afraid that Android is as big as a target as Windows for exploits in the future. I would think a more custom OS that runs on the old cheap Android hardware would be a little more secure. I understand now why you want to keep the private keys on the PC and download them to the Android device temporarily. Unfortunately if someone has enough physical access to the cell phone and PC you could easily just take the hard drive or copy the keys to a bootable USB stick. Once a site is physically compromised there are no safe bets. A stolen cell phone that has a password protected wallet in it would not be worth much to a thief without already knowing the pin/password or monitoring the phone with screen capture or some other monitoring method like a webcam from the PC. -Dukejer
|
|
|
|
joepie91
|
|
June 27, 2011, 07:30:55 PM |
|
Oh come on. While I absolutely agree that Linux is more secure and generally a better idea to use it, this could not have been prevented by using Linux. Your wallet.dat is in your home directory, in the .bitcoin folder. That means it is freely accessible by any binary you run. All it has to do is grab that file, and ftp/email/something else it to someone. That is all perfectly possible, even from a severely limited Linux user account. Supporting Linux for its features is all fine, but don't go run around like a blind fanboy, saying the entire world could be saved by running Linux.
So, create a new user for bitcoin, use it just for bitcoin and it won't be accessible from your normal user login. I haven't actually done this but it seems like an easy way to get extra protection. Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it. But that is not happening on any scale. The issue is one of use-effectiveness. The only point I was trying to make was that Linux would not have been any more secure at this point than Windows. If people are not willing to run Bitcoin from a separate user account, then they are not willing to, regardless of OS.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1011
|
|
June 27, 2011, 09:53:26 PM |
|
Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.
Is there any third party software that makes use of permissions in Windows like this effectively? Is there a way to handle this type of usage case, even for versions of Windows without user configurable permissions (i.e. versions below Pro)?
|
|
|
|
Dirt Rider
Member
Offline
Activity: 111
Merit: 10
|
|
June 27, 2011, 11:03:57 PM |
|
Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.
Is there any third party software that makes use of permissions in Windows like this effectively? Is there a way to handle this type of usage case, even for versions of Windows without user configurable permissions (i.e. versions below Pro)? TrueCrypt maybe? http://www.truecrypt.org/
|
|
|
|
joepie91
|
|
June 27, 2011, 11:29:49 PM |
|
Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.
Is there any third party software that makes use of permissions in Windows like this effectively? Is there a way to handle this type of usage case, even for versions of Windows without user configurable permissions (i.e. versions below Pro)? Yes, windows itself. Teach users to log on to that account ONLY if they want to use bitcoin, and make sure the user does not have malware running system-wide (because then the wallet.dat could still be nabbed when logging in to the bitcoin user). Having software to do this without having to log on to another user would be defeating the purpose - because malware could just emulate and/or control that software.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
synergy543
Newbie
Offline
Activity: 19
Merit: 0
|
|
June 28, 2011, 12:11:03 AM |
|
Would it be possible to add an authorization option for sending bitcoin transactions?
Thus, a transaction will not be verified until you authorize it with your password.
This would pretty much eliminate the benefit of stealing a bitcoin wallet if you don't have the password. Its kind of weird that there are all of these "verifications" of transactions but the owner doesn't have the option to verify authenticity.
|
|
|
|
joepie91
|
|
June 28, 2011, 12:21:14 AM |
|
Would it be possible to add an authorization option for sending bitcoin transactions?
Thus, a transaction will not be verified until you authorize it with your password.
This would pretty much eliminate the benefit of stealing a bitcoin wallet if you don't have the password. Its kind of weird that there are all of these "verifications" of transactions but the owner doesn't have the option to verify authenticity.
You can only use a password to protect (= encrypt) the private keys. Once someone has those keys he can do what he wants.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
synergy543
Newbie
Offline
Activity: 19
Merit: 0
|
|
June 28, 2011, 01:37:06 AM |
|
You can only use a password to protect (= encrypt) the private keys. Once someone has those keys he can do what he wants.
Yes, exactly my point. It seems the system would be greatly improved if the sender had the ability to "verify" a transaction. Thus, my money could only be used by me (when I verify it) and then it becomes yours. Such a system would make the Bitcoin extremely attractive!
|
|
|
|
Frozenlock
|
|
June 28, 2011, 02:15:04 AM |
|
It's what is happening right now... and your password is in the wallet.dat file.
|
|
|
|
|