LOL
thank you for been active here, but i dont wanna hear it is not possible.
I want to discuss HOW IT IS POSSIBLE :-)
you really don't know how it works, right?
as soon as you broadcast your TAN codes to the network, anyone else could take it and use your money.
scenario:
Node A, is your node. Node A knows Node B-Z, which you don't know anything about. Node B-Z was placed by an attacker, they are cancer nodes, they does not rebroadcast your transaction, instead they capture your TAN codes and gives them to the attacker.
this sucks.
you don't know any thing about this, and therefor you can only be protected from by publickey-cryptography.
you really don't know what i wrote, right? ;-)
The TANs are saved as "hashes" so they are NOT spread public in plaintext.(which you printed out)
scenario A is not possible because, the network accepts only transacions when the are valid
and saved at a minimum set of nodes.
So there must be a feedback between a the Network and the Client that gives a waranty
that makes sure an attacker could not capure a TAN and use it.
This could be done if the broadcost of the original client is send to a defined count but random nodes.
So that for example 10 nodes say broadcast the message the same way like a normal transaction is done.
after this is send this TAN is imidiatly useless by an attacker, because the other nodes already send the correct transaction and TAN.
if it is so useless, why is a normal bitcoin transaction not harmed by an attacker Node B-Z for example?
this answer to this question, why it is not affected, applies exactly on a TAN if it is implemented the same secure way.
Well, an attacker would still need to have my private key to be able to sign a different transaction with the TAN.
OTOH, if he already has access to my private key, he can just wait for me to broadcast a transaction (or keylog the TAN (Edit: assuming this is the way he also got the password for the soon-to-be encrypted key)).
NO, the plaintext TANcode is for security reason send to an pre-dfined email adress.
For example, when you first generate your first wallet, a private key is generated,
and the Public key is sync with the Network.
Exact the same could be done with a TAN codelist, BUT with the difference
the TANcodes are not stored on the Computer, they should be printed out. (or send to and email Adress and then printed)
This is like a second code which is not possible to copy for a trojan, that is the idea AFTER that first
step. So keylogging is not possible because like i wrote the input is mouse based, no keys to log.
Plese read one more time.
There are two problems associated with this approach:
1. Storage space is limited in the block chain as it is mirrored on all clients. If you're allowing random clients save their TAN in the network, it could be easily spammed. So you would have to introduce a fee for saving TAN hashes in the network, similar to the transaction fee.
2. Online banking TANs with their 6 numbers have a very small search space which is only secure because your bank locks your account after 3 or so wrong entries. This is not possible in Bitcoin because you can brute force the public TAN hashes offline. Thus, the TANs must be impractically long like 30 characters or so.
To 1. dont be so pessimistic please :-)
why should it be allowed for random clients please? only because then the Idea dont work?
No offcourse it should NOT be allowed for random clients, so it also dont get spammed.
Antispam technique should be implement client and serversided but are NOT
a special task because of the TANs.
2.Like i wrote instead of this it is possible to use more Charakters, for example like the lengh of 12-34 charcters.
There should be a method for protecting the hashes to not be easiliy harvested by an atttacker,
how does the Bitcoin network ensure that the privae key of the user cloud not be cracked offline?
the same way should be used for the TANs.
and if they are 30chars long, we are back to the beginning.
@X68N:
do you really think we are stupider then you?
no if they are 30 Characters long we are not ate the beginnig, never heard that 30 Charcters encrytion is unsafe ;-)
Same answer here
how does the Bitcoin network ensure that the privae key of the user cloud not be cracked offline?
the same way should be used for the TANs.
and no i dont think you are stupider, i just want to discuss a solution here.
There are no personal attacks.