Bitcoin Forum
November 13, 2024, 04:02:56 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Why not make Bitcoin more Secure with a PIN and TAN System?  (Read 2780 times)
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
July 05, 2011, 11:58:13 AM
 #21

How about having incomplete private keys in the wallet?

Every time you make a transfer using a certain key you would need to add missing characters using a printout that you make when the wallet is created. The program would then also transfer any difference in BTC to a new private key so that effectively each private key is only used once. You could also store the "printout" in some file of your own choosing in case you lose the printout.
it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

still if you gets trojan'ed you are still domed, when you put the key back into the client.


"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Mageant
Legendary
*
Offline Offline

Activity: 1145
Merit: 1001



View Profile WWW
July 05, 2011, 01:12:45 PM
 #22

it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key.

cjgames.com
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
July 05, 2011, 01:21:56 PM
 #23

it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key.
simple attack method:
make a trojan, which replace the bitcoin client, with a fake one that send all payment to the attacker.

it breaks through: encryption, TAN, PIN, paper wallet, anything, as soon as you put it in the client yo are doomed.
if you are unaware of it, and you will be.
the only thing encryption is good for is protecting an wallet if it gets stolen, it does not protect you from anything else.

if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
X68N (OP)
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
July 06, 2011, 06:51:06 PM
 #24

mmmh
 interesting do you mean a thing like hcbi-banking-device?

YOBIT IS SCAM , YOBIT IS SCAM , YOBIT IS SCAM meine Steuerdatei:
https://bitcointalk.org/index.php?topic=612741.msg19244732#msg19244732
Martin P. Hellwig
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
July 06, 2011, 07:04:41 PM
 #25

if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

Hmmm, me thinking about those nfc enabled smartphones ...
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
July 06, 2011, 07:05:55 PM
 #26

mmmh
 interesting do you mean a thing like hcbi-banking-device?
hmm. i dont speek german, and google gave me alot of it when i did search.
but it is one of crypto-tokens you are talking about?

hmmm. maybe... it depends
if it only gives me a small number, then hell NO!
if it prints out the whole transaction, and ask me permission to sign, then YES!

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
July 06, 2011, 07:06:18 PM
 #27

if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

Hmmm, me thinking about those nfc enabled smartphones ...
more like that.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!