Why not make Bitcoin more Secure with a PIN and TAN System?

[kokjo]

How about having incomplete private keys in the wallet?

Every time you make a transfer using a certain key you would need to add missing characters using a printout that you make when the wallet is created. The program would then also transfer any difference in BTC to a new private key so that effectively each private key is only used once. You could also store the "printout" in some file of your own choosing in case you lose the printout.

it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

still if you gets trojan'ed you are still domed, when you put the key back into the client.

[Mageant]

it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key.

[kokjo]

it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key.

simple attack method:
make a trojan, which replace the bitcoin client, with a fake one that send all payment to the attacker.

it breaks through: encryption, TAN, PIN, paper wallet, anything, as soon as you put it in the client yo are doomed.
if you are unaware of it, and you will be.
the only thing encryption is good for is protecting an wallet if it gets stolen, it does not protect you from anything else.

if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

[X68N]

mmmh
 interesting do you mean a thing like hcbi-banking-device?

[Martin P. Hellwig]

if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

Hmmm, me thinking about those nfc enabled smartphones ...

[kokjo]

mmmh
 interesting do you mean a thing like hcbi-banking-device?

hmm. i dont speek german, and google gave me alot of it when i did search.
but it is one of crypto-tokens you are talking about?

hmmm. maybe... it depends
if it only gives me a small number, then hell NO!
if it prints out the whole transaction, and ask me permission to sign, then YES!

[kokjo]

if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

Hmmm, me thinking about those nfc enabled smartphones ...

more like that.