Bitcoin Forum
August 17, 2017, 09:40:23 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: a pseudo TAN that doesn't affect the block chain but grants pretty good security  (Read 1230 times)
giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
July 03, 2011, 12:15:19 PM
 #1

what if i could print out the first n digits of my private keys and those digits get removed from my wallet? wouldn't that be kind of a tan? so if i want to send from address 5 i would need that remainder that i decided to move to dead wood.
* the modification to the client would be minimalistic
* the block chain would be unaffected
* user could decide on the tan length. that would be his level of security vs. effort to use it trade off.
* user would need to type in as many tans as sending addresses there are involved
* the user could decide to put stronger tans on receiving addresses than on pocket money addresses.

downside compared to tans as we know them:
* a trojan on the pc would be able to take over the transactions being done and change both amount and target once it has the tan. some eTAN procedures claim to inhibit that by hashing target and amount.
* a trojan on the pc would not only be able to take over the transactions being done but any further transaction from the same addresses.

thoughts?

1503006023
Hero Member
*
Offline Offline

Posts: 1503006023

View Profile Personal Message (Offline)

Ignore
1503006023
Reply with quote  #2

1503006023
Report to moderator
1503006023
Hero Member
*
Offline Offline

Posts: 1503006023

View Profile Personal Message (Offline)

Ignore
1503006023
Reply with quote  #2

1503006023
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1503006023
Hero Member
*
Offline Offline

Posts: 1503006023

View Profile Personal Message (Offline)

Ignore
1503006023
Reply with quote  #2

1503006023
Report to moderator
1503006023
Hero Member
*
Offline Offline

Posts: 1503006023

View Profile Personal Message (Offline)

Ignore
1503006023
Reply with quote  #2

1503006023
Report to moderator
1503006023
Hero Member
*
Offline Offline

Posts: 1503006023

View Profile Personal Message (Offline)

Ignore
1503006023
Reply with quote  #2

1503006023
Report to moderator
giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
July 03, 2011, 12:20:29 PM
 #2

forgot to mention one big benefit:
no strong passwords that can be forgotten.

slight down side:
a wallet stealer would still find out my balance.

X68N
Hero Member
*****
Offline Offline

Activity: 602


View Profile
July 03, 2011, 02:48:54 PM
 #3

LOL, i had the idea before.
Didnt you see it, just come here to dicuss it on the main thread
http://forum.bitcoin.org/index.php?topic=23476.0

Theo
Newbie
*
Offline Offline

Activity: 22



View Profile
July 03, 2011, 03:02:38 PM
 #4

It's not a TAN because it isn't unique for one transaction. It's a way of keeping the private key private by not storing it on your computer. It's a good idea if you manage to keep the printed keys in a secure place.
X68N
Hero Member
*****
Offline Offline

Activity: 602


View Profile
July 03, 2011, 03:09:56 PM
 #5

Yes this is a good idea, and a similar idea i posted on the other thread.
maybe you could read my last post there so i did not rewrite it here.

I think also like you that it should be done something like a TAN to improve the secuity,
but a lot of people just think about how a improvement NOT work.
Instead they dont try to help by saying HOW IT WORKS to prevent an attack...
a lot of negative people, just read my thread to get an idea what i am talking about :-)

Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1050


View Profile WWW
July 03, 2011, 03:14:24 PM
 #6

If you just drop a few digits from the private keys, it's trivial to crack, as an exhaustive search will retrieve them easily from a leaked wallet.dat file.

If you drop a lot of digits from the private keys, it's not better than a passphrase-encrypted wallet (as will be supported by 0.4.0), and a whole lot less user-friendly.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
July 03, 2011, 04:37:31 PM
 #7

LOL, i had the idea before.
Didnt you see it, just come here to dicuss it on the main thread
http://forum.bitcoin.org/index.php?topic=23476.0

I saw it, was about to comment but thought my concept with its benefits is too far off your idea so I decided to do a new thread. My idea involves no modification on the network layer, no obscure security with mouse coordinates, etc.

If you just drop a few digits from the private keys, it's trivial to crack, as an exhaustive search will retrieve them easily from a leaked wallet.dat file.

If you drop a lot of digits from the private keys, it's not better than a passphrase-encrypted wallet (as will be supported by 0.4.0), and a whole lot less user-friendly.

As described in the OP the user could decide how many digits to use. I think it is a pain to handle several wallet files today but improvements there would at least allow me to have small wallets with a password I can remember and big wallets with a password i keep in a save. else having to type in "the" password would expose all my wallet to the attacker's trojan.

I'm curious how the new client will turn out to be but I doubt that I will feel any saver opening my big wallets with it than I feel now.

Lastly both concepts could be combined.

theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2758


View Profile
July 03, 2011, 06:45:29 PM
 #8

It would take less than a second to find the code, since all of the used Bitcoin addresses are known. You could just search Bitcoin Block Explorer for the known part.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
giszmo
Legendary
*
Offline Offline

Activity: 1568


¡ɥɔʇɐʍ ʇsnɾ &#7


View Profile WWW
July 03, 2011, 06:52:18 PM
 #9

It would take less than a second to find the code, since all of the used Bitcoin addresses are known. You could just search Bitcoin Block Explorer for the known part.

didn't know the bitexplorer knows the privat keys Sad

theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2758


View Profile
July 03, 2011, 07:01:11 PM
 #10

Oh, I missed that you were using private keys. Never mind that, then.

Given all but a few bytes of an ECDSA private key, I would not be surprised if there was some way of getting the remaining bytes without a full brute-force.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!