Why isn't there a single purpose bitcoin hardware wallet ???

[justusranvier]

I won't be interested in hardware wallets until I see signs that the people implementing them are serious about hardening them against malware and side channel attacks.

Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

Implementing a hardware wallet properly does not allow for shortcuts, like using general-purpose computers in the design.

[super3]

I was looking into developing a hardware wallet a few weeks ago. It definitely is quite possible, but it requires much work with embedded stuff(which simple put isn't easy). Trezor is going to be your best bet for now, many of the people I've seen working on hardware wallets have fallen by the wayside.

For a hardware wallet to work, you have to have some sort of screen and perhaps some input buttons. This is not something you can just pick up from Walmart. It took me some searching to find a Chinese manufacture, but they want me to pay $500 for a dev kit. So unless someone wants to donate that, I'll going to continue to work on other more useful Bitcoin products and services.

So in summary, making a hardware wallet is extremely hard and takes lots of time and money.

[cor]

Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

For those who are not programmers and don't know how to read the code (or have nobody to do that for them) we are planning to undergo an independent security audit.

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...

[justusranvier]

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...

I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.

[Trongersoll]

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...

I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.

They don't need an asic, they could jut put the software in ROM.

[justusranvier]

They don't need an asic, they could jut put the software in ROM.

That does not accomplish anything in terms of the vulnerabilities inherent to running software.

[viboracecata]

Smart devices are enough, I think.

[teukon]

I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.

[westkybitcoins]

I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.

I'd urge you to reconsider; I think you're missing out.

As cheap as they are now, they're affordable enough to buy one just as a dedicated mobile spending wallet. And once you have that, it may very well change the way you use (and view) Bitcoin.

[fpgaminer]

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place.

Flashing firmware is not an attack vector, if the firmware is signed by a trusted party.  An ASIC would be far worse; there are no ways for third parties to truly audit the ASIC.  Open source code, on the other hand, can be audited by a large swath of programmers.

with specific attention payed to avoiding information leaks that could lead to a successful side channel attack.

What side channel attacks are you specifically worried about on a hardware wallet?  The only opportunity for a hardware wallet to leak secret information through a side channel is during signing.  When the hardware wallet is secured by a password, this will only occur when the user is using the device for signing legitimate transactions.  This will occur infrequently, to put it lightly.  Power and timing side channel attacks require huge sample sizes, relative to the number of transactions a user will ever have signed.  Not to mention that it's impossible for the host to time the actual signing, unless it's correlating with power consumption and I don't believe a PC can extract that information from their USB host chips.

[Trongersoll]

To be truely useful, wouldn't a hardware wallet have to be Wifi enabled? or maybe Data enabled like a smart phone? Would it need it's own copy of the blockchain? Would it keep it up to date so you don't have to wait 10 minutes for it to Sync before making a transaction?

[Remember remember the 5th of November]

Why do we still have to use multiple purpose hardware like smartphones and pc for wallets ? Ever since I have known bitcoin I have been waiting for a secure hardware wallet for sending and receiving bitcoins so to introduce bitcoin to my family and people around me that aren't tech savy enough to keep their bitcoins safe. And don't tell me that trezor is a wallet it is just way secure your wallet.

We could put up a bounty for the development of of an open source hardware wallet.




by single purpose hardware wallet I mean something like the bitcoincard but no need for the mesh network nor for it to be this thin and small =v        

If you really want one, you could've just made one yourself...

[tclo]

Is http://www.bitcointrezor.com/ just being poorly marketed or what?

The market is smaller than people think.

I don't know about that. I think it's pretty small, but not sure what others think.   Few to none of my friends have heard of bitcoin and the ones who have....don't care about it.

It is still very early on in its adoption rate for sure. 

And yes Apple is a good analogy.  I had mp3 players long before Apple came out with the Ipod...years before.  But they just waited until the market matured and then introduced their device (and marketed it like crazy)