Can we keep bitcoin purses safe keeping them in special hardware?

[nubitcoin]

I am worried about my bitcoin purse getting stolen.  If and when bitcoin gains in popularity, there will be many viruses written designed to steal bitcoin purses.  Anti-virus software is not 100% and when it comes to money things need to be 100% guaranteed.  I can't even fathom how clever virus writers are and I am not willing to take a chance of having a sizable chunk of my money getting stolen.

My question is, is it realistic to have specific hardware designed to keep bitcoin purses (say usb storage looking devices).  They would have hard-wired code in them, so a virus cannot physically attack them.

 

[genjix]

Yes.

You run bitcoin using -datadir /path/to/usb/

Once encryption is added to wallets, then you'll be able to keep your RSA key on your computer, and your wallet on the USB stick. ATM still working on that.

[casascius]

I thought that a separate little computer - such as a bankcard terminal - could be connected via serial port and could use its own keypad and display to get transaction confirmation from user. Connected by serial (RS232) this is a low bandwidth connection that would isolate it from attacks on the network.

A bankcard terminal is merely a form factor for a small computer. A desktop appliance with minimal display and often printing ability. Many devices would fit this purpose at a low cost.

[Meni Rosenfeld]

Yes.

You run bitcoin using -datadir /path/to/usb/

Once encryption is added to wallets, then you'll be able to keep your RSA key on your computer, and your wallet on the USB stick. ATM still working on that.

I don't understand, what will prevent the virus from getting your key from your computer and use it when you connect your flash drive?

[no to the gold cult]

Yes.

You run bitcoin using -datadir /path/to/usb/

Once encryption is added to wallets, then you'll be able to keep your RSA key on your computer, and your wallet on the USB stick. ATM still working on that.

By the way, is it possible to use a wallet.dat from a Windows installation on a Linux installation of the client? I don't currently have access to a Linux machine to try this out.

[chromicant]

I thought that a separate little computer - such as a bankcard terminal - could be connected via serial port and could use its own keypad and display to get transaction confirmation from user. Connected by serial (RS232) this is a low bandwidth connection that would isolate it from attacks on the network.

A bankcard terminal is merely a form factor for a small computer. A desktop appliance with minimal display and often printing ability. Many devices would fit this purpose at a low cost.

Actually...that's an interesting idea.

I've been working with a STM8S-DISCOVERY board to run GNUK on the STM32 part. I still have some bugs to work out on the GnuPG implementation, but it may be interesting to try to hack up some code to make a smartcard-like application that can do transaction signing on said hardware. There is a bit of work that would need to be done on hardware as well as getting a client to be able to read the wallet from the hardware.

May be an interesting proof of concept.

[Jered Kenna (TradeHill)]

I thought that a separate little computer - such as a bankcard terminal - could be connected via serial port and could use its own keypad and display to get transaction confirmation from user. Connected by serial (RS232) this is a low bandwidth connection that would isolate it from attacks on the network.

A bankcard terminal is merely a form factor for a small computer. A desktop appliance with minimal display and often printing ability. Many devices would fit this purpose at a low cost.

Actually...that's an interesting idea.

I've been working with a STM8S-DISCOVERY board to run GNUK on the STM32 part. I still have some bugs to work out on the GnuPG implementation, but it may be interesting to try to hack up some code to make a smartcard-like application that can do transaction signing on said hardware. There is a bit of work that would need to be done on hardware as well as getting a client to be able to read the wallet from the hardware.

May be an interesting proof of concept.

The only problem I see is if a virus / hacker / whatever could spoof the response from the terminal. I think the best advice I've seen is to keep a seperate wallet which stores the bulk of your funds and just deposit to it but keep a smaller daily use wallet. If you treat it like cash it's not so bad,people freak out and say things like "what if someone breaks in to my house and steals my wallet" well what if someone breaks in to your house and steals your physical wallet filled with USD? Keep it secure. The obvious advantage is you can back it up as much as you want / encrypt it where as you can't take those $20's down to kinkos.

[casascius]

The terminal itself would do the signing and possess the keys and only cough up the signed transction so no way to spoof.

[Jered Kenna (TradeHill)]

The terminal itself would do the signing and possess the keys and only cough up the signed transction so no way to spoof.

Could do the same thing (a lot cheaper) with a token or something along those lines right? If you're really worried then a password protected token.

[nelisky]

So what would the requirements be for such a device? The bitcoin software would still run on the PC, but instead of having the keys stored in the local wallet it would communicate with the device?

I can see myself getting a proof of concept going using a PIC32... would that be safe enough? The device would connect to the PC using USB but instead of providing a USB disk with the wallet, it would provide a serial interface or something alike that would allow the connected bitcon client to operate upon. So it would still be possible for a virus to take over the computer and ask the device to transfer whatever to wherever, but the serial API could use a password protection / encryption step to make this harder. And because the keys are NEVER shared with the outside world, one could also set up hard limits (no transaction larger than 100btc, for example) so it would be safe to use the device on public computers.

Would this be safe enough?

[Jered Kenna (TradeHill)]

So what would the requirements be for such a device? The bitcoin software would still run on the PC, but instead of having the keys stored in the local wallet it would communicate with the device?

I can see myself getting a proof of concept going using a PIC32... would that be safe enough? The device would connect to the PC using USB but instead of providing a USB disk with the wallet, it would provide a serial interface or something alike that would allow the connected bitcon client to operate upon. So it would still be possible for a virus to take over the computer and ask the device to transfer whatever to wherever, but the serial API could use a password protection / encryption step to make this harder. And because the keys are NEVER shared with the outside world, one could also set up hard limits (no transaction larger than 100btc, for example) so it would be safe to use the device on public computers.

Would this be safe enough?

I think (could be wrong here) that it's more complicated than it needs to be.
You could use a physically connected token or a bluetooth token (cell phone maybe?) with a pin on it.
You could do this several ways. One would be entering the password sends a code to the computer letting you transfer or the other would be it displays the code (like a paypal token) to be typed in on the computer and given access.

Theres a lot of options with tokens and seeing how you can have them pin restricted and how cheap they are I think it's a good option. My only issue is if the token dies / gets lost etc, you'd have to have a backup of some sort.

[Gavin Andresen]

The terminal itself would do the signing and possess the keys and only cough up the signed transction so no way to spoof.

But how do you know that the transaction the hardware device signed is actually the transaction you wanted to make?  You might THINK you're sending 100BTC to your brother, your computer will SAY you're sending 100BTC to your brother, but the trojan might change the destination address that goes in to the hardware device.

Unless the hardware device has some sort of display and physical button to OK the transaction.  In which case the hardware device sounds a lot like a smart phone.

[nelisky]

I think (could be wrong here) that it's more complicated than it needs to be.
You could use a physically connected token or a bluetooth token (cell phone maybe?) with a pin on it.
You could do this several ways. One would be entering the password sends a code to the computer letting you transfer or the other would be it displays the code (like a paypal token) to be typed in on the computer and given access.

Theres a lot of options with tokens and seeing how you can have them pin restricted and how cheap they are I think it's a good option. My only issue is if the token dies / gets lost etc, you'd have to have a backup of some sort.

I don't get it, sorry. What would be stored in the token? And what would the communication between the token and the bitcoin PC client be? If you are using the token to hold the wallet and do the transaction signing itself, then we are talking about the same thing, if on different hw (pics can come out REAL cheap, too).
But if you are saying the token pin protects the wallet.dat file, then there's no trojan/virus protection at all, I guess. Once you unlock it, the file is available to the computer, period.

[Jered Kenna (TradeHill)]

I think (could be wrong here) that it's more complicated than it needs to be.
You could use a physically connected token or a bluetooth token (cell phone maybe?) with a pin on it.
You could do this several ways. One would be entering the password sends a code to the computer letting you transfer or the other would be it displays the code (like a paypal token) to be typed in on the computer and given access.

Theres a lot of options with tokens and seeing how you can have them pin restricted and how cheap they are I think it's a good option. My only issue is if the token dies / gets lost etc, you'd have to have a backup of some sort.

I don't get it, sorry. What would be stored in the token? And what would the communication between the token and the bitcoin PC client be? If you are using the token to hold the wallet and do the transaction signing itself, then we are talking about the same thing, if on different hw (pics can come out REAL cheap, too).
But if you are saying the token pin protects the wallet.dat file, then there's no trojan/virus protection at all, I guess. Once you unlock it, the file is available to the computer, period.

The token would just provide a Mathematical algorithm based one time password and that's it. The client would only send when it confirmed this password. You could use OATH for this.
It's open source etc. Like mentioned above you could still be vulnerable to someone swapping the address. You wouldn't lose your entire wallet though and would be a start.

It would be like this.
1)turn on client and enter address of recipient
2) type amount and hit send
3) client asks you for token password
4) enter pin on token get password ex:447421
5) type 447421 in to client and the transfer starts

If someone was listening in or standing over your shoulder etc they wouldn't be able to replicate this because they don't have the token.
The token could be used manually like this or it could be connected via usb / bluetooth / whatever they make a variety.
The client would have to be modified to get the "go" on the transfer from the token is all.

[ffe]

Problem is, as some have asked about above, the client does not know who you really want to send money to and how much to send.

So the token is there and the client knows for sure that a human who knows a password is sitting at the computer. But a Trojan can get any amount sent to anyone once the handshake with the token is complete because at this point the handshake is complete, the password is entered, the private keys are unlocked, etc...

[nelisky]

The token would just provide a Mathematical algorithm based one time password and that's it. The client would only send when it confirmed this password. You could use OATH for this.
It's open source etc. Like mentioned above you could still be vulnerable to someone swapping the address. You wouldn't lose your entire wallet though and would be a start.

It would be like this.
1)turn on client and enter address of recipient
2) type amount and hit send
3) client asks you for token password
4) enter pin on token get password ex:447421
5) type 447421 in to client and the transfer starts

If someone was listening in or standing over your shoulder etc they wouldn't be able to replicate this because they don't have the token.
The token could be used manually like this or it could be connected via usb / bluetooth / whatever they make a variety.
The client would have to be modified to get the "go" on the transfer from the token is all.

How does this protect one from the virus scenario? I'm assuming the wallet will have to be loaded in memory in an unencrypted way for this to work, at least while sending a transfer.

And I don't know if this is an issue at all, but does this allow in any way for the mobility of the wallet? I mean, will the token and the wallet be paired in such a way that you can safely load your wallet into some bitcoin client, knowing that it will only be available if you use the token's OTP?

[Jered Kenna (TradeHill)]

Problem is, as some have asked about above, the client does not know who you really want to send money to and how much to send.

So the token is there and the client knows for sure that a human who knows a password is sitting at the computer. But a Trojan can get any amount sent to anyone once the handshake with the token is complete because at this point the handshake is complete, the password is entered, the private keys are unlocked, etc...

This is outside my realm but is there anyway to tie the destination address in with the token? For example if it's a connected token (physically or wireless) you type the address in to the token followed by your pin and the client receives the verification first then attached to it is the destination? Or the address then the verification or whatever but the idea is that they're coupled and received as a pair.

Edit: in regards to nelisky above, the idea would be that the client only transfers when it has permission from the token. Trying to shoot the gun with the safety on.
Maybe the easiest way would be to have a device that is less prone to viruses dedicated to btc as it's sole purpose.