Bitcoin Forum
November 13, 2024, 10:52:49 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Coming Soon! impossible to steal wallets  (Read 6546 times)
joeyjoe (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 27, 2011, 02:25:00 AM
 #1

Im creating an application with a great programming professor who's an expert when it comes to encryption and file access protocols.

Soon it will be impossible for anyone to steal your wallet, with full backup options with the ability to backup the encrypted versions to my secured dedicated server with tape backups.



With the latest bitcoin application, although you have to type a pass phrase to send funds, this really isnt that secure at all. If someone was to use a trojan to steal your wallet, its dead simple to use a keylogger to record the password. My software will make it impossible for the wallet to be accessed by anything other than the real bitcoin software.


How much interest would anyone have with this and how much would you pay for something like this to protect your funds?


Quick update:

It will also come with notifications and blocking of any applications trying to access your wallet or interfere with the wallet protector or any of the bitcoin files.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
MoonShadow
Legendary
*
Offline Offline

Activity: 1708
Merit: 1010



View Profile
October 27, 2011, 02:28:05 AM
 #2

1)  It wouldn't be your software alone, your prof would have a claim.

2)  Why should I trust you and

3)  Why should I trust your software?  What will your client do differently that the current one does not?

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
joeyjoe (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 27, 2011, 02:30:09 AM
 #3

1)  It wouldn't be your software alone, your prof would have a claim.

2)  Why should I trust you and

3)  Why should I trust your software?  What will your client do differently that the current one does not?

1, It would be both of ours. Although I would be paying for the software, and developing the main UI.

2, you dont have to

3,  As my edited post above says, it stops anything else accessing the wallet, protects your funds by a better encryption, and offers offsite backups.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
October 27, 2011, 02:35:52 AM
 #4

The vague "details" and dubious claim in the title combined with the fact that someone else is writing it makes me think you don't even know how it works.

Do you?

If the wallet.dat can be backed up then it can be copied by an attacker.
The attacker can download their own copy of the client.  Client + wallet.dat + passphrase = access to funds.
joeyjoe (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 27, 2011, 02:39:40 AM
 #5

The vague "details" and dubious claim in the title combined with the fact that someone else is writing it makes me think you don't even know how it works.

Do you?

If the wallet.dat can be backed up then it can be copied by an attacker.
The attacker can download their own copy of the client.  Client + wallet.dat + passphrase = access to funds.

the wallet.dat will not be backed up as is. it will be fully encrypted before it is backed up. anyone with access to the encrypted file will not be able to so anything with it. The application will prevent it from being copied by anything else. It is quite simple how it works.

Probally in the future it will be apart of the main software.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
helloworld
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
October 27, 2011, 02:42:17 AM
 #6

To be unstealable wouldn't you have to somehow sign outgoing transactions with a drop of blood containing your DNA?

So the thief would have to also steal some of your blood too in order to spend the funds. Uuuuuh, hmmm, maybe that's not such a good idea actually.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
October 27, 2011, 02:47:58 AM
 #7

the wallet.dat will not be backed up as is. it will be fully encrypted before it is backed up. anyone with access to the encrypted file will not be able to so anything with it. The application will prevent it from being copied by anything else. It is quite simple how it works.

Probally in the future it will be apart of the main software.

Nothing in that paragraph made any sense.  Your answers indicate you have no technical understanding of how this "impossible to steal system" works.

The only thing I am unsure about is this
a) someone who honestly (and incorrectly) thinks they have something which is unhackable
b) a scam
c) just someone who has no clue

You are aware the current client has encrypted wallet right?  The wall.dat is never left decrypted and the backup is always encrypted.  It still can be stolen.
joeyjoe (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 27, 2011, 02:48:27 AM
 #8

To be unstealable wouldn't you have to somehow sign outgoing transactions with a drop of blood containing your DNA?

So the thief would have to also steal some of your blood too in order to spend the funds. Uuuuuh, hmmm, maybe that's not such a good idea actually.

At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
joeyjoe (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 27, 2011, 02:50:54 AM
 #9

the wallet.dat will not be backed up as is. it will be fully encrypted before it is backed up. anyone with access to the encrypted file will not be able to so anything with it. The application will prevent it from being copied by anything else. It is quite simple how it works.

Probally in the future it will be apart of the main software.

Nothing in that paragraph made any sense.  Your answers indicate you have no technical understanding of how this "impossible to steal system" works.

The only thing I am unsure about is this
a) someone who honestly (and incorrectly) thinks they have something which is unhackable
b) a scam
c) just someone who has no clue

You are aware the current client has encrypted wallet right?  The wall.dat is never left decrypted and the backup is always encrypted.  It still can be stolen.

using some crappy passphase is a stupid idea, all a wallet stealer would have to do currently is log the passphrase. This is hardly a good protection from a wallet stealer.

Yes i do know how this will work as most of the application has been created already.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
October 27, 2011, 02:53:35 AM
 #10

At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.

Which is still possible to steal.  If the attacker has remote access to the machine via a trojan he can still steal coins in a variety of ways.
1) simply use wallet to transfer them out to an address he owns.
2) grab decrypted keys from memory.
3) decompile the client to determine what hardware specific strings are used to generate the decryption key and decrypt the wallet file.

Tip for next time.  You might get more interest without stupid claims like "impossible to steal".

You keep using this word "impossible".  This word, I don't think this word means what you think it means.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
October 27, 2011, 02:57:11 AM
 #11

You are going to be rich.

1. Buy coins
2. Release code
3. Profit

Your (supposed) software makes coins more valuable. There is a much better way to profit than selling the software. Lets call it the Satoshi method.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
joeyjoe (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 27, 2011, 02:58:13 AM
 #12

At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.

Which is still easily stolen.  If the attacker has remote access to the machine via a trojan he can still steal coins in a variety of ways.
1) simply use wallet to transfer them out to an address he owns.
2) grab decrypted keys from memory.
3) decompile the client to determine what hardware specific strings are used to generate the decryption key and decrypt the wallet file.

Tip for next time.  You might get more interest without stupid claims like "impossible to steal".

But wouldnt be able to access the wallet file at all due to the file protection, not to mention as soon as it trys to access the wallet or any of the files, It would get blocked. That is as long as the application service is running.

It would be much more work than what is currently required to copy the file, and log the passphrase.

Not impossible to steal i guess, but impossible to steal the funds from it

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
October 27, 2011, 02:59:23 AM
 #13

this service not a bad idea.

if you can pull it off and you fell it renders the wallet un-steal-able ... i think you should sell insurance " use my software to store your wallet and i guaranty 100% your funds , *for a smaal fee* "

this could make money if its well build.. BUT 1 flaw and you could end up owning millions of bitcoins...
 

asdf
Hero Member
*****
Offline Offline

Activity: 527
Merit: 500


View Profile
October 27, 2011, 03:02:05 AM
 #14

At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.

Which is still easily stolen.  If the attacker has remote access to the machine via a trojan he can still steal coins in a variety of ways.
1) simply use wallet to transfer them out to an address he owns.
2) grab decrypted keys from memory.
3) decompile the client to determine what hardware specific strings are used to generate the decryption key and decrypt the wallet file.

Tip for next time.  You might get more interest without stupid claims like "impossible to steal".

But wouldnt be able to access the wallet file at all due to the file protection, not to mention as soon as it trys to access the wallet or any of the files, It would get blocked. That is as long as the application service is running.

It would be much more work than what is currently required to copy the file, and log the passphrase.

Not impossible to steal i guess, but impossible to steal the funds from it

Soooooo..... how does it work? if there is no passphrase, how do you spend the coins? how does it prevent the attacks you describe?

Your claims imply a grand innovation in computer security!
the founder
Sr. Member
****
Offline Offline

Activity: 448
Merit: 251


Bitcoin


View Profile WWW
October 27, 2011, 03:04:29 AM
 #15

The titanic was unsinkable ...  Just like this wallet scheme is unstealable...

Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
joeyjoe (OP)
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 27, 2011, 03:05:22 AM
 #16



Soooooo..... how does it work? if there is no passphrase, how do you spend the coins? how does it prevent the attacks you describe?

Your claims imply a grand innovation in computer security!

The software controlls access to the wallet, only with your machine, and the application running, with the legit bitcoin software can you access the funds. It WILL create a ten-fold in the amount of security the file currently has.

The guy who's helping do this teach's security, and since I explained to him the main idea, has come up with alot of interesting methods to help protect it.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 27, 2011, 03:05:38 AM
 #17

I have an impossible to steal wallet.  It's called a paper wallet.  Physical bitcoins are just metallic paper wallets with a preloaded balance.

I suppose it can be stolen in person.  But can't be stolen online if produced securely.

Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
pointbiz
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
October 27, 2011, 03:21:27 AM
 #18

I have an impossible to steal wallet.  It's called a paper wallet.  Physical bitcoins are just metallic paper wallets with a preloaded balance.

I suppose it can be stolen in person.  But can't be stolen online if produced securely.

Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.
+1

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
tvbcof
Legendary
*
Offline Offline

Activity: 4746
Merit: 1282


View Profile
October 27, 2011, 03:21:56 AM
 #19

I already have such a utility on my linux box, and I use if regularly:

  shred -u ~/.bitcoin/wallet.dat

Nobody's stealing that fucker!

sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
jimrandomh
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
October 27, 2011, 03:24:33 AM
 #20

joeyjoe, there are extremely good theoretical and practical reasons to think that safely handling bitcoins using a compromised computer is impossible, no matter what tricks you use to protect them, and that this issue is fundamentally impossible to fix. While you can write software which makes stealing bitcoins inconvenient, the only true defenses are (a) keeping your computer secure, and (b) incorporating multiple devices, such as by using multi-signature transactions (coming in a future version).

Various tricks have been proposed for doing protected computation in non-bitcoin contexts, and it always ends up being an arms race with the bad guys having a substantial advantage. Things like using a TPM, hiding the keys behind interprocess communication, in-memory encryption, and device fingerprinting only help a little.

You shouldn't assume that because your teacher hasn't shot you down, that your plan will work. Experts in cryptography often propose schemes that are later proven not to work, and this happens so often that it's considered poor form to advertise anything as truly secure until it's been published and peer reviewed for a fairly long time.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!