unhackable wallet concept

[Defkin]

I have been reading up and there appears to be a lot of concern about wallet security against thieves and trojans. There seems to be a lot of methods for making your wallet more secure and most are a PIA.

I have an idea using hardware but do not know how feasible it would be....I am hoping those with more experience might comment on it.


| usb plug |------| PIC |-----| memory |-----| micro usb socket |
                           |
                     | button |


The idea is to have a usb stick with a micro processor built in such as a PIC. The key data is stored in memory only directly accessible via the mico usb slot.

Steps
1. Store all primary keys on memory via micro usb socket (one time only with precautions)
2. plug into PC via usb plug
3. the client sends key data to PIC (recipient key, amount and number of primary key needed)
4. PIC relays same data back to client for verification
5. User presses button for PIC to generate new key off the selected primary key and send result back to client.
6. Client now has payment data and at no time did it have access to any primary key.

As the PC has no access to the primary keys and physical access is needed to generate a pair I don't see how a hacker could steal money.....unless i am missing something.


What do you think?
 

[1714145785]

1714145785

[1714145785]

1714145785

[1714145785]

1714145785

[casascius]

Has been proposed, biggest drawback is you're still depending on the computer to tell you what your device is about to sign.  It could say you're sending 5 BTC to merchant A, but really you're sending 5000 BTC to badguy X.  So the device needs a screen.

And with a screen, comes a cost that many are unwilling to pay.  People are already unwilling to pay $29 to secure their thousands of dollars at MtGox.  There would also need to be a secure way to back up the device so your bitcoins aren't gone if it fails - another step that would turn people off.

But otherwise, yes, it would work.

Off-the-shelf refurbished credit card machines are an example of something that would meet the need hardware-wise and are often available at a very nominal cost.  (there's a whole thriving industry of refurbishing CC machines abandoned by businesses that upgrade their systems or go out of business... in this case, refurbishing generally meaning putting old good electronics into brand new made-in-china knockoff enclosures so they look like brand new machines at an affordable price.  Check out eBay for "Omni 3200" for a good example)

[Defkin]

Has been proposed, biggest drawback is you're still depending on the computer to tell you what your device is about to sign.  It could say you're sending 5 BTC to merchant A, but really you're sending 5000 BTC to badguy X.  So the device needs a screen.

And with a screen, comes a cost that many are unwilling to pay.  People are already unwilling to pay $29 to secure their thousands of dollars at MtGox.  There would also need to be a secure way to back up the device so your bitcoins aren't gone if it fails - another step that would turn people off.

But otherwise, yes, it would work.

Off-the-shelf refurbished credit card machines are an example of something that would meet the need hardware-wise and are often available at a very nominal cost.  (there's a whole thriving industry of refurbishing CC machines abandoned by businesses that upgrade their systems or go out of business... in this case, refurbishing generally meaning putting old good electronics into brand new made-in-china knockoff enclosures so they look like brand new machines at an affordable price.  Check out eBay for "Omni 3200" for a good example)

What is the hardware requirements for actually generating the key? I am assuming that a 16bit PIC could handle it making the production unit cost under $10.

As for amount verification you have the PIC hold the incoming amount and key and continually stream that back to the client meaning it cannot be overwritten while it is held by the PIC. Have the pic clear that data buy pressing the button or Press button for 3 seconds to generate new key.

I guess there could be a trojan that could emulate the usb stick and intercept communications between the client and PIC using a pin number on the client would not add to the cost............

As for those not spending $29 securing thousands it does make those of us taking minimal precautions safer via the low hanging fruit method

[n2liquid]

@casascius Those guys unwilling to pay $29 to secure thousands... facepalm for them. Do they even have a good reason?

[casascius]

Hardware requirements include a good random number generator.  Bitcoin key generation is as simple as generating random numbers.  My guess is a PIC could handle elliptic curve signing, it's just a lot of integer ops.

Having a trojan intercept the USB communication is something you can EXPECT will happen if the Bitcoin community standardizes on a monoculture of a specific hardware device.

The credit card machine also has useful side benefits - for example, the ability to require a PIN, or to output a backup to paper tape in the form of QR codes (possibly encrypted), the ability to maintain and print a ledger/audit trail, and many of the newer ones have physical safeguards against encryption keys, so that if the device is opened or tampered with, the device automatically forgets the keys.  It's a pretty decent bang for the buck.  The going rate for those Omni 3200s on eBay is about $49.

[Defkin]

Having a trojan intercept the USB communication is something you can EXPECT will happen if the Bitcoin community standardizes on a monoculture of a specific hardware device.

What if the communication involved copying of a csv file. The only area the PC would have access to is the memory attached to the plug and that could be just enough to hold the incoming and outgoing csv files. So the pic parses the specifiably named csv.

A trojan could not access the PIC program so the only options would be to subvert the copy command, client or overwrite/edit the csv. I cannot see how they could mess with a low level dos command without it being obvious something is up. That would leave overwriting the csv but if they did that the client would pick it up when it verifies. So now the only option i can think of is to subvert/replace the client...... I guess you could double check the csv with notepad but that could not be automated.

unless anyone can think of another way i guess back to the drawing board.

ok, how about if the installer program required a password and then compiled the executable and an encrypted data file based on that password. As the executable was custom spawned it needs specific data that was randomly selected by the compiler onto the encrypted file that also hosts the address book and key list. i guess the executable could be replaced but it could not know the password so would accept any password........but cannot load the address book and key list.

ok i give up for now

                                          | random num gen |
                                                     |
| usb plug |----| mem for csv files|--| PIC |-----| memory |-----| micro usb socket |
                                                     |
                                               | button |

[casascius]

A trojan could not access the PIC program so the only options would be to subvert the copy command, client or overwrite/edit the csv.

A trojan can do absolutely anything any user, program, or operating system could do.  Access to the PIC program isn't needed - intercepting the transaction in transit to the PIC device and replacing it with another one of the attacker's choice - while hiding it all from the user - is an attack similar to one that already happens to banking websites and will happen to Bitcoin if an opportunity to pull it off is designed into it.

Any device made for this purpose MUST have its own independent way to communicate the intended transaction to the user for verification, or it will not serve the purpose it was made for.