PocketCoin (OP)
Newbie
 Offline
Activity: 23
Merit: 0
|
 |
June 11, 2012, 07:31:41 PM |
|
Hello everyone, I have been a long time lurker of Bitcoin and I have a strong background in electronics.
I have been watching all the hype about these Digital, carry with you where ever you go Bitcoin wallets.
I understand that they are all "Lite Clients" which could potentially require you to trust one node or hopefully with some of these Lite clients they do multiple node verification/confidence checking.
I started this thread originally in the newbies section but I think this project could receive more attention in this category.
So my goal is this...
Create a device that can has the following specs.
1] Opensource Software
We developers should be able to audit the code and alert the community that it is safe to use.
2] Opensource (as possible) hardware
The products used in the open source device should be available on most electronic project websites and at most physical retail stores so anyone can purchase these products with out spending too much money.
Such as RadioShack, Sparkfun.com, SeedDuino.com etc...
3] Processing power specs
Should have enough processing power to be self reliant.
This could mean 1 of 2 things(or both)...
--1 The device should run its own Bitcoin block chain on a 5gb sdcard and the block chain can be updated through some means of uploading(wifi, bluetooth, USB cable, SDcard it self is upgraded)
--2 The device should have the ability to run a Bitcoin Lite app in the event bandwidth isn't available to update the main block chain
There are tradeoffs with both options.
so we should pick one or both.
This project isn't mine -- It is all of ours.
we all have a say in it but the ultimate decision is left in those who build their own device or sell it.
I don't want to make any money in this project, I just want a solution for digital wallets we can carry with us that still holds the "Safety of the Bitcoin dream" an alternative to "Greedy Corporates being recklessly careless with our hard earned money so they can make a quick profit off our tangible dreams"
If you are not interested in a "carry your own digital wallet device" Do not respond to this thread -- This is not for you. Everyone should be encouraged to ignore "whats the point of this if i have a cellphone that can send money" replies as I guarantee the first reply will be that almost exactly in my quote.
Thanks everyone! Lets build an open source device together.
|
|
|
|
|
|
|
|
NothinG
|
|
June 11, 2012, 07:45:05 PM |
|
What about a screen and maybe a USB 2.0 for Yubikey?
|
|
|
|
PocketCoin (OP)
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 11, 2012, 07:47:53 PM |
|
What about a screen and maybe a USB 2.0 for Yubikey?
That sounds like an interesting idea. I'll add that to the spec list- I wish I knew more about Yubikey other then "I first heard of Yubikey from MtGox"  I'm guessing we'd have to make a deal with them? or do they do custom orders i wonder. |
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 11, 2012, 07:51:45 PM |
|
What about a screen and maybe a USB 2.0 for Yubikey?
That sounds like an interesting idea. I'll add that to the spec list- I wish I knew more about Yubikey other then "I first heard of Yubikey from MtGox" I'm guessing we'd have to make a deal with them? or do they do custom orders i wonder. They do custom orders with your logo and everything, if you want that. More details at http://www.yubico.com/However, it is free to implement and there are code samples for many languages. The validation can be done with your own server, or with the cloud service that they provide for free. It does need a net connection for validation unless you use it in Fixed Password mode, or unless you use it in Challenge-response mode. |
|
|
|
|
NothinG
|
|
June 11, 2012, 08:03:32 PM |
|
What about a screen and maybe a USB 2.0 for Yubikey?
That sounds like an interesting idea. I'll add that to the spec list- I wish I knew more about Yubikey other then "I first heard of Yubikey from MtGox" I'm guessing we'd have to make a deal with them? or do they do custom orders i wonder. They do custom orders with your logo and everything, if you want that. More details at http://www.yubico.com/However, it is free to implement and there are code samples for many languages. The validation can be done with your own server, or with the cloud service that they provide for free. It does need a net connection for validation unless you use it in Fixed Password mode, or unless you use it in Challenge-response mode. Well you could set it up so you'd only need the key for sending money thus a network connection, which is also a requirement for sending money anyhow. |
|
|
|
PocketCoin (OP)
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 11, 2012, 08:08:18 PM |
|
So I'm confused, you insert yubikey into your "device"/"computer" then a app pops up or the website just "somehow" knows you are saying "I want to do this?"
|
|
|
|
|
|
NothinG
|
|
June 11, 2012, 08:10:05 PM |
|
So I'm confused, you insert yubikey into your "device"/"computer" then a app pops up or the website just "somehow" knows you are saying "I want to do this?"
It works as if you plug in a keyboard to your computer (via usb) and hit all the required keys to login. There is no special client-side software required for it to work, just need to have the right server-side software. |
|
|
|
PocketCoin (OP)
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 11, 2012, 08:15:23 PM |
|
So I'm confused, you insert yubikey into your "device"/"computer" then a app pops up or the website just "somehow" knows you are saying "I want to do this?"
It works as if you plug in a keyboard to your computer (via usb) and hit all the required keys to login. There is no special client-side software required for it to work, just need to have the right server-side software. I trust no device(to a point) that includes a computer keyboard(i trust the keyboard more then the computer). Are these keys you are hit securely located on the Yubikey device it self? |
|
|
|
|
PocketCoin (OP)
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 11, 2012, 08:21:10 PM |
|
or am i confused on its usage? is it more like the Yubikey IS your password?
|
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 11, 2012, 08:23:51 PM |
|
or am i confused on its usage? is it more like the Yubikey IS your password?
Read this: http://www.yubico.com/technical-descriptionIt generates OTPs (One Time Passwords) and usually is combined with a normal password. It has a USB thumbdrive form factor, and only one button which is just a touch pad not an actual button. |
|
|
|
|
|
PocketCoin (OP)
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 11, 2012, 10:04:05 PM |
|
or am i confused on its usage? is it more like the Yubikey IS your password?
Read this: http://www.yubico.com/technical-descriptionIt generates OTPs (One Time Passwords) and usually is combined with a normal password. It has a USB thumbdrive form factor, and only one button which is just a touch pad not an actual button. nice link. So someones experience with say a service like mtgox and a yubikey would be like the following... *Login to mtgox with username and password on the computer like usual. *Attempt to withdraw bitcoins from mtgox *Mtgox says "there is no yubikey connected to the cloud. *customer then inserts yubi key into computer(which then yubikey attempt to the cloud server by some means of http,tcp or udp?) *mtgox notices the yubikey is connected and now allow withdraws until yubikey is disconected crom the clouddoes that sound about right? |
|
|
|
|
|
TangibleCryptography
|
|
June 11, 2012, 10:19:49 PM |
|
or am i confused on its usage? is it more like the Yubikey IS your password?
Read this: http://www.yubico.com/technical-descriptionIt generates OTPs (One Time Passwords) and usually is combined with a normal password. It has a USB thumbdrive form factor, and only one button which is just a touch pad not an actual button. nice link. So someones experience with say a service like mtgox and a yubikey would be like the following... *Login to mtgox with username and password on the computer like usual. *Attempt to withdraw bitcoins from mtgox *Mtgox says "there is no yubikey connected to the cloud. *customer then inserts yubi key into computer(which then yubikey attempt to the cloud server by some means of http,tcp or udp?) *mtgox notices the yubikey is connected and now allow withdraws until yubikey is disconected crom the clouddoes that sound about right? No. That would be very insecure. Hacker could simply wait for you to connect your key and steal all funds. Try re-reading the link on OTP again (and again). It is one time handshake between the key and a server. Still not sure how useful yubikey is for what you are looking to build. |
|
|
|
|
PocketCoin (OP)
Newbie
Offline
Activity: 23
Merit: 0
|
|
June 12, 2012, 12:05:05 AM |
|
Still not sure how useful yubikey is for what you are looking to build.
That's exactly what I'm trying to figure out so I ask stupid questions(I guess that’s not the best way to go about getting information). I think to stay in line with the original goal the device we are aiming for should stay way from any one point of failure (relying on yubi key). and I am just saying that because my confidence with producing source code to be secure with the yubikeys authentication methods is low. |
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 12, 2012, 12:25:53 AM |
|
Yeah I was just providing information about it for you to research because it was brought up. I don't think it would fit in well in this application either.
|
|
|
|
|
NothinG
|
|
June 12, 2012, 12:30:32 AM |
|
Yeah I was just providing information about it for you to research because it was brought up. I don't think it would fit in well in this application either.
Well if the wallet got stolen, then you'd have to use the Yubikey to unlock it to send coins. Like if you steal an ATM machine, good luck getting it open without ruining the money. |
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 12, 2012, 12:33:30 AM |
|
Yeah I was just providing information about it for you to research because it was brought up. I don't think it would fit in well in this application either.
Well if the wallet got stolen, then you'd have to use the Yubikey to unlock it to send coins. Like if you steal an ATM machine, good luck getting it open without ruining the money. Well yeah, as long as you never kept the Yubikey near the device except when you wanted to use it, otherwise they would just get stolen together. That's why I don't totally get the idea of the Yubikey Nano, because it is designed to be plugged in and left in the USB port and not removed. |
|
|
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
June 12, 2012, 07:45:17 PM |
|
Thanks NothingG, subscribing to this thread... |
|
|
|
|
|
