Bitcoin Forum
October 21, 2019, 09:06:46 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 2FA for Bitcoin-QT?  (Read 2622 times)
SgtSpike
Legendary
*
Offline Offline

Activity: 1372
Merit: 1001



View Profile
April 26, 2013, 05:35:36 PM
 #1

Just curious... Bitcoin-QT has a password, sure, but what if you have a keylogger on your computer?  Is there any sort of 2FA available that works with Bitcoin-QT (or any of the other installable wallets)?  Or can we brainstorm ways to support 2FA that wouldn't be hackable via the same method (i.e., would defeat keyloggers)?  Yubikey support?  Hardware signatures?  Email confirmation codes?  Etc?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571648806
Hero Member
*
Offline Offline

Posts: 1571648806

View Profile Personal Message (Offline)

Ignore
1571648806
Reply with quote  #2

1571648806
Report to moderator
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1008


View Profile
April 26, 2013, 05:37:52 PM
 #2

See - payment protocol, Trezor.

2FA for desktop wallets is a project that has been in progress for many months now. And things are coming together nicely, but it's still nowhere near ready for launch yet.
SgtSpike
Legendary
*
Offline Offline

Activity: 1372
Merit: 1001



View Profile
April 26, 2013, 05:56:34 PM
 #3

See - payment protocol, Trezor.

2FA for desktop wallets is a project that has been in progress for many months now. And things are coming together nicely, but it's still nowhere near ready for launch yet.
Yes, I have read about that.  Very cool project!

I suppose my question is more along the lines of:
- Is there currently ANY 2FA for any of the installable wallets?
- Should we be looking at more than just a hardware wallet for 2FA?  Would a Yubikey be possible to use?  Email confirmation code?  Etc?

As an end user, I like having options, so I want to discuss/explore what options might be possible to implement.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1008


View Profile
April 26, 2013, 06:24:08 PM
 #4

No, there's no existing alternative. No, the alternatives you cite won't work. There are good reasons we're pursuing the path we are.

A little more helpfully, the threat model we're working towards is a completely malware compromised computer, in which the attacker has unlimited skill and control over the machine. This is a very strong threat model. In fact, it's one so strong that no existing financial system has ever managed to survive it. Even European banks that use hardware second factors aren't really resistant to this scenario because the devices they use have extremely limited I/O bandwidth (you have to manually type in codes) so it's possible for a virus author to rewrite IBAN codes to different ones and get you to sign a wire transfer to the wrong place.

In practice such viruses don't seem to crop up because wire transfers are very rare in the current banking system (they're extremely slow, awkward, expensive etc), so the banks don't have much incentive to fix it. Credit cards don't even try and survive this threat model, they just leak money all over the place. In person debit card transactions have secure hardware but assume a trusted merchant (they're not peer to peer).

So we're being very ambitious with this effort but it's the only approach that will put us on sure footing, long term.

I think you can see why the solutions you've proposed won't work given a malware compromised host. You really need the wallet to be controlled by a device that is secure, and the only known way to make such a thing is to severely limit its abilities. So, eg, smartphones can help a bit because they have more secure operating systems than desktops, but their huge abilities make it hard to secure them and lots of people have insecure smartphones as a result. A Trezor + authenticated payments s really the best possible solution.
SgtSpike
Legendary
*
Offline Offline

Activity: 1372
Merit: 1001



View Profile
April 26, 2013, 06:49:09 PM
 #5

No, there's no existing alternative. No, the alternatives you cite won't work. There are good reasons we're pursuing the path we are.

A little more helpfully, the threat model we're working towards is a completely malware compromised computer, in which the attacker has unlimited skill and control over the machine. This is a very strong threat model. In fact, it's one so strong that no existing financial system has ever managed to survive it. Even European banks that use hardware second factors aren't really resistant to this scenario because the devices they use have extremely limited I/O bandwidth (you have to manually type in codes) so it's possible for a virus author to rewrite IBAN codes to different ones and get you to sign a wire transfer to the wrong place.

In practice such viruses don't seem to crop up because wire transfers are very rare in the current banking system (they're extremely slow, awkward, expensive etc), so the banks don't have much incentive to fix it. Credit cards don't even try and survive this threat model, they just leak money all over the place. In person debit card transactions have secure hardware but assume a trusted merchant (they're not peer to peer).

So we're being very ambitious with this effort but it's the only approach that will put us on sure footing, long term.

I think you can see why the solutions you've proposed won't work given a malware compromised host. You really need the wallet to be controlled by a device that is secure, and the only known way to make such a thing is to severely limit its abilities. So, eg, smartphones can help a bit because they have more secure operating systems than desktops, but their huge abilities make it hard to secure them and lots of people have insecure smartphones as a result. A Trezor + authenticated payments s really the best possible solution.
I see your point.  Sure, some methods might defend against some types of malware attacks, but what is the use of allowing the user to trust in those defenses if they cannot defend against all malware attacks?  It would simply give the defense method (and Bitcoin) a bad name.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1008


View Profile
April 26, 2013, 06:58:29 PM
 #6

Yeah. I mean, raising the bar is a good idea, hence the wallet encryption (it knocks out some script kiddies).

But, once you assume an attacker has more skill than that, then there isn't much point spending time on solutions that won't work. You might as well aim for the top.
grendel25
Legendary
*
Offline Offline

Activity: 1456
Merit: 1024



View Profile
January 25, 2015, 06:36:41 AM
 #7

I see the warning that this is over 120 days but this is very relevant and I did already start another post asking a similar question.  I want more discussion on this matter as I think it's hugely important do the more widespread adoption of bitcoin.

SgtSpike's query deserves more consideration.

here's my thoughts: https://bitcointalk.org/index.php?topic=935071.new#new

I don't see why 2FA can't fit into a wallet as an alternative to memorizing seeds.  2FA or some derivative may be essential to improving the bitcoin user experience in my opinion.


..Absolute.......................
..The First Proof of View Cryptocurrency..
.
.
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄████████████████▀▀█████▄
▄████████████▀▀▀    ██████▄
████████▀▀▀   ▄▀   ████████
█████▄     ▄█▀     ████████
████████▄ █▀      █████████
▀████████▌▐       ████████▀
▀████████ ▄██▄  ████████▀
▀█████████████▄███████▀
▀█████████████████▀
▀▀█████████▀▀
.
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄████████▀█████▀████████▄
▄██████▀  ▀     ▀  ▀██████▄
██████▌             ▐██████
██████    ██   ██    ██████
█████▌    ▀▀   ▀▀    ▐█████
▀█████▄  ▄▄     ▄▄  ▄█████▀
▀██████▄▄███████▄▄██████▀
▀█████████████████████▀
▀█████████████████▀
▀▀█████████▀▀
.
.
Poramin Insom
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
January 25, 2015, 06:41:09 PM
 #8

I see the warning that this is over 120 days but this is very relevant and I did already start another post asking a similar question.  I want more discussion on this matter as I think it's hugely important do the more widespread adoption of bitcoin.

SgtSpike's query deserves more consideration.

here's my thoughts: https://bitcointalk.org/index.php?topic=935071.new#new

I don't see why 2FA can't fit into a wallet as an alternative to memorizing seeds.  2FA or some derivative may be essential to improving the bitcoin user experience in my opinion.



I have integrated 2FA - Google with Qt wallet. If you would like to get source code. PM me.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!