Topic: Bitcoin adoption and security (Read 2913 times)

1. Use a bunch of dice, any number of sides. Take a picture of the sky. Take a picture of a fire. Get the hashes of those jpegs. Research diceware. Flip a few coins.
2. Use bitaddress.org or brainwallet.com (the offline version). Input the dice and the hashes and the coin flips and whatever yubikey spits out (not in static mode.)

The first part you probably won't do very well, leaving you with a weak key.  Do it with one die at a time, into a box without looking, and ALWAYS take the number that comes up.  Takes 60 throws to generate that much entropy.

The second part is apparently yes.  I'm not sure about that specific model, since it is very old (1987), but any of the later Z80, 68k or ARM calculators should have enough power to do the math.

Hmm.  I may have to put fresh batteries in my trusty old TI-85.

Newbie question: to make a fully secure savings account, is it possible to roll some 20-sided dice a bunch of times to generate a private key, then use a calculator or TI-95 to derive the public key?

Wow, I watched the presentation and I like what I see. Keep up the good work!
I'm still in the "I'm Scared" phase but will try it out in a month or so when I (hopefully) get my mining hardware and set everything up. And yes, I will make sure a donation finds its way towards the Armory developers, lol.

@Zangelbert
That's exactly what I'm talking about. Most of the replies in this thread present more or less complicated technical solutions to secure the wallet. However none of them (although Armory comes close) are ready as a mass-market solution.  The convenience of an online wallet (like my online banking) is something we should strive to achieve, but it has its own drawbacks. Who is going to maintain the server? What if that server data gets hacked/deleted/confiscated?

So, how can we overcome those drawbacks?

I feel that I am reasonably secure even just using the original Satoshi client on my Windows computer. I have the whole thing sandboxed, despite not having any anti-virus installed at all.

But that's just me because I'm a geek.

I don't need Armory, but I might play with it a bit because the concept is interesting.

I agree online wallets are not ideal, though perhaps they could be effectively decentralized if enough competitors enter the online wallet market.

On the client side, it's certainly reassuring to know people of your calibre see this issue and are working on it.

Bleh, hopefully a centralized solution like "trusted online wallets" is not preferred over a safer, more decentralized solution.

If the coins are not easy to store in a safe, decentralized manner...  blame us!  Keep the heat on.  We need the best user experience possible.  Ideally you want to make it hard to not store your coins securely.

To be honest, the only reason I don't buy more bitcoins is that I'm not sure I could secure them.

So far Armory seems to be the only workable solution for the everyday security-conscious folks who will constitute the vast majority of bitcoin users if bitcoin takes off, but the procedure is still cumbersome and for a newb requires them to devote one computer solely to private key generation.

This is not a mass-market solution. Lack of a dirt-simple, secure way of keeping your coins seems to me the biggest bottleneck to bitcoin adoption, unless trusted online wallets take over as the primary storage method.

Yes, this is exactly what Armory does.  It's why I made it.  As far as I know, it's the only program out there that has a simple graphical interface for managing offline wallets, watching them using online wallets, and spending coins using USB keys.  Your private keys never touch the internet, but you can still generate addresses online with no risk to your funds (only your privacy).   Once you get past the long load times it is a phenomenal solution (and I'm working on the load-time thing for the next release).

This basically is two-factor:  your online computer has to create the transaction, and offline computer must sign it.  In many ways, most things that would compromise this setup would compromise a two-factor auth setup as well.





Armory avoids this security issue by using BIP 10 which actually provides all the input transactions so that your offline computer can fully verify every part of that transaction it is signing, without the blockchain.  This is why it's so simple:  no need to sync the blockchain to the offline computer.  You just save the unsigned transaction to USB key, take it to the offline computer, sign it, bring it back and hit the "Broadcast" button.

You don't need a Linux Bootable CD; that is simply the easiest method. You can use Microsoft Windows, and still be reasonably secure with an isolated computer.

• First, select hardware without a 3G modem Edit: it appears it only supports remote lock via SMS, not remote wipe/control.
  
• Install version of Windows of your choice. It is a judgement call if you want to patch with the latest updates. If installing from read-only media, you can use phone activation.
• Disable autorun.  Wipe any new USB keys before using them. Edit: disable previews, not matter the OS (image handling and PDF libraries have a poor security history).
  
• Install Bitcoin wallet generating software of your choice. Keep in mind you are trusting it not to generate addresses predictable to any attacker. For the JavaScript wallet generator, you can store the file locally, which will protect you  in the event the website is compromized.
• Consider buying a cheap printer for exclusive use of your bitcoin computer.
• Spending is still tricky, since your "secure" computer never connects to a network and avoids USB keys as much a possible. In theory, it should be possible to sign a transaction, and have another computer send it (keeping in mind the USB key wipe precautions). I am not aware how/which any existing client support this. Without the block-chain, your "secure" computer would be spending blind. It should be OK if you only sign wallets generated by that computer, or generated prior to the version of the block-chain stored on that computer (and not spent by another computer).

Edit: Armory aims to do what I describe.

Or in other words, anyone who makes a trojan that cannot key-log or a key-logger that doesn't grab the wallet.dat is leaving money on the table and thus is probably not a serious contender/competitor in "the field".

Plan on them coming as a pair, as just part of any standard intrusion/rootkit tools.

-MarkM-

The client already allows you to encrypt your wallet, making stolen wallet.dat files useless. It's just that some people are paranoid about having both, a key logger steal their password AND a trojan steal their wallet.dat at the same time.

Thanks for the replies everyone. Now I'm even more scared than before, lol.

Anyways, what I wanted to say is not that we don't have ways of securing a wallet, it's that the ways to do that are not yet ready for mass adoption. If I need a good laugh I just need to imagine telling some of my friends that they need a Linux bootable CD that doesn't write on the HDD.

Of course, you can't prevent loss through the use of physical keyloggers or users' sheer stupidity, but you shouldn't be some Linux James Bond to use Bitcoins. I was thinking perhaps the client can encrypt all data with a password and that's it; even if the wallet.dat gets stolen, it's useless w/o the password. Or something like that ...

So, something needs to be done about it if we want to take Bitcoin to the next level: larger adoption, e-commerce, etc. If people are afraid of losing their coins, they won't be using them in the firstplace.

There are no easy answers. The easy answer was called "mybitcoin". Look it up.

I personally think that computers are too insecure to handle Bitcoin, and will be for my lifetime. Bitcoin allows you to store hard money on just about any recordable medium. The difficulty is that anyone with access to the private key can spend that money. The advantage is that you can take advantage of that to actually back-up your money in case the fixation upon which it is stored is destroyed.

A secure wallet is never spent, and  is stored in multiple locations. Data loss is a real security concern. If you are encrypting the copies, you may want distribute  a series of keys such that a subset are needed to reconstruct the master decryption key.

A secure wallet is generated on a comptuer with no access to the Internet. Removing wireless cards and unplugging network cables is a sensible precaution. As is booting from a live CD (that you have to find some way of trusting). The Live CD should never write to the hard-disk if the machine is going to be connected back up to a network. Printing the wallet on a printer is a sensible precaution. Keep in mind, you can't trust the printer either. I would strongly suggest avoiding network printers. It would also be helpful to know just how much data your printer is capable of storing (and for how long). For example, fancy photocopiers will keep the last 1500 pages or so on the hard-drive (so you can re-print).

Security updates are always a security risk. This means you can not use an anti-virus on a machine storing lots of Bitcoin, which means you have to have some other way of keeping the machine virus-free. You have to trust your OS provider not to  tamper with their software updates either. However, leaving the system unpatched leaves you vulnerable to security exploits that you hope were not deliberately set.

That does not even get into my thesis that PCs are no longer general-purpose computers. /tinfoil

For spending, you have to move the keys to an insecure computer. To facilitate this, you may want a series of small wallets, such as the Casascius model. Remember though, if you are trusting no one, you can't just buy a pile of those and call it a day. How much do you trust "Mike Caldwel", really?

TL;DR: James Bond skills yes, but you can use BSD instead of Linux

PS: With this level of paranoia, I have not lost a single bitcoin. Neither have I ever had any Bitcoins to my name either. I think a safe-deposit box and very old printer will suffice for "cold storage" for now. I plan on signing the seal of the envelope so I an have some indication if tampering has occurred.

He can't if he continues to be honest as he always has been. Though in the case if he decides to break bad, he can easily obtain your private keys if he wants to, by changing the code of his website. Again, this is highly unlikely since he has an excellent spotless reputation, and disclosed much information about himself and his company.

Alright, heres a QUICK GUIDE of what I suggest.

Download a copy of TAILS OS
https://tails.boum.org/about/index.en.html

Install it to a CLEAN FLASHDRIVE
http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

Boot into tails on a trusted machine, check for physical keyloggers.

Since tails runs only in the RAM and the flash drive, install bitcoin to the flashdrive, /OR/ generate an address on the system to send coins to from another system.

This kind of makes a mobile portable wallet, if you installed bitcoin to the system, and not just genned an address.

I don't think Piuk can get to your bitcoin, either, since your blockchain.info wallet is decrypted and encrypted in your browser, and no unencripted private keys ever reach blockchain.info's servers. But I guess he could change the code while no one's looking.

If you are completely non-technical, then just use blockchain.info wallet, choose a secure password, utilize their 2 factor authentication feature, install their firefox plugin js checker, back up your encrypted wallet to dropbox after each large transaction. Then basically you are 100% secure, unless the operator piuk decides to break bad. Piuk has revealed his real world identity from the start, so the chances are rather low.

Well having just tried to setup my secure wallet I must agree with you 100%. An easy to setup and convenient at the same time plus&play but yet secure wallet is a must and as I said in that other thread I'd be willing to pay up to $15 for something like an USB stick with a ready to use setup.

Right now I think way too many people are relying on trusting 3rd parties and encryption in a very virus and keylogging prone environment which could lead to a lot of thefts down the road. Multikey addresses are an answer but it isn't the cheapest because you do need to have a second device, which many don't, and you still need to protect both devices.

And what's the percentage of users and merchants using Linux and saving their wallet.dat data on USB sticks?

My point is that in order to speed up adoption, something needs to be done to make securing the wallet a more user friendly experience w/o sacrificing the security. Otherwise we might just call the Geekcoin. Hmm, maybe I should go and trademark that, I might get rich in a few years