when you release it, i will hack it in 10 seconds, or at least proof that there are a flaw in your system.
wanna a bet? 100btc, 1000btc?
Topic: Coming Soon! impossible to steal wallets - page 3. (Read 6546 times)
joeyjoe, thank you for working so hard for the good of the community. An unhackable wallet is a much needed product, it can't arrive any moment too soon. If only allinvain, the infamous wallet.dat victim would be alive to see this day ! Sadly the pressure of loosing half a million dollars to a hacker was too much for the poor soul, he succumbed to deep depression and took his own life by homoerotic asphyxiation. Sad indeed.
However I cannot but wonder why would men with such genius waste time on a small fish like the Bitcoin. Banks are wasting billions of dollars on things like security tokens and authentication methods. A method guaranteeing that only the bank software has access to say, a certificate file used in the authentication, is pure gold. It's easily the invention of the decade in the field of security. Your company might very well be the next Apple. Since I see it's potential, I'm more than anxious to buy stock in an IPO, please keep me posted !
Hush now, stop wasting your talent on these unworthy simpletons, disclosing the glorious invention. Together the three of us will make billions !
However I cannot but wonder why would men with such genius waste time on a small fish like the Bitcoin. Banks are wasting billions of dollars on things like security tokens and authentication methods. A method guaranteeing that only the bank software has access to say, a certificate file used in the authentication, is pure gold. It's easily the invention of the decade in the field of security. Your company might very well be the next Apple. Since I see it's potential, I'm more than anxious to buy stock in an IPO, please keep me posted !
Hush now, stop wasting your talent on these unworthy simpletons, disclosing the glorious invention. Together the three of us will make billions !
That way if a Trojan were running on the system it could not copy or read the file. At least it would make it more difficult for the Trojan as it would have to circumvent or shut down the protecting process first, or it would have to directly read out of the memory.
Problem is, the trojan probably already elevated privileges to install itself. If it's got that permission on the system, it would be able to do anything else (like disable the "dont touch my wallet.dat" file protection process.
I'm thinking perhaps it is a OS process that blocks access to the wallet.dat file except for the Bitcoin program (and backup a program).
That way if a Trojan were running on the system it could not copy or read the file. At least it would make it more difficult for the Trojan as it would have to circumvent or shut down the protecting process first, or it would have to read out something out of the memory.
That way if a Trojan were running on the system it could not copy or read the file. At least it would make it more difficult for the Trojan as it would have to circumvent or shut down the protecting process first, or it would have to read out something out of the memory.
Or just use the wallet remotely. Simulating user input is somewhat trivial task. You don't need to steal the wallet.dat if you simply write a trojan which waits until it acquired passphrase and then uses the wallet to send full balance to an address owned by the attacker. I have been looking into running a wallet inside a smart card because it provides some resistance to an attacker (compromising the computer is useless you need to compromise the smartcard).
Just bouncing attack and defense ideas off myself and colleges I believe that the only secure digital wallet is one that also has a secure 2nd factor authentication.
I have an impossible to steal wallet. It's called a paper wallet. Physical bitcoins are just metallic paper wallets with a preloaded balance.
I suppose it can be stolen in person. But can't be stolen online if produced securely.
Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.
I suppose it can be stolen in person. But can't be stolen online if produced securely.
Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.
wow, i never realized you felt that strongly about it. hmmm....
I'm thinking perhaps it is a OS process that blocks access to the wallet.dat file except for the Bitcoin program (and a backup program).
That way if a Trojan were running on the system it could not copy or read the file. At least it would make it more difficult for the Trojan as it would have to circumvent or shut down the protecting process first, or it would have to directly read out of the memory.
That way if a Trojan were running on the system it could not copy or read the file. At least it would make it more difficult for the Trojan as it would have to circumvent or shut down the protecting process first, or it would have to directly read out of the memory.
If it is not open source - forget it.... just don't spend your time on it you will not get a dime out of it...
people that make anti-viruses or firewalls do not make them open source as that would defeat the point. With the source, people would work out ways around it.
It wont be open source, if you dont trust it, dont install it. Dont install anything ever again, why have you got an OS installed if its not open source?? have you installed anything in the past year that isnt open source?? i wouldnt trust it then if i were you.
Have you put funds on mtgox or tradehill recently? how can you trust it without full password access to their servers and bank accounts?
I know people will still use it. Probally be a bit wary of it at first, but once it gains enough reputation more people will trust and use it.
http://www.clamav.net/
http://www.smoothwall.org
Security through obscurity is no security.
True security comes from taking the aproach that your attacker already knows the secrets. For example a good bank vault is designed to deter an attacker even if an attacker has the complete scematics and material specs.
http://en.wikipedia.org/wiki/Kerckhoffs%27_principle
If your code can't survive scrutiny and remains secure you are merely hiding the mechanism that blocks an attacker. Eventually an attacker will discover it an "undo" it.
SHA-256, Bitcoin, and Linux are three examples of secure systems where there are no "secrets". Everything about SHA-256 hash is in the open publicly available. Go ahead and try and crack it. There are no secrets so it should be easy right?
There are times when closed source is fine. I don't care if a video game is closed source, however mining and wallets can involve significant amounts of money so that ups the security requirements.
My mining rigs are 100% open source. Linux (open source) + Miner (open source) + utilities (open source).
people that make anti-viruses or firewalls do not make them open source as that would defeat the point. With the source, people would work out ways around it.
If your security depends on the source being secret, then its not secure, period.
My Bitcoins are already protected against theft and I don't have to trust a 3rd party for their security.
I've created about 100 Bitcoin addresses off-line. I've divided my Bitcoins into manageable denominations and distributed the Bitcoins to those off-line addresses.
The private keys have been GPG encrypted and encoded to QRCodes. Those QRCodes have been printed to paper and distributed to several locations online and in the real world.
As I need to spend Bitcoin, I only need to import an address at a time until I have my needed funds. The rest remain off-line - safe.
It was a very tedious and scary process, but I did a lot of testing to ensure my procedure. I would not wish this on any n00b. Any solution to protect someone's Bitcoins needs to be a self reliant process, with redundant outputs, and no requirement for 3rd party trust. I am confident that some developer will soon make this process an easy, "click here" solution for the average user to benefit from.
I've created about 100 Bitcoin addresses off-line. I've divided my Bitcoins into manageable denominations and distributed the Bitcoins to those off-line addresses.
The private keys have been GPG encrypted and encoded to QRCodes. Those QRCodes have been printed to paper and distributed to several locations online and in the real world.
As I need to spend Bitcoin, I only need to import an address at a time until I have my needed funds. The rest remain off-line - safe.
It was a very tedious and scary process, but I did a lot of testing to ensure my procedure. I would not wish this on any n00b. Any solution to protect someone's Bitcoins needs to be a self reliant process, with redundant outputs, and no requirement for 3rd party trust. I am confident that some developer will soon make this process an easy, "click here" solution for the average user to benefit from.
If it is not open source - forget it.... just don't spend your time on it you will not get a dime out of it...
people that make anti-viruses or firewalls do not make them open source as that would defeat the point. With the source, people would work out ways around it.
It wont be open source, if you dont trust it, dont install it. Dont install anything ever again, why have you got an OS installed if its not open source?? have you installed anything in the past year that isnt open source?? i wouldnt trust it then if i were you.
Have you put funds on mtgox or tradehill recently? how can you trust it without full password access to their servers and bank accounts?
I bet 99% of you didnt check the source code for the bitcoin software anyway, let alone check the signature. I could easily post source code to a trojan and remove all the trojan bits, and no one would notice for some time.
I know people will still use it. Probally be a bit wary of it at first, but once it gains enough reputation more people will trust and use it.
If it is not open source - forget it.... just don't spend your time on it you will not get a dime out of it...
Trollolol
in b4 OP runs off with the bitcoins of anyone stupid enough to install his trojan
in b4 OP runs off with the bitcoins of anyone stupid enough to install his trojan
My software will make it impossible for the wallet to be accessed by anything other than the real bitcoin software.
The only thing impossible is your claim. Any protection you put into the software can be simulated if the system is compromised. 
If it's not gonna be open source i won't trust it can live up to the claims.
joeyjoe, there are extremely good theoretical and practical reasons to think that safely handling bitcoins using a compromised computer is impossible, no matter what tricks you use to protect them, and that this issue is fundamentally impossible to fix. While you can write software which makes stealing bitcoins inconvenient, the only true defenses are (a) keeping your computer secure, and (b) incorporating multiple devices, such as by using multi-signature transactions (coming in a future version).
Various tricks have been proposed for doing protected computation in non-bitcoin contexts, and it always ends up being an arms race with the bad guys having a substantial advantage. Things like using a TPM, hiding the keys behind interprocess communication, in-memory encryption, and device fingerprinting only help a little.
You shouldn't assume that because your teacher hasn't shot you down, that your plan will work. Experts in cryptography often propose schemes that are later proven not to work, and this happens so often that it's considered poor form to advertise anything as truly secure until it's been published and peer reviewed for a fairly long time.
Various tricks have been proposed for doing protected computation in non-bitcoin contexts, and it always ends up being an arms race with the bad guys having a substantial advantage. Things like using a TPM, hiding the keys behind interprocess communication, in-memory encryption, and device fingerprinting only help a little.
You shouldn't assume that because your teacher hasn't shot you down, that your plan will work. Experts in cryptography often propose schemes that are later proven not to work, and this happens so often that it's considered poor form to advertise anything as truly secure until it's been published and peer reviewed for a fairly long time.
I already have such a utility on my linux box, and I use if regularly:
shred -u ~/.bitcoin/wallet.dat
Nobody's stealing that fucker!
shred -u ~/.bitcoin/wallet.dat
Nobody's stealing that fucker!
I have an impossible to steal wallet. It's called a paper wallet. Physical bitcoins are just metallic paper wallets with a preloaded balance.
I suppose it can be stolen in person. But can't be stolen online if produced securely.
Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.
+1 I suppose it can be stolen in person. But can't be stolen online if produced securely.
Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.
I have an impossible to steal wallet. It's called a paper wallet. Physical bitcoins are just metallic paper wallets with a preloaded balance.
I suppose it can be stolen in person. But can't be stolen online if produced securely.
Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.
I suppose it can be stolen in person. But can't be stolen online if produced securely.
Ultimately, with computers being hackable and as porous as swiss cheese, I feel that offline bitcoins is the only safe way for the average consumer to go.
Soooooo..... how does it work? if there is no passphrase, how do you spend the coins? how does it prevent the attacks you describe?
Your claims imply a grand innovation in computer security!
The software controlls access to the wallet, only with your machine, and the application running, with the legit bitcoin software can you access the funds. It WILL create a ten-fold in the amount of security the file currently has.
The guy who's helping do this teach's security, and since I explained to him the main idea, has come up with alot of interesting methods to help protect it.
The titanic was unsinkable ... Just like this wallet scheme is unstealable...
Jump to: