Pages:
Author

Topic: Coming Soon! impossible to steal wallets - page 4. (Read 6546 times)

hero member
Activity: 527
Merit: 500
October 26, 2011, 10:02:05 PM
#14
At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.

Which is still easily stolen.  If the attacker has remote access to the machine via a trojan he can still steal coins in a variety of ways.
1) simply use wallet to transfer them out to an address he owns.
2) grab decrypted keys from memory.
3) decompile the client to determine what hardware specific strings are used to generate the decryption key and decrypt the wallet file.

Tip for next time.  You might get more interest without stupid claims like "impossible to steal".

But wouldnt be able to access the wallet file at all due to the file protection, not to mention as soon as it trys to access the wallet or any of the files, It would get blocked. That is as long as the application service is running.

It would be much more work than what is currently required to copy the file, and log the passphrase.

Not impossible to steal i guess, but impossible to steal the funds from it

Soooooo..... how does it work? if there is no passphrase, how do you spend the coins? how does it prevent the attacks you describe?

Your claims imply a grand innovation in computer security!
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
October 26, 2011, 09:59:23 PM
#13
this service not a bad idea.

if you can pull it off and you fell it renders the wallet un-steal-able ... i think you should sell insurance " use my software to store your wallet and i guaranty 100% your funds , *for a smaal fee* "

this could make money if its well build.. BUT 1 flaw and you could end up owning millions of bitcoins...
 
full member
Activity: 224
Merit: 100
October 26, 2011, 09:58:13 PM
#12
At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.

Which is still easily stolen.  If the attacker has remote access to the machine via a trojan he can still steal coins in a variety of ways.
1) simply use wallet to transfer them out to an address he owns.
2) grab decrypted keys from memory.
3) decompile the client to determine what hardware specific strings are used to generate the decryption key and decrypt the wallet file.

Tip for next time.  You might get more interest without stupid claims like "impossible to steal".

But wouldnt be able to access the wallet file at all due to the file protection, not to mention as soon as it trys to access the wallet or any of the files, It would get blocked. That is as long as the application service is running.

It would be much more work than what is currently required to copy the file, and log the passphrase.

Not impossible to steal i guess, but impossible to steal the funds from it
legendary
Activity: 1246
Merit: 1016
Strength in numbers
October 26, 2011, 09:57:11 PM
#11
You are going to be rich.

1. Buy coins
2. Release code
3. Profit

Your (supposed) software makes coins more valuable. There is a much better way to profit than selling the software. Lets call it the Satoshi method.
donator
Activity: 1218
Merit: 1079
Gerald Davis
October 26, 2011, 09:53:35 PM
#10
At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.

Which is still possible to steal.  If the attacker has remote access to the machine via a trojan he can still steal coins in a variety of ways.
1) simply use wallet to transfer them out to an address he owns.
2) grab decrypted keys from memory.
3) decompile the client to determine what hardware specific strings are used to generate the decryption key and decrypt the wallet file.

Tip for next time.  You might get more interest without stupid claims like "impossible to steal".

You keep using this word "impossible".  This word, I don't think this word means what you think it means.
full member
Activity: 224
Merit: 100
October 26, 2011, 09:50:54 PM
#9
the wallet.dat will not be backed up as is. it will be fully encrypted before it is backed up. anyone with access to the encrypted file will not be able to so anything with it. The application will prevent it from being copied by anything else. It is quite simple how it works.

Probally in the future it will be apart of the main software.

Nothing in that paragraph made any sense.  Your answers indicate you have no technical understanding of how this "impossible to steal system" works.

The only thing I am unsure about is this
a) someone who honestly (and incorrectly) thinks they have something which is unhackable
b) a scam
c) just someone who has no clue

You are aware the current client has encrypted wallet right?  The wall.dat is never left decrypted and the backup is always encrypted.  It still can be stolen.

using some crappy passphase is a stupid idea, all a wallet stealer would have to do currently is log the passphrase. This is hardly a good protection from a wallet stealer.

Yes i do know how this will work as most of the application has been created already.
full member
Activity: 224
Merit: 100
October 26, 2011, 09:48:27 PM
#8
To be unstealable wouldn't you have to somehow sign outgoing transactions with a drop of blood containing your DNA?

So the thief would have to also steal some of your blood too in order to spend the funds. Uuuuuh, hmmm, maybe that's not such a good idea actually.

At the end of the day, only your machine will be able to access the wallet file. using the file on another machine will not work, even with the application. This will cause a problem if your machine was to fail, or if you planned to use the wallet on more than one machine. But there will eventually be measures to protect against this too.
donator
Activity: 1218
Merit: 1079
Gerald Davis
October 26, 2011, 09:47:58 PM
#7
the wallet.dat will not be backed up as is. it will be fully encrypted before it is backed up. anyone with access to the encrypted file will not be able to so anything with it. The application will prevent it from being copied by anything else. It is quite simple how it works.

Probally in the future it will be apart of the main software.

Nothing in that paragraph made any sense.  Your answers indicate you have no technical understanding of how this "impossible to steal system" works.

The only thing I am unsure about is this
a) someone who honestly (and incorrectly) thinks they have something which is unhackable
b) a scam
c) just someone who has no clue

You are aware the current client has encrypted wallet right?  The wall.dat is never left decrypted and the backup is always encrypted.  It still can be stolen.
sr. member
Activity: 266
Merit: 250
October 26, 2011, 09:42:17 PM
#6
To be unstealable wouldn't you have to somehow sign outgoing transactions with a drop of blood containing your DNA?

So the thief would have to also steal some of your blood too in order to spend the funds. Uuuuuh, hmmm, maybe that's not such a good idea actually.
full member
Activity: 224
Merit: 100
October 26, 2011, 09:39:40 PM
#5
The vague "details" and dubious claim in the title combined with the fact that someone else is writing it makes me think you don't even know how it works.

Do you?

If the wallet.dat can be backed up then it can be copied by an attacker.
The attacker can download their own copy of the client.  Client + wallet.dat + passphrase = access to funds.

the wallet.dat will not be backed up as is. it will be fully encrypted before it is backed up. anyone with access to the encrypted file will not be able to so anything with it. The application will prevent it from being copied by anything else. It is quite simple how it works.

Probally in the future it will be apart of the main software.
donator
Activity: 1218
Merit: 1079
Gerald Davis
October 26, 2011, 09:35:52 PM
#4
The vague "details" and dubious claim in the title combined with the fact that someone else is writing it makes me think you don't even know how it works.

Do you?

If the wallet.dat can be backed up then it can be copied by an attacker.
The attacker can download their own copy of the client.  Client + wallet.dat + passphrase = access to funds.
full member
Activity: 224
Merit: 100
October 26, 2011, 09:30:09 PM
#3
1)  It wouldn't be your software alone, your prof would have a claim.

2)  Why should I trust you and

3)  Why should I trust your software?  What will your client do differently that the current one does not?

1, It would be both of ours. Although I would be paying for the software, and developing the main UI.

2, you dont have to

3,  As my edited post above says, it stops anything else accessing the wallet, protects your funds by a better encryption, and offers offsite backups.
legendary
Activity: 1708
Merit: 1010
October 26, 2011, 09:28:05 PM
#2
1)  It wouldn't be your software alone, your prof would have a claim.

2)  Why should I trust you and

3)  Why should I trust your software?  What will your client do differently that the current one does not?
full member
Activity: 224
Merit: 100
October 26, 2011, 09:25:00 PM
#1
Im creating an application with a great programming professor who's an expert when it comes to encryption and file access protocols.

Soon it will be impossible for anyone to steal your wallet, with full backup options with the ability to backup the encrypted versions to my secured dedicated server with tape backups.



With the latest bitcoin application, although you have to type a pass phrase to send funds, this really isnt that secure at all. If someone was to use a trojan to steal your wallet, its dead simple to use a keylogger to record the password. My software will make it impossible for the wallet to be accessed by anything other than the real bitcoin software.


How much interest would anyone have with this and how much would you pay for something like this to protect your funds?


Quick update:

It will also come with notifications and blocking of any applications trying to access your wallet or interfere with the wallet protector or any of the bitcoin files.
Pages:
Jump to: