Pages:
Author

Topic: Hardware Bitcoin Wallet - page 2. (Read 4810 times)

full member
Activity: 125
Merit: 100
October 06, 2012, 11:27:24 PM
#44
So what stores will my grandma be using this at?
member
Activity: 69
Merit: 20
October 06, 2012, 07:51:44 PM
#43
Kalleguld, I think is a great idea and I would order one for sure! Will you produce it??
legendary
Activity: 1512
Merit: 1049
Death to enemies!
October 06, 2012, 07:45:24 PM
#42
The payment address selection are still performed on computer before being sent to hardware wallet DERP!

Truecrypt and Bitcoin are different, but they both can be compromised with malware on computers they operate. The only way to protect the computer is - don't run any malicious or insecure code on it!
newbie
Activity: 43
Merit: 0
October 06, 2012, 07:35:17 PM
#41
Why TrueCrypt does not even attempt to stop malware from compromising encrypted data? Read the TrueCrypt manuals if You don't want to listen what I say. The same with Bitcoins.

What You can do with computer malware can do too!
TrueCrypt doesn't run on dedicated hardware. This runs on a microprocessor that's a computer in its own right. And that microprocessor can only do one thing (there is a fuse inside it, and when that is burned, you can't reprogram it).
Also, TrueCrypt and this are very different things.

So you need a client on your PC to communicate with it, i.e send the ammount? Isn't this then just basically keeping your wallet on a USB drive?

Why do you need the buttons or a screen?
Not, it's not the same thing. On a USB drive, you (or a piece of malware) can extract the wallet. On this thing, you can only write the wallet, not read it again. Instead, it takes care of that one crucial step in any bitcoin transaction: signing the transaction. That's why it needs a display, so you can confirm that it signs the right transaction.
legendary
Activity: 1316
Merit: 1011
October 06, 2012, 07:14:27 PM
#40
Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
You don't need to enter any amount on this thing, you enter it on the PC.
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.

So you need a client on your PC to communicate with it, i.e send the ammount? Isn't this then just basically keeping your wallet on a USB drive?

Why do you need the buttons or a screen?

I'm confused.
newbie
Activity: 43
Merit: 0
October 06, 2012, 07:11:06 PM
#39
Here is another way to go about this:

Look on eBay for the "VeriFone VX510" credit card machine.  This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable. 

I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs.  I have already demonstrated the printer can print QR codes.

These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.
No need for an entire credit card machine. And $50 is way more than this thing costs.

Also, the thing about this machine is it's supposed to be easy. No need for rs232, command lines or reflashing old hardware. If you want to install the software on a credit card machine, be my guest, it's just not where I'm headed.
newbie
Activity: 43
Merit: 0
October 06, 2012, 07:06:30 PM
#38
Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
You don't need to enter any amount on this thing, you enter it on the PC.
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
October 06, 2012, 06:52:35 PM
#37
Here is another way to go about this:

Look on eBay for the "VeriFone VX510" credit card machine.  This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable. 

I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs.  I have already demonstrated the printer can print QR codes.

These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.
legendary
Activity: 1316
Merit: 1011
October 06, 2012, 06:23:05 PM
#36
Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
legendary
Activity: 1512
Merit: 1049
Death to enemies!
October 06, 2012, 06:21:14 PM
#35
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.

I was going to say something about using a hashed protocol, however if malware is on the computer it doesn't matter. The idea here is golden, as it does not involve a computer. This is for receiving only if I understand correctly.
For receiving not even electronic device is needed to generate private key and address. Or the wallet can be generated on offline computer never connected to network. You can get a old used Pentium3 class computer for as little as 8 USD just for this purpose. And it is much harder to accidentally lose an ATX-size tower and for thief also it is much more physical work to do to steal a system block instead of small dongle.
hero member
Activity: 504
Merit: 504
Decent Programmer to boot!
October 06, 2012, 06:04:36 PM
#34
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.

I was going to say something about using a hashed protocol, however if malware is on the computer it doesn't matter. The idea here is golden, as it does not involve a computer. This is for receiving only if I understand correctly.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
October 06, 2012, 05:46:15 PM
#33
You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.

A touchscreen replaces buttons.
More expensive and awkward solution replaces cheaper solutions. And there is no need for up/down buttons as the amount is planned to be entered by software.
legendary
Activity: 2142
Merit: 1010
Newbie
October 06, 2012, 05:44:21 PM
#32
You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.

A touchscreen replaces buttons.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
October 06, 2012, 05:31:22 PM
#31
You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
October 06, 2012, 05:27:37 PM
#30
Why TrueCrypt does not even attempt to stop malware from compromising encrypted data? Read the TrueCrypt manuals if You don't want to listen what I say. The same with Bitcoins.

What You can do with computer malware can do too!
legendary
Activity: 2142
Merit: 1010
Newbie
October 06, 2012, 05:21:21 PM
#29

I think your bill of materials (BoM) cost will be closer to $12-15 - so at your potential volumes you might meed to retail at more like $40-50 in order to cover your development and distribution costs and make a dollar per device for yourself. Just a heads up. Also if you open source your software the only intellectual property you've got left is in adding the display to the device nicely (which usb stick providers don't do because it would make the product too expensive), so watch out for competition too...


He can remove buttons to make it $2 cheaper. Instead of pressing NO a user can just plug the device out.
newbie
Activity: 45
Merit: 0
October 06, 2012, 05:16:50 PM
#28
So, I have an idea for a secure, cheap and easy to use "hardware wallet".

It will be a small USB stick with a display and two buttons
Expected price: USD 12-15
More info: https://bitcointalksearch.org/topic/proposal-hardware-wallet-win-3-btc-115294

good idea on securing the display and not trusting the PC OS. But I think your bill of materials (BoM) cost will be closer to $12-15 - so at your potential volumes you might need to retail at more like $40-50 in order to cover your development, production, tooling, and distribution costs and make a dollar per device for yourself. Just a heads up. Also if you open source your software the only intellectual property you've got left is in adding the display to the device nicely (which usb stick providers don't do because it would make the product too expensive), so watch out for competition too...

newbie
Activity: 43
Merit: 0
October 06, 2012, 05:11:16 PM
#27
no need to build a device just use a USB stick MP3 player such as
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..
Yes, but that would be more expensive.
Quote
or secondly if your just trying to prevent someone from just using your pc to hack coins by requiring a USB stick to confirm payments..then just use a plain usb stick. make it so the new client wont transmit payment unless a USB stick is inserted containing the wallet or even a special file which the client references. then just dont plug it in untill u need to send payments.
That wouldn't work. A skilled malware writer could modify the client so the client didn't need the USB stick, or sent the money to the wrong account.

Quote
or thirdly why even need a extra usb stick hanging off your keyring.. phones have bluetooth and wifi these days so transmitting a transaction does not require a USB stick insertion into a PC and if u were thinking of using it to plug into merchants POS terminal at stores. it saves risks of some savvy merchant adding a trojan to their POS terminal to clone wallets plugged in.
First of all, this thing isn't for POS terminals. It's designed to keep you secure if your own computer gets malware.
Second, even if you inserted this into a malicious terminal, it can't extract the wallet. The device only knows a very limited set of commands: "install this wallet" and "sign his transaction", so you can't clone a wallet from it.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
October 06, 2012, 04:53:57 PM
#26
And how many people will be comparing them? We are talking about people with IQ consisting of only two digits who infect their own computers with malware and still operate them.

Generate addresses that have matching few first digits like 1dice for every starting digits and have the malware to select address with matching start digits to display on LCD.
I can do many things, but I can't fix stupid.
Many people try to do just that. Wallet encryption in original Bitcoin client is just that. How many trojan horses don't came with a keylogger?
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
That's why the destination address is displayed on the hardware display.

It should be pronounced for blind users.
What should the wallet do for retarded users? Make a USB-powered lobotomy?
legendary
Activity: 4410
Merit: 4766
October 06, 2012, 04:10:57 PM
#25
no need to build a device just use a USB stick MP3 player such as
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..

or secondly if your just trying to prevent someone from just using your pc to hack coins by requiring a USB stick to confirm payments..then just use a plain usb stick. make it so the new client wont transmit payment unless a USB stick is inserted containing the wallet or even a special file which the client references. then just dont plug it in untill u need to send payments.

or thirdly why even need a extra usb stick hanging off your keyring.. phones have bluetooth and wifi these days so transmitting a transaction does not require a USB stick insertion into a PC and if u were thinking of using it to plug into merchants POS terminal at stores. it saves risks of some savvy merchant adding a trojan to their POS terminal to clone wallets plugged in.
Pages:
Jump to: