Topic: Hardware Bitcoin Wallet - page 2. (Read 4803 times)
So what stores will my grandma be using this at?
Kalleguld, I think is a great idea and I would order one for sure! Will you produce it??
The payment address selection are still performed on computer before being sent to hardware wallet DERP!
Truecrypt and Bitcoin are different, but they both can be compromised with malware on computers they operate. The only way to protect the computer is - don't run any malicious or insecure code on it!
Truecrypt and Bitcoin are different, but they both can be compromised with malware on computers they operate. The only way to protect the computer is - don't run any malicious or insecure code on it!
Why TrueCrypt does not even attempt to stop malware from compromising encrypted data? Read the TrueCrypt manuals if You don't want to listen what I say. The same with Bitcoins.
What You can do with computer malware can do too!
TrueCrypt doesn't run on dedicated hardware. This runs on a microprocessor that's a computer in its own right. And that microprocessor can only do one thing (there is a fuse inside it, and when that is burned, you can't reprogram it).What You can do with computer malware can do too!
Also, TrueCrypt and this are very different things.
So you need a client on your PC to communicate with it, i.e send the ammount? Isn't this then just basically keeping your wallet on a USB drive?
Why do you need the buttons or a screen?
Not, it's not the same thing. On a USB drive, you (or a piece of malware) can extract the wallet. On this thing, you can only write the wallet, not read it again. Instead, it takes care of that one crucial step in any bitcoin transaction: signing the transaction. That's why it needs a display, so you can confirm that it signs the right transaction. Why do you need the buttons or a screen?
Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
You don't need to enter any amount on this thing, you enter it on the PC.Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.
So you need a client on your PC to communicate with it, i.e send the ammount? Isn't this then just basically keeping your wallet on a USB drive?
Why do you need the buttons or a screen?
I'm confused.
Here is another way to go about this:
Look on eBay for the "VeriFone VX510" credit card machine. This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable.
I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs. I have already demonstrated the printer can print QR codes.
These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.
No need for an entire credit card machine. And $50 is way more than this thing costs. Look on eBay for the "VeriFone VX510" credit card machine. This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable.
I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs. I have already demonstrated the printer can print QR codes.
These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.
Also, the thing about this machine is it's supposed to be easy. No need for rs232, command lines or reflashing old hardware. If you want to install the software on a credit card machine, be my guest, it's just not where I'm headed.
Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
You don't need to enter any amount on this thing, you enter it on the PC.Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.
You press OK, and the transaction is sent to the device via USB for signing. On the device you see the amount, wallet and destination, and you press the OK button. The device sends the signed transaction back to the PC, and the PC client publishes the transaction on the 'net.
Here is another way to go about this:
Look on eBay for the "VeriFone VX510" credit card machine. This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable.
I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs. I have already demonstrated the printer can print QR codes.
These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.
Look on eBay for the "VeriFone VX510" credit card machine. This machine is obsolete and consistently under 50 bucks used, and it can download software at least three ways: 1) RS232 through a win32 command-line loader 2) through its dialup modem (same protocol as RS232 loader) 3) it can copy the programming from another terminal using a crossover serial cable.
I can compile for this platform, and it also has a printer so it can spit out e.g. paper wallets and transaction logs. I have already demonstrated the printer can print QR codes.
These things have tiny amounts of memory... if someone had written the verification code in C where its dependencies were minimal (e.g. relevant crypto code clipped out of openssl so it didn't depend on any external libs, and of course it can and should talk to a serial port) I could easily compile for this thing.
Wouldn't it be kind of difficult to enter exact amounts with only 2 buttons? Not difficult I mean tedious...
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.You press OK, and the transaction is sent to the device via USB for signing.
You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
I was going to say something about using a hashed protocol, however if malware is on the computer it doesn't matter. The idea here is golden, as it does not involve a computer. This is for receiving only if I understand correctly.
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.You press OK, and the transaction is sent to the device via USB for signing.
You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
I was going to say something about using a hashed protocol, however if malware is on the computer it doesn't matter. The idea here is golden, as it does not involve a computer. This is for receiving only if I understand correctly.
You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.
A touchscreen replaces buttons.
You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.
A touchscreen replaces buttons.
You would really only need one button held in while the bitcoin amount goes up. Press twice and the amount goes down while held.
Why TrueCrypt does not even attempt to stop malware from compromising encrypted data? Read the TrueCrypt manuals if You don't want to listen what I say. The same with Bitcoins.
What You can do with computer malware can do too!
What You can do with computer malware can do too!
I think your bill of materials (BoM) cost will be closer to $12-15 - so at your potential volumes you might meed to retail at more like $40-50 in order to cover your development and distribution costs and make a dollar per device for yourself. Just a heads up. Also if you open source your software the only intellectual property you've got left is in adding the display to the device nicely (which usb stick providers don't do because it would make the product too expensive), so watch out for competition too...
He can remove buttons to make it $2 cheaper. Instead of pressing NO a user can just plug the device out.
So, I have an idea for a secure, cheap and easy to use "hardware wallet".
It will be a small USB stick with a display and two buttons
Expected price: USD 12-15
More info: https://bitcointalksearch.org/topic/proposal-hardware-wallet-win-3-btc-115294
It will be a small USB stick with a display and two buttons
Expected price: USD 12-15
More info: https://bitcointalksearch.org/topic/proposal-hardware-wallet-win-3-btc-115294
good idea on securing the display and not trusting the PC OS. But I think your bill of materials (BoM) cost will be closer to $12-15 - so at your potential volumes you might need to retail at more like $40-50 in order to cover your development, production, tooling, and distribution costs and make a dollar per device for yourself. Just a heads up. Also if you open source your software the only intellectual property you've got left is in adding the display to the device nicely (which usb stick providers don't do because it would make the product too expensive), so watch out for competition too...
no need to build a device just use a USB stick MP3 player such as
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..
Yes, but that would be more expensive. http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..
Quote
or secondly if your just trying to prevent someone from just using your pc to hack coins by requiring a USB stick to confirm payments..then just use a plain usb stick. make it so the new client wont transmit payment unless a USB stick is inserted containing the wallet or even a special file which the client references. then just dont plug it in untill u need to send payments.
That wouldn't work. A skilled malware writer could modify the client so the client didn't need the USB stick, or sent the money to the wrong account. Quote
or thirdly why even need a extra usb stick hanging off your keyring.. phones have bluetooth and wifi these days so transmitting a transaction does not require a USB stick insertion into a PC and if u were thinking of using it to plug into merchants POS terminal at stores. it saves risks of some savvy merchant adding a trojan to their POS terminal to clone wallets plugged in.
First of all, this thing isn't for POS terminals. It's designed to keep you secure if your own computer gets malware.Second, even if you inserted this into a malicious terminal, it can't extract the wallet. The device only knows a very limited set of commands: "install this wallet" and "sign his transaction", so you can't clone a wallet from it.
And how many people will be comparing them? We are talking about people with IQ consisting of only two digits who infect their own computers with malware and still operate them.
Generate addresses that have matching few first digits like 1dice for every starting digits and have the malware to select address with matching start digits to display on LCD.
I can do many things, but I can't fix stupid.Generate addresses that have matching few first digits like 1dice for every starting digits and have the malware to select address with matching start digits to display on LCD.
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.You press OK, and the transaction is sent to the device via USB for signing.
You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.
It should be pronounced for blind users.
no need to build a device just use a USB stick MP3 player such as
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..
or secondly if your just trying to prevent someone from just using your pc to hack coins by requiring a USB stick to confirm payments..then just use a plain usb stick. make it so the new client wont transmit payment unless a USB stick is inserted containing the wallet or even a special file which the client references. then just dont plug it in untill u need to send payments.
or thirdly why even need a extra usb stick hanging off your keyring.. phones have bluetooth and wifi these days so transmitting a transaction does not require a USB stick insertion into a PC and if u were thinking of using it to plug into merchants POS terminal at stores. it saves risks of some savvy merchant adding a trojan to their POS terminal to clone wallets plugged in.
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html and just change the firmware..
or secondly if your just trying to prevent someone from just using your pc to hack coins by requiring a USB stick to confirm payments..then just use a plain usb stick. make it so the new client wont transmit payment unless a USB stick is inserted containing the wallet or even a special file which the client references. then just dont plug it in untill u need to send payments.
or thirdly why even need a extra usb stick hanging off your keyring.. phones have bluetooth and wifi these days so transmitting a transaction does not require a USB stick insertion into a PC and if u were thinking of using it to plug into merchants POS terminal at stores. it saves risks of some savvy merchant adding a trojan to their POS terminal to clone wallets plugged in.
Jump to: