Author

Topic: New idea for security to sell - all malware obsolete (Read 1243 times)

hero member
Activity: 602
Merit: 500
here for you smart asses, another idea that is totally in plain sight, yet nobody ever noticed or bothered making a thread about it:
https://bitcointalksearch.org/topic/how-to-easily-calculate-supplydemand-of-a-coin-andvanced-analysis-792132

Just sayin' ...

"the smartest experts" isn't an argument. You go ask them if you want it overly complicated.
hero member
Activity: 602
Merit: 500

I am not a coder only average geek-user that's why i would sell the idea to someone who can make coins.
 


Stopped here. You are not a coder, but want develop a malware proof system?

Even the smartest experts are far away from it -_-

if i was a coder there wasn't a need for the thread. Keep unsing wallet.dat in appdata-folder and pretend there is nothing that can be done ...
legendary
Activity: 2660
Merit: 1074

I am not a coder only average geek-user that's why i would sell the idea to someone who can make coins.
 


Stopped here. You are not a coder, but want develop a malware proof system?

Even the smartest experts are far away from it -_-
hero member
Activity: 602
Merit: 500
i think if you have a multi-layer security-system consisting of several independant but interlocking aspects and that would be cracked (working malware becomes known) it should be easy enough to tweak the sytem a little again with very little hassle to counter that new generation of malware. I think it should really not be THAT much hassle to give malware-programmmers a MUCH harder time than they have now.
Currently they can be lazy as. Security is going to be a huge issue once btc reaches higher value and adoption.
The big security-wave lies still in the future. I think demand for more security will spark up as more people get robbed. Shit could have been handled preemtively but there wasn't time for that. Better to keep telling people it was their own fault if they lost coins to malware than actually improving on that, right?
So what i take is: we wait for desaster to strike a large amount of people so security becomes marketable, right?  (provocative, but maybe a little truth in there Wink )

The higher coins are valued the more effort will go into malware and the more urgent the need for more security will be.

currently the wallet.dat is protected by one layer of encryption and that's it. File stolen and brute forced in most cases within halve a day. Can hardly be more easy to steal coins. The most hard part for the hacker is to break into the system. Once he is in there taking the coins is very easy. It is fully automated to send the wallet out. Doesn't even need a rootkit or bigger malware for that. Just the simple command to send that file out and the coins are gone just like that. The malicous code required for that is absolute minimal and i would imagine it only needs halve a brain to creat such malware.
hero member
Activity: 602
Merit: 500


100% total security for eternity is not something that can be achieved by anyone.


i have to admit that but what certainly can be achieved is that malware-programmers have to be more sofisticated by three orders of magnitude than what is now required. Currently it's only a few lines of code to look for and send the wallet.dat out. It couldn't be easier to steal coins with malware than is currently. The bad boys do not even need to care about keeping up with stuff since nothing is evolving with security. They can focus on spreading their software instead of worrying if it is functional.
If developement would be constantly ongoing in that area it would make life much harder for the thiefs.
Currently they take all coins with one program because they all work the same. One bad piece of software and all coins gone for the average user. Too bad, too sad.

When it comes to storing private keys more secure there is a lot that can be done.

Sometimes the most simple solutions are the ones nobody is thinking of.

I honestly wanted to see the system fully implemented and cracked afterwards. If it was to be cracked it could take a long time and the malware will not be widely available if that would ever happen. I could even imagine a system that never gets cracked. Don't say it isn't possible.

Hiding away effectively and strictly limiting access to a string of numbers isn't that hard to do and storing it in the current way is worst case. Shocking is the absolute non-evolving of that aspect of crypto.
hero member
Activity: 602
Merit: 500

Randomized security is of limited effect because the wallet program has to know where the file is located, so malware could target it.

there are solutions for that



As for limited access, that's great, but how? It's not as simple as saying that "no program except those authorized can gain access to this file."


i know software that can do that. Options are plenty.


Like I said, those are good ideas BUT they do have caveats and no one will pay you for them.

not a problem at all so the stuff stays with me until someone hires me for a project/takes risk of buying vague ideas or i can code shit myself. The full ideas have not even been discussed.
legendary
Activity: 1330
Merit: 1003
randomized obscurity, second layer encryption, limited access and another additional thing.
Fully implemented: no way a hacker can get the private key.


the current situation with wallet.dat files is BS. That can be improved a lot. Implementation is easy.

Honestly I guessed all of these options just by reading the OP. They aren't bad ideas, but they also wouldn't be as useful as you think, and do have downsides.

Randomized security is of limited effect because the wallet program has to know where the file is located, so malware could target it. Second layer encryption should be an option for advanced users, but it doesn't solve the problem of key-loggers, and it makes a user more likely to lose access to their own wallet, which is more likely than theft for most people.

As for limited access, that's great, but how? It's not as simple as saying that "no program except those authorized can gain access to this file."

Like I said, those are good ideas BUT they do have caveats and no one will pay you for them.

hero member
Activity: 602
Merit: 500
It's quite simple.

And no-one but you has thought of it??

it's not out there. All the coins still use the same damn wallet.dat to store private keys. Given how easy stuff is improved, the length of time it wasn't done and how relativeley few people are in the space ... of course nobody had the set of ideas - otherwise it would be out there already.

edit: i don't see developement/evolution in the wallet-security at all currently. So the makers around here certainly need some input in that area.
legendary
Activity: 924
Merit: 1000
It's quite simple.

And no-one but you has thought of it??
hero member
Activity: 602
Merit: 500
People making extraordinary claims should provide extraordinary evidence.

Separately, No one has paid me for the great many ideas I contributed to Bitcoin and the cryptocurrency world— and most ideas, even good ones, are unworkable for boring engineering or user-factor reasons.

engineering shouldn't be that much work and user-factor isn't an issue either since it would result in additional options the user can opt to use or not.

Since i am a small fry and have been burned a few times on alts i don't see why i should give away a feature that certainly adds to the hypeability of a coin or software to someone who is already rich for free so the other person can cash in on it or claim it was theirs. Of course it adds to the value of an altcoin and once completed will be copied and probably the new standard after a while, so i naturally want a share of the pie in some way.

well, brain for hire in thinktank i guess ... in case someone plans on doing a real project...
hero member
Activity: 602
Merit: 500
randomized obscurity, second layer encryption, limited access and another additional thing.
Fully implemented: no way a hacker can get the private key.


the current situation with wallet.dat files is BS. That can be improved a lot. Implementation is easy.
legendary
Activity: 1256
Merit: 1009
Quote
All it needs is someone willing to code stuff.

only thing anything needs  Kiss
hero member
Activity: 602
Merit: 500
i have no idea how to give you a teaser without giving too much away. It's quite simple. And as a combined system quite powerful. I think the way wallets work currently  is a huge security issue and the wallet.dat lies on a silver tablet totally naked for anyone to take who can manage to break into a system. It's a ridiculus easy target for malware.
I know how to impove massively on security. All it needs is someone willing to code stuff. It'll be a bunch of new icons in the wallet-software in the end. So this can be made a feature.

In the way altcoins are run these days there is no way i am giving this away for free.

staff
Activity: 4284
Merit: 8808
People making extraordinary claims should provide extraordinary evidence.

Separately, No one has paid me for the great many ideas I contributed to Bitcoin and the cryptocurrency world— and most ideas, even good ones, are unworkable for boring engineering or user-factor reasons.
legendary
Activity: 4228
Merit: 1313


Oh wait, there weren't any ideas, just vague writings.  Never mind.

Without details it seems unlikely anyone would pay for these ideas.  It seems quite fishy.

If it is a great idea, lots of people will want it.

:-)
legendary
Activity: 1330
Merit: 1003
No offense, but no one is going to pay for an unproven idea that you haven't even described. Unless you are an experienced developer with a HUGE reputation there is no chance that you are going to sell this to anyone in their right mind. If your idea is so great, you could solicit donations after you reveal it, but I suspect that it's not worth anything.

100% total security for eternity is not something that can be achieved by anyone.

By the way if you are talking about security through obscurity or encryption, the first is a bad idea and the second is already implemented.
hero member
Activity: 602
Merit: 500
sandbox

no, but that idea is good also. Mine is better still Wink
Sandbox could be applied as a third layer. My two ideas combined with a sandbox will very likely be a killer-feature.
Once that thing is created and released it'll probably be implemented in a lot of coins.
legendary
Activity: 3248
Merit: 1070
sandbox
hero member
Activity: 602
Merit: 500
Hey guys. I have two different approaches for new security-features to sell.
I am not a coder only average geek-user that's why i would sell the idea to someone who can make coins.

Both ideas concern securing the wallet-file.

The first idea would be a one-button-solution as big as 300kb in the software
The second idea is also easy to implement and can be assembled from existing code in most parts (probably 1 mb big)

Both ideas can be combined but are entirely different and can also stand alone each.

Each of them makes every exisitng wallet-stealer obsolete.
The first idea will make malware-programmers life hard and put out of service probably 100% of wallet-stealers today,
the second idea is 100% total security and malware-programmers can suck it probably for eternity.

The idea is worth many, many bitcoins but i'll sell it for around 1 to 2 bitcoin both in one package to someone who wants to have it. Currently i am the only person on the planet who knows that shit because i figured it out myself so you would be buying virgin ideas that are not spoiled to someone else.
That implemented into an altcoin (or alternative bitcoin-client) is a feature that will certainly ad to that coins (wallet-software's) value.

If interested you'll pay 50% up front, get the first idea delivered and pay the next 50% for the even better second idea. The intelectual property is yours then and you can claim ownership of the ideas.
If nobody is interested, i'll keep it and sell it later.
Shoot me a message if interested. Will be a supreme feature for new coins and easy enough to create. If you plan on releasing a coin branded as 'secure' this is very likely a 'must have'.
Jump to: