Pages:
Author

Topic: [NOW AVAILABLE] BTChip / Ledger HW1 : Bitcoin Hardware Wallet in a USB smartcard - page 18. (Read 62661 times)

hero member
Activity: 623
Merit: 500
CTO, Ledger
the same bot ?

aside from necroreplying, updated specifications for 1.4.4 have been published, as well as C APIs
newbie
Activity: 14
Merit: 0
member
Activity: 115
Merit: 10
Cryptocurrencies is future
Is it possible to use two different keys in such a way that either of those keys could sign?
Just for the single key failover case / redundancy.
Hope it would act like duplicate door keys..


yes, as long as two chips share the same context (triple DES) keys, they can be exchanged.

If so , did it safe?
hero member
Activity: 623
Merit: 500
CTO, Ledger
Yes, you could do something closer to Fido than OATH (so better, IMHO) with BitID as the new version supports message signing.

It requires installing a browser extension though - it's not designed to just type OTPs (we have another unrelated product doing that)
hero member
Activity: 546
Merit: 500
Could the btchip be used like the Yubikey for web site 2fa?  If so, I think this would give additional value to my own customers.
hero member
Activity: 623
Merit: 500
CTO, Ledger
Any news?  Smiley

Yes, an upcoming firmware update in a few days adding most of the missing features, C test code, and new APIs for multisignature and prepaid cards as we're discussing distribution deals with a few exchanges / marketplaces, right for the opening of "La Maison du Bitcoin" (a new physical french hub for bitcoin startups) and Bitcoin 2014 (where I'll be on the Prismicide booth, BTChip being used as a prototype of that card)

Getting closer to the commercial launch, for real this time Grin you'll still be able to grab a few samples at the conference though
hero member
Activity: 546
Merit: 500
hero member
Activity: 623
Merit: 500
CTO, Ledger
This looks very good,

would it be possible to prepare a "emergency" transaction where the funds is sent to a cold storage paper wallet?

In case your Btchip is lost or stolen, you could have multiple ways to send this "emergency" transaction. On small problem is that this needs to be done every time you move coins in or out of your wallet.

The good thing is that thanks to HD Wallets, you can do that off card - in case it's lost, you can enter your seed into a client that'll iterate through all indexes of the wallet up to a given number, check the balances of all addresses against the blockchain, then prepare the transaction.
newbie
Activity: 16
Merit: 0
This looks very good,

would it be possible to prepare a "emergency" transaction where the funds is sent to a cold storage paper wallet?

In case your Btchip is lost or stolen, you could have multiple ways to send this "emergency" transaction. On small problem is that this needs to be done every time you move coins in or out of your wallet.
newbie
Activity: 50
Merit: 0
hero member
Activity: 623
Merit: 500
CTO, Ledger
A sample desktop video of an integration in KryptoKit : http://www.hardwarewallet.com/video.html (webm, so Chrome only ... just like KryptoKit  Grin)

This shows a bit better how the second factor works
how exactly did you obtain the pin that you had to enter later?

and that's the interesting question Smiley

it's obtained by removing and inserting the dongle again, which could not be shown just by recording the desktop. It then re-enumerate as a HID keyboard and types the transaction summary + unique transaction PIN (to be done on the same computer or on a different device supporting HID keyboard depending how confident/paranoid you feel  Grin)
hero member
Activity: 668
Merit: 501
A sample desktop video of an integration in KryptoKit : http://www.hardwarewallet.com/video.html (webm, so Chrome only ... just like KryptoKit  Grin)

This shows a bit better how the second factor works
how exactly did you obtain the pin that you had to enter later?
hero member
Activity: 623
Merit: 500
CTO, Ledger
A sample desktop video of an integration in KryptoKit : http://www.hardwarewallet.com/video.html (webm, so Chrome only ... just like KryptoKit  Grin)

This shows a bit better how the second factor works
hero member
Activity: 623
Merit: 500
CTO, Ledger
I'm still waiting on when I can redeem my 0.1 BTC chips!

oh ok, then I think I should have been a bit more clear with what what distributed, sorry - the printed amount was mostly to show what could be done with the product - none of the chips contained anything else that the (now outdated) code.
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
I'm still waiting on when I can redeem my 0.1 BTC chips!
hero member
Activity: 623
Merit: 500
CTO, Ledger
I think there is plenty of space for multiple secure hardware wallet implementations

Trezor is fully open source while we are with open specifications.

We are better protected than trezor against side channel attacks.

Trezor has a screen and buttons while we plan to be the cheapest secure hardware wallet available

so feel free to choose the best implementation for you, or even better, pick both Smiley

That said I fully support the trezor project, ordered one, and I'm typing this while waiting for their 30c3  presentation Smiley
full member
Activity: 133
Merit: 100
Hello,

and what about your competitor, Trezor?

http://www.bitcointrezor.com/
sr. member
Activity: 405
Merit: 255
@_vjy
hero member
Activity: 623
Merit: 500
CTO, Ledger
Big specification update at the usual location - BTChip Specification 1.4.3 (github link) (yes, the version isn't bumped yet)

Main new features :

  • HD Wallets
  • New anti-malware method, using the dongle as a keyboard (similar to the Java Card contactless notification option)
  • WinUSB support for integration in Chrome-family browsers without external plugins
  • Partial transactions signing (for CoinJoin oriented projects, with still some user validation)

And a new form factor



To be hopefully finalized during 30c3, come and get your sample if it's ready  Grin
hero member
Activity: 623
Merit: 500
CTO, Ledger
Oops. Guess I should check that thread more often Wink

There have been some thoughts about improving the malware detection, which will be available in the next firmware version.

Also, a lot of under the hood upgrades of the generic smartcard platform used to host BTChip (among those : code saving, RAM saving, more code saving, more RAM saving, migration from generic HID to WinUSB, did I mention code saving ?), and of course, significant yak shaving, such as an open source Java Card implementation that can be used for developers to play with the concept.

The biggest remaining task right now is a clean integration into a few clients - we don't want to go on sale without that, and we need to find more free time to do it properly. Also yes, the website needs some serious redesign - it started out fine, then I touched it  Undecided

So, sorry guys, we're not dead, just a bit slow on the bitcoin topic.
Pages:
Jump to: