Topic: So, bitcoin client still use unencrypted wallet.dat - page 2. (Read 7446 times)

Actually, the business logic and web machine would not have been expected to protect the password. The authentication system, however, would have been a purpose-built fortress, and it would not have stored the password in cleartext.

My objection is to using encryption in applications where it creates more problems than it solves and doesn't solve the real problems anyway. I am a big advocate of secure encryption and authentication technologies when applied on appropriate hardware to the problems they actually solve.

No, my anti-crypto criticism goes like this:




And by the way, I am glad that there is no RSA involved in Bitcoin.

What about multiple keys (a la LUKS)? Granted, it will be slightly less secure, but you could burn an emergency recovery key under an obfuscated filename on a disc and hide it / give it to your wife. Or, cut the key in half and tell each half to two relatives who never talk to each other... Tattoo the last syllable on your private parts.

On the other hand, I agree that false sense of security is more dangerous than trojans for inexperienced users. They will eventually prefer online services, IMO. But since our primary concern seems to be losing of passwords, being able to define multiple keys could help, and it shouldn't be too hard to implement on top of currently proposed encryption scheme.

You're forgetting one thing, which is that you can have multiple copies of your wallet. Any risk in forgetting a password or losing your second factor can be mitigated by having an inaccessible wallet one a flash drive/CD in a safe. Also, although people forget passwords, they don't forget personal details. You can use a strong password for your day-to-day wallet encryption, but then on the backup flash drive, have your wallet also encrypted but with a slightly less-robust password that can be composed by you or only by someone who knows you very well. Put a text file on the flash drive with instructions on how to compose the password.

I'm not talking about vague preference questions that can change, such as "What is your favorite book?" but details such as the name of the bone that you broke when you were 15, the occupation of the person you were named after, the name of the house you lived in in college, whom your nickname is a reference to, etc.

No spaces, all lowercase, no grammatical articles.

I would only forget such things if I was shot in the head, but I'm certain that my family could put together the password if I died and they cooperated.

Also, you should never bother washing your clothes because you might get hit by a planecrash tomorrow in which case the effort would be wasted  (this is RE: forgotten password paranoia)

This is the logic of all the hardcore anti-encryption people in this thread:


Good thing JoelKatz wasn't the one running MtGox or he would've stored all the passwords in outright cleartext ("no point hashing the passwords, an attacker who obtains the database can just brute force them all anyway")

In other words, it's just on paper. But they put that paper in a super-secure location. Which is exactly what the client already supports.

That's why I said: You need a smart card reader with a PIN pad, you should never enter the PIN into a PC. Especially for Bitcoin it would be very easy to display the transaction facts on the reader as well.

People keep important paper documents in a fireproof safe.  They don't keep paper money there because paper money depreciates while governments inflate the money supply.

I don't believe smartcards will be any more secure than a password protected wallet.dat.
Once you enter your PIN, the trojanized client takes over the communication with the smart card, and instructs it to sign a transaction that empties your wallet to the hacker's address. Since you have no control on the amount that the smart card is signing away, there's no way you can prevent it or detect it, and it's equivalent to a trojan stealing your wallet.dat and password.

The hacker does not care about your private key, what he needs is the ability to impersonate you, that's why it is essential that a dedicated hardware wallet has it's own secure display and keyboard, with which you can verify the paid amount and a user friendly representation of the payee address.

Generating keys on an offline machine is probably the best solution at this point, but you will have to eventually need to connect to the network and spend, right ? Maybe you could split them in small amounts and have a paper version that you can scan and spend. Overall, not very user friendly.

As soon as Bitcoin is accepted more broadly, the industry will produce smartcards for Bitcoin. Then you will have the keys generated on the smartcard, and they will never leave it. And the smartcard asks for a long PIN, which is typed into a trusted reader rather than a PC, and you have only a limited count of chances to enter the correct PIN.

This will be very secure, but it will include the danger of loss like almost every secure solution.

For what I read in the last few days, I think when I start buying large amounts of bitcoins, I will have an offline machine generating secure wallet keys and print them on paper for backups.


EDIT:
At the moment, I watch my offline address with block explorer, but that's not perfectly secure, they could fool me into believing that there happened something.

Most people don't keep long-term savings in the form of paper money precisely because paper can be easily lost, stolen, or damaged. That said, I do think appropriate hardware is probably the best solution for most people. (Assuming trusting someone else with your key is out of the question.)

I don't think you understand fully the problem two-factor authentication solves. It's impossible to create a client that uses two factor authentication, once you are "authenticated" to the local client and it proceeds to decript your wallet, your bitcoins are available to the attacker. What I am proposing is NOT two factor, but an embedded wallet that handles the private key operations and minimal user input using secure hardware. Using a pin to unlock the device is purely optional, to prevent from physical theft.

Two factor is usable for authenticating against PayPal/MtGox online wallets, assuming you trust them to handle security better than your own computer.



The embedded wallet makes an encrypted backup each time you connect it to your computer. You can easily arrange online backup. The backup is encrypted with a key that you can read of the wallet's display, write on a piece of paper, and store it in a safe place.
Sure, you can loose that too, but it's a practical solution that actually works. Your solution "just keep your computer safe and make plenty of (safe) backups" is simply not practical for 90% of the people out there, because securing your computer has a tremendous learning curve. Securing a piece of paper on the other hand is something people do pretty well, see paper money.

Grue method is nice but adding an option to set the T:\bitcoin\ (truecrypt mounted volume) thing in the client would really help, instead of having to type datadir etc etc

If I use GPG for my e-mails in Evolution, for every encrypted e-mail it asks for the password.
Why not implement this also in a bitcoin client: for every transaction the password is required, and the wallet is decrypted but not saved on HD, only in RAM when it is needed for the transaction.
This way the wallet is never decrypted in a file on the HD and is difficult to be stolen.

1. mount truecrypt volume
2. start bitcoind with datadir=T:\bitcoin\ (truecrypt mounted volume)
3. unmount when you're done

Well, I'm not suggesting that you be forced to use any method. If you want to continue to use the current wallet.dat as is, then go ahead, I could care less what happens to your wallet or anyone else's for that matter. All I'm saying/asking, is give us some options, so if I'm okay with having more points of failure (loss of the wallet, loss of the password, and loss of the second factor), then I have those options to choose from. Because as is right now, I don't have ANY other options.

Two-factor authentication exacerbates the problem. Now, instead of one thing that can go wrong causing you to lose your bitcoins (loss of the wallet), there are three things -- loss of the wallet, loss of the password, and loss of the second factor.

http://en.wikipedia.org/wiki/Two-factor_authentication

Someone give me a client that I can use two-factor authentication with. Until then, all other methods are insecure to some extent or other.

It seems easier to implement an embedded wallet that plugs into USB and stores the private key. The device has a small LCD screen and an "Approve" button. When you spend something in your bitcoin client the transaction is sent to the USB device for signature. The USB device checks the amount to be spent, and prints to the user the net amount to be spent: Pay 20B ?
Upon pressing Approve the transaction is signed with the private key and sent to the client for broadcast into the network. There's no way rouge software to fake the displayed amount or the Approve button.

Such a device would cost 10-20$ in large quantities and would be practically impossible to hack.
http://www.mini-box.com/picoLCD-20x2-OEM