Solution to wallet security | Bitcointalksearch.org

compro01

hero member

Activity: 590

Merit: 500

Quote from: julz on June 28, 2011, 08:41:06 AM

Quote from: truthcracker on June 28, 2011, 08:28:37 AM

2) Virtual keyboard option where the password is entered on a scrambled keypad with a mouse - no key-logger virus possible
How can that be hacked? Much simpler than getting a computer and running a geek os.

A virus could use the Remote Frame Buffer protocol (the protocol used in VNC) to capture the pad entry. The virus might be smart enough to at least identify which window to capture - even if it just packages up the info to send to a human to read off the actual numbers that were input.

I don't doubt there are other ways too.

or just simply take a screenshot via triggering the print screen key every time the mouse is clicked and bitcoin.exe is running.

truthcracker

newbie

Activity: 28

Merit: 0

Quote from: julz on June 28, 2011, 08:41:06 AM

Quote from: truthcracker on June 28, 2011, 08:28:37 AM

2) Virtual keyboard option where the password is entered on a scrambled keypad with a mouse - no key-logger virus possible
How can that be hacked? Much simpler than getting a computer and running a geek os.

A virus could use the Remote Frame Buffer protocol (the protocol used in VNC) to capture the pad entry. The virus might be smart enough to at least identify which window to capture - even if it just packages up the info to send to a human to read off the actual numbers that were input.

I don't doubt there are other ways too.

Hmmmm ok what about a keypad that you hover over that changes letters in a separate window like big [A B C] when you click THAT letter hits?

truthcracker

newbie

Activity: 28

Merit: 0

Quote from: Alex Beckenham on June 28, 2011, 08:38:50 AM

As soon as you enter your password, the contents of the wallet are decrypted so your private keys could be read from RAM.

XLNT point

mouse

newbie

Activity: 56

Merit: 0

unless you only keep it there for a fraction of a nanosecond, and you use memory layout randomization, and, and, etc

Still possible, but progressivly more unlikely

julz

legendary

Activity: 1092

Merit: 1001

Quote from: truthcracker on June 28, 2011, 08:28:37 AM

2) Virtual keyboard option where the password is entered on a scrambled keypad with a mouse - no key-logger virus possible
How can that be hacked? Much simpler than getting a computer and running a geek os.

A virus could use the Remote Frame Buffer protocol (the protocol used in VNC) to capture the pad entry. The virus might be smart enough to at least identify which window to capture - even if it just packages up the info to send to a human to read off the actual numbers that were input.

I don't doubt there are other ways too.

Alex Beckenham

full member

Activity: 154

Merit: 100

As soon as you enter your password, the contents of the wallet are decrypted so your private keys could be read from RAM.

truthcracker

newbie

Activity: 28

Merit: 0

1) Bitcoin client encrypts wallet on startup
2) Virtual keyboard option where the password is entered on a scrambled keypad with a mouse - no key-logger virus possible

How can that be hacked? Much simpler than getting a computer and running a geek os.

Damn that was an actual attempt at being constructive.....

Topic: Solution to wallet security (Read 929 times)