Trojan Wallet stealer be careful - page 4.

MikesMechanix

member

Activity: 70

Merit: 10

Quote from: Vladimir on June 17, 2011, 08:43:27 AM

BTW I am not advocating 'not implementing' wallet encryption, I am just saying that this is not really a solution for fat wallets and there may be more useful things to do for developers.

It really does look to me like a lot of people actually oppose client encryption of wallet.dat, as if it didn't bring ANY security, when in fact it probably has more protective value than a firewall or an antivirus program.

It's easy agree if you have a relatively large amount of bitcoins, you should take extra measures to protect them.

LeFBI

member

Activity: 98

Merit: 10

Quote from: Gavin Andresen on June 17, 2011, 07:42:54 AM

If your device (computer, mobile phone) is infected and your bitcoin wallet keys are stored on that device (encrypted or not), then the bad guys will get your coins sooner or later.

Sooner if the wallet is not encrypted. Later if it is encrypted.

but not even trying to protect the users doesn't make any better. do you also not update antivirus software, just because there will always be some new trojan version? or do you never update any a linux machine just because hackers will always find new ways to get root access?
with not encrypting the wallet.dat you open the doors for much broader range of thieves who don't even need a lot of knowledge about computers,operating systems,exploits etc to rob someone.

oh, and targeting the wallet.dat has already been actively used:
http://buttcoin.org/bitcoin-verifier-will-verify-the-integrity-of-your-wallet
scam site was: http://walletinspector.info/

it asked the visitor to upload the wallet file, to "verify" it.
if the file was encrypted, the site would have needed to ask for the password and Joe-Averge-None-Geek would might have gotten suspicious too. assuming that he was told what the wallet.dat is...

bitcoinminer

sr. member

Activity: 322

Merit: 252

Why would someone want to steal old Trojans out of a man's wallet? Wink

Vladimir

hero member

Activity: 812

Merit: 1001

-

MikesMechanix, all the laughable suggestions were made to get offline 4 digit BTC wallets which effectively contain 5 soon to be 6 digit of USD equivalent. In other words, more than annual income of most people and more than 10-20 years or even lifetime saving of most people.

Quote

All the suggestions of having an extra computer not routed to the internet, or booting from a thumbdrive, just to make the occasional online payment are laughable.

Ask the former owner of 25k bitcoin if he is in laughing mood...

Fell free to laugh at recommendations of Information Security professional (in retirement), who've done proper risk assessment, at your own peril.

BTW I am not advocating 'not implementing' wallet encryption, I am just saying that this is not really a solution for fat wallets and there may be more useful things to do for developers.

If your wallet has 10 BTC (at present valuation), I would not even bother encrypting anything... just keeping OS reasonably secure would be enough. If there is 10k BTC it would be completely different thing.

EpicFail

member

Activity: 94

Merit: 10

I am trying to comprehend why in the Open Source community there is this prevalent attitude that if a security measure is not 100% foolproof then it is not worth the trouble to implement it. It is often further asserted that implementing these partial measures would be counter productive because doing so would give the average user a false sense of security leading to careless behavior in other areas.

The solution these people propose typically run along the lines of: "Secure your outer (Linux) shell!! You don't have to worry about anything else! You can now leave plain text sensitive data lying around your file system because Linux is inherently safe!" Roll Eyes

Well, OK, not to that extent but you get the idea ....

Anyway, is it really that difficult to add an optional on-the-fly encryption to the standard client, with the keys stored in a removable smart card (or even USB stick for that matter)? No smart card inserted, no decryption. It should be possible to keep the client running accepting block information without the smart card inserted. The keys should also be based on a password, effectively giving you 2-factor authentication (password and physical device). This is not really complicated and should considerably reduce the attack surface.

MikesMechanix

member

Activity: 70

Merit: 10

Quote from: flug on June 17, 2011, 05:10:50 AM

Vladimir's inference was that this 'solving' the issue at the client level would be giving a false sense of security, which is the worst of all worlds.

An age-old fallacy. Anything that helps, helps.

Do you not install locks and burglar alarms because they aren't 100 % proof?
Should we not install airbags in cars even though they don't guarantee survival?
etc etc
I could come up with hundreds of examples.

Having wallet.dat encrypted is just the last wall of defence, which could potentially give its owner enough time to realize his computer has been compromised, and allow him to move the coins to a safe wallet. The private keys really only need to be unencrypted when payments are made, so the attack surface is reduced by much more than most people probably realize. It also requires the thief to target Bitcoin specifically, pretty much eliminating opportunity-made-thieves, and reducing the risk from random break-ins.

It's also somewhat easy to implement.

No, it's not 100 % hacker-proof, but to have any usability wallet.dat needs to be available relatively easily. All the suggestions of having an extra computer not routed to the internet, or booting from a thumbdrive, just to make the occasional online payment are laughable. Make those kinds of requirements, and Bitcoin is guaranteed to not take off, ever.

adaman

member

Activity: 84

Merit: 10

Also with current online banking there is a risk to loos money. Even eTAN will not provide you with 100% security or any kind of token or smart cards. Especially if your system is already compromised. But each step to get more security for the wallet.dat is a good step. Sure it will give some people an false sense of security but thats the game. On the other hand each bit of an little more secure wallet.dat will help to prevent stealing and misuse by increasing the barrier for an possibel thief. To encrypt an wallet is for sure not the final solution but should be a part of an larger security concept.

Gavin Andresen

legendary

Activity: 1652

Merit: 2301

Chief Scientist

If your device (computer, mobile phone) is infected and your bitcoin wallet keys are stored on that device (encrypted or not), then the bad guys will get your coins sooner or later.

Sooner if the wallet is not encrypted. Later if it is encrypted.

Come up with all the fancy "measure timing and enter your fingerprints and choose an 80-character-long password and store your private keys inside the Trusted Platform Module Chip" pseudo-security measures you like; if your device is infected they will not work.

The bad guys will simply hack the software so that you THINK you're securely sending 1 bitcoin to your cousin (because that's what it says on the screen), but instead you're REALLY authorizing sending your entire bitcoin balance to the bad guys.

mintymark

sr. member

Activity: 286

Merit: 251

Surely, it should be obvious to all, including the banks that the days of passwords as protection is passed. (excuse the pun!) Something more revolutionary is needed, and bitcoin is nothing if not revolutionary.

There are many things that might be used as alternative, aimed to mess up a keylogger, because I do agree with Vladimir, if your computer is infected, you are probably scr**d, (Even though wallet encryption might help a lot of people, so should be done as soon as possible.)

So just to put a mark in the sand, what alternatives to passwords? You could have a sentence and a enter the 5th and 7th word type thing. Yes the keylogger would eventually get it, but would have to wait a while. Even enter the 3rd, 9th and 2nd charters from the 4 and 5th words. That would take some beating!

You could add (to a simple password) a capatcha question, like what colour is the sky?

You could do something with the timing of key entry, so that the cleverness was not in what you enter but the rythem and timing of it.

You could even do basic statistic analysis on timing of a sentence, maybe.

But I do not think a simple password should be used.

Hardest thing of course is to remember it. Because I do not see any simple way to recover a lost wallet key.

BombaUcigasa

legendary

Activity: 1442

Merit: 1005

Quote from: Vladimir on June 17, 2011, 05:42:22 AM

My view is that doing encryption in official bitcoin client is like hanging this thing on your regular wallet (with cash and credit cards)

What about these things you can do with a regular wallet:

Nefario

hero member

Activity: 602

Merit: 513

GLBSE Support [email protected]

I'd like to be able to rename my wallet.dat to some other file, and the client asks for the file on startup.

flug

sr. member

Activity: 280

Merit: 250

Quote from: LeFBI on June 17, 2011, 06:01:41 AM

..in the current bitcoin client it doesn't even tell the user that the wallet file exists. After creating the wallet it should be prompted to the user that it exist, what is for and how to secure it. and the gui user should at least be given a choice where to store the file and/or encrypt it/not.

That's the crux of the problem, really. Awareness. We need to ensure that people are aware of the issues. I downloaded the client a while back and bought some bitcoins and watched them shoot up in price, but it's only the fact that I've been following this forum that I've any idea of the risks, and that I should be doing something to protect the investment. Otherwise I might have suddenly found them stolen, and never trusted Bitcoin again. All of the effort, PR, etc, that's gone into Bitcoin, but only takes a moment for trust to be lost.

LeFBI

member

Activity: 98

Merit: 10

Quote from: Vladimir on June 17, 2011, 05:42:22 AM

Many people will rely on this encryption instead of taking their bitcoin wallets offline or use specialised devices or services to secure wallets. There is lots of merit in original bitcoin stance that bitcoin deals with money and it is up to the users to take care of their wallets security.

That's a point but if the dev team decides to keep it the unencrypted way, they should at least tell the user how to treat the wallet.dat correctly, with a step-by-step-understandable-for-none-geek-users-tutorial. but i really don't think you can transport linuxCoin,truecrypt etc etc to the average user. they will say "fuck that, too complicated. i'll stick with paypal".
and as already said, in the current bitcoin client it doesn't even tell the user that the wallet file exists. After creating the wallet it should be prompted to the user that it exist, what is for and how to secure it. and the gui user should at least be given a choice where to store the file and/or encrypt it/not.

flug

sr. member

Activity: 280

Merit: 250

Quote from: Vladimir on June 17, 2011, 05:12:54 AM

Banks get around this (still not completely) with second factor auth and I do not see how bitcoin can do second factor auth without losing decentralisation. (unless Satoshi comes out of the woods with invention of proofofwork/blockhain for second factor auth)

I can imagine an evolution where the bulk of the clients on the main network are large *secure* vaults of bitcoins (either private or bank holdings). Most people's bitcoins would be held in these locally-centralized banking funds, and accessed via a separate service layer similar to how banks work today.

BombaUcigasa

legendary

Activity: 1442

Merit: 1005

Quote from: LeFBI on June 17, 2011, 05:31:59 AM

Quote from: Vladimir on June 17, 2011, 05:12:54 AM

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.

This could be combined with an on-screen keyboard with shifted keys, such that a keylogger would be useless. You would then need a way to protect the user from having his screen recorded or seen. This would be getting absurd, as you can't use bitcoin offline and secluded in the basement every time you need to make a transaction.

It's still better than having a wallet in "clear-text" where you upload it like an idiot to a site that checks it if it's ok, or someone steals it on an usb or with a remote file browser or a javascript applet uploader.

Vladimir

hero member

Activity: 812

Merit: 1001

-

Quote from: LeFBI on June 17, 2011, 05:31:59 AM

Quote from: Vladimir on June 17, 2011, 05:12:54 AM

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.

In environment when almost weaponized viruses are created specifically to harvest bitcoins this might do more harm than good.

Many people will rely on this encryption instead of taking their bitcoin wallets offline or use specialised devices or services to secure wallets. There is lots of merit in original bitcoin stance that bitcoin deals with money and it is up to the users to take care of their wallets security.

At the same time, as you correctly noted, wallet encryption functionality would protect from some attacks. This is not a black and white thing.

It looks like bitcoin devs will bow to popular demand for false sense of security and bitcoin encryption will be in the next version of bitcoin client. I would prefer to have instead of encryption, possibility to chose which exact coins are being spend and to have more than one wallet.

My view is that doing encryption in official bitcoin client is like hanging this thing on your regular wallet (with cash and credit cards)

LeFBI

member

Activity: 98

Merit: 10

Quote from: Vladimir on June 17, 2011, 05:12:54 AM

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

That's always the case >if< your pc is compromised. an encrypted wallet.dat would protect from simply copying the file to usb, if someone has physical access to your pc. also if your pc is compromised doesn't automatically mean it's running a keylogger in the background. every idiot can copy&paste a file but not every idiot knows how to set up keylogger. making the wallet more secure doesn't harm anyone, so why not do it? there will never be 100% security, but it would at least be a bit safer than it is now.

Vladimir

hero member

Activity: 812

Merit: 1001

-

Quote from: flug on June 17, 2011, 05:00:44 AM

Quote from: Vladimir on June 17, 2011, 04:48:55 AM

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

You inferred it.

I implied what you said in the post #18. Cheesy

If your computer is compromised, you are screwed, the moment you enter your password to decrypt the wallet.

Banks get around this (still not completely) with second factor auth and I do not see how bitcoin can do second factor auth without losing decentralisation. (unless Satoshi comes out of the woods with invention of proofofwork/blockhain for second factor auth)

flug

sr. member

Activity: 280

Merit: 250

Quote from: BombaUcigasa on June 17, 2011, 05:01:34 AM

Quote from: flug on June 17, 2011, 05:00:44 AM

Quote from: Vladimir on June 17, 2011, 04:48:55 AM

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

It is cheaper to solve the issue at the client level. One single change, every user receives increased security.

Vladimir's inference was that this 'solving' the issue at the client level would be giving a false sense of security, which is the worst of all worlds.

BombaUcigasa

legendary

Activity: 1442

Merit: 1005

Quote from: flug on June 17, 2011, 05:00:44 AM

Quote from: Vladimir on June 17, 2011, 04:48:55 AM

Bitcoin developers, please, please, please do create encrypted wallet functionality, so that I can run bitcoin on my malware infested windows computer while enjoying false sense of security.

Are you inferring that the average person's computer will never be safe enough to use the bitcoin client?

It is cheaper to solve the issue at the client level. One single change, every user receives increased security.

Topic: Trojan Wallet stealer be careful - page 4. (Read 25869 times)