Pages:
Author

Topic: We need an inexpensive, secure, and simple hardware security solution (Read 2100 times)

member
Activity: 86
Merit: 13
i think its a great idea.  no one i know is doing this with Armory.

I am Smiley

https://bitcointalksearch.org/topic/what-can-really-be-done-about-server-hacking-81341

read the whole thread to see what i will be up to with armory.

and it looks like death and taxes is doing something similar but with custom parts.

https://bitcointalksearch.org/topic/bitcoin-security-module-adding-hardware-security-for-hot-wallets-83785

Right im off to watch the footie.

the future is bright, the fuchsia is orange?!
legendary
Activity: 1078
Merit: 1003
 I have friends who are interested in bitcoin, but they're not very tech savvy.  

Just introduce them to an eWallet if it's for small amounts and personal use..
legendary
Activity: 1764
Merit: 1002
And let me add this...

There are probably certain functions that are going to performed best for the bitcoin economy through various centralized online services, and that's fine.  But, I don't think one of those functions ought to be storing private bitcoin savings.  Too many people are still using online services (MtGox, Bitcoinica [RIP], MyBitcoin [RIP]) to store their bitcoins.  I think the reason people are doing this is because it's easy and clearly not everyone into bitcoins is technically conversant enough to setup up an offline Linux machine.  Those services are fine for making trades, or for holding small amounts of bitcoins like you would cash in a physical wallet.  But people are using them to save their entire bitcoin savings.  That's got to stop!.  I think one way to move people beyond that is by providing something simple to use that does what we can already do with Armory and an offline computer, for example.  

The geek's solution is always going to be there and, honestly, it would be wonderful for people to better educate themselves.  But as the diversity of users increases, that's just not a realistic expectation.  Something is going to have to fill the gap between what is necessary for the best possible security, and what less tech savvy people are willing and able to use.  I say "something is going to have to fill the gap", and I mean that as strongly as I can.  It's necessary for bitcoin to expand that people can, basically, securely and easily be their own bank.  After all, that's a large part of what this is all about, right?

you may be a troll and a Bear sometimes but i still love you.

+1
legendary
Activity: 2198
Merit: 1311
And let me add this...

There are probably certain functions that are going to performed best for the bitcoin economy through various centralized online services, and that's fine.  But, I don't think one of those functions ought to be storing private bitcoin savings.  Too many people are still using online services (MtGox, Bitcoinica [RIP], MyBitcoin [RIP]) to store their bitcoins.  I think the reason people are doing this is because it's easy and clearly not everyone into bitcoins is technically conversant enough to setup up an offline Linux machine.  Those services are fine for making trades, or for holding small amounts of bitcoins like you would cash in a physical wallet.  But people are using them to save their entire bitcoin savings.  That's got to stop!.  I think one way to move people beyond that is by providing something simple to use that does what we can already do with Armory and an offline computer, for example.  

The geek's solution is always going to be there and, honestly, it would be wonderful for people to better educate themselves.  But as the diversity of users increases, that's just not a realistic expectation.  Something is going to have to fill the gap between what is necessary for the best possible security, and what less tech savvy people are willing and able to use.  I say "something is going to have to fill the gap", and I mean that as strongly as I can.  It's necessary for bitcoin to expand that people can, basically, securely and easily be their own bank.  After all, that's a large part of what this is all about, right?
legendary
Activity: 1260
Merit: 1000
Drunk Posts
i think its a great idea.  no one i know is doing this with Armory.

you would want to contact eto obviously, i would think?  maybe not.

he claims you can buy used laptops for $50 on the net.  haven't verified that though.

my guess is your main target would be brick and mortar businesses as described in my piece.

I haven't been able to find used laptops for $50 that aren't really, really old clunky tech or, worse, broken.  That's fine.  I mean, you can certainly do what you need to do with a $50 10 year old laptop.  I guess I'm just imagining a more elegant solution.  I'd be aiming for something much lower power than a laptop.  Also, I'd want the there to be essentially no setup.  Turn it on, maybe create an encryption key for the thing's storage, and then start creating wallets (paper wallets, brain wallets, etc) and making transactions.  I think the competition in this sector is going to be heating up in the next few years.

Forget old laptops, look for old smartphones/pdas.
legendary
Activity: 1764
Merit: 1002
i think its a great idea.  no one i know is doing this with Armory.

you would want to contact eto obviously, i would think?  maybe not.

he claims you can buy used laptops for $50 on the net.  haven't verified that though.

my guess is your main target would be brick and mortar businesses as described in my piece.

I haven't been able to find used laptops for $50 that aren't really, really old clunky tech or, worse, broken.  That's fine.  I mean, you can certainly do what you need to do with a $50 10 year old laptop.  I guess I'm just imagining a more elegant solution.  I'd be aiming for something much lower power than a laptop.  Also, I'd want the there to be essentially no setup.  Turn it on, maybe create an encryption key for the thing's storage, and then start creating wallets (paper wallets, brain wallets, etc) and making transactions.  I think the competition in this sector is going to be heating up in the next few years.

i think the $50 is just an example.

what matters is that u can get one (laptop, netbook, Raspberry pi) for "cheap", do the install, and sell them for profit.  Wink
legendary
Activity: 2198
Merit: 1311
i think its a great idea.  no one i know is doing this with Armory.

you would want to contact eto obviously, i would think?  maybe not.

he claims you can buy used laptops for $50 on the net.  haven't verified that though.

my guess is your main target would be brick and mortar businesses as described in my piece.

I haven't been able to find used laptops for $50 that aren't really, really old clunky tech or, worse, broken.  That's fine.  I mean, you can certainly do what you need to do with a $50 10 year old laptop.  I guess I'm just imagining a more elegant solution.  I'd be aiming for something much lower power than a laptop.  Also, I'd want the there to be essentially no setup.  Turn it on, maybe create an encryption key for the thing's storage, and then start creating wallets (paper wallets, brain wallets, etc) and making transactions.  I think the competition in this sector is going to be heating up in the next few years.
legendary
Activity: 1764
Merit: 1002
i think its a great idea.  no one i know is doing this with Armory.

you would want to contact eto obviously, i would think?  maybe not.

he claims you can buy used laptops for $50 on the net.  haven't verified that though.

my guess is your main target would be brick and mortar businesses as described in my piece.
legendary
Activity: 2198
Merit: 1311
I need the moon from the sky. Somebody do it for me, now!

That isn't the point of this thread.  I'm interested in feedback on the idea.  If it's a bad idea, I wouldn't want to pursue it.
legendary
Activity: 1764
Merit: 1002
this is from a piece i sent out to my subscribers about a month ago so i don't think any of them will mind me sharing this:

Why I've Chosen Armory

1.  Truly secure Cold Storage (offline wallets).
2.  One-time-only Paper backups
3.  Watching wallets
4.  Multiple Wallet Interface.
5.  Type 2 deterministic wallets.

All of these web based server wallets can be hacked and just b/c the encryption occurs on the client side means something but not everything.  piuk himself from blockchain.info has said that when you decrypt your keys locally they can still be maliciously stolen by a web server owner if they wanted.

I consider myself fortunate to be helping Etotheipi with user testing of Armory.  I have no financial interest other than the fact that I donated $500 to his project b/c I'm hoping to see this product succeed.  Even though I'm not a coder I'm super paranoid about security of my Bitcoin.  I've tested several of his versions and provided user feedback on bugs and issues from an average users standpoint.  As I've said before, he is incredibly responsive and wants to make Armory the defacto wallet for the future.  He has the coding, mathematical, and cryptographic background to make it possible.  As you may already know, he is a physicist and is employed at a physics lab in Maryland but has taken a keen interest in Bitcoin as the rest of us.

Already the latest versions are functioning at an incredibly high level with features only found in Armory such as the importing of individual keys, whole wallet imports, one-time-only paper backups, handling of multiple wallets, watching only wallets, and most importantly to me, offline tx signing.

The standard Satoshi wallet has made some significant advances in features over the last year, the most important one being encryption.  Encrypted backups run a close second although prior to this, I just did a simple copy and paste to multiple USB keys.  The thing that always bothered me though was that since these are digital devices and there could be a failure preventing me from accessing the keys.  And I had only one type of backup medium.  Yes, they'd all have to go bad but it is possible.

So, Armory solves this by allowing me to do a paper backup which is an alternative backup medium; not necessarily a better medium, but one that can't suffer an electrical failure.  It imports any Satoshi wallet below 0.6 without problem and can hold multiple wallets including the deterministic native wallets it generates.  The reason it can't do 0.6 is b/c the keys in this version are for the first time compressed but Eto will solve this problem soon.  The other nice thing about a paper backup of a deterministic wallet is that the printout is only one page long and contains a chain code, a root key, and a QR code representation of the same.  This is all you need to generate all the addresses you will ever need going forward.  The other cool thing is the Watching Only wallet that you generate from the offline wallet can be put online and they both will generate the exact same keys since they both contain the same chain code thus enabling you to continually receive payments to newly generated addresses on the Watching Only wallet w/o ever having to create a new backup nor accessing your offline wallet.  Only one backup ever required forever.  Be aware though that if you import keys or entire wallets, these will have to be separately backed up since their origin was not from a deterministic chain code or root key.  They were randomly generated.

What has happened recently that stimulated me to write this article is that Eto finally got easy point and click installers and uninstallers for both the online and offline wallets.  I think my ignorance with command lines convinced him that ease of installation is paramount and step one to getting people to use his program.  Prior to this, if one wanted to use Ubuntu on the offline computer like I do, one had to install all these Python dependencies using command line bullshit that I have no knowledge or patience with.  In my case, I use a small used laptop for my dedicated offline computer which holds my private keys.  First I downloaded the Ubuntu installers into a Pendrive USB stick.  I then wiped the entire hard drive with the 4 pass shredding program in Ubuntu from the USB key and then installed Ubuntu 10.04 onto the hard drive.  I've found 11.10 Unity to be buggy, at least with the small laptop I'm using.  I then installed Armory 0.75 Linux and the python dependencies from another USB key which is just point and click once opened in Ubuntu.  It acts just like any other program you might install on windows and it allowed me to drag a little quick start icon to the top panel of 10.04.  I then generated a Primary Deterministic wallet in Armory which I encrypted of course.  I then made a Watching Only Wallet from it, loaded it onto a USB key, and then imported it into Armory 0.75 alpha on my online laptop, a MacBook Pro within Windows 7 64-bit in a VM.  The wallets are cross compatible across different OS platforms.  Installing this version was easy also as it loads with just point and click and gives you a cool little Armory system tray icon, a desktop icon, and its own little Armory Bitcoin Client folder in Programs.  Currently, when using Armory it requires that you have a Satoshi wallet open and accessible for Armory to scan its blockchain.  This is not a problem and only requires that you have around 512 K RAM for Ubuntu and 1.5 GB RAM for Windows 64 bit.  Eto is planning on making it network independent in the near future so you won't need the Satoshi open.

This system would be an ideal solution for a brick and mortar merchant.  The cash registers would have Watching Only wallets installed which can generate unique addresses for each customer.  The cashiers would not be able to spend or steal the coins b/c they don't have the private keys nor access to the offline computer with the private keys in possession of the owner of the business.  When the owner wants to access coins he uses the Watching Only wallets to create an unsigned tx which he puts on a USB key and then plugs into the offline computer for signing in private.  He then takes those signed tx's back to the cashier's Watching Only wallets to broadcast out to the network for verification.  Very simple and elegant.

I manage 3 separate wallets in Armory on my online computer in Win 7.  Two are watching only wallets; one is for my savings wallet that I usually never touch just to make sure my coins don't disappear without me knowing, the other from the original Primary Deterministic Wallet created when I first installed Armory into Ubuntu on my offline laptop.  The third wallet is one that I imported from Satoshi 0.5.3 which contain my subscribers addresses and acts like my business account.

There are several other utilities that I don't use in Armory like the Elliptic Curve Calculator which is beyond me.  Also you can sign messages with your keys somehow.

Also there is something called URL links which allow you to shop more conveniently.  Eto gave me the example of CoinDL for downloading music:

(1) Click on a song you want.
(2) It pops up with a "waiting for payment..." box, that shows address and amount, but also a clickable URL.
(3) User clicks on the URL and Armory immediately opens with Address and amount filled in already, and the "Comment" set to "Alco Album X:  Song Y".
(4) You confirm the transaction and type in your passphrase (if necessary) to complete the transaction.

The nice thing about this is that it automatically fills in the details (convenient), and Armory will also then show the purchases in your Tx Ledger.  The main window will then contain a list of everything you bought and how much you paid.  And you never had to type anything other than your passphrase.

As for security, the only way to hack into your offline wallet would be to execute a very time specific targeted attack at your USB key which is extremely difficult if not impossible.  I've discussed this with Eto and I just can't see how it can be done.  And for those of you not satisfied with that explanation, he's also working on a serial-port interface to replace the USB keys that should be a perfect-security solution.

Anyways, I hope you found this helpful and if you want to try it out here is the link for the downloads:  http://bitcoinarmory.com/index.php/get-armory

Also, the offline tutorial:  http://bitcoinarmory.com/index.php/using-offline-wallets-in-armory

All the best,

cypher
hero member
Activity: 812
Merit: 1006
I need the moon from the sky. Somebody do it for me, now!
legendary
Activity: 1764
Merit: 1002
this is already how i have Armory set up.

i have a small used, inexpensive laptop that i erased 3 separate times.

i then installed Ubuntu 10.04 from a USB stick.

etotheipi then provided me with a link to download a full Armory installer which was just point and click.  

laptop was never exposed to the Interent.

you're done.

Totally.  That's what I do too.  I guess I'm proposing a sort of all-in-one solution.  No wifi, no ethernet, very small, extremely low power, everything is already installed and ready to go, encrypted, etc.  Maybe, say, $50 or $60.  I don't know.  I have friends who are interested in bitcoin, but they're not very tech savvy.  It'd be nice if there were a solution for that sort of person that allowed them to do what you and I are doing without requiring of them learning about Ubuntu, or Linux, ect.  They buy it, plug it in, and follow the snazzy on screen instructions.

sounds like a good business plan.  reminds me of buying a Casascius coin where you totally have to rely on his integrity.  that would be the only problem.  also, interception by a hacker en route from the factory.
legendary
Activity: 2198
Merit: 1311
this is already how i have Armory set up.

i have a small used, inexpensive laptop that i erased 3 separate times.

i then installed Ubuntu 10.04 from a USB stick.

etotheipi then provided me with a link to download a full Armory installer which was just point and click.  

laptop was never exposed to the Interent.

you're done.

Totally.  That's what I do too.  I guess I'm proposing a sort of all-in-one solution.  No wifi, no ethernet, very small, extremely low power, everything is already installed and ready to go, encrypted, etc.  Maybe, say, $50 or $60.  I don't know.  I have friends who are interested in bitcoin, but they're not very tech savvy.  It'd be nice if there were a solution for that sort of person that allowed them to do what you and I are doing without requiring of them learning about Ubuntu, or Linux, ect.  They buy it, plug it in, and follow the snazzy on screen instructions.

I just think that if we really want bitcoin to expand out of the circle it's settled in, we're going to have to start thinking in this direction.  Ordinary people will need something as secure and functional as offline Armory, without any of the setup.
legendary
Activity: 1764
Merit: 1002
this is already how i have Armory set up.

i have a small used, inexpensive laptop that i erased 3 separate times.

i then installed Ubuntu 10.04 from a USB stick.

etotheipi then provided me with a link to download a full Armory installer which also was installed from a USB stick. it was just point and click.  

laptop was never exposed to the Internet.

you're done.
legendary
Activity: 2198
Merit: 1311
Quote
The thing never touches a network and doesn't even have wifi or ethernet.

How do you think it is going to manage transactions?
If it's something along the lines of "connect to pc using usb, install drivers, etc.", that's not nowhere near "simple for the average joe".

The same way Armory manages transactions with an offline PC and an online PC.

And besides, the idea isn't to create an offline hardware device for everyday bitcoin use.  Rather, it's to provide an easy and very secure way to store bitcoins.  However, if it used Armory, or something like it, it could be easy enough to manage transactions.
full member
Activity: 203
Merit: 100
Quote
The thing never touches a network and doesn't even have wifi or ethernet.

How do you think it is going to manage transactions?
If it's something along the lines of "connect to pc using usb, install drivers, etc.", that's not nowhere near "simple for the average joe".
legendary
Activity: 2198
Merit: 1311
Paper is pretty secure. Print it out and put it in a locked safe?

Ok.  Sure.  But the idea is to offer a totally offline solution that's (1) inexpensive and (2) user friendly for the average joe.  What I'm suggesting is a hardware device that you buy.  Take it home and plug it in and you're presented with a few simple options like, "Create an offline bitcoin wallet", or "Create a wallet with a passphrase", "Import a bitcoin wallet", etc.  The thing never touches a network and doesn't even have wifi or ethernet.  Right now the solution is something like buy a netbook and use some clunky software or client side web app.  I'm saying combine what we can already do into a very low power, very small, and less expensive device.
legendary
Activity: 882
Merit: 1000
Paper is pretty secure. Print it out and put it in a locked safe?
Pages:
Jump to: