Why isn't there a single purpose bitcoin hardware wallet ???

tclo

hero member

Activity: 518

Merit: 500

Quote from: QuantPlus on September 01, 2013, 07:48:47 PM

Quote from: Garr255 on September 01, 2013, 04:40:43 PM

Is http://www.bitcointrezor.com/ just being poorly marketed or what?

The market is smaller than people think.

I don't know about that. I think it's pretty small, but not sure what others think. Few to none of my friends have heard of bitcoin and the ones who have....don't care about it.

It is still very early on in its adoption rate for sure.

And yes Apple is a good analogy. I had mp3 players long before Apple came out with the Ipod...years before. But they just waited until the market matured and then introduced their device (and marketed it like crazy)

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: exynos645 on September 01, 2013, 03:44:57 PM

Why do we still have to use multiple purpose hardware like smartphones and pc for wallets ? Ever since I have known bitcoin I have been waiting for a secure hardware wallet for sending and receiving bitcoins so to introduce bitcoin to my family and people around me that aren't tech savy enough to keep their bitcoins safe. And don't tell me that trezor is a wallet it is just way secure your wallet.

We could put up a bounty for the development of of an open source hardware wallet.

by single purpose hardware wallet I mean something like the bitcoincard but no need for the mesh network nor for it to be this thin and small =v

If you really want one, you could've just made one yourself...

Trongersoll

hero member

Activity: 490

Merit: 501

To be truely useful, wouldn't a hardware wallet have to be Wifi enabled? or maybe Data enabled like a smart phone? Would it need it's own copy of the blockchain? Would it keep it up to date so you don't have to wait 10 minutes for it to Sync before making a transaction? Huh

fpgaminer

hero member

Activity: 560

Merit: 517

Quote

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place.

Flashing firmware is not an attack vector, if the firmware is signed by a trusted party. An ASIC would be far worse; there are no ways for third parties to truly audit the ASIC. Open source code, on the other hand, can be audited by a large swath of programmers.

Quote

with specific attention payed to avoiding information leaks that could lead to a successful side channel attack.

What side channel attacks are you specifically worried about on a hardware wallet? The only opportunity for a hardware wallet to leak secret information through a side channel is during signing. When the hardware wallet is secured by a password, this will only occur when the user is using the device for signing legitimate transactions. This will occur infrequently, to put it lightly. Power and timing side channel attacks require huge sample sizes, relative to the number of transactions a user will ever have signed. Not to mention that it's impossible for the host to time the actual signing, unless it's correlating with power consumption and I don't believe a PC can extract that information from their USB host chips.

westkybitcoins

legendary

Activity: 980

Merit: 1004

Firstbits: Compromised. Thanks, Android!

Quote from: teukon on September 12, 2013, 10:57:03 PM

Quote from: Moogle on September 02, 2013, 04:52:32 PM

I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.

I'd urge you to reconsider; I think you're missing out.

As cheap as they are now, they're affordable enough to buy one just as a dedicated mobile spending wallet. And once you have that, it may very well change the way you use (and view) Bitcoin.

teukon

legendary

Activity: 1246

Merit: 1011

Quote from: Moogle on September 02, 2013, 04:52:32 PM

I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.

viboracecata

legendary

Activity: 1316

Merit: 1000

Varanida : Fair & Transparent Digital Ecosystem

Smart devices are enough, I think.

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: Trongersoll on September 12, 2013, 08:09:03 PM

They don't need an asic, they could jut put the software in ROM.

That does not accomplish anything in terms of the vulnerabilities inherent to running software.

Trongersoll

hero member

Activity: 490

Merit: 501

Quote from: justusranvier on September 12, 2013, 03:47:14 PM

Quote from: cor on September 12, 2013, 12:44:55 PM

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...

I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.

They don't need an asic, they could jut put the software in ROM.

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: cor on September 12, 2013, 12:44:55 PM

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...

I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.

cor

full member

Activity: 121

Merit: 100

Quote from: justusranvier on September 12, 2013, 09:03:35 AM

Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

For those who are not programmers and don't know how to read the code (or have nobody to do that for them) we are planning to undergo an independent security audit.

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...

super3

legendary

Activity: 1094

Merit: 1006

I was looking into developing a hardware wallet a few weeks ago. It definitely is quite possible, but it requires much work with embedded stuff(which simple put isn't easy). Trezor is going to be your best bet for now, many of the people I've seen working on hardware wallets have fallen by the wayside.

For a hardware wallet to work, you have to have some sort of screen and perhaps some input buttons. This is not something you can just pick up from Walmart. It took me some searching to find a Chinese manufacture, but they want me to pay $500 for a dev kit. So unless someone wants to donate that, I'll going to continue to work on other more useful Bitcoin products and services.

So in summary, making a hardware wallet is extremely hard and takes lots of time and money.

justusranvier

legendary

Activity: 1400

Merit: 1013

I won't be interested in hardware wallets until I see signs that the people implementing them are serious about hardening them against malware and side channel attacks.

Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

Implementing a hardware wallet properly does not allow for shortcuts, like using general-purpose computers in the design.

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Honestly I think Piper is going in the direction of being a single purpose bitcoin wallet. Already it handles printing all your Private key needs. Not much of a leap to see it also handle your wallet as well. I think we will see single purpose bitcoin devices, some people would appreciate them. I certainly would.

westkybitcoins

legendary

Activity: 980

Merit: 1004

Firstbits: Compromised. Thanks, Android!

Quote from: Gabi on September 02, 2013, 05:29:36 PM

Quote from: Moogle on September 02, 2013, 04:52:32 PM

really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

Please explain me how a smartphone is more secure than a pc. Viruses exist for smartphones too

Well, I'd imagine the average non-Windows smartphone (the majority) to be notably more secure than the average Windows PC (the majority,) given equal amounts of effort put into securing the device.

But really, I think a reasonably-secured smartphone--or just one that's dedicated to the purpose--functions fairly well as a suitable hardware spending wallet, especially for anyone experienced with Bitcoin.

cor

full member

Activity: 121

Merit: 100

Quote from: Mjbmonetarymetals on September 02, 2013, 04:41:43 PM

I originally thought the Trezor was a Bitcoin safe rather than just keeping your bitcoins safe - been hoping for a standalone device but must be in the minority - there's nothing more uninspiring than Bitcons on a USB stick.

There are some explanations on the TREZOR FAQ page on the differences between TREZOR and a USB, an encrypted wallet, a yubikey etc...

http://www.bitcointrezor.com/faq/#comparing-trezor

for example the difference between a USB and TREZOR:

"A USB flash drive is just a storage for private keys. It means that when you want to make a bitcoin transaction, you must attach your drive to the computer and let your bitcoin software read the keys from the device. At this point your private keys are accessible to viruses and malware, just as to any other software on your desktop computer. On the contrary, TREZOR is a single-purpose computer, which stores your private keys and actively signs bitcoin transactions without sending your private keys to the computer. When you want to make a bitcoin transaction, your bitcoin software just sends a transaction template to the TREZOR device and asks for a digital signature. TREZOR shows the requested amount and target address on its display. You will then confirm the transaction by pressing the hardware button. Then TREZOR signs transaction internally and sends the digital signature back to the computer, without leaking your private keys. Thanks to this, you can use TREZOR even on a vulnerable or hacked computer."

flagel8

full member

Activity: 188

Merit: 100

Quote from: Mjbmonetarymetals on September 02, 2013, 04:41:43 PM

...

Well, I am blown away by this! Not at all what I envisioned, but Stunning! Applause, Sir!

Gabi

legendary

Activity: 1148

Merit: 1008

If you want to walk on water, get out of the boat

Quote from: Moogle on September 02, 2013, 04:52:32 PM

really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

Please explain me how a smartphone is more secure than a pc. Viruses exist for smartphones too

Its About Sharing

legendary

Activity: 1442

Merit: 1000

Antifragile

Quote from: Moogle on September 02, 2013, 04:52:32 PM

really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

Are you suggesting using a smartphone to hold a lot of BTC's on? That is pretty dangerous.

A hardware wallet has it's own problems, but getting hacked is pretty far down the list. EMP is the other (I think).

I'm surprised we don't hear more about Trezor and hardware wallets. I do think something simpler (or cheaper) will shortly (next year or so) be developed.

IAS

Moogle

full member

Activity: 238

Merit: 100

KUPO!

really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

Topic: Why isn't there a single purpose bitcoin hardware wallet ??? (Read 3453 times)