Pages:
Author

Topic: Why isn't there a single purpose bitcoin hardware wallet ??? (Read 3518 times)

hero member
Activity: 518
Merit: 500
Is http://www.bitcointrezor.com/ just being poorly marketed or what?

The market is smaller than people think.

I don't know about that. I think it's pretty small, but not sure what others think.   Few to none of my friends have heard of bitcoin and the ones who have....don't care about it.

It is still very early on in its adoption rate for sure. 

And yes Apple is a good analogy.  I had mp3 players long before Apple came out with the Ipod...years before.  But they just waited until the market matured and then introduced their device (and marketed it like crazy)
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
Why do we still have to use multiple purpose hardware like smartphones and pc for wallets ? Ever since I have known bitcoin I have been waiting for a secure hardware wallet for sending and receiving bitcoins so to introduce bitcoin to my family and people around me that aren't tech savy enough to keep their bitcoins safe. And don't tell me that trezor is a wallet it is just way secure your wallet.

We could put up a bounty for the development of of an open source hardware wallet.




by single purpose hardware wallet I mean something like the bitcoincard but no need for the mesh network nor for it to be this thin and small =v        

If you really want one, you could've just made one yourself...
hero member
Activity: 490
Merit: 501
To be truely useful, wouldn't a hardware wallet have to be Wifi enabled? or maybe Data enabled like a smart phone? Would it need it's own copy of the blockchain? Would it keep it up to date so you don't have to wait 10 minutes for it to Sync before making a transaction? Huh
hero member
Activity: 560
Merit: 517
Quote
The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place.
Flashing firmware is not an attack vector, if the firmware is signed by a trusted party.  An ASIC would be far worse; there are no ways for third parties to truly audit the ASIC.  Open source code, on the other hand, can be audited by a large swath of programmers.

Quote
with specific attention payed to avoiding information leaks that could lead to a successful side channel attack.
What side channel attacks are you specifically worried about on a hardware wallet?  The only opportunity for a hardware wallet to leak secret information through a side channel is during signing.  When the hardware wallet is secured by a password, this will only occur when the user is using the device for signing legitimate transactions.  This will occur infrequently, to put it lightly.  Power and timing side channel attacks require huge sample sizes, relative to the number of transactions a user will ever have signed.  Not to mention that it's impossible for the host to time the actual signing, unless it's correlating with power consumption and I don't believe a PC can extract that information from their USB host chips.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.


I'd urge you to reconsider; I think you're missing out.

As cheap as they are now, they're affordable enough to buy one just as a dedicated mobile spending wallet. And once you have that, it may very well change the way you use (and view) Bitcoin.
legendary
Activity: 1246
Merit: 1011
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

I've never owned a smart phone and have been using Bitcoin since July 2010.
legendary
Activity: 1316
Merit: 1000
Varanida : Fair & Transparent Digital Ecosystem
Smart devices are enough, I think.
legendary
Activity: 1400
Merit: 1013
They don't need an asic, they could jut put the software in ROM.
That does not accomplish anything in terms of the vulnerabilities inherent to running software.
hero member
Activity: 490
Merit: 501
Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...
I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.

They don't need an asic, they could jut put the software in ROM.
legendary
Activity: 1400
Merit: 1013
Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...
I actually think of that as providing more of a false sense of security than anything else.

The ability to flashing the firmware is an attack vector, as is the existence of firmware in the first place. If you don't get a hardware wallet right the first time somebody is going to lose coins to an attack before they are able to install your firmware upgrade.

Basically, a hardware needs to be an ASIC designed for tamperproof operation with specific attention payed to avoiding information leaks that could lead to a successful side channel attack. Any product that does not, at a minimum, meet this condition is one I'd never buy or recommend.
cor
full member
Activity: 121
Merit: 100
Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

For those who are not programmers and don't know how to read the code (or have nobody to do that for them) we are planning to undergo an independent security audit.

Anyway I think its easier to trust a single purpose hardware with limited protocol and opensource + the possibility to flash the firmware than a computer connected to internet having tons of software created by thousands of programmers...
legendary
Activity: 1094
Merit: 1006
I was looking into developing a hardware wallet a few weeks ago. It definitely is quite possible, but it requires much work with embedded stuff(which simple put isn't easy). Trezor is going to be your best bet for now, many of the people I've seen working on hardware wallets have fallen by the wayside.

For a hardware wallet to work, you have to have some sort of screen and perhaps some input buttons. This is not something you can just pick up from Walmart. It took me some searching to find a Chinese manufacture, but they want me to pay $500 for a dev kit. So unless someone wants to donate that, I'll going to continue to work on other more useful Bitcoin products and services.

So in summary, making a hardware wallet is extremely hard and takes lots of time and money.
legendary
Activity: 1400
Merit: 1013
I won't be interested in hardware wallets until I see signs that the people implementing them are serious about hardening them against malware and side channel attacks.

Devices like the Trezor, which advertise that the code running them is open source, are immediately uninteresting because they are devices which run code.

Implementing a hardware wallet properly does not allow for shortcuts, like using general-purpose computers in the design.
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
Honestly I think Piper is going in the direction of being a single purpose bitcoin wallet. Already it handles printing all your Private key needs. Not much of a leap to see it also handle your wallet as well. I think we will see single purpose bitcoin devices, some people would appreciate them. I certainly would.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o
Please explain me how a smartphone is more secure than a pc. Viruses exist for smartphones too

Well, I'd imagine the average non-Windows smartphone (the majority) to be notably more secure than the average Windows PC (the majority,) given equal amounts of effort put into securing the device.

But really, I think a reasonably-secured smartphone--or just one that's dedicated to the purpose--functions fairly well as a suitable hardware spending wallet, especially for anyone experienced with Bitcoin.
cor
full member
Activity: 121
Merit: 100
I originally thought the Trezor was a Bitcoin safe rather than just keeping your bitcoins safe - been hoping for a standalone device but must be in the minority - there's nothing more uninspiring than Bitcons on a USB stick.



There are some explanations on the TREZOR FAQ page on the differences between TREZOR and a USB, an encrypted wallet, a yubikey etc...

http://www.bitcointrezor.com/faq/#comparing-trezor

for example the difference between a USB and TREZOR:

"A USB flash drive is just a storage for private keys. It means that when you want to make a bitcoin transaction, you must attach your drive to the computer and let your bitcoin software read the keys from the device. At this point your private keys are accessible to viruses and malware, just as to any other software on your desktop computer. On the contrary, TREZOR is a single-purpose computer, which stores your private keys and actively signs bitcoin transactions without sending your private keys to the computer. When you want to make a bitcoin transaction, your bitcoin software just sends a transaction template to the TREZOR device and asks for a digital signature. TREZOR shows the requested amount and target address on its display. You will then confirm the transaction by pressing the hardware button. Then TREZOR signs transaction internally and sends the digital signature back to the computer, without leaking your private keys. Thanks to this, you can use TREZOR even on a vulnerable or hacked computer."
full member
Activity: 188
Merit: 100
...




Well, I am blown away by this! Not at all what I envisioned, but Stunning! Applause, Sir!
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o
Please explain me how a smartphone is more secure than a pc. Viruses exist for smartphones too
legendary
Activity: 1442
Merit: 1000
Antifragile
really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o

Are you suggesting using a smartphone to hold a lot of BTC's on? That is pretty dangerous.

A hardware wallet has it's own problems, but getting hacked is pretty far down the list. EMP is the other (I think).

I'm surprised we don't hear more about Trezor and hardware wallets. I do think something simpler (or cheaper) will shortly (next year or so) be developed.

IAS
full member
Activity: 238
Merit: 100
KUPO!
really cant see a need for this type of thing. if you are worried about family members not being able to handle security etc then give them an online wallet like inputs.io and they can use it like paypal.
I really cant imagine someone using bitcoin who wouldnt have a smart phone O_o
Pages:
Jump to: