Pages:
Author

Topic: Why not make Bitcoin more Secure with a PIN and TAN System? (Read 2795 times)

legendary
Activity: 1050
Merit: 1000
You are WRONG!
if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

Hmmm, me thinking about those nfc enabled smartphones ...
more like that.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
mmmh
 interesting do you mean a thing like hcbi-banking-device?
hmm. i dont speek german, and google gave me alot of it when i did search.
but it is one of crypto-tokens you are talking about?

hmmm. maybe... it depends
if it only gives me a small number, then hell NO!
if it prints out the whole transaction, and ask me permission to sign, then YES!
newbie
Activity: 33
Merit: 0
if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.

Hmmm, me thinking about those nfc enabled smartphones ...
hero member
Activity: 672
Merit: 500
mmmh
 interesting do you mean a thing like hcbi-banking-device?
legendary
Activity: 1050
Merit: 1000
You are WRONG!
it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key.
simple attack method:
make a trojan, which replace the bitcoin client, with a fake one that send all payment to the attacker.

it breaks through: encryption, TAN, PIN, paper wallet, anything, as soon as you put it in the client yo are doomed.
if you are unaware of it, and you will be.
the only thing encryption is good for is protecting an wallet if it gets stolen, it does not protect you from anything else.

if you would be very secure, you would make a physical device with a small LCD screen, which prints out the addresses, and the amounts.
on that device the transaction will be signed. and the private key will never leave the device. this would be the only secure thing.
legendary
Activity: 1147
Merit: 1001
it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

It doesn't matter if a trojan find's out because there are no BTC on that private key. The user just has to make sure he doesn't reuse that private key.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
How about having incomplete private keys in the wallet?

Every time you make a transfer using a certain key you would need to add missing characters using a printout that you make when the wallet is created. The program would then also transfer any difference in BTC to a new private key so that effectively each private key is only used once. You could also store the "printout" in some file of your own choosing in case you lose the printout.
it would be the same as ripping the private key out of the wallet, and write it down on paper, which can be stolen. 130 chars(hex-encoded). the used once private key feature you are suggesting are also useless, an attacker does not get any knowledge about the private key. only proof that you have it, and the transaction is valid.

still if you gets trojan'ed you are still domed, when you put the key back into the client.

legendary
Activity: 1147
Merit: 1001
How about having incomplete private keys in the wallet?

Every time you make a transfer using a certain key you would need to add missing characters using a printout that you make when the wallet is created. The program would then also transfer any difference in BTC to a new private key so that effectively each private key is only used once. You could also store the "printout" in some file of your own choosing in case you lose the printout.
hero member
Activity: 672
Merit: 500
Hello,
thanks for your answer.
So i understand that 2 things dont work, a TAN system with short characterlenght and a tan system with numbers offcourse.

So the main Problem is that there is no instance(s) in the Network which could act intelligent like a Server which decide over valid and invalid inputs and connections.
(Like the Bank, which blocks after 3 false tan inputs, )
So if a privatekey is characters 130 it makes no sense to use this as a TAN, because it is not life proof ;-)

If this could not be done,
thee are only 2 other ways to become a bit more security.
1. encrypt the wallet (built in function, and an option to close the wallet but run the client to support the network)

2. split the money in different wallets (an import export function is a good feature, and the name of the wallet.dat shoul get an random add of for example _5gBS78d to avoid overwriting if a wallet is importet to the client)

what do you think about nr.1 & 2 as an feature request?
legendary
Activity: 1050
Merit: 1000
You are WRONG!
Quote
Hello,
you repead it now the third time, yes
I know how private key encryptions works, didnt you read my answer?
So we could mark this as solved.
for all you have writting, there is no proof that you know who public key cryptography works.
you might think you know, and you may know it, i cant say. but by judging from your posts, you don't. sorry for being rude.

Quote
In my latest post i wrote just to use a second private key encyption as "TAN"
which is not able to copy by trojans, because it is offline stored on paper.(input protection is secure? because i didnt get an answer)
There is no plaintext or privatekey broadcast, so the evilnodes are not needed (useless ;-) )
no your input is not secure, but that not a part of the discussion. if your system are invaded by a trojan, you are doomed.

Quote
please dont make my suggestion more worse than it could be, i wrote 12-34 charcters
and not 8-12.
if it is just a password-like TAN system, 12-34 should be enough. it could be used to encrypt the private key.
but a private/public key is around 130 characters long (hexadecimal encoded).

Quote
Also with a Privatekey encryption 12 Characters are not a problem (could be doubled easy, when adding a TANlistNumber-code, not a TAN)
again a private key is longer. TANs are random numbers.
private and public keys are generated in pairs, they can be short and insecure(around 50 chars hex-encoded), or long and secure (around 130 chars hex-encoded). but if they are 12 long i could crack them in my head, with simple math, and you could too.

Quote
You said in "bitcoin uses public-key-cryptography. the algoritm used is called ECDSA"
which is safe against bruteforce and evil nodes,
so if a second second privatekey encyption as "TAN" uses the same technique this problem is also solved.
feel free to pull the private keys out of the wallet and write them down on paper, it can be done with bitcointools(https://github.com/gavinandresen/bitcointools).
but is would just be stupid to make a double encryption/signing, it has no effect at all.

the only place this could be useful, would be if you should send money to two people.
so its needed that they meet, and agree how they sould spend the money. but they dont trust each other.
none of them can unlock the money without the other.

Quote
My idea was not to make a big change, just a small.
For example with a new wallet, a user could gernerate 100 bitcoin adresses.
So my idea is instead of using 100 Adresses to modify the system to uses the 100 Adresses as TANs for one Adress.
i does not understand you are talking gibberish.

Quote
(like i understand each adress has its own private key or not?)
yes every address has both a public and a private key.
the public one is hashed(to make it shorter, it has nothing to do with security) and published.

Quote
if so these 100 Privatekeys (99+1) are perfect and easy to modify with a TAN system.
?
hero member
Activity: 672
Merit: 500
Hello,
you repead it now the third time, yes
I know how private key encryptions works, didnt you read my answer?
So we could mark this as solved.

In my latest post i wrote just to use a second private key encyption as "TAN"
which is not able to copy by trojans, because it is offline stored on paper.(input protection is secure? because i didnt get an answer)
There is no plaintext or privatekey broadcast, so the evilnodes are not needed (useless ;-) )

to be sure i repeadit it, I know how private key encryptions works

please dont make my suggestion more worse than it could be, i wrote 12-34 charcters
and not 8-12.
Also with a Privatekey encryption 12 Characters are not a problem (could be doubled easy, when adding a TANlistNumber-code, not a TAN)
You said in "bitcoin uses public-key-cryptography. the algoritm used is called ECDSA"
which is safe against bruteforce and evil nodes,
so if a second second privatekey encyption as "TAN" uses the same technique this problem is also solved.

My idea was not to make a big change, just a small.
For example with a new wallet, a user could gernerate 100 bitcoin adresses.
So my idea is instead of using 100 Adresses to modify the system to uses the 100 Adresses as TANs for one Adress.
(like i understand each adress has its own private key or not?)
if so these 100 Privatekeys (99+1) are perfect and easy to modify with a TAN system.

greets
legendary
Activity: 1050
Merit: 1000
You are WRONG!
you simply dont understand it do ya?

the public key will be shared, therefor the name 'public' key
the privat key will not be shared, and as the name suggest.

you can then with the private key sign a transaction. that transaction can be verified with the public key.
an attacker are not able to change the transaction, without making the signature invalid.

what you are suggesting are (AFAIK):
a) first broadcast a hash of a TAN.
b) then make a transaction with that TAN, and publish that TAN. sure anyone can verify that hash(TAN)=hash_of_broadcasted_TAN

BUT, if your node are surrounded by an evil nodes, and you try broadcast the TAN.
they can ignore the transaction, copy the TAN, and put it in another transaction. bye bye btc.

also if a tan is short, 8-12 digest, it can be bruteforced.

seriously, please try to understand public key cryptography, before trying to change anything.
hero member
Activity: 672
Merit: 500
@ kokjo
thanks for your explainaition.
I aleready known this, but now we are sure we speak of the same thing.
So if it is possible to sign a transaction without sharing the public key like you discribe it, why do you just wrote on the other hand
a TAN system spread a private key?
My intension was that a theoretical TAN uses exact the same way like you described!
so the difference is...zero and...

@ Theo
that the benefit of of a second private keysystem like TANs are offline and not so easy to capture (and not possible to crack! like you wrote before -> see kokjo's post)
The goal is to protect the prvate key (file) , with a second security layer.


that a server does not exist i know , i just named it to name a schematic system (exchange server with bitcoin network).
Today who does verify the transactions in the Bitcoin network WITHOUT knowing the private key of the users?
(the same way a TAN could be verifyed without getting the private keys)

So we come closer together i think
newbie
Activity: 22
Merit: 0
To 1. dont be so pessimistic please :-)
why should it be allowed for random clients please? only because then the Idea dont work?
No offcourse it should NOT  be allowed for random clients, so it also dont get spammed.
Antispam technique should be implement client and serversided but are NOT
a special task because of the TANs.

2.Like i wrote instead of this it is possible to use more Charakters, for example like the lengh of 12-34 charcters.
There should be a method for protecting the hashes to not be easiliy harvested by an atttacker,

how does the Bitcoin network ensure that the privae key of the user cloud not be cracked offline?
the same way should be used for the TANs.

1. It must be allowed for random clients because there is no server that could arbitrate who is allowed and who not. If there was an arbitrator, you would have PayPal.
2. Bitcoin ensures that private keys cannot be cracked offline by using a computationally intensive algorithm and long keys. If the TANs have the same size as the private keys, there is no point in using an extra TAN because they do not provide any benefit over the private keys.
legendary
Activity: 1050
Merit: 1000
You are WRONG!
do really don't understand it do you?
of course, they are stored as hashes. but when you need to proof that you know the plain text, YOU NEED TO SEND THE PLAINTEXT. and the attacker can just capture it, and retransmit a transaction that send your coin to him.

unless you understand this, please don't say more.

instead of say such unpolite things, i try to solve this "misunderstanding" you think i have...

So i ask the same in another way, how does it work that the Private key in the wallet.dat is not send in plaintext?
(or is this wrong and the privatekey is actually send in Plaintext??)
Just answer this if you know.
the private key is not send in plaintext, this is your misunderstading. bitcoin uses public-key-cryptography. the algoritm used is called ECDSA. (look it up on wikipedia). the private key is used for signing the transaction. and this sign can be verifyed be using a public.

this is how it works:

your client generates a private and public key pair.
by taking a hash of the public key, you get a bitcoin address.
you gives your address to someone, and tell him to pay.

he sends you the transaction by saying: "only the person who can proof that he has the corresponding privatekey, to this address, can spend this x bitcoins", this is signed by his privatekey(s)

your client sees this and knows that you now haves x bitcoins more.

when your client wants to spend it, it broadcasts the public key, along with a signing from the private key, that proofs that your client knows the private key.
your client therefor NEVER broadcasts your private key, only proof that you have it.

and an attaker can not, intercept and change the transaction, without making the transaction invalid.

want to read more: http://en.wikipedia.org/wiki/Public-key_cryptography

i will be glad to explain more to you. but dont try to change anything without trying to understand first, it makes me angry!
hero member
Activity: 672
Merit: 500
do really don't understand it do you?
of course, they are stored as hashes. but when you need to proof that you know the plain text, YOU NEED TO SEND THE PLAINTEXT. and the attacker can just capture it, and retransmit a transaction that send your coin to him.

unless you understand this, please don't say more.

instead of say such unpolite things, i try to solve this "misunderstanding" you think i have...

So i ask the same in another way, how does it work that the Private key in the wallet.dat is not send in plaintext?
(or is this wrong and the privatekey is actually send in Plaintext??)
Just answer this if you know.

Whatever you enter into your computer, an attacker can grab. If you use a mouse keyboard, i log your mouse movements, if you randomize the virtual key positions, i use ocr, if you make a captcha out of each key, you see where this is going... Wink

Like i said i want solutions, if i want to know how it doesn't work i could write a hole book my self ;-)
Dont play to be my Opponent be a helper ;-)
always so negative here...

i doubt that will ocr work, why al this spam capchas are not already passed?
A way to solve this if it is possible is a server sided sessionhash which is randowmly generated as a checksum
Browser, hardware and more etc. so if an attacker could grab the TAN which i doubt really,
he couldnt use it because he has not the exact hardware/screenresolution/browser etc.
and also could not generate this checksum itself because it is not stored in the client, it is generated  serversided.
(even he emultates the same hardware, he gets an other checksum and then also an other TAN is questioned,
because the first than is actually activated be the vicim pc)

lol what a fantasy war ;-)
member
Activity: 73
Merit: 10
of course, they are stored as hashes. but when you need to proof that you know the plain text, YOU NEED TO SEND THE PLAINTEXT. and the attacker can just capture it, and retransmit a transaction that send your coin to him.

only if he also has the private key.. the question is, in which scenario does it help? if the attacker doesn't know the private key, there's no need for a TAN, and if he does, he can probably grab the TAN also.

Quote
So keylogging is not possible because like i wrote the input is mouse based, no keys to log.

Whatever you enter into your computer, an attacker can grab. If you use a mouse keyboard, i log your mouse movements, if you randomize the virtual key positions, i use ocr, if you make a captcha out of each key, you see where this is going... Wink
legendary
Activity: 1050
Merit: 1000
You are WRONG!
do really don't understand it do you?
of course, they are stored as hashes. but when you need to proof that you know the plain text, YOU NEED TO SEND THE PLAINTEXT. and the attacker can just capture it, and retransmit a transaction that send your coin to him.

unless you understand this, please don't say more.
hero member
Activity: 672
Merit: 500
LOL
thank you for been active here, but i dont wanna hear it is not possible.
I want to discuss HOW IT IS  POSSIBLE :-)

you really don't know how it works, right?
as soon as you broadcast your TAN codes to the network, anyone else could take it and use your money.

scenario:
Node A, is your node. Node A knows Node B-Z, which you don't know anything about. Node B-Z was placed by an attacker, they are cancer nodes, they does not rebroadcast your transaction, instead they capture your TAN codes and gives them to the attacker.
this sucks.

you don't know any thing about this, and therefor you can only be protected from by publickey-cryptography.

you really don't know what i wrote, right? ;-)
The TANs are saved as "hashes" so they are NOT spread public in plaintext.(which you printed out)

scenario A is not possible because, the network accepts only transacions when the are valid
and saved at a minimum set of nodes.
So there must be a feedback between a the Network and the Client that gives a waranty
that makes sure an attacker could not capure a TAN and use it.
This could be done if the broadcost of the original client is send to a defined count but random nodes.
So that for example 10 nodes say broadcast the message the same way like a normal transaction is done.
after this is send this TAN is imidiatly useless by an attacker, because the other nodes already send the correct transaction and TAN.

if it is so useless, why is a normal bitcoin transaction not harmed by an attacker Node B-Z for example?
this answer to this question, why it is not affected, applies exactly on a TAN if it is implemented the same secure way.

Well, an attacker would still need to have my private key to be able to sign a different transaction with the TAN.

OTOH, if he already has access to my private key, he can just wait for me to broadcast a transaction (or keylog the TAN (Edit: assuming this is the way he also got the password for the soon-to-be encrypted key)).

NO, the plaintext TANcode is for security reason send to an pre-dfined email adress.
For example, when you first generate your first wallet, a private key is generated,
and the Public key is sync with the Network.
Exact the same could be done with a TAN codelist, BUT with the difference
the TANcodes are not stored on the  Computer, they should be printed out. (or send to and email Adress and then printed)
This is like a second code which is not possible to copy for a trojan, that is the idea AFTER that first
step. So keylogging is not possible because like i wrote the input is mouse based, no keys to log.
Plese read one more time.

There are two problems associated with this approach:
1. Storage space is limited in the block chain as it is mirrored on all clients. If you're allowing random clients save their TAN in the network, it could be easily spammed. So you would have to introduce a fee for saving TAN hashes in the network, similar to the transaction fee.
2. Online banking TANs with their 6 numbers have a very small search space which is only secure because your bank locks your account after 3 or so wrong entries. This is not possible in Bitcoin because you can brute force the public TAN hashes offline. Thus, the TANs must be impractically long like 30 characters or so.

To 1. dont be so pessimistic please :-)
why should it be allowed for random clients please? only because then the Idea dont work?
No offcourse it should NOT  be allowed for random clients, so it also dont get spammed.
Antispam technique should be implement client and serversided but are NOT
a special task because of the TANs.

2.Like i wrote instead of this it is possible to use more Charakters, for example like the lengh of 12-34 charcters.
There should be a method for protecting the hashes to not be easiliy harvested by an atttacker,

how does the Bitcoin network ensure that the privae key of the user cloud not be cracked offline?
the same way should be used for the TANs.

and if they are 30chars long, we are back to the beginning.
@X68N:
do you really think we are stupider then you?
no if they are 30 Characters long we are not ate the beginnig, never heard that 30 Charcters encrytion is unsafe ;-)
Same answer here
how does the Bitcoin network ensure that the privae key of the user cloud not be cracked offline?
the same way should be used for the TANs.

and no i dont think you are stupider, i just want to discuss a solution here.
There are no personal attacks.

legendary
Activity: 1050
Merit: 1000
You are WRONG!
I know that Wallet encyption comes maybe, my focus is on the TAN system.
Like i wrote it should be possible in the same way like the Bitcoin-network saves
the valid transactions.
So why not just store valid TANs via hashs (encrypted, not plain) in the network too?
(when they are plaintext, everybody just harvest them :-), they must be
encrypted)

There are two problems associated with this approach:
1. Storage space is limited in the block chain as it is mirrored on all clients. If you're allowing random clients save their TAN in the network, it could be easily spammed. So you would have to introduce a fee for saving TAN hashes in the network, similar to the transaction fee.
2. Online banking TANs with their 6 numbers have a very small search space which is only secure because your bank locks your account after 3 or so wrong entries. This is not possible in Bitcoin because you can brute force the public TAN hashes offline. Thus, the TANs must be impractically long like 30 characters or so.
and if they are 30chars long, we are back to the beginning.

@X68N:
do you really think we are stupider then you?
Pages:
Jump to: