Re: [Bitcoin-development] Proposal to address Bitcoin malware

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: "Martin Habovštiak" <martin.habovstiak@gmail•com>
To: Brian Erdelyi <brian.erdelyi@gmail•com>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware
Date: Mon, 2 Feb 2015 18:54:55 +0100	[thread overview]
Message-ID: <CALkkCJbk0czFj5mdMB6_0+Umw5V-fo-4tdBHgvg92zhyRZWiYQ@mail.gmail.com> (raw)
In-Reply-To: <68C03646-02E7-43C6-9B73-E4697F3AA5FD@gmail.com>

Good idea. I think this could be even better:

instead of using third party, send partially signed TX from computer
to smartphone. In case, you are paranoid, make 3oo5 address made of
two cold storage keys, one on desktop/laptop, one on smartphone, one
using third party.
If it isn't enough, add requirement of another four keys, so you have
three desktops with different OS (Linux, Windows, Mac) and three
mobile OS (Android, iOS, Windows Phone), third party and some keys in
cold storage. Also, I forgot HW wallets, so at least Trezor and
Ledger. I believe this scheme is unpenetrable by anyone, including
NSA, FBI, CIA, NBU...

Jokes aside, I think leaving out third party is important for privacy reasons.

Stay safe!

2015-02-02 18:40 GMT+01:00 Brian Erdelyi <brian.erdelyi@gmail•com>:
> Another concept...
>
> It should be possible to use multisig wallets to protect against malware.  For example, a user could generate a wallet with 3 keys and require a transaction that has been signed by 2 of those keys.  One key is placed in cold storage and anther sent to a third-party.
>
> It is now possible to generate and sign transactions on the users computer and send this signed transaction to the third-party for the second signature.  This now permits the use of out of band transaction verification techniques before the third party signs the transaction and sends to the blockchain.
>
> If the third-party is malicious or becomes compromised they would not have the ability to complete transactions as they only have one private key.  If the third-party disappeared, the user could use the key in cold storage to sign transactions and send funds to a new wallet.
>
> Thoughts?
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development

next prev parent reply	other threads:[~2015-02-02 17:55 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-31 22:15 Brian Erdelyi
2015-01-31 22:38 ` Natanael
2015-01-31 23:04   ` Brian Erdelyi
2015-01-31 23:37     ` Natanael
2015-01-31 23:41       ` Natanael
2015-02-01 12:49         ` Brian Erdelyi
2015-02-01 13:31           ` Martin Habovštiak
2015-02-01 13:46             ` Mike Hearn
2015-02-01 13:54             ` Brian Erdelyi
2015-02-01 13:48           ` Mike Hearn
2015-02-01 14:28 ` mbde
2015-02-02 17:40   ` Brian Erdelyi
2015-02-02 17:54     ` Martin Habovštiak [this message]
2015-02-02 17:59       ` Mike Hearn
2015-02-02 18:02         ` Martin Habovštiak
2015-02-02 18:25           ` Mike Hearn
2015-02-02 18:35             ` Brian Erdelyi
2015-02-02 18:45               ` Eric Voskuil
2015-02-02 19:58                 ` Brian Erdelyi
2015-02-02 20:57                   ` Joel Joonatan Kaartinen
2015-02-02 21:03                     ` Brian Erdelyi
2015-02-02 21:09                       ` Pedro Worcel
2015-02-02 21:30                         ` devrandom
2015-02-02 21:49                           ` Brian Erdelyi
2015-02-02 21:42                         ` Brian Erdelyi
2015-02-02 21:02                   ` Pedro Worcel
2015-02-03  7:38                   ` Eric Voskuil
2015-02-02 18:10         ` Brian Erdelyi
2015-02-02 18:07       ` Brian Erdelyi
2015-02-02 18:05     ` Eric Voskuil
2015-02-02 18:53       ` Mike Hearn
2015-02-02 22:54         ` Eric Voskuil
2015-02-03  0:41           ` Eric Voskuil

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALkkCJbk0czFj5mdMB6_0+Umw5V-fo-4tdBHgvg92zhyRZWiYQ@mail.gmail.com \
    --to=martin.habovstiak@gmail$(echo .)com \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    --cc=brian.erdelyi@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox