- Sep 29, 2015
- 2,424
- 6,410
Thanks @Tom Zander . I'm not letting you off the hook easy either, he he. I have to do the quote-answer-thing here.
By using Trezor and Bitcoin.com's wallet as examples, I try to explain the tradeoffs. I'm very clear about the different attack scenarios. Phone screenshots that is relevant to all phones asking you to write down a seed. And how entropy/randomness can be done better.
So you can make a new one, and use it the rest of your life? I guess this "pin" has to contain the same entropy/combinations that a 12 word seed has.
Again, if you press the activation button near an NFC antenna, you always risk to lose all your money.
That's the basic premise here.
[doublepost=1523998928,1523998217][/doublepost]This is not an attempt to create the most secure hardware wallet. It will be less secure than Trezor. The "vault" will be more secure than Bitcoin.com's wallet. The Ka-ching device on it's own, will be less secure than both Trezor and Bitcoin.com's wallet.
But it will be insane useful. And in many ways, more secure and better than a contactless VISA card.
[doublepost=1523999231][/doublepost]@Tom Zander
I'd like to hear more of your PIN solution. But it's a hard sell to demand a paper following the device from the factory. (#NOPUK)
								I'm not trying to make a Trezor! I'm trying to make something new. The status-quo has Trezors and phones. This is better in many ways. A 100% hardware wallet (what does that even mean) does not mean 100% security. That is not the goal.> We have to compare this to current phone wallets like Bitcoin.com's wallet and Trezor.
I hope you can challange the status-quo more than that.
You set out to create a 100% hardware wallet and the first thing you do is remove most of the benefits of this by making an internet connected device create the private keys.
By using Trezor and Bitcoin.com's wallet as examples, I try to explain the tradeoffs. I'm very clear about the different attack scenarios. Phone screenshots that is relevant to all phones asking you to write down a seed. And how entropy/randomness can be done better.
Thank you. The seeds, backups, phone apps is exactly what the user friendly Bitcoin.com wallet does today. Regarding the "lots of complex stuff", I have no idea what you talk about. And it does work without phone pairing. I listed the benefits of phone pairing.You have an awesome idea that has practically zero user interface (learning curve extremely flat) and you then go and make seeds, backups, phone apps and lots of complex stuff.
So you have to have a "factory pin" that can be exploited by a factory worker and kept like the "PUK" kode for phones (Ihate that).I'm arguing for no backups and a once in a lifetime re-pin (which addresses the trusting the hardware-makers issue). Are you sure that my suggestions are those of an overexcited expert? I don't let you off the hook that easy, the proposals I made will have the effect to make the user interface dead-easy. Saying I'm an bitcoin-expert is a weird defence.
So you can make a new one, and use it the rest of your life? I guess this "pin" has to contain the same entropy/combinations that a 12 word seed has.
Aha! This is a good question! The "normal" action can be just as destructive to the owner as the "destructive" action is. If a malicious actor or a bad written program takes all your money or erase your key, it will have the same outcome for the owner.Where this comparison falls down is that I can ask you to send me a payment and instead of taking your money I overwrite your private key. Your design makes a normal action and a destructive action have 100% the same user interface and priviledge levels (a botton press). Thats going to cause people pain.
Again, if you press the activation button near an NFC antenna, you always risk to lose all your money.
That's the basic premise here.
[doublepost=1523998928,1523998217][/doublepost]This is not an attempt to create the most secure hardware wallet. It will be less secure than Trezor. The "vault" will be more secure than Bitcoin.com's wallet. The Ka-ching device on it's own, will be less secure than both Trezor and Bitcoin.com's wallet.
But it will be insane useful. And in many ways, more secure and better than a contactless VISA card.
[doublepost=1523999231][/doublepost]@Tom Zander
I'd like to hear more of your PIN solution. But it's a hard sell to demand a paper following the device from the factory. (#NOPUK)
 
				
		