public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Peter Todd <pete@petertodd.org>
To: Crypto Stick <cryptostick@privacyfoundation.de>
Cc: bitcoin-development@lists.sourceforge.net, dev@lists.crypto-stick.org
Subject: Re: [Bitcoin-development] Hardware BitCoin wallet as part of Google Summer of Code
Date: Mon, 29 Apr 2013 12:28:39 -0400	[thread overview]
Message-ID: <20130429162839.GA31932@petertodd.org> (raw)
In-Reply-To: <517E8417.50400@privacyfoundation.de>

[-- Attachment #1: Type: text/plain, Size: 1466 bytes --]

On Mon, Apr 29, 2013 at 10:30:47PM +0800, Crypto Stick wrote:
> Crypto Stick is an open source USB key for encryption and secure
> authentication.
> We have been accepted as a mentor organization for Google
> Summer of Code (GSOC) 2013. One of our project ideas is to develop a
> physical BitCoin wallet according to
> https://en.bitcoin.it/wiki/Smart_card_wallet

A word of caution: hardware Bitcoin wallets really do need some type of
display so the wallet itself can tell you where the coins it is signing
are being sent, and that in turn implies support for the upcoming
payment protocol so the wallet can also verify that the address is
actually the address of the recipient the user is intending to send
funds too. The current Crypto Stick hardware doesn't even have a button
for user interaction. (press n times to approve an n-BTC spend)

Having said that PGP smart cards and USB keys already have that problem,
but the consequences of signing the wrong document are usually less than
the consequences of sending some or even all of the users funds to a
thief. You can usually revoke a bad signature after the fact with a
follow-up message.

Not to say hardware security for private keys isn't a bad thing, but the
protections are a lot more limited than users typically realize.


I will say though I am excited that this implies that the Crypto Stick
could have ECC key support in the future.

-- 
'peter'[:-1]@petertodd.org

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

  reply	other threads:[~2013-04-29 16:28 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-29 14:30 [Bitcoin-development] Hardware BitCoin wallet as part of Google Summer of Code Crypto Stick
2013-04-29 16:28 ` Peter Todd [this message]
2013-04-29 16:50   ` Michael Gronager

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130429162839.GA31932@petertodd.org \
    --to=pete@petertodd.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=cryptostick@privacyfoundation.de \
    --cc=dev@lists.crypto-stick.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox