From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UWrXt-000320-Fu for bitcoin-development@lists.sourceforge.net; Mon, 29 Apr 2013 17:07:21 +0000 X-ACL-Warn: Received: from 2508ds5-oebr.1.fullrate.dk ([90.184.5.129] helo=mail.ceptacle.com) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1UWrXq-0006ua-Ib for bitcoin-development@lists.sourceforge.net; Mon, 29 Apr 2013 17:07:21 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.ceptacle.com (Postfix) with ESMTP id 57D662DEF1A6; Mon, 29 Apr 2013 18:51:04 +0200 (CEST) X-Virus-Scanned: amavisd-new at ceptacle.com Received: from mail.ceptacle.com ([127.0.0.1]) by localhost (server.ceptacle.private [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2L8H25O6M8sk; Mon, 29 Apr 2013 18:51:03 +0200 (CEST) Received: from [10.0.1.75] (2508ds5-oebr.1.fullrate.dk [90.184.5.129]) by mail.ceptacle.com (Postfix) with ESMTPSA id B9EED2DEF18F; Mon, 29 Apr 2013 18:51:02 +0200 (CEST) References: <517E8417.50400@privacyfoundation.de> <20130429162839.GA31932@petertodd.org> Mime-Version: 1.0 (1.0) In-Reply-To: <20130429162839.GA31932@petertodd.org> Content-Type: multipart/alternative; boundary=Apple-Mail-86A12B19-8627-47B4-9F01-D2F4D58A2A7D Content-Transfer-Encoding: 7bit Message-Id: <5B4F4F35-5FB3-45F9-B7E1-500D01CFA569@ceptacle.com> X-Mailer: iPhone Mail (10B329) From: Michael Gronager Date: Mon, 29 Apr 2013 18:50:59 +0200 To: Peter Todd X-Spam-Score: 1.3 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars X-Headers-End: 1UWrXq-0006ua-Ib Cc: "dev@lists.crypto-stick.org" , "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] Hardware BitCoin wallet as part of Google Summer of Code X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2013 17:07:21 -0000 --Apple-Mail-86A12B19-8627-47B4-9F01-D2F4D58A2A7D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Are you familiar with this: http://code.google.com/p/opencryptotoken/ It does ecc and as it is based on an atmel micro controller, adding a displa= y is pretty straight forward =20 Michael=20 On 29/04/2013, at 18.28, Peter Todd wrote: > On Mon, Apr 29, 2013 at 10:30:47PM +0800, Crypto Stick wrote: >> Crypto Stick is an open source USB key for encryption and secure >> authentication. >> We have been accepted as a mentor organization for Google >> Summer of Code (GSOC) 2013. One of our project ideas is to develop a >> physical BitCoin wallet according to >> https://en.bitcoin.it/wiki/Smart_card_wallet >=20 > A word of caution: hardware Bitcoin wallets really do need some type of > display so the wallet itself can tell you where the coins it is signing > are being sent, and that in turn implies support for the upcoming > payment protocol so the wallet can also verify that the address is > actually the address of the recipient the user is intending to send > funds too. The current Crypto Stick hardware doesn't even have a button > for user interaction. (press n times to approve an n-BTC spend) >=20 > Having said that PGP smart cards and USB keys already have that problem, > but the consequences of signing the wrong document are usually less than > the consequences of sending some or even all of the users funds to a > thief. You can usually revoke a bad signature after the fact with a > follow-up message. >=20 > Not to say hardware security for private keys isn't a bad thing, but the > protections are a lot more limited than users typically realize. >=20 >=20 > I will say though I am excited that this implies that the Crypto Stick > could have ECC key support in the future. >=20 > --=20 > 'peter'[:-1]@petertodd.org > --------------------------------------------------------------------------= ---- > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring servic= e=20 > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr= > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development --Apple-Mail-86A12B19-8627-47B4-9F01-D2F4D58A2A7D Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Are you familiar with this:


It does ecc and as it is based on an= atmel micro controller, adding a display is pretty straight forward  <= /span>

Michael 

On 29/04/2013, at 18.28, Peter Todd <pete@petertodd.org> wrote:

On Mon,= Apr 29, 2013 at 10:30:47PM +0800, Crypto Stick wrote:
Crypto Stick is an open source USB key for encryption a= nd secure
authenticat= ion.
We have been acc= epted as a mentor organization for Google
Summer of Code (GSOC) 2013. One of our project ideas is= to develop a
physica= l BitCoin wallet according to
https://en= .bitcoin.it/wiki/Smart_card_wallet
<= br>A word of caution: hardware Bitcoin wallets really do need some typ= e of
display so the wallet itself can tell you where the coi= ns it is signing
are being sent, and that in turn implies su= pport for the upcoming
payment protocol so the wallet can al= so verify that the address is
actually the address of the re= cipient the user is intending to send
funds too. The current= Crypto Stick hardware doesn't even have a button
for user i= nteraction. (press n times to approve an n-BTC spend)

Having said that PGP smart cards and USB keys already have that p= roblem,
but the consequences of signing the wrong document a= re usually less than
the consequences of sending some or eve= n all of the users funds to a
thief. You can usually revoke a= bad signature after the fact with a
follow-up message.

Not to say hardware security for private keys i= sn't a bad thing, but the
protections are a lot more limited= than users typically realize.


<= span>I will say though I am excited that this implies that the Crypto Stick<= /span>
could have ECC key support in the future.

--
'peter'[:-1]@petertodd.org
--------------------= ----------------------------------------------------------
T= ry New Relic Now & We'll Send You this Cool Shirt
New Re= lic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor= your
browser, app, & servers with just a few lines of c= ode. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2= d_apr
_____________________________________= __________
Bitcoin-development mailing list
= Bitcoin-develop= ment@lists.sourceforge.net
https://lists.sourceforge.ne= t/lists/listinfo/bitcoin-development
= --Apple-Mail-86A12B19-8627-47B4-9F01-D2F4D58A2A7D--