From: Brian Erdelyi <brian.erdelyi@gmail.com>
To: "Martin Habovštiak" <martin.habovstiak@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware
Date: Mon, 2 Feb 2015 14:07:52 -0400 [thread overview]
Message-ID: <F8BA8BFA-94F3-4AD5-9A04-82193AD8B886@gmail.com> (raw)
In-Reply-To: <CALkkCJbk0czFj5mdMB6_0+Umw5V-fo-4tdBHgvg92zhyRZWiYQ@mail.gmail.com>
Martin,
Yes, the second signing could be done by a mobile device that I owned and controlled (I wasn't thinking that initially). I was thinking that online services are popular because of convenience and there should be a better way to address security (privacy issues not withstanding).
I think these are practical approaches and just doing a sanity check. Thanks for the vote of confidence.
Brian Erdelyi
Sent from my iPad
> On Feb 2, 2015, at 1:54 PM, Martin Habovštiak <martin.habovstiak@gmail.com> wrote:
>
> Good idea. I think this could be even better:
>
> instead of using third party, send partially signed TX from computer
> to smartphone. In case, you are paranoid, make 3oo5 address made of
> two cold storage keys, one on desktop/laptop, one on smartphone, one
> using third party.
> If it isn't enough, add requirement of another four keys, so you have
> three desktops with different OS (Linux, Windows, Mac) and three
> mobile OS (Android, iOS, Windows Phone), third party and some keys in
> cold storage. Also, I forgot HW wallets, so at least Trezor and
> Ledger. I believe this scheme is unpenetrable by anyone, including
> NSA, FBI, CIA, NBU...
>
> Jokes aside, I think leaving out third party is important for privacy reasons.
>
> Stay safe!
>
> 2015-02-02 18:40 GMT+01:00 Brian Erdelyi <brian.erdelyi@gmail.com>:
>> Another concept...
>>
>> It should be possible to use multisig wallets to protect against malware. For example, a user could generate a wallet with 3 keys and require a transaction that has been signed by 2 of those keys. One key is placed in cold storage and anther sent to a third-party.
>>
>> It is now possible to generate and sign transactions on the users computer and send this signed transaction to the third-party for the second signature. This now permits the use of out of band transaction verification techniques before the third party signs the transaction and sends to the blockchain.
>>
>> If the third-party is malicious or becomes compromised they would not have the ability to complete transactions as they only have one private key. If the third-party disappeared, the user could use the key in cold storage to sign transactions and send funds to a new wallet.
>>
>> Thoughts?
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
next prev parent reply other threads:[~2015-02-02 18:08 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-31 22:15 [Bitcoin-development] Proposal to address Bitcoin malware Brian Erdelyi
2015-01-31 22:38 ` Natanael
2015-01-31 23:04 ` Brian Erdelyi
2015-01-31 23:37 ` Natanael
2015-01-31 23:41 ` Natanael
2015-02-01 12:49 ` Brian Erdelyi
2015-02-01 13:31 ` Martin Habovštiak
2015-02-01 13:46 ` Mike Hearn
2015-02-01 13:54 ` Brian Erdelyi
2015-02-01 13:48 ` Mike Hearn
2015-02-01 14:28 ` mbde
2015-02-02 17:40 ` Brian Erdelyi
2015-02-02 17:54 ` Martin Habovštiak
2015-02-02 17:59 ` Mike Hearn
2015-02-02 18:02 ` Martin Habovštiak
2015-02-02 18:25 ` Mike Hearn
2015-02-02 18:35 ` Brian Erdelyi
2015-02-02 18:45 ` Eric Voskuil
2015-02-02 19:58 ` Brian Erdelyi
2015-02-02 20:57 ` Joel Joonatan Kaartinen
2015-02-02 21:03 ` Brian Erdelyi
2015-02-02 21:09 ` Pedro Worcel
2015-02-02 21:30 ` devrandom
2015-02-02 21:49 ` Brian Erdelyi
2015-02-02 21:42 ` Brian Erdelyi
2015-02-02 21:02 ` Pedro Worcel
2015-02-03 7:38 ` Eric Voskuil
2015-02-02 18:10 ` Brian Erdelyi
2015-02-02 18:07 ` Brian Erdelyi [this message]
2015-02-02 18:05 ` Eric Voskuil
2015-02-02 18:53 ` Mike Hearn
2015-02-02 22:54 ` Eric Voskuil
2015-02-03 0:41 ` Eric Voskuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F8BA8BFA-94F3-4AD5-9A04-82193AD8B886@gmail.com \
--to=brian.erdelyi@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=martin.habovstiak@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox