1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <phantomcircuit@covertinferno.org>)
id 1QXHEl-0001qI-UH for bitcoin-development@lists.sourceforge.net;
Thu, 16 Jun 2011 18:24:15 +0000
X-ACL-Warn:
Received: from adsl-99-37-224-234.dsl.pltn13.sbcglobal.net ([99.37.224.234]
helo=covertinferno.org)
by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1QXHEl-0006LJ-0r for bitcoin-development@lists.sourceforge.net;
Thu, 16 Jun 2011 18:24:15 +0000
Received: from localhost (localhost [127.0.0.1])
by covertinferno.org (Postfix) with ESMTP id 47FB3F2
for <bitcoin-development@lists.sourceforge.net>;
Thu, 16 Jun 2011 11:24:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at covertinferno.org
Received: from covertinferno.org ([127.0.0.1])
by localhost (covertinferno.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id mmKo3eR50F35
for <bitcoin-development@lists.sourceforge.net>;
Thu, 16 Jun 2011 11:24:07 -0700 (PDT)
Received: from [192.168.1.100] (afca63.neoplus.adsl.tpnet.pl [95.49.52.63])
by covertinferno.org (Postfix) with ESMTPSA id BF56EBC
for <bitcoin-development@lists.sourceforge.net>;
Thu, 16 Jun 2011 11:24:06 -0700 (PDT)
Message-ID: <4DFA4A41.70104@covertinferno.org>
Date: Thu, 16 Jun 2011 20:24:01 +0200
From: phantomcircuit <phantomcircuit@covertinferno.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.2.17) Gecko/20110608 Lightning/1.0b3pre Thunderbird/3.1.10
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <BANLkTimZ5j7=1G89uRO9f7fHPdmDMpLMqg@mail.gmail.com> <BANLkTimV+0mSqqmLYJeTdvxhM2PjtyXXMw@mail.gmail.com>
<201106161418.48804.luke@dashjr.org>
In-Reply-To: <201106161418.48804.luke@dashjr.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 1.9 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.0 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.9 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1QXHEl-0006LJ-0r
Subject: Re: [Bitcoin-development] Development priorities
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 16 Jun 2011 18:24:16 -0000
On 06/16/11 20:18, Luke-Jr wrote:
> On Thursday, June 16, 2011 1:59:56 PM Jeff Garzik wrote:
>>> 2) Wallet security.
>> Agreed, though security professionals (and luke-jr) are already
>> pointing out the wallet crypto mainly eliminates a bit of bad PR,
>> rather than being a major crime deterrent.
>>
>> zooko on IRC had a pretty good suggestion: introduce a built-in
>> facility for air-gapped wallets (multiple wallets), so that loss of
>> your everyday transactional wallet does not mean loss of everything.
> Even if you do this, a cracker can still simply send your encrypted wallet to
> himself, secure-delete your local one, kill your client, and demand you
> publish your password if you want some portion of your coins back.
>
> I'm not sure there's *any* defense for an insecure PC. Maybe Bitcoin will end
> up forcing people to reconsider their priorities when it comes to security...
Jeff's scratch off branch modified to use email (as unique salt) and
password would eliminate the need for a static wallet.dat for 99% of the
userbase. This seems like a much better solution than encryption.
(Although obviously it's still vulnerable to key loggers).
|
