summaryrefslogtreecommitdiff
path: root/98/c8583895b035b24a273b3e3f170daa33d42350
blob: 606c710c140c50e55f7cf421393ac4e5c835abab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 3CFD63EE
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 30 Sep 2017 21:15:03 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from bitcoin.jonasschnelli.ch (bitcoinsrv.jonasschnelli.ch
	[138.201.55.219])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 3A69A43A
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 30 Sep 2017 21:15:02 +0000 (UTC)
Received: by bitcoin.jonasschnelli.ch (Postfix, from userid 1002)
	id 701DF15E15F3; Sat, 30 Sep 2017 23:15:01 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=RP_MATCHES_RCVD
	autolearn=disabled version=3.3.1
Received: from [10.0.1.11] (unknown [216.169.76.84])
	by bitcoin.jonasschnelli.ch (Postfix) with ESMTPSA id 97EE115E043F;
	Sat, 30 Sep 2017 23:15:00 +0200 (CEST)
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-Id: <19DF6343-462D-4C99-A526-B3A5A10E8F37@jonasschnelli.ch>
Content-Type: multipart/signed;
	boundary="Apple-Mail=_5C4E2050-A438-4E4D-8A4E-1CEED51744F7";
	protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Sat, 30 Sep 2017 14:14:44 -0700
In-Reply-To: <05caf783-cba2-b37a-0f28-2d0020386279@osc.co.cr>
To: Dan Libby <dan@osc.co.cr>
References: <e43c6e06-0bdc-360e-eb5c-a3726e4f0fc8@osc.co.cr>
	<96328209-9249-44BC-957A-4EF8DE014E2D@jonasschnelli.ch>
	<05caf783-cba2-b37a-0f28-2d0020386279@osc.co.cr>
X-Mailer: Apple Mail (2.3273)
X-Virus-Scanned: clamav-milter 0.99.2 at bitcoinsrv.jonasschnelli.ch
X-Virus-Status: Clean
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Paper Wallet support in bitcoin-core
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Sep 2017 21:15:03 -0000


--Apple-Mail=_5C4E2050-A438-4E4D-8A4E-1CEED51744F7
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

>=20
> uhh.... do you apply this logic to the bitcoin-core wallet itself?
> because clearly it generates keys and is intended to be used for =
signing
> in online environments.  Lots of real-world use-cases depend on that =
today.

The current Bitcoin Core wallet setup is not as ideal as it could be.
An good example is, that the wallet and the full node (the p2p logic on =
8333) do share the same process (same memory space).
AFAIK a lot of users use Core in watch-only mode and do the signing =
offline (offline / through HWWs).
Although, Core has currently no direct support for offline signing =
(expect the rawtx API which are pretty expert-ish).

The Core development process goes into that direction but it takes time =
due to the strict and extremely important code quality insurance.

>=20
> So if existing bitcoin-core wallet behavior is "ok" in any context =
then
> how is it any worse for it to generate a key/address that will not be
> stored in the internal wallet, and the user may do with it as they =
wish?
> That is all my proposed RPC call does and unlike the existing RPC =
calls
> it never even stores the key or address to disk.  It is also useful =
when
> run on an offline hardware device, such as a laptop connected to an
> non-networked printer.

IMO we should make it better not worse.
Paper wallets delude to do address reuse, the spending-procedure is =
unclear, and very likely insecure.
A quick photo-snapshot by an attack may result in a full compromised =
key.
Printer buffers, etc. are also something to worry here.

> Further, you mention the word trust.  That's the crux of the matter.  =
As
> a full node operator, I've already placed my trust in the bitcoin-core
> developers and dev/release practices.  Why exactly should I trust the
> software in this minimal offline hardware/os you mention if it is NOT
> bitcoin core?  And even if open source software, does that not at =
least
> double my workload/expense to audit theat software in addition to
> bitcoin-core?

I think Bitcoin Core does a great job there. But not sure about other =
security layers are outside of Core.
Especially your operating system.
The reason why we see a growing demand in hardware wallets is probably =
because people no longer trust in current available operating systems as =
well as current used desktop/laptop CPUs (like Intel wit it=E2=80=99s =
MME, etc.).

>=20
>> Users should have no way to view or export the private keys (expect =
for
>> the seed backup).
>=20
> I suppose that in your view then, dumpprivkey and dumpwallet RPCs =
should
> be removed from bitcoin-core to fit this paradigm?

Yes. That actually something we are considering (especially if we would =
allow BIP44 or other HD public key derivation forms).
Also, we heard of "support sessions=E2=80=9C on IRC where attackers told =
victims they must enter =E2=80=9Edumpprivkey=E2=80=9C in the Console and =
give them the output in order =E2=80=9Eto fix the problem=E2=80=9C.

> (Personally I actively avoid wallet software that takes this view and
> treat users like children, preventing individuals direct access to the
> keys for their own funds, which disempowers and sometimes results in a
> form of lockin)

I dislike that as well =E2=80=93 in general. But I guess most users like =
self-protection. Also, the user layer is attackable. If _you_ can access =
the private-keys, an attacker can do also. What most users want is a =
key-safe that only signs transactions which they could verify beforehand =
in a safe environment, and not a way to export private keys or something =
else that can touch the keys.


>> They should never leave the device over the channel used for the =
signing I/O. Users should have no way to view or export the private keys =
(expect for the seed backup). Backups should be encrypted (whoever finds =
the paper backup should need a second factor to decrypt) and the restore =
process should be footgun-safe (especially the lost-passphrase =
deadlock).
>=20
> Is there really nothing existing yet to address all of this?

The answer is probably: No (for now). But working towards this should be =
the focus.


---
/jonas


--Apple-Mail=_5C4E2050-A438-4E4D-8A4E-1CEED51744F7
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyhopCNzi8TB0xizeHrd2uwPHki0FAlnQCUQACgkQHrd2uwPH
ki0pDQ/6Auc67iHoPgx5UNQU5peWJxPnMFsL37G8bE6sq476nzMZ9Vs8Q0GkJX/1
b4Y5KO3mSCLL6XKzdo57qODQc1918JWxD2FFQ3SWKFY6fFsaYYkgpVLPIURTq8bu
I3zrsQohRboFQwpgYD0swLLF4V33WdQbCvW+n26CA7qPg20VqHwJwO01UtCYklQF
7abGaR+gc5hSWKOLz1gz4juq5nBJfkmRg+sNZsjKT35dwfB3UQtVzvKotYxOaGDj
vLEmRkMBSQMwZ3G8aWxFCB/d80EG6oCbcrTJaVf7/pYIimAmKf14J1TbFP1m4aq1
Xi7WNp2V0N1MrxqFYrozFnTrEbq1pirp00VeEQ+AGKh4+9z46bLcvdDAFYGeHM6l
UVSKVySObITsKIIp+qNHB//Nsaro+fCIzPB87Q9++8pD//2S6NYtUPqApVnKPDfV
74Sc8EyMazwKSM6zc5tKM0hgGNkTH3SRcomxp1WxMhqrjhqQtESka+oM5kj15/sa
1vio3le9zfHPAH4D/efmUjnJ4bHiM9W3TrYUfwjuSMQNDJqr9Y/qTuE7tI7eeLmZ
Hzavc5ERjBJBe7zaS/iJ5qMeymClZEtdGc+9s7fwqoaPCNvguIRWbOniVdvBf4q8
aKyKEg8Gopans4UbbPrgqtY3j8KPh3ADLWhyFDjN+ja0p365NEs=
=BVoM
-----END PGP SIGNATURE-----

--Apple-Mail=_5C4E2050-A438-4E4D-8A4E-1CEED51744F7--