Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <c1.sf-bitcoin@niftybox.net>) id 1WUM5Z-00013Y-Cu
	for bitcoin-development@lists.sourceforge.net;
	Sun, 30 Mar 2014 20:12:17 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of niftybox.net
	designates 95.142.167.147 as permitted sender)
	client-ip=95.142.167.147;
	envelope-from=c1.sf-bitcoin@niftybox.net; helo=i3.hyper.to; 
Received: from i3.hyper.to ([95.142.167.147])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1WUM5V-0007lR-UN for bitcoin-development@lists.sourceforge.net;
	Sun, 30 Mar 2014 20:12:17 +0000
Received: from localhost (localhost [127.0.0.1])
	by i3.hyper.to (Postfix) with ESMTP id B3D9BE03CB
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 30 Mar 2014 22:12:07 +0200 (CEST)
Received: from i3.hyper.to ([127.0.0.1])
	by localhost (i3.hyper.to [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id kfxpEBxXSRs8
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 30 Mar 2014 22:12:04 +0200 (CEST)
Received: from [192.168.4.81] (70-36-136-78.dsl.dynamic.sonic.net
	[70.36.136.78]) by i3.hyper.to (Postfix) with ESMTPSA id EACCFE03C5
	for <bitcoin-development@lists.sourceforge.net>;
	Sun, 30 Mar 2014 22:12:03 +0200 (CEST)
Message-ID: <1396210321.27001.39.camel@mimiz>
From: devrandom <c1.sf-bitcoin@niftybox.net>
To: Bitcoin-development <bitcoin-development@lists.sourceforge.net>
Date: Sun, 30 Mar 2014 13:12:01 -0700
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.8.4-0ubuntu1 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1WUM5V-0007lR-UN
Subject: [Bitcoin-development] Securing hardware wallets
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 30 Mar 2014 20:12:17 -0000

I would like to solicit feedback on a whitepaper I wrote about securing
hardware wallets even if the hardware or software is compromised.  Let's
consider turning this into a BIP.

Abstract: With wide adoption hardware wallets present a very tempting
target. Once enough wealth is controlled by a specific hardware wallet
model, attacking the supply chain of the wallet becomes attractive.
Malware could be inserted in hardware or software. The random seed could
be generated in a way that is predictable to the attacker or the seed
could be leaked.

The paper describes a way for a "Warden" computer to manage a hardware
wallet in a way that protects the resulting private keys from
compromise.

https://github.com/devrandom/btc-papers/blob/master/hardware-wallet-security.md

-- 
Miron / devrandom