Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1QXH9t-0002mD-9b for bitcoin-development@lists.sourceforge.net; Thu, 16 Jun 2011 18:19:13 +0000 X-ACL-Warn: Received: from zinan.dashjr.org ([173.242.112.54]) by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1QXH9o-0002ws-EQ for bitcoin-development@lists.sourceforge.net; Thu, 16 Jun 2011 18:19:13 +0000 Received: from ishibashi.localnet (fl-74-4-223-93.dhcp.embarqhsd.net [74.4.223.93]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id E4AD1560542 for ; Thu, 16 Jun 2011 18:19:00 +0000 (UTC) From: "Luke-Jr" To: bitcoin-development@lists.sourceforge.net Date: Thu, 16 Jun 2011 14:18:46 -0400 User-Agent: KMail/1.13.7 (Linux/2.6.39-gentoo; KDE/4.6.2; x86_64; ; ) References: In-Reply-To: X-PGP-Key-Fingerprint: CE5A D56A 36CC 69FA E7D2 3558 665F C11D D53E 9583 X-PGP-Key-ID: 665FC11DD53E9583 X-PGP-Keyserver: x-hkp://subkeys.pgp.net MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201106161418.48804.luke@dashjr.org> X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1QXH9o-0002ws-EQ Subject: Re: [Bitcoin-development] Development priorities X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2011 18:19:13 -0000 On Thursday, June 16, 2011 1:59:56 PM Jeff Garzik wrote: > > 2) Wallet security. > > Agreed, though security professionals (and luke-jr) are already > pointing out the wallet crypto mainly eliminates a bit of bad PR, > rather than being a major crime deterrent. > > zooko on IRC had a pretty good suggestion: introduce a built-in > facility for air-gapped wallets (multiple wallets), so that loss of > your everyday transactional wallet does not mean loss of everything. Even if you do this, a cracker can still simply send your encrypted wallet to himself, secure-delete your local one, kill your client, and demand you publish your password if you want some portion of your coins back. I'm not sure there's *any* defense for an insecure PC. Maybe Bitcoin will end up forcing people to reconsider their priorities when it comes to security...