1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1UWqwh-0007y1-KT
for bitcoin-development@lists.sourceforge.net;
Mon, 29 Apr 2013 16:28:55 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.161 as permitted sender)
client-ip=62.13.148.161; envelope-from=pete@petertodd.org;
helo=outmail148161.authsmtp.com;
Received: from outmail148161.authsmtp.com ([62.13.148.161])
by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1UWqwf-0000tT-9E for bitcoin-development@lists.sourceforge.net;
Mon, 29 Apr 2013 16:28:55 +0000
Received: from mail-c226.authsmtp.com (mail-c226.authsmtp.com [62.13.128.226])
by punt6.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id
r3TGSkWC088122; Mon, 29 Apr 2013 17:28:46 +0100 (BST)
Received: from petertodd.org (petertodd.org [174.129.28.249])
(authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r3TGSdgI002598
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Mon, 29 Apr 2013 17:28:42 +0100 (BST)
Date: Mon, 29 Apr 2013 12:28:39 -0400
From: Peter Todd <pete@petertodd.org>
To: Crypto Stick <cryptostick@privacyfoundation.de>
Message-ID: <20130429162839.GA31932@petertodd.org>
References: <517E8417.50400@privacyfoundation.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5"
Content-Disposition: inline
In-Reply-To: <517E8417.50400@privacyfoundation.de>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: db2e4b9b-b0e9-11e2-98a9-0025907ec6c5
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aQdMdAsUGUUGAgsB AmUbWlNeUlV7XWE7 ag1VcwRfa1RMVxto
VEFWR1pVCwQmQx9l cX1KBWBydwdDcXY+ ZEZgWngVCBZ4IEIv
SxxJR21TbHphaTUd TUlQJgpJcANIexZF bQUsUiAILwdSbGoL
NQ4vNDcwO3BTJTpY RgYVKF8UXXNDPjcm Sw8LBzhnN0wZbCIy
KVQ5I1oYEVpZO156 KVI7RRofPVc9DQpR G0wvSBREIlwMXWIs A0txWkITeAAA
X-Authentic-SMTP: 61633532353630.1020:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 174.129.28.249/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1UWqwf-0000tT-9E
Cc: bitcoin-development@lists.sourceforge.net, dev@lists.crypto-stick.org
Subject: Re: [Bitcoin-development] Hardware BitCoin wallet as part of Google
Summer of Code
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2013 16:28:55 -0000
--bg08WKrSYDhXBjb5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Apr 29, 2013 at 10:30:47PM +0800, Crypto Stick wrote:
> Crypto Stick is an open source USB key for encryption and secure
> authentication.
> We have been accepted as a mentor organization for Google
> Summer of Code (GSOC) 2013. One of our project ideas is to develop a
> physical BitCoin wallet according to
> https://en.bitcoin.it/wiki/Smart_card_wallet
A word of caution: hardware Bitcoin wallets really do need some type of
display so the wallet itself can tell you where the coins it is signing
are being sent, and that in turn implies support for the upcoming
payment protocol so the wallet can also verify that the address is
actually the address of the recipient the user is intending to send
funds too. The current Crypto Stick hardware doesn't even have a button
for user interaction. (press n times to approve an n-BTC spend)
Having said that PGP smart cards and USB keys already have that problem,
but the consequences of signing the wrong document are usually less than
the consequences of sending some or even all of the users funds to a
thief. You can usually revoke a bad signature after the fact with a
follow-up message.
Not to say hardware security for private keys isn't a bad thing, but the
protections are a lot more limited than users typically realize.
I will say though I am excited that this implies that the Crypto Stick
could have ECC key support in the future.
--=20
'peter'[:-1]@petertodd.org
--bg08WKrSYDhXBjb5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlF+n7cACgkQpEFN739thoy6GwCgiKsTO+OQ3XymW4sWtqNbdw+n
hFEAnAi2wfjvXhJBiuqC937xuKecW8kG
=Umue
-----END PGP SIGNATURE-----
--bg08WKrSYDhXBjb5--
|
