Banks are safe because they're insured. The 2fa pin code on credit/debit
cards where most fraud occurs doesn't help much.
I've got preliminary plans for a credit card sized device with pin buttons
that can receive data over NFC and do transaction signing. I plan to expand
on this a bit next year.
So you could put your savings into a 2of3 account with one key on your
device, another on this 2fa device and another in a safe somewhere just in
case.
You could then draft a transaction on your phone with key 1 tap it against
the 2fa nfc card enter the pin and sign with your second, then push the
signed tax back to the phone where it can be broadcast.
But still if your os is compromised then this doesn't help much.
There might be something to be said for keeping the key in memory on
windows and making the user re enter it on every boot. Keep the mpk saved
on disk only.
Disk is certainly easier to steal the seed from than memory would be.
Thanks
Bob
On 10 Dec 2013 10:11, "Adam Gibson" <ekaggata@???> wrote:
> Great stuff.
> I have a comment about one thing. We were chatting about it last night at
> Macao:
>
> >If your OS is compromised, then you're already fucked.
>
> There's a nuance here, right. In my opinion, however much I hate banks, I
> think over the last few years they have got this right. 2FA is a solution
> to the OS compromise issue, BUT it doesn't work if the second factor is on
> the same machine, or in the cloud (yes, sure a google 2FA can be basically
> effective but only because of the nightmarishly huge power such a
> corporation can wield, and even then it's not 100%), or if it's network
> enabled.
>
> The only 2FA that really works is the completely "cold" separate device,
> not even capable of talking to any other device. That's what most banks use
> nowadays.
>
> Maybe it's not a practical thought; who is going to make and distribute
> such devices? A funny scenario might be to find a way to allow people to
> use their HSBC or Barclays 2FA device on their dark wallet to help them buy
> stuff on silk road :)
>
>
>
> On Tue, Dec 10, 2013 at 8:58 AM, Amir Taaki <genjix@???> wrote:
>
>> https://wiki.unsystem.net/index.php/DarkWallet/Intro
>>
>> sick of typing - will finish at later dates. basic bullets are there
>> though
>>
>>
>> _______________________________________________
>> unSYSTEM mailing list: http://unsystem.net
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>>
>>
>
> _______________________________________________
> unSYSTEM mailing list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>
>