I have been for some time experimenting with yubico NEO key:
https://www.yubico.com/products/yubikey-hardware/yubikey-neo/
The key has both USB HID and NFC interfaces which means it can interface to a
PC and NFC enabled mobile phone. It is based on a smart card temper resistant
secure element that can be programed in JavaCard. Plus, it has a button that
can be used to approve transactions.
I have already implemented btc key generation and transaction signing functionality
protected by PIN. The functionality can be run on NEO but also on contact or
contact-less smart card based on the same SE. Working now on Android app.
So the scenarios described below by Bob are already possible if you chose to use
hardware token like NEO to secure the wallet keys.
Let me know if you need more details or would be interested to explore possibilities
of using it.
Cheers,
Ptr
On Tue, December 10, 2013 12:00, Robert Williamson wrote:
> Banks are safe because they're insured. The 2fa pin code on credit/debit
> cards where most fraud occurs doesn't help much.
>
> I've got preliminary plans for a credit card sized device with pin buttons
> that can receive data over NFC and do transaction signing. I plan to expand
> on this a bit next year.
>
> So you could put your savings into a 2of3 account with one key on your
> device, another on this 2fa device and another in a safe somewhere just in
> case.
>
> You could then draft a transaction on your phone with key 1 tap it against
> the 2fa nfc card enter the pin and sign with your second, then push the
> signed tax back to the phone where it can be broadcast.
>
> But still if your os is compromised then this doesn't help much.
>
> There might be something to be said for keeping the key in memory on
> windows and making the user re enter it on every boot. Keep the mpk saved
> on disk only.
>
> Disk is certainly easier to steal the seed from than memory would be.
>
> Thanks
> Bob
> On 10 Dec 2013 10:11, "Adam Gibson" <ekaggata@???> wrote:
>
> > Great stuff.
> > I have a comment about one thing. We were chatting about it last night at
> > Macao:
> >
> > >If your OS is compromised, then you're already fucked.
> >
> > There's a nuance here, right. In my opinion, however much I hate banks, I
> > think over the last few years they have got this right. 2FA is a solution
> > to the OS compromise issue, BUT it doesn't work if the second factor is on
> > the same machine, or in the cloud (yes, sure a google 2FA can be basically
> > effective but only because of the nightmarishly huge power such a
> > corporation can wield, and even then it's not 100%), or if it's network
> > enabled.
> >
> > The only 2FA that really works is the completely "cold" separate device,
> > not even capable of talking to any other device. That's what most banks use
> > nowadays.
> >
> > Maybe it's not a practical thought; who is going to make and distribute
> > such devices? A funny scenario might be to find a way to allow people to
> > use their HSBC or Barclays 2FA device on their dark wallet to help them buy
> > stuff on silk road :)
> >
> >
> >
> > On Tue, Dec 10, 2013 at 8:58 AM, Amir Taaki <genjix@???> wrote:
> >
> >> https://wiki.unsystem.net/index.php/DarkWallet/Intro
> >>
> >> sick of typing - will finish at later dates. basic bullets are there
> >> though
> >>
> >>
> >> _______________________________________________
> >> unSYSTEM mailing list: http://unsystem.net
> >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
> >>
> >>
> >
> > _______________________________________________
> > unSYSTEM mailing list: http://unsystem.net
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
> >
> >
-----BEGIN PGP MESSAGE-----
Version: CounterMailEngine v1.1
hQEMA3fxh1/IWmVeAQf/QGP575p3/2cvTQdP/iR/XacZlf1bozpkREI0C8tlUPSq
Ffyc59sixC6G4OBjuVtknob+bzlDIh9gnCktHVyILKWJEL7klYqi0V9OUI2Izaw2
bqpt/GwIdzSDiGSVESOWPuCDe7fNwIltYTp8jOKKiGzp7Dx7b47yS8CbHsZTrZ8B
UdPO6xG3WBW9BFCuc4ZXYauRTCwugDIB2OArAXiEgCz1j4u388+sJ8NT3en5pUkk
buFqVFaejoSSr439tKXtxeVPhkuuVy8t6aU7d9OKVoc7gobw+kfOs89PiNG8ITMi
yTykMriE5uaP76wRfb1GptC0cqB+e++mXKtcr3ob6tKXATQyNMnr1Aq+Ypus+PRZ
C7ZOxuQK6DoFzPWLjPXaCN+iauPzleaUOxumQVl9d8SjIVW5mxKVzmCPRgIkH+o1
paMXmNxBsCD0I66GrZTGZMDe44U8dKOnB0ErLS+6kmfeo3sZGLyf9Wpq2W/JKbpC
XZWl1I22t1qgMCu+QD8ll/sa8NpzqtQx0vXka5pxAABGU+sYEZcGZw==
=V1JG
-----END PGP MESSAGE-----
::
Re: [unSYSTEM] DarkWallet Whitepape…
