Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: ALL of my bitcoins stolen (Around 60) . What the F*CK.
by
xanatos
on 27/06/2011, 18:15:20 UTC
Quote from: dukejer on June 27, 2011, 05:48:34 PM
Quote from: xanatos on June 27, 2011, 05:07:59 PM

The cheapest android device is 99€ here in italy. It can be used as a "close" system. You install a thin client, install the fat client on your PC and keep on your PC the encrypted private keys (AES encrypted). These keys are downloaded from the android and decrypted by the cell phone on demand (your phone have the AES key). The PC needs "rearming" if the AES key sent is wrong. The AES key on your phone is PIN protected. You can send from your PC to your cell phone the public keys of persons you want to pay. You want to pay someone? In some "sicure" way you send the public key of the person to your cell phone, use the key to decrypt, and send the signed transaction to your PC. You don't use the phone in any other way than a client of bitcoin. You don't put a sim in the phone. You don't browse internet. Done.

Why even download the private key from the Android device instead of leaving them on the Android device? I think for this to work the Android device would have to be locked down very tight which maybe hard if it is connected to the PC using USB.  All it would take is for a hacker or virus to know it exists and root the device from the PC.  A device with Ethernet and only a listening API would be more secure to the PC.  I am also not sure if I would trust the Android device on Wifi.  The PC could send a transmit BTC request to the Android device with the recipient public key and amount.  After the user enters his pin or password on the Android device it would sign the transaction and transmit it to the PC like it was a Bitcoin node to pass on to the Internet.

-Dukejer

You don't connect the Android to the PC with a cable. You use Wi-Fi or Bluetooth. You don't keep the private key on the cellular because it can be easily stolen. Stealing the PC AND the cellular is more complex (you can easily hide the cellular when you don't need it). Yes, it's perhaps possible to hack a cellular through wi-fi, but it's quite complex, and it's model-by-model. There isn't a single-hack that works for everything. It isn't totally fool-proof but it raises the difficulty of an hack very much. Especially if you consider that economical Android cellulars will multiply in the next year or so.