Personally, I think QR code
video is a great solution. But that's significantly more challenging than simple QR codes. And so far, Armory doesn't have a utility for scanning even regular QR codes. It will have to be a robust solution, because there might be
megabytes of data to transfer (could be fixed if we had something like
SIGHASH_WITHINPUTVALUE).
Hmm, good point. However, in the general case, a display cycling some 1-8 QR codes must surely be sufficient? I just aimed my phone camera at
this QR code on Wikipedia, with some 1800 bytes, and it nailed it without blinking. I can't tell how many percent of transactions would be smaller than 6-7 kilobytes, but I imagine it would be the overwhelming majority.
So while there may be cases where this mode of communication is not available, is that a reason to exclude it from the 95%-98% of typical cases?
Also, I was hesitant to implement something that requires the user to have multiple webcams, and have their webcam drivers setup, and then try to figure out what to point where and when, and have wires everywhere. It's doable, but it's also not necessarily user-friendly.
Is that really the case? The communication would be one-way, there's no need for ACKs as the receiving computer can read the sending screen until all codes have been read. No need for a two-way protocol. There's an operator there, after all, who is alerted to when the data transfer is complete in some way.
That doesn't mean we shouldnt' do it, it's just that it's not a perfect solution for a general purpose tool. I'd rather people use USB, than get fed up with something complicated they can't get working and forego offline wallets entirely.
I totally agree that usability is key, and that secure usability is one of the bitcoin ecosystem's big problems right now - I'd even call it a showstopper until that problem is solved. However, Armory is already halfway to the point of solving this specific problem with its configurable user levels of advancedness.
However, we have more resources on our team now... we may be able to prioritize it. Right now we have an audio cable solution in the works, which also utilizes an analog channel which should be pretty darned secure. But it's not ready yet.
An audio channel is a clear improvement over a USB key, but still hijackable as a side channel in the dire case malware has found its way onto the computers: all operating systems I know of allow for multiplexing several simultaneous applications to/from audio. However, in the same vein, webcam access and screen real estate is exclusive to one application, giving an advantage to the operator knowing that Armory has exclusive control of the communications channel?
Oh, and also, I almost forgot: Thank you for this great piece of software.
Cheers,
Rick
