Hi Adam - the conversation was pretty open regarding the factor / channel used
to sign at the bottom. No argument from me and I agree completely that
hardened single purpose computers are more secure than desktop browsers,
browser extensions, SMS, or mobile apps when involved in multisig
authorization. The point below was that risks with other channels are far
higher if auth data is input from two channels through one, such as entering a
2FA phone token and desktop password into the same desktop browser session -
MITM phishing attack on websites that bypasses phone 2FA as an example,
serendipitously timed yet tragic example of this scam with coinbase today:
https://www.reddit.com/r/Bitcoin/comments/2ungby/fuck_i_just_got_scammed/
On the topic of hardened single purpose computers, and I mean no offense to our
friends at Trezor, Case, or similar but I think the future of this type of
security approach with bitcoin is extremely bright. It’s just far more likely
to involve chips integrated directly in PC / Mac motherboards and mobile
devices / wearables where signing is done in the hardware inaccessible to the
OS or BIOS. This is a way for mainstream users to use bitcoin securely,
integrate it with apps running from popular OS’s and get bitcoin into the
internet on a very granular level, and Joe six pack and Sally soccer mom never
even know they are using multisig. It took 20+ years for people to get used to
cards vs. cash. The telephone took 50 years to catch on and become cost
competitive. I think the key is making it invisible to the user.
From: Adam Weiss <a...@signal11.com>
Reply: Adam Weiss <a...@signal11.com>>
Date: February 3, 2015 at 12:25:20 PM
To: Will <will.mad...@novauri.com>>
Cc: bitcoin-development@lists.sourceforge.net
<bitcoin-development@lists.sourceforge.net>>
Subject: Re: [Bitcoin-development] Subject: Re: Proposal to address Bitcoin
malware
Using a desktop website and mobile device for 2/3 multisig in lieu of a
hardware device (trezor) and desktop website (mytrezor) works, but the key is
that the device used to input the two signatures cannot be in the same band.
What you are protecting against are MITM attacks. The issue is that if a
single device or network is compromised by malware, or if a party is connecting
to a counterparty through a channel with compromised security, inputing 2
signatures through the same device/band defeats the purpose of 2/3 multisig.
Maybe I'm not following the conversation very well, but if you have a small
hardware device that first displays a signed payment request (BIP70) and then
only will sign what is displayed, how can a MITM attacker do anything other
than deny service? They'd have to get malware onto the signing device, which
is the vector that a simplified signing device is specifically designed to
mitigate.
TREZOR like devices with BIP70 support and third party cosigning services are a
solution I really like the sound of. I suppose though that adding BIP70
request signature validation and adding certificate revocation support starts
to balloon the scope of what is supposed to be a very simple device though.
Regardless, I think a standard for passing partially signed transactions around
might make sense (maybe a future extension to BIP70), with attention to both PC
<-> small hardware devices and pushing stuff around on the Internet. It would
be great if users had a choice of hardware signing devices, local software and
third-party cosigning services that would all interoperate out of the box to
enable easy multisig security, which in the BTC world subsumes the goals of 2FA.
--adam
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
