đź“… Original date posted:2015-02-02
đź“ť Original message:Martin,
Yes, the second signing could be done by a mobile device that I owned and controlled (I wasn't thinking that initially). I was thinking that online services are popular because of convenience and there should be a better way to address security (privacy issues not withstanding).
I think these are practical approaches and just doing a sanity check. Thanks for the vote of confidence.
Brian Erdelyi
Sent from my iPad
> On Feb 2, 2015, at 1:54 PM, Martin Habovštiak <martin.habovstiak at gmail.com> wrote:
>
> Good idea. I think this could be even better:
>
> instead of using third party, send partially signed TX from computer
> to smartphone. In case, you are paranoid, make 3oo5 address made of
> two cold storage keys, one on desktop/laptop, one on smartphone, one
> using third party.
> If it isn't enough, add requirement of another four keys, so you have
> three desktops with different OS (Linux, Windows, Mac) and three
> mobile OS (Android, iOS, Windows Phone), third party and some keys in
> cold storage. Also, I forgot HW wallets, so at least Trezor and
> Ledger. I believe this scheme is unpenetrable by anyone, including
> NSA, FBI, CIA, NBU...
>
> Jokes aside, I think leaving out third party is important for privacy reasons.
>
> Stay safe!
>
> 2015-02-02 18:40 GMT+01:00 Brian Erdelyi <brian.erdelyi at gmail.com>:
>> Another concept...
>>
>> It should be possible to use multisig wallets to protect against malware. For example, a user could generate a wallet with 3 keys and require a transaction that has been signed by 2 of those keys. One key is placed in cold storage and anther sent to a third-party.
>>
>> It is now possible to generate and sign transactions on the users computer and send this signed transaction to the third-party for the second signature. This now permits the use of out of band transaction verification techniques before the third party signs the transaction and sends to the blockchain.
>>
>> If the third-party is malicious or becomes compromised they would not have the ability to complete transactions as they only have one private key. If the third-party disappeared, the user could use the key in cold storage to sign transactions and send funds to a new wallet.
>>
>> Thoughts?
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Brian Erdelyi [ARCHIVE] /
npub1ta…j25sq
2023-06-07 15:29:21
in reply to nevent1q…u4tk
Author Public Key
npub1tatcq4sq4leywpxwgqd90eut5933h62lrrnzu28mx95w80s75hzspj25sqSeen on
wss://relay.nostr.bandPublished at
2023-06-07 15:29:21Event JSON
{
"id": "b0f4ef1e39d67bd8c8d4a173157248a8bec68855e5cebf988ab4e846814a7503",
"pubkey": "5f57805600aff24704ce401a57e78ba1631be95f18e62e28fb3168e3be1ea5c5",
"created_at": 1686151761,
"kind": 1,
"tags": [
[
"e",
"541657d412739d9d2a5bc263564b0f2ef650e16ac828484a06cbef551e18c76c",
"",
"root"
],
[
"e",
"d619167577a26129ff2ed5e83e9943d4eab0f389ca5369f036fb502f55779792",
"",
"reply"
],
[
"p",
"5f57805600aff24704ce401a57e78ba1631be95f18e62e28fb3168e3be1ea5c5"
]
],
"content": "📅 Original date posted:2015-02-02\n📝 Original message:Martin,\n\nYes, the second signing could be done by a mobile device that I owned and controlled (I wasn't thinking that initially). I was thinking that online services are popular because of convenience and there should be a better way to address security (privacy issues not withstanding).\n\nI think these are practical approaches and just doing a sanity check. Thanks for the vote of confidence.\n\nBrian Erdelyi\n\nSent from my iPad\n\n\u003e On Feb 2, 2015, at 1:54 PM, Martin Habovštiak \u003cmartin.habovstiak at gmail.com\u003e wrote:\n\u003e \n\u003e Good idea. I think this could be even better:\n\u003e \n\u003e instead of using third party, send partially signed TX from computer\n\u003e to smartphone. In case, you are paranoid, make 3oo5 address made of\n\u003e two cold storage keys, one on desktop/laptop, one on smartphone, one\n\u003e using third party.\n\u003e If it isn't enough, add requirement of another four keys, so you have\n\u003e three desktops with different OS (Linux, Windows, Mac) and three\n\u003e mobile OS (Android, iOS, Windows Phone), third party and some keys in\n\u003e cold storage. Also, I forgot HW wallets, so at least Trezor and\n\u003e Ledger. I believe this scheme is unpenetrable by anyone, including\n\u003e NSA, FBI, CIA, NBU...\n\u003e \n\u003e Jokes aside, I think leaving out third party is important for privacy reasons.\n\u003e \n\u003e Stay safe!\n\u003e \n\u003e 2015-02-02 18:40 GMT+01:00 Brian Erdelyi \u003cbrian.erdelyi at gmail.com\u003e:\n\u003e\u003e Another concept...\n\u003e\u003e \n\u003e\u003e It should be possible to use multisig wallets to protect against malware. For example, a user could generate a wallet with 3 keys and require a transaction that has been signed by 2 of those keys. One key is placed in cold storage and anther sent to a third-party.\n\u003e\u003e \n\u003e\u003e It is now possible to generate and sign transactions on the users computer and send this signed transaction to the third-party for the second signature. This now permits the use of out of band transaction verification techniques before the third party signs the transaction and sends to the blockchain.\n\u003e\u003e \n\u003e\u003e If the third-party is malicious or becomes compromised they would not have the ability to complete transactions as they only have one private key. If the third-party disappeared, the user could use the key in cold storage to sign transactions and send funds to a new wallet.\n\u003e\u003e \n\u003e\u003e Thoughts?\n\u003e\u003e ------------------------------------------------------------------------------\n\u003e\u003e Dive into the World of Parallel Programming. The Go Parallel Website,\n\u003e\u003e sponsored by Intel and developed in partnership with Slashdot Media, is your\n\u003e\u003e hub for all things parallel software development, from weekly thought\n\u003e\u003e leadership blogs to news, videos, case studies, tutorials and more. Take a\n\u003e\u003e look and join the conversation now. http://goparallel.sourceforge.net/\n\u003e\u003e _______________________________________________\n\u003e\u003e Bitcoin-development mailing list\n\u003e\u003e Bitcoin-development at lists.sourceforge.net\n\u003e\u003e https://lists.sourceforge.net/lists/listinfo/bitcoin-development",
"sig": "3247975100ad98c47ee8acc688ed57f8340d5d2341e041339ba5c94977fb8edff9b657febb1ae7aca4ed1a8a9a8e93eaca18e4c497a4f1a27c426751e3fb943d"
}