- May 11, 2014
Except you'll most likely not have to use it more than once a year, depending on the frequency with which you change or lose your mobile devices... still more convenient than paper wallets by an order of magnitude.Uh so basically, same as storing a private key for a wallet somewhere safe?
That's interesting but I was thinking more along the lines of somebody creating a Trezor like device specifically for Darkcoin, which also includes the other features such as Darksend and iX...Modifying trezor's firmware to support darkcoin is trivial.
Getting that firmware to install on a trezor without enabling developer mode would require the cooperation of satoshilabs.
(Only they can generate a signature for the new firmware that a trezor will accept.)
Then mytrezor.com would have to be forked/updated.
But, I suspect that satoshilabs is going to implement BIP44 eventually. This would enable support for any coin type.
Great minds think alikeExactly my thoughts. Maybe evan is referring to some advanced multisignature technology?
I think this is going to be built into darkcoin protocol. No centralization hereAm trying to understand the proposal: We have Darkcoin, a decentralized currency, and proposal is to hook this up to a certain kind of centralized 2FA solution? Or is the proposal to build this feature into Darkcoin itself? If hooking up to a centralized 2FA solution, what does this do with anonymity? What if some party shuts down the centralized 2FA solution, we cannot transact using DRK anymore?
I got triggered by the last line of Evans proposal, it read to me like some external service will be used:I think this is going to be built into darkcoin protocol. No centralization here
''would''…. When…Just saw this. I'm a little amused that this was posted 3 days after I lost everything in my own Darkcoin wallet - I wonder if I was any part of that xD
Fantastic work Evan. If you pull this off... I can't imagine how game-changing that would be.
I was stupid and didn't set a password. I now know for sure that I was hit by some software threat because my lost coins recently moved. I talked about it in this thread.Sorry to hear about your DRK, if you don't mind the question did your password get compromised or did you not have backups and your computer data got corrupted? I hope you managed to recuperate your coin.
Actually, you can configure a yubikey to generate a one time password (OTP) in a similar process to google authenticator. I'm currently playing with the yubikey, and while I won't say it is the perfect solution, I think the idea of having the option of adding 2FA should be based on something like the yubikey or Authenticator.As Darkchild mentioned a bit ago, FIDO seems to hold promise. I have really appreciated my Yubikey, and the freedom it gives me to walk into an Internet cafe and not have to worry about my passwords being sniffed. On the other hand, it is something of a concern that their servers must be operational to authenticate my device, even though they cannot see my interactions. It looks like FIDO avoids that problem, though I will need to understand it better to be convinced.
I suspect that the master node network would be capable of serving the same service using FIDO and this device: https://www.yubico.com/products/yubikey-hardware/fido-u2f-security-key/
As FIDO is an open standard, I suspect its implementation would be almost trivial for someone who knew what they were doing, and that any number of similar devices will be available.
I whole-heartedly agree, HammerHedd! The "something you know-something you have" model of security is the way to go (IMHO).Actually, you can configure a yubikey to generate a one time password (OTP) in a similar process to google authenticator. I'm currently playing with the yubikey, and while I won't say it is the perfect solution, I think the idea of having the option of adding 2FA should be based on something like the yubikey or Authenticator.
Simply logging in to your wallet and having that login be verified by a third party server creates a time signature that could then be matched to any transactions you make. although Darksend mitigates this to an extent, if I know you logged on to your wallet at 0711 UTC and then I see a bunch of darksend transactions for the next 4 minutes, I can make an assumption that one of those is yours. Instead of trying to sort out darksend transaction, I can then look at transactions to known entities, like exchanges, and see if any of those match.
This is all highly theoretical, but why create a potential vulnerability?
IMHO the 2FA should be something you ACTUALLY have, not something a third party has. And as always, I'm a huge advocate of flexibility in enabling users to manage their own anonymity as much as possible.
Will read, thanks!Ran into this paper: Two-factor authentication for the bitcoin protocol
Section 3.2 describes how this can be implemented in the existing protocol using multisig as already stated by fernando and vertoe.
I think InstantX is probably going to be next for testing. This announcement about 2Fa was like weeks ago, the news just now caught up with it.Not to throw cold water on the 2Fa discussion.. but shouldn't we implement instantX first?
I thought since Evan had a POC already working for instantX that implementation on testnet was imminent.