1
As per the title, what would be the safest way to run a Bitcoin wallet on a potentially untrusted device, such as a mobile phone? The question assumes the usage of bitcoinjs-lib (which allows, among the many, bip32, bip38 and bip39 features) and the ability for the user to spend his coins. I've tried to write down a potential flow
- seed generation with bip39
- (users backup the mnemonic and it's not stored on disk)
- generation of account "" (e.g. 0)
- derivation of the external chain (there's no need of 2 chains in this case)
- generation of an address (address X) to receive Bitcoin
- store the private key of address X, aes-256-cbc encrypted on disk, in case the user need to spend the coins
What would be the security implications of this approach? Any suggestion?
If the device is untrusted, what stops the device from reading the private key out of memory after you decrypt it? – Nick ODell – 2016-10-26T21:43:44.420
You are right.. first of all,users would be adviced to fed addresses hosted on that device time by time, exactly like we do with cash in our pocket.. that would be enough to discourage an attacker from wasting time for 10 dollars.. on the other hands, you could read priv key from memory in all bitcoin nodes in the world – youser – 2016-10-26T21:54:44.207
You can't run trusted code on an untrusted device, end of story. – Anonymous – 2016-10-29T09:49:05.310