BItcoinjs - safest way to manage wallet on a potentially untrusted device

1

As per the title, what would be the safest way to run a Bitcoin wallet on a potentially untrusted device, such as a mobile phone? The question assumes the usage of bitcoinjs-lib (which allows, among the many, bip32, bip38 and bip39 features) and the ability for the user to spend his coins. I've tried to write down a potential flow

  1. seed generation with bip39
  2. (users backup the mnemonic and it's not stored on disk)
  3. generation of account "" (e.g. 0)
  4. derivation of the external chain (there's no need of 2 chains in this case)
  5. generation of an address (address X) to receive Bitcoin
  6. store the private key of address X, aes-256-cbc encrypted on disk, in case the user need to spend the coins

What would be the security implications of this approach? Any suggestion?

youser

Posted 2016-10-26T21:28:02.340

Reputation: 11

If the device is untrusted, what stops the device from reading the private key out of memory after you decrypt it?Nick ODell 2016-10-26T21:43:44.420

You are right.. first of all,users would be adviced to fed addresses hosted on that device time by time, exactly like we do with cash in our pocket.. that would be enough to discourage an attacker from wasting time for 10 dollars.. on the other hands, you could read priv key from memory in all bitcoin nodes in the worldyouser 2016-10-26T21:54:44.207

You can't run trusted code on an untrusted device, end of story.Anonymous 2016-10-29T09:49:05.310

No answers