Bitcoin Q&A: 2FA and secure hardware


[AUDIENCE] Hey, Andreas.
Thank you so much for everything that you’ve done
for the Bitcoin community and open blockchains.
My question is, how secure is Google Authenticator?
Can they hack [your wallet] as a middleman? Thank you.
That is a great question. Google Authenticator is a
one-time password, two-factor authentication system…
that has a security key installed on your phone.
How secure that is, depends
on how secure the phone is.
If you put Google Authenticator on an Android 5.0
phone that doesn’t have a hardware security module,
or as it is called in Apple terms the Secure Element,
then that key is floating around in memory.
Other applications that you may have downloaded
and allowed far too wide permissions…
can reach into the memory, pull that private key,
and then they have your second factor.
You hear all of that and… this is exactly the problem
with the point at which a regular user says,
“Well, screw that! I’m not using two-factor then.
I will just use one factor because clearly…
as Andreas just said, this Google Authenticator
(in one obscure scenario) could be compromised.”
The truth is, using [two-factor authentication] will make you thousands of times more secure than not using it.
The alternative is doing something else like
SMS two-factor, which is far more vulnerable.
Most people have devices that are quite secure.
Smartphones nowadays are quite robust
devices, they’re not as easy to hack.
Your smartphone is probably the most secure device
you have, [enough] to store keys for small amounts.
Having two-factor versus not having two-factor is the
[choice here]. Yes, there are obscure vulnerabilities.
Better yet, use a hardware one-time password two-factor
device, like YubiKey. Google is [also] making one.
These are hardware devices that store signing keys.
My laptop has [one of these things plugged in] on
the edge, I just have to tap it when I want to login.
That is better than [Google Authenticator], but both
of those solutions are thousands of times better…
than not [using two-factor authentication].
That is really the calculation you need to think about.
[AUDIENCE] My name is Karen. The project I work on
is out in border towns and frontier markets.
Some of the places we [work in] are tough.
One of the things we are running up [against] is the
complete lack of affordable hardware security.
We know of people in the space who are working
on this, but sub-$10 cards don’t exist [right now].
Even then, on-boarding merchants who are
fairly sophisticated, that use feature phones…
with SIM cards for online banking,
but they still can’t access credit…
This is the kind of security things that
I deal with, day-in and day-out.
[ANDREAS] Absolutely. The simple answer is,
you have to wait. We’re not ready for that yet.
That doesn’t mean it’s not coming.
Judging the technology or the market by what is
available today, misses the evolution of this technology.
We’re talking about a technology that, like
many others, is affected by Moore’s Law;
affected by exponential trends in development, interaction between multiple different projects,
that all push together in lowering the cost
of electronics and consumer devices.
If you miss that point, you will judge it the wrong way.
In the early ’90s, if you looked at who owned
cellphones, when they were the size of a suitcase…
I had a cell phone in 1991, it was big [with an antenna],
and the battery lasted for an awesome fifteen minutes.
I had it because my job paid for it, [otherwise]
I can guarantee you I couldn’t afford it.
The only people I knew who had
cellphones at the time were millionaires.
What’s ironic is, if you had [judged]
cellphones at that time, you would think,
‘This tool isn’t helping the people who need help!’
But this tool will cost ten dollars in twenty years.
In fact, it goes from being a status symbol
of the rich to being the exact opposite:
the status symbol today, if you’re rich enough,
is that you don’t have a cellphone.
You have a secretary carrying a cellphone next to you.
Rich people don’t wear Bluetooth headsets.
That is the transition of technology, from ultra-exclusive
to ultra-available for everyone, with a drop in price.
The first hardware wallet I bought? I paid a bitcoin for it.
[ALENA] Thank you! [ANDREAS] You’re welcome, Alena.
[Laughter] It was worth it.
But that’s not the price at which we
[will] take this market mainstream.
There are some hardware wallets that are dropping
in price, to $20 or $30. I hope we’ll see more of those.
[AUDIENCE] My question is a little bit different.
It is related to the architecture. [ANDREAS] Please.
[AUDIENCE] Earlier this year in January, the
Meltdown and Spectre vulnerabilities came up.
Computer researchers and scientists found flaws in
processors and the ability to secure the enclave.
[ANDREAS] Yes.
[AUDIENCE] If we look at the price of crypto-coins,
at that [time] they plunged into a ‘Dotcom’-like crisis.
My question is, do you believe that we need to solve
computing insecurity with trusted entities…
and shared environments, before we will come out
with architecture for business-to-business (B2B)?
[ANDREAS] Yes, that is a good question. Trusted
execution environments allow us to trust that…
our own computer is not [being hacked] while
we are using it. I don’t trust my own computer.
Fortunately, the most effective solutions with
cryptocurrencies are low-tech and offline,
such as storing back-up seeds with English words.
Before we had [mnemonic seeds], we used
paper wallets. Now we have hardware wallets.
While the hardware wallets may have problems
with the trusted execution environment,
they interact with the outside word (i.e. your laptop)
through a very narrow, well-defined channel.
Usually a USB-Serial channel,
which has a very specific protocol.
It is difficult, without [physical] access to
the hardware, to compromise it remotely.
[For the most part], we don’t need a
fully trusted execution environment…
to deliver high levels of security and
privacy on peer-to-peer networks.
Fortunately, not [yet].

12 thoughts on “Bitcoin Q&A: 2FA and secure hardware

  1. What's that? There's a $20 hardware wallet? I thought I missed out on the Black Friday 50% Nano S deal. Now where is this $20-$30 Hardware wallet? Guess I can wait. I still didn't buy any coins yet. Guess I'm still waiting for this meltdown to finish. Thanks for another quick and honest vid.

  2. RE: 7:45 … I'd like to point out that most hardware wallets do not "improve privacy" but, on the contrary, usually reduce a user's privacy when compared to a good software wallet like Electrum. A hardware wallet like TREZOR for example will export your xpub key in a web app or to myetherwallet.com, malware on your computer, etc. A bitcoin xpub for.example will expose all of your previous and future transactions to anyone with access. If an attacker observes your IP address at the same time (especially if you are at home, logged into some network associated with your identity, etc) — they will have tremendous amounts of clustering metadata to deanonimize your transactions.

    One can hiwever use the TREZOR with Electrum for Bitcoin transactions. This will improve your privacy if you trust the backend server. You can also use Tor, which will obfuscate your IP address.

    Note: none of this affects the hardware wallet's ability to secure your private keys. Reputable hardware wallets work great for this purpose.

    One can make an argument that privacy and security are interdependent in the situation where an attacker might target you directly based on leaked information.

    One final comment: in the situation of Monero, hardware wallets directly interact with the full-node software, so they offer nearly identical privacy. Which is good.

  3. Good video. More useful videos like this should propagate the crypto sphere. I think we lost our way as crypto enthusiasts (not the crypto projects themselves) in 2017 where price and moon talk was all you heard. In 2018 it's not better, still all the talk is about prices, prices or prediction of prices, "when next moon bull run, etc, etc. It's all "white noise". Personally, I'd like more videos of substance like this one and adoption, etc.. Keep up the good work Andreas!

  4. Praying and hoping that an economic downturn alone will automatically translate into a rise of value in crypto is fallacious at best: Crypto as a storage of value has several major hurdles to overcome to actually compete and perhaps overtake fiat/digital fiat, credit cards and other traditional access to liquidity, loans & credit. Acquiring crypto, spending crypto and cashing out of crypto is far from being stupidly easy – and it needs to become "stupid easy" before we will see masses (and their transferable assets) migrate said assets from one system to another – case in point: silver and gold – hoarders and dreamers dying to see a zombie and/or nuclear apocalypse thinking that only precious metals will then allow them to buy fuel and bread while these assets skyrocket to the moon is just plain dumb – Do I need to remind everyone why this is stupid?!? Crypto, on the other hand, has real potential of establishing itself as part of a serious international trade system, however, building an easily accessible & usable transactional systems around this asset class is detrimental to the entire system's survival; Innovation is the key here which has not much to do with the downfall of wall Street: "Buy crypto because money is shit" is a very weak sales argument – Miners, Hodlers and crypto day traders do not help advance crypto adoption – but using and spending crypto with trust and confidence does help grow this tiny novelty ecosystem into the novel marketplace it needs to become – by proving itself superior (not by comparison) but by decree and trust.

  5. What, what? An SMS 2FA is way LESS secure? How is that possible? I mean whereas the app could be accessed remotely, there is no way a "hacker" could more easily just send a proper SMS to my phone number and access that, right?

  6. I would love examples of the "game theory" of how a USB hardware security device would be hacked on the computer side: such as, grabbing coins during a transaction via intercepting the address somehow (showing the wrong address on the computer side and the user confirming the wrong address on the device, etc.). For instance: you would fairly soon realize that the funds were not making it to the destination when the recipient doesn't report a successful transaction, and when you investigate, you will limit your losses by stopping using that computer before spending more, and you could cause an investigation that leads to catching the culprit in a full-public-ledger Bitcoin system like we used to have. Of course, today they're trying to turn transactions private, so that would turn out differently. I just want to hear examples of how this turns out.

Leave a Reply

Your email address will not be published. Required fields are marked *