Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My wallet is on an IronKey - in order for me to use it I have to plug it in and decrypt it. I also backup my wallet on a NAS server but the wallet is encrypted with GPG.

Gotta protect your data!!



Where do you back up your GPG private key? Where do you store the passphrase for the key? It's a long chain of vulnerabilities in any well architected system that must be addressed. This seems acceptable for a big company, but for an individual to have to go through all these steps just to protect their money seems arduous.


And it's simple to run a keylogger after a brower/flash/pdf/java exploit to grab your password, isn't it? Not even admin/root access is needed.


Not if you have a secure means of input in your OS. OSX does, for instance, you can turn it on in the Terminal application and no loggers will see what you type.

Unless they install as a kernel extension, then you're screwed. But that requires a password.


or a bog standard privilege escalation bug


of course. But now we're talking something significantly more complicated than a keylogger, and more fragile as it probably relies on glitchy behavior.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: