What about a version of the wallet without a send button and send functionality. This would be very safe for minting and would resist keyloggers.
It could be a pragmatic interim solution until we have developed better solutions (e.g. multisig).
Such a version would just exist beside the standard wallet. We might call it the minting wallet.
Key issues:
the installation of the config files needs to be in another directory to prevent existing wallet data to be overwritten.
To be really safe, it should be more than just removing the button in the GUI, the send function should also be removed from the daemon.
Users need to remove the normal wallet from the PC used for minting to achieve the desired security
Anyone developers keen to pick this up? Funding can go through peer4commit.com as I bet some people might be keen to get 3this.
Edit: convinced that this is not the way to go
As a user, I wouldn’t consider this model to have a significant security advantage over the main wallet that exists today, because the private spending key would be equally at risk of being stolen by malware.
That is true, it is not perfect, but it would buy some time to change your keys (move funds to another wallet) assuming you would notice that the key is stolen.
Or is this small advantage not worth the effort. You might be right over thinking the attack scenarios.
Removing the button is not a solution, send option is already disabled with mint-unlock, the problem is privkeys decryption key in the memory. Microstick II + I2C LCD should suffice for hardware sign-stake-only wallet, ~$50. Soldering experience points( 4 wires for LCD) and fun - free
