I’ll start to research if other communities have investigated if this is possible, but has anyone come across concepts for securing a cryptocurrency wallet that require you to have an NFC chip in close proximity to your computer to act as the second private key (the first being your pass phrase) for a multi-signature address?
Conceptually, I’m imagining that you’d hold some sort of token/device with a NFC chip close to your computer, if you want to do anything that would enable the transfer of funds from an address you control, and the wallet client would then retrieve the private key from that device, prompt you for your pass phrase. Only after both checks were passed, would you be able to make your transfer.
This would satisfy a number of outstanding concerns around the wallet client:
[ul][li]Reduces the chance that you could be attacked through a hidden keylogger[/li]
[li]If kept physically secure, it should make attacks significantly more difficulty [/li]
[li]Allows for a user to have a less-secure (but more memorable) pass phrase because it cannot alone be used to brute-force access to the address[/li][/ul]
Items that would still need to be considered:
[ul][li]What happens if the token/device with the NFC chip isn’t available any longer? (Lost, stolen, etc.)[/li]
[li]Could it be spoofed? (Malware already on the device that “listens” for the handshake and stores off the data for future use)[/li]
[li]How durable and long-lasting is a NFC device?[/li]
[li]Ease of resetting the data on a NFC chip[/li]
[li]Data size of the private key, or any other embedded information, cannot be larger than ~716 bytes (at least for the current generation of NFC chips)[/li][/ul]
If anyone has studied this concept before, I’m very interested in what you found out. If there’s enough interest, perhaps there’s a good fit to bring this type of access device to Peercoin holders first, as part of a customized version of the Peercoin-Qt wallet.