BitLox: Ironclad Security without Sacrificing Features
There’s a new hardware wallet in the hood that comes equipped with a full set of features shaped in?an atractive metal form factor. We had the chance to talk with Mr Dana L. Coe,?CEO at?BitLox Ltd,?who is responsible for bringing the BitLox wallet to the Bitcoin ecosystem.
Here at BloqueZero we love hardware wallets, perhaps we do because we also love gadgets. But beyond materialism itself, we understand this gadgets as a bet seeking to guarantee a cold wallet experience for users that prefer to?avoid taking unnecessary risks. A couple of months ago, a new player reached the market prepared?to compete with the regular?actors. It is called BitLox, and it is our pleasure to share with our readers an interview with the man who made it possible, Mr Dana L. Coe, CEO at BitLox.
Hi?Mr.?Coe, thanks for joining us as well as for your willingness to bring BitLox closer to the Bitcoin community.?
Hi?Guillem. I will be happy to answer any question about BitLox for the Spanish-Language audience.
Mr.?Coe, I nowadays have the feeling that apparently almost every Bitcoin Company CEO have been publicly participating in open projects before, or they were already known and came from giant?software companies in a pursue of a solo?adventure, others were born in crowdfundings as community projects, others?that came from Venture Capital rounds?.
So, what is your story? Where do you come from? I took a look at your earlier background and I feel intrigued, how did you find yourself totally involved?developing on Bitcoin??
I grew up in a rural town in Maryland, United States. I?ve always been something of a science person, first with encyclopedias, then later in school.
I studied some science subjects in school, attended university in the States, but only really got serious when I decided to move to Germany in the 90?s, where I learned German and attended university there for Chemical Engineering studies. My second practical semester was spent in China, where I first got to know this country where I?ve now lived for almost 14 years..
In the late 90?s I was in USA, where I worked for NCR and then an Internet start up. In 2002, I was able to fulfill a long-standing ambition to return to China and do business there.
For the next 10 years, I mostly ran my own company manufacturing and trading scientific equipment. In 2014, I had already been dabbling with Bitcoin for some time, when an old friend had suggested we develop a hardware wallet with features that at the time were completely unheard-of. Ergo the genesis of the BitLox. As my previous business venture was rather in a downturn owing to the global financial crisis, I decided on a change of course and totally committed myself to developing the BitLox.
I see, sounds intensive, I found your name truly affiliated to engineer chemical projects some of them about ammonia and ozone. Is quite uncommon background picture…So….you get involved into developing a Bitcoin hardware wallet almost the first time you met. When your friend suggested that idea, did you hesitate?
?Not at all! We had been developing some micro-controller based products for some time, and this just seemed like a natural extension of that. Bitcoin was all in the news at that time, and this seemed a natural way to get into the field.
If is there something I enjoy in Bitcoin is the fact that?lot of ideas go 0 to 100mph for a split second….it is a huge fast change ratio environment. So Bitlox started in 2014, have you been this two years entirely developing?
Correct, we spent about 1 year on the hardware and 1 year on the software. There were of course some false starts and course corrections, but we managed to stay on track to get the product out the door and into the hands of our users. For example, we had to swap micro controllers about 6 months in as the original chips just weren?t fast enough for the cryptographic calculations needed. That necessitated rewriting our own translation layers for the chips to the code.
There are other hardware wallets in the market, my perception is that there is a?distinguishing strong point in each one of them, as a flagship feature.?is there a feature with potential enough not only to differentiate Bitlox from the other hardware wallets, but also capable enough to push development in that way? In that case, which one is this?unique feature ?
I?d like to think we are unique in the fact that we have so many features packed into such a small form factor. True, there are smaller designs, but none of them come with full keypads and full matrix screens. The whole rationale for including these features is so the user never has to enter anything sensitive on their computer or mobile, where it could potentially be compromised. We really are into the concept that such a wallet should be as anonymous as possible, where the contents are completely under the control of the user, not the manufacturer or service.
So, the idea behind Bitlox, was to be truly effective in all the features, avoiding to renounce to any of them, Mr Coe?
Really, when it came to the features we wanted to include, it came down to, ?What would I want in a hardware wallet?? As I wanted something that was both cool looking and nice to hold in the hand, but could also have the security that I know is absolutely paramount when dealing with money. It is not totally clear to most first time users of Bitcoin that if their funds are compromised that there is no bank or central authority to call and file a complaint. The user has to be fully responsible for the security of their funds. We try to make such security reasonably simple.
Well Mr. Coe, I could?watch?the video where a BitLox?device is powered on and working under the water, that was awesome, it was the first day I meet your product on your website, but then I realized that there are three different models available to be purchased. It was easy to see that regarding to the price, they are in three different leagues but, what else can you tell us about them, can you explain what is the difference between them? Are they focused to cover different cases of use?
The BitLox range of products at the moment encompasses 3 levels: Advanced, Ultimate and Extreme.
The main differentiation is the case materials, as the ?Advanced» has aluminum as the body material. The ?Ultimate? is constructed from titanium. this has the distinct advantage of being as strong as steel, but being only slightly heavier than aluminum, with incredible corrosion and deformation resistance.
The idea is you?ll never have to worry about just throwing it in a pocket and carrying it around the whole day. The devices are tough enough to withstand quite a lot of abuse. The metal cases, coupled with the electronics being embedded in an epoxy/silicone matrix, enable them to easily withstand being shoved in a hip pocket and not being deformed.
The ?Extreme? set goes one step further and includes a military-grade self-encrypting USB vault. Powered by an internal battery, it also has an input keypad to unlock the contents of the flash memory – and no drivers needed! We ship these drives preloaded with TailsOS (a privacy enhanced tor-enabled Linux version), enabling users to boot any computer with them for perfect privacy when conducting their Bitcoin transactions. Once the drive is removed from the computer, any trace of what the user was doing vanishes forever, as the boot drive is read-only, leaving nothing behind on the host computer.
«BitLox has so many features packed into such smart form factor.»
BitLox:?How does it work?
Let’s talk about how BitLox operates and what new features provides to the users.?Is it BitLox a standalone product? In what grade is that true? Doesn’t BitLox require a computer? Is it possible to use it connected to other?software wallets?
BitLox absolutely needs to be used in conjunction with an app on your mobile or computer. The BitLox device cannot connect to the Internet by itself, it is only a signing device. Transactions must be assembled by our apps using public blockchain data. At the moment we are exploring ways to connect the BitLox to wallets such as Multibit etc.
Ok, so is it battery powered??
The BitLox is battery powered, rechargeable via any micro-USB cable (We include 2 cables, a long and a short cable with the package)
Is BitLox?Open Source? Why not? (we noticed that BitLox was already opened the project to developers at the moment of the interview) Oh, I am sorry, I did not check that information again.
LasThe apps the Bitlox uses to talk to the blockchain (Chrome/Web/iOS/Android) are open source. They are available at ?BitLox (Bit Lox).
We are still working on the possibility of open sourcing our firmware
Is it possible to clone one Bitlox device to another?
No, but via the mnemonic phrases a user copies when they build a new wallet, you can put a copy of that wallet on another BitLox device..
Does it allow to multisign transactions? Can it be used for other purposes like, to log in ?any webservice?
The BitLox can sign a MultiSig transaction, but at this time we do not have the capability to construct a MultiSig transaction in the apps. The biggest pain of a MultiSig transaction is all in the setup of the transaction, which is all app-centric, not in the signing.
The BitLox is not designed for signing into web services, however there are some sites that take advantage of the ?short message signing? capabilities of the BitLox to provide secure authentication of bitcoin addresses. For example, an exchange wants to verify you are the true owner of a payout address and such. We can do that.
?May?BitLox work with altcoins?
We are working on this!
«a wallet should be as anonymous as possible, where the contents are completely under the control of the user, not the manufacturer or service provider»
Dana L. Coe CEO at?BitLox
We sure can’t check every security question mark for the device, however we can bring to Mr.Coe typical?doubts that could emerge in a not advanced user. ?How does Bitlox make my payment more secure??How good enough?results?the multilayer system to protect funds and privacy?
As everyone who uses Bitcoins should be aware of, your funds are only as secure as your private key. With the BitLox, we remove all possibility of your private key ever being vulnerable to extraction and compromise.
What happens if my device is stolen ?Can I get back my saves?
f your BitLox is stolen/lost/destroyed, it is a simple matter of reconstituting your wallets from the mnemonic phrases. All of your funds are still there..
Working with USB / Bluetooth: How does Bitlox protects against any attacker that would be?seeking to steal or get info leaked?
Anything that is transmitted over USB or Bluetooth from the host machine is build from public data. If this was intercepted and altered, the BitLox will show the alteration on the screen when it presents the payment information..
Is any chance to leak any data when is it working? How does the hardware inside work to reach that? Who is in charge to crypt and decrypt the data, Bitlox or the device which is connected to?
Side channel attacks?necessitate very close proximity to the device. Plus, the BitLox will not decrypt any wallets until the correct PIN is entered – which the rightful owner must be present for anyways.?
?Does BitLox allow?modding? For example to change the payment fee for the miners?
Yes, the mining fee can be manually set in all of our apps. A neat trick is our ?expert mode? where you can see all of the hex code being sent to (and received from) the device. This enables you to check your transactions via a third party if you have the least suspicion that something is not correct.
Alright, there is no doubt that this is a promising product?Mr. Coe. If you permit me to ask one?last question, as your product needs constant development ?Would you like to share any BitLox update?
There?s a really cool thing that we?ve added in our latest firmware update (http://bitlox.io/firmware)
We?ve implemented the code for password protected mnemonics. Now, this is something that has actually been in the code for some time, but we?ve only just now gotten around to exposing it, as most wallet reconstitution routines don?t account for it. A really cool feature would be that you can have multiple wallets all off of the same mnemonic!
For example, you could restore a wallet using the bare mnemonic, put some funds in that, but ALSO could restore using the SAME mnemonic but with a password – and this would be a completely different wallet!
Since the password is relatively short compared to the mnemonic, you could keep it in your head. Then for your ?secret wallet? you could have complete deniability even if someone had the mnemonic. Neat, eh?
Again another feature added bringing more advantages for those who pick?this hardware wallet as the tool to manage their Bitcoin. We could still ask more questions due to Mr. Coe’s excellent predisposition, wanting to share all the time any update and its passion for what he does with this wallet system but, I think we will talk again cause I am feeling the need to get a BitLox unit on my hands in order to share my experience with our readers…
Who knows? Maybe in the near future BloqueZero will be able to bring these wallets?closer?to its?readers.