[Xk]

If I had any bitcoins hosted on mtgox and, for some reason, had not already taken them out, I would do so right now. When you give them your bitcoins, you are trusting them to keep your money safe. I trust my money with my large bank for two reasons: (1) they have a large safe and have practice keeping people out, but more importantly, (2) if someone were to break in and take some of the bank's money, I would know that I could still withdraw my money because they have enough cash on hand for me to do so.

Mtgox has neither of those assurances.

They have absolutely no credibility on the security front. They were using MD5 with no salts at one point in time. They then moved to MD5 with salts. Now they are at "SHA-512 multi-iteration, triple salted." That seems more like they're trying to say "Oooohh! Look at us! See?! We're being secure!" Triple salted means what, exactly? (Other than the fact that it makes it clear these are people who read about salting online and then though "more is better.")

Next: "we have actively been patching holes." Oh no. You mean, you're just going through the code and looking for bugs and hoping you get them all? That might work for normal programs just fine, but even ONE vulnerability is enough to take an entire database. A database hosting just passwords may not be all that bad (it usually is, but it doesn't have to be). A database which hosts thousands and thousands of dollars? Now that is something to worry about. It truly does look like they got lucky on this attack.

As for the guarantee that banks give -- that if they get broken in to, I will still have my money -- there is no way mtgox provides this. Anyone who still has money on mtgox is asking for trouble.

[Andys]

The reason Mt Gox needs to obsess over password database is because they don't seem experienced enough to secure the rest of their site. When it comes down to it, they are still a "PHP+mysql" site like all the others on the Internet.

Would you store your funds at the Bank of Wordpress?

[SeoxyS]

There's nothing inherently wrong about using the PHP language or the MySQL RDBMS to build a secure website. Most of the terrible code on the internet is in PHP/MySQL, and most of the PHP/MySQL code is terrible—but that is not a deficiency of the language, but rather a consequence of its ease of use and popularity.

That, though, in no way means that you can't build a good, secure website on the LAMP stack.

It's just a (rather obvious) fact that if you're a bad developer, then you're going to build an insecure site, most likely on LAMP. If you're a good developer, you're probably going to build a good site, which might be on a less common platform, but equally as (or more) likely on LAMP, too.

[chc]

Is a site inherently safer if you use Java?

[Uchikoma]

Might sound strange but: Yes it is. Since the first JDBC DB drivers it's common sense to use prepared statements and not build a query on your own. Because of this SQL injection is a much much smaller problem in Java codebases than in PHP ones. (this being a Java culture result more than a language one).

[tptacek]

Then if you use Wordpress? Yes.

[chc]

I meant than PHP. The implication seemed to be "WordPress is made with PHP, and WordPress isn't bank-quality software, so would you want to trust your money to something made with PHP?" I would trust the credentials of the people behind the site before I'd even give a second's thought to the programming language. (Of course, that doesn't help Mt Gox much either.)

[SlipperySlope]

The Java language is designed for safety, above performance, and ease of creating code. So it is more expensive to create a Java financial system. But safer.

[mcherm]

The quality of your programmer makes more difference than your choice of language and libraries. But your choice of language and libraries has SOME effect. And Java tends to be safer than PHP.

[trafficlight]

Where might I find that plugin?

[illicium]

Facebook is a "PHP+mysql" site.

[dkersten]

I wouldn't store my money on facebook either.

[danssig]

I wouldn't either but that's because I can imagine Facebook just straight-up stealing it. Nothing about security.

[hackinthebochs]

Totally off-topic, but I find this attitude curious. What makes you think facebook would do something of that sort? What possible evidence do you have for the potential of this sort of outright criminal behavior?

It seems to me your loathing of facebook is completely irrational. Unfortunately its this irrationality that drives most discussions regarding facebook in tech circles.

[danssig]

If someone is a known thief, it stands to reason that they will probably steal again if the price is right. Zuckerberg showed, unambiguously, that he will not only steal ideas but sabotage the people he's stealing from. I would say very little is beneath such a person.

[Locke1689]

You're about 2 years out of date.

[latch]

don't disagree with most of what you said, but...you sure about this part?

I would know that I could still withdraw my money because they have enough cash on hand for me to do so.

http://en.wikipedia.org/wiki/Fractional-reserve_banking

Or if you want a more practical example, keep watching Greece (or look at what happened to Argentina 10 years ago).

[Xk]

> don't disagree with most of what you said, but...you sure about this part?

Yes. I am sure. I have far, far, far less than 0.000001% of the total money in the bank. If they could not produce this much money when I wanted it, there would be other serious problems.

> Or if you want a more practical example, keep watching Greece

If I was in Greece, I would not have my money in one of their banks.

[white_devil]

> Yes. I am sure. I have far, far, far less than 0.000001% of the total money in the bank. If they could not produce this much money when I wanted it, there would be other serious problems.

Last year, a branch office of a large bank in Finland was barely able to produce 10 000 euros in cash when I wanted to withdraw it.

The clerk just didn't realize he shouldn't mention it.

Don't be so sure.

[hobolobo]

Is that a case of the bank not having the money or just that branch not having the cash on hand?

[white_devil]

Each branch is supposed to function as a bank, right?

[burgerbrain]

Why in the world should a single branch be expected to hold that kind of cash for withdrawn without notice? There is a* huge* difference between "having the money" and "having the money in cash form on location".

[hobolobo]

They're not autonomous though - individual branches don't hold the value of all their customers' accounts as cash. You're subject to a daily limit (though you can take more if you give them notice).

[latch]

I thought we were talking within the context of "serious problems". As for greece, well..it happened to Washington Mutual in 2008 - the largest savings in loan institution in the US. Of course, this is only one of many US banks which were not able to produce money when it was wanted in 2008.

There's a reason banks have a legal right to refuse a withdrawal, specifically because they may not have enough funds. That reason is: because it has and will happen.

[tedunangst]

I had my "life savings" in WaMu. Now it's in Chase. I didn't lose a penny. At no point was I unable to withdraw my money.

What happened with Washington Mutual is not what's going to happen if there's a run on Mt Gox.

[latch]

There are stories (see consumerist.com) of cash withdrawals not being possible.

I admit I got a little off track though. My parent specifically stated withdraw money when he wants. There's plenty of evidence that at the peak of the crisis, some people had problems. But I agree, it seemed to have been few, and in the context of Mt Gox, it isn't really relevant.

[harshpotatoes]

I don't know of a single person unable to withdraw their money from WaMu as it went under. All of WaMu's accounts were then passed on to chase, and chase honord them. If WaMu went under, the savings accounts would have been FDIC insured. None of that will happen if Mt Gox is compromised in some catastrophic way.

[tedunangst]

mtgox accounts are not FDIC insured.

[latch]

I understand that. I am curious how effective insurance deposite works in the face of a country-wide breakdown. I know Greece has a deposit fund, I'm curious to see how effective it'll be (does it actually cover 100% of the deposited money (up to the maxium per account)?)

[drivebyacct2]

It doesn't. The FDIC doesn't have a fraction of the money needed to insure a fraction of the money that is supposedly FDIC-insured. More over, the United States likely lacks the gold to back our current currency, let alone the currency needed to prop up those who lose money in the situation of the decreasing number of banks failing.

[oasisbob]

The FDIC doesn't have a fraction of the money needed to insure a fraction of the money...

Sure it does. The FDIC makes an annual assessment on financial institutions ranging from 2.5 to 45 basis points to keep the insurance fund solvent. In 2009 there were many special assessments to replenish the fund.

Insurance is always leveraged. Those skilled in the art are actuaries.

[georgemcbay]

US currency hasn't even pretended to be backed by gold since the early 1970s.

[drivebyacct2]

I was more referring to the fact that we fail to produce proof of the limited amount of gold that we claim to have and every attempt to audit it is rebuked magically.

In terms of the question, how would it be handled from an FDIC perspective if it came to a worst case scenario... it'd be a shit-show.

[gburt]

Its sad that this has been voted down because you mentioned gold, you're completely correct, other than saying "gold" instead of "wealth" or "power".

[clistctrl]

The US government guarantees my bank account up to (i think 200k) There is no Internet Government that guarantees my bit coins.

[ignifero]

OK we are taking about vastly different scales here, but there is no absolutely trusted scheme in the world. The US has been printing money since 2008 to cover the losses of the Crisis, so the real world has an advantage here.

[zachanker]

It was crypt-MD5, the fact that they call it MD5 with salt is generous at best. They seem to have made the decision to move to crypt-MD5. I don't really have any faith in their ability to secure the servers.

[walkon]

True, but I think this has been fixed, assuming their new site is live:

"The new Mt. Gox site features SHA-512 multi-iteration, triple salted hashing and soon will have an option for users to enable a withdraw password that will be separate from their login passwords."

[Locke1689]

Which means that they're not using bcrypt, which means they still have no idea what they're talking about and are probably insecure.

[tedunangst]

They could be using PBKDF2, but if they were, they probably should have said the magic words. Also, the iteration count is kind of important. If it's triple-iterated, that won't do much good.

[zachanker]

Even with the iteration count, SHA512 is not exactly meant to be slow. They're taking the long way around to try and get the security of bcrypt... without just using bcrypt.

[davidhollander]

> Even with the iteration count, SHA512 is not exactly meant to be slow.

Increasing iteration count is synonymous with intending something to be slow. BCrypt itself uses a default of 2^10 iterations in most bindings. PBKDF2 + and an NIST studied hashing algo like SHA512 is a perfectly valid method.

[walkon]

Not sure why I'm downvoted, SHA-512 is obviously better than MD5 and we don't know the details. The constant spewing that bcrypt is the only way to hash a password is getting old fast.

<edit> Ok, whatever, keep downvoting, fuckers.

[swombat]

The reason you're being downvoted is because this has been explained a fair number of times on HN. The problem with using SHA-* or MD5 for hashing is that those algorithms are designed to be fast. This means that it's relatively easy for a cracker with a dump of the database to bruteforce passwords, since they can try gazillions of combinations very quickly. Hell, they can even parallelise the task on EC2 and get it all done in an hour.

By contrast, computing bcrypt takes a significant amount of time and CPU. It's slow. It's designed to be slow. It's designed so that you will need a LOT of CPU power to bruteforce it.

So, no, SHA-512 is not much better than MD5. It's still a fail.

[MattBearman]

And bcrypt is better than sha512, why use an inferior option when you don't have to? bcrypt both exists and is free.

[16s]

Many are forced to use insecure hashing for compatibility reasons with outside vendors. Google email for orgs/colleges has two options for hash exchange (or used too... it may be different now) MD5 and SHA1. So you could not migrate user accounts unless the hashes were MD5 or SHA1.

[lutorm]

To be fair, you need to put your real money somewhere like a bank. You don't need to put your Bitcoin anywhere except your wallet, so there is no reason to keep your Bitcoin in Mtgox unless you are trading it. Keeping all your Btc in Mtgox is more like keeping all your money in your Paypal account, and who in their right mind would do that?