[bigiain]

"please think for a second what liability you would want for any mistakes that you make with your web startup or idea"

It seems to me that bitcoin wallets are a relatively new and not well enough understood risk. There are very few other "files" like them, in that an attacker copying them can deprive you of their value in a way that you cant protect with backups. I feel a big part of current "internet security best practices" are about minimising the risk of getting exploited - but with a pragmatic limit to how much effort you invest mediated by the excuse of "if we _do_ get rooted, we can always reinstall and recover from backups". It'll only cost you time, and perhaps some reputation, and may put assumed-private-to-you information in someone else's hands, but it hasn't deprived you of access to any of your data. That doesn't apply to bitcoin wallets, and example like this are pointing out flaws in assumptions people are making about appropriate ways to manage them.

It'd suck to be "that guy" who provides the object lesson in why we need to think differently about bitcoin wallets to just about any other file type we might put on an internet accessible machine, but we _do_, and I don't know whether we have an answer to the question "Is there a way to secure a bitcoin wallet on a machine someone else has root access to (either your datacenter's staff with physical access, or the people with hypervisor access to the hardware your vm is running on)?"

I _think_ the answer is "if you can't trust those people, you can't risk storing your bitcoins there". There's a reason people keep their money in banks, and not in train station luggage lockers. I'm guessing inexpensive commodity VPS's should be considered closer to storage lockers than bank vaults. I suspect the finance sector and/or fortune500 companies have hosting arrangements with companies offering bank-vault grade protection and reserve bank style insurance - but sure as hell not at $24.95/month.

[Tuna-Fish]

An interesting point is that for receiving coins and for long-term storage, bitcoin wallets do not need to be online, and in fact do not need to ever have touched a machine that has been online. While slush "just" lost his "hot wallet", another user lost 200k. When will it become common best practice to store high-value accounts entirely off computers? You can print out a bitcoin wallet and put it in a safe deposit box for storage, and still add money to it.

[baddox]

I don't see what's so conceptually new about bitcoin wallets. They're just plain text that you don't want people getting access to. It's no different than storing passwords in plain text: if someone copies them, they're completely compromised (until the user changes them). The solution is pretty simple: encrypt your own bitcoins with your own password (or more ideally, your private key). Then, if someone hacks your server, they don't get anything.

[kamaal]

Sorry for asking a noob question.

But what really is a bit coin? I mean in physical existence. Is it just a file(plain text) with some data/metadata?

And stealing it means copying those files, and then deleting the source?

Which in case how is this any different than traditional bank account. My money in the bank is basically DB record. And that can be stolen.

The bank can then just say to every one 'look this transaction from db such and such is no longer valid'.

Can't bit coin do the same? I guess I'm missing something fundamental.

Can somebody explain this?

[coopdog]

A 'bit coin' is a space on a block chain that everyone has a copy of. You lock the coin with a cryptographpic key, which you need to store. Whoever has a copy of the key can unlock the bitcoin and re lock it with a different key, such that now only the new owner has a copy of the key. Everyone can still see the entire block chain, but only one account (that no one knows the owner of) has the ability to move that coin.

So they got access to these peoples keys and transferred ownership of the coins.

Most money supplies are regulated, but bitcoin isn't regulated. No one has the ability to say 'reverse that transaction', but it also makes the currency safe from inflation and interference by money printing governments and privacy snoops.

[chalst]

makes the currency safe from inflation

There's an economic myth that inflexible supply of a commodity gives that commodity when treated as money, stability. It does not, as looking at this graph of US inflation/deflation time shows (1944 is when the dollar stopped being gold convertible):

http://en.wikipedia.org/wiki/File:US_Historical_Inflation_An...

A few points:

1. The money supply around a currency not only contains the mined/minted instances of that currency, but also liquid currency-denominated assets, like customer bank balances. So money supply is not necessarily bounded.

2. Inflation/deflation can be considered measures of the change in demand for the currency. In times of deflation, holding money is valuable because it becomes more valuable.

3. From the above graph, you see that during the gold standard, inflation tended to be mostly balanced out by deflation in the long-term, so long-term inflation was low. But in the short term, prices were very unstable as inflation jumped all over the place, and far more unstable even than fiat money in the past three turbulent years that we've seen.

4. From the point of view of an economy, inflation and deflation are not symmetric; because of the value of sitting on money during periods of deflation, savers do not tend to invest their money but move money from investments to cash savings. This undermines economic activity. But in an economy with a rich range of investment opportunities, moderate inflation does not penalise acquisition of money and does encourage investment.

If you want a non-performing store of value and don't mind big fluctuations in value, gold is there and we know how to secure gold rather well. Bitcoins are another non-performing store of value with far more drastic fluctuations in value, and securing it involves the double vulnerability: physical security of storage media, information security of computations involving bitcoins. And it is much easier to accidentally lose bitcoins than gold, pirate tales notwithstanding.

[stuhood]

> physical security of storage media, information security of computations involving bitcoins

Only funds that you have daily access to need be vulnerable to the latter point, as physical security (air-gapping) is sufficient when you do not need to -send- funds.

> And it is much easier to accidentally lose bitcoins than gold, pirate tales notwithstanding.

Strongly disagree. Can you keep N redundant copies of your gold? Combined with secret splitting, you could require that at least K of N secure locations be accessed.

[chalst]

> Only funds that you have daily access to need be vulnerable to the latter point

I'm talking about protocol risk: e.g., the software that implements the protocol on some machine is flawed, so the cryptography can be effectively breached. Or there is some issue with the protocol, like but worse than the issue Kaminsky found with anonymity.

>Can you keep N redundant copies of your gold?

Have you ever found that your backups didn't contain what they were supposed to contain?

Gold gets stolen, but besides such things as costume jewellery, I think it doesn't often get lost.

[vrotaru]

Not exactly. In order to spend bitcoins (transfer them to other wallets) you need them not encrypted.

So if you are a bitcoin business making bitcoin payments, at moment you cannot avoid the risk of having the wallet stolen if someone gains unauthorized access to your operating computer.

[sans-serif]

Keys normally grant access so worst case once they're compromised you can take the server offline physically. Even private signing keys can be revoked though some damage may have been done.

With Bitcoin, once it's copied, you can consider it gone forever, irrevocably, in totality.

[repsilat]

I thought the idea was if someone copied your bitcoins it was essentially a race to be the first to spend them. I guess if you're stealing bitcoins, though, you're going to be quick to run them through a couple of transactions to claim ownership of them.

(Of course, my understanding might be completely off-base.)

[gizzlon]

"Is there a way to secure a bitcoin wallet on a machine someone else has root access to (either your datacenter's staff with physical access, or the people with hypervisor access to the hardware your vm is running on)?"

Probably not, _maybe_ trusted computing could help[1]. But it might secure enough if you had a special piece of hardware that stored the bitcoin-key and did all the signing operations. I believe things like these exists for Certifications and other signing-keys. I doubt VeriSign stores their root certificates on just-another-box :)

[1] In theory, TC could "anchor" your data to the hardware chip on the motherboard, and breaking it would require physical tampering.

[JoachimSchipper]

You're thinking of a hardware security module (HSM). These are standard for e.g. certificate authorities. To the best of my knowledge, they have never been used by bitcoin outfits, but that is certainly possible, in principle.

Of course, sane people don't mix HSMs and VMs.

[etcet]

Don't store your money on servers you don't own. Don't have a web interface. Don't allow anyone to connect. Don't use passwords, use public key encryption. These are the basics.

[tomp]

What if they steal the key?

[jrockway]

The key is encrypted with a long and key-strengthened passphrase, so the Universe will run out of energy long before their computers get the key.

[tomp]

But then, you're back where you started. Why not just use a password in the first place?

[noduerme]

Still, the amount stolen in Bitcoins here is probably small potatoes next to the value of all the credit cards and personal details stored in other Linode instances. If someone can hack their admin panel and get root access to 8 accounts, they can get access to all the accounts. This time it happened to be done by someone who was going after the Bitcoins. But how can they claim anything in the way of security?

People who host on a VPS typically do so because they want to run complex applications that scale up, and do so without the cost or headaches of adding more physical hardware. Most people who use Linode probably do not do so to host static webpages, which can be done just fine on a shared server for a quarter the price. While Linode might be cheap, they do claim to be secure, and if they didn't it's doubtful people would host their apps there. And most apps do take some personal information; and a large number of them take financial details.

No one would use Linode to host their apps if they thought all accounts were rootable from a master login panel. And no one would use them to host static pages. So who would their customers be if people didn't expect their instances to be secure?