[cookiecaper]

How many times does something like this have to happen before people learn to encrypt? Any serious business or financial data should be encrypted, period. Almost all of the major hacks we read about could have been minimized if not entirely avoided if the data was encrypted.

I just read the release from Bitcoinica where they explained that the server accessed contained _only_ Bitcoinica's "hot wallet", and that no code, services, customer data, or other wallets were stored on the server.

If this was the case, why couldn't every access to that wallet, which, assuming the above is true, necessarily occurs on other servers, run a decryption on the file first? Even if you keep the passphrase and/or secret key in plaintext on the machines that run the code, the separation should prevent this kind of rogue access as long as the intrusion is isolated as these people claim.

There is really no excuse just to have a plaintext wallet sitting around anywhere anymore (the official bitcoin client now supports symmetrical encryption). Like credit card numbers, when a wallet is accessed it should be decrypted in ethereal storage like RAM and promptly discarded; it should never hit disk as plaintext. At least the same practices used for PCI compliance and credit card data should be used for btc wallets; preferably better since there is no recourse if your btc wallet is compromised.

[cbs]

>If this was the case, why couldn't every access to that wallet, which, assuming the above is true, necessarily occurs on other servers

From the sounds of it, this was that other server. All it did was operate on the wallet. And if they used other servers, then those would have been the target of the attack.

And, no matter how much damn encryption they have, they rooted the box that operates on the decrypted data, thats game over. The only attacker you would be able to thwart with more encryption would be the one who is able to root a linnode VPS, but unable to extract the key or decrypted wallet from from software running on that box. Sure, there is probably some number of attackers in that space, but security is a game of diminishing returns, and there are different security measures to take that are a much better investment of time than stopping that small slice of people.

[cookiecaper]

My reading was that the Linode with the hot wallet did not contain the software that operated on it. Perhaps it did, in which case you are right.

[runn1ng]

The encryption wouldn't really help, because the software manipulating with the wallet is on the server anyway.

The server software was used for automating bitcoin spending, too, so you couldn't just save public parts of the wallet on the server.

The only thing that could be done would be obfuscating the encryption key to the data very hard in the code, but that's hardly a security, just obscurity.

[pavelkaroukin]

I do not believe implementing something like you describe is viable right now.

Although, AFAIK, bitcoin 0.5+ support keys encryption. I am not sure if this available only through GUI or through API as well, but even if it is not available through API, it might be good idea to implement.