[hnolable]

All the incidents to date except the first Bitcoinica heist were due to bad security practices one way or another. Even that one could be considered bad security practices by trusting that Linode was secure.

That said, I expect we will see some really hardcore Bitcoin security incidents in the future that rival state sponsored hacking.

Stealing Bitcoin requires no additional effort to profit. Since Bitcoin is money and easily made anonymous, stealing Bitcoin == profit. Therefore there exists an arbitrage opportunity between the cost of buying 0-day exploits and the Bitcoins that can be stolen by use of those exploits. I expect as Bitcoin goes up in value so will the cost of a certain class of exploit.

What kind of software stack would you run if you were operating a Bitcoin bank that held a large amount of funds?

[mey]

This is the downside of Bitcoin's operating in a cash like nature. There is no FDIC for these "banks", the bank walls are digital and porous in ways unknown, and the bank can be robbed across international boundaries. What these companies need is insurance, but that insurance would be very hard/impossible to obtain.

[Dylan16807]

On the plus side, the way transactions work, the vault never needs to be connected to any networks at all. Hot storage is risky but cold storage is extremely safe.

[jlgreco]

I think this could be fairly easily harnessed in a semi-scalable manner too.

Two computers, A is trusted and B is untrusted. B is networked and hooked up with the rest of your system, A is in a vault and completely air-gapped. A has your wallets.

Give both a printer and webcam/scanner to both. B prints a transaction encoded as a QR Code (or something custom, if those don't hold enough data?) as well as key details (transaction amount say) in giant black bold capitalized English.

The human operator checks the english description for sanity, then gives it to computer A. Computer A reads the QR code, does OCR to confirm the key details (or lets the operator confirm them on the screen) and the QR code match, and preforms the transaction.

This could work at a "local bank branch scale" I think, but getting it up to "website scale" would be... improbable.

Not sure if I would trust this with my money, but it would be fun to implement.

(technically A wouldn't be air-gapped, it would just be operating over a QR-code sneakernet.. Should be reasonable though I think.)

[gizzlon]

You seem to like "crazy" ideas, for more of them check out the book "Silence on the wire" :)

IIRC, it's possible to create a one-way TP cable. Might be a little more feasible :)

[rmc]

The human operator checks the english description for sanity

There's a flaw in your system right there.

Lots of industrial accidents and accidents with computers have been from stupid operators (rather than buggy code per se).

[jlgreco]

Of course. But is it worse the flaws with than any business that handles cash? The idea is to use bitcoin's 'offline' functionality to bring it up to about the same security of regular cash.

[taligent]

It's about time that governments actually intervened and forced regulations on any company/entity that deals with Bitcoins.

[Dylan16807]

What kind of regulations? There are already plenty that affect a company's accounting no matter if it uses dollars or pesos or gold or bitcoins or pokemon cards.

[rmc]

I expect we will see some really hardcore Bitcoin security incidents in the future that rival state sponsored hacking.

It depends if Bitcoin becomes big and popular. If so, then yes, there will be lots of hacking attempts. If these security flaws with bitcoin sites keep appearing, then it will never get beyond 'toy' status.

[Greynum]

The first design rule would be not to have the wallet file on the same server as whichever stack was used.

Secondly the client facing stack can not interact with the server holding the wallet file directly. It would have to go through a third server which would run sanity checks on any transaction requests.