| Thank you for posting this. I think this highlights really well how complicated Bitcoin security issues are. I will come right out and admit that there is an intrinsic risk to leaving your Bitcoin wallet on a 24/7 server that an attacker can potentially break into. I think that running your own (vs a centralized hosted wallet service) potentially mitigates some of this risk, but of course, if there was a security issue with Coinpunk, an attacker could theoretically write a script to spider for servers. I do believe that it does help to reduce the "single point of failure" problem though. I do think that the added convenience of 24/7 bitcoin transactions is worth the risk. I think that there is a threshold of acceptable risk that people will take for convenience. After all, even if you're running Bitcoin-qt on a desktop, what's to stop a trojan horse from infecting that machine and stealing its wallet file? There are a few things I want to implement eventually to improve the security of Coinpunk. One thing I want to do is allow accounts to remove and backup their private address keys. This would in effect turn the account into a "savings account" that is locked from changes. You could move a large portion of your funds to that account, and then keep the rest available for quick transactions. Another thing I want to do is enable the wallet encryption feature. It's not a huge security gain because the attacker probably has access to that password, but I don't think it hurts. This could perhaps be combined with a chroot jail that doesn't have access to the config file after loading, requiring the user to figure out how to pry the password out of memory on a running program (which isn't impossible, but it's definitely more work). I wanted to get the basic system running, and then explore these security improvements in a systematic way with help from the community. So these features will eventually go in, I just want to go slow and make sure we get things right. |
My main gripe is with services like Blockchain.info and Strongcoin.com who make claims that are provably false. Both have large banners on their main pages claiming that their services are the safest most secure store for currency. We—both they and I—know it to be a lie.