Pages:
Author

Topic: A Bitcoin Security Paradox? - page 2. (Read 4329 times)

sr. member
Activity: 467
Merit: 267
February 22, 2015, 01:39:32 AM
#22
When you keep it simple, it's not so difficult. For example:

Electrum on cold storage and Mycellium for online usage.
- 2 seeds to keep = 2x12 words
- top off Mycellium from time to time

What's not to like?
legendary
Activity: 1708
Merit: 1036
February 21, 2015, 03:28:07 PM
#21
One idea I've thought about is a system where you have multiple accounts like others have mentioned, but with different levels of time delays.  So you'd have one with instant access and a small amount of funds.  Then for larger holdings you would put them for example in an account that has a built in 24 hr, 3 day, or week delay for withdrawals.  If say the week delay account is accessed with a private key the funds wouldn't move for a week and a system would notify you, say through email, that the funds have been marked for withdrawal.  If no action is taken, after 7 days the funds are moved, but if within those 7 days the private key is re-entered, the funds are moved to another long term address previously designated by the initial account creator.  So if anyone was attempting to hack an exchange wallet for example the owners would have 7 days to notice this, re-enter the private key, which would then re-direct those funds to another predetermined long term account.

Just an idea and one I haven't thought through that much so I'm sure there's some problems and obviously isn't applicable to bitcoin as presently constructed.

Some exchanges (for example Allcrypt, and Coinbase's cold wallet) have time delay options. Just keep in mind these are not inherent to the bitcoin protocol, so to utilize this kind of security we would necessarily have to be trusting a 3rd party with our bitcoins. But I do think it's an example of the kind of good practices everyone should use as bitcoin becomes a significant portion of their investments.
legendary
Activity: 1708
Merit: 1036
February 21, 2015, 03:25:22 PM
#20
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.

1) would you hand it over to a stranger you have never met?
2) would you store it in a place thats not insured/secure?
3) would you leave it out in the open for anyone to grab?
4) would you shout out to everyone around you that you have X funds just sitting on your table


I agree with the above post.
But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect,
I think we are going to need bitcoin banks that help store your funds (in some way or fashion).
Not because its necessary or safe, but because people are generally stupid and its easy for them.
When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal.

Trusted institutions in Bitcoin ecosystem will take some time to build - Coinbase and Circle are good examples of this effort. I have no doubt Bitcoin will mature to the point where your Bitcoin deposit will be as secure as your checking or savings account at the local bank. The same will apply to your personal hardware wallet. We just need to give it some time, that's all.

That's true, if you compare Coinbase holding your Bitcoin to a bank holding your cash. Both can have that money stolen, it's been in the news recently about both.

The difference right now is that the bank has insurance on the cash. Maybe we'll see an insurance company for Bitcoin theft someday.

I think this is quite likely in the long run. It sounds like there is a consensus that (A) there is an inherent conflict between avoiding accidental loss and avoiding theft, and (B) that we can't really expect the average person to consistently secure their accounts without error against both possibilities. That means (A) bitcoin, as a BYOB instrument, is not for everyone, and (B) to make it for everyone means accepting institutions like banks and exchanges that will (for a fee) secure people's bitcoins and insure them (in some fashion).That's a little disappointing to me, but I appreciate the help in thinking it through to reach this conclusion.
hero member
Activity: 504
Merit: 500
February 21, 2015, 03:15:20 PM
#19
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.

1) would you hand it over to a stranger you have never met?
2) would you store it in a place thats not insured/secure?
3) would you leave it out in the open for anyone to grab?
4) would you shout out to everyone around you that you have X funds just sitting on your table


I agree with the above post.
But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect,
I think we are going to need bitcoin banks that help store your funds (in some way or fashion).
Not because its necessary or safe, but because people are generally stupid and its easy for them.
When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal.

Trusted institutions in Bitcoin ecosystem will take some time to build - Coinbase and Circle are good examples of this effort. I have no doubt Bitcoin will mature to the point where your Bitcoin deposit will be as secure as your checking or savings account at the local bank. The same will apply to your personal hardware wallet. We just need to give it some time, that's all.

That's true, if you compare Coinbase holding your Bitcoin to a bank holding your cash. Both can have that money stolen, it's been in the news recently about both.

The difference right now is that the bank has insurance on the cash. Maybe we'll see an insurance company for Bitcoin theft someday.
Q7
sr. member
Activity: 448
Merit: 250
February 21, 2015, 04:04:42 AM
#18
We already have HD wallet which can be integrated to a hardware or paper wallet. I do not know how easy would that get in terms of understanding while security wise would say it would be enough. Sometimes it still falls to the owner to use basic common sense and to take necessary precautions to maintain security.
member
Activity: 231
Merit: 43
February 21, 2015, 03:33:34 AM
#17
There is a fundamental problem, really.

Either a user keeps track of his own key, or the web wallet/exchange/whatever that has the key can Goxx him.

But if he keeps track of his own key, then he has to keep it secure.  And most people are not willing or able to do what it takes to keep keys truly secure on their own systems. 



Yet some people insist that bitcoin is 'for everyone'
legendary
Activity: 924
Merit: 1132
February 21, 2015, 02:02:38 AM
#16
There is a fundamental problem, really.

Either a user keeps track of his own key, or the web wallet/exchange/whatever that has the key can Goxx him.

But if he keeps track of his own key, then he has to keep it secure.  And most people are not willing or able to do what it takes to keep keys truly secure on their own systems. 

hero member
Activity: 605
Merit: 500
February 20, 2015, 11:26:58 PM
#15
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.

1) would you hand it over to a stranger you have never met?
2) would you store it in a place thats not insured/secure?
3) would you leave it out in the open for anyone to grab?
4) would you shout out to everyone around you that you have X funds just sitting on your table


I agree with the above post.
But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect,
I think we are going to need bitcoin banks that help store your funds (in some way or fashion).
Not because its necessary or safe, but because people are generally stupid and its easy for them.
When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal.

Trusted institutions in Bitcoin ecosystem will take some time to build - Coinbase and Circle are good examples of this effort. I have no doubt Bitcoin will mature to the point where your Bitcoin deposit will be as secure as your checking or savings account at the local bank. The same will apply to your personal hardware wallet. We just need to give it some time, that's all.
legendary
Activity: 4466
Merit: 3391
February 20, 2015, 08:04:05 PM
#14
Quote
The basic issue I'd like to resolve is: How do you make BTC so safe and secure that over a person's lifetime they never experience (A) theft or (B) loss of some or all of their BTC holdings?

This issue is not specific to Bitcoin. Basically, you are asking, "how can an asset be made so secure that it can never be lost or stolen?" The answer is that it can't. There is always a trade-off between utility and security. The only way to completely avoid theft or loss is to make the asset unusable.

A better question to ask is, "how the features of Bitcoin be exploited to make it more resilient to theft and loss while minimizing the impact on utility.

Bitcoin is already immune to theft and loss as long as the owner and only the owner has control over the private keys, and that cannot be said about other assets and monetary systems.

The problem of theft and loss occurs at the coupling between the owner and the private keys. That is where the security can be compromised, and when looking for a solution, that is where you should look.
legendary
Activity: 1241
Merit: 1005
..like bright metal on a sullen ground.
February 20, 2015, 05:48:50 PM
#13
One idea I've thought about is a system where you have multiple accounts like others have mentioned, but with different levels of time delays.  So you'd have one with instant access and a small amount of funds.  Then for larger holdings you would put them for example in an account that has a built in 24 hr, 3 day, or week delay for withdrawals.  If say the week delay account is accessed with a private key the funds wouldn't move for a week and a system would notify you, say through email, that the funds have been marked for withdrawal.  If no action is taken, after 7 days the funds are moved, but if within those 7 days the private key is re-entered, the funds are moved to another long term address previously designated by the initial account creator.  So if anyone was attempting to hack an exchange wallet for example the owners would have 7 days to notice this, re-enter the private key, which would then re-direct those funds to another predetermined long term account.

Just an idea and one I haven't thought through that much so I'm sure there's some problems and obviously isn't applicable to bitcoin as presently constructed.
newbie
Activity: 16
Merit: 0
February 20, 2015, 04:55:43 PM
#12
Necessity may be the mother of invention but invention necessitates capability.

I've always thought this, storing/protecting is far too complex for the masses, myself included.

I wonder if there is a way to minimize risk by having two accounts. One loaded for "walking around" use, and another where you would store the bulk of your holdings in an account which simply requires some form of facial or retinal ID to access your main account to transfer funds to your wallet or paying bills, large purchases and such.

You could always add extra layers of passwords but wouldn't it be cool to know that you can access your "cold storage" by taking a real time selfie?

Then again there's the risk of a new crime wave of selfie theft by gun point.


Just a thought...DNA encryption? They can read a person's blood for diabetes...perhaps they'll come up with an ap for that.

Estate transfer is a whole different kettle of lawyers...I'm sure.   
legendary
Activity: 1708
Merit: 1036
February 20, 2015, 02:57:11 PM
#11

-Partition into as many wallets as can be managed so that no loss is catastrophic
-Store all wallets offline
-Make multiple encrypted wallet backups
-Use multisig

Who is your hypothetical "thief" adversary?  It makes all the difference.

Diversification into multiple wallets/accounts is a good idea in principle, but the downside is the resulting increase in complexity, and risk that funds of one of those accounts could be lost or stolen. People could argue endlessly about whether it is better to have one tightly secured wallet or 10 wallets with less exhaustive security.

One approach would be to tightly secure a "long term savings" account that is not accessed very often, while holding a smaller amount of BTC in a 'daily use' wallet. But this doesn't evade the conundrum in the OP, of theft mitigation vs. lost password mitigation. If anything relying on multiple accounts (which I agree is a good idea) makes everything even more complicated.

Regarding the ID of the thief, I'm trying to be all-encompassing here - seeking a "best practices" approach that will span a person's life with minimal risk of BTC loss from either theft (of any sort) or loss of account access (for any reason).
member
Activity: 63
Merit: 10
February 20, 2015, 02:01:32 PM
#10

-Partition into as many wallets as can be managed so that no loss is catastrophic
-Store all wallets offline
-Make multiple encrypted wallet backups
-Use multisig

Who is your hypothetical "thief" adversary?  It makes all the difference.
hero member
Activity: 504
Merit: 500
February 20, 2015, 01:08:00 PM
#9

I think we're going to end up seeing hardware wallets more, and hopefully cheaper.

I'm not terribly familiar with the HW wallets out there, so I have to ask: What happens if a HW wallet is lost/broken/eaten by a rhinoseros? How do you access your account in that case?

I would think, if I had a lot of BTC to protect, I would use a HW wallet to hold the majority, (like people save thousands in their bank accounts), in a bank safe. Maybe a couple of safe deposit boxes for copies, even.

You could always store your paper wallets/backups in a safety deposit box, or multiple copies in multiply boxes, I think that would alleviate much of your worries.

Which leads me to this, you must make sure your paper wallet is safe, but if it truly is, multiple copies work well.
legendary
Activity: 1274
Merit: 1000
February 20, 2015, 01:04:37 PM
#8
You could always store your paper wallets/backups in a safety deposit box, or multiple copies in multiply boxes, I think that would alleviate much of your worries.
legendary
Activity: 1708
Merit: 1036
February 20, 2015, 01:04:25 PM
#7

I think we're going to end up seeing hardware wallets more, and hopefully cheaper.

I'm not terribly familiar with the HW wallets out there, so I have to ask: What happens if a HW wallet is lost/broken/eaten by a rhinoseros? How do you access your account in that case?
legendary
Activity: 1092
Merit: 1001
February 20, 2015, 01:03:44 PM
#6
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.

1) would you hand it over to a stranger you have never met?
2) would you store it in a place thats not insured/secure?
3) would you leave it out in the open for anyone to grab?
4) would you shout out to everyone around you that you have X funds just sitting on your table


I agree with the above post.
But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect,
I think we are going to need bitcoin banks that help store your funds (in some way or fashion).
Not because its necessary or safe, but because people are generally stupid and its easy for them.
When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal.
legendary
Activity: 1708
Merit: 1036
February 20, 2015, 01:01:29 PM
#5

I also was thinking of having paper wallets for security, but it would be pretty easy for a hacker to come up with a paper generator program/site, that they know all the private keys to, right?

There was news a few weeks ago that pointed out exactly how this could be done. The idea was that the paper wallet generator would produce specified outputs that the hacker who originated the software could look for in the blockchain, giving them full access to the funds in the cold wallet. I remember saying something like "beware anyone announcing new wallet generator programs about a month from now" in response.

Thanks for the feedback so far everyone!
hero member
Activity: 504
Merit: 500
February 20, 2015, 12:55:04 PM
#4
legendary
Activity: 4410
Merit: 4766
February 20, 2015, 12:52:37 PM
#3
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.

1) would you hand it over to a stranger you have never met?
2) would you store it in a place thats not insured/secure?
3) would you leave it out in the open for anyone to grab?
4) would you shout out to everyone around you that you have X funds just sitting on your table
Pages:
Jump to: