Author

Topic: BitGo.com: Really more secure than cold storage? (Read 3151 times)

hero member
Activity: 518
Merit: 505
2014 was the year of the multisigs, about BitGo & Co. http://www.coindesk.com/2014-became-year-multisig/

hero member
Activity: 938
Merit: 1000
Excellent service. Thanks vertoe and Mike for explaining and introducing me to this.
sr. member
Activity: 448
Merit: 250
ANd thanks for letting me know about the crome app. Didn't know about it.
And the same question above, is there app for firefox also?
sr. member
Activity: 448
Merit: 250
I have used this service for a while now. And i am satisfied, made small transaction not too big.
But i would really like some of those enterprise features. At least Limits on sending funds for normal users.

Still have to use the multi-key system, in real case scenario...
hero member
Activity: 518
Merit: 505
Anyone here experienced using this? Any problems encountered?
It's really working well as it's meeting enterprise standards.
newbie
Activity: 37
Merit: 0
Anyone here experienced using this? Any problems encountered?
hero member
Activity: 518
Merit: 505
* The currency should stick; we'll take a look at that.  (let me know which browser you're in and if you're in private browsing modes)

Ah it seems you store it in cookies, unfortunately, they dont last log with my local settings Smiley

Thanks again for answering my concerns, I feel very welcome and secure using BitGo, but still I would prefer cold storage solutions over a webservice for storing huge amounts of coins long term (But yeah, I understand now that's not even your main focus). But for smaller amounts it's just great to have them accessable from everywhere knowing they are at least as save as on my local machine.

- Is there a plugin for firefox?

+1 Smiley
member
Activity: 82
Merit: 10
Thanks, mbelshe, some more questions:

- What is you business model? I suppose you are not offering this service for free withoud incentives.
- Is there a plugin for firefox?
- Where can I download the Android app? (I don't use Google Play, for privacy and security reasons, only F-Droid and self-checked applications).


newbie
Activity: 36
Merit: 0
Hi, most of the problems in the past about stolen money was caused by some leak in the online servers.

What guaranties do you put in to avoid being hacked?
If an attacker hacks your server, it can do whatever they want, specially they could wait for some big accounts to log in, send fake JS to the client, send a hacked updated version of the app to chrome, etc.
I only see that it is probably harder to hack than blockchain.info, but still you are somewhat vulnerable.

I'm not saying they would be able to sustain that problem for a long time, but one day or even some hours doing so could be catastrophic for all users using the service at those hours.

Am I wrong?

No, you're not wrong, but "security" has so many facets, that you can't simplify the problem to just a couple of sentences either :-)

A couple of points:

a) You can't guarantee against being hacked.  Security is not a feature you finish - its something you work on forever.  But what you can do is to build a system where the damage of an attack is minimal.  Since BitGo doesn't have two keys, the attacker wouldn't get anything immediately by breaking in.  As you point out, he could "lie in wait".  Keeping the bitcoins safe is much easier in this situation, because it is now a matter of quickly detecting the intrusion rather than having to protect data.  Unlike coinbase, or other traditional online services, we don't have large pools of bitcoin waiting to be tapped.  Every user has their own keys, so each user is individually partitioned.  This makes it much less attractive to the intruder to attack.

b) You correctly point out that to date, press-worthy attacks have been primarily against online services.  This is true.  But its about to change.  The reason the attacks have been against online services is because we've been naive and secured large pools of bitcoin behind a single signature!  The attacker breaks in, and instantly has access to all customers funds that use that service.  Both blockchain.info and bitgo avoid this problem by having each customer retain his/her own keys.  Using multi-signature on top of that protects from malware as well.

c) There are many people that think their desktops are safer for their wallets.  They aren't.  They're only safer than online wallets that use single-signature tech.  Hackers have already started to retool their malware (and about 30% of all home computers are breached already).  Those tools will be in every desktop wallet and simply take the unencrypted keys.  You need to use multi-signature for sure, and to make it easy, you're probably going to want to use a service for that second signature.  The service can implement dynamic, real-time updates to its fraud checks in ways that your desktop wallet never can.  I have a lot of paranoia about desktop software.

Mike
newbie
Activity: 36
Merit: 0
Hi Mike,

thanks for taking the time to answer my questions. In general I have to admit I never came across such a well designed and security-confident bitcoin site at all. I am positively surprised and already piped a couple of hundred bitcoin through your service (just bought a car Cool). The best thing is the simplicity of the service. It's secure (yet to be prooved) and easy and I can even spend my coins when I'm not at home.

But still, I can't go to bed knowing there might be something I have missed or not under control while having all my funds on BitGo.com.

Why are so many features only for enterprise users and where can I find the pricing? Isn't it wrong to lock out key security features from normal users and still telling them this is more secure than everything else?

Cheers
--vertoe

PS: A few more notes/questions:
- The default setting of the currency (I'm prefering Euro) is not saved in the dashboard after logout.
- Where does BitGo get the current prices from?
- https://bitgo.com/faq/gifts does not work, is it not existing anymore?

Thanks for the kind words.

I understand your nervousness, you should have that with bitcoin.  If it makes you feel better, we hire external security auditors regularly to go over our service and software.

The reason you can't access all of the features is because we aren't really a consumer site, we've been focusing on larger, institutional holders of bitcoin.  I wish it were free for everyone, but it costs us a lot of money to do this, and it just hasn't been our focus.  I hope others will use the bitgo platform & APIs to build consumer based products.  If you are interested, we can get you setup for $19.99/mo with a basic account.  I know its not free.

To answer your other questions:
* The currency should stick; we'll take a look at that.  (let me know which browser you're in and if you're in private browsing modes)
* Our prices are from bitcoinaverage.com
* The FAQ you stumbled across has some legacy references.  I'll strip those out.

Again, sorry that we don't have everything a consumer or individual would want right now.  I think we're one of the few (only?) bitcoin businesses focused on business needs.

mike
member
Activity: 82
Merit: 10
Hi, most of the problems in the past about stolen money was caused by some leak in the online servers.

What guaranties do you put in to avoid being hacked?
If an attacker hacks your server, it can do whatever they want, specially they could wait for some big accounts to log in, send fake JS to the client, send a hacked updated version of the app to chrome, etc.
I only see that it is probably harder to hack than blockchain.info, but still you are somewhat vulnerable.

I'm not saying they would be able to sustain that problem for a long time, but one day or even some hours doing so could be catastrophic for all users using the service at those hours.

Am I wrong?
hero member
Activity: 518
Merit: 505
Hi Mike,

thanks for taking the time to answer my questions. In general I have to admit I never came across such a well designed and security-confident bitcoin site at all. I am positively surprised and already piped a couple of hundred bitcoin through your service (just bought a car Cool). The best thing is the simplicity of the service. It's secure (yet to be prooved) and easy and I can even spend my coins when I'm not at home.

But still, I can't go to bed knowing there might be something I have missed or not under control while having all my funds on BitGo.com.

Why are so many features only for enterprise users and where can I find the pricing? Isn't it wrong to lock out key security features from normal users and still telling them this is more secure than everything else?

Cheers
--vertoe

PS: A few more notes/questions:
- The default setting of the currency (I'm prefering Euro) is not saved in the dashboard after logout.
- Where does BitGo get the current prices from?
- https://bitgo.com/faq/gifts does not work, is it not existing anymore?
newbie
Activity: 36
Merit: 0
There's also no reason you need a service to do this. All this can be done, for free, securely, using the bitcoind's multi-sig feature.

I'm not trying to promote bitgo, but the idea that you can do multi-signature properly with bitcoind alone is completely untrue.  You at least need some additional software for routing partially signed transactions to appropriate stakeholders, and better yet you need a service that applies fraud detection rules similar to those used at visa, mastercard, paypal, etc.

Things you can't do with bitcoind alone:
a) Basic fraud checks (based on geography, user patterns, etc)
b) Spending limits and velocity limits. 
c) Verify that funds are not being sent to known scam addresses (someday these lists will be as large as email anti-spam blacklists)
d) Enforce specific whitelisted addresses to send to
e) Lockdown transactions to be only originated from certain IP addresses or machines

The list goes on and on.  Granted, if you've only got a couple of bitcoin, you don't need all of these protections.  But, if you've got serious holdings, you absolutely do.  Blanket statements that bitcoind's multi-sig is good enough for all levels seems pretty false to me.

Mike
newbie
Activity: 36
Merit: 0
Hey Vertoe-

Mike from BitGo here with a few thoughts.  We're working hard to up the ante on security, so we really value your skepticism.

You asked a number of questions, so let me try to address them individually.

Issue #1: What if an attacker compromises bitgo.com and changes the JS code to broadcast my keys somewhere?
The core issue here is browser-based javascript.  It's very hard (impossible!) to completely secure.  You've probably read the Matasano analysis on browser-based JS code.  http://matasano.com/articles/javascript-cryptography/  There are many attacks that could lead you to getting bad JS code for your wallet, but I don't think attackers would try to attack BitGo's servers, as that is harder.  The easiest approach is to get a chrome extension to modify the code in the browser.

But the simple answer is to simply not use browser based JS - instead use the Chrome App of BitGo.  You can download it here, and it is not vulnerable to this attack.   https://chrome.google.com/webstore/detail/bitgo/jlgeogaipkoajobchncghcojanffjfhl

But lets suppose you were using the browser version of BitGo and the servers were compromised to serve up bad javascript.  The malicious code would still not be able to access your keys unless it could trick you into initiating a transaction.  Of course, it could lie-in-wait until you did do a transaction, but until you initiate the transaction and provide your per-wallet passcode, the malicious code would have nothing.

But lets suppose eventually you did type in your passcode and the malicious code got that.  Now the malicious code knows your username, password, your wallet passcode, and your private key.  Even with all this information, the attacker still can't coin arbitrary transactions (see my next note, below).  The problem is that he needs to convince BitGo to sign your transaction as well, and that requires logging into your account, which the attacker can't do thanks to 2-factor authentication, which is required on all accounts.

What the attacker could do, however, would be to wait for you to make a transaction, and then modify the transaction to send to his own address instead of your intended address.  For basic wallets, this would be an effective attack, and as I mentioned before, the protection for this is to use the Chome App version of Bitgo.  However, for our enterprise-class wallets, this still would not be enough to compromise the account - thanks to BitGo's use of server side spending limits, address whitelisting, and multi-user approval requirements.  The attacker might be able to get the transaction submitted, but a properly configured wallet would not allow BitGo to sign this transaction.  If it did go through, it would be akin to stealing $300 from your ATM for an account that held millions.


Issue #2: I don't believe this is better than cold storage!
Single-signature wallets, even in cold storage, are inherently less secure than any multi-signature, cold storage solution.  If you don't want hot-keys (maybe you don't want to transact on the wallet), simply create your multi-signature wallet with 2 keys that are offline entirely.  In this case, you can't use the BitGo website to transact, of course, but that's what you wanted - cold storage.

The reason this is better than single signature systems is because single-sig systems ultimately put all the key material onto a single machine to sign.  And when you do that, if the machine has malware, your funds can be taken before you press send.  With multi-sig, the two signatures are each applied on separate machines, making it very difficult for an attacker to steal.  Combined with spending limits, this approach can still be used such that if someone does manage to bring one of the offline keys online, that they'll still have to get through the other spending rules before an automated signature can be applied.

It is fair to point out that BitGo doesn't have a web-based wizard for provisioning this type of cold, multi-sig wallet.  We'll be improving that soon, but the API does exist, and many customers have used it.


Let me know your thoughts.



hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
There's also no reason you need a service to do this. All this can be done, for free, securely, using the bitcoind's multi-sig feature.
Sy
legendary
Activity: 1484
Merit: 1003
Bounty Detective
If the site is compromised they can usually do whatever they want - they still sign your transactions and if you got access to the site you can easily modify the js to submit your key or send you whatever transaction they like.

The real question is "Are they honest" and b "Are they secure" the idea and system itself is nice - as long as it isnt compromised.

Looking at the recent history of exploits (ssl heartbleed, bash attack) i wouldn't trust any web wallet, it's always just a matter of time...and reward.
legendary
Activity: 1232
Merit: 1002
I'm not an expert in JS but if they compromise the servers I think they will not get you BTC


at least this is how I would do it

if I would make the site to work on 2 keys ... one for user and one for site then the key from the site will be useless without the key from the user .... to unlock the funds you will need both key

but if they did it somehow different than what i said I think it's bad and people who will break their servers will be able to get your btc
hero member
Activity: 518
Merit: 505
I've asked a similar question here already, but couldnt get really satisfying answers. I'm wondering, can bitgo.com be trusted? Or is this really a trustless service?

BitGo offers an online wallet which is created by the user based on a 2-of-3-keys multisignature wallet. The keys are generated on client side, 2 keys are held by the user and 1 key is held by them. They claim that they never see more than one key. To me this sounds too good to be true, can anyone independly verify this is really the case?



I know they opensourced their javascript stuff on github to proof it, but I'm not really the man to verify the code. https://github.com/BitGo/BitGoJS

If I understand that correctly, my private key is only processed on client side (web browser) and their private key is processed on server side. This is a nice approach and in addition I have a backup key which allows me to access the funds even without using their website.

But isn't there anything I'm missing? Couldnt someone who compromises their servers just inject (for example) JS which broadcasts my keys or passphrases somewhere? Or what else could happen if bitgo is compromized?



I dont believe this is more secure than a cold storage! (And if it's really not more secure it's dangerous to promote this service this way letting the users in the dark!)



Thanks for any oppinions!
--vertoe
Jump to: