Pages:
Author

Topic: Bitstamp is open - now with multisig - page 2. (Read 4474 times)

legendary
Activity: 4760
Merit: 1283
January 09, 2015, 11:43:14 PM
#43
...
Amazon Web Services
* Bitstamp is now running on Amazon’s world-class AWS cloud infrastructure, architected to be one of the most secure and reliable cloud computing environments available.
...

My main quibble with them is that they tout EC2/AWS as secure.  It is certainly reliable, it is certainly backed by a company that needs security, BUT, it is a virtual environment using Xen as the hypervisor. There have been security issues there and with paravirtual hosts in general.  It is kind of like private keys - if you don't have the keys, you don't own the coins, here, if you don't have the servers, you should be concerned about security.

I do have a non-Bitcoin server there and have for about 8 years, but it is a web server not handling potentially millions of dollars and could be restored elsewhere quickly.  It is quick, reliable, and not too expensive, but not rock bottom.

Much would depend on the architecture and multi-sig will sure help, but I would always worry about VPS when handling big money figures. Hopefully they worry about it too.


AWS does not necessarily imply EC2.  They did also reference new physical hardware as well so one can infer that they keep their secrets to themselves (and, in some people's theory, their less-than-fully-trustworthy staff Smiley )  Even if it is EC2 that they are using, there are a ton of things one could use a VM for which don't involve super-sensitive information.  Conversely, there are a lot of services besides EC2 that one could pass sensitive info through if the design sucks.

I've used AWS for various things in the past, and very possibly will in the future.  They are reliable, cheap, have got a large global footprint and are well peered.  One needs to have a rational design to avoid any potential lose secrets, but that's just standard system design.

legendary
Activity: 4256
Merit: 1313
January 09, 2015, 10:20:42 PM
#42


...
Amazon Web Services
* Bitstamp is now running on Amazon’s world-class AWS cloud infrastructure, architected to be one of the most secure and reliable cloud computing environments available.
...

My main quibble with them is that they tout EC2/AWS as secure.  It is certainly reliable, it is certainly backed by a company that needs security, BUT, it is a virtual environment using Xen as the hypervisor. There have been security issues there and with paravirtual hosts in general.  It is kind of like private keys - if you don't have the keys, you don't own the coins, here, if you don't have the servers, you should be concerned about security.

I do have a non-Bitcoin server there and have for about 8 years, but it is a web server not handling potentially millions of dollars and could be restored elsewhere quickly.  It is quick, reliable, and not too expensive, but not rock bottom.

Much would depend on the architecture and multi-sig will sure help, but I would always worry about VPS when handling big money figures. Hopefully they worry about it too.

legendary
Activity: 1414
Merit: 1000
January 09, 2015, 07:04:05 PM
#41
They claim to use multisig now - can someone check if the deposit addresses start with 3 now?

If the not, then the hot wallet is not using multisig - and therefore not much has really changed security wise.

It seems they just migrated from cold storage to multisig for the cold wallet - which does not really improve security that much.

Bitcoin Deposit
Send your bitcoins to this address:

3Jx ...
legendary
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
January 09, 2015, 07:03:05 PM
#40
Now transfer some Bitcoin out.  If it works quickly then Bitstamp has all keys required for withdrawals sitting on their AWS server.  A hacker can take multiple keys just as quickly as one key when they are all put on the same server.  A hacker may be slowed if they are on different servers.  But you cannot keep the keys offline and have functional withdrawals.  Offline keys would mean someone sitting in an office approving all withdrawals by entering a pass phrase for each one.


BitGo has one key and sign all transactions. They have spending limits and manual approval for large transactions.
sr. member
Activity: 364
Merit: 250
January 09, 2015, 06:49:55 PM
#39
Now transfer some Bitcoin out.  If it works quickly then Bitstamp has all keys required for withdrawals sitting on their AWS server.  A hacker can take multiple keys just as quickly as one key when they are all put on the same server.  A hacker may be slowed if they are on different servers.  But you cannot keep the keys offline and have functional withdrawals.  Offline keys would mean someone sitting in an office approving all withdrawals by entering a pass phrase for each one.
full member
Activity: 420
Merit: 117
January 09, 2015, 06:45:57 PM
#38
I wonder if it would be possible for miners to act as a clearinghouse? All trades through the exchange hot wallet are susceptible to attack. If you had miners both mining blocks and arbitrating transactions, you could have built in security at the level of the exchange as well.

Or would it be possible for an exchange to use placeholders for its hot wallet transactions? --The floating hot wallet keys on their server would be placeholder keys only for a quick processing. When the transactions completes and is confirmed, an instantaneous wallet key is used, transaction happens and repeat. Stamp would than be able to get their fiat or Bitcoin once the transaction posts and is confirmed.
legendary
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
January 09, 2015, 06:43:09 PM
#37
They claim to use multisig now - can someone check if the deposit addresses start with 3 now?

It does.
full member
Activity: 167
Merit: 100
January 09, 2015, 06:40:23 PM
#36
Its a good feature for us, but its a expensive feature for them
legendary
Activity: 2338
Merit: 1035
January 09, 2015, 06:38:45 PM
#35
They claim to use multisig now - can someone check if the deposit addresses start with 3 now?

If the not, then the hot wallet is not using multisig - and therefore not much has really changed security wise.

It seems they just migrated from cold storage to multisig for the cold wallet - which does not really improve security that much.

I guess they will use less coins in hot storage

Anyway, I think this proves that bitcoin isn't ready for mainstream yet. It's not secure and easy enough yet.
That doesn't stop it from going to $10k though as the market is still so fucking small for it's potential.
I can imagine it going to $10k and consolidate around $5k-$10k for several years(Where most of the infrastrucutre will be built) before getting into $50k range, $100k and eventually $200k
sr. member
Activity: 364
Merit: 250
January 09, 2015, 06:36:42 PM
#34
This means traders' Bitcoins are all in one or more community wallets controlled by Bitstamp.  Multi-sig protects their cold wallets.  But traders are not protected from Bitstamp themselves, and Bitstamp's hot wallets are still not protected from hackers as all keys required for withdrawals must be present on their AWS server for it to process the withdrawals.

Multi-sig implemented this way offers nothing to traders.

sr. member
Activity: 252
Merit: 250
Uro: 1 URO = 1 metric tonne of Urea N46 fertilizer
January 09, 2015, 06:36:29 PM
#33
They claim to use multisig now - can someone check if the deposit addresses start with 3 now?

If the not, then the hot wallet is not using multisig - and therefore not much has really changed security wise.

It seems they just migrated from cold storage to multisig for the cold wallet - which does not really improve security that much.
legendary
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
January 09, 2015, 06:28:12 PM
#32
Bitstamp has one key, BitGo has one key and a third key is stored offline.

Quote
Introduction to the BitGo Secure Wallet

Typical Bitcoin wallets have a single private key, making your Bitcoin susceptible to theft and loss. Our multi-signature technology issues three keys for your wallet, two of which are required to send Bitcoin.

We hold one key, you control a second key, and a third key is stored offline as a backup. If a single key is compromised, your Bitcoin can’t be stolen. This makes our wallet virtually hack proof.

Unlike most other Bitcoin companies, BitGo doesn’t have the ability to access your Bitcoin. We only hold one key, which isn’t sufficient to transact on your behalf.

BitGo requires two-factor authentication and uses enterprise-grade security measures to ensure full protection of your Bitcoin.

Read more technical details in a whitepaper authored by BitGo’s CTO about how we use P2SH (BIP 16) to create a multi-signature wallet. Below is a diagram from the whitepaper comparing Bitcoin wallet architectures.

http://bitgoinc.com/
full member
Activity: 420
Merit: 117
January 09, 2015, 06:21:48 PM
#31
Anyone with a sitting sell order on the books will have to give control of the Bitcoins to Bitstamp.  It's the only way to actually get execution on sitting orders.  Only Bitcoins that are not committed to an order on the books could be kept in a multi-sig wallet where Bitstamp has no access.  To go from that wallet to be able to use the Bitcoins in an order means waiting for confirmations.  So you either get multi-sig security with a confirmation delay to place an order, or you get no multi-sig security with no delay.

This might become a problem in the long run. When you're trading, ease and swiftness of transactions is crucial. The constant signing and waiting could have negative effects on users of the exchange.

Since Stamp now uses multi-sig, does this mean that their wallets will all employ this technology when they are pushing their own money around in house? If not, traders will be stuck waiting while Stamp is making instant cash of facilitating trades fast on their end and slow on the trader's end.
sr. member
Activity: 280
Merit: 250
January 09, 2015, 06:06:18 PM
#30
Very impressive.
legendary
Activity: 2464
Merit: 1145
January 09, 2015, 06:03:32 PM
#29
Anyone with a sitting sell order on the books will have to give control of the Bitcoins to Bitstamp.  It's the only way to actually get execution on sitting orders.  Only Bitcoins that are not committed to an order on the books could be kept in a multi-sig wallet where Bitstamp has no access.  To go from that wallet to be able to use the Bitcoins in an order means waiting for confirmations.  So you either get multi-sig security with a confirmation delay to place an order, or you get no multi-sig security with no delay.



no, they (should) use an internal database for trades.
all 3 keys will be needed when the btc are actually leaving bitstamp ( = when you withdraw your btc) - else multisig would make no sense and would be no advantage like you said
hero member
Activity: 854
Merit: 503
Legendary trader
January 09, 2015, 05:58:11 PM
#28
Could the panic buy be due to people who have cash on their accounts buying BTC as a quicker way to move their money out of Bitstamp?
Seems valid.
sr. member
Activity: 364
Merit: 250
January 09, 2015, 05:37:51 PM
#27
Anyone with a sitting sell order on the books will have to give control of the Bitcoins to Bitstamp.  It's the only way to actually get execution on sitting orders.  Only Bitcoins that are not committed to an order on the books could be kept in a multi-sig wallet where Bitstamp has no access.  To go from that wallet to be able to use the Bitcoins in an order means waiting for confirmations.  So you either get multi-sig security with a confirmation delay to place an order, or you get no multi-sig security with no delay.

sr. member
Activity: 256
Merit: 250
January 09, 2015, 05:01:16 PM
#26
I think Bitstamp will never be hacked again
legendary
Activity: 1316
Merit: 1000
Si vis pacem, para bellum
January 09, 2015, 04:59:27 PM
#25
the bitstamp team showed the world that there is no goxxing around no more.

they deserve credit for handling the mess like pro's.

hasta lässt victoria siempre- bitcoin !

 Cool

gox alledgedly lost/stole   around 750,000 btc as well as tens of millions of dollars
its a big differnce when the hack is only 18,700 btc  and btcs are relatively cheap now in usd terms
sr. member
Activity: 261
Merit: 250
January 09, 2015, 04:50:10 PM
#24
Could the panic buy be due to people who have cash on their accounts buying BTC as a quicker way to move their money out of Bitstamp?
Pages:
Jump to: