btc project security: Encryption of php files + db entry hashes = more security?

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: btctree on May 31, 2012, 07:14:35 AM

there is no 100%(not even 99%) secure at this moment for hosting a bitcoin in/out project. once your system get cracked, your bitcoins are gone.

Yet.

If the host knows the private keys then an attacker who seizes controls of host seizes control of the private keys.

So what if the host never knows the private keys?

Code:

BSM
Host: v0.0.1.1238
Module: v0.0.1.608
Runtime: v4.0.30319

Initializing BSM with root key to form deterministic seed.
Host: 'Initialize(ZOpK/CiAP/aU1HlNOiJxeyCD8MUI/Zf1xCDFtOJPpGU=)'
Module: 'OK'

Verifying root key (module should return SHA256 hash of Root Key)
Host: 'RootHash()'
Module: 'E9o5VWDsusAWOTf5lVPHWI13YeMCXJ85S+SYqFfW6Lc='

Requesting a new address
Host: 'GetAddress(1)'
Module: '112ypupfk6upHCL65NhqNhtv9RBwW1jR1w'

Even storing private keys (and fund control rules) into hardware device isn't 100% secure but it should raise the bar substantially. All major robberies to date have been "smash and grabs". Once attacker gained access to the server he simply copied the private keys to a client he controlled and transferred the funds.

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Quote from: btctree on May 31, 2012, 08:13:56 AM

Quote from: rjk on May 31, 2012, 08:08:20 AM

In order to run code in an autonomous manner, a server must store the decryption key somewhere, and a hacker can usually find it, rendering the encryption useless. Limited exceptions can be made for keys that are required on boot and not stored, but when that happens they are stored in memory and can possibly still be had by a smart hacker.

walletpassphrase won't help, because the hacker can either:
scan your memory cache
or
just use the same session you are already using. for example, use your own JSON-RPC to send bitcoins.

Exactly, and the type of attack depends on how much access the hacker has, and how he got in. If he was able to reset the root password through a control panel for instance (like bitcoinica), he would have root access to plant a keylogger or pick up the passphrase if it were stored on disk. If he broke in through a SQL vulnerability, he could grab the passphrase from memory, even if it were not stored on disk. It's a difficult kind of situation, but HSMs such as what DeathAndTaxes is looking into can mitigate the risk somewhat.

btctree

newbie

Activity: 47

Merit: 0

Quote from: rjk on May 31, 2012, 08:08:20 AM

In order to run code in an autonomous manner, a server must store the decryption key somewhere, and a hacker can usually find it, rendering the encryption useless. Limited exceptions can be made for keys that are required on boot and not stored, but when that happens they are stored in memory and can possibly still be had by a smart hacker.

walletpassphrase won't help, because the hacker can either:
scan your memory cache
or
just use the same session you are already using. for example, use your own JSON-RPC to send bitcoins.

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

In order to run code in an autonomous manner, a server must store the decryption key somewhere, and a hacker can usually find it, rendering the encryption useless. Limited exceptions can be made for keys that are required on boot and not stored, but when that happens they are stored in memory and can possibly still be had by a smart hacker.

btctree

newbie

Activity: 47

Merit: 0

let's say if a hacker get access of your sql and file system(like he got your root password)

so he can:
1: call ./bitcoind send command in ssh to send your bitcoins to his address.
2: upload a php (for example,JSON-RPC), to control your bitcoind with same command in 1
3: decrypt your php encode, then get the algo of hash of your sql data, won't be too hard if he has skill to hack your server
4: or just leave some small scripts in your payment process code which allows him to receive bitcoins when you pay/receive bitcoins, he can also set many conditions for this "steal program" so you can't find out there is problem only after long time or huge damage.
5: many others, predictable and unpredictable...

there is no 100%(not even 99%) secure at this moment for hosting a bitcoin in/out project. once your system get cracked, your bitcoins are gone. but i know there is a new thing called "multi-sig transactions" coming out on bitcoin's application which can stop unauthorized payments be processed even your system has been cracked.

Pieter Wuille

legendary

Activity: 1072

Merit: 1181

And the attacker will just run the custom hashing executable.

hamdi

hero member

Activity: 826

Merit: 500

php encryptions are all not safe.
they can all be reversed.

you could compile a custom hashing executable and call that from within php

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

The server runs the encrypted code "somehow".
If the attacker gains admin access he can do anything the server can.

Pieter Wuille

legendary

Activity: 1072

Merit: 1181

He doesn't need to understand them - he can just execute them.

winnetou

sr. member

Activity: 361

Merit: 250

But he does not know the code / hash algo. because the php files are encrypted

Pieter Wuille

legendary

Activity: 1072

Merit: 1181

If an attacker gets access to you system, he can just run the code to update the hashes as well...

winnetou

sr. member

Activity: 361

Merit: 250

Hi,

Recently I thought about how you can make Bitcoin web projects more secure.

I came up with the following idea:
- Encrypt your php files (e.g. with http://www.sourceguardian.com/)
- Create a hash of every financial sensible db entry (transactions, account balances etc.) and check the hash on every access

Benefits:
If a hacker gets access to the database he can not add new transactions or change existing ones because he does not know the algorithm of your hash. Even if he gets access to the entire server he can not get (at least not easily I think) the hash algorithm because the php files are encrypted.

Furthermore you can add an alarm when one hash is invalid that causes a stop to your bitcoin transaction handler or something like that.

What do you think and has somebody experience with encryption of php files? (In a trice I found no good open source tool for doing that)

Topic: btc project security: Encryption of php files + db entry hashes = more security? (Read 2777 times)