Pages:
Author

Topic: thoughts on Bitgo - the most secure wallet 3-fa (Read 9089 times)

full member
Activity: 210
Merit: 100
Looking for the next big thing
People are still using web wallets really? Did we not learn from blockchain.info.

What's wrong with blockchain.info?

People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet.

I think blockchain.info will probably be safer for a newb who doesn't really know waht they're doing, as long as they set up all the security features; 2 factor auth and a second password etc.

I have heard about people getting hacked on blockchain.info when not using 2FA, but I haven't heard of a single hack from a person that uses 2FA.  I consider it extremely safe.

As far as Bitgo is concerned.  I use it too and like it as a service.  I feel more confident that a webwallet isn't going to run off with my money when it was designed from the ground up to be impossible to do that.  Now maybe that is or isn't the case in reality and we don't always know what a sneaky hacker will do.  Still.... I have used Bitgo and feel confident with it.

And always use 2FA when possible!
newbie
Activity: 36
Merit: 0
Anyone know why the BitGo site is empty?  Just the title pages work for me no content.

It definitely should not be the case!  Feel free to send me or [email protected] email and we'll get this sorted out.

Thanks
Mike
newbie
Activity: 36
Merit: 0
BitGo is a great proof of concept. I'm almost certain that multisig wallets like this is how the majority of people will use bitcoin for day to day transactions in the future (the only alternative to multisig+3rd party being multisig+hardware wallet)

Though I second ADgordo that it badly needs to support deterministic wallets. Full on HD wallet support (BIP32) would be awesome. Having single-address wallets in 2014 is a big turn off  Sad

BitGo has been full HD for at least 6 months :-)

Mike
newbie
Activity: 36
Merit: 0
People are still using web wallets really? Did we not learn from instawallet, inputs.io, and blockchain.info. I see a couple problems with this one. How are they generating the 3 keys? If it isn't client side, it isn't safe. If they are holding on to the 3 keys even indirectly they are not safe. It isn't open source, so there is no way to verify or run this services on my own. Also all web wallets will be consider not safe until they implement trezor support.

So again don't use web wallets none of them are safe unless you are using a trezor or hardware option to sign the transaction.

What surprises me is that you think your desktop wallet is safer.  It's absolutely not.  Did we not learn anything from the growth of malware over the past 10 years?  30% of home computers are running malware already, and the numbers are growing, not shrinking.  Every desktop wallet, from Armory to Bitcoin-QT, etc, is vulnerable to these attacks while BitGo is not.  Any single-signature wallet is even more vulnerable.

So perhaps all of us should stop thinking of wallets as either "desktop" or "web".  BitGo is both.  BitGo is a desktop wallet (use the chrome app) with a web service component (the BitGo service).  The two together are called a "multi-signature wallet", and as we all know, this has been declared the "year of multi-sig" for a reason:  because it is safer than desktop or web wallets.

But to answer your questions:  the keys are provisioned on machines other than the service with the user's full control, and are never known to the service.  Hardware signing is coming too.

Mike


8up
hero member
Activity: 618
Merit: 500
BitGo is currently my favorite online wallet provider and it doesn't even have to function like that.  In an encrypted folder on a linux box I can issue transactions from my own two keys.  Amazing stuff.  If only the system worked by hierarchical wallets with mnemonic seeds as what is split up instead of a single address combination.   

Did anyone recognize this?
https://coinreport.net/bitgo-announces-hd-wallets-novel-solution-transaction-anonymity/
sr. member
Activity: 470
Merit: 250
Sounds like what I'm looking for: both secure and easy enough. Have my coins on an exchange now which doesn't feel to secure considering what's happened lately. Clever with the 3-fa. If computer craches, gets hacked, gets stolen, i retrieve my coins with offline pw and bitgo. If bitgo get hacked, seized, seize to exist, no worries, I use browser pw and offline pw. Do I understand it correctly? Bitgo doesn't even need to exist for me to retrieve my bitcoins with help of browser pw and offline pw? That last part is quite important...

Correct.  I have an instance of sx (a bitcoin tool suite) that allows me to execute transactions from the address bitgo creates without bitgo by keeping my private keys in an encrypted folder.

Signing up now...
legendary
Activity: 1288
Merit: 1004
Anyone know why the BitGo site is empty?  Just the title pages work for me no content.
member
Activity: 203
Merit: 10
The World’s First Blockchain Core
Sounds like what I'm looking for: both secure and easy enough. Have my coins on an exchange now which doesn't feel to secure considering what's happened lately. Clever with the 3-fa. If computer craches, gets hacked, gets stolen, i retrieve my coins with offline pw and bitgo. If bitgo get hacked, seized, seize to exist, no worries, I use browser pw and offline pw. Do I understand it correctly? Bitgo doesn't even need to exist for me to retrieve my bitcoins with help of browser pw and offline pw? That last part is quite important...

Correct.  I have an instance of sx (a bitcoin tool suite) that allows me to execute transactions from the address bitgo creates without bitgo by keeping my private keys in an encrypted folder.
sr. member
Activity: 470
Merit: 250
Sounds like what I'm looking for: both secure and easy enough. Have my coins on an exchange now which doesn't feel to secure considering what's happened lately. Clever with the 3-fa. If computer craches, gets hacked, gets stolen, i retrieve my coins with offline pw and bitgo. If bitgo get hacked, seized, seize to exist, no worries, I use browser pw and offline pw. Do I understand it correctly? Bitgo doesn't even need to exist for me to retrieve my bitcoins with help of browser pw and offline pw? That last part is quite important...
full member
Activity: 192
Merit: 100
Offline wallets are not convenient and can't offer you 2FA.

If you want something multisig, bip0032, 2of2 (with nLockTime unfreezing the fund) https://bitcointalksearch.org/topic/greenaddress-open-source-multisig-wallet-service-521988

Before you dismiss it, our Chrome App client it's uniminified/inspectionable, open source,  it has independent blockchain data verification via the electrum network and even if we disappear your btc can be unlocked by you.
member
Activity: 112
Merit: 10
Cryptocurrencies Exchange
just stick to offline wallets...
newbie
Activity: 26
Merit: 0
BitGo is a great proof of concept. I'm almost certain that multisig wallets like this is how the majority of people will use bitcoin for day to day transactions in the future (the only alternative to multisig+3rd party being multisig+hardware wallet)

Though I second ADgordo that it badly needs to support deterministic wallets. Full on HD wallet support (BIP32) would be awesome. Having single-address wallets in 2014 is a big turn off  Sad
member
Activity: 203
Merit: 10
The World’s First Blockchain Core
BitGo is currently my favorite online wallet provider and it doesn't even have to function like that.  In an encrypted folder on a linux box I can issue transactions from my own two keys.  Amazing stuff.  If only the system worked by hierarchical wallets with mnemonic seeds as what is split up instead of a single address combination.   
newbie
Activity: 34
Merit: 0
I hope BitGo doesn't generate all three the private keys on their servers because then the security of all this service is very low.

You could always try reading...

BitGo today allows you to create one in your browser, import one (public key only) from a 3rd source of your choosing (offline, your existing wallet, etc), and one is created on the BitGo service.  If you use this option, you've used 3 independent sources for key generation which means that your wallet starts out in great shape.
newbie
Activity: 43
Merit: 0
mbelshe: Can I generate three private keys for 2of3 multisig on a secure offline computer and then import only 1 priv key to BitGo server?
Can I import this private key pre-encrypted? So it's impossible to see it serverside and it's only decypted on client side on demand?

I hope BitGo doesn't generate all three the private keys on their servers because then the security of all this service is very low.
newbie
Activity: 36
Merit: 0
Quote
I'm the creator of BitGo, so I know I am biased.  For what it is worth, we've already done a full external security audit (expensive!) of the software both client and server side.  The operational engineering that has gone into BitGo is also atypical and has been designed from the ground up for bitcoin security.  We'll be doing another audit in the not-too-distant future.  Peer reviews and security reviews are absolutely essential.

Who did your full audit. I am looking for an auditor myself and it would be nice to grab someone who is now familiar with Bitcoin

When you start looking around for security auditors, you'll find they make you sign agreements that you can't disclose their name.  This is because if you are ever hacked, they don't want to tarnish their own brand.  Ironic, right?  But I assure you, this is industry standard for these types of things.

But if you are looking for a known and trusted auditor, starting with Matasano (http://www.matasano.com/) is a good start.  It is not cheap.

Mike
newbie
Activity: 36
Merit: 0
I don't get it. Only 2 FA is needed for transactions. So if someone hacks in to an account he can withdraw the coins with just 2 passwords, right?

Incorrect.  2FA is required both for login and transactions.

Mike
newbie
Activity: 36
Merit: 0
People are still using web wallets really? Did we not learn from instawallet, inputs.io, and blockchain.info. I see a couple problems with this one. How are they generating the 3 keys? If it isn't client side, it isn't safe. If they are holding on to the 3 keys even indirectly they are not safe. It isn't open source, so there is no way to verify or run this services on my own. Also all web wallets will be consider not safe until they implement trezor support.

So again don't use web wallets none of them are safe unless you are using a trezor or hardware option to sign the transaction.

The blanket answer of "all web wallets are unsafe" is too black-and-white.  And it's just not true that the only safe way to secure bitcoin is with a Trezor.  (I love the Trezor, by the way, and look forward to getting mine).

But BitGo isn't really a web wallet anyway.  Sure you access it from the web, but it requires 3 independent devices to transact.  So unlike a client-side wallet, where compromising a single machine will steal your bitcoin, BitGo requires 3 machines get hacked before your funds can be taken.  If you consider that 30% of home computers are infected already (source: http://www.infoworld.com/t/cyber-crime/malware-infects-30-percent-of-computers-in-us-199598), this is a pretty important point.  As bitcoin grows, the incentive to steal bitcoin keys grows.  Anyone relying on a single system to host the keys to their bitcoin will be vulnerable, and common users aren't security experts enough to keep away the malware.

So to answer your questions, BitGo strongly believes we should never hold the keys to your account.  We're a backup, and a cosigner, but we never see enough keys to transact.  BitGo today allows you to create one in your browser, import one (public key only) from a 3rd source of your choosing (offline, your existing wallet, etc), and one is created on the BitGo service.  If you use this option, you've used 3 independent sources for key generation which means that your wallet starts out in great shape.  To transact on it with BitGo, you'll need to provide one key, and BitGo provides the second key.  On top of that we use 2FA to your phone to protect against any keylogger type attacks.  This bitcoin address creation process is hard to do - its a lot of work, and we're still working on making it simpler - but we will stick to our security principles that we should never hold your keys. So there are options for small bitcoin accounts to create two keys in your browser and send one to paper backup.  This is a tradeoff the user can make.

There is another great advantage to the 2-of-3 system which a single key system can't do.  The server can audit who is requesting a transaction by looking at IP addresses, access patterns, enforcing velocity limits, notifying stakeholders of the pending transaction, etc.   All of these features are made possible by being a "web wallet" with a server assisting.   Single key systems simply can't do this.

Regarding open source - you can find some of our source code out here:  https://github.com/BitGo.  The client software is already open source by its very nature - it runs 100% in your browser.

Anyway, I am not stating that BitGo is perfect by any means, so I hope it doesn't sound that way.  With security, you just constantly need to 'raise the bar', and I hope that this solution materially raises it.

If you do see any specific flaws or want to audit our code, I welcome that very much!

Best,
Mike




hero member
Activity: 518
Merit: 500
People are still using web wallets really? Did we not learn from blockchain.info.

What's wrong with blockchain.info?

People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet.

I think blockchain.info will probably be safer for a newb who doesn't really know waht they're doing, as long as they set up all the security features; 2 factor auth and a second password etc.

Local clients are better for newbies, but lets be honest we need to teach newbies about all forms of security cause many sites use 2FA they should learn it now. What it is and how it helps from hackers but not backend hackers.

backend hackers or site owners that just run off with all the coins ......

I put them in the backend hackers that have access to the machine.

Yeah I got that but the reference might have been a bit subtle for some Smiley
legendary
Activity: 1498
Merit: 1000
People are still using web wallets really? Did we not learn from blockchain.info.

What's wrong with blockchain.info?

People still get hacked on blockchain, but they are a lot better than most web wallets, and if they add trezor support like they plan on, they will be the most secure web wallet.

I think blockchain.info will probably be safer for a newb who doesn't really know waht they're doing, as long as they set up all the security features; 2 factor auth and a second password etc.

Local clients are better for newbies, but lets be honest we need to teach newbies about all forms of security cause many sites use 2FA they should learn it now. What it is and how it helps from hackers but not backend hackers.

backend hackers or site owners that just run off with all the coins ......

I put them in the backend hackers that have access to the machine.
Pages:
Jump to: