|
Title: How insecure is normal bitcoind? Post by: Valzador on July 10, 2016, 02:21:55 AM When running a (commercial) server that regularly calls to the bitcoind client to send/receive coins and create addresses.
How much more security can choosing to use mutli-sig addresses provide (e.g using bitgo) What risks do i face if i choose to just use a normal bitcoind client on my server? What risks do i face if i choose to use a mutli-sig provider? Title: Re: How insecure is normal bitcoind? Post by: achow101 on July 10, 2016, 02:28:34 AM When running a (commercial) server that regularly calls to the bitcoind client to send/receive coins and create addresses. You can get more security by using multi-sig but the main caveat is that send Bitcoin from the server is a major pain in the ass.How much more security can choosing to use mutli-sig addresses provide (e.g using bitgo) What risks do i face if i choose to just use a normal bitcoind client on my server? You face an attempted attacks on SSH'ing into your server in order to steal the wallet.dat file (fixed by using a strong wallet password) and attempts to connect to the RPC server in order to spend Bitcoin from your server (fixed by restricting IP access, blocking port 8332, and using cookie auth instead of rpcuser and rpcpass).What risks do i face if i choose to use a mutli-sig provider? You rely on a service to continue to stay up and running. If they were to close down, API calls would need to be rewritten. It is a hassle to send Bitcoin from your server.Title: Re: How insecure is normal bitcoind? Post by: Valzador on July 10, 2016, 03:44:45 AM When running a (commercial) server that regularly calls to the bitcoind client to send/receive coins and create addresses. You can get more security by using multi-sig but the main caveat is that send Bitcoin from the server is a major pain in the ass.How much more security can choosing to use mutli-sig addresses provide (e.g using bitgo) What risks do i face if i choose to just use a normal bitcoind client on my server? You face an attempted attacks on SSH'ing into your server in order to steal the wallet.dat file (fixed by using a strong wallet password) and attempts to connect to the RPC server in order to spend Bitcoin from your server (fixed by restricting IP access, blocking port 8332, and using cookie auth instead of rpcuser and rpcpass).What risks do i face if i choose to use a mutli-sig provider? You rely on a service to continue to stay up and running. If they were to close down, API calls would need to be rewritten. It is a hassle to send Bitcoin from your server.Alright so if i cover the following: SSH'ing into server = I can stop that with ssh keys and disallowing root login Wallet.dat = Just have an unbrutable password Bitcoind = restrict ip and cookie auth only There shouldnt be anything else i should be worried about right? Title: Re: How insecure is normal bitcoind? Post by: achow101 on July 10, 2016, 04:08:38 AM Alright so if i cover the following: Short of a zero day vulnerability in any software on the server, that's all you really need to be secure.SSH'ing into server = I can stop that with ssh keys and disallowing root login Wallet.dat = Just have an unbrutable password Bitcoind = restrict ip and cookie auth only There shouldnt be anything else i should be worried about right? Side note, you will want to set up automatic backups and frequently back up the wallet.dat file to a safe location. Title: Re: How insecure is normal bitcoind? Post by: Valzador on July 10, 2016, 04:22:52 AM Alright so if i cover the following: Short of a zero day vulnerability in any software on the server, that's all you really need to be secure.SSH'ing into server = I can stop that with ssh keys and disallowing root login Wallet.dat = Just have an unbrutable password Bitcoind = restrict ip and cookie auth only There shouldnt be anything else i should be worried about right? Side note, you will want to set up automatic backups and frequently back up the wallet.dat file to a safe location. Alright, thanks for your help :D |