Title: Hosted Wallet Security Checklist Post by: jordan.dev on May 05, 2013, 07:36:29 PM I want to start a service that offers a hosted wallet, since this is an integral part of almost every Bitcoin related business business, I think it's wise to try to get a security checklist going to ensure to the best possibility the security of the user's funds, and the integrity of the business for customers and investors alike.
Basic permise of the service: webapp that connects as a client to a bitcoind server Ps. if there is a more comprehensive guide somewhere I'd like to read it! I'll get it started and add people's suggestions here: Web-app
Bitcoin Wallet (Bitcoin JSON-RPC server)
Wallet Itself (security of wallet.dat, hot-wallet, cold-storage etc.) Title: Re: Hosted Wallet Security Checklist Post by: aantonop on May 05, 2013, 07:45:52 PM It takes a lot more to secure a hosted wallet than what you suggest here. Is this intended to be an open source project, kinda like blockchain, only open?
If so, that's a good idea. If you want to do this as a business, you will need a lot more experienced security people to help you or this will quickly become a capture-the-flag platform for hackers. Title: Re: Hosted Wallet Security Checklist Post by: jordan.dev on May 05, 2013, 07:55:13 PM I guess I should mention that the hosted wallet isn't the core of the business - and I am not opposed to investing in talented security professionals to help secure the service in the future.
I know there are A LOT MORE than the initial list. I wanted to start this thread as an open forum for developing a longer, more complete list of security precautions based on contributions. As far as open source, that would be great if there was a set of known security protocols that everyone agreed were minimum MUST HAVEs to even be considered secure. It takes a lot more to secure a hosted wallet than what you suggest here. Is this intended to be an open source project, kinda like blockchain, only open? If so, that's a good idea. If you want to do this as a business, you will need a lot more experienced security people to help you or this will quickly become a capture-the-flag platform for hackers. Title: Re: Hosted Wallet Security Checklist Post by: gweedo on May 05, 2013, 08:00:24 PM Maybe I can license you some of my programs I use behind my scenes to make bitcoind a lot more secure on a stock bitcoind. PM me if interested.
|