Bitcoin Forum

The private key of bitcoin could be recovered by flush+reload method. it seems to be true.
http://www.reddit.com/r/Bitcoin/comments/1zmgiq/new_side_channel_attack_that_can_recover_private/

You do realize this requires the attacker to have access to the CPU.  If the attacker has access to do the low level hardware you system is likely rooted, and he is reading your passphrase as you type it.

The one noteable exception is this makes VPS even less secure.  They already were a horrible idea for Bitcoin security but I guarantee you at least one "professional" bitcoin site is running on a VPS right now. Information security begins with physical security and you can't have physical security inside another persons vault (your VPS running on their hardware).  Title should be changed to "Using a VPS means you can be hacked (by this and countless other attack vectors)".

Truth or lie, doesn't matter the fact of the matter is the btc protocol needs more security
Exchanges who used it should be more transparent such that their transactions are signed (verified)

One weaknesses of the protocol has already been exposed: https://bitcointalk.org/index.php?topic=492776.0;topicseen
now the community is fighting hard to uncover more weaknesses, not to exploit them, but to know what parts of the infrastructure needs replacement.

When you find the flaws, when you fix the flaws, you create a more secure protocol, and you create a more secure environment for the community to thrive

if a hacker has access to your system, why bother with that sophistication, just steal the wallet.dat

the bitcoin protocol cannot be hacked. just one persons data in this scenario.

bitcoin protocol needs 51% out of millions of users for the protocol to be "hacked" or as others call it a change to cause a fork.

this hack is about gaining private keys of individuals not forking the protocol of millions of users. yes i know bitcoin uses those encryptions, but bitcoin protocol is more then just the privkey of someones address.

That's what I was wondering.  ???

Your myth has been busted!

This is a side channel attack.  There is no flaw to find or fix in the protocol.  It says that if the attacker can monitor and manipulate the CPU then they can steal the private key.  The fix is to make sure the attacker can't monitor or manipulate the CPU.  If almost all circumstances if the attacker can do this he can simply steal the wallet.dat (which is much easier).  

The one exception would be idiot service operators running bitcoin services in "the cloud" or on VPS.  Of course there have been at least two dozen thefts in the past related to compromises of VPS (including linode).  Virtual environment will NEVER be secure for bitcoin services.  OpenSSL may eventually make this attacker harder to pull off but even then the VPS will remain a source of hundreds of attack vectors.

If you use a bitcoin related service (exchange, eWallet, mining pool, etc) ask the service operator if they are stupid enough to run it on a VPS? If the answer is yes run, run, run for the exits because it is only a matter of when not if they eventually lose all your bitcoins.  This technical vulnerability is the least of your worries.  There are attacks which are a magnitude easier (including simply logging in with the super admin/root account and stealing the coins).

The operator is stupid enough to run a hot wallet on a VPS.  The attacker may not have access to the wallet.dat or file system but can monitor the CPU and manipulate its operation from the hypervisor.

the protocol is fine. its how people use it (their PHP scripts that do not double check transactions that is at fault)
i am still using a qt client from before christmas and it still works. your scenario involved webservices changing their website code, not the bitcoin daemon of all users to solve the issue.

i wonder when people will learn to not blame the protocol for their own lack of firewalls to prevent hackers, encryption to make data useless to outsiders, and webcode that can adequately talk to the daemon with the security and double checking standards that we see as 'basic' in the FIAT network.

its the services ontop of bitcoin at fault.
its they type of CPU and operating systems with or without antivirus/firewalls/networking monitor tools that is at fault.

if a hacker can sniff out data from the CPU cache, then private keys could be hacked. but also your bank account and personal correspondance to your mistress can be hacked. that is not bitcoin protocol flaw. that is a operating system/ CPU manufacturer security flaw.

summary:
paper wallets dont need CPU's

QFT ++ ... the best systems cannot prevent userland errors or lack of security. encrypt encrypt encrypt encrypt, and be smart :)

Do you think it's enough to have the bitcoin wallets in a server you physically control or should also the website be located inhouse to prevent thieves from stealing bitcoins?

most vps are run on a physical server that hosts many vps and therefore most vps cannot handle that much traffic before it becomes a problem and crashes the vps constantly.

my policy is "IN_HOUSE ONLY" .. the reason for this policy is because any data that resides on someone elses hardware is accessable by who knows how many other admins. i get calls everyday of people trying to get me to send data to thier "cloud" and then wonder why i am so against "cloud" technology. very simple the data is not secure on someone elses servers.

2 years ago i posted a idea that no wallet should be on a server. instead a withdrawal request should just be a database entry on the server. and on a separate system away from the server that has a copy of users details. no communications go to the off-server system. pure the off-server system looks in the database (one way communication) which it would see the request and compare the password or pin given on that request to the copy on their off-network system. if they match the off-server system would perform the transaction.

all that should be on the server is a hashed copy of the password, used purely for login requests where the login page hashes the users password and compares the hashes. that way the hacker cannot guess the unhashed password

adding to that the withdrawal request database uses a different hashing method which the off-server has a copy of, so that hackers dont simply copy the login hash to the withdrawal request. as the 2 would be different

combine that with the fact that there is no privkey on the server makes cpu sniffing useless also

That is the least of your problems.  Some very large bitcoin services have lost some very large amounts of bitcoins because they were running on a VPS.  Google Bitcoin linode hack.

That's true, but you can never compete with cloud services like Amazon in uptime and you also have a higher risk of DDOS.
Even if you got two redundant servers, at two different locations, backup power, and two ISP:s your servers uptime wont be as good as Amazon. Even if you reach the same uptime and stability as Amazon your cost will be many times higher, unless you have economics of scales as a big corporation.

Help!?  What does this mean for my offline paper and encrypted USB wallets? 

I agree with you on all points.

Thank you for making this clear.

+1

QFT.  D&T also makes a good point about a pool having their VPS hacked, and tons of bitcoins stolen nearly 2 years ago now.  (And they were not the only one, it has been a recurring problem.)  If you are on a pool, exchange, etc, don't store your coins there.  Set an automatic payout, or use p2pool with an instant payout.

Server you control physically is sufficient in most cases.  Most companies don't have the resources to build a datacenter to house their server.  Going with a tier 1 datacenter, purchasing a locked cage or cabinet, and starting with bare metal server(s) provides a high barrier.  Now if you service grows to the point you are processing billions a year well then moving servers (or at least hot wallet hardware) "in house" might be something to consider.  

We use a private locked cabinet with access control in a major datacenter.  No datacenter employees have need or ability to login to our hardware.  The OS was installed clean onto bare metal we own so there are no "super admin" accounts that we don't know about.  IPMI and power cycle PDUs have made it possible to do a lot more remotely these days (even BIOS access and remote media for installing OS is possible).  Good secure chassis with intrusion detection are a good secondary line of defense to ensure the employees don't have access to the hardware internals.  We disable USB in BIOS.  Since disks are designed to be hotswapped, encrypted disks (and backups) are a requirement to ensure information isn't physically stolen by datacenter employee.    A good datacenter should have no problems shipping replaced/dead disks back to you to verify serial numbers against inventory control.

The one bad thing about IPMI, is it is usually very poorly implemented from a security standpoint.  It doesn't really matter the vendor, most have dozens of long running vulnerabilities.  The IPMI ports should never be public facing and instead be behind a dedicated vpn hardware firewall (i.e establish vpn tunnel to firewall, authenticate, and then gain access to the IPMI network).

The web server is going to be the most vulnerable point of any system; it is by definition public facing with open access.  For that reason that server should only be used as a webserver.  The database, bitcoind connectivity (even for just listening wallets), remote WAN login access, backups, etc should be on a different server which has no public access.  Most datacenter can provide a VLAN on a switch for private connectivity but switches are cheap so I like to buy and install our own switch in the cabinet.  Of course all this is just the outer wall, intrusion detection software, monitoring, and vulnerability scanning should be part of the picture too.

If all that sounds hard well that is why the service is operating for a profit.  Users should start to demand more from their bitcoin service companies and not accept that they are uncompensated investors (if exchange does good real owners profit, if exchange does bad depositors lose everything).

a medium sized company can handle it's own datacenter .. and yes keeping ur data in someone's "cloud" is cheaper that is for sure.

Another way to do this would be if the server was publishing an audit log to a private Bitmessage channel (or other suitable mixing network) to which the hot wallet was subscribed.

The server would have no way to know where the hot wallet is, therefore an attacker who gains control over the server would also not know how to locate the hot wallet to attack it.

Furthermore, what if the audit log was actually tamperproof because it was composed of messages signed both by the server and by the users (with the server not having access to the users' private keys). Basically the server is really just a digital notary. Then an attacker who gains access to the server can't even mess with the audit log because the auditing server will immediately detect the alterations.

Wait a minute, I think we just invented Open-Transactions.