|
Title: Cold Wallet Failure Mode Post by: kiba on September 11, 2012, 03:19:04 PM Anybody worried about mtgox losing their money by one of its employee forgetting the password to its cold wallet? Or perhaps magicaltux got hit by a bus?
Title: Re: Cold Wallet Failure Mode Post by: davout on September 11, 2012, 03:37:45 PM Anybody worried about mtgox losing their money by one of its employee forgetting the password to its cold wallet? Or perhaps magicaltux got hit by a bus? It would be quite foolish if he had a master password unlocking all the cold funds.Title: Re: Cold Wallet Failure Mode Post by: Stephen Gornick on September 11, 2012, 08:29:46 PM Anybody worried about mtgox losing their money by one of its employee forgetting the password to its cold wallet? Or perhaps magicaltux got hit by a bus? It would be quite foolish if he had a master password unlocking all the cold funds.Those deposits also are at risk of an e-Gold scenario: Quote The Department of Justice also obtained a restraining order on the defendants to prevent the dissipation of assets by the defendants, and 24 seizure warrants on over 58 accounts believed to be property involved in money laundering and operation of an unlicensed money transmitting business. The restraining order does not limit the E‑Gold operation’s ability to use its existing funds to satisfy requests to exchange E-Gold into national currency for customers of non-seized accounts, or its ability to sell precious metals to accomplish the same, once approval has been received. According to the indictment, E‑Gold’s digital currency, “E‑Gold,” functioned as an alternative payment system and was purportedly backed by stored physical gold. Persons seeking to use the E‑Gold payment system were only required to provide a valid email address to open an E‑Gold account – no other contact information was verified. Once an individual opened an E‑Gold account, he/she could fund the account using any number of exchangers, which converted national currency into E‑Gold. Once open and funded, account holders could access their accounts through the Internet and conduct anonymous transactions with other parties anywhere in the world. - http://www.justice.gov/opa/pr/2007/April/07_crm_301.html About the only reason to store bitcoins with an exchange is if you have open orders with the exchange or plan to use those coins in trading. One reason people like to have coins already deposited is so that if there is a development, trading can commence immediately without having to wait for six confirmations. Fortunately there is a service to help cut that time down. SMPAKE.com - http://smpake.com <-- Funds credited to your Mt. Gox account in 1 confirmation (verified account) or 2 confirmations (non-verified/pseudonymous account at Mt. Gox). Title: Re: Cold Wallet Failure Mode Post by: the_thing on September 11, 2012, 08:35:00 PM ...mtgox losing their money by one of its employee forgetting the password to its cold wallet... magicaltux got hit by a bus... SELL!!!Title: Re: Cold Wallet Failure Mode Post by: Stephen Gornick on September 12, 2012, 10:36:41 AM Anybody worried about mtgox losing their money by one of its employee forgetting the password to its cold wallet? Or perhaps magicaltux got hit by a bus? Just got some details: - Does [MtGox] use cold storage (an offline wallet that cannot be accessed should the exchange's service become compromised) Yes. - Is there a target as to how much of customer's funds are kept in cold storage? (e.g., percent of total, or perhaps relative to recent withdrawal requirements)? On average 98% of customer bitcoins are held in cold storage, with possible variations on large bitcoin moves (large deposits or customers asking for large withdrawals). - Do new deposits go to cold storage? (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure) No, this wouldn't be practical in terms of number of bitcoin addresses to keep in cold storage. This could change thanks to BIP 0032 which we are working on implementing. It should be noted however that we are using a hardware security module for the hot wallet - Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)? Offline wallets are generated from an offline system and kept in paper format in three separate locations, using a technology based on raid. It will likely be changed to use Shamir's Secret-Sharing method in the future, and all existing offline wallets will be converted to this. Title: Re: Cold Wallet Failure Mode Post by: picobit on September 12, 2012, 11:13:09 AM Offline wallets are generated from an offline system and kept in paper format in three separate locations, using a technology based on raid. It will likely be changed to use Shamir's Secret-Sharing method in the future, and all existing offline wallets will be converted to this. (my emphasis)Now this sounds like they know what they are talking about. A paper format based on raid. :-) What will be next - a harddisk medium based on cellulose. (joking aside - one possible interpretation could be some kind of N-of-M storage based on cutting the paper in slices. Low tech, but undoubtedly very safe. A more likely interpretation is that he intended to write something else....) Title: Re: Cold Wallet Failure Mode Post by: Stephen Gornick on September 12, 2012, 11:22:59 AM (joking aside - one possible interpretation could be some kind of N-of-M storage based on cutting the paper in slices. Low tech, but undoubtedly very safe. A more likely interpretation is that he intended to write something else....) Ya, that alone doesn't say the method but I'm presuming it means that a physical compromise of one site doesn't get you the keys. You would need to get access to two of the three locations. Yet if any one location were lost, the remaining two would still provide the keys and a third could be rebuilt from the two. I don't know that's what they do, but for partial key storage, using the term "like RAID" gets the idea across. |