|
Title: Security and other issues Post by: TheSHAD0W on June 03, 2011, 03:28:17 AM Just downloaded and installed the Windows version of Bitcoin 3.21 and I've noticed some issues with the software; one is serious, and the others are enough to discourage people from using it.
The first issue is security. Yes, I've read the starting FAQ's referenced post about security (http://forum.bitcoin.org/?topic=5194.0), but this is IMO nowhere near sufficient. Even if your wallet file is stored on an encrypted volume, anyone with physical access to a machine generating coins can transfer the funds away. It would be much better to have an option for the secret keys for the addresses protected by passphrases; I'd recommend you'd need to enter the passphrase when you want to send a coin, and to have that automatically log out after a few minutes. Technical question: Is the secret key required for coin generation? The second issue is the communications port. I know it's configurable, but not in the GUI. Worse yet, it's not apparent without some googling around, so much like BitTorrent, most Bitcoin peers are sitting behind NATs with no port forwarded. There's an option for uPNP forwarding, but there are security issues with uPNP and it's often disabled on the router. I'd recommend *at least* displaying the port used somewhere, and preferably allowing it to be configured in the GUI. The third issue is bandwidth. Bandwidth usage periodically spikes, and I'm especially noticing upstream spikes to max out my connection. This can play havoc with games and with VOIP communications, and I'd recommend adding a way to moderate that bandwidth. |