Bitcoin adoption and security

[bobitza]

I was reading the HOWTO: create a 100% secure wallet topic and it looks like you need to have a little bit of James Bond and Linux skills to do it.

While I'm sure all the early adopters and most of the ones that followed have those skills (at least the Linux ones), in order for Bitcoin to really take off and be used as a currency en-masse, we would need to use a easier way to store and transact money. And by easier I mean more "user-friendly" for people that are not tech-savvy.

And no, I don't have a solution in mind, maybe others here can come up with a few. What I do know is that the rule of "no matter how good a product is, if people are not using it then it will fail" works.

[phatsphere]

This probably contains many details that aren't for joe average. E.g. focusing on merchants is not the same as your parents. Protecting something with a good password, in general, is much more secure than anything else in your home and in your possessions. Don't forget that. Also, there is also always a tradeoff, and you can cut it wherever you like. (Same for securing your home, btw.)

[Jermainé]

I encrypt my wallets data to multiply flash drives. Works great for me   

[hazek]

I encrypt my wallets data to multiply flash drives. Works great for me   

Yeah that's great as long as no one keylogs you and steals your encrypted wallet.. or steals your decrypted wallet while you're making a transaction.

[Daily Anarchist]

I encrypt my wallets data to multiply flash drives. Works great for me   

Yeah that's great as long as no one keylogs you and steals your encrypted wallet.. or steals your decrypted wallet while you're making a transaction.

Chances of this happening on a Linux machine?

[hazek]

Well if you read some of the replies in my thread here: https://bitcointalk.org/index.php?topic=110106.0 some think those chances are too high.

[bobitza]

And what's the percentage of users and merchants using Linux and saving their wallet.dat data on USB sticks?

My point is that in order to speed up adoption, something needs to be done to make securing the wallet a more user friendly experience w/o sacrificing the security. Otherwise we might just call the Geekcoin. Hmm, maybe I should go and trademark that, I might get rich in a few years 

[hazek]

Well having just tried to setup my secure wallet I must agree with you 100%. An easy to setup and convenient at the same time plus&play but yet secure wallet is a must and as I said in that other thread I'd be willing to pay up to $15 for something like an USB stick with a ready to use setup.

Right now I think way too many people are relying on trusting 3rd parties and encryption in a very virus and keylogging prone environment which could lead to a lot of thefts down the road. Multikey addresses are an answer but it isn't the cheapest because you do need to have a second device, which many don't, and you still need to protect both devices.

[kokojie]

If you are completely non-technical, then just use blockchain.info wallet, choose a secure password, utilize their 2 factor authentication feature, install their firefox plugin js checker, back up your encrypted wallet to dropbox after each large transaction. Then basically you are 100% secure, unless the operator piuk decides to break bad. Piuk has revealed his real world identity from the start, so the chances are rather low.

[Rassah]

I don't think Piuk can get to your bitcoin, either, since your blockchain.info wallet is decrypted and encrypted in your browser, and no unencripted private keys ever reach blockchain.info's servers. But I guess he could change the code while no one's looking.

[Mushroomized]

Alright, heres a QUICK GUIDE of what I suggest.

Download a copy of TAILS OS
https://tails.boum.org/about/index.en.html

Install it to a CLEAN FLASHDRIVE
http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

Boot into tails on a trusted machine, check for physical keyloggers.

Since tails runs only in the RAM and the flash drive, install bitcoin to the flashdrive, /OR/ generate an address on the system to send coins to from another system.

This kind of makes a mobile portable wallet, if you installed bitcoin to the system, and not just genned an address.

[kokojie]

I don't think Piuk can get to your bitcoin, either, since your blockchain.info wallet is decrypted and encrypted in your browser, and no unencripted private keys ever reach blockchain.info's servers. But I guess he could change the code while no one's looking.

He can't if he continues to be honest as he always has been. Though in the case if he decides to break bad, he can easily obtain your private keys if he wants to, by changing the code of his website. Again, this is highly unlikely since he has an excellent spotless reputation, and disclosed much information about himself and his company.

[phillipsjk]

I was reading the HOWTO: create a 100% secure wallet topic and it looks like you need to have a little bit of James Bond and Linux skills to do it.

There are no easy answers. The easy answer was called "mybitcoin". Look it up.

I personally think that computers are too insecure to handle Bitcoin, and will be for my lifetime. Bitcoin allows you to store hard money on just about any recordable medium. The difficulty is that anyone with access to the private key can spend that money. The advantage is that you can take advantage of that to actually back-up your money in case the fixation upon which it is stored is destroyed.

A secure wallet is never spent, and  is stored in multiple locations. Data loss is a real security concern. If you are encrypting the copies, you may want distribute  a series of keys such that a subset are needed to reconstruct the master decryption key.

A secure wallet is generated on a comptuer with no access to the Internet. Removing wireless cards and unplugging network cables is a sensible precaution. As is booting from a live CD (that you have to find some way of trusting). The Live CD should never write to the hard-disk if the machine is going to be connected back up to a network. Printing the wallet on a printer is a sensible precaution. Keep in mind, you can't trust the printer either. I would strongly suggest avoiding network printers. It would also be helpful to know just how much data your printer is capable of storing (and for how long). For example, fancy photocopiers will keep the last 1500 pages or so on the hard-drive (so you can re-print).

Security updates are always a security risk. This means you can not use an anti-virus on a machine storing lots of Bitcoin, which means you have to have some other way of keeping the machine virus-free. You have to trust your OS provider not to  tamper with their software updates either. However, leaving the system unpatched leaves you vulnerable to security exploits that you hope were not deliberately set.

That does not even get into my thesis that PCs are no longer general-purpose computers. /tinfoil

For spending, you have to move the keys to an insecure computer. To facilitate this, you may want a series of small wallets, such as the Casascius model. Remember though, if you are trusting no one, you can't just buy a pile of those and call it a day. How much do you trust "Mike Caldwel", really?

TL;DR: James Bond skills yes, but you can use BSD instead of Linux

PS: With this level of paranoia, I have not lost a single bitcoin. Neither have I ever had any Bitcoins to my name either. I think a safe-deposit box and very old printer will suffice for "cold storage" for now. I plan on signing the seal of the envelope so I an have some indication if tampering has occurred.

[bobitza]

Thanks for the replies everyone. Now I'm even more scared than before, lol.

Anyways, what I wanted to say is not that we don't have ways of securing a wallet, it's that the ways to do that are not yet ready for mass adoption. If I need a good laugh I just need to imagine telling some of my friends that they need a Linux bootable CD that doesn't write on the HDD.

Of course, you can't prevent loss through the use of physical keyloggers or users' sheer stupidity, but you shouldn't be some Linux James Bond to use Bitcoins. I was thinking perhaps the client can encrypt all data with a password and that's it; even if the wallet.dat gets stolen, it's useless w/o the password. Or something like that ...

So, something needs to be done about it if we want to take Bitcoin to the next level: larger adoption, e-commerce, etc. If people are afraid of losing their coins, they won't be using them in the firstplace.

[Rassah]

The client already allows you to encrypt your wallet, making stolen wallet.dat files useless. It's just that some people are paranoid about having both, a key logger steal their password AND a trojan steal their wallet.dat at the same time.

[markm]

The client already allows you to encrypt your wallet, making stolen wallet.dat files useless. It's just that some people are paranoid about having both, a key logger steal their password AND a trojan steal their wallet.dat at the same time.

Or in other words, anyone who makes a trojan that cannot key-log or a key-logger that doesn't grab the wallet.dat is leaving money on the table and thus is probably not a serious contender/competitor in "the field".

Plan on them coming as a pair, as just part of any standard intrusion/rootkit tools.

-MarkM-

[phillipsjk]

Anyways, what I wanted to say is not that we don't have ways of securing a wallet, it's that the ways to do that are not yet ready for mass adoption. If I need a good laugh I just need to imagine telling some of my friends that they need a Linux bootable CD that doesn't write on the HDD.

You don't need a Linux Bootable CD; that is simply the easiest method. You can use Microsoft Windows, and still be reasonably secure with an isolated computer.

• First, select hardware without a 3G modem Edit: it appears it only supports remote lock via SMS, not remote wipe/control.
  
• Install version of Windows of your choice. It is a judgement call if you want to patch with the latest updates. If installing from read-only media, you can use phone activation.
• Disable autorun.  Wipe any new USB keys before using them. Edit: disable previews, not matter the OS (image handling and PDF libraries have a poor security history).
  
• Install Bitcoin wallet generating software of your choice. Keep in mind you are trusting it not to generate addresses predictable to any attacker. For the JavaScript wallet generator, you can store the file locally, which will protect you  in the event the website is compromized.
• Consider buying a cheap printer for exclusive use of your bitcoin computer.
• Spending is still tricky, since your "secure" computer never connects to a network and avoids USB keys as much a possible. In theory, it should be possible to sign a transaction, and have another computer send it (keeping in mind the USB key wipe precautions). I am not aware how/which any existing client support this. Without the block-chain, your "secure" computer would be spending blind. It should be OK if you only sign wallets generated by that computer, or generated prior to the version of the block-chain stored on that computer (and not spent by another computer).

Edit: Armory aims to do what I describe.

[etotheipi]

Edit: Armory aims to do what I describe.

Yes, this is exactly what Armory does.  It's why I made it.  As far as I know, it's the only program out there that has a simple graphical interface for managing offline wallets, watching them using online wallets, and spending coins using USB keys.  Your private keys never touch the internet, but you can still generate addresses online with no risk to your funds (only your privacy).   Once you get past the long load times it is a phenomenal solution (and I'm working on the load-time thing for the next release).

This basically is two-factor:  your online computer has to create the transaction, and offline computer must sign it.  In many ways, most things that would compromise this setup would compromise a two-factor auth setup as well.

Spending is still tricky, since your "secure" computer never connects to a network and avoids USB keys as much a possible. In theory, it should be possible to sign a transaction, and have another computer send it (keeping in mind the USB key wipe precautions). I am not aware how/which any existing client support this. Without the block-chain, your "secure" computer would be spending blind. It should be OK if you only sign wallets generated by that computer, or generated prior to the version of the block-chain stored on that computer (and not spent by another computer).

Armory avoids this security issue by using BIP 10 which actually provides all the input transactions so that your offline computer can fully verify every part of that transaction it is signing, without the blockchain.  This is why it's so simple:  no need to sync the blockchain to the offline computer.  You just save the unsigned transaction to USB key, take it to the offline computer, sign it, bring it back and hit the "Broadcast" button.

[Zangelbert Bingledack]

To be honest, the only reason I don't buy more bitcoins is that I'm not sure I could secure them.

So far Armory seems to be the only workable solution for the everyday security-conscious folks who will constitute the vast majority of bitcoin users if bitcoin takes off, but the procedure is still cumbersome and for a newb requires them to devote one computer solely to private key generation.

This is not a mass-market solution. Lack of a dirt-simple, secure way of keeping your coins seems to me the biggest bottleneck to bitcoin adoption, unless trusted online wallets take over as the primary storage method.

[jgarzik]

This is not a mass-market solution. Lack of a dirt-simple, secure way of keeping your coins seems to me the biggest bottleneck to bitcoin adoption, unless trusted online wallets take over as the primary storage method.

Bleh, hopefully a centralized solution like "trusted online wallets" is not preferred over a safer, more decentralized solution.

If the coins are not easy to store in a safe, decentralized manner...  blame us!  Keep the heat on.  We need the best user experience possible.  Ideally you want to make it hard to not store your coins securely.