What do you do for security?
That's a very good question, I'm thinking about it a lot.
The way I see it, there are different angles of security (and a few ideas what could be done about them, certainly not complete):
* Account security (someone steals your password or hacks your PC)
- Spending limits
- Transaction Authentication Numbers (TAN) - basically a big block of numbered passwords.
Would it make sense to send them via email (optionally PGP/GPG encrypted)?
- Email Authentication - Confirmation email with code you have to enter for every transaction
- SMS Authentication - Basically the same but via SMS
* Server security (someone breaks into the server)
- Run a 'frontend' bitcoind and the 'real' (wallet-holding) bitcoind connects only to that
- Maybe run the webserver on yet another machine (but if an attacker were to get on the webserver,
couldn't he just tell the bitcoind to spend the money - so it doesn't really improve anything..)
- Firewall everything except port 80 (443) on the webserver and a connection between our bitcoind's.
There is also the wallet encryption patch and the key im/export patch coming up. I didn't have time
to try them out yet; I'm really hoping they can be made to work together
My vision is to have each user's keys encrypted separately, with me not having the ability to decrypt
them, until the user sends me a password/key which I'll never store on file anywhere.
Could ask for a password for every transaction, or take the account password and keep it in memory as long as the
session is active.
I'll definitely work on some of this over the weekend