|
April 11, 2013, 03:13:11 AM |
|
Sorry if this question has been asked before--I tried searching the forums, and I haven't found anything yet. I'm in the first phases of starting a website that will handle bitcoins, and I'm not sure what the best practices are for storing a private key. I don't know too much about security, but I know what hashing is and I understand in a vague sort of way how private keys/public keys/addresses are generated and how they work together. So with that in mind, I have a few questions:
- What is the "most" secure way to store private keys, without putting them in cold storage? I'm assuming just throwing them in an sql table isn't the best thing...
- Let's say I send bitcoins to an address, and a server somewhere in the world has the private key to this address, and manages the funds. How would an attacker find the server to attack it in the first place? Is there any way I could completely "hide" the server's location while still making transactions from it, thereby protecting it from attacks?
- Another thought I had: Say I have the server generate a private key, give half of it to the user, and then store only the other half. The user could submit his half of the key at a later date, and the website could make transactions and then forget the user's half again. It seems like this would protect relatively well against attacks, as an attacker would need to get both pieces of information in order to do anything. Of course, the user must trust both that the server isn't storing the full key and that the server will always be acting in the user's interest; other than this drawback, is there some reason this implementation is a bad idea?
Thanks in advance for any replies!
|