Live Blog - Security Panel Bitcoin 2013

[Cubic Earth]

Dan Kaminsky, Bennett Hoffman, Peter Vessenes, Alan Reiner, Victor Chapela

My first live blog.  Enjoy (or not).

[Cubic Earth]

Dan - I tried to brake bitcoin for four months and failed.

Alan - lots of theory about security - I am trying to implement it.

Victor - Risk passed to individuals, who are least capable of understanding crypto and security

[Cubic Earth]

Peter - who in room can safely store $1 Million of coins?  About 1/3 the room - 80 people, raise hands.

people agreeing that central infrastructure will exist, but people will always be able to take personal control

Dan - can the mom and pop store offload security  to centralized firms without having the centralized power abuse that trust

[Cubic Earth]

Victor - talking about blacklisting stolen things (coins)

Dan - taint "just is", he is getting philosophical about ownership.  Talking about lojack for cars.  Cell phone theft.  Taggons in explosive.  De-anonymization of stolen items.  Almost no stolen bitcoins have been spent.  EVERYONE is hording.  Dan is very excited and animated and its awesome.

[Cubic Earth]

Dan - free to create new identities with bitcoin.  Not too anonymous but VERY deniable.  Mixing services, but tracking stolen coins is still easy.  Taint %

Alan - blacklisting is centralized by its nature. one bitcoin is not one bitcoin if blacklisting is prevalent.

Peter - Some coins are worth more than others right now

Alan - You would have know about them being stolen for them to have a lower value

Dan - "Fools gold"

Peter - you could accidentally end up with stolen coins

[willphase]

Dan - free to create new identities with bitcoin.  Not too anonymous but VERY deniable.  Mixing services, but tracking stolen coins is still easy.  Taint %

90 percent of U.S. bills carry traces of cocaine

http://edition.cnn.com/2009/HEALTH/08/14/cocaine.traces.money/

Will

[Cubic Earth]

Victor - Big bitcoin threat - incremental insecurity and fraud risk, preventing adoption.  Talking about stolen art.

Peter - Talking about premium for virgin, unspent, freshly mined coins.  0% taint from any perspective.

Victor - Our anonymity, which us bitcoiners like is tenuous

Peter - regulatory threats prevent issues updates to bitcoin that enhance anonymity?

Dan - bitcoin is "to big to regulate", exchanges and miners regulatory choke points.  EVERY choke point will see pressure applied, there is no other place to apply it

(yes, please help me blog)

[Cubic Earth]

Victor - importance of multi-signature transactions.

Alan - Yes.  Working on it.  Attack surface of private key that have never touched the internet is an order of magnitude smaller that for ones that have.  Must find ways to eliminate single points of failure (with respect to wallet security)

Peter - loss and theft are two concerns, but there is often a tradeoff between the two.  Going to talk about coinlabs security.  Paper security in a safe.  Dual entry bank safe.  Quantum random number generator.  Tamper evident seals on envelopes.  We have a hard time with a large codebase, so we wrote our own small program.

[Cubic Earth]

Dan - Wallet security must be addressed, but we can't be to onerous about it.  Dan, getting very animated again about regulatory possibilities.  You can't have your account frozen or seized.  That is fundamental to its value.

Bennett - People will make fragile systems, and other people will use them.

Peter - Dan, have you lost coins?

Dan - I've never lost coins

Peter - I've lost coins.

Dan - are more lost to theft or more lost to accident?

Peter - I know someone who's lost 50,000 coins, they are in this room.

Alan - people forgetting the pass phrases, very very common, unfortunately.

Alan - convenience vs security.  Most people favor convenience. 

[Cubic Earth]

Dan - Wallets and bank accounts, we naturally spread risk.  No one in cryptography

Victor - as an industry, we need to define more standards.

Peter - one of the goals of launching the foundation was certifications.

Alan - insured storage is key, but the insurance companies need metrics by which to judge security protocols. essential for people to feel safe storing 'life changing' quantities of bitcoins

Bennett - this is very strange to be on a panel talking about who bitcoin needs to be more like banks.

Dan - Thought bitcoin was not going to scale, has changed his mind in the short term.  Long term its doomed, just like everything else in life.  Give Miami and a cat 5 hurricane as an example.  people still live there he points out.

[Cubic Earth]

Dan, Peter - Random number generation is in a sorry state.  Big issue.

Question time:
First question - not so much a question.

Question 2: 51% attack, doable.  Wafer capacity is huge.  How to we deal with that.  Hard fork?  What do you guys think about that? 

Peter - can anyone from NSA who is here comment?  Protocol changes happen by miners.  Next though:  PUMP OUT THE ASICS!!  we need 1000 fold the hasing power.
Alan - its getting better by the day
Peter - nation state attack is big risk.
Dan - He gives 0% change the proof of work will remain unchanged, prediction: will not survive the year.  Not sure what the coming proof of work fuctions will look like.  Shared mining (whats that called).  Life or death of BTC on mining being truly distributed.  Must changed.  He is being very emphatic on this.

[Cubic Earth]

Question 3:  Re:  Stolen coins, (guy confused about taint?)

Dan - If you can prove, you can sue.
Bennett - Taint vs tarnish

Question 4:  Best practices, wallets etc., thefts are from hosted wallets.  We need codified best practices for hot wallets for developers to implement.
Ira from Coinapult is asking.

Peter: go for it  

[Cubic Earth]

Peter - talked to people who do nuke launch codes.

Question 5:  Securing $1 Million in bitcoins, that is east.  Building high walls is easy.  Discuss.

Dan - Alice pay Bob money, does Gary get to decide is that okay?
Victor - To reduce risk, dissociate information.  ( I think he is talking about splitting keys)

Question 6:  Gmaxwell asking.  Talking about grandma.  She should bitcoins in a bitcoin bank.  A million grandmas doing the same thing creates systemic risk.  Individual security misaligned with the systemic risk.

Bennett - Bitcoin allows everyone to agree the don't trust each other.
Alan - we have the tools we need.  Just need to use them correctly.  Needs to be implemented.

Panel concludes!!!

[SamS]

Dan, Peter - Random number generation is in a sorry state.  Big issue.

Question time:
First question - not so much a question.

Question 2: 51% attack, doable.  Wafer capacity is huge.  How to we deal with that.  Hard fork?  What do you guys think about that? 

Peter - can anyone from NSA who is here comment?  Protocol changes happen by miners.  Next though:  PUMP OUT THE ASICS!!  we need 1000 fold the hasing power.
Alan - its getting better by the day
Peter - nation state attack is big risk.
Dan - He gives 0% change the proof of work will remain unchanged, prediction: will not survive the year.  Not sure what the coming proof of work fuctions will look like.  Shared mining (whats that called).  Life or death of BTC on mining being truly distributed.  Must changed.  He is being very emphatic on this.

I find this quite disconcerting. As a layman, I had thought the proof of work was the basis of the whole "shebang"  -- technical term there.

[kfreds]

Thank you very much for doing this for us who couldn't attend.

I'm also very curious about Dan being worked up over POW and his prediction. Care to elaborate on what he said?

[BitBank]

Does anyone know if there was video taken at this panel?

[Cubic Earth]

There was video taken.

[willphase]

Does anyone know if there was video taken at this panel?

parts of it are here and here.   It will probably appear here too some time later.

Also - the foundation will release the official videos, eventually.

Will

[Cubic Earth]

Does anyone know if there was video taken at this panel?

You will just have to see it for yourself.  I'm not sure what I missed, he seemed a little vague on it, but that could have been my lack of understanding.

[tvbcof]

Dan - He gives 0% change the proof of work will remain unchanged, prediction: will not survive the year.  Not sure what the coming proof of work fuctions will look like.  Shared mining (whats that called).  Life or death of BTC on mining being truly distributed.  Must changed.  He is being very emphatic on this.

Very interesting... Would like to know more about this!

I also.  It was a somewhat jaw-dropping statement and one of the most interesting things I saw at the conference.

I cannot imagine such a change of this magnitude in this timeframe on the basis of a theoretical weakness (i.e., non-exploited semi-monopolization of hashing hardware.)  I can think of a number of hypothesis, but won't outline them until I can find the most appropriate thread (stumbled here via a Google search.)

My best case scenario is that Kaminiski simply felt that nobody in core dev has put the appropriate effort into conceptualizing how such a shift might be engineered (were it necessary) and was hoping to light a fire under their asses.