Needed: Security best practices for creating better Bitcoin services

[ripper234]

Over the last few years, a lot of experience has built up in the Bitcoin community regarding security practices.
One particular aspect is the security of Bitcoin Services (e.g. exchanges, wallets, stock exchanges, and any site that has bitcoins flowing through it / stores users' Bitcoins for a long time).

In order to benefit anyone that builds a similar security-critical website, I think it's essential we create some best practices focused in one centralized place, specifically targeted as service developers and operators (Securing your wallet is good for users, but doesn't say help too much to Bitcoin service operators).

I suggest we as a community pull our knowledge and create a similar resource that discusses building secure Bitcoin services.

Can any of the members who were involved in securing Bitcoin services step forward and create such a wiki entry with their knowledge?
(Or post your experience here if you're more comfortable with the forum than the wiki, we'll organize it into a coherent wiki entry)

P.S. if you're in good contact with operators of Bitcoin services, feel free to forward this to them.

[Kris]

+1

When time allows it, I will tip in.

[ripper234]

Bump - is anyone interested in helping out?

[Razick]

I will definitely look forward to reading this.

[juca]

+1 indeed
I will be watching this thread. Probably, things will come in pieces here, than we could compile in the wiki later.

my first security tip is: whatever you do, use cold storage

[acoindr]

I had this same idea. I think in general there should be a repository, maybe even a new forum for Bitcoin project code, PHP/Python, etc. Bitcoin itself it open source, but everyone would benefit if some other aspects of Bitcoin development also had shared knowledge/work. Why keep re-inventing the wheel? Everyone benefits from more stable, secure businesses. Securing wallets, dealing with DDoS, even legal issues like obtaining money transmitter licenses etc. shouldn't be problems every single business faces on its own, over and over.

[Remember remember the 5th of November]

A while back I actually posted a thread regarding this, security practices for Bitcoiners.

[ripper234]

A while back I actually posted a thread regarding this, security practices for Bitcoiners.

link?

I actually found this now, not sure it's rich enough.

[juca]

I actually found this now, not sure it's rich enough.

i found this:
http://blog.coinbase.com/post/33197656699/coinbase-now-storing-87-of-customer-funds-offline
from your link

but reading it, i found a not such good statement:

Instead, we can safely move about 90% of those funds offline.  We do this by taking the sensitive data that would normally reside on our servers (the “private keys” which represent the actual bitcoins) and moving it to USB sticks and paper backups.  We then take these to a safe deposit box at an actual bank.  In this case we use the bank more like a vault instead of for storing any traditional currency.

moving funds to usb sticks are not such a good idea. usb sticks are prone to failure. paper wallets would be the correct choice.

[gweedo]

I can be involved in this, I am always pentesting my own vms and coding new ways to protect and make Bitcoins safer, and keeping it as automated as possible.

[monsterer]

I would be interested to read more on this subject.

I found this thread which is interesting, talks about physical security and hot wallets:

https://bitcointalk.org/index.php?topic=81341.0

[ripper234]

FYI, I just got approached by someone whose website was hacked, who asked me about security practices.
I referred him to this thread, but sadly it still doesn't contain any significant information, so I'd like to bump it again and ask anyone who built a website that handles Bitcoin to contribute from their experience.

You can contribute from your bad experience as well - if you built a website that was hacked, tell us what you did wrong so we can learn from it.

[CIYAM]

In regards to *offline* safe storage (not normal day to day stuff).

As well as generating keys securely offline and using only air-gapped comms (via QR codes) I also use GPG to be able to safely keep copies of the private keys.

I put a set of tools for doing this into a Live Distro using Open SUSE here: http://susestudio.com/a/kp8B3G/ciyam-safe

(it isn't the most pretty system but it is about as secure as you can get)

[ripper234]

In regards to *offline* safe storage.

As well as generating keys securely offline and using only air-gapped comms (via QR codes) I also use GPG to be able to safely keep copies of the private keys.

I put a set of tools for doing this into a Live Distro using Open SUSE here: http://susestudio.com/a/kp8B3G/ciyam-safe

(it isn't the most pretty system but it is about as secure as you can get)

Interesting approach, thanks for sharing.

[gweedo]

I am about to reveal a huge trade secret here. I dumped bitcoind, in favor for bitcoinj and a jetty embedded web server, which only does read only operations to the site (get address, check balance, get confirmations). Then if you need to send bitcoins, write that into the program, using the timer class almost like cron so that is all automatic. Then I use the encrypt the wallet with a 40 character password, which is changed every month.

Basically write your own bitcoin client using libraries, that is the most secure way.

[ripper234]

I am about to reveal a huge trade secret here. I dumped bitcoind, in favor for bitcoinj and a jetty embedded web server, which only does read only operations to the site (get address, check balance, get confirmations). Then if you need to send bitcoins, write that into the program, using the timer class almost like cron so that is all automatic. Then I use the encrypt the wallet with a 40 character password, which is changed every month.

Basically write your own bitcoin client using libraries, that is the most secure way.

Yeah, that's a great idea.
We specifically deal in various alts, and I have yet to see a java-based library (or any, in fact) that handles them.
I think that our fastest and perhaps most scalable approach would be to use bitcoind/litecoind/namecoind directly.
This way we don't have to try and keep up with the newest alts, but can just use the existing daemon software.