Bitcoin Forum
December 11, 2016, 02:19:36 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: btc project security: Encryption of php files + db entry hashes = more security?  (Read 2496 times)
winnetou
Sr. Member
****
Offline Offline

Activity: 361


View Profile
May 31, 2012, 10:08:14 AM
 #1

Hi,

Recently I thought about how you can make Bitcoin web projects more secure.

I came up with the following idea:
- Encrypt your php files (e.g. with http://www.sourceguardian.com/)
- Create a hash of every financial sensible db entry (transactions, account balances etc.) and check the hash on every access

Benefits:
If a hacker gets access to the database he can not add new transactions or change existing ones because he does not know the algorithm of your hash. Even if he gets access to the entire server he can not get (at least not easily I think) the hash algorithm because the php files are encrypted.

Furthermore you can add an alarm when one hash is invalid that causes a stop to your bitcoin transaction handler or something like that.

What do you think and has somebody experience with encryption of php files? (In a trice I found no good open source tool for doing that)
1481465976
Hero Member
*
Offline Offline

Posts: 1481465976

View Profile Personal Message (Offline)

Ignore
1481465976
Reply with quote  #2

1481465976
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481465976
Hero Member
*
Offline Offline

Posts: 1481465976

View Profile Personal Message (Offline)

Ignore
1481465976
Reply with quote  #2

1481465976
Report to moderator
1481465976
Hero Member
*
Offline Offline

Posts: 1481465976

View Profile Personal Message (Offline)

Ignore
1481465976
Reply with quote  #2

1481465976
Report to moderator
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1036


View Profile WWW
May 31, 2012, 10:29:53 AM
 #2

If an attacker gets access to you system, he can just run the code to update the hashes as well...

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
winnetou
Sr. Member
****
Offline Offline

Activity: 361


View Profile
May 31, 2012, 10:30:51 AM
 #3

But he does not know the code / hash algo. because the php files are encrypted
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1036


View Profile WWW
May 31, 2012, 10:39:42 AM
 #4

He doesn't need to understand them - he can just execute them.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 31, 2012, 11:36:13 AM
 #5

The server runs the encrypted code "somehow".
If the attacker gains admin access he can do anything the server can.
hamdi
Hero Member
*****
Offline Offline

Activity: 644



View Profile
May 31, 2012, 11:37:31 AM
 #6

php encryptions are all not safe.
they can all be reversed.

you could compile a custom hashing executable and call that from within php

Pieter Wuille
Legendary
*
Offline Offline

Activity: 1036


View Profile WWW
May 31, 2012, 11:42:11 AM
 #7

And the attacker will just run the custom hashing executable.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
btctree
Jr. Member
*
Offline Offline

Activity: 47



View Profile WWW
May 31, 2012, 12:14:35 PM
 #8

let's say if a hacker get access of your sql and file system(like he got your root password)

so he can:
1: call ./bitcoind send command in ssh to send your bitcoins to his address.
2: upload a php (for example,JSON-RPC), to control your bitcoind with same command in 1
3: decrypt your php encode, then get the algo of hash of your sql data, won't be too hard if he has skill to hack your server
4: or just leave some small scripts in your payment process code which allows him to receive bitcoins when you pay/receive bitcoins, he can also set many conditions for this "steal program" so you can't find out there is problem only after long time or huge damage.
5: many others, predictable and unpredictable...

there is no 100%(not even 99%) secure at this moment for hosting a bitcoin in/out project. once your system get cracked, your bitcoins are gone. but i know there is a new thing called "multi-sig transactions" coming out on bitcoin's application which can stop unauthorized payments be processed even your system has been cracked.

World Wide Bitcoin Exchange
Fast Payment, Low Fee !
USD/EUR/GBP/CASH USA/Coupons
https://www.BtcTree.com
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 31, 2012, 01:08:20 PM
 #9

In order to run code in an autonomous manner, a server must store the decryption key somewhere, and a hacker can usually find it, rendering the encryption useless. Limited exceptions can be made for keys that are required on boot and not stored, but when that happens they are stored in memory and can possibly still be had by a smart hacker.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
btctree
Jr. Member
*
Offline Offline

Activity: 47



View Profile WWW
May 31, 2012, 01:13:56 PM
 #10

In order to run code in an autonomous manner, a server must store the decryption key somewhere, and a hacker can usually find it, rendering the encryption useless. Limited exceptions can be made for keys that are required on boot and not stored, but when that happens they are stored in memory and can possibly still be had by a smart hacker.

walletpassphrase won't help, because the hacker can either:
scan your memory cache
or
just use the same session you are already using. for example, use your own JSON-RPC to send bitcoins.

World Wide Bitcoin Exchange
Fast Payment, Low Fee !
USD/EUR/GBP/CASH USA/Coupons
https://www.BtcTree.com
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 31, 2012, 01:27:44 PM
 #11

In order to run code in an autonomous manner, a server must store the decryption key somewhere, and a hacker can usually find it, rendering the encryption useless. Limited exceptions can be made for keys that are required on boot and not stored, but when that happens they are stored in memory and can possibly still be had by a smart hacker.

walletpassphrase won't help, because the hacker can either:
scan your memory cache
or
just use the same session you are already using. for example, use your own JSON-RPC to send bitcoins.
Exactly, and the type of attack depends on how much access the hacker has, and how he got in. If he was able to reset the root password through a control panel for instance (like bitcoinica), he would have root access to plant a keylogger or pick up the passphrase if it were stored on disk. If he broke in through a SQL vulnerability, he could grab the passphrase from memory, even if it were not stored on disk. It's a difficult kind of situation, but HSMs such as what DeathAndTaxes is looking into can mitigate the risk somewhat.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 31, 2012, 02:50:04 PM
 #12

there is no 100%(not even 99%) secure at this moment for hosting a bitcoin in/out project. once your system get cracked, your bitcoins are gone.
 

Yet.  Smiley
If the host knows the private keys then an attacker who seizes controls of host seizes control of the private keys.

So what if the host never knows the private keys? Smiley

Code:
BSM
Host: v0.0.1.1238
Module: v0.0.1.608
Runtime: v4.0.30319

Initializing BSM with root key to form deterministic seed.
Host: 'Initialize(ZOpK/CiAP/aU1HlNOiJxeyCD8MUI/Zf1xCDFtOJPpGU=)'
Module: 'OK'

Verifying root key (module should return SHA256 hash of Root Key)
Host: 'RootHash()'
Module: 'E9o5VWDsusAWOTf5lVPHWI13YeMCXJ85S+SYqFfW6Lc='

Requesting a new address
Host: 'GetAddress(1)'
Module: '112ypupfk6upHCL65NhqNhtv9RBwW1jR1w'

Even storing private keys (and fund control rules) into hardware device isn't 100% secure but it should raise the bar substantially.  All major robberies to date have been "smash and grabs".  Once attacker gained access to the server he simply copied the private keys to a client he controlled and transferred the funds.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!