Bitcoin Forum
May 21, 2018, 12:11:55 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
Author Topic: YubiKey Security  (Read 3498 times)
Mike Caldwell
Offline Offline

Activity: 1386
Merit: 1039

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

View Profile WWW
June 10, 2012, 05:31:50 AM

Imagine MtGox used a secure ID keyfob that generated a 6-digit keycode instead of what it generates now.

That would be 17 bits of security, and it's the same as what PayPal is using.  The real question would be how many times must one get the YubiKey code wrong before the provider blocks out the account?

Ultimately, what would be the most secure is if there was a mode where every single action (for the most paranoid) had to be PGP signed.  This would give an advantage to MtGox, as they would have reproducible proof that every action they took was properly signed, and there would be no more contention of "my money's gone" vs. "it's not our fault, scan your computer".  Yubikey can't provide this.

That said, I haven't seen anybody say "my money's gone and I use YubiKey", so I have no reason to suspect that anyone recently claiming a loss experienced a loss as a fault of MtGox.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Pages: « 1 [2]  All
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!