Bitcoin Forum
July 17, 2019, 01:43:34 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Most important security measures  (Read 751 times)
CryptoNext
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile WWW
December 08, 2014, 08:06:41 AM
 #1

When judging an exchange platform, what are the most important security measures that you look for before you feel you can trust it?
1563371014
Hero Member
*
Offline Offline

Posts: 1563371014

View Profile Personal Message (Offline)

Ignore
1563371014
Reply with quote  #2

1563371014
Report to moderator
1563371014
Hero Member
*
Offline Offline

Posts: 1563371014

View Profile Personal Message (Offline)

Ignore
1563371014
Reply with quote  #2

1563371014
Report to moderator
1563371014
Hero Member
*
Offline Offline

Posts: 1563371014

View Profile Personal Message (Offline)

Ignore
1563371014
Reply with quote  #2

1563371014
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
ikydesu
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500

fb.com/Bitky.shop | Bitcoin Merch!Premium Quality!


View Profile WWW
December 08, 2014, 09:02:56 AM
 #2

When judging an exchange platform, what are the most important security measures that you look for before you feel you can trust it?

2FA Wink of course with the most secure 2FA.
cloverme
Legendary
*
Offline Offline

Activity: 1484
Merit: 1041


SpacePirate.io


View Profile WWW
December 08, 2014, 01:31:24 PM
 #3

When judging an exchange platform, what are the most important security measures that you look for before you feel you can trust it?

Multifactor authentication, ability to lock payout address, deposit addresses that change for every transaction.
hemry
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 08, 2014, 04:02:52 PM
 #4

It would be better for the industry if you would consider doing something else than launching new exchange if you have questions about security. Security requirements for an exchange go way above technical security. Compliance to AML/KYC regulations should be on top of your list, which will drive technical requirements.
meowball
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
December 08, 2014, 11:41:04 PM
Last edit: December 09, 2014, 12:53:02 AM by meowball
 #5

SSL/TLS on transportion layer for any links between client and server, and server and database. Encryption for "data-at-rest". Attention to server and database security (i.e. firewall). Redundant and constantly backed up servers and databases. Spam and DDoS protection. MFA supported (optional) for sending transactions and logging in.

Multifactor authentication, ability to lock payout address, deposit addresses that change for every transaction.

Not sure what the big deal is with changing a deposit address for every transaction. In an exchange, your account is associated with your addresses or any new address that is created for any transactions that you make with your account, so there's no reason to create a new address for every new transaction. I can see that this could be beneficial for someone who creates addresses offline outside of any exchange or service in hopes to not let anyone ever link your behavior with any one of your addresses, but an exchange is an exchange. You have an account on an exchange and your addresses will be associated with your account.

However, I don't see this as a big deal at all. What's important is if the exchange is able to obfuscate the transactions that you make by moving the responsibility of transacting on behalf of a user through a "super"-address that is owned by the exchange. This is done by moving your funds into this "super" address. This way, even though it may be possible to determine that your address is linked with a particular exchange, it is not possible to determine the transactions you make. In this way, it adds a layer of security that is unique versus creating your own addresses offline because it's difficult to track what you do, considering the exchange does not store the transaction history that is linked to your account.

EDIT: I can see that if the previous address was deleted and its connection to your account was totally wiped, then I understand changing the deposit address for every transaction would work as a security measure. Not sure if this is good practice tho. Think of it like deleting your private key (wallet.dat if we use qt as an example) and starting all over for every new transaction you make. Is this what bitcoin was designed for? I'm not sure. For me personally, a new address for every new transaction is edging towards paranoia.
HeroCat
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


View Profile
December 09, 2014, 12:44:11 PM
 #6

It is one of hardest questions ever made I think. One of most serious measures - never send any passwords to E mails and have good antivirus in your server.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!