ebliever (OP)
Legendary
Offline
Activity: 1708
Merit: 1036
|
|
February 20, 2015, 05:28:27 PM Last edit: February 23, 2015, 02:33:34 PM by ebliever |
|
I've been wrestling with the obstacles that I see to mass adoption of bitcoin. Some, such as merchant adoption and software tools to make BTC more accessible are being solved little by little every day. But I'm struggling with what I perceive may be a security paradox with Bitcoin. In fairness, it is probably inherent to other online transaction systems such as for fiat as well. But it is more severe for cryptocurrency because there is no centralized authority, no 1-800 phone # you can call when things go wrong. The basic issue I'd like to resolve is: How do you make BTC so safe and secure that over a person's lifetime they never experience (A) theft or (B) loss of some or all of their BTC holdings? By "loss" I mean losing access to your BTC permanently due to lost wallets or passwords with no chance of recovery. The possibility of loss due to mis-addressing a BTC payment is a separate issue I'll leave alone for now. Ideally we'd like to get BTC security to the point where it is virtually impossible to permanently lose BTC or have them stolen from an account, on the same level of confidence that we have in SHA vs. password hacking, for example. Problem is, the dual issues of BTC loss and BTC theft are mitigated by countermeasures that largely contradict one another: 1. To prevent accidental loss, a person should keep multiple copies of their passwords and/or wallets in secured locations where their is minimal risk of them being lost, thrown away, burned to a fiery crisp, etc. Multisig should be avoided to prevent the risk that any one signature authority is lost (for any reason), preventing access to the account. 2. But to prevent theft, a person should minimize deploying copies of their passwords and/or wallets to multiple locations, multiplying opportunities for theft to occur. Multisig should be used to block theft in cases where one password is compromised. 3. Just to compound the challenge, for BTC to reach mainstream adoption, complexity must be avoided. So a solution that prevents both theft and loss, ideally, should also avoid complexity. For example, as a best practice I might recommend using a multisig account requiring 3 approvals/passwords. Then store Password A on my computer with backups on DVD and my brother's computer in another state. Password B is on my cell phone, with backups in my wife's cell phone and a secured cloud storage account. And Password C is on a paper certificate in a safe in my house, with hardcopies with my mother's house in a 3rd state and a safe deposit box. This _might_ be robust enough versus theft and loss, but would be a pain to implement and maintain. Especially for everyday use. So who has a solution to this conundrum? One that really would be reliable over the events of a person's lifetime and all manner of disasters (war, fire, economic collapse and so forth)? I don't like the idea of centralized authorities for currency in principle, but more and more I'm leaning to the idea that there will necessarily be "bitcoin banks" who take on the complexity of securing bitcoin funds in exchange for a fee. Someone you can call after your dog pees on your computer the same day your brother's house goes up in flames and you realize your kids have been using your backup DVD's as frisbees. Of course with bitcoin one can still be your own bank if you make the effort, and I think that is essential. But I'm thinking it may be the exception rather than the norm over the long run, and that we will have too many horror stories from BYOB people who didn't think through their own security from a decades-long perspective. Flame away! :-) ************************ Excellent comments below; summary (to date, 2/23/15) of best practices in post #27: https://bitcointalk.org/index.php?topic=962306.msg10555369#msg10555369
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
slaveforanunnak1
|
|
February 20, 2015, 05:44:03 PM |
|
One thing did come to my mind though while reading your post, and that was, if something like Fukushima happens in my town, where a whole city goes under water, i would lose all my BTCs. I need to figure something out. Thanks.
|
|
|
|
franky1
Legendary
Offline
Activity: 4396
Merit: 4755
|
|
February 20, 2015, 05:52:37 PM |
|
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.
1) would you hand it over to a stranger you have never met? 2) would you store it in a place thats not insured/secure? 3) would you leave it out in the open for anyone to grab? 4) would you shout out to everyone around you that you have X funds just sitting on your table
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
MakingMoneyHoney
|
|
February 20, 2015, 05:55:04 PM |
|
I've been wrestling with the obstacles that I see to mass adoption of bitcoin. Some, such as merchant adoption and software tools to make BTC more accessible are being solved little by little every day. But I'm struggling with what I perceive may be a security paradox with Bitcoin. In fairness, it is probably inherent to other online transaction systems such as for fiat as well. But it is more severe for cryptocurrency because there is no centralized authority, no 1-800 phone # you can call when things go wrong.
The basic issue I'd like to resolve is: How do you make BTC so safe and secure that over a person's lifetime they never experience (A) theft or (B) loss of some or all of their BTC holdings? By "loss" I mean losing access to your BTC permanently due to lost wallets or passwords with no chance of recovery. The possibility of loss due to mis-addressing a BTC payment is a separate issue I'll leave alone for now.
Ideally we'd like to get BTC security to the point where it is virtually impossible to permanently lose BTC or have them stolen from an account, on the same level of confidence that we have in SHA vs. password hacking, for example.
Problem is, the dual issues of BTC loss and BTC theft are mitigated by countermeasures that largely contradict one another:
1. To prevent accidental loss, a person should keep multiple copies of their passwords and/or wallets in secured locations where their is minimal risk of them being lost, thrown away, burned to a fiery crisp, etc. Multisig should be avoided to prevent the risk that any one signature authority is lost (for any reason), preventing access to the account.
2. But to prevent theft, a person should minimize deploying copies of their passwords and/or wallets to multiple locations, multiplying opportunities for theft to occur. Multisig should be used to block theft in cases where one password is compromised.
3. Just to compound the challenge, for BTC to reach mainstream adoption, complexity must be avoided. So a solution that prevents both theft and loss, ideally, should also avoid complexity.
For example, as a best practice I might recommend using a multisig account requiring 3 approvals/passwords. Then store Password A on my computer with backups on DVD and my brother's computer in another state. Password B is on my cell phone, with backups in my wife's cell phone and a secured cloud storage account. And Password C is on a paper certificate in a safe in my house, with hardcopies with my mother's house in a 3rd state and a safe deposit box. This _might_ be robust enough versus theft and loss, but would be a pain to implement and maintain. Especially for everyday use.
So who has a solution to this conundrum? One that really would be reliable over the events of a person's lifetime and all manner of disasters (war, fire, economic collapse and so forth)?
I don't like the idea of centralized authorities for currency in principle, but more and more I'm leaning to the idea that there will necessarily be "bitcoin banks" who take on the complexity of securing bitcoin funds in exchange for a fee. Someone you can call after your dog pees on your computer the same day your brother's house goes up in flames and you realize your kids have been using your backup DVD's as frisbees.
Of course with bitcoin one can still be your own bank if you make the effort, and I think that is essential. But I'm thinking it may be the exception rather than the norm over the long run, and that we will have too many horror stories from BYOB people who didn't think through their own security from a decades-long perspective.
Flame away! :-)
Why would anyone flame? It's a perfect, great thought-out post. I also was thinking of having paper wallets for security, but it would be pretty easy for a hacker to come up with a paper generator program/site, that they know all the private keys to, right? It might not happen while most people are in-the-know, to not use untrustworthy sources of paper wallet generators, but as exchange after exchange steal money from people who trust them when they shouldn't, you could see how someone could easily set up a nice, sleek-looking designed site, that enough people (new to the Bitcoin world) might end up using, thinking they're safe, when months or years down the line, the funds end up being withdrawn. I created paper wallets for family members, (offline, in a new OS, old printer, etc). But not everyone is going to be able to do that for themselves, or want to, even if they could. Then they may ask someone else to, and that someone else (though a friend now), may steal the funds if they keep a copy for themselves. I think we're going to end up seeing hardware wallets more, and hopefully cheaper.
|
|
|
|
ebliever (OP)
Legendary
Offline
Activity: 1708
Merit: 1036
|
|
February 20, 2015, 06:01:29 PM |
|
I also was thinking of having paper wallets for security, but it would be pretty easy for a hacker to come up with a paper generator program/site, that they know all the private keys to, right?
There was news a few weeks ago that pointed out exactly how this could be done. The idea was that the paper wallet generator would produce specified outputs that the hacker who originated the software could look for in the blockchain, giving them full access to the funds in the cold wallet. I remember saying something like "beware anyone announcing new wallet generator programs about a month from now" in response. Thanks for the feedback so far everyone!
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
AgentofCoin
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
February 20, 2015, 06:03:44 PM |
|
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.
1) would you hand it over to a stranger you have never met? 2) would you store it in a place thats not insured/secure? 3) would you leave it out in the open for anyone to grab? 4) would you shout out to everyone around you that you have X funds just sitting on your table
I agree with the above post. But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect, I think we are going to need bitcoin banks that help store your funds (in some way or fashion). Not because its necessary or safe, but because people are generally stupid and its easy for them. When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal.
|
I support a decentralized & unregulatable ledger first, with safe scaling over time. Request a signed message if you are associating with anyone claiming to be me.
|
|
|
ebliever (OP)
Legendary
Offline
Activity: 1708
Merit: 1036
|
|
February 20, 2015, 06:04:25 PM |
|
I think we're going to end up seeing hardware wallets more, and hopefully cheaper.
I'm not terribly familiar with the HW wallets out there, so I have to ask: What happens if a HW wallet is lost/broken/eaten by a rhinoseros? How do you access your account in that case?
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
Mikestang
Legendary
Offline
Activity: 1274
Merit: 1000
|
|
February 20, 2015, 06:04:37 PM |
|
You could always store your paper wallets/backups in a safety deposit box, or multiple copies in multiply boxes, I think that would alleviate much of your worries.
|
|
|
|
MakingMoneyHoney
|
|
February 20, 2015, 06:08:00 PM |
|
I think we're going to end up seeing hardware wallets more, and hopefully cheaper.
I'm not terribly familiar with the HW wallets out there, so I have to ask: What happens if a HW wallet is lost/broken/eaten by a rhinoseros? How do you access your account in that case? I would think, if I had a lot of BTC to protect, I would use a HW wallet to hold the majority, (like people save thousands in their bank accounts), in a bank safe. Maybe a couple of safe deposit boxes for copies, even. You could always store your paper wallets/backups in a safety deposit box, or multiple copies in multiply boxes, I think that would alleviate much of your worries.
Which leads me to this, you must make sure your paper wallet is safe, but if it truly is, multiple copies work well.
|
|
|
|
wilth1
Member
Offline
Activity: 63
Merit: 10
|
|
February 20, 2015, 07:01:32 PM |
|
-Partition into as many wallets as can be managed so that no loss is catastrophic -Store all wallets offline -Make multiple encrypted wallet backups -Use multisig
Who is your hypothetical "thief" adversary? It makes all the difference.
|
|
|
|
ebliever (OP)
Legendary
Offline
Activity: 1708
Merit: 1036
|
|
February 20, 2015, 07:57:11 PM |
|
-Partition into as many wallets as can be managed so that no loss is catastrophic -Store all wallets offline -Make multiple encrypted wallet backups -Use multisig
Who is your hypothetical "thief" adversary? It makes all the difference.
Diversification into multiple wallets/accounts is a good idea in principle, but the downside is the resulting increase in complexity, and risk that funds of one of those accounts could be lost or stolen. People could argue endlessly about whether it is better to have one tightly secured wallet or 10 wallets with less exhaustive security. One approach would be to tightly secure a "long term savings" account that is not accessed very often, while holding a smaller amount of BTC in a 'daily use' wallet. But this doesn't evade the conundrum in the OP, of theft mitigation vs. lost password mitigation. If anything relying on multiple accounts (which I agree is a good idea) makes everything even more complicated. Regarding the ID of the thief, I'm trying to be all-encompassing here - seeking a "best practices" approach that will span a person's life with minimal risk of BTC loss from either theft (of any sort) or loss of account access (for any reason).
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
bytme
Newbie
Offline
Activity: 16
Merit: 0
|
|
February 20, 2015, 09:55:43 PM |
|
Necessity may be the mother of invention but invention necessitates capability.
I've always thought this, storing/protecting is far too complex for the masses, myself included.
I wonder if there is a way to minimize risk by having two accounts. One loaded for "walking around" use, and another where you would store the bulk of your holdings in an account which simply requires some form of facial or retinal ID to access your main account to transfer funds to your wallet or paying bills, large purchases and such.
You could always add extra layers of passwords but wouldn't it be cool to know that you can access your "cold storage" by taking a real time selfie?
Then again there's the risk of a new crime wave of selfie theft by gun point.
Just a thought...DNA encryption? They can read a person's blood for diabetes...perhaps they'll come up with an ap for that.
Estate transfer is a whole different kettle of lawyers...I'm sure.
|
|
|
|
monsanto
Legendary
Offline
Activity: 1241
Merit: 1005
..like bright metal on a sullen ground.
|
|
February 20, 2015, 10:48:50 PM |
|
One idea I've thought about is a system where you have multiple accounts like others have mentioned, but with different levels of time delays. So you'd have one with instant access and a small amount of funds. Then for larger holdings you would put them for example in an account that has a built in 24 hr, 3 day, or week delay for withdrawals. If say the week delay account is accessed with a private key the funds wouldn't move for a week and a system would notify you, say through email, that the funds have been marked for withdrawal. If no action is taken, after 7 days the funds are moved, but if within those 7 days the private key is re-entered, the funds are moved to another long term address previously designated by the initial account creator. So if anyone was attempting to hack an exchange wallet for example the owners would have 7 days to notice this, re-enter the private key, which would then re-direct those funds to another predetermined long term account.
Just an idea and one I haven't thought through that much so I'm sure there's some problems and obviously isn't applicable to bitcoin as presently constructed.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4494
Merit: 3401
|
|
February 21, 2015, 01:04:05 AM |
|
The basic issue I'd like to resolve is: How do you make BTC so safe and secure that over a person's lifetime they never experience (A) theft or (B) loss of some or all of their BTC holdings?
This issue is not specific to Bitcoin. Basically, you are asking, "how can an asset be made so secure that it can never be lost or stolen?" The answer is that it can't. There is always a trade-off between utility and security. The only way to completely avoid theft or loss is to make the asset unusable. A better question to ask is, "how the features of Bitcoin be exploited to make it more resilient to theft and loss while minimizing the impact on utility. Bitcoin is already immune to theft and loss as long as the owner and only the owner has control over the private keys, and that cannot be said about other assets and monetary systems. The problem of theft and loss occurs at the coupling between the owner and the private keys. That is where the security can be compromised, and when looking for a solution, that is where you should look.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
vm_mpn
|
|
February 21, 2015, 04:26:58 AM |
|
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.
1) would you hand it over to a stranger you have never met? 2) would you store it in a place thats not insured/secure? 3) would you leave it out in the open for anyone to grab? 4) would you shout out to everyone around you that you have X funds just sitting on your table
I agree with the above post. But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect, I think we are going to need bitcoin banks that help store your funds (in some way or fashion). Not because its necessary or safe, but because people are generally stupid and its easy for them. When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal. Trusted institutions in Bitcoin ecosystem will take some time to build - Coinbase and Circle are good examples of this effort. I have no doubt Bitcoin will mature to the point where your Bitcoin deposit will be as secure as your checking or savings account at the local bank. The same will apply to your personal hardware wallet. We just need to give it some time, that's all.
|
|
|
|
Cryddit
Legendary
Offline
Activity: 924
Merit: 1132
|
|
February 21, 2015, 07:02:38 AM |
|
There is a fundamental problem, really.
Either a user keeps track of his own key, or the web wallet/exchange/whatever that has the key can Goxx him.
But if he keeps track of his own key, then he has to keep it secure. And most people are not willing or able to do what it takes to keep keys truly secure on their own systems.
|
|
|
|
buyandhold
Member
Offline
Activity: 231
Merit: 43
|
|
February 21, 2015, 08:33:34 AM |
|
There is a fundamental problem, really.
Either a user keeps track of his own key, or the web wallet/exchange/whatever that has the key can Goxx him.
But if he keeps track of his own key, then he has to keep it secure. And most people are not willing or able to do what it takes to keep keys truly secure on their own systems.
Yet some people insist that bitcoin is 'for everyone'
|
|
|
|
Q7
|
|
February 21, 2015, 09:04:42 AM |
|
We already have HD wallet which can be integrated to a hardware or paper wallet. I do not know how easy would that get in terms of understanding while security wise would say it would be enough. Sometimes it still falls to the owner to use basic common sense and to take necessary precautions to maintain security.
|
|
|
|
MakingMoneyHoney
|
|
February 21, 2015, 08:15:20 PM |
|
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.
1) would you hand it over to a stranger you have never met? 2) would you store it in a place thats not insured/secure? 3) would you leave it out in the open for anyone to grab? 4) would you shout out to everyone around you that you have X funds just sitting on your table
I agree with the above post. But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect, I think we are going to need bitcoin banks that help store your funds (in some way or fashion). Not because its necessary or safe, but because people are generally stupid and its easy for them. When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal. Trusted institutions in Bitcoin ecosystem will take some time to build - Coinbase and Circle are good examples of this effort. I have no doubt Bitcoin will mature to the point where your Bitcoin deposit will be as secure as your checking or savings account at the local bank. The same will apply to your personal hardware wallet. We just need to give it some time, that's all. That's true, if you compare Coinbase holding your Bitcoin to a bank holding your cash. Both can have that money stolen, it's been in the news recently about both. The difference right now is that the bank has insurance on the cash. Maybe we'll see an insurance company for Bitcoin theft someday.
|
|
|
|
ebliever (OP)
Legendary
Offline
Activity: 1708
Merit: 1036
|
|
February 21, 2015, 08:25:22 PM |
|
if you need to ask yourself how to secure it. just simply compare it to fiat, or things in your house that hold value.
1) would you hand it over to a stranger you have never met? 2) would you store it in a place thats not insured/secure? 3) would you leave it out in the open for anyone to grab? 4) would you shout out to everyone around you that you have X funds just sitting on your table
I agree with the above post. But sadly, since most people (including the twitter/facebook/supposed knowledgeable crowd) are not actually competent in a day to day aspect, I think we are going to need bitcoin banks that help store your funds (in some way or fashion). Not because its necessary or safe, but because people are generally stupid and its easy for them. When bitcoin goes mainstream, the average joe will not be interested in Bitcoins fundamentals and ideal. Trusted institutions in Bitcoin ecosystem will take some time to build - Coinbase and Circle are good examples of this effort. I have no doubt Bitcoin will mature to the point where your Bitcoin deposit will be as secure as your checking or savings account at the local bank. The same will apply to your personal hardware wallet. We just need to give it some time, that's all. That's true, if you compare Coinbase holding your Bitcoin to a bank holding your cash. Both can have that money stolen, it's been in the news recently about both. The difference right now is that the bank has insurance on the cash. Maybe we'll see an insurance company for Bitcoin theft someday. I think this is quite likely in the long run. It sounds like there is a consensus that (A) there is an inherent conflict between avoiding accidental loss and avoiding theft, and (B) that we can't really expect the average person to consistently secure their accounts without error against both possibilities. That means (A) bitcoin, as a BYOB instrument, is not for everyone, and (B) to make it for everyone means accepting institutions like banks and exchanges that will (for a fee) secure people's bitcoins and insure them (in some fashion).That's a little disappointing to me, but I appreciate the help in thinking it through to reach this conclusion.
|
Luke 12:15-21
Ephesians 2:8-9
|
|
|
|