
Coinbase now storing 87% of customer funds offline - barmstrong
http://blog.coinbase.com/post/33197656699/coinbase-now-storing-87-of-customer-funds-offline
======
ghshephard
This is what you get when you have amateurs try and develop security systems.
While I applaud them for at least trying, and I realize that hiring an actual
security consultant is unlikely to happen, it pains me to see their security
system as described.

A half-decent systems security architect (in the whole scheme of things) is
not that expensive - I'm sure someone like @tptacek would provide a referral
to someone charging less than $1000/hour who could, in a matter of two or
three weeks, architect an actual secure solution, with HSMs, XofY
authorization procedures and so on, that the good people at coinbase could (or
not) go off and design/deploy.

[edit: Part of my pain at looking at this system, is seeing all the many,
obvious flaws, that other industries that need security (military, banking,
smart grids) have had to deal with and have solved in elegant, secure,
reliable ways. I work in an industry where no one individual can be allowed to
have excessive rights, privileges, or power over the system under their
control. The many, many, many layers of security, audits, rights management,
and AAA we have in place do so are impressive (though, ironically, one of the
elements does involve acid-free 100 year paper in Safe Deposit boxes). Reading
through the coinbase description though, is akin to reading about the
encryption system created by someone who had never taken a cryptography
course.

The outputs from both groups can be trivially shown to be completely flawed by
those who've had the opportunity to see how it's properly done.

With that said, at least they are _trying_]

~~~
nicpottier
I think this is a bit of an unfair, perhaps even elitist post, and certainly
seems a bit against the culture here at HN.

Why so much text devoted to tearing down without a single suggestion as to how
they could do better, or where their flaws are now? Is it that you can't give
$1000/hr advice for free, but instead have to defend the value of that
$1000/hr?

I am most definitely not a security expert, but this sure seems like a step
forward, and has some really interesting aspects to it from a Bitcoin
perspective. (that they can deposit to the offline storage without actually
touching the offline storage is one)

Yes, the most glaring issue is there is only one offline storage site. But if
the person with the decryption key is different than the person with the safe
deposit key (and I suppose more than one of each) then I don't see the glaring
issue.

Please offer constructive criticism instead of just tearing it down.

~~~
ghshephard
These people are proposing to manage people's money, without having a serious
understanding of how to secure it. For me, it's akin to watching someone build
a bridge that people's cars are going to be driving across without having a
background in civil engineering. I may not be able to tell them how to build
the bridge, but I sure know it's going to end poorly when they try to do it
themselves.

As a first step, add an NofM authentication process with a pair of
sophos/utimaco HSMs doing rate/key/encryption management.

~~~
nicpottier
Thanks, that is nice to actually have a suggestion.

One note is that I think you vastly overestimate the competency level of
organizations. Just because they are large and have an air of security does
not mean their systems are terribly secure. I can speak from personal
experience that huge government organizations that ought to know better have
absolutely glaring security holes.

But yes, we should all strive to do better. I think NofM encryption in
particular would be a great improvement.

------
confluence
This is both awesome and hilarious at the same time.

The whole point of bitcoin was to decouple currency from institutions
(banks/governments etc.).

Instead they're right back where they started - only they've replaced
gold/currency with bits that can be easily copied and stolen.

> "Oh but the government can't inflate us away!"

No, but they sure as hell can take away your "safety" deposit box.

> "But private property rights! Rule of law!"

Ever heard of the quote: "The guy with the gun make the rules"?

Rights don't exist separate from external force (aka the government,
corporations, military, mafia etc.). Neither do laws. They are merely useful
abstractions - but don't mistake map for territory.

Rights/laws are, quite simply, power group sanctioned specific use of deadly
force for the benefit of one or another specific group (dictator/oligopoly/the
people etc.).

They don't actually exist. Like money, land titles, contracts and bitcoins.

Actually, now that I come to think of it a lot of things in society don't
actually exist - honour, respect, gods, free markets, meritocracy, a just
world and oh so much more - but let's not get ahead of ourselves shall we.

I'm limiting myself to shattering only one illusion per day.

~~~
bdr
Centralization of control is often useful, but it should be optional. That's
what Bitcoin gets us. It's simplistic to say we're "back where we started".

~~~
confluence
Control by definition is centralized to those with power.

What you mean is the delegation of control by those in power should occur -
e.g. Let people make their own choices for houses, clothes, food, land, family
and work to make our economies more efficient.

I agree.

But don't ever think that control can ever be decentralized.

It can only be delegated and it can be revoked at any time (see the Internet).

~~~
bdr
You possess the zeal and subtlety of a young revolutionary.

~~~
confluence
I don't understand - what part of what I have said has anything to do with a)
being a zealot or b) revolutionary.

My statements were firmly on the side of the status quo police/militarily
enforced liberal/social/democratic/capitalist western societies, and are, in
and of themselves, neither surprising, controversial nor patently false.

------
maaku
FYI, the state of California has been known to escheat the contents of safe
deposit boxes under certain circumstances. It has been known to happen by
mistake or in cases where it obviously shouldn't have. If the box is
escheated, the papers would be immediately shredded, and the USB keys
auctioned off. You'd end up with a few cents from the state (for the USB keys,
pennies to the dollar) and absolutely no recourse.

I would highly recommend getting a 2nd safe deposit box with a different bank
and store the exact same contents in both (or better, get 3+ total and use
m-of-n encryption... but in reality the effort involved would not be practical
unless you rarely dip into offline funds).

PS: you're saying I only need to search banks in the bay area for one with
that color scheme, floor tile, and banker, then drill/blast the box shown and
make off with 90% of Coinbase's deposits in untraceable cash? Free tip #2:
change boxes, soon.

[EDIT: that said, I appreciate spreading the word about offline storage. It
would have been better to do a blog post (maybe a follow-up?) on how others
can do the same thing with Armory running on a live-cd.]

~~~
mct
> _PS: you're saying I only need to search banks in the bay area for one with
> that color scheme, floor tile, and banker, then drill/blast the box shown
> and make off with 90% of Coinbase's deposits in untraceable cash?_

You'll also need to AES-256 decrypt the contents of the box.

~~~
JoachimSchipper
Which can, depending on how the AES key has been generated, take basically
forever or, say, ten minutes. (Using SHA-1(password) as your AES key is not a
great idea.)

------
tlrobinson
Optar (linked in the comments) looks like an interesting way to archive small
amounts of data. Up to 200kB per A4 page. <http://ronja.twibright.com/optar/>

------
qq66
Pretty cool to think about designing a bank from the ground up without any
pre-existing conceptions or regulations.

~~~
jellicle
Cool, but also stupid, in the same way that designing a bridge without any
pre-existing concept of engineering would be cool, but stupid.

------
biturd
This is a little OT, but I am confused. I just opened an account at MtGox and
it is asking me for a verification step, one which will include all my
personal data, and a image of my face or scan of an ID card.

I thought the one aspect of bitcoins was anonymity?

They also have been the victim of at least one, probably more, hacking
escapades. Why would anyone be inclined to give them this information?

What is a good recommended place to purchase a few coins just for fun? And
then do most people xfer then to this CoinBase?

~~~
s_henry_paulson
<https://www.bitinstant.com/> is often recommended for quick purchases.

Most people keep bitcoins in their own wallets on their own computer, USB
sticks, whatever. Make multiple copies of your wallet, and encrypt them if
there is any risk of other people getting your wallet. Or test out services
like coinbase if you feel comfortable trusting someone else with your money.

------
magoon
Worth noting is that the contents of a safety deposit box are not insured by
FDIC. I hope they use two distinct banks for redundancy.

~~~
natrius
The FDIC only insures deposits of US Dollars. Nothing Coinbase does is
remotely close to being FDIC insurable.

------
coin
The private keys are still vulnerable when they existed on the servers. It
would be possible for their servers to be unknowingly breached. Moving the
private keys offline won't help if they've been maliciously copied. The thief
could wait a while (months, year) before stealing the funds.

~~~
Lexarius
The private keys need never have existed on that server. On the occasions
which they are used, they need never touch the server, and the machine they're
actually used on (likely a laptop with a LiveCD) doesn't need to directly
communicate with the server so identifying and targeting it would be futile.

------
mr_luc
I can't believe that with 45 comments, no one has mentioned BlockChain.info or
other "zero-trust" solutions like Electrum.

That way your "funds" are in the BitCoin block chain, and no person, website
or service provider can steal them from you, as long as you're certain of the
security of the environment you're entering your key in.

These solutions rely on you only ever using your private key to sign things
OFFLINE, and then reconnecting to perform the action you signed for.
BlockChain.info provides an implementation in Javascript; there are also other
lightweight clients like Electrum.

The steps BlockChain has gone to to allow you to verify, (with the open-source
Javascript Verifier Chrome/FF/etc plugin that checks the page js to the github
page), that the client-side code is secure, is frankly kind of inspiring.

------
jpalomaki
Could somebody suggest an easy to use tool that would allow them to encrypt
the stored information so that it could be only decrypted when two out of
three employees collaborate?

~~~
dchest
Shamir's Secret Sharing Scheme

<http://point-at-infinity.org/ssss/>

Demo:

<http://point-at-infinity.org/ssss/demo.html>

Not a full "give me three shares and encrypt this file with a secret key" tool
though.

~~~
eric_bullington
Really cool program, and readily available on the debian repo, too! In case
anyone tries this out of curiosity, like I did, be sure to include the
generated index number as part of the share. I failed to include the index
number and couldn't get it to work until I realized it was necessary to input
the entire string, not just the hash.

I don't get why you write "Not a full 'give me three shares'...secret key
tool". That seems like exactly what this is. Are you saying it would work
better if you could provide the share "passwords" yourself, instead of the
machine generating them?

This seems like it would be a great way to encrypt the encrypting key used for
the bitcoin wallet in this instance. Security professionals? Do the algorithms
used look robust?

------
Tichy
Interesting, but I suspect "real" banks have a long time ago devised a better
solution: instead of storing money, they lend it out to other people. That is
presumably how they make most of their money.

But perhaps the old school "let's store money in a vault" thing becomes viable
again with BitCoin, will be interesting to see.

~~~
icebraining
On the other hand, storing USD or EUR on a "real" bank will effectively leave
you with less money than you put in, unlike Bitcoins which have been gaining
value even when sitting still.

