A half-decent systems security architect (in the whole scheme of things) is not that expensive - I'm sure someone like @tptacek would provide a referral to someone charging less than $1000/hour who could, in a matter of two or three weeks, architect an actual secure solution, with HSMs, XofY authorization procedures and so on, that the good people at coinbase could (or not) go off and design/deploy.
[edit: Part of my pain at looking at this system, is seeing all the many, obvious flaws, that other industries that need security (military, banking, smart grids) have had to deal with and have solved in elegant, secure, reliable ways. I work in an industry where no one individual can be allowed to have excessive rights, privileges, or power over the system under their control. The many, many, many layers of security, audits, rights management, and AAA we have in place do so are impressive (though, ironically, one of the elements does involve acid-free 100 year paper in Safe Deposit boxes). Reading through the coinbase description though, is akin to reading about the encryption system created by someone who had never taken a cryptography course.
The outputs from both groups can be trivially shown to be completely flawed by those who've had the opportunity to see how it's properly done.
With that said, at least they are _trying_]
Why so much text devoted to tearing down without a single suggestion as to how they could do better, or where their flaws are now? Is it that you can't give $1000/hr advice for free, but instead have to defend the value of that $1000/hr?
I am most definitely not a security expert, but this sure seems like a step forward, and has some really interesting aspects to it from a Bitcoin perspective. (that they can deposit to the offline storage without actually touching the offline storage is one)
Yes, the most glaring issue is there is only one offline storage site. But if the person with the decryption key is different than the person with the safe deposit key (and I suppose more than one of each) then I don't see the glaring issue.
Please offer constructive criticism instead of just tearing it down.
As a first step, add an NofM authentication process with a pair of sophos/utimaco HSMs doing rate/key/encryption management.
One note is that I think you vastly overestimate the competency level of organizations. Just because they are large and have an air of security does not mean their systems are terribly secure. I can speak from personal experience that huge government organizations that ought to know better have absolutely glaring security holes.
But yes, we should all strive to do better. I think NofM encryption in particular would be a great improvement.
Maybe it's just my impression, but a lot of security-related discussions evoke the "comic book guy voice".
Speaking of... any of you security guys want to recommend a good book that talks about different solutions and common situations when they're useful? Not a "how to...", but a "know that this thing is available, and here's when it might be useful".
(Also, their "team" page seems to list one person. It's very hard to make XofY security work in really small organizations.)
All that said, Bitcoin security is amateur hour, and you're right that there's a lot they could learn from people who have solved such problems before.
More seriously, the threats faced by a real bank are more serious than the threats faced by a minor Bitcoin operation.
That said, there's no way I'm trusting any significant amount of money to any of these outfits.
From my perspective it looks like coinbase is currently the most secure and redundant way to store your bitcoins. Of course everyone could store them on their own and design my own security system, but I doubt many people can do better than what the OP describes.
o What happens if one or more employees goes rogue?
o What happens if an employee is "hit by a truck"?
o What happens if an employee is blackmailed/extorted?
o What happens if your offsite archive is vandalized/broken
into/crashed into by a plane?
For physical transactions, we have chip-and-pin, which can't be copied like a magstripe. For online transactions, we have securecode/verified by visa.
"After you activate Verified by Visa, your card will be recognized when you buy at participating online stores. You'll enter your password in the Verified by Visa window, your identity will be verified, and the transaction will be completed. In stores that are not yet participating in Verified by Visa, your Visa card will continue to work as usual."
basically, everyone still has the power to charge me, when it knows my card number. The feature seems to be protecting merchants, not customers (yes, I understand that my bank will likely refund all stolen funds, but I would prefer a sane solution)
IIRC there was one problem where the encryption used between the card and the bank was bad or the card's chip still had its write pins exposed but I think that was solved by replacing the cards with newer ones.
Any insurer would require a solution like this, on top of any other audit and control measures. The only weakness with the system as it stands now is documentation (which the blog post accomplishes, to some extent) -- the next step is to develop legal and technical measures (possibly using threshold cryptography, HSMs, etc., as well as multiple contracted parties like law firms, escrow agents, etc.) to enforce the fundamental principle of reducing value at risk to a reasonable level.
2) Please give me an example of ANYTHING the military, banking, or smart grids has solved "elegantly", especially in security. Elegance is the opposite of how those industries work -- they solve things with brute force.
3) This solution is elegant in that it's a simple hack and accomplishes the goals using the resources available.
It's not a general solution to the computer security problem, but took advantage of a compromise (latency) they could make.
CAs, for a long time, actually did a lot of work using laptops stored in bank vaults, rather than HSMs, since there was no good way to run all the code they needed in-HSM, or they needed to use kinds of keys not supported in HSM. Later, they bought HSMs for the keys themselves (mainly to do multi-party access control), and kept the laptop too.
The whole point of bitcoin was to decouple currency from institutions (banks/governments etc.).
Instead they're right back where they started - only they've replaced gold/currency with bits that can be easily copied and stolen.
> "Oh but the government can't inflate us away!"
No, but they sure as hell can take away your "safety" deposit box.
> "But private property rights! Rule of law!"
Ever heard of the quote: "The guy with the gun make the rules"?
Rights don't exist separate from external force (aka the government, corporations, military, mafia etc.). Neither do laws. They are merely useful abstractions - but don't mistake map for territory.
Rights/laws are, quite simply, power group sanctioned specific use of deadly force for the benefit of one or another specific group (dictator/oligopoly/the people etc.).
They don't actually exist. Like money, land titles, contracts and bitcoins.
Actually, now that I come to think of it a lot of things in society don't actually exist - honour, respect, gods, free markets, meritocracy, a just world and oh so much more - but let's not get ahead of ourselves shall we.
I'm limiting myself to shattering only one illusion per day.
The above statement is incorrect.
The "whole point of bitcoin" per http://bitcoin.org/about.html :
>"Bitcoin is designed around the idea of using cryptography to control the creation and transfer of money, rather than relying on central authorities."
As you can see - the intent is not to decouple the currency itself from institutions, but the creation and transfer of the currency from central authorities.
To address your other points:
Bitcoin is on equal footing compared to other currencies with regard to many things including: government confiscation, individual risk, and institutional risk.
Other currencies have the advantage of: far greater acceptance, low barrier to use (you just physically hand something to someone else)
Bitcoin has the advantage of: no central bank, no central banking inflation (by design, creation and transfer is via cryptography)
What you mean is the delegation of control by those in power should occur - e.g. Let people make their own choices for houses, clothes, food, land, family and work to make our economies more efficient.
But don't ever think that control can ever be decentralized.
It can only be delegated and it can be revoked at any time (see the Internet).
My statements were firmly on the side of the status quo police/militarily enforced liberal/social/democratic/capitalist western societies, and are, in and of themselves, neither surprising, controversial nor patently false.
There's no such thing as perfectly decentralized power or control, but it's certainly not centralized either.
This may have been the goal, but if so, it's implementation was bad. The value of a bitcoin steadily appreciating as time marches forward gives it the properties of an asset, not a fiat currency .
Like a currency, there is a trading market that forms around the asset, but as fiat currency tends to slowly depreciate over time, it leads to much more fluidity.
Why are things which are useful and abstract of lesser value than things which are non-useful or non-abstract? Can you give an example of a non-abstraction using your definition of abstraction?
> a lot of things in society don't actually exist
For what reasons should someone accept your personal ontology regarding what exists and what doesn't exist as the objectively correct one?
I would highly recommend getting a 2nd safe deposit box with a different bank and store the exact same contents in both (or better, get 3+ total and use m-of-n encryption... but in reality the effort involved would not be practical unless you rarely dip into offline funds).
PS: you're saying I only need to search banks in the bay area for one with that color scheme, floor tile, and banker, then drill/blast the box shown and make off with 90% of Coinbase's deposits in untraceable cash? Free tip #2: change boxes, soon.
[EDIT: that said, I appreciate spreading the word about offline storage. It would have been better to do a blog post (maybe a follow-up?) on how others can do the same thing with Armory running on a live-cd.]
You'll also need to AES-256 decrypt the contents of the box.
I thought the one aspect of bitcoins was anonymity?
They also have been the victim of at least one, probably more, hacking escapades. Why would anyone be inclined to give them this information?
What is a good recommended place to purchase a few coins just for fun? And then do most people xfer then to this CoinBase?
Most people keep bitcoins in their own wallets on their own computer, USB sticks, whatever. Make multiple copies of your wallet, and encrypt them if there is any risk of other people getting your wallet. Or test out services like coinbase if you feel comfortable trusting someone else with your money.
It's not (only pseudo-anonymity), but in any case, MtGox is not bitcoin, but a service on top of it. If you want something closer to anonymity (yet not real anonymity either), you need to run your own client and do all the things that prevent others from tracking it back to you (run it through Tor, use an anonymous gateway, etc).
And even if you achieve that, chances are that you won't be able to do much with your bitcoins.
That way your "funds" are in the BitCoin block chain, and no person, website or service provider can steal them from you, as long as you're certain of the security of the environment you're entering your key in.
Not a full "give me three shares and encrypt this file with a secret key" tool though.
I don't get why you write "Not a full 'give me three shares'...secret key tool". That seems like exactly what this is. Are you saying it would work better if you could provide the share "passwords" yourself, instead of the machine generating them?
This seems like it would be a great way to encrypt the encrypting key used for the bitcoin wallet in this instance. Security professionals? Do the algorithms used look robust?
But perhaps the old school "let's store money in a vault" thing becomes viable again with BitCoin, will be interesting to see.