Author: Peter Todd 2014-03-05 19:39:10
Published on: 2014-03-05T19:39:10+00:00
In March 2014, a practical technique was published that could recover secp256k1 private keys after observing OpenSSL calculate as little as 200 signatures. Kevin asked Mike Hearn how to patch this issue, to which he replied that if good practices are followed, one may not be particularly vulnerable to it, even if shared hosting is used. Reusing addresses should be avoided to prevent passing the ~200 sig threshold. It is important to use n-of-m multisig instead of single factor Bitcoin addresses and architect the system such that every transaction requires authorization by both the online server(s) and a second hardened server with an extremely limited interface between it and the online server. The hardened second factor should ideally use a separate codebase and language to authenticate actions that withdraw funds or generate new addresses based on data given to it by the online server. Customers can PGP-sign requests to verify their intent independently and cryptographically on both servers. Mircea Popescu's MPEx exchange is an example of this model. If only accepting Bitcoins from customers, all of the above still applies. It is recommended to stick the machine in your apartment and use Tor + hidden services to connect to it from VM instances. With P2SH supported in all major Bitcoin wallets, there is no excuse not to have such an architecture other than laziness and transaction fees, which could wipe out businesses anyway.
Updated on: 2023-06-08T04:02:26.062461+00:00