Author: Odinn Cyberguerrilla 2014-03-06 07:02:51
Published on: 2014-03-06T07:02:51+00:00
A new technique has been discovered which can recover secp256k1 private keys after observing OpenSSL calculate as little as 200 signatures. To patch this issue, one should use n-of-m multisig instead of single factor bitcoin addresses and architect the system in such a way that every transaction that happens in the service has to be authorized by both the "online" server(s) that host the website as well as a second "hardened" server with an extremely limited interface between it and the online server. The hardened second factor should use a separate codebase, ideally even a second language, to authenticate actions that withdraw funds or generate new addresses based on data given to it by the online server. Customers can PGP-sign requests so that their intent can be verified independently and cryptographically on both servers. Mircea Popescu's MPEx exchange is an example of this model. If all one is doing is accepting bitcoins from customers, then the same applies modulo the fact that the payment protocol is very incomplete. With P2SH finally supported in all the major Bitcoin wallets there is no excuse not to have such an architecture other than laziness and transaction fees. If you fall into the latter category, your business may very well be wiped out anyway by increased fees. In case of good practices, one is not particularly vulnerable to the issue, if at all, even when using shared hosting. One should avoid re-using addresses, which means they won't be passing that ~200 sig threshold. Additionally, businesses should limit losses by flagging higher-than-expected withdrawal volumes and unusual events. Since the second-factor server only deals with business logic and not the website, one can find a secure hosting arrangement for it with physical control. It is recommended to stick the machine in your apartment and use tor + hidden services to connect to it from VM instances.
Updated on: 2023-06-08T04:02:58.052087+00:00