Bitsquare wallet safety when compared to other hot wallets?

Hello,

How would you compare Bitsquare wallet to traditional hot wallets when it comes to security issues. Is there a way to make our Bitsquare wallets more secure by using two factors authentication? Thanks in advance for your kind reply.

2FA would be great to have but is difficult in a pure P2P context. If you have any suggestions how to do that - we would be very interested.
Only solution which might fit would be BitcoinAuthenticator but I think it is not maintained anymore and might be a bit of complicate for most users.

In future we want to integrate Trezor.

For now I recommend to not use Bitsquare as a savings wallet with a lot of funds. Use Trezor or another hardware wallet, that is the safest way.

Beside that if people are using the recommended measurements (write down wallet seed words, use a password, make a backup) there should be a reasonable protection.
Such protection is of course limited: If your computer is infected with a key logger, you are lost with most wallets (beside hardware wallets and 2FA).

2FA would probably have to rely on a certain trusted party, meaning you have to prove somebody you have certain phone to use your coins. Unless such a proof would be valid for everyone, as a public key signature is, it would require a trusted person, which in this case would probably be an arbitrator. It can be added that you require 2FA to withdraw coins, but then that leads to centralization. If you require it just in a trade, then coins could be withdrawn to other wallet, mixed (or exchanged or something) and deposited in the new one, making it ineffective. So I guess that SMS messages aren’t PGP encrypted so it makes it impossible to add the coins in some kind of decentralized contract.

I believe 2FA doesn’t require a phone. I’d be glad if I could simply request a one time password to be sent to my email account. My email address at Tutanota.com is not linked in any way to my identity, it is designed for encryption and my internet connection goes through a VPN.

Privacy and security are my priorities when using bitcoins (which I plan to convert to Monero and back to XBT for full anonymity). For my transactions I run Electrum offline from Tails (on a usb stick) and in watch only mode from my computer. I did not plan to use Bitsquare as a saving wallet. I merely don’t want to break into a cold sweat when large amounts of btc are unconfirmed (or on hold) for an extended period of time.

To add support for Trezor would be a great feature for many, as for myself Electrum and multiple paper wallets better suit my needs. I generate seed phrases and private keys offline with Tails and I feel safer with my offline dumb printer than with hardware wallets.

To integrate some hardware 2FA devices like YubiKey might work but most people are not using that. So the relation of costs/benefit is probably not good.
Emails need to be sent out from an email server. Who should run that without breaking privacy/decentralization? How hosts the 2FA counterpart?
2FA is designed for client-server architecture. I still don’t see a viable solution. Would love to!

Yes. Even if you use email, it is a same issue. You need someone to verify that you have an access to an email, that is the whole idea of 2FA. This goes against the idea of Bitsquare that you control your coins, and if you want withdraw them, you need no ones permission. Unless this is a smart contract, between a user and the rest, that the coins are not worth anything if you don’t own an email, this would break the decentralization. But even this wouldn’t be currently possible, for the fact that you would have to prove your email to everybody all the time, so you couldn’t sell them without selling an email account with them, as you would be able to revert the transaction otherwise. Which again is impractical. There is just no way to do this right now as I can see, without breaking decentralization.

Yes 2FA includes a second party who controls access. Usually that is default by the server. But in Bitsquare we don’t have that. If we would add 2FA check inside the app it would not help much if u got hacked as the software cannot be rusted then (thought of course raise the bar for the hacker).
A MultiSig might be an option, but then you need an independent 2nd device. Most don’t have a second computer and we have no mobile support yet (and not soon).

Beside that in Bitsquare the reserved funds cannot be locked by any interactive mechanism, otherwise nobody could take your offer without your interaction.
For the available funds though a Trezor integration would work (transfer the funds with a normal btc tx to Trezor and back). If done well usability-wise I think that gives you the best security. Those who have > 5 BTC should invest the 100 bucks into a Trezor, the others have not so much to lose anyway…

But appreciate the discussion. I would love to find a solution for that, but fear there is not an easy one.

1 Like

Thank you for your replies, they make a lot of sense. :slight_smile:

Please bare with me, I have no expertise whatsoever in this field and I might be missing the whole point, but about 2FA and raising the bar for the hackers I have another suggestion to add a security layer to the login process :

What about a feature to allow offline printing of paper-based two-factor authentication directly from the client ? Of course in case the printer would be compromised it would not solve any security issues, but I don’t see how it could break decentralization.

Also, can’t MultiSig be achieved on a mere usb key instead of a second device?

(On a side note : 100 $ may not sound much to most of us, however it’s a great deal of money for third world countries where people often don’t have access to banking systems in the first place and where cryptocurrencies, even in the slightest amount, are a blessing).

1 Like

The coins could be locked in multisig with a paper wallet, this would I believe help in a rare case that you know your PC got hacked and moved the wallet file to the other device and withdrawn it from there using your paper wallet. However I don’t think it is often that people suspect they have been hacked so this would bare little effect. In the case you are using a paper wallet you will have to type the private key in the PC at some point, which if it has been compromised than it would be stolen as well, and if it wasn’t compromised then hackers don’t have the wallet file on the PC. So really little use of it. As I said, if you know it has been compromised, then sure, it is useful, but really rarely the case. The only way to add a security with 2FA is to add another device that would have to be compromised as well and can sign the withdraw transaction, which is probably very hard to do by hand and a calculator. (way to many digits needed on a calculator and likely some more operations required to decode, encode the transaction in the right way)

I think it’s only reasonable to assume any computer connected to the Internet is indeed compromised, or will be at some point. High security standards are a legitimate expectation for most bitcoiners and a great challenge to meet for developers.

You guys came up with a brilliant idea and a quite astounding piece of software which I support with a lot of enthusiasm. I do understand 2FA is close to impossible (unless someone takes over Bitcoin Authenticator) thus MultiSig is a lot to ask, but I wish my suggestion to reinforce login security with a paper based 2FA would have been taken into account. I’m truly sorry I could not come up with a better idea. Anyways, I’m glad you heard my concerns. :slight_smile:

For now, as I am not willing to sacrifice safety over privacy, and since I can get the best of both worlds with Monero conversion and multiple paper wallets (each of them holding a small fraction of bitcoins), I can do nothing more but to wait for Bitsquare to evolve towards a more security orientated version before I can get back to it.

Some solution for 2FA is definitely on the high prio list!
As said I just have not found any yet which is feasible from effort and works well in a P2P context.
I am too busy atm with the DAO stuff so sorry if I cannot get too deep into that topic atm. But I am very open if anyone from the community comes up with a solution.

At this time the best practice for security would be to minimize the amount of Bitcoin held on the BitSquare exchange. This is true for any exchange of course.

Personally I use a Ledger Nano S hardware wallet for the bulk of my currency and it performs brilliantly. And you can buy it with Bitcoin. :slight_smile:

2 Likes

Perhaps users could choose some other user to join the coins together. Then use an email or mobile as 2FA between each other. This has it’s possible privacy advantages, but the main purpose of this would be 2FA. Users could also choose an arbitrator for such purposes. And since they both would have coins in multisig, there is an economic incentive for both to release the coins when it has been requested from other party, but not necessarily to the real owner. The problem here would be that the hacker who got the wallet of one party could find a way to talk to other party and give them part of the coins as a bribe, as such this would rest on reputation, kind of like the arbitrators do now.

Yes that happens when you trade ;-).
So best for you and best for Bitsquare if you just put your funds into trades ;-). There it is safe in the MultiSig anyway…

1 Like

Yes, but I meant in the long run :smiley: I guess that is the point of Bitsquare in the first place, to trade the funds, so might as well trade them, fees are small anyway. :slight_smile:

Probably a foolish idea but what if we could use the blockchain itself to verify and authenticate our identity the same way it is being used to certify and validate transactions?

Transactions are validated using a public key and record of past transactions that sent coins to that public key, all the way back to when they were mined. They are validated because everyone knows all the transactions and their public keys (hashes of keys, to be exact, but same concept). Only way to do that is that everyone knows how much money everyone else has. That would obviously be a big privacy problem and not possible to do without everyone constantly checking everyones identity as computers check transactions are signed with the right private key (very quickly).

There are experimental blockchain ID systems around but none of them have been adopted very widely yet. Until that happens we still have to verify with every separate webiste and application. :frowning: