Securing Your Bitcoins - Kitten Tofu
0 likes787 views
How to secure your bitcoins. This technical presentation by Kitten Tofu is at a medium-advanced level for those who are deeply involved in bitcoin. This was presented at the Bitcoin Barcamp in Sydney on 15th March 2014. To view the full talk or find more presentations from Australia's first pop-up unConference on cryptocurrency innovation, go to www.bitcoinbarcamp.org
Securing Your Bitcoins - Kitten Tofu
- 2. Hello! ≒ Kitten Tofu! ≒ Cryptocurrency enthusiast since 2011! ≒ Worked in infosec for a couple years! ≒ Full time cryptocurrency researcher! !
- 3. This Talk I want you to interrupt me.!
- 4. This Talk ≒ Entropy! ≒ Use Cases and Adversaries! ≒ blockchain.info client! ≒ Of鍖ine Wallets! ≒ m of n signature schemes! ≒ BIP32 (HDWallets)! ≒ Network Architecture!
- 5. Entropy ≒ Measure of randomness! ≒ Usually expressed as the number of bits! ! ≒ Pick truly random passphrases! ≒ Google for diceware!
- 6. Use cases + Adversaries ≒ Short Term / Easy Access / hot wallet! ≒ Long Term / Savings / cold storage! ! ≒ Somebody who has physical access to you! ≒ Some random hacker on the internet!
- 7. blockchain.info ≒ Client side encryption, however...! ≒ Google for matasano javascript! ≒ Enable 2 factor authentication!
- 8. Offline Wallets ≒ Private keys on an air gapped computer! Of鍖ine Computer! Online Computer! ernet! Private Keys
- 9. Offline Wallets ≒ Private keys on an air gapped computer! Of鍖ine Computer! Online Computer! ernet! Public Keys! Private Keys
- 10. Offline Wallets ≒ Private keys on an air gapped computer! Of鍖ine Computer! Online Computer! ernet! Public Keys! Private Keys Unsigned! Transaction!
- 11. Offline Wallets ≒ Private keys on an air gapped computer! Of鍖ine Computer! Online Computer! ernet! Public Keys! Private Keys Signed! Transaction!
- 12. Offline Wallets Armory makes this easy!
- 13. Offline Wallets ≒ Encrypt properly! ! ≒ Watch out for USB viruses!!
- 14. transactions ≒ BIP 11, Gavin Andresen! ≒ blockchain.info implements this! ≒ DIY: Shamirs secret sharing scheme! ≒ Good for shared accounts! ≒ Mitigation against losing access!
- 15. BIP32 - HD Wallets ≒ Create two extended keys! ≒ One for public keys! ≒ One for private keys! ≒ Child Key Derivation (CKD)! ≒ Given one of these extended keys, you can derive any of 232 -1 children!
- 16. BIP32 - HD Wallets
- 17. Architecture ≒ Online gambling website / exchange! ≒ Online shop!
- 18. Architecture Web Server! Hot Wallet! ernet! Cold WallManually processing Private Key Generator! Public Key! Generator! Private Ke
- 19. Architecture Web Server! ernet! Cold WallManually processing Public Key! Generator! Private Ke
- 20. Malleability ≒ Your exact transactions are not the only transactions that can spend your funds! ! ≒ Not as bad as it sounds, just dont rely on your txids making it into the blockchain!