How the First Bitcoin Hedge Fund Approaches Security 124
An anonymous reader writes with a link to a story at Forbes about what's said to the first Bitcoin hedge fund; the article goes into some of the details of how the (literally) valuable data is kept. A selection: "The private key itself is AES-256 encrypted. After exporting Bitcoin private keys from wallet.dat file, data is stored in a TrueCrypt container on three separate flash drives. Using Shamir's Secret Sharing algorithm, the container password is then split into three parts utilizing a 2-of-3 secret sharing model. Incorporating physical security with electronic security, each flash drive from various manufacturers is duplicated several times and, together with a CD-ROM, those items are vaulted in a bank safety deposit box in three different legal jurisdictions. To leverage geographic distribution as well, each bank stores only part of a key, so if a single deposit box is compromised, no funds are lost."
Really? (Score:2, Insightful)
So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.
Re:Really? (Score:5, Insightful)
So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.
You think the bank's computer systems are safer?
Re: (Score:2, Troll)
Re: (Score:3)
No.
There is nothing as secure as a computer system that's switched off. These keys are off-line, distributed, and safely stored. Nothing any bank has is better than that.
Re: (Score:1)
Yes
My experience is that companies dealing with a large amount of clients financial records, data and transfers are required to meet a large set of physical and policy requirements. This means that all computers are tested and there are roles and rules to how everyone behaves and what information is known by individual employees. However, there is a limit to how much security can be achieved due to the nature of the underlying transactions. Bitcoin is a recent development and appears to have a much higher leve
Re: (Score:3)
No.
But banks are regulated and abide by lots of consumer protection laws. Bitcoin exchanges .... well I haven't heard anything of the sorts yet.
When a giant bank gets hacked the people usually end up getting their money back. Hell when an end user gets hacked and someone cleans out their bank account they often end up getting their money back.
When some small bitcoin exchange gets taken to the cleaners ... well we'll see.
Re: (Score:1)
No.
But banks are regulated and abide by lots of consumer protection laws. Bitcoin exchanges .... well I haven't heard anything of the sorts yet.
When a giant bank gets hacked the people usually end up getting their money back. Hell when an end user gets hacked and someone cleans out their bank account they often end up getting their money back.
When some small bitcoin exchange gets taken to the cleaners ... well we'll see.
Well I dont know of any bank that was "hacked" and all the money inside was stolen and then the government gave everyone their money back. If a bank is robbed, then the bank pays for the robbery to return the funds, because they are responsible for the money their clients left to them. In general, they pay insurance at all banks to cover these loses averaged out. The government has little to do with robbery and fraud. Instead what you are thinking of is when a bank mismanages your assests and through action
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
What about the lock in the first place?
Good question but the bitcoin lock in question has been proved secure. It's 256 bit ECDSA.
Re: (Score:2)
You don't actually think they really did this, do you? Bitcoin people love to make big promises and not deliver on them. In reality it's probably stored on a flash drive, possibly on 2 drives for "redundant backup!" and kept in a box on top of a refrigerator.
Re: (Score:2)
It's Exante, a real financial services company.
https://exante.eu/products/ [exante.eu]
Re: (Score:2)
How do you reckon those financial services people afford all that cocaine? More to the point how good would you be at your job if you put Bolivian Marching powder on your Rice Krispies in the morning instead of sugar and then put so much Charlie up your nose you could see the pixies dance on you monitor while you stuffed a tampon up each bleeding nostril by lunchtime?
That's literally the reality of financial services. Literally. They snort your life savings and then make up some crazy cokehead shit about 'C
Re: (Score:1)
Re: (Score:1)
You don't actually think they really did this, do you? Bitcoin people love to make big promises and not deliver on them. In reality it's probably stored on a flash drive, possibly on 2 drives for "redundant backup!" and kept in a box on top of a refrigerator.
who knows what they really do. Trust in a company is exactly that. Fact is they are describing a process that is really possible. And if implemented as they describe it would be very secure. Whether or not a company follows through on their promises is outside the scope of what you can know from a press release.
There are examples of bitcoin companies that did not properly secure their clients assests or worse... simply stole the assests of their clients (I think). But there are many many cases of companies
Re: (Score:2)
So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.
If the same flash drives cost $5000 would you feel safer?
Re: (Score:1)
So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.
If the same flash drives cost $5000 would you feel safer?
Flash drives are far better at holding data then typical spinning hard drives. A master key that is approved for top secret documents by the NSA/FBI/CIA/CSIS/etc will fit onto the smallest flash drive you can buy. Also, 100 x $50 flash drives is far more secure then 1 x $5000 giant "reliable" drive. Flash drives are water proof, xray proof, largely pressure proof and shock proof. I have tested this myself and it is difficult to destroy a flash card. I have dropped, dunked, stepped on, put through washing ma
Re: (Score:1)
So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.
I have worked with companies to attain PCI compliance. This is a set of steps and policies required to handle client credit cards and transactions. It is a step beyond what the average storefront accepting credit cards needs to do. It is a very vast set of rules that mostly make sense and do provide a fair amount of protection for customer data and potential theft and/or fraud.
It is my opinion that bitcoin does offer a whole new set of options for greater security that is just not possible with standard inf
Re: (Score:3)
A pizza is split in 3 parts, and kept in 3 different banks in 3 countries. Bank robbers never get a full pizza.
Re: (Score:3)
What you saying is correct, but I am missing a step here.
You hand over your bitcoins for the fund to invest. They split the bitcoins into 3 pieces. o.k. - but how is that investing? If they are just keeping the bitcoins secure that is not even banking.
Re: (Score:1)
A hedge fund is where other people get richer by using your money to make bad investments.
Re: (Score:2)
I think the idea is that they hold on to the Bitcoins as the investment. Sell them off in the future believing that the worth of the Bitcoins will go up in the future.
Given past performance of Bitcoins against the U.S. dollar, that may be a reasonable strategy.
Re: (Score:2)
Well, that's precisely why BTC will ultimately fail.
The strategy works provided that you manage to get out before the market freezes up permanently. There's a huge incentive to not sell as the BTC will be worth substantially more in the future than it is presently, what's more the work you have to engage in to earn them in the future is substantially more than in the past.
So, holding them is the wise strategy for the individual. However, if too many people do hold onto them as a strategy, which they are and
Re: (Score:1)
Ed, You have it a bit backwards. You just described what is wrong with the stock market. The reason we are in a "recession" is because the money is not in circulation. Money doesn't just disappear. The amount of money available at any given time is controlled by small groups of people. When they hold they can crash whole economies. The problem wasn't "overspending" it was under investing in the proper channels. When a company has less money available it lays off employees who no longer make a paycheck and d
Re: (Score:2)
Not true, this is the same supply side economics bullshit that got us into the current mess.
No, the reason why we got into the current economic mess is that people were spending more than they could afford to pay back and eventually the whole house of cards fell down when people realized that the overly leveraged and complicated financial instruments were based upon debt that people couldn't afford to pay back.
Businesses hire people in response to need when they can't just get the current employees to do mo
Re: (Score:1)
I think the problem is that we aren't defining who is doing the spending.
I stand by my statement "Every dollar you don't spend is a dollar I can't earn"
I am suggesting that the economy is based on real money being spent. You are talking about irresponsible corporations spending money that they didn't have to begin with. When I say "spending money" I don't mean "taking out a loan". This is the basis of our misunderstanding. I am talking about the people who have money to spend. As I said before, the money d
Re: (Score:1)
What you saying is correct, but I am missing a step here.
You hand over your bitcoins for the fund to invest. They split the bitcoins into 3 pieces. o.k. - but how is that investing? If they are just keeping the bitcoins secure that is not even banking.
They are allowing clients to speculate on the rise and fall of the bitcoin. In order to do this, they need to have "holdings" in the bicoin comodity in order to meet the rise and fall of the bitcoin asset. So if a client wants to speculate on a million dollars worth of bitcoins, they need to purchase around 1 million bit coins, becuase if the bitcoin doubles over time and the client wants to cash out of the investment, then they will need to roughly 2 million back to the client by selling all the bitcoins t
Re: (Score:1)
Generally, the company will not make money from the rise and fall of the bitcoin. Like most investment companies they will make money from the investment transactions. You pay a small fee or portion of the investment to buy and maybe you pay something to sell out. The more the bitcoin fluctuates, the more likely they are to see clients investment decisions change and the more money they make. I think what they are providing is a useful service. Here is a link to the value of the bitcoin vs US dollar over th
Re: (Score:3)
A pizza is split in 3 parts, and kept in 3 different banks in 3 countries. Bank robbers never get a full pizza.
But if they stole any part of the pizza, could you eat the rest?
Re: (Score:2)
I like white pizza, and tomato pie isn't horrible, but a lack of crust could be problematic.
Re: (Score:2)
Re: (Score:1)
None of the pizza can be eaten unless you have two of the three slices. If you put two of the slices together, the third slice will magically appear, completing the pizza. So it doesn't matter if someone runs off with the slice they control. One slice is useless by itself. They also keep all the slices in different countries.
Re: (Score:1)
Infinite pizza! Just keep running off with one piece, then bring the other two together to get a new third piece!
Or does the missing piece teleport to where the other two pieces are?
Literally (Score:1)
Using "literally" to describe valuable data makes no fucking sense. It either is or isn't.
Why do so many people not know how to use this word?
Re: (Score:2, Funny)
Because they are literally stupid.
Re: (Score:2)
Using "literally" to describe valuable data makes no fucking sense. It either is or isn't.
Usually "valuable data" is valuable because it provides its owner with a competitive advantage.
This "valuable data" is "literally valuable" because it is being used as a form of cash.
Hope that helps.
My Hedge fund (Score:1, Funny)
It's based on the Zimbabwean dollar. It's pretty secure too - I've rented safe deposit boxes all around the world and put the notes in them.
For some strange reason though, the money's not exactly pouring in.
Re: (Score:2)
What makes you think they are lying? It's doesn't seem difficult at all to secure things the way they are suggesting.
It would be time consuming to withdraw bitcoins but this is meant to be a hedge fund, not a current account. I'm sure it's time consuming to withdraw a ton of gold from a bank too.
You can add bitcoins to a private key knowing only the public key ( the bitcoin address ).
Take the money and run (Score:1)
Re: (Score:1)
That's why they're using Shamir's secret sharing scheme.
Re: (Score:2)
The article says that they've already thought of that, and taken steps to prevent it - hence the use of secret sharing and other threshold schemes.
Re: (Score:2)
Re: (Score:2)
A rouge fund manager could only access the funds he was given to manage. He could not steal whats locked up in cold storage.
Re: (Score:2)
Would you even need a place with no extradition treaty? Or would the court view it as "I sent you these bits and now I want them back!"? I mean sure it's a "currency" but I'm not sure the courts recognize it as something with value.
Article left out an important part (Score:2)
The article describes impressive security precautions, but it leaves something out. Data is stored so it can be retrieved. On random days, restore and decrypt some test data, so everybody knows what to do and knows that it works.
Armory (Score:5, Insightful)
Armory [bitcoinarmory.com] as a Bitcoin client would have been a better choice for this, since they could have used the same 2-of-3 method for storing the private keys, but then they'd have the ability to use watching-only copies of the wallet for accounting and auditing purposes.
Re: (Score:2)
You don't need file systems to store files on a hard drive. You can just open up the block device with a hex editor and change the bits yourself.
Re: (Score:2)
More to the point, if they're at the level of doing secret sharing on private keys they are quite capable of implementing their own fund management software. For instance bitcoinj makes it easy to implement watch-only wallets, there's even a command line tool for it. I really doubt they need the help of GUI tools to set that up.
Re: (Score:2)
I was thinking more along the lines of transparency. They could publish a watching-only copy of their wallet on their public web site and then every person capable of running Armory can easily verify the fund owns as many coins as it claims.
Using an existing popular client instead of rolling their own lowers the learning curve for potential investors.
This makes no sense... (Score:3, Interesting)
Such procedures only work for cold storage of Bitcoin: wallets where you have no access to them. Basically, the equivalent of a bank vault for gold: its there, its sitting, but you can't actually do anything with it. Worse, unlike a bank vault, you can't transfer the bitcoins while they are in this vault.
Therefore, the hedge fund's only strategy for these wallets is to buy BitCoins and sit on them. And do nothing. Which, if you believe in BitCoin, makes sense (the design is hyper-deflationary, so the only rational thing to do with BitCoins is to hold BitCoins), but thats hardly what you'd call a hedge-fund strategy.
So how can you call it a hedge fund when all it can do is buy & hold?
Re:This makes no sense... (Score:4, Insightful)
That's pretty much what all hedge funds do, isn't it? Pick some asset they think will grow in value, buy it up (often using leverage), and then wait to see if their bet works out. Often they wait long periods of time. The fund is being targeted at people with lots of money and enormous appetite for risk - for these people, there aren't enough direct investment targets (like startups) so the easiest way to invest in the future success or failure of Bitcoin is indeed, buy and hold.
Hedge funds = derivatives (Score:2)
No, hedge funds typically use derivative instruments. Since a fundamental principal of hdge funds to to make a profit regardless of the underlying market, derivatives are a popular way to do this.
They could also simply diversify into a wide range of investments that are not correlated - or at least not correlated in the same direction (say, stocks, bonds, commodities, and properties). But that obviously isn't possible in this case. There's only one bitcoin instrument.
So, one must assume that they will creat
Re: (Score:1)
What is this "bitcoin" you speak of? (Score:1)
Re: (Score:1)
Re:What is this "bitcoin" you speak of? (Score:4, Informative)
I wish people would stop saying that. Yes, they are fiat currencies, but that does not mean they aren't real money or that all fiat currencies are equally arbitrary in valuation.
The value of the USD is measured against other currencies and against the things which one would like to buy. In most cases it doesn't really matter to me what it's doing versus the RMB or the CAD as I don't convert my money to pay for things brought in from those countries, I pay a price denominated in USD. Now, in practice shifts in those currency exchange rates will affect how much I pay, but so do all sorts of things that could affect domestically created things as well.
Bottom line, the folks claiming that fiat currencies aren't real don't have any idea what they're talking about. Currency is just for convenience so that you don't have to buy an entire cow just because you want a T-bone, don't want to take delivery immediately or want to do a 3 or 4 way trade.
Re: (Score:2)
Except all fiat currencies are deigned to expand at the same or a slightly higher rate than the exponential increase in GDP, thereby remaining flat or having low inflation. Bitcoin, by design, has an ultimate limited supply (high deflation, as has been seen already). This makes it impossible to ever use as money, because prices and wages are sticky.
This was figured out many many decades ago. This is why it's foolish to think bitcoin has a future, it's future was doomed by it's very design.
Re:Stickyness (Score:2)
> because prices and wages are sticky.
Correction, were sticky. With this marvelous invention called "software", you can list prices in two currencies, and have one float against the other:
http://bitcoinstore.com/consumer-electronics/cameras-optics.html?cat=5526 [bitcoinstore.com]
Assuming I wanted bitcoins enough to get paid in them, I would not have a problem having my wage rate set in dollars, then converted on payday to the bitcoin equivalent. It's not like having software look up the market rate and do a division prob
Re: (Score:2)
Actually that's my point, you want to be paid in dollars and prices to be in dollars, so bitcoin itself it not acting as the currency.
Also if it was going to be used long term, it would just encourage massive hoarding, it would be a guaranteed 10+ % interest rate. Same reason we can't use gold anymore.
Re: (Score:1)
But all the same could be said for bitcoins of course.
Re: (Score:2)
Economists often know nothing, but in this case, they know plenty about what makes a currency deflate or inflate in value.
Sure, but as has been repeatedly pointed out, Bitcoin is NOT a currency. No government accepts it for taxes, no economy functions with it as the primary unit of denomination. Deflationary spirals apply to currencies. Bitcoin isn't a currency. It's a store of value. It's more akin to tulip bulbs or beanie babies or ISK than it is to a currency. And yet, it's different from all of those things as well. Unlike tulip bulbs or beanie babies, it's not a thing. Unlike ISK, it's not subject to arbitrary cre
Re: (Score:2)
Re: (Score:2)
You just described all the best features of Bitcoin, which is exactly why it's seeing exponential adoption (not just price appreciation).
Re: (Score:2)
Bull fucking shit.
It's seeing exponential adoption because of the price appreciation and the price appreciation is the direct result of people flooding the market hoping to score big time. You see this in bubbles all the time. But, unlike other bubbles, this one is completely based upon nothing rather than being based upon overpriced assets that have at least some meager value.
I take it you don't know what a deflationary spiral is if you're saying that's one of the best things about BTC. Inflationary and de
Re: (Score:2)
People are adopting BItcoin because it's the only way to store savings in a form that can not be arbitrarily diluted, frozen, or remotely confiscated. They are adopting Bitcoin because it gives them the ability to transfer arbitrarily large amounts of cash instantly and inexpensively to any place in the world free from any possibility of prior restraint. They are adopting it because it allows them to accept payments from customers anywhere without the risk of payment fraud. Everyone knows the deflationary s
Re: (Score:1)
Re: (Score:2)
Bull fucking shit.
Uh huh. Sure. Your colorful zeal notwithstanding...
It's seeing exponential adoption...
[citation needed]
Re: (Score:1)
Bitcoin is backed by absolutely nothing.
except the current cryptographic techniques, the bitcoin protocol, and the compute power of the bitcoin mining network.
Re: (Score:1)
BTC isn't a real currency, I can't pay my taxes with it
Right. Nor can you pay them with gold, euros, pogs, flooz, sports trading cards, or a zillion other things. Government authority in the US accepts dollars. So what?
I can't pay any of my debts with it and nobody is forcing anybody to accept it.
You can buy [bitcoin.it] software, web hosting, domain names, precious metals, gamble, clothes, electronics, dental service, legal service, books and fuck all else with it. Just because you can't pay your cable bill with bitcoins yet doesn't mean they aren't useful to others.
It's not backed by gold, silver or the promise of anybody with the means to back it.
Bitcoin is backed by the compute power of the bitcoin mining network, the bit
Re: (Score:2)
Re: (Score:1)
Can you accurately predict the money supply growth of an African currency? Does any African currency have properties that make it far superior to dollars? Can you encrypt your cash so that thieves don't get anything if they steal your wallet? Can you carry huge amounts of your cash across an international border? Does your cash work just as well in other countries? Is your cash worth 300% more than it was in January?
PT Barnum (Score:1, Insightful)
"Bitcoin" and "Hedge Fund."
Two words that each should send a potential small-scale investor scurrying off in fear.
There's a sucker born every minute.
Re: (Score:2)
Pretty much, as a general rule, the more clever the Wall Street investment, the further away you should run.
The Key, The Secret. (Score:1)
Hint: It's password1
Re: (Score:1)
Lame (Score:2)
Here at Douchebag and Dipshit... (Score:2)
Our first rule of security is to proudly announce our base strategy to the entire world, conveniently saving you the time and effort of figuring it out yourself.
Pretty bad (Score:2)
In very limited longer-term storage experiments, I had complete data loss on several flash-drives. CD-ROM is not much better. If they understood how long-term data storage works, they would have copies on traditional HDDs and backup-copies printed on paper. What they are doing instead is on low amateur level.
Re: (Score:2)
In very limited longer-term storage experiments, I had complete data loss on several flash-drives. CD-ROM is not much better. If they understood how long-term data storage works, they would have copies on traditional HDDs and backup-copies printed on paper. What they are doing instead is on low amateur level.
I agree CD-ROMs are not built to last but I've only ever seen 1 flash drive fail out of hundreds I've used. I've had far worse luck with both magnetic and solid state hard disks.
Paper sounds like the best idea as long as it's not the cheap laser printer rubbish that turns yellow in a year or two.
Re: (Score:2)
I should clarify that I let a bunch of flash-drives lie around unused for about a year. If they are powered, they can do scrubbing and refreshing. A HDD that goes bad typically does so while being used, while Flash also goes bad while not being used.
As to the paper, I don't know what they sell where you live, but here (Europe), standard white laser paper has a life-expectancy of > 100 years if stored dark and dry.
Re: (Score:1)
It's a 2-of-3 system. You must lose 2 keys (or a thief must gain 2 keys) to lose money.
Overly simple example:
One drive has the first half of the key.
The second drive has the other half.
And the third has the first half XOR the second half.
Re: (Score:1)
In other words, a RAID.
Re: (Score:2)
RAED - Redundant Array of Expensive Data(!)
Re: (Score:2)
Yea, let's talk about bytecoin instead!
http://bytecoin.net/ [bytecoin.net]
Re: (Score:2, Insightful)
Scanning down through the day I can't find another story more fitting of the site's slogan "News for nerds, stuff that matters." As a nerd, news that a crypto-anarchists P2P currency has reached the stage of hedge funds only 4 years after being launched and details of how the fund manager intends to secure the keys for customers is simply fascinating.
Re: (Score:2)
Some people are just mad that they missed [slashdot.org] the boat [slashdot.org] and didn't get in as early as they could have.
Re: (Score:1)
Some of us, being rather altruistic, would like to spare the naive suckers that are driving this from losing their money on something that functions as a scam.
BTC was a horribly designed currency from the getgo designed by people with no clue what they're doing in terms of the currency side of the equation. What's more, notice how it's mostly just people who have money in BTC that are advocating for it? There is an inherent incentive to talk it up as it has no value other than what suckers they can lure in
Re: (Score:2)
BTC was a horribly designed currency from the getgo designed by people with no clue what they're doing in terms of the currency side of the equation. What's more, notice how it's mostly just people who have money in BTC that are advocating for it? There is an inherent incentive to talk it up as it has no value other than what suckers they can lure in to buy the worthless junk.
As much as I hate to feed a troll, The economic concepts behind bitcoin are sound. It boils down to the debate between deflationary currency and inflationary currency. The arguments that I have heard are that inflationary currency (The USD) it needed to maintain economic growth. The fact that the USD will buy less tomorrow than it buys today encourages people to spend it, thus driving the economy. The concept behind deflationary currency (BTC) is one that the currency does not drive the economy, supply and
Re: (Score:2)
BTC was a horribly designed currency from the getgo
Actually, much of it is really well designed -- as evidenced by the complete absence of Bitcoin counterfeiters, despite the fact that there is a huge financial incentive to counterfeit Bitcoins.
As far as the economic theory goes, you may be right... but if so, then BitCoin will fail and some other system will come along to replace it, hopefully taking its mistakes into account in the new design.
BitCoin is an impressive piece of distributed cryptogaphy and a big leap forward compared to, say, PayPal or (shud
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
This is already beginning to happen. Online stores have been able to use payment processors for a while now to accept Bitcoins from customers anywhere in the world. Now it's possible for that store to pay for its hosting and domain registration directly in Bitcoins, without needing to convert to local currency.