Post
Topic
Board Trading Discussion
Re: New bitfloor API: silly security?
by
isis
on 22/09/2012, 18:00:35 UTC
Bitfloor is back, and they have changed their API.  Now you have to pick an extra "passphrase" (which isn't your password or your api key or your secret key but something different) and send that as an SSL-protected-but-otherwise-cleartext header with each API call (i.e. even their frontend HTTP servers can see your passphrase).

How, exactly, does this improve security?  The "passphrase" is just another secret, like the secret-key.  Why is two passwords more secure than one password?  Especially when the existing password is already a random 64-byte string.

The only difference I can see is that the passphrase is chosen by the user rather than being randomly generated by bitfloor.  But if anything that reduces security: instead of bitfloor being sure the password is suitably random, users can choose weak passwords.

None of this makes any sense.

If a hacker compromises bitfloor's servers -- even the internet-facing frontend servers which are always the weakest point -- they can watch the "passphrases" stream across the wire.  No extra security there.

Maybe they're hoping that if they're hacked, the hacker will only gain the passphrases of users who happen to make API calls during the hack period.  But they could have achieved that with the old API: simply store only the SHA hash of the "secret key" on disk and forget the actual secret key immediately after it is generated.  Exactly the same level of security, no API change.

This worries me.  Unless I've missed something major, this indicates that somebody at Bitfloor does not understand security.  I hope I'm wrong about that.

That's strange, where did you see that?