Re: btc project security: Encryption of php files + db entry hashes = more security?
there is no 100%(not even 99%) secure at this moment for hosting a bitcoin in/out project. once your system get cracked, your bitcoins are gone.
Yet.
If the host knows the private keys then an attacker who seizes controls of host seizes control of the private keys.
So what if the host never knows the private keys?
Code:
BSM
Host: v0.0.1.1238
Module: v0.0.1.608
Runtime: v4.0.30319
Initializing BSM with root key to form deterministic seed.
Host: 'Initialize(ZOpK/CiAP/aU1HlNOiJxeyCD8MUI/Zf1xCDFtOJPpGU=)'
Module: 'OK'
Verifying root key (module should return SHA256 hash of Root Key)
Host: 'RootHash()'
Module: 'E9o5VWDsusAWOTf5lVPHWI13YeMCXJ85S+SYqFfW6Lc='
Requesting a new address
Host: 'GetAddress(1)'
Module: '112ypupfk6upHCL65NhqNhtv9RBwW1jR1w'
Host: v0.0.1.1238
Module: v0.0.1.608
Runtime: v4.0.30319
Initializing BSM with root key to form deterministic seed.
Host: 'Initialize(ZOpK/CiAP/aU1HlNOiJxeyCD8MUI/Zf1xCDFtOJPpGU=)'
Module: 'OK'
Verifying root key (module should return SHA256 hash of Root Key)
Host: 'RootHash()'
Module: 'E9o5VWDsusAWOTf5lVPHWI13YeMCXJ85S+SYqFfW6Lc='
Requesting a new address
Host: 'GetAddress(1)'
Module: '112ypupfk6upHCL65NhqNhtv9RBwW1jR1w'
Even storing private keys (and fund control rules) into hardware device isn't 100% secure but it should raise the bar substantially. All major robberies to date have been "smash and grabs". Once attacker gained access to the server he simply copied the private keys to a client he controlled and transferred the funds.