| ▲ | cameldrv 7 hours ago |
| You shouldn't have a key that controls millions/billions of dollars on a cloud service. It should be on an airgapped laptop that was purchased anonymously, has never been connected to the Internet, and only runs software that has been vetted and loaded onto it via a CD-ROM or some other comparable method. |
|
| ▲ | WatchDog 6 hours ago | parent | next [-] |
| If their coin requires a web service to process each transaction, then an offline key isn't very useful. You can criticize their design, but you can't have a dude burning a CD-ROM every time someone wants some coins. |
|
| ▲ | vlovich123 7 hours ago | parent | prev [-] |
| Have you actually tried to run a business this way? |
| |
| ▲ | mememememememo 6 hours ago | parent | next [-] | | $24m was lost. Setting this up is say $10k in time and materials. Although I would use a rack server. . | | |
| ▲ | allreduce 29 minutes ago | parent [-] | | No need to get fancy. A yubikey glued to a tungsten cube would have prevented this attack. Thats 50€ for the yubikey and 300€ for the tungsten cube. |
| |
| ▲ | cameldrv 5 hours ago | parent | prev | next [-] | | Yeah. Sorry to say, but if you’re going to run a crypto company, and it’s even moderately successful, people are going to try to steal the key. Either you are extremely paranoid, or you’re going to lose a bunch of money, for yourselves or your investors. | |
| ▲ | jiggawatts 6 hours ago | parent | prev [-] | | I have, I've set up "truly offline" root certificate authorities and the like in the past. Yes, it's a pain to operate, but if the alternative is "the bad guys get all of our money", then it can be worth it. |
|
