If you don’t know what BitCoin is read the official blurb or more of the same from Wikipedia

At the last of our recently christened “bi-monthly, beer-fuelled BitCoin argument” sessions (aka geek ups) the issue of security as a barrier to BitCoins continued viability was raised and, shockingly, was acknowledged as a valid issue by the group’s biggest BitCoin proponent.

The general feeling was that BitCoins as a currency could too easily be compromised by virtue of their being digitally stored and therefore open to being hacked and stolen. Whilst I have my own issues with BitCoin (most often expressed following a few pints of beer with the assistance of napkin drawn deflation / value charts and much waving of arms) security is not one of them and here’s why:

The process of transferring and authenticating BitCoin transfers is solid. This is based on a combination of tried, tested and trusted public / private 256 bit key systems which are FIPS approved and (at the time of writing) remain completely unbroken. In short there’s not much to worry about in the architecture of the crypto-currency itself nor is it possible to fool / duplicate or monkey around with the transfer of BitCoins from one user to another.

In short, transfer of BitCoins is secure. You can’t say the same thing for traditional hard currency and even electronic transfers have to take place behind incredibly heavily secured barriers to prevent tampering.

If transit is secure then the weakness must lie in storage … right? 

Wrong! 

BitCoins are stored in a digital wallet (which is actually a Berkeley DB file containing all the information associated with a user, transaction history, preferences, key pairs, etc.). In and of itself the wallet.dat file is indeed open to easy transfer transmission or malicious pilfering… Which is why the first thing any serious BitCoin user does is ensure that this file is heavily encrypted and secured by a strong password. 

Personally I store my “day to day” wallet (more on this later by the way) in a TrueCrypt volume on a passworded, fire-walled and encrypted home directory on my MacBook Air … good luck getting into that!

Now I’m a casual BitCoin user. I have a small amount of BitCoins at any given time. Let’s take the scenario to the extreme where I’m storing my entire pension fund in the new currency. Hundreds of thousands of pounds worth of them. And I live in a world where BitCoins can be freely exchanged for good and services on the high street. 

Will my current set-up protect my wallet then? In theory yes but in reality I’m probably going to come unstuck at some point due to the need to access my wallet regularly (never forget that true security is always traded for convenience of access) and run a higher risk of losing my hard earned BitCoins to some nefarious character.

Except for this; the moment I have serious amounts of money floating around in the system I’m not going to be carrying it all around with me. In the non BitCoin world I don’t carry my entire net worth on my person at all times. I don’t take the balance of my savings account into the shop every time I need to buy bread or milk. I have my money separated over a combination of bank accounts, liquid assets and other locations. 

Why would BitCoin be any different?

In this instance, my BitCoin set-up would shift to one that uses multiple wallets. My “day to day” wallet would contain a small amount of Coins needed for day to day transactions. This would probably be stored on my smart-phone and passworded for convenience. Sure if I lose the phone that I’m likely to have lost the contents but the same goes for a real world wallet and the amount stored would be negligible. 

I’d probably have a second wallet, protected by similar measures to those outlined above, stored on my computer for larger expenses (rent, etc.) which is much more secure. 

And the balance? Well that would be stored in a further wallet, heavily encrypted onto a hidden volume, possibly steganographically protected, duplicated onto a number of media cards which are stored in secure physical locations such as a home safe, safety deposit box or similar. 

To get at anything more than the BitCoin equivalent of pocket change, any wannabe BitCoin Bank Robber would have to overcome the physical security of these locations, the physical security of the containers (Newsflash: Houses are easy to break into … safes not so much, banks even less so!) and the digital security applied to the same. At this point it’s much more likely they’ll just nick my telly and call it off as a bad job.

So has BitCoin ever been hacked? No! The biggest so called BitCoin hack was actually a result of lax personal security and poor passwords.

The Mt Gox hack shows that security isn’t a risk to BitCoin – stupidity is!

I’ll wrap up by saying that the above measures only work if you use strong passwords / phrases to protect your data. I do not adhere to the tinfoil hat wearer’s view that the NSA has back doors into AES and similar encryption standards. Seriously? that stuff has been very heavily analysed by some very, very clever people. Yes quantum computing may change the game a little but by the time such technology is available to break encryption, so to will new standards that will be resistant to such techniques.  

Finally I’ll caveat the entire post with one of my favourite computer security quotes:

“The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it.” – Gene Spafford

Happy BitCoining!