Market Security

Discussion, Feedback, and Technical Support for the Timekoin Market hosted at timekoin.com
Post Reply
warmach
Posts: 404
Joined: Thu Jun 21, 2012 5:18 pm

Market Security

Post by warmach »

I'll be that guy that asks the security question... :shock:

Since all the funds for the market pool to a single account, how are these funds secured? I would at least expect that the private key for the market keys are not held on any public server.

Related to this, what is the security of the easy key system? That is the primary way that I send deposits to the market. This way opens the market to a man in the middle attack with attacker replacing market pub key with their own.
User avatar
KnightMB
Site Admin
Posts: 1019
Joined: Thu Feb 23, 2012 5:03 pm

Re: Market Security

Post by KnightMB »

warmach wrote:I'll be that guy that asks the security question... :shock:
Good :D
Since all the funds for the market pool to a single account, how are these funds secured? I would at least expect that the private key for the market keys are not held on any public server.
Market Server -> Server Pool -> Internet (peers, etc)
Market transmits withdraw request to server(s) that then relay it out to other servers on the Internet (Timekoin peers at that point). So while the private key might not be accessible, there is still the communication from the market server to the other waiting servers that do have the private key needed to build the transaction. Those servers have 1536 bit IPSec Tunnel between them and the Market because they are spread around the world at the moment.

Of course, all that security is one thing, if there was a bug in the Market where you could keep withdrawing over and over (like Mtgox.com :? ) then eventually the Market account would run out of funds and withdraws would not work since the protocol would not allow any double spends. The market limits withdraws to 1 per hour, so if the bug was happening, at least it would allow time for someone to notice. All the security in the world though is worthless without insurance to back it up, that is why the market account is just to allow escrow for members. Timekoin.com should have enough reserves to cover any loses of stolen currency should the worst happen (total breach).
Related to this, what is the security of the easy key system? That is the primary way that I send deposits to the market. This way opens the market to a man in the middle attack with attacker replacing market pub key with their own.
Easy key is really a convenience of use vs security of use. That is why the deposit page has both the easy key and the full market public key for those asking the exact same question. :)

Easy key is just a server that sits and stores new keys and answers key request. I have the password to get into for maintenance, but if I turned evil or someone broke in and found a way to control it, it would take some external monitoring to keep everyone alert about it. There are proposals to have those easy keys stored in the transaction history via the transaction message field so someone can spend 1TK and keep a key for a year for example. I think that is the best way to make the need for server no longer required, but working on one project at a time. :mrgreen:
Post Reply