General Security Notes on Bitcoin Programming

An important disclaimer we need to mention here is that in this appendix, we'll write programs that send and receive only a few pennies. The techniques and example discussed are useful for learning the basic concepts of Bitcoin programming but are in no way appropriate for writing programs that manipulate substantial sums of money. If you plan on writing serious Bitcoin applications, you'll need to do the following:

1. Learn the basic concepts from the sample programs in this chapter.

2. Use this knowledge to study and understand the underlying source code for the Bitcoin libraries used in this chapter.

3. Follow the forums used by the developers and other library users to stay current with any security risks involved when using these libraries.

Most important, be aware that we're using community-maintained source code in our examples; if a clever black hat hacker[1] manages to insert some rogue code into the official library repositories, he or she can steal all your money. Even if you understand the library code perfectly, you run the risk of jeopardizing the safety of your money. For example, as you're downloading this library code from the Internet, a black hat hacker has many opportunities to perform a man-in-the-middle attack[2] and insert rogue code into a doctored version of the library that is incorporated into your program. As a result, the hacker can steal all your money.

Additionally, as mentioned in earlier chapters, hackers can steal your bitcoins in many other ways that aren't specific to Bitcoin programming. In a few years, if the current popularity of Bitcoin continues, we suspect most computer viruses will include code that immediately empties any Bitcoin wallets they find.

The bottom line is that you need to understand the grave risks your money might be exposed to if you plan on creating more advanced Bitcoin programs; you'll be able to safely protect your money only if you have a comprehensive and firm understanding of Bitcoin technology that goes beyond the introduction we give in this chapter. Please proceed with caution!

Some Upbeat Notes on Bitcoin Security

Now that you've endured some fire and brimstone to prevent you from losing money, we'll point out a few facts that should make you feel confident about Bitcoin security:

• The core Bitcoin network has so far maintained a record of almost

perfect security. Most of the security risks involved in using bitcoins are due to careless acts that people executed on their own computers and could have been avoided.

• Despite the risks we've discussed so far in this chapter, established programming practices exist that mitigate all of these risks. You will be able to write secure Bitcoin software if you study this book, follow general guidelines on secure software development, and keep up-to-date on the latest security concerns discussed on Bitcoin development forums.

• As you are learning to write programs that use bitcoins, make sure you use a computer that doesn't contain Bitcoin wallets with substantial amounts of bitcoins in them. By doing so, you can learn to write Bitcoin software and avoid any dangers: You can't accidentally lose bitcoins (or have them stolen) on your development machine if you store your coins elsewhere.

  • [1] Black hat hackers, as opposed to white hat hackers, are hackers who have no moral qualms about profiting from and harming their targets.
  • [2] If you don't understand what a man-in-the-middle attack is, first, be aware that almost anything you do on the Internet is at risk of this assault, especially if you're connecting from a public Internet connection you don't fully control. Second, stop reading this chapter now and immediately read the Wikipedia page on this subject at Man-in-the-middle_attack.
< Prev   CONTENTS   Next >