8 Lines of Code Redux: Bitcoin and Mt. Gox
You don’t have to move mountains to have great password security. As suggested in a previous post, it can start with as little as 8 lines of code.
This week, a Bitcoin exchange site called Mt. Gox suffered a data breach. How this happened is still the subject of intense debate, but we’ve already learned some very interesting things just by looking at the 62,000+ passwords that were leaked.
We can tell, for instance, that Mt. Gox originally attempted to secure their users’ passwords using only md5() hashing. At some point, realizing the folly of this approach, they retrofit their code to upgrade the hashing mechanism, salting each password individually and storing the salt with the hashed password. This is very similar to the recommended approach described in this article nearly 6 years ago. Mt. Gox did a lot of things wrong, but at the very least they managed to protect the bulk of their active users against the breach and leak. Kudos to them for that.
The incident also highlighted a lesson we seem to learn over and over again: developers should never roll their own security measures. As a matter of fact, threads like this one and this one on the Hacker News forum contains a disturbing number of comments that reveal how little the average developer understands about the fundamentals of encryption. The typical Hacker News commenter either works for or wants to work for startups like Mt. Gox. In other words, these are developers who may be working on the authentication systems of sites you visit now or will visit in the near future. I find this terrifying.
And then there’s the the lesson that “8 Lines of Code” might not be nearly enough, but in an unexpected way. Although many have correctly pointed out that the security of Mt. Gox (the site) is independent of the security of Bitcoin (the currency), it’s also true that most people won’t understand the difference at this point. In this day in age, trust is the real digital currency and with each careless breach, potential economic growth drivers are disabled bit by bit.