That's an easy way to dodge a question you don't know the answer to. I'm still waiting to hear why the bitcoin market would defy basic economic principles.

I think it is wrong to expect the bitcoin developers to apply even a small layer of security to the wallet file.

Things are very clear - by default the wallet is totally unsecure , it is the user's job to secure it to your standards. Same as any other "cash".

It is certainly not in the developer's interest to implement any half-effort at security, such as wallet encryption. if they were to do so almost no-one would take the recommended additional precautions, and then they'd blame the devs when they eventually get hacked.

An encrypted wallet would require you to enter a password before you were able to access your private keys. This means that anyone with access to your system would only be able to access an encrypted wallet unless you specifically unlocked it.

In the current example, the more popular bitcoin gets the easier it will be to steal wallets. Every virus/trojan/freeware tool instead of turning computers into a botnet will just look for a wallet.dat file and grab it if it's there. If they get lucky and find some coins it's free money that the owner isn't protecting.

It's like if you had a file on your desktop that contained your paypal username and password, except bitcoin doesn't let you reverse a transaction

couldn't they just keylog your wallet password just like any other password.

yes, which is why many suggest you keep the bulk of your coins in an encrypted wallet on a linux computer disconnected from the internet, and only connect when you are transferring coins you want to spend/sell out of your 'savings' wallet and into a 'checking' wallet on another computer, which you spend from

some have suggested using a virtual machine, but a vm only protects the host from the guest, it doesn't protect the guest from the host. so if you had your savings wallet on a linux vm, if your windows host gets a trojan that can access the virtual hard drive of the vm through the host, and inject a keylogger or steal the wallet if unencrypted.

this is much less likely that searching your computer for a wallet.dat

there are different levels of security, and at an absolute minimum you should have only an encrypted copy of your wallet.dat on your computer, as well as having it backed up somewhere

The scary thing here is they can just copy the wallet, delete any trace they ever accessed your system, and if you ever put coins in the wallet in the future, they can access it. It's really set up extremely well for thieves.

The trouble is, it's extremely difficult to actually set all this up, when it could very easily be done automatically by the client. It's the typical Linux hacker mindset. Why make something easy to use for non-savvy people when you can work on something else? Look at all the hoops to jump through, set up a completely different PC that is not connected to the network just to store my wallet. It's absolutely terrible.

BTW, I have seen almost this piss-poor level of default security at at least one poker site. There was a site that had a file that was stored on disk if you saved your password automatically. The file wasn't plain-text, but it was trivially easy to crack since it was a 1-1 conversion. I think it just shifted each character by 20 or something ridiculous. It would have been super easy to give people a "Poker Tracker"-like program, but actually just steal their username and password, drain their account, then move on. But you can be traced where that might be sending it to, where it came from, and the site could easily reverse transactions. Bitcoin doesn't have even a trivial level of encryption on the file, and is irreversible (and this is considered a feature!). The thought is "we make the framework, someone else will eventually make things safe". I'm not sure that kind of approach makes sense for the most basic security, though. You should make things safe, especially when dealing with money, then worry about other things.

I have a feeling that LulzSec might start heavily targeting early Bitcoin users and getting a ton of coins and dump them into the market to get their money, and also get their lulz from destroying the market. That's actually the biggest threat I see to the currency in the next 3 months.

Completely agree. Something as simple as an "Open Wallet" option inside the client, and without clicking it your wallet would remain encrypted. In addition a button that allows a user to find their encrypted wallet on disk so they can back it up, etc

ugh completely disagree. giving the illusion of security is far worse than having none and telling people there is none and they should take care of it themselves.

No one is saying just create an illusion.

Just create *some* so it at least becomes somewhat a challenge to steal wallets. Or at least make it easier for people to do things *really* securely if they need to. Seriously, creating a separate isolated computer for just keeping things secure? GMAFB.

Who tells people they are insecure? We are talking about actual users, not nerds or miners. If someone says "Check out bitcoin. I'll send you some coins" there is very little in the way of a "how to."

We basically expect all users to pour through forum posts and potentially outdated wiki pages trying to glean knowledge about what bitcoin is and how it works.

I consider myself very computer savvy and I was 2-3 days into my reading before I learned about properly securing my wallet.

altough I agree with dave it's not bitcoins devs fault at all, but because they haven't created another devs team responsible for client/user side of things it may significantly slower down the popularity of the whole project. It's like it was with linux few years back. It was used by an IT experts/geeks in it's early days for a reason. There has to be another team focusing on a security+user friendliness. Yes, it's not BCs devs problem, but it affects the whole project if there is nobody focusing on it imho.
Oh, and majority of non-IT ppl (doctors/lawyers etc.) use brains but have no clue about computers. If they see that BC is not secure at all to start with (+use your brain to find out how to make your bitcoins secure) they'll say fk it.
If they have 500k$ worth of cash, they go to bank or whatever and bank figures it out for them. They don't waste their time to find out which safe is good, how many guards they need in their basement, what guns are best to protect it etc. It's not their profession. They hire a company/ppl who are trained to protect their money. Same here. I think, eventually, BC clients will include security options. Market will decide which is the best and everybody is happy.

new version of bitcoin out
http://forum.bitcoin.org/index.php?topic=16553.0

says encryption is a priority for next version.

not sure why having to type in a password or something at least to access the wallet hasn't been in there since day 1.

At Day 1, they were worth nothing. It would be like guarding your turds.

Clearly the Secret Service is not part of the Bitcoin development team:

For small amounts keep your computer clean. For large amounts make a savings wallet on an offline computer encrypt and backup securely delete and use the computer for horseporn if you want. For mad money that you need access to often just buy a damn $300 computer and use linux and don't do anything except bitcoin.

you guys should check out the namecoin project as well.

https://en.bitcoin.it/wiki/Namecoin
http://dot-bit.org/Main_Page
http://dot-bit.org/forum/index.php

The project's focus is the domain registration of .bit domains. the technology is similar to bitcoin. you can trade and mine namecoins, exchange them vs bitcoins etc...

The difficulty to mine and the price of namecoins are very low compared to bitcoins

Is this basically another p2p currency?

http://tav.espians.com/why-bitcoin-w...-currency.html

An interesting thought in the comments, what if each Bitcoin degraded in value? IE, 1BC each month (or whatever) loses 10% of it's value. Once it's at 10% of it's original value it is destroyed and is available to mine again. This forces trade and solves the problem of people losing coins out the system permamently through data loss.

I might be missing something, but this would be terrible. No storage value.

The price of one bit coin would instantly drop to $0, dunno why anyone would ever come up with something like that.

It could very slowly depreciate, I'm talking each coin depreciates independently, starting from it's date of birth (mining date).

Infact, couldn't the depreciation rate increase based on network health? If people are trading a lot, coins depreciate in value slower. If there is very little trading happening, coins depreciate faster to encourage trade.

I'm just thinking out loud I don't know how good an idea this is but it would seem to address a lot of problems/criticisms of BC.

its very closely tied to the bitcoin project and the exchanges are only trading namecoins vs bitcoins atm. However its not a bitcoin competitor as a currency, more like an additional project to control the registration and administration of .bit domains.

But some market participants, e.g. miners can choose which market is more profitable to mine and shift their capacity if necessary. Investors on the other hand can choose to invest in bitcoins or namecoins.

IN conclusion: THe technology of both projects is very similar, but their goals are different.

It's a terrible idea, because bitcoin's price is the expected value of it. If you know your coin is worth more today than it is tomorrow, why would you even get one in the first place?

This is probably not what most people holding bitcoins want to see.
I dont get how they are not competing.