Transcript for #bitcoin-dev 2017/12/10

01:21 eck if you set up rpc auth, you can force the requests to be authenticated
01:22 eck there's a script called share/rpcuser/ in the bitcoin source code, run that and it will generate a password for you and an rpcauth line you can put in your bitcoin.conf
01:24 eck that said, if you are using the wallet functionality of bitcoind it's probably wise not to expose it to the internet, even if you have rpcauth enabled
16:38 cd0x23 anyone have an idea how services like coinbase that don't let you access your private keys, handle keys on their end? (key generations, transactions etc.)
20:11 eck cd0x23: a lot of that is proprietary, but i know a little about what some of the exchanges are doing
20:11 eck a number of the exchanges use bitgo, which basically sells bitcoin key escrow as a service
20:12 eck coinbase does not, they have their own in house system but i don't know the details of how it works
20:12 eck the really big exchanges are using hardware security modules
20:13 cd0x23 @eck oh I did not know such services as bitgo existed, I just assumed everyone used HSM's
20:14 eck one of the major threats for exchangs, the biggest IMO, is that an internal rogue employee could try to steal the private keys
20:15 eck to protect against this you need to use multisig wallets so one person can't walk away with the funds
20:16 cd0x23 eck do you know if the standart way to handle keys is hierarchical deterministic wallets for such services as coinbase?
20:16 eck i do not know
20:17 cd0x23 eck thanks for all the input though, appreciate it