|
Title: Defeating MITM attacks through Paypal Post by: Shadowfax on July 06, 2011, 06:36:02 AM Looks I can only post in the noob forum :( Reading the funny thread with Foodstamp and the grief he's caused, it surprised me how easy it was to execute a man in the middle (mitm) attack. In order to overcome this, the seller accepting paypal has to know he is giving his bitcoins to the same address the paypal is coming from, and the mitm succeeds because he doesn't have to provide a paypal account, which may be traced. So basically my idea is, for every transaction, you get a new receiving address, take the first 10 digits of it, and register that as a one time use email address and associate it with paypal. So for example you would create y2fQ63m05kPVjohndoe@gmail.com and then email the seller
"Hey, send me 10btc at address y2fQ63m05kPV........... I just sent you $15 from y2fQ63m05kPVjohndoe@gmail.com" If the seller were being scammed, the email he could see in paypal would not match up with the address he was being told to send coins to, and would not complete the transaction, hopefully refunding the paypal to the unknown victim, or emailing the victim directly. The buyer would then transfer the 10btc to a new wallet and get a new email address for the next transaction. If he kept the same one, an attacker could register y2fQ63m05kPVjohndoe@yahoo.com and use it for a future attack. Thoughts? Title: Re: Defeating MITM attacks through Paypal Post by: Maged on July 06, 2011, 07:38:08 AM Seems unnecessarily complicated when both side could simply email each other for verification.
Title: Re: Defeating MITM attacks through Paypal Post by: Shadowfax on July 11, 2011, 11:02:03 PM If it's just a regular email, the man in the middle will be able to impersonate the buyer perfectly. He can use a throwaway email and never look back, no info about him to trace.
|