|
Title: [Tech not FUD]So is crypto dead ? (at least for now) Post by: thenoblebot on February 10, 2014, 02:20:14 PM No seriously.
With the transaction malleability problem that has come up with BTC withdrawals, will it force people to stop transacting at least for the time being ? Specially given that now its well known, I am sure there would be a lot of people who would change the hashes of their transactions and send them to well known pools, resulting in what I think more aptly describes the problem as - "double(or more) withdrawals". Will things (the withdrawals from exchanges) be put on hold till this is patched by the core devs ? Of course financially it is going to cause mayhem as it already is. Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: subvolatil on February 10, 2014, 02:37:56 PM No seriously. With the transaction malleability problem that has come up with BTC withdrawals, will it force people to stop transacting at least for the time being ? Specially given that now its well known, I am sure there would be a lot of people who would change the hashes of their transactions and send them to well known pools, resulting in what I think more aptly describes the problem as - "double(or more) withdrawals". Will things (the withdrawals from exchanges) be put on hold till this is patched by the core devs ? Of course financially it is going to cause mayhem as it already is. Ok firstly this is a very old known problem, Secondly it effects those sites doing transactions that are not managing their transactions properly. Mutating transaction may be a bit harder than you may think. It is a problem on the bitcoin protocol. But it is one that can be resolved, this is not a fundamental problem, Mt. gox is using this as an excuse and crying like a baby. In short The fault is at Mt Gox side for faulty implementation of the wallet. All Mt gox had to do was to implement a code on their side to track a mutant transaction. Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: thenoblebot on February 10, 2014, 02:55:53 PM Ok firstly this is a very old known problem, Secondly it effects those sites doing transactions that are not managing their transactions properly. Mutating transaction may be a bit harder than you may think. It is a problem on the bitcoin protocol. But it is one that can be resolved, this is not a fundamental problem, Mt. gox is using this as an excuse and crying like a baby. In short The fault is at Mt Gox side for faulty implementation of the wallet. All Mt gox had to do was to implement a code on their side to track a mutant transaction. I'm not just talking about Gox. This is a well known problem for sure. But as an attack vector today someone (more aptly a group) could just decide to use the same strategy to bring the system to a halt. I'm kinda sure (not statistically speaking because there is no data to back such things) that most exchanges use txid to track transaction. It has been the way for quite sometime. So if I wana get an exchange to stop (and assuming most exchanges use the above approach - its not a naive assumption to make ) : I start withdrawing, change transaction sigs (yea it maybe harder but with such stakes involved will only make it easier) , mutating the transaction, resulting in a different hash and there you have it .. transaction malleability. The particular exchange is in serious trouble. Now I don't discount the fact that other exchanges who do this right will get away even after such attempts. BUT What amazes me is why have there not been attacks using such an attack vector ? Or maybe I missed it somewhere .. does anybody know of such attempts in the past ? Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: thenoblebot on February 10, 2014, 04:12:49 PM As for Gox - I mean those guys are MAJOR ^%*&%* &%(^ %%*&%*& ^%%& (ad infinitum).
Bad for the community and full of crap. They are making this an excuse even though that guy fucking maintains the wiki and the problem has been there since 2011. So they are just blaming the protocol for their shit. Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: subvolatil on February 10, 2014, 04:24:47 PM Ok firstly this is a very old known problem, Secondly it effects those sites doing transactions that are not managing their transactions properly. Mutating transaction may be a bit harder than you may think. It is a problem on the bitcoin protocol. But it is one that can be resolved, this is not a fundamental problem, Mt. gox is using this as an excuse and crying like a baby. In short The fault is at Mt Gox side for faulty implementation of the wallet. All Mt gox had to do was to implement a code on their side to track a mutant transaction. I'm not just talking about Gox. This is a well known problem for sure. But as an attack vector today someone (more aptly a group) could just decide to use the same strategy to bring the system to a halt. I'm kinda sure (not statistically speaking because there is no data to back such things) that most exchanges use txid to track transaction. It has been the way for quite sometime. So if I wana get an exchange to stop (and assuming most exchanges use the above approach - its not a naive assumption to make ) : I start withdrawing, change transaction sigs (yea it maybe harder but with such stakes involved will only make it easier) , mutating the transaction, resulting in a different hash and there you have it .. transaction malleability. The particular exchange is in serious trouble. Now I don't discount the fact that other exchanges who do this right will get away even after such attempts. BUT What amazes me is why have there not been attacks using such an attack vector ? Or maybe I missed it somewhere .. does anybody know of such attempts in the past ? Well i have never heard of this being used to attack a exchange or a processing site. but the problem here is that this can be only used once. and then it wont work. the attacker also needs to have a same amount of btc in the vault to do this attack, so i guess if i was an attacker, i would not risk my btc on a attack that may or may not work. Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: thenoblebot on February 10, 2014, 04:49:03 PM Well i have never heard of this being used to attack a exchange or a processing site. but the problem here is that this can be only used once. and then it wont work. the attacker also needs to have a same amount of btc in the vault to do this attack, so i guess if i was an attacker, i would not risk my btc on a attack that may or may not work. Well if I was the attacker then this is how I would go : 1) Buy some btc with cash 2) Try to withdraw it using malleable transactions 3) Claim I have not received it and try to get them to send it again 4) Repeat steps 1-3 using different ips and accounts using small amounts so as to make the trace hard to detect. Attack successful. If not get more than the amount of BTC I should get, it will at least bring the exchange/processor to a halt. Win win win !! Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: techguy on February 10, 2014, 05:03:49 PM Here are the responses from Gavin Anderson & Greg Maxwell about this issue.
https://bitcoinfoundation.org/blog/?p=418 http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitcoin-core-developer-greg-maxwell-responds/ Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: thenoblebot on February 10, 2014, 05:17:53 PM Here are the responses from Gavin Anderson & Greg Maxwell about this issue. https://bitcoinfoundation.org/blog/?p=418 http://www.cryptocoinsnews.com/2014/02/10/mt-gox-blames-bitcoin-core-developer-greg-maxwell-responds/ Yea I read Greg Maxwell's response. Makes sense, thats why the (added) outburst against Gox above. I still think the above attack could be successfully executed. Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: thenoblebot on February 12, 2014, 06:01:04 AM Can anybody here tell me how the attack based here https://bitcointalk.org/index.php?topic=458608.0 (https://bitcointalk.org/index.php?topic=458608.0) (more specifically the update section highlighted ) is not being carried out as presented here http://www.coindesk.com/massive-concerted-attack-launched-bitcoin-exchanges/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CoinDesk+%28CoinDesk+-+The+Voice+of+Digital+Currency%29 (http://www.coindesk.com/massive-concerted-attack-launched-bitcoin-exchanges/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CoinDesk+%28CoinDesk+-+The+Voice+of+Digital+Currency%29)
I tried explaining a day before but to no avail. Can anybody tell me if I am missing some piece of logic here ? Or is one of the devs just acting crazy with me ? Title: Re: [Tech not FUD]So is crypto dead ? (at least for now) Post by: thenoblebot on February 12, 2014, 07:53:32 AM Anybody ?
|