|
Title: This message was too old and has been purged Post by: Evil-Knievel on January 09, 2015, 02:37:00 PM This message was too old and has been purged
Title: Re: We should really think about adding Point-to-Point Encryption Post by: terrytibbs on January 09, 2015, 03:33:21 PM Regarding your second point: how would a malicious entity differentiate between normal transaction rebroadcasting between nodes and an original transaction being broadcast?
Title: This message was too old and has been purged Post by: Evil-Knievel on January 09, 2015, 03:39:49 PM This message was too old and has been purged
Title: Re: We should really think about adding Point-to-Point Encryption Post by: amaclin on January 09, 2015, 06:37:41 PM Quote If you sent an "inv" mesaage containing your transaction hash without receiving that same message before, you are the initiator. ... or you have another connection. for example through tor Title: Re: We should really think about adding Point-to-Point Encryption Post by: fabrizziop on January 09, 2015, 09:39:33 PM The problem with your idea is simple: Anyone who wants to monitor you can initiate a connection to you, and see if you broadcast the transaction first.
There are other issues, as a simple Diffie-Hellman key agreement is unauthenticated. It's trivial to MITM you and relay the communications with another client without you even knowing. You're assuming the attacker only has the ability to sniff packets and not alter them or get in the middle (or just connect to you!). Title: Re: We should really think about adding Point-to-Point Encryption Post by: amaclin on January 09, 2015, 09:48:46 PM Quote Anyone who wants to monitor you can initiate a connection to you -listen=0Title: Re: We should really think about adding Point-to-Point Encryption Post by: fabrizziop on January 09, 2015, 10:01:02 PM Quote Anyone who wants to monitor you can initiate a connection to you -listen=0Still, it's trivial to MITM a DH exchange. How are you going to authenticate people?. Via ECDSA signatures with their bitcoin addresses?. Title: Re: We should really think about adding Point-to-Point Encryption Post by: gmaxwell on January 09, 2015, 10:02:51 PM We have encryption: Use Tor. It's a strongly supported solution which addresses many privacy concerns that plain encryption cannot.
Quote diffie-hellman handshake Weren't you trying to sell your "crack" of ECC here some months ago?Title: This message was too old and has been purged Post by: Evil-Knievel on January 09, 2015, 11:08:42 PM This message was too old and has been purged
Title: This message was too old and has been purged Post by: Evil-Knievel on January 09, 2015, 11:11:01 PM This message was too old and has been purged
Title: This message was too old and has been purged Post by: Evil-Knievel on January 09, 2015, 11:46:39 PM This message was too old and has been purged
Title: Re: We should really think about adding Point-to-Point Encryption Post by: gmaxwell on January 10, 2015, 03:25:08 PM Gmaxwell, I studied the code, and noticed that the "version" message would include the "addrMe" field, which is populated from LocalAddrs, which again contains the own public IP (for example gotten from UPNP). Would that be a concern when using tor? If so, using Tor would be pointless. Study harder. It doesn't in that case. (And, even if it did make such a colossal goof the other advantages of using tor would still persist.).There is no feasible way to MITM diffie hellman. If you can do so, you will get all my BTC if you provide a working way. So you've flipped to the other side of wrong these days. MITMing a DH key exchange is trivial, you just _do_.Quote I should have mentioned that we need some kind of authentication. Authentication is basically all the complexity in a system, not something you just can wave away.Quote Similar to the way it is implemented in TOR. It's unclear of what you mean here; if you mean the way the tor network prevents MITM/sybil attacks between it's own participants; thats accomplished via centralized "directory authorities". |