|
Title: Attack on/with Sign Message feature in bitcoin-qt? Post by: Andreas Schildbach on July 10, 2012, 03:12:05 PM Bitcoin-qt offers a "sign message" dialog. It contains the warning
"Be careful not to sign anything vague, as philishing attacks may try to trick you into signing your identity over to them." Can anyone give an example how such an attack would look like? I currently don't understand why this feature is present in bitcoin-qt (sending messages is something I use eMail or Jabber for) and also which attacks are possible because of this feature. Title: Re: Attack on/with Sign Message feature in bitcoin-qt? Post by: nimda on July 10, 2012, 04:01:08 PM currently don't understand why this feature is present in bitcoin-qt (sending messages is something I use eMail or Jabber for) and also which attacks are possible because of this feature. Bitcoin relies on public-key cryptography. It makes sense for the client to offer a way to prove address ownership.Title: Re: Attack on/with Sign Message feature in bitcoin-qt? Post by: drakahn on July 10, 2012, 04:10:32 PM Bitcoin-qt offers a "sign message" dialog. It contains the warning "Be careful not to sign anything vague, as philishing attacks may try to trick you into signing your identity over to them." Can anyone give an example how such an attack would look like? I currently don't understand why this feature is present in bitcoin-qt (sending messages is something I use eMail or Jabber for) and also which attacks are possible because of this feature. type of attack : you sign a vague message like "This is 100% me" for "PERSON A" and now "PERSON A" can just copy that message and post it claiming to own your address, so something less vague like "I am Goonie [some other details] and i own the address [address]" ... so its only useful to the person said details fits to Title: Re: Attack on/with Sign Message feature in bitcoin-qt? Post by: Meni Rosenfeld on July 10, 2012, 04:16:47 PM I currently don't understand why this feature is present in bitcoin-qt (sending messages is something I use eMail or Jabber for) The feature is there to allow people to prove that they are the owners of a specific address.Can anyone give an example how such an attack would look like? An attack would essentially require the combination of1. A negligent service provider, C, requesting signing a random code to prove ownership. 2. A negligent customer, A, willing to sign arbitrary data. 3. An attacker, B, in a position to convince A to sign a message. The attack will allow him to usurp A. The attack goes more or less like this: B to C: Hi, I just sent you payment from address X, I want a pink pony. C to B: Sure, but first you need to prove that you own address X. Please sign the following - "fkj32yf7834hfzjkh". B to A: Can you please sign this for me? "fkj32yf7834hfzjkh" A to B: Here you go - "xnjkxyh3789dfy2389fhk" B to C: The signature is "xnjkxyh3789dfy2389fhk". C to B: Thanks, pony sent! How the attack would be thwarted: B to C: Hi, I just sent you payment from address X, I want a pink pony. C to B: Sure, but first you need to prove that you own address X. Please sign the following - "I want C to send me a pink pony". B to A: Can you please sign this for me? "I want C to send me a pink pony" A to B: Wait, what? I don't want a pink pony. |