HTTPS is more deeply insecure than just the CA infrastructure sucking. It requires you to keep the signing keys _online_, on a publicly accessable well know webserver, where they're maximally vulnerable to compromise. Practically any website of scale is run out of some colo, most of which have fairly poor plant security. Because of DOS attacks (I'd estimate) 3/4 of large Bitcoin sites have handed their SSL keys over to cloudflare... etc. Back to the CA infrastructure: Many CAs will issue a certificate to anyone who can place a file on a URL of the the domain in question of the CA's choosing. They fetch this file over HTTP, so anyone who can MITM a websever can get a certificate issued for the price of a few bucks and a few hours delay. The system is not just weak to state level attackers. It's stronger than nothing at all, but there is a good argument that its a false sense of security, and as a result I've been torn about if it would be good or not... Though in this case, the services we're using simply don't support it. (I've advocated it though: Even if user's overall security were ultimately decreased by using it, it shifts the spectrum of compromises to ones where the public will blame the victim (or the CA infrastructure) rather than "bitcoin", which reduces the ecosystem risk...) There there is a question of what you'd even be authenticating against. AFAIK, Bitcoin.org isn't formally controlled by any of active developers (I believe the domain is under Sirus' control). I mean, if you're just going to trust _any_ HTTPS site to obtain the data from, I'll drop my pgp key at the bottom of this message, and you can use the fact that you got my key from the forum to verify the keys in question.  (Theymos, why doesn't the forum profile stuff have a field for pgp keys?) I think Peter asked people to include their PGP key fingerprint on the slides for Bitcoin Conference. I think it's a good idea. Did anyone really do so? |
|
|
|
https isn't all that secure, for that matter, but it is better than nothing.
Anybody got a better idea?
HTTPS is not that secure. Fortunately we have _two_ different signature systems which are better than HTTPS which are in use. GPG signatures by Gavin's signing key, and gitian signatures. I opened a discussion here: https://bitcointalk.org/index.php?topic=310161.0So what is your comments for the use of PKI in payment protocol? For Gavin's key, how do I verify if I do not know him and do not have a web-of-trust? |
|
|
|
Then, tell me what is the probability that you see different PGP keys of the same person browsing http://bitcoin.org/en/development from three different locations from three different computers connected to different ISPs excluding your own PC? I assume it is lim(1/x) where x->ꝏ. Then write down the PGP public key you see in these three (four,...) paces and then come back to your PC, download the binary and check sums file using the links provided on the bitcoin.org site and verify both file's integrity. Voila. If you run this process over https, wouldn't it be more trustworthy? The fact that you use https to download the source from the github in no way authenticates the content. You could make the repository on a github that has very similar name. just try these two links: https://github.com/bitcoin https://github.com/bitcоin (in the second link I used the russian small letter 'o' instead of latin one) that's pretty irrelevant to our discussion because people shouldn't follow a random link on the web provided by an untrusted party. |
|
|
|
github is running on https
It doesn't support HTTPS for hosted sites, though. Is this relevant to the current discussion? The bitcoin source code is served over https: https://github.com/bitcoin/bitcoin |
|
|
|
How do I know "they" are THE THEY I trust? You are begging the question. With https at least some so-called "professional CA" have audited the authenticity of the identity.
The CA infrastructure only confirms that you got connected to the authentic site by its name and then the connection is got encrypted. The CA does not provide the authenticity of the information published on the site. Apart from CA there is the ISP hosting the bitcoin.org site that you have to trust a priori. The cryptographic algorithms behind the PGP are as strong as in any other area covered by our discussion. If you feel uncomfortable to trust all this, then you should not trust bitcoin sha256 PoW. Thus you should convert all your btc to fiat and quit. I am sorry I have nothing to add. I don't know why you mention cryptographic algorithms of PGP here. All educated bitcoin users assume it is reasonably secure. The only problem here is I can't verify the key. Anyone between me and the server can send me a fake key, and DNS hijack may direct me to another site. If the key is hosted on a https site, at least I know that the key is provided by the legit holder of bitcoin.org, assuming that all trusted CAs are not compromised, and the server itself is not compromised. (EDIT: also my computer is not compromised) Isn't this exactly the reason why the send-to-ip-address function in the very original Satoshi client was obsoleted? And now we are reviving it, relying on CA cert? |
|
|
|
I know how PGP works. But I don't personally know any of the devs so it is impossible for me to verify the authenticity of the keys, and I don't have a web-of-trust that would lead me to them.
You don't need to know them personally. If you don't believe the PGP public keys they posted on bitcoin.org site then you should not believe the correctness of the binary you could load over httpS using the link provided at bitcoin.org site. Then don't use bitcoins at all as you can't trust the whole system. How do I know "they" are THE THEY I trust? You are begging the question. With https at least some so-called "professional CA" have audited the authenticity of the identity. |
|
|
|
Most people, including me, are unable to audit the source code. I trust the people holding the bitcoin.org (ie. Gavin and other bitcoin devs) so I'm happy to use the binary (also with the fact that I believe some other people will try to compile and compare the binary). But how do I know the PGP public key is legit at the first place, if it is not linked to bitcoin.org in any way?
The bottom line, IMO, is to run bitcoin.org over https, and offer the binary hashes. The binary itself may be transmitted with http. A better way is to offer a torrent for the reference client (through https, of course).
Then please read about PGP and check this page: all devs PGP keys are listed there Edit: I updated the PGP description link to the more specific one, sorry for initial ambiguity I know how PGP works. But I don't personally know any of the devs so it is impossible for me to verify the authenticity of the keys, and I don't have a web-of-trust that would lead me to them. |
|
|
|
So you are trying to verify an unprotected file with unprotected message on the same site? And how do it know the PGP public key is legit? It just doesn't make any sense.
The best way, of course, is to download, audit and compile the source code. But most users won't be able to do this.
The message is protected by the PGP signature, thus you have to believe that the PGP infrastructure is not broken. This way you may be sure that the file you downloaded has been crafted by the person who signed the message. BTW, how do you believe that your bitcoin-qt (provided you inspected its source code) is not talking to the bot net which in turn aims to steal your bitcoins? Most people, including me, are unable to audit the source code. I trust the people holding the bitcoin.org (ie. Gavin and other bitcoin devs) so I'm happy to use the binary (also with the fact that I believe some other people will try to compile and compare the binary). But how do I know the PGP public key is legit at the first place, if it is not linked to bitcoin.org in any way? The bottom line, IMO, is to run bitcoin.org over https, and offer the binary hashes. The binary itself may be transmitted with http. A better way is to offer a torrent for the reference client (through https, of course). |
|
|
|
@jl2012, @dree12, although I would not argue that the MITM problem has place, I would like to ask you, what kind of OS you are using? This is a rhetorical question. Let's assume that many people are using Windows and - even more - they are using IE. Everyone knows that it has many flaws and security problems. So the average user installs some antivirus protection on his computer. But even the up to date AV databases are not guarantee 100% defense. Some time a new breaches found by malicious users and they produce a new viruses that are not identified by the present AV tool-kits for a while. Then let's imagine that one of these bad guys targets specifically at satoshidice and makes a virus that changes the content of the page displayed at client side, directly in the browser. Then it has no sense if the page have been received with http or with https. So, some times the use of https is an overkill that would lead to growing expenses at both sides - the content providers one and at the client as https ultimately disables any intermediate caching of the information transferred. The only way to protect yourself from unwanted financial loses is to double check the addresses you are sending your coins by all available means (browse blockchain, e.t.c), verify md5/sha1/sha256 check-sums and pgp-signatures usually attached to open source sw published in open repositories, e.t.c. For example, the download page of the bitcoin-qt reference client has a clear link to the signed sha256sums of the currently available version: http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.5/SHA256SUMS.asc/view : -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
84543f10de5e82ce6e88dd5a501db37c6327edf79a2a04f29199c24843e71f63 bitcoin-0.8.5-linux.tar.gz
c583260f59a5e31ba8f819ed91b992423da6893095c6a910877451d01492625e bitcoin-0.8.5-macosx.dmg
6f6b8fd68f56a8e700090267c53aa592b9c9e5c993f44c7be11ba9b87e1f92bb bitcoin-0.8.5-win32-setup.exe
169161d7a3270e221952f65ff276c649c5818bb9fc10059fd00a531343194b75 bitcoin-0.8.5-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
iQIcBAEBCAAGBQJSMlvWAAoJECnZ7msfxzDBwLsP/RMLxLW16uKFOl87fGDxuCj6
/4c6Z2xgTafb1qOGv9Jh89qfD2V0bmOq97ynrM9SwgW2A3qIYeEju2X3kP1cardM
Hs/mj6LkLuNxsJ65opDbVTPsfL3ztoakNv9v7Kw815/iALl4f7A+YpY1KxiTe+du
+qh14s1nG3I6VTyva6Z2zJbW9JDCvWcGWnbYtpRABszfWBic3/GL4+kjhn4Dj5ty
rHzClX2v8ARLqx/GkM2lLI8OD2yylishrKWIEb9I/Y6J3fyAYyf3S2HXvjG4RJIC
t0/phDZjxRs7FIW97zvSJC5yhlk3tcF5t2qrhpZ8ifek/0TUvar3bXGPripJ291N
YwXfgHNAAWDhiRf4tGHnh6+xn3p8oaFnsiqQpK55KCS/0i6R/fePckpVKHiK9Ptn
WjWisG2LVIyohqrOHRi1xT9VMhtUFcRNrMPp4ujNIrxKFMyRncSUiEtoDI4/dst1
3/WvRTKApr4kRH6sto0dQbLRozDTGZUJOT3vlkQUwrd3qbxuEiLDMfCaRSPSgDRp
pt3wC8t3LtHcPgFnw+ovMAebMJ50glkKh/hSA/ha+PNuuezPWYmGEIVtvwubm7Lu
HXxqQQ0WOW/eDLbxiH495911wgyIZvvt3x9fZZeBhrHS0iAgZ6YTVzV83bwLAoNn
0CgjFiWg+jl23CgpZKqv
=QovN
-----END PGP SIGNATURE----- Usually such a measure is enough to detect any tampered file. So there is no reason indeed to distribute it over https. So you are trying to verify an unprotected file with unprotected message on the same site? And how do we know the PGP public key is legit? It just doesn't make any sense. The best way, of course, is to download, audit and compile the source code. But most users won't be able to do this. |
|
|
|
bitcoin.org is hosted on GitHub, which doesn't support HTTPS.
github is running on https |
|
|
|
bitcoin.org is hosted on GitHub, which doesn't support HTTPS. For example, the Chinese government is notorious for DNS hijacking.
The Chinese government also controls several certificate authorities, so they can bypass HTTPS anyway. Okay, do you want to argue that https is useless and we should abandon it? Using https may not help us to defend against governmental attack, but it definitely makes hackers' life much harder. |
|
|
|
Wow, that's smart. SatoshiDICE should have done that when its competitors appeared. Had it offered 0% (or other super-low) house edge for a while, it would have retained its #1 share instead of losing it to Just-Dice and the other dice sites.
Yes, for btcchina keeping the #1 position is probably more valuable than the 0.6% fee (0.3% from buyer and 0.3% from seller) they charged. Now the whole bitcoin world (not just China) is talking about btcchina. This is priceless. Just not sure how long the the price war will last, but I'm sure some (if not many) new competitors won't survive and some users will get burnt. |
|
|
|
It's crazy how quick China can change things. I guess when you have 1.4 billion people... Another interesting graph:  Are there any Chinese on Bitcointalk (or Chinese speakers) who can provide insight into what's going on? I'm in Hong Kong and trading bitcoin on many different platforms, both Chinese and Western The volume spike in China is related to these reasons: 1. There is an ongoing price war in Chinese markets. Many platforms, including btcchina, the biggest and oldest one, have zero trading fee. Therefore it is a bit unfair to compare their volume with other Western markets. 2. Chinese BTC exchanges have the best integration with fiat transfer system. Taking btcchina, the biggest exchange as example. Users can transfer fiat from any major Chinese bank to the exchange instantly with zero fee. Therefore, depositing BTC is literally faster and cheaper than depositing bitcoin (as the user may need to pay 0.0001BTC as network fee, while depositing fiat is absolutely free). To withdraw, only 0.5% is deducted and in most cases it will arrive in 24 hours. No daily limit. No AML or KYC. All you need are accounts of any major Chinese bank and Tenpay (the Chinese version of Paypal). 3. The volume of some platforms are suspicious. I personally trust the volume figure of btcchina.com, bitxf.com, and rmbtb.com. Not saying that the rest are not legit, just I have never traded on them. The volume on btc100.org is high probably because they are giving share of the exchange to traders. btc008.com is a known and ongoing scam. 4. It is very difficult for Chinese people to obtain USD and wire to Western exchanges, so they have to pay premium in Chinese markets. Although it is easy for me to deposit to btcchina, I'm only buying at btc-e since the price is much lower. If I had to sell (but not now), I will definitely do it on btcchina. (This is the advantage of Hong Kong as we are the gateway between China and the rest of the world) With no fees, how are the exchanges earning money? Yes, they are operating like charity now. This is really the Chinese style price war. I think btcchina is still earning about 0.25%-0.5% from CNY withdrawal. Btcchina has earned a lot during the 2013 bubble so it may survive a while without any income. I guess their plan is to squeeze the small and new competitors to death. I still trust btcchina because of their track record. I will never trade on other free platforms as they can suddenly disappear. |
|
|
|
My post titled "Warning to bears: Big players in China" at February 2013: As some of you may not know, btcchina.com is now trading at 193.85CNY, or 31.1USD, while MtGox is trading at 29.7USD. It is 4.7% higher, and this phenomenon has lasted for at least 2 weeks. In December and January, it was always trading lower than MtGox. Please also look at the weekly volume chart of btcchina:  Five weeks ago, weekly trading volume in CNY suddenly doubled from 0.63M to 1.32M, making an all-time-high. More importantly, it stays at this level since then. Last week it doubled again, from 1.59M to 3.14M. Bitcoin has big potential in China: - 1. Hedging for serious inflation. The official figure is about 5%pa, and no one would believe that;
- 2. Money laundering for corrupt officials: China is one of the most corrupt country in the world;
- 3. Circumventing taxation: China ranks the second on Forbes Tax Misery Index
- 4. Circumventing foreign exchange control: It's difficult to move money in/out the country and obtain foreign currency. That may also explain why people pay more CNY to buy bitcoin because it's difficult to send money to Gox;
- 5. Gambling: Chinese are very obsessive in gambling. In 2011, Macau collected US$33.5 billion from gamblers, comparing with only US$4.5 billion in Vegas;
- 6. Big internet population, still with huge room of growth: There are 538M internet users in China, accounting for only 40% of the total population. In US, there are only 245M, and that's 79% of the total population (i.e. nearly saturated)
- 7. Bitcoin has very low popularity in China: The volume in btcchina is only 4% of Gox. It sounds bad, but that also means the growth could be more dramatic.
If Chinese big players try to get on the train, the momentum could be really tremendous. Don't bet on the wrong size. |
|
|
|
It's crazy how quick China can change things. I guess when you have 1.4 billion people... Another interesting graph: Are there any Chinese on Bitcointalk (or Chinese speakers) who can provide insight into what's going on? I'm in Hong Kong and trading bitcoin on many different platforms, both Chinese and Western The volume spike in China is related to these reasons: 1. There is an ongoing price war in Chinese markets. Many platforms, including btcchina, the biggest and oldest one, have zero trading fee. Therefore it is a bit unfair to compare their volume with other Western markets. 2. Chinese BTC exchanges have the best integration with fiat transfer system. Taking btcchina, the biggest exchange as example. Users can transfer fiat from any major Chinese bank to the exchange instantly with zero fee. Therefore, depositing BTC is literally faster and cheaper than depositing bitcoin (as the user may need to pay 0.0001BTC as network fee, while depositing fiat is absolutely free). To withdraw, only 0.5% is deducted and in most cases it will arrive in 24 hours. No daily limit. No AML or KYC. All you need are accounts of any major Chinese bank and Tenpay (the Chinese version of Paypal). 3. The volume of some platforms are suspicious. I personally trust the volume figure of btcchina.com, bitxf.com, and rmbtb.com. Not saying that the rest are not legit, just I have never traded on them. The volume on btc100.org is high probably because they are giving share of the exchange to traders. btc008.com is a known and ongoing scam. 4. It is very difficult for Chinese people to obtain USD and wire to Western exchanges, so they have to pay premium in Chinese markets. Although it is easy for me to deposit to btcchina, I'm only buying at btc-e since the price is much lower. If I had to sell (but not now), I will definitely do it on btcchina. (This is the advantage of Hong Kong as we are the gateway between China and the rest of the world) |
|
|
|
Many people don't realize the severity of this problem. SatoshiDICE also doesn't use HTTPS, so a MITM can change the addresses to whomever. Any Bitcoin business that displays addresses should be using HTTPS, and any client download website should as well.
The sites for Armory and Electrum are also not running on https I guess this is discussed somewhere else: who is holding and paying for bitcoin.org and bitcoin.net? Both were registered by Satoshi but bitcoin.net is now directed to a parking site and will expire in August 2016. I guess bitcoin.org is held by Gavin? |
|
|
|
|
I put this here because this is actually related to the security of the reference client.
Without https, MITM attack is really simple. For example, the Chinese government is notorious for DNS hijacking. Although the bitcoin-qt windows package is signed by bitcoin foundation, it is really easy to establish another bitcoin foundation inc. in another country and apply a legit cert for it.
Is there any reason not to run bitcoin.org on https, and host the binary of reference client on sf.net? It sounds quite irony as PKI is implemented in the payment protocol while the client itself is not properly protected by this.
|
|
|
|
This won't work because people use https, not http Actually, this could be done on a far simpler basis attacking individual users via a MITM attack. Here is your scenario:
1. Your ISP hires a dishonest worker. Let's call him "Mallory". (I say ISP, but this could happen upstream from the ISP, too, on the backbone).
2. Mallory prepares a hacked bitcoin client by downloading code anonymously from github, then adding his own special sauce and compiling.
3. Late at night, Mallory reroutes two cables in the server room, to put http requests through "Machine X" which is not on the ISP's logging system.
4. "Machine X" has URL rewriting code that watches for people trying to download the compiled bitcoin client, and redirects those requests
to a server where Mallory's fiddled version is served.
5. A hundred or so users (or a few thousand depending on how big the ISP is, or maybe half of all the downloaders for a few weeks if Mallory is at a backbone site) send an HTTP request for the client, and get Mallory's version instead.
6. These phony clients have most of a year to log your wallet-decryption passwords while acting as legit clients, then on June 14 they send three-quarters of your coin to Mallory's client. Meanwhile they continue to display the amount you had, so that you won't notice until you try to spend down to less than 75% of your previous balance, unless you go to blockchain.org and look up individual keys.
7. Mallory turns around the coin to buy untraceable goods, leaving it in the hands of honest merchants.
8. It will be at least two or three months before most of the victims notice.
This is what I'm offered to download when clicking through bitcoin.org. No HTTPS there. Oh, that's really bad. Even bitcoin.org is not https enabled. (but at least the package is signed by bitcoin foundation) |
|
|
|
Do you see the amounts? with a total of 4000 bitcoins for sale and bids for 10 000 (and this includes the ask and bids at 4x or 0.25 the value) , how can it even dream of a volume of 15k/day? Hm. The Chinese banking system is pretty fast. You don't need to have your money sitting around on the exchange waiting. Bitcoin is any ways. Btcchina seams pretty legit to me, sold there myself already. Can't say that for the other Chinese exchanges. I know it's legit , I know somebody who used them but that doesn't mean the numbers on their trading volume is real. Of course there can be bots doing this volume with the 0 fees but still , the market depth is not convincing. You can't compare apple (Western exchanges) with orange (Chinese exchanges) Just C&P from another thread: Another point most of you do not aware is that Chinese BTC exchanges have the best integration with fiat transfer system. Transferring fiat in and out is the biggest headache for many bitcoin exchanges (see MtGox). In China, however, it is completely painless. Taking btcchina, the biggest exchange as example. Users can transfer fiat from any major Chinese bank to the exchange instantly with zero fee. Therefore, depositing BTC is literally faster than depositing bitcoin.
To withdraw, only 0.5% is deducted and in most cases it will arrive in 24 hours. No daily limit. No AML or KYC. All you need are accounts of any major Chinese bank and Tenpay (the Chinese version of Paypal).
(However, this is China, which means the government policy could change overnight)
|
|
|
|
|
Show Posts
