Bitcoin Forum
June 17, 2024, 07:33:57 PM *
News: Voting for pizza day contest
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 »
321  Bitcoin / Armory / Re: Armory security on address reuse on: March 13, 2014, 08:29:48 PM
In theory, assuming no implementation errors anywhere in the software and hardware stack, the advantage of keeping the public key secret is negligible. In practice, using public keys only once means that large numbers of unknown vulnerabilities are off the table.
Fair point. I was indeed supposing that Armory was getting the basic cryptography right.
322  Bitcoin / Bitcoin Discussion / Re: Transaction reversability would be a BAD thing on: March 13, 2014, 08:23:37 PM
You could give the transaction an nLockTime, sign it, and send it to them. They then confirm receipt. When the nLockTime expires, they broadcast the transaction, and then dispatch your goods. If they don't confirm receipt, you create a new transaction that sends the same funds back to yourself. Then when nLockTime expires, it's too late, and the first transaction will be rejected as a double-spend.

That would be a way of accomplishing the main-in-the-middle defense part of what I proposed.  Difference is it is on a per-transaction basis instead of a per-address basis.
Which makes it more flexible. Wallet software could apply it to every transaction from a given address, if that was desired.

Quote
Quote
I'm not sure how their confirming receipt is any less able to be faked than their sending you their payment address in the first place....
Its easier to fake just one thing than two.  The same logic is behind 2 factor authentication.
Well, no. 2 factor authentication should mean two different kinds of things, such as a memorised password and a physical dongle; not one thing being an email and the other thing also an email (or web page, or whatever).

Quote
Just because one thing (the payment address) has been compromised doesn't mean everything else has been too.  If the receipt of payment came over a different channel, say a sms or email, that would make the deception harder to pull off.
If they can fake the web page, they can fake the email addresses on it and send emails that are, or pretend to be, from it. As I said before, the gain in security seems so marginal that it is not worth changing the protocol for. (You may be realising how difficult changing the protocol is. The Bitcoin community is quite conservative.)

Quote
Quote
...but that's also a problem with your new protocol.
In no way whatsoever do that have to do with my protocol suggestion, which is about bitcoin, and not for how one might go about verifying the authenticity of communication with another party.
Both new and old approaches have the same problem, of waiting for a second contact that isn't likely to be more secure than the first contact.

Quote
Quote
Your other scenario is someone hacking your wallet. One problem here is what do you set your reversible time to? If you set it to a short period, say 5 hours, you may not notice the hack quickly enough. If you set it for a week, the hack might happen when you are on holiday and you'll still miss it. If you set it for longer, then it becomes impractical to spend the coins normally because Overstock won't want to wait weeks for the transaction to become irreversible.
This is a logical trap you are trying to set.  You are in essence saying "options are bad, because how do you choose?".
I'm arguing that there is no good choice. The law of diminishing returns sets in too quickly. The benefit of, say, a 5 hour reversible period is minor - the hack can happen while you are asleep or distracted by work. The cost of having to wait 5 hours before an order is confirmed is quite high. Longer periods increase the inconvenience of waiting significantly, without increasing the security significantly. Plus there is now more complexity for vendors accepting bitcoin, and for users managing their wallet options.

Quote
 I appreciate that you read my proposal.
My pleasure. I am still new enough to Bitcoin that I enjoy thinking and writing about it. I think many of the old hands have run out of patience with this (general) topic.
323  Bitcoin / Bitcoin Discussion / Re: Transaction reversability would be a BAD thing on: March 12, 2014, 10:14:42 PM
Well you can't know your transaction was received by the intended recipient until you send it and they get it.  If you send some coins, and they are not received at the intended destination, you could potentially take corrective action.  Just waiting to send a transaction would not accomplish this at all.
You could give the transaction an nLockTime, sign it, and send it to them. They then confirm receipt. When the nLockTime expires, they broadcast the transaction, and then dispatch your goods. If they don't confirm receipt, you create a new transaction that sends the same funds back to yourself. Then when nLockTime expires, it's too late, and the first transaction will be rejected as a double-spend.

I'm not sure how their confirming receipt is any less able to be faked than their sending you their payment address in the first place, but that's also a problem with your new protocol.

Your other scenario is someone hacking your wallet. One problem here is what do you set your reversible time to? If you set it to a short period, say 5 hours, you may not notice the hack quickly enough. If you set it for a week, the hack might happen when you are on holiday and you'll still miss it. If you set it for longer, then it becomes impractical to spend the coins normally because Overstock won't want to wait weeks for the transaction to become irreversible.

In summary, the benefits of your idea over what we already have seem too minor to be worth bothering with. You can also get forms of reversibility by using escrow agents, and you can get defence against hackers by using insured storage (eg, Elliptic Vault).
324  Bitcoin / Armory / Re: Armory security on address reuse on: March 12, 2014, 09:34:35 PM
Can someone please point me to some information about this weakness?  What is the problem with SSL in relation to bitcoin, and how does address reuse affect it.
See for example, Ars Technica.

As I understand it, the approach is to install malware onto the PC that is doing the signing. This malware flushes the CPU's L3 cache, and waits, and then tries to access some code. If the code loads quickly, it means something else already used it. From this they deduce what code is running in the crypto-library, and from that they claim they can deduce the private key.

They mention needing "as few" as 200 attempts, as if each attempt extracted one bit. So if you only spend from a given address once, this attack doesn't get them very far.

I suspect it's not very practical in the real world regardless. Hopefully the libraries will be updated to negate it. We've been calling it the "SSL issue" because SSL is also vulnerable, and that's used far more widely than Bitcoin.
325  Bitcoin / Armory / Re: Armory security on address reuse on: March 11, 2014, 08:59:11 PM
Is armory safe to REUSE the same offline bitcoin address with regards to recent SSL library linux issues and transaction malleability?
Address reuse is not affected by transaction malleability.

The SSL issue is a valid reason to avoid reusing addresses. (Specifically, to minimise the number of times you spend from an address - you can pay into it as many times as you want.) However, it's arguably less of a danger than key loggers. Either way, if the transaction signing is done by an offline Armory wallet, it will be difficult for an attacker to get their malware onto the same machine, and then difficult to get the leaked key information off so they can use it. Basically, this attack is another reason to use Armory offline wallets.

I don't think Armory does anything to encourage address reuse anyway. It has a checkbox for "Use an existing address for change", but it's unchecked by default.

If armory users are not to reuse the address, do they need to create a new wallet?
No. Each wallet manages multiple addresses.

Quote
Offline you create an address, how do you know the future address?
The wallet will create new addresses in a deterministic way, so paying-in addresses for an offline wallet will be the same as those generated by its watch-only online version. So avoiding reuse is usually as convenient as allowing it.

Quote
Reusing the initial address is very convenient.
It can be, if you need a stable address to publish. Vanity addresses also get reused a lot. In those cases you don't much care about privacy anyway. If you need to reuse an address, feel free to do so.

Note that you can pay into an address as many times as you like without issue. It's only when you spend from it that the SSL attack comes into play, and even then it needs a lot of spends.

Quote
Also ELI5 why is a bad idea to reuse the address apart from privacy maybe?
Privacy and security.

The privacy can be over-rated. In practice, all the inputs and one of the outputs for a given transaction probably come from the same wallet. Knowing this, an attacker can link addresses together even if they are "new". To get reliable privacy requires more knowledge and effort than is usually worthwhile. On the other hand, why make it easy for anyone?

The usual security reason given is that paying into an address only releases a hash of its public key, and paying out reveals the public key itself. Revealing the public key gives an attacker a theoretical advantage. In practice not enough to matter, but again, why make it easier?
326  Bitcoin / Armory / Re: Feature request: word-based seeds on: March 10, 2014, 08:27:36 PM
I'd like this too. Essentially being able to use Armory as a brain-wallet.
327  Bitcoin / Bitcoin Discussion / Re: The 51% "attack" is a vote, not an attack - a call to developers of bitcoin on: March 10, 2014, 07:45:27 PM
Many are opposed to it because they see it as regulation.  But the regulation does not have to come from a judge or one so-called authoritative entity.  It can come from the votes of the community, i.e. miners.
The logic of a 51% attack not being an attack makes sense when we're talking about changes to the Bitcoin protocol, because that is a field where miners tend to be expert and have an vested interest. This logic does not apply voting as to whether coins are stolen. To establish theft ought to need days in court, evidence, a judge well-versed in law, and an attentive jury. Miners aren't going to be up for that. Their votes will based, at best, on little more than prejudice and what hearsay they may have read on the internet. (No offence, guys.)

Regulation is only one issue. Another is that part of Bitcoin's USP is that transactions are irrevocable. The mere possibility that the coins you paid me with might be taken away from me, or frozen, for any reason, would undermine the protocol even if the feature was never actually used. Therefore I confidentially expect most miners would vote against adding infrastructure to freeze coins. Even talking about it would undermine trust, if there were any chance you'd be taken seriously.
328  Bitcoin / Bitcoin Discussion / Re: The one hurdle that will kill Bitcoin (and any other altcoin) on: March 10, 2014, 02:37:19 PM
Yes they could legalize it, but ,in that case, very likely Bitcon will be taxed and regulated to death anyway.
I think they will tax and regulate it, and that won't kill Bitcoin. Why should it? It doesn't kill cash. When a company pays in bitcoin, that payment will be on their books and available to auditors. Salaries paid in bitcoin will be taxed at source. It'll no more evade tax than perks like company cars do.

We'll have bitcoin credit cards, and that will be an improvement because it will be more secure. Currently to pay with a CC the information you give to the merchant is the same info they could use to steal from you. With bitcoin, making a payment does not involve giving the merchant your private key. It's better.

We'll see things like payment processors and charge backs layered on top of the core protocol. I think they'll be optional. If you want the extra consumer protection that the CC charge back system gives you, it should be you who pays for it, not the merchant.

It will be interesting to see which of the benefits of bitcoin turn out to be due to "cutting corners" on things like consumer protection, which are due to efficiencies such as re-using the internet infrastructure, and which are due to avoiding fat-cat monopolistic self-serving policies of credit card companies and banks.
329  Bitcoin / Bitcoin Discussion / Re: Can someone school me on wallets? on: March 10, 2014, 02:19:52 PM
So, I mean if I use the Armory paper thing do I really need to unplug my PC from the internet or is that kinda overkill?
It's safer to have two machines, one of which is never connected. Having one machine and unplugging it occasionally wouldn't add much safety.

Having a second, unconnected computer makes it harder for that computer ever to be infected by a keylogger; and if it is, it makes it harder for the hackers to get any information out. Whether this is over-kill depends on how much bitcoin you have. Arguably, you shouldn't hold more than you can afford to lose, in which case you may not need to bother with extreme precautions. Some people are betting big on bitcoin, and for them spending some money on a cheap notepad or similar, plus the hassle of ferrying a USB stick between devices, is worth the security.

(I've heard of people having a single PC with a dual boot to a second O/S, where the second O/S is offline. I guess that's an improvement over a single connected wallet, but without an actual air-gap I'd be concerned that the offline O/S would use the shared hard disk to communicate key-logger information to the bad guys.)
330  Economy / Service Discussion / Re: MTGOX Statement *NEW MAR 3RD* on: March 03, 2014, 10:22:53 AM
So the hack took place between 1 Feb 2014 and 6 Feb 2014 (6 Feb is I believe when btc withdrawals were halted at Gox). During less than a week 850,000 were stolen.
I read them as saying that's when they discovered the loss, but the loss itself might have happened earlier. Basically, they saw a lot of failed transactions, investigated and discovered the cause was transaction mutability and that it could have caused coin loss, investigated some more and realised they'd lost vastly more than those recent failed transactions.

And they don't know how the losses happened. Though they want to blame transaction mutability for the big losses, that's just a guess, and they seem aware it doesn't account for the loss of fiat money that has also happened. They mention "a variety of causes".
331  Bitcoin / Bitcoin Discussion / Re: POLL How do you store your coins? on: February 21, 2014, 02:16:52 PM
Does "online" mean a website? Or does "offline" mean cold storage?

I use Armory as hot storage, so I checked "other".
332  Bitcoin / Bitcoin Discussion / Re: Anonymity on: February 21, 2014, 02:11:04 PM
First thing that springs to mind is how would you prove that the BTC have been stolen in the first place ?
The usual ways. If I pay for a product in BTC, and the product doesn't get delivered, then the fact that I paid to the correct address can be proven, and proving non-delivery is the same as in non-bitcoin transactions.

Quote
Next - the value of the stolen BTC may be worth less in GBP than "legit" BTC - but then again why would they ?
For the reason I explained: because there would be restrictions on what could be done with them that wouldn't apply to non-stolen BTC. (Not now, but in a future where bitcoin is regulated by governments.)

Quote
But the main question is - how would anonymity of BTC transactions protect you at all in the event of theft ?
Did you miss the point made by marcus_of_augustus : "In the realm of digital money it must be untraceable to be fungible" and anonymity being a consequence of being untraceable.

To go back to you original question and take a different direction:
How will the anonymity of transactions benefit the average Jo (who probably won't have 2 bits to scratch his arse with anyway) ?
Let's imagine that he protocol required every bitcoin address to be registered to a verified real-world name. Completely non-anonymous. Then everyone could tell, from the block-chain, where you spent your money. They'd know which supermarkets you used, whether you frequented pubs and off-licences, how much you spent at the chemist, whether you paid for porn. They could infer a lot more, such as whether you likely had a mistress across town. It would be a massive invasion of privacy.

I doubt a public block-chain would be acceptable to most people if it weren't anonymous.
333  Bitcoin / Bitcoin Discussion / Re: Anonymity on: February 19, 2014, 11:27:45 PM
Blacklisting will not happen and will not work and will not be accepted by anyone.
I'm not disagreeing. Just elaborating on marcus_of_augustus point about fungibility and traceability.
334  Bitcoin / Bitcoin Discussion / Re: What bitcoin is for you ? on: February 19, 2014, 11:11:54 PM
What if pools apply an equivalent distribution of bitcoin between each members ? Why not ?
It costs money to mine, so there needs to be some compensation specifically for miners.

Quote
Where is it better than a banking system ?
One reason is that it allows permissionless innovation. Another is that it strips out a lot of the overheads. A third is that it decentralises. A (related) fourth is that it reduces the need to trust institutions. It reduces the power of governments and banks, and that's good, because power corrupts.

Quote
It's very naive and conceptual but your response interest me.
Mostly I see it as the next monetary system. I think crypto-currencies will be successful, and that Bitcoin is the crypto-currency most likely to "win". I'm aware of non-monetary applications, but they just don't seem as pressingly important.
335  Bitcoin / Bitcoin Discussion / Re: Anonymity on: February 19, 2014, 10:45:29 PM
The idea being that if I (Practical Dreamer) deposit 2 BTC to Wikileaks, and its traceable back to me - then those 2 BTC then become worth a different amount (less) on the open market than they would if they had been 2 BTC transferred from the Queen of England to Barack Obama ??
 How does that work ?
Suppose instead that if you steal 2 BTC from me, that I can report the theft and get those coins black-listed, meaning they cannot be converted into pounds sterling (my jurisdiction): then those coins become worth a bit less. Even more so if Britain shares its blacklist with Europe and America. We can imagine a world in which most miners are required to refuse to accept transactions involving blacklisted coins, and where the "dark" miners that accept them also charge higher transaction fees.

That is the kind of evolution of Bitcoin that some governments seem to think is desirable for purposes of preventing money laundering. That is, to make it harder for wrong-doers to profit from their crimes. They may legislate to that end, and require miners and exchanges within their jurisdiction to conform. It would mean bitcoin would be less fungible.
336  Bitcoin / Bitcoin Discussion / Re: bitcoin is failing in replacing fiat in physical shops on: February 19, 2014, 10:25:48 PM
No one in his sane mind will devote "mining" for the sake of the Bitcoin network. It is a cost intensive operation and without a prospect of profit it is meaningless.
They will get the mining revenue. If you accept that some people will mine for profit, surely it makes sense that others will mine for profit and to help secure the network?

Quote
Moreover, others are already in control of a big chunk of the network. So "mining" is not going to mitigate any risk because the final cost for the sellers are going to be higher than the expected benefit.
The more honest people mine, the harder it is for dishonest people to get a significant fraction of the network. I think (and hope) we'll return to the original vision of a large number of miners, each with a small fraction of the network; but instead of the myriad miners being fan boys early adopters running mining rigs in their bedrooms, they will be corporations and governments. And this will happen because as those corporations and governments increasingly depend on Bitcoin, they will also look into mining and see it as a strategic need as well as a potential profit centre and good public relations.

The issue isn't that all miners would be fraudulent but rather a small % would.
The earlier post mentioned 20%. That to me seemed like a large percentage. Where-as if just 1% of miners are fraudulent, then the chances of a successful double-spend become quite low, compared to the meagre profit from ripping off the kind of merchants that would accept zero-confirmation transactions, and the cost of setting up the mining farm, and the damage to reputation when you get caught. I think we can get to a situation where it's irrational to try. I appreciate that doesn't mean no-one will, but it will be extremely rare.

I also appreciate you are saying that some merchants have such low tolerance for the risk that even "extremely rare" won't be good enough for them.
337  Bitcoin / Bitcoin Discussion / Re: bitcoin is failing in replacing fiat in physical shops on: February 18, 2014, 07:54:07 PM
On a long enough timeline I think "fraudulent" miners are all but an inevitability.  I could see an entity with say 20% of the network willing to accept out of band double spends for a hefty fee (either flat rate say $10 per tx, or a % of the tx amount).
Do you not think large retailers might mitigate that risk by becoming miners themselves? If Bitcoin succeeds, I would expect many entities to be willing to devote some resources to mining, to make it harder for others to control a sizeable fraction of the network. With that goal, they don't need to make a profit, although any mining income will help defray the costs.
338  Bitcoin / Bitcoin Discussion / Re: bitcoin is failing in replacing fiat in physical shops on: February 17, 2014, 08:30:14 PM
Whenever you don't pay with physical cash(paper money) you are paying with an account - either charging to a store account or a debit account or a credit card account.
When you talk about a customer having an account with a retailer, that's not the same as a customer owning bitcoin. The account with a retailer is part of a "formal banking, brokerage, or business relationship established to provide for regular services, dealings, and other financial transactions" with that retailer. Bitcoin is more like cash. It's not a relationship with any one individual or institution. You might as well say dollars are an account you have with the American government and/or its people.

Quote
The emergence of Cryptocurrencies on the scene will not change this. You will still be paying from an "account" - it will just be a cryptocurrency account.
If you are saying I might have an account with my retailer that I settle in bitcoin, then I agree, but I suspect you are not saying that.

Quote
We will not see blockchain transactions at the point of sale on any kind of scale (e.g. large stores and supermarkets) where there is a high turnover of sales.
If they can take cash, and have an internet connection, they can take bitcoin. Bitcoin has many advantages over cash for the retailer and the customer. It has some caveats, but those can be managed. Loyalty cards and retail accounts will be layered on top of that, for those that find them convenient.
339  Bitcoin / Bitcoin Discussion / Re: So...What Other Weaknesses in Bitcoin Coding Should We Know About? on: February 17, 2014, 08:08:41 PM
eh, the transaction malleability issue doesn't really affect people who wait for confirmation in the blockchain.
He's right, though; no-where on the weaknesses page does it say it is only listing a subset of weaknesses. It's not a comprehensive list, which is what people want to see.
340  Bitcoin / Bitcoin Discussion / Re: So...What Other Weaknesses in Bitcoin Coding Should We Know About? on: February 16, 2014, 01:07:03 PM
See https://en.bitcoin.it/wiki/Weaknesses and https://en.bitcoin.it/wiki/Double-spending.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [17] 18 19 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!