1783
|
Bitcoin / Bitcoin Discussion / Re: What if I stored child porn in the block chain?
|
on: January 21, 2011, 08:02:28 PM
|
Because of the default client now does not support any non-standard transactions (isStandard() function)
You'll still store non-standard transactions if someone else puts them in a block. You'll then have to transmit the transaction to anyone who requests that block from you. Yes, the protocol still supports it, but the default client does not create such transactions. So it is not the "normal use" of Bitcoin to store binary data in it. Case closed.
|
|
|
1784
|
Bitcoin / Development & Technical Discussion / Re: Feature request: Implement SSH-like conn encryption into protocol (OpenSSL ?)
|
on: January 21, 2011, 08:00:14 PM
|
Encryption is pointless, because when an attacker can control enough bitcoin nodes, SSL won't help at all...
Encryption is not pointless, because it is unlikely an attacker can control enough bitcoin nodes today. Furthermore, it is nice to not be observed when I am submitting a new transaction to the network. Those in the coffee shop have no business knowing that I am submitting a new transaction, even if the TX is propagated in the clear throughout the network. Well, maybe not completely pointless, but much less useful than i thought, and certainly not much more anonymous.
|
|
|
1785
|
Economy / Marketplace / Re: .: DOUBLE TROUBLE :. NOW OPEN
|
on: January 21, 2011, 06:45:01 PM
|
Hello fellow forumers, Just a short message to let you know: DOUBLE TROUBLE http://doubletrouble.bitcoinbet.com/is now officially open for gaming. We also have an affiliate program that will help you monetize your bitcoin traffic (from web site, blog or forum posts). Please let us know in the forum when you've won a prize! OK. End of press release... Time for a beer! http://doubletrouble.bitcoinbet.com/OK, this seems nice and polished. But i have one, very important question: Where do you get your random number / random number seeds ?When it comes to computers, all "random" numbers are really only pseudo-random. And proper randomness factor / entropy is everything when it comes to online casinos. Just look what one of the companies did to get REAL random numbers: http://www.youtube.com/watch?v=7n8LNxGbZbsPerhaps you should consider getting real random seeds from somewhere. Otherwise i don't think the game will be really fair. ---- BTW, do you know that there are specialized companies whose only occupation is generating random numbers and selling them ?
|
|
|
1786
|
Bitcoin / Bitcoin Discussion / Re: What if I stored child porn in the block chain?
|
on: January 21, 2011, 06:20:55 PM
|
It doesn't matter anymore if you put kiddie porn in chain or not.
Because of the default client now does not support any non-standard transactions (isStandard() function), and bitcoin is only specifically advertised & designed as currency by its creators, this case will be classified by courts the same as using a phone for coordinating a bank robbery would be.
The telephone operator cannot be held responsible for actions of a criminal which used the phone to do some evil.
|
|
|
1788
|
Bitcoin / Development & Technical Discussion / Re: Feature request: Implement SSH-like conn encryption into protocol (OpenSSL ?)
|
on: January 21, 2011, 02:50:10 PM
|
Now, on the encryption part of an SSH-like connection, I fail to see the advantages. All messages your client send are supposed to be propagated to the entire public network anyway. They are not secret. Why encrypt?
Simple. So that nobody knows what IP were these transactions created by. And SSH-like connection will be almost exactly the same as a SSL-like connection, but without central certificate authorities. Of course some mechanism of reading fingerprints from a HTTPS site could also be implemented, so people could create "semi-certificate authorities" which would be simply a list of node IP's with their fingerprints.
|
|
|
1789
|
Bitcoin / Development & Technical Discussion / Feature request: Implement SSH-like conn encryption into protocol (OpenSSL ?)
|
on: January 21, 2011, 01:59:14 PM
|
I propose something that has been discussed many times on the forums - implementing connection encryption to the bitcoin protocol.
Details: - Like SSH, people will be able to connect to each other securely, using cryptographic keys / identities they need to exchange first. - As in SSH, each host will generate its fingerprint, and set of private/public keys. So nodes connecting will be able to verify each other - Some nodes (like banks) will be able to publish their keys/fingerprints somewhere (like on their site), so that everybody can confirm who they are when connecting to their bitcoin clients - When key/fingerprint of remote node changes, user will be warned & asked if he wants to connect anyway (like in SSH).
- To make things easier, one could use openssl library present in every major operating system to implement this.
Possible benefits: - Possibility of having almost 100% anonymity for each node. (if some random traffic generator will be also implemented) A third party no longer will be able to tell who is who and which transaction is which by sniffing the traffic coming in/out of a node. - Real security & more anonymity when connecting through TOR (right now the exit nodes can easily sniff/intercept all traffic, so using bitcoin on TOR is somewhat dangerous). - Eleminate man-in-the-middle attacks. - People will be able to create "semi-certificate authorities", which will store each node's fingerprints and show them publicly, so nodes of the network can be verified. - Clients (like banks) could choose to connect only to trusted, SSL-verified nodes, and ignore the rest.
Possible disadvantages: - Possibility of centralization of the network ?
|
|
|
1791
|
Economy / Economics / Re: Hostile action against the bitcoin infrastracture
|
on: January 21, 2011, 08:50:34 AM
|
Bitcoin is unsafe so long as the wallet file system persists.
Perhaps this alternative is suitable? WALLET: Private key password encryption (AES256), makes the wallet require a password to sign a transaction Version 0.1.0 planned for mid-january 2011 http://en.bitcoin.it/wiki/QBitcoinThat would be an improvement, but the 'scorched earth' type attack wouldn't care to sign a transaction. However, any methods to hide the wallet.dat data by the client itself would be in the source code, and the attacker would know where to go to destroy that data. I think the improvement would be that wallet could be completely encrypted, so to send or accept any transactions, one would have to give a password. Still, that would not protect against keylogger attacks.
|
|
|
1792
|
Economy / Economics / Re: Hostile action against the bitcoin infrastructure
|
on: January 20, 2011, 08:36:23 PM
|
If any GNU/Linux distro has four unpatched zero day exploits at the same time, I'll eat my hat.
Yeah - as i said - breaking into a fully patched desktop Linux with software only from signed repos using a 0-day is itself highly unlikely. + Add Noscript/Flashblock = Very highly unlikely (A critical 0-day vulnerabilities which do not require javascripts/canvas/html5/iframes/advanced stuff are VERY rare) + Add Virtual Machine = Practically impossible
|
|
|
1793
|
Economy / Economics / Re: Hostile action against the bitcoin infrastructure
|
on: January 20, 2011, 06:15:15 AM
|
You are thinking of the traditional garage made or botnet data thief virus that gets instantly detected and patched. You might want to brush up on the reality of actual state-level cybercrime or cyberwarfare. I explained myself more fully in the other thread. http://bitcointalk.org/index.php?topic=111.msg39486#msg39486I know what You mean. I can still either run bitcoin as a different user, or better: run bitcoin in an encrypted virtual machine. This practically takes the risk of any hack down to zero. That attacker would have to 0) Find a MASSIVE way to attack everybody at once before the 0-day is detected (not an easy thing to do). 1) Crack my web browser (with Noscrtipt/Flashblock/Adblock installed, so it is not an easy task either) 2) Find the correct virtual machine 3) Hack into the virtual machine, breaking it's security also. I **seriously doubt** that any 0-day will ever be able to do that. And about Stuxnet: It ran on Windows. I don't put "windows" and "security" in one sentence.
|
|
|
1794
|
Bitcoin / Bitcoin Discussion / Re: Bitcoin: a potentially disruptive currency
|
on: January 20, 2011, 06:10:34 AM
|
Ok... so basically you're advertising your blog on the forum for free. Great.
I realize some forums don't like this, but it appears to be fine here. While there aren't many I think it is helpful, eventually they should probably all go in one thread. Sorry, i just got used to the fact that on every other forum this is viewed as spam. My bad.
|
|
|
1795
|
Bitcoin / Development & Technical Discussion / Re: Will we be able to cope when there are _lots_ of transactions?
|
on: January 20, 2011, 05:52:48 AM
|
I don't think this is much of a problem.
For example, mastercard has maximum capacity of 140 million transactions per hour. Which makes 38.888 transactions per second. 38.888 transactions per second * 250 bytes = 9722000 bytes = ~77,77Mbit. (Though on average, Mastercard does only 22 billion transactions a year, which makes about 2,5 million a hour, and ~700 a second, so there are probably only spikes with high number of transactions, and the rest is much lower)
So anybody with 100Mbit broadband/fiber will be fine. Just buy a powerful 6-or-more cores computer, and you probably will be able to easily calculate everything without much strain.
But by the time Bitcoin will be so popular to process that many transactions, internet connections around the world will be easily 100-200% faster than currently, so no problem there. Also, you can always buy a decidated hosting connected to 1Gbit pipe (which is less expensive that you would imagine), and You're cool.
|
|
|
1796
|
Bitcoin / Project Development / Re: Anonymous Internet Banking Project
|
on: January 19, 2011, 06:11:35 PM
|
Try I2P, that was actualy designed for hidden services and offers a much better solution regarding speed, availability and security. If you're unfamiliar with it you can get quick-started on http://portable-i2p.blogspot.com (windows) I use debian GNU/linux. I should indeed look into i2p, but somehow I can't find any clear straitforward howto for installation on debian. Doesn't I2P work simply out of the box as it is a java app ? I remember setting it up some time ago, and i could swear it worked without any configuration. I lost interest in it, as it is meant to be a closed network of nodes, unlike TOR, which interferes with the "normal" internet by default.
|
|
|
1797
|
Economy / Economics / Re: Emergent art from the free market cypher-sphere
|
on: January 19, 2011, 04:57:11 PM
|
"Earthfall" (Pilot) An object falls from the sky, spreading radiation over North America. Fearing terrorism, Homeland Security Agents are dispatched to investigate and contain the damage. What they find will have implications for the entire world. Propaganda. Watched 2 episodes already. Not much propaganda there (or at least not more than in usual US movies).
|
|
|
1798
|
Economy / Economics / Re: Jintao: dollar-denominated international currency system "product of the past"
|
on: January 19, 2011, 04:55:03 PM
|
Bitcoin is the solution to China's problems! We need to get Bitcoin to China!!!
The problem with Chineese is that they may get a bullet in their head for doing something the government doesn't like. They don't fuck around with dissidents in China like they do in democracies. If they even suspect that you're doing something nasty, you get sent to labor camp or worse.
|
|
|
|