Bitcoin Forum
October 20, 2017, 09:41:47 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Security warning: OpenAlias plugin vunerability  (Read 289 times)
ThomasV
Moderator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
July 09, 2015, 08:04:30 AM
 #1

We recently discovered that the OpenAlias plugin, shipped in Electrum 2.0 to 2.3, does not correctly validate DNSSEC records.

A fixed version is in the works, and will be shipped in version 2.4. (ETA: a week)
In the meantime, please do not trust aliases verified by that plugin.

See the release notes for more details: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Electrum: the convenience of a web wallet, without the risks
1508492507
Hero Member
*
Offline Offline

Posts: 1508492507

View Profile Personal Message (Offline)

Ignore
1508492507
Reply with quote  #2

1508492507
Report to moderator
1508492507
Hero Member
*
Offline Offline

Posts: 1508492507

View Profile Personal Message (Offline)

Ignore
1508492507
Reply with quote  #2

1508492507
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508492507
Hero Member
*
Offline Offline

Posts: 1508492507

View Profile Personal Message (Offline)

Ignore
1508492507
Reply with quote  #2

1508492507
Report to moderator
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1232


GetMonero.org / MyMonero.com


View Profile WWW
July 09, 2015, 08:37:40 AM
 #2

We recently discovered that the OpenAlias plugin, shipped in Electrum 2.0 to 2.3, does not correctly validate DNSSEC records.

A fixed version is in the works, and will be shipped in version 2.4. (ETA: a week)
In the meantime, please do not trust aliases verified by this plugin.

See the release notes for more details: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

To be more specific: the way it used to work was to split the URL up into parts separated by . (ie. waffle.blah.example.com is split into waffle, blah, example, com) and then check each part (from the last to the first) as follows:

1. concatenate it with the previous parts (so if we're checking "blah" then we'd be verifying blah.example.com)
2. using the system resolver get the NS record for the domain
3. ask the main nameserver (per the NS record) for the DNSKEY for that sub-domain, pass the D0 flag (ie. tell it we want DNSSEC data)
4. if it is DNSSEC signed we should receive the RRSET, which contains the DNSKEY and the RRSIG for that DNSKEY
5. validate that the signature is correct
6. repeat for the next part

This is reasonable, except it doesn't *actually* check the chain, it just checks each part of the chain. For DNSSEC to work you have to start at the root zone (which is .) as that is *the only certificate you will have on your computer*, and then you work your way down the chain, checking delegation at each point. Our checking sub-parts without delegation (and without starting at .) was lazy, and whilst it is unlikely you'd be able to cheat validation the risk is still non-negligible.

The updated verification that ThomasV has written validates the chain correctly.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!