Bitcoin Forum
April 25, 2018, 02:08:18 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Security warning: OpenAlias plugin vunerability  (Read 302 times)
ThomasV
Moderator
Legendary
*
Offline Offline

Activity: 1899
Merit: 1007



View Profile WWW
July 09, 2015, 08:04:30 AM
 #1

We recently discovered that the OpenAlias plugin, shipped in Electrum 2.0 to 2.3, does not correctly validate DNSSEC records.

A fixed version is in the works, and will be shipped in version 2.4. (ETA: a week)
In the meantime, please do not trust aliases verified by that plugin.

See the release notes for more details: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Electrum: the convenience of a web wallet, without the risks
1524622098
Hero Member
*
Offline Offline

Posts: 1524622098

View Profile Personal Message (Offline)

Ignore
1524622098
Reply with quote  #2

1524622098
Report to moderator
1524622098
Hero Member
*
Offline Offline

Posts: 1524622098

View Profile Personal Message (Offline)

Ignore
1524622098
Reply with quote  #2

1524622098
Report to moderator
1524622098
Hero Member
*
Offline Offline

Posts: 1524622098

View Profile Personal Message (Offline)

Ignore
1524622098
Reply with quote  #2

1524622098
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1524622098
Hero Member
*
Offline Offline

Posts: 1524622098

View Profile Personal Message (Offline)

Ignore
1524622098
Reply with quote  #2

1524622098
Report to moderator
1524622098
Hero Member
*
Offline Offline

Posts: 1524622098

View Profile Personal Message (Offline)

Ignore
1524622098
Reply with quote  #2

1524622098
Report to moderator
1524622098
Hero Member
*
Offline Offline

Posts: 1524622098

View Profile Personal Message (Offline)

Ignore
1524622098
Reply with quote  #2

1524622098
Report to moderator
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1246
Merit: 1000


GetMonero.org / MyMonero.com


View Profile WWW
July 09, 2015, 08:37:40 AM
 #2

We recently discovered that the OpenAlias plugin, shipped in Electrum 2.0 to 2.3, does not correctly validate DNSSEC records.

A fixed version is in the works, and will be shipped in version 2.4. (ETA: a week)
In the meantime, please do not trust aliases verified by this plugin.

See the release notes for more details: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

To be more specific: the way it used to work was to split the URL up into parts separated by . (ie. waffle.blah.example.com is split into waffle, blah, example, com) and then check each part (from the last to the first) as follows:

1. concatenate it with the previous parts (so if we're checking "blah" then we'd be verifying blah.example.com)
2. using the system resolver get the NS record for the domain
3. ask the main nameserver (per the NS record) for the DNSKEY for that sub-domain, pass the D0 flag (ie. tell it we want DNSSEC data)
4. if it is DNSSEC signed we should receive the RRSET, which contains the DNSKEY and the RRSIG for that DNSKEY
5. validate that the signature is correct
6. repeat for the next part

This is reasonable, except it doesn't *actually* check the chain, it just checks each part of the chain. For DNSSEC to work you have to start at the root zone (which is .) as that is *the only certificate you will have on your computer*, and then you work your way down the chain, checking delegation at each point. Our checking sub-parts without delegation (and without starting at .) was lazy, and whilst it is unlikely you'd be able to cheat validation the risk is still non-negligible.

The updated verification that ThomasV has written validates the chain correctly.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!