Bitcoin Forum
May 18, 2024, 03:41:33 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Archival > MultiBit > Bit-flipping attack mitigation in MultiBit HD
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Bit-flipping attack mitigation in MultiBit HD  (Read 764 times)
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
July 26, 2015, 11:01:48 AM
Last edit: July 26, 2015, 11:13:54 AM by jim618
 #1
https://multibit.org/blog/2015/07/25/bit-flipping-attack.html

(edit)
Here's a summary for developers:
AES encryption in CBC mode with known plain text format is open to manipulation by a malicious man-in-the-middle. If you're a developer sending AES messages around (even over HTTPS), make sure you include a MAC to ensure no manipulation has taken place in transit.
MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
tspacepilot
Legendary
*
Offline Offline

Activity: 1456
Merit: 1078


I may write code in exchange for bitcoins.


View Profile
July 26, 2015, 09:18:42 PM
 #2
Quote from: jim618 on July 26, 2015, 11:01:48 AM
https://multibit.org/blog/2015/07/25/bit-flipping-attack.html

(edit)
Here's a summary for developers:
AES encryption in CBC mode with known plain text format is open to manipulation by a malicious man-in-the-middle. If you're a developer sending AES messages around (even over HTTPS), make sure you include a MAC to ensure no manipulation has taken place in transit.

That was a really interesting blog post, thanks for the link.  I don't Multibit HD but I appreciate the insight on the interaction of AES and HTTPS.
Pages: [1]
  Print  
Bitcoin Forum > Other > Archival > MultiBit > Bit-flipping attack mitigation in MultiBit HD
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!