Bitcoin Forum
June 16, 2019, 08:14:34 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: bitcoin client authentication  (Read 882 times)
CliffordM
Member
**
Offline Offline

Activity: 95
Merit: 10


View Profile
February 11, 2013, 01:56:39 PM
 #1

How do we know that the client we are using (eg bitcoin-qt) is authentic and not an impersonator ?

Obviously we can download the source-code , and check the signature as published on bitcoin.org

When I download from source-forge, it is not over HTTPS  -- so I cannot rely on this.


There are no instructions / suggestions for doing this on bitcoin.org.

Maybe some instructions and possibly an HTTPS download site ?


What would be really good, would be a client feature that it has to handshake with the mining network, and some tiny fingerprint appear in the block-chain that can then be viewed from a trusted site.  You then know that your client is a real one.


The problem I am imagining is that someone impersonates the client software, and uses this to gain access to the wallet keys.

As bitcoin becomes more mainstream, the security-knowhow of the average user will drop,  a spoofed client would be terrible news.



1560716074
Hero Member
*
Offline Offline

Posts: 1560716074

View Profile Personal Message (Offline)

Ignore
1560716074
Reply with quote  #2

1560716074
Report to moderator
Try The Brand New Ethereum Game
50 Last Players Also Win The Bank
Works On Any iOS/Android Device With Standard Browser
Join Us On Telegram To Get Notified When You Can Win
COLOR PIXELS
AND WIN
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1560716074
Hero Member
*
Offline Offline

Posts: 1560716074

View Profile Personal Message (Offline)

Ignore
1560716074
Reply with quote  #2

1560716074
Report to moderator
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1008


View Profile
February 11, 2013, 06:01:46 PM
 #2

From Bitcoin 0.8 onwards the binaries for Windows and MacOS will be signed by Bitcoin Foundation code-signing certificates. So you can check that using the standard methods your operating system provides. For Linux there are GPG signed builds available. For Android, wallet apps are code-signed by their creators.
CliffordM
Member
**
Offline Offline

Activity: 95
Merit: 10


View Profile
February 11, 2013, 06:57:56 PM
 #3

my worry is that folk won't bother with this.

we need something more convenient for Joe Public.
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1064
Merit: 1036


View Profile WWW
February 11, 2013, 09:44:03 PM
 #4

What would be really good, would be a client feature that it has to handshake with the mining network, and some tiny fingerprint appear in the block-chain that can then be viewed from a trusted site.  You then know that your client is a real one.

You want the client to validate itself, and tell you has verified it is authentic?

Do you think that someone who distributes a malicious version won't just make it skip that check?

I do Bitcoin stuff.
CliffordM
Member
**
Offline Offline

Activity: 95
Merit: 10


View Profile
February 12, 2013, 08:21:37 AM
 #5

I think you may have mis-read my post.

My thesis is that there is not enough guidance on security-hygiene concerning client impersonation.

My suggestion of the blockchain-fingerprint is a potential solution to the problem.  Whether or not it is feasible in that form does not detract from the validity of the thesis.

What the suggestion implies is that there may be a better solution than expecting users to validate clients directly.

Apologies if this is not how you had interpreted my post.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!