Bitcoin Forum
October 22, 2018, 11:31:54 AM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How can I trust clients?  (Read 1753 times)
bentheman
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
July 31, 2016, 11:13:14 PM
 #1

Hi,

my question is pretty easy. How can I trust clients like Electrum,Multibit etc?
Is it just checking the sourcecode? So, no one should download a new version until it gets verified?

best regards
1540207914
Hero Member
*
Offline Offline

Posts: 1540207914

View Profile Personal Message (Offline)

Ignore
1540207914
Reply with quote  #2

1540207914
Report to moderator
1540207914
Hero Member
*
Offline Offline

Posts: 1540207914

View Profile Personal Message (Offline)

Ignore
1540207914
Reply with quote  #2

1540207914
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1540207914
Hero Member
*
Offline Offline

Posts: 1540207914

View Profile Personal Message (Offline)

Ignore
1540207914
Reply with quote  #2

1540207914
Report to moderator
1540207914
Hero Member
*
Offline Offline

Posts: 1540207914

View Profile Personal Message (Offline)

Ignore
1540207914
Reply with quote  #2

1540207914
Report to moderator
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1554
Merit: 1704


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
July 31, 2016, 11:29:06 PM
 #2

Yes. You check the source code. If you don't think the developer is trustworthy, check the source code and build it yourself from source.

pooya87
Legendary
*
Offline Offline

Activity: 1428
Merit: 1206


Buy bitcoin they said... who listened?


View Profile
August 01, 2016, 06:13:55 AM
 #3

Yes. You check the source code. If you don't think the developer is trustworthy, check the source code and build it yourself from source.

there are many problems with what you just said.

1) for example Core is in C++ (if i am not mistaken), Electrum is in Python,... and in order to check the source codes you have to know these programming languages, or at least have some knowledge in any programming language to be able to make heads or tails of what is going on.

2) these are fairly big project so going through the code is going to take a very long time if you are not a veteran programmer and even if you are it still needs a long time.

3) also building from the source code is not recommended for everybody especially when a newbie is asking for it , because they may break something and encounter a lot more problems and there aren't really detailed walkthroughs available to use them to compile the wallet.

the only solution that is left for regular users (which are the majority of bitcoin users) is to trust the developers based on their history and how long their wallet was around.

sellcollateral
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
August 01, 2016, 06:22:53 AM
 #4

Like it's been said by pooya87, it's really hard to check the sourcecode yourself, so i personally also trust the developers.

Their sourcecode has been reviewed by many seasoned programmers, so you'd have to trust the fact that any backdoors or vulnerabilitys would have been found by now.

What IS important is to only download their binarys from a trusted source, and you should also check the signature (allmost every developer signs his releases with his/her GPG key, so you can verify if the binary is actually signed by the right dev before you actually install it on your system)
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1554
Merit: 1704


3F1Y9yquzvY6RWvKbw2n2zeo9V5mvBhADU


View Profile WWW
August 01, 2016, 01:06:42 PM
 #5

Yes. You check the source code. If you don't think the developer is trustworthy, check the source code and build it yourself from source.

there are many problems with what you just said.

1) for example Core is in C++ (if i am not mistaken), Electrum is in Python,... and in order to check the source codes you have to know these programming languages, or at least have some knowledge in any programming language to be able to make heads or tails of what is going on.
Yes, but most major software have sufficient documentation and commenting in the code to make it easier to understand. You also don't need to be an expert in every language to understand what is happening, you just need to know one language that is related (e.g. Java is related to C/C++, Python, C#) to be able to read the code. '

2) these are fairly big project so going through the code is going to take a very long time if you are not a veteran programmer and even if you are it still needs a long time.
Not necessarily. Even though a project may be "big", they usually have decent documentation (code comments) to make understanding what each function should do a lot easier. Furthermore, if you have a starting point that you can trust, then you can just check each code commit from that point on which will be much easier to check than to analyze the whole source code.

3) also building from the source code is not recommended for everybody especially when a newbie is asking for it , because they may break something and encounter a lot more problems and there aren't really detailed walkthroughs available to use them to compile the wallet.
How so? Building from source for the major wallets is well documented and very easy to do. There isn't anything you can break without actually changing the code.

the only solution that is left for regular users (which are the majority of bitcoin users) is to trust the developers based on their history and how long their wallet was around.

Or you can have someone who is able to read code audit the code themselves. You do not have to trust the developer, you can have someone else you trust to check the code for you.

Decoded
Legendary
*
Offline Offline

Activity: 1078
Merit: 1013


lllllllllllll


View Profile
August 05, 2016, 04:56:34 AM
 #6

Usually, releases are signed with PGP keys or the like. This verifies that this is the same developer as the previous one. But then you have to place trust in them not selling their PGP key to someone else.
Dank14
Full Member
***
Offline Offline

Activity: 236
Merit: 100


Crown coin


View Profile
October 04, 2016, 06:14:31 AM
 #7

The issue of trust can be hard in the crypto world. For long term storage, I recommend using a paper wallet instead.

BitcoinSupremo
Copper Member
Hero Member
*****
Offline Offline

Activity: 994
Merit: 520


★777Coin.com★ Fun BTC Casino!


View Profile
October 04, 2016, 07:58:18 AM
 #8

The issue of trust can be hard in the crypto world. For long term storage, I recommend using a paper wallet instead.

Or even better a hardware wallet. I know many things have been said that we don't know what is flashed in the USB hardware wallets we may receive but let me tell you why I fully trust the developers of such wallets.

I trust them because they don't know how many bitcoins we as buyers have, maybe we have little quantity (which for us means a lot) and of course they want to continue keep selling and every problem we may have through these wallets we report them in this forum. That is bad publicity for the developers and a way to lose money by not making sales anymore. So yes for me hardware wallets are the best.

Herbert2020
Legendary
*
Offline Offline

Activity: 1358
Merit: 1071



View Profile
October 04, 2016, 08:40:00 AM
 #9

The issue of trust can be hard in the crypto world. For long term storage, I recommend using a paper wallet instead.
Or even better a hardware wallet. I know many things have been said that we don't know what is flashed in the USB hardware wallets we may receive but let me tell you why I fully trust the developers of such wallets.

you have to trust someone eventually it is not like all of us are expert coders who can check the code themselves and see which one is good and which one is malicious.

the only way for us to trust a wallet (whether it is a downloadable software or a hardware wallet) is to trust the feedback of other people who have been using that wallet and see the age of that specific software or hardware wallet.

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
BuySomeBitcoins
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
November 15, 2016, 04:43:43 AM
 #10

Do you want to verify the client itself is secure and trustworthy as written by the devs ?

Or you want to verify the release / download is not compromised by a third party / hacker ?
RGBKey
Hero Member
*****
Offline Offline

Activity: 840
Merit: 628


rgbkey.github.io/pgp.txt


View Profile WWW
November 16, 2016, 11:16:24 PM
 #11

The only way to really trust a client besides verifying the source code yourself is to just trust what other people have verified, or trust what others have trusted.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!