Bitcoin Forum
October 24, 2017, 09:36:43 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: Verifying Bitcoin Core  (Read 136588 times)
NewOldUser
Full Member
***
Offline Offline

Activity: 151


View Profile
August 18, 2016, 06:27:04 PM
 #21


Note that it isn't the greatest to trust random pages on the Internet when importing keys. For example, a bitcointalk.org moderator could replace the above keys with different keys that are all under his control and then post an emergency "urgent upgrade required!" link somewhere pointing to wallet-stealing malware signed by the keys that he placed here.

You could simply sign a message with one of your known public addresses, if you are concerned that a forum moderater could change your post. Sign the whole post (if a signed message that long is possible) or else only sign a message with the PGP keys.
1508837803
Hero Member
*
Offline Offline

Posts: 1508837803

View Profile Personal Message (Offline)

Ignore
1508837803
Reply with quote  #2

1508837803
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508837803
Hero Member
*
Offline Offline

Posts: 1508837803

View Profile Personal Message (Offline)

Ignore
1508837803
Reply with quote  #2

1508837803
Report to moderator
1508837803
Hero Member
*
Offline Offline

Posts: 1508837803

View Profile Personal Message (Offline)

Ignore
1508837803
Reply with quote  #2

1508837803
Report to moderator
1508837803
Hero Member
*
Offline Offline

Posts: 1508837803

View Profile Personal Message (Offline)

Ignore
1508837803
Reply with quote  #2

1508837803
Report to moderator
OmegaStarScream
Staff
Legendary
*
Online Online

Activity: 1078



View Profile
August 18, 2016, 06:34:21 PM
 #22


Note that it isn't the greatest to trust random pages on the Internet when importing keys. For example, a bitcointalk.org moderator could replace the above keys with different keys that are all under his control and then post an emergency "urgent upgrade required!" link somewhere pointing to wallet-stealing malware signed by the keys that he placed here.

You could simply sign a message with one of your known public addresses, if you are concerned that a forum moderater could change your post. Sign the whole post (if a signed message that long is possible) or else only sign a message with the PGP keys.

What would that change ? even If we quote him , moderators have the ability to delete our posts. (If not edit them as well - depends on the privileges theymos gave them)

mmgen-py
Member
**
Offline Offline

Activity: 93


View Profile WWW
August 18, 2016, 06:47:18 PM
 #23

Thanks, Theymos, for the core devs' pubkeys + importing & signing instructions.  I found that I also had to do a 'gpg --edit-key' on each key in question and trust it absolutely.  Otherwise, 'gpg --verify' issues the following complaint:

   gpg: WARNING: This key is not certified with a trusted signature!
   gpg:          There is no indication that the signature belongs to the owner.
NewOldUser
Full Member
***
Offline Offline

Activity: 151


View Profile
August 18, 2016, 06:52:32 PM
 #24


Note that it isn't the greatest to trust random pages on the Internet when importing keys. For example, a bitcointalk.org moderator could replace the above keys with different keys that are all under his control and then post an emergency "urgent upgrade required!" link somewhere pointing to wallet-stealing malware signed by the keys that he placed here.

You could simply sign a message with one of your known public addresses, if you are concerned that a forum moderater could change your post. Sign the whole post (if a signed message that long is possible) or else only sign a message with the PGP keys.

What would that change ? even If we quote him , moderators have the ability to delete our posts. (If not edit them as well - depends on the privileges theymos gave them)

We can verify his signed message, the mods couldn't change his post anymore (well, they still could, but then we will know that someone modified his post because the message won't verify anymore)
LoyceV
Hero Member
*****
Offline Offline

Activity: 910


Howdy


View Profile
August 18, 2016, 07:00:06 PM
 #25

Wouldn't it be cool to have the hashes of the downloads stored in the blockchain, in such a way that Bitcoin Core 0.12.1 can be used to verify the download for version 0.13.0?
Of course an attacker could add fake hashes to the blockchain again, so it has to be done by a - somehow - trusted address.

biggus dickus
Sr. Member
****
Offline Offline

Activity: 306


View Profile
August 18, 2016, 07:00:32 PM
 #26

Is Electrum still safe to use?

It's help window says it connects to a single server to get your transaction history, and I assume that server is backed by a single Bitcoin core node.

In addition, its help says it connects to several nodes to get the headers and uses them to verify the transaction history sent from the single server.

Even if the server and all nodes a wallet uses were compromised I can't think of a way your Bitcoins could be at risk of theft if you sign Electrum transactions offline, and only transmit them through a watching only wallet connected to the internet.



theymos
Administrator
Legendary
*
Offline Offline

Activity: 2814


View Profile
August 18, 2016, 08:09:19 PM
 #27

The suggested HashTab tool is not useful on Windows.  If you get it and check the properties tab, the sha256 sum is not there.  Either additional instructions to enable it are required or a different tool should be suggested: (such as http://www.labtestproject.com/using_windows/step_by_step_using_sha256sum_on_windows_xp.html)

Otherwise, reddit and/or forum could get inundated with posts from windows users who will report that their windows system got a compromised 13th version when they download it.

Thanks, I changed it to a built-in utility that SENPAI_NOTICES_YOU mentioned on Reddit.

Is Electrum still safe to use?

Probably this most recent thing doesn't change much. I consider Electrum to be reasonably safe, though not very private at all.

One way you can lose money is that the Electrum server can say that you received x BTC that you didn't really receive, and then you could irreversibly send out some product in response to this non-payment. (This might require some mining power to pull off, I'm not sure.) This is more of a threat for automated services, though.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Bitware
Hero Member
*****
Offline Offline

Activity: 911


weaving spiders come not here


View Profile
August 18, 2016, 11:28:47 PM
 #28

Thank you for this valuable information.
Itoo
Jr. Member
*
Offline Offline

Activity: 33


View Profile
August 19, 2016, 03:52:11 AM
 #29


...

PGP has the concept of a "PGP Web of Trust" that people are theoretically supposed to use to prevent this sort of thing, but it's complicated and doesn't work very well, so pretty much no one actually uses it. ...



Thanks for the info Theymos, very in-depth and helpful.

I hope this isn't too far off topic but, related to the quote above, I've been thinking about the concept of a 'web of trust' and how bitcoin and the p2p blockchain are basically exactly that, it's a currency whose veracity is enforced by a web of trust (among other things of course, but nodes operate on a similar concept I believe, of course they rely on a percentage of participators to be rationally motivated to be good players).

I've also been thinking of a post I just read by u/cannon-c on r/bitcoin about the need to decentralize data (such as the bitcoin repository, and any important open-source repository).

It seems that both of those things (gpg signature storage and open-source software repositories) could benefit from a decentralized p2p storage model, and possibly the security of being written to a/the blockchain (side-chains come to mind, but I'm by no means a programmer so could be off in my expectations there).

In any case, taking Namecoin as an example, I think open-source software and signature repositories are the exact kind of things that could benefit from bitcoin's model.

I'm truly a noob so there could be things I'm not considering. Thanks for any thoughts you have


16rk7UH5HGHs65Z3iPVE1pdAfRDGojXf9n
Itoo
Jr. Member
*
Offline Offline

Activity: 33


View Profile
August 19, 2016, 03:58:16 AM
 #30

My thoughts about hash storage and actual storage of the sig's and software aren't fully articulated, but I understand they are separate and would need to be considered separately, though that's not to say a data storage model couldn't have a built-in hash storage/verification model as well. I just understand that space usage is an important consideration in a decentralized model that you want to keep as decentralized as possible. Thanks for reading my ramblings Smiley

16rk7UH5HGHs65Z3iPVE1pdAfRDGojXf9n
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793



View Profile
August 19, 2016, 08:48:54 AM
 #31

What I want to know is, what "State" is sponsoring this malicious attack? Is it China? The USA? I would imagine a collective of countries conversing on this and funding the attackers with Bitcoin, since fiat is so traceable nowadays.

I think he found direct evidence of GFW doing a DNS MITM for bitcoin.org.  That to me is the most reasonable and most likely explanation.  Sure it could be another state sponsored attack, but all the other major state players just ban it and make it unpopular and whatnot.  China's the only one to just implement technical measures first and do other stuff later.  I think the GFW got updated to redirect bitcoin.org traffic.

This is of course entirely speculation without any shred of merit.

luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793



View Profile
August 19, 2016, 08:51:25 AM
 #32

Is Electrum still safe to use?

Electrum is no more or less safe than it has always been.  You should of course be PGP verifying your Electrum downloads.

Animazing's key is 9914864DFC33499C6CA2BEEA22453004695506FD, and Thomas V's key is 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6.

alani123
Legendary
*
Offline Offline

Activity: 1484


Professional googler


View Profile
August 19, 2016, 09:43:56 AM
 #33

The news about the announcement spread like wildfire...














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
Divorcion
Full Member
***
Offline Offline

Activity: 167


View Profile
August 19, 2016, 12:28:20 PM
 #34

a very important post, thanks.
tutorialevideo
Legendary
*
Offline Offline

Activity: 1085

BitClouder Host SRL


View Profile WWW
August 20, 2016, 06:23:48 PM
 #35

Thanks for the heads up!

https://bitcointalk.org/index.php?topic=1319646.0 Bitcoin mining hosting services Solution in Europe as low as 75 $/ KW/Month all fees included Pm if interested.
S.C BitClouder Host S.R.L
Abiky
Legendary
*
Offline Offline

Activity: 840


Crypto-Games.net: Multiple coins, multiple games


View Profile
August 20, 2016, 08:24:55 PM
 #36

This post is very important in order to stay safe on the Bitcoin network. I've heard that soon we'll be getting the Seg Wit protocol so it will be a major improvement towards helping Bitcoin reach mainstream status. Scalability and security is the most important thing here so I hope that with Seg Wit we could finally get somewhere.  Cheesy

 

▇▇▇▇
▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇
▇▇▇▇▇▇
 
mamamae
Legendary
*
Offline Offline

Activity: 1133



View Profile
August 22, 2016, 08:48:19 PM
 #37

i'm no expert but something like this can be used to certify the files for the wallets, even the code on github, the only problem is that need a source that certify the files are originals :

https://eternitywall.it/notarize



lucky80
Hero Member
*****
Offline Offline

Activity: 574


ICONOMI Supporter


View Profile
August 23, 2016, 07:48:34 PM
 #38

Thankyou Sir for this helpful information...

              ▄▄█████▄▄
              ███▀▀▀▀▀███▄
            ▄███       ▀ ▄▄▄▄▄
      ▄██▀ ▄██▀ ▄▄  ▄▄██████████▄
    ▄██▀  ███  ▀▀██▄ ▀█▀▀ ▄▄▄ ▀▀██▄
   ██▀  ▄███    ▄ ▀██▄     ███▄  ███
  ███  ███▀    ███  ▀██▄    ▀███  ███
  ███ ███▀    ███    ▀███▄    ███▄ ██
   ██▄ ▀    ▄███       ███▄    ▀██▄
  ▄ ▀██▄▄  ▄██▀         ██▀    ▄ ███▄
 ▄██▄ ▀██ ▄██▀ ▄▄▄▄▄▄▄▄▄▄▄▄█████▄ ▀██▄
███▀      ███ ███████████████▀     ▀███
███▄     ▀▀▀              ▄▄▄      ▄███
 ████████████████████████ ███ ████████
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ▄██▀ ▀▀▀▀▀▀
            ▀██▄▄▄▄▄▄▄▄▄██▀
              ▀▀▀█████▀▀▀
███████████████  █▄█████████████  █▄███████████▄█  █▄███████████▄█  █▄█████████████
███████████████  ███████████████  ███████████████  ███████████████  ███████████████

███████████████  ███▀███████████  ███▀███████▀███  ███▀███████▀███  ███
▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 ████████▄▄▄▄▄▄▄  █████▄▄▄▄▄▄▄███  █████▄▄▄▄▄▄▄███  ████▄▄▄▄▄▄▄▄▄
██████████████
 ███████████████  ███████████████  ███████████████  ▀█████████████▄
███▀▀▀▀▀▀▀▀▀▀▀
 ████████▀▀▀▀███  █████▀▀▀▀▀▀▀███  █████▀▀▀▀▀▀▀███  ██▀▀▀▀▀▀▀▀▀▀███
███
████████████  ███▄███████████  ███████████████  ███████████████  ███████████████
███████████████  ███████████████  ███
████████████  ███████████████  ███████████████
███████████████
 █▀█████████████  ███████████████  ███████████████  █████████████▀

.
ELECTRONIC GOVERNMENT AS A SERVICE
Blockchain State
Central Banks
Citizens
Courts
Constitution
Smart Laws

Code:
[center][table][tr][td][url=https://bitcointalk.org/index.php?topic=1607749.0][font=courier][size=2px][color=#04AEE0]               ▄▄█████▄▄
              ███▀▀▀▀▀███▄
            ▄███       ▀ ▄▄▄▄▄
      ▄██▀ ▄██▀ ▄▄  ▄▄██████████▄
    ▄██▀  ███  ▀▀██▄ ▀█▀▀ ▄▄▄ ▀▀██▄
   ██▀  ▄███    ▄ ▀██▄     ███▄  ███
  ███  ███▀    ███  ▀██▄    ▀███  ███
  ███ ███▀    ███    ▀███▄    ███▄ ██
   ██▄ ▀    ▄███       ███▄    ▀██▄
  ▄ ▀██▄▄  ▄██▀         ██▀    ▄ ███▄
 ▄██▄ ▀██ ▄██▀ ▄▄▄▄▄▄▄▄▄▄▄▄█████
Gumballinabattleaxeninja
Full Member
***
Offline Offline

Activity: 196


View Profile
August 23, 2016, 07:50:02 PM
 #39

What I want to know is, what "State" is sponsoring this malicious attack? Is it China? The USA? I would imagine a collective of countries conversing on this and funding the attackers with Bitcoin, since fiat is so traceable nowadays.

I think he found direct evidence of GFW doing a DNS MITM for bitcoin.org.  That to me is the most reasonable and most likely explanation.  Sure it could be another state sponsored attack, but all the other major state players just ban it and make it unpopular and whatnot.  China's the only one to just implement technical measures first and do other stuff later.  I think the GFW got updated to redirect bitcoin.org traffic.

This is of course entirely speculation without any shred of merit.

Can you tell me what GFW is? I may know what it is, but I do not know that acronym. Apologies for my ignorance and thank you for the information.
fitraok09
Hero Member
*****
Offline Offline

Activity: 749



View Profile
August 24, 2016, 05:08:50 AM
 #40

What does it mean the sentences of "Be extra vigilant when downloading binaries from our website for the upcoming 0.13.0 release". I found on https://bitcoin.org/en/download

what happens with bitcoin core 0.13?  why we must be vigilant

Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!