Bitcoin Forum
November 15, 2024, 12:17:03 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 »  All
  Print  
Author Topic: Verifying Bitcoin Core  (Read 205206 times)
mmgen-py
Member
**
Offline Offline

Activity: 112
Merit: 27


View Profile WWW
August 18, 2016, 06:47:18 PM
 #21

Thanks, Theymos, for the core devs' pubkeys + importing & signing instructions.  I found that I also had to do a 'gpg --edit-key' on each key in question and trust it absolutely.  Otherwise, 'gpg --verify' issues the following complaint:

   gpg: WARNING: This key is not certified with a trusted signature!
   gpg:          There is no indication that the signature belongs to the owner.
LoyceV
Legendary
*
Offline Offline

Activity: 3500
Merit: 17686


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
August 18, 2016, 07:00:06 PM
 #22

Wouldn't it be cool to have the hashes of the downloads stored in the blockchain, in such a way that Bitcoin Core 0.12.1 can be used to verify the download for version 0.13.0?
Of course an attacker could add fake hashes to the blockchain again, so it has to be done by a - somehow - trusted address.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
biggus dickus
Sr. Member
****
Offline Offline

Activity: 310
Merit: 250


View Profile
August 18, 2016, 07:00:32 PM
 #23

Is Electrum still safe to use?

It's help window says it connects to a single server to get your transaction history, and I assume that server is backed by a single Bitcoin core node.

In addition, its help says it connects to several nodes to get the headers and uses them to verify the transaction history sent from the single server.

Even if the server and all nodes a wallet uses were compromised I can't think of a way your Bitcoins could be at risk of theft if you sign Electrum transactions offline, and only transmit them through a watching only wallet connected to the internet.



theymos (OP)
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13420


View Profile
August 18, 2016, 08:09:19 PM
 #24

The suggested HashTab tool is not useful on Windows.  If you get it and check the properties tab, the sha256 sum is not there.  Either additional instructions to enable it are required or a different tool should be suggested: (such as http://www.labtestproject.com/using_windows/step_by_step_using_sha256sum_on_windows_xp.html)

Otherwise, reddit and/or forum could get inundated with posts from windows users who will report that their windows system got a compromised 13th version when they download it.

Thanks, I changed it to a built-in utility that SENPAI_NOTICES_YOU mentioned on Reddit.

Is Electrum still safe to use?

Probably this most recent thing doesn't change much. I consider Electrum to be reasonably safe, though not very private at all.

One way you can lose money is that the Electrum server can say that you received x BTC that you didn't really receive, and then you could irreversibly send out some product in response to this non-payment. (This might require some mining power to pull off, I'm not sure.) This is more of a threat for automated services, though.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Bitware
Hero Member
*****
Offline Offline

Activity: 926
Merit: 1001


weaving spiders come not here


View Profile
August 18, 2016, 11:28:47 PM
 #25

Thank you for this valuable information.
Itoo
Jr. Member
*
Offline Offline

Activity: 33
Merit: 1


View Profile
August 19, 2016, 03:52:11 AM
 #26


...

PGP has the concept of a "PGP Web of Trust" that people are theoretically supposed to use to prevent this sort of thing, but it's complicated and doesn't work very well, so pretty much no one actually uses it. ...



Thanks for the info Theymos, very in-depth and helpful.

I hope this isn't too far off topic but, related to the quote above, I've been thinking about the concept of a 'web of trust' and how bitcoin and the p2p blockchain are basically exactly that, it's a currency whose veracity is enforced by a web of trust (among other things of course, but nodes operate on a similar concept I believe, of course they rely on a percentage of participators to be rationally motivated to be good players).

I've also been thinking of a post I just read by u/cannon-c on r/bitcoin about the need to decentralize data (such as the bitcoin repository, and any important open-source repository).

It seems that both of those things (gpg signature storage and open-source software repositories) could benefit from a decentralized p2p storage model, and possibly the security of being written to a/the blockchain (side-chains come to mind, but I'm by no means a programmer so could be off in my expectations there).

In any case, taking Namecoin as an example, I think open-source software and signature repositories are the exact kind of things that could benefit from bitcoin's model.

I'm truly a noob so there could be things I'm not considering. Thanks for any thoughts you have

Itoo
Jr. Member
*
Offline Offline

Activity: 33
Merit: 1


View Profile
August 19, 2016, 03:58:16 AM
 #27

My thoughts about hash storage and actual storage of the sig's and software aren't fully articulated, but I understand they are separate and would need to be considered separately, though that's not to say a data storage model couldn't have a built-in hash storage/verification model as well. I just understand that space usage is an important consideration in a decentralized model that you want to keep as decentralized as possible. Thanks for reading my ramblings Smiley
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
August 19, 2016, 08:48:54 AM
 #28

What I want to know is, what "State" is sponsoring this malicious attack? Is it China? The USA? I would imagine a collective of countries conversing on this and funding the attackers with Bitcoin, since fiat is so traceable nowadays.

I think he found direct evidence of GFW doing a DNS MITM for bitcoin.org.  That to me is the most reasonable and most likely explanation.  Sure it could be another state sponsored attack, but all the other major state players just ban it and make it unpopular and whatnot.  China's the only one to just implement technical measures first and do other stuff later.  I think the GFW got updated to redirect bitcoin.org traffic.

This is of course entirely speculation without any shred of merit.

luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
August 19, 2016, 08:51:25 AM
 #29

Is Electrum still safe to use?

Electrum is no more or less safe than it has always been.  You should of course be PGP verifying your Electrum downloads.

Animazing's key is 9914864DFC33499C6CA2BEEA22453004695506FD, and Thomas V's key is 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6.

alani123
Legendary
*
Offline Offline

Activity: 2590
Merit: 1512



View Profile
August 19, 2016, 09:43:56 AM
 #30

The news about the announcement spread like wildfire...

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
Divorcion
Full Member
***
Offline Offline

Activity: 171
Merit: 100


View Profile
August 19, 2016, 12:28:20 PM
 #31

a very important post, thanks.
tutorialevideo
Legendary
*
Offline Offline

Activity: 1161
Merit: 1001

Don`t invest more than you can afford to lose


View Profile WWW
August 20, 2016, 06:23:48 PM
 #32

Thanks for the heads up!

Hosting Bitcoin and any mining gear in Europe/Romania.

https://bitcointalk.org/index.php?topic=5228685.msg53918147#msg53918147

For more info you can write me!
Abiky
Legendary
*
Offline Offline

Activity: 3388
Merit: 1407


www.Crypto.Games: Multiple coins, multiple games


View Profile
August 20, 2016, 08:24:55 PM
 #33

This post is very important in order to stay safe on the Bitcoin network. I've heard that soon we'll be getting the Seg Wit protocol so it will be a major improvement towards helping Bitcoin reach mainstream status. Scalability and security is the most important thing here so I hope that with Seg Wit we could finally get somewhere.  Cheesy

█████████████████████████
███████▄▄▀▀███▀▀▄▄███████
████████▄███▄████████
█████▄▄█▀▀███▀▀█▄▄█████
████▀▀██▀██████▀██▀▀████
████▄█████████████▄████
███████▀███████▀███████
████▀█████████████▀████
████▄▄██▄████▄██▄▄████
█████▀▀███▀▄████▀▀█████
████████▀███▀████████
███████▀▀▄▄███▄▄▀▀███████
█████████████████████████
.
 CRYPTOGAMES 
.
 Catch the winning spirit! 
█▄░▀███▌░▄
███▄░▀█░▐██▄
▀▀▀▀▀░░░▀▀▀▀▀
████▌░▐█████▀
████░░█████
███▌░▐███▀
███░░███
██▌░▐█▀
PROGRESSIVE
      JACKPOT      
██░░▄▄
▀▀░░████▄
▄▄▄▄██▀░░▄▄
░░░▀▀█░░▀██▄
███▄░░▀▄░█▀▀
█████░░█░░▄▄█
█████░░██████
█████░░█░░▀▀█
LOW HOUSE
         EDGE         
██▄
███░░░░░░░▄▄
█▀░░░░░░░████
█▄░░░░░░░░█▀
██▄░░░░░░▄█
███▄▄░░▄██▌
██████████
█████████▌
PREMIUM VIP
 MEMBERSHIP 
DICE   ROULETTE   BLACKJACK   KENO   MINESWEEPER   VIDEO POKER   PLINKO   SLOT   LOTTERY
mamamae
Legendary
*
Offline Offline

Activity: 1188
Merit: 1001



View Profile
August 22, 2016, 08:48:19 PM
 #34

i'm no expert but something like this can be used to certify the files for the wallets, even the code on github, the only problem is that need a source that certify the files are originals :

https://eternitywall.it/notarize



reality ? you fell to Scammers after being in an ICO , IPO
(more like any other stock and index in the world ICO or not got your portfolio down 25 % or 85 %)
Now  SEC is helping you getting back up your lost money maybe....
lucky80
Hero Member
*****
Offline Offline

Activity: 1694
Merit: 593


View Profile
August 23, 2016, 07:48:34 PM
 #35

Thankyou Sir for this helpful information...
Gumballinabattleaxeninja
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
August 23, 2016, 07:50:02 PM
 #36

What I want to know is, what "State" is sponsoring this malicious attack? Is it China? The USA? I would imagine a collective of countries conversing on this and funding the attackers with Bitcoin, since fiat is so traceable nowadays.

I think he found direct evidence of GFW doing a DNS MITM for bitcoin.org.  That to me is the most reasonable and most likely explanation.  Sure it could be another state sponsored attack, but all the other major state players just ban it and make it unpopular and whatnot.  China's the only one to just implement technical measures first and do other stuff later.  I think the GFW got updated to redirect bitcoin.org traffic.

This is of course entirely speculation without any shred of merit.

Can you tell me what GFW is? I may know what it is, but I do not know that acronym. Apologies for my ignorance and thank you for the information.
fitraok09
Legendary
*
Offline Offline

Activity: 1049
Merit: 1009

TRX: TCRKDukYt2zDie9vJDhToKrP3tyTV29U48


View Profile
August 24, 2016, 05:08:50 AM
 #37

What does it mean the sentences of "Be extra vigilant when downloading binaries from our website for the upcoming 0.13.0 release". I found on https://bitcoin.org/en/download

what happens with bitcoin core 0.13?  why we must be vigilant

alani123
Legendary
*
Offline Offline

Activity: 2590
Merit: 1512



View Profile
August 24, 2016, 09:27:41 AM
 #38

What does it mean the sentences of "Be extra vigilant when downloading binaries from our website for the upcoming 0.13.0 release". I found on https://bitcoin.org/en/download

what happens with bitcoin core 0.13?  why we must be vigilant



Here's the relevant alert issued. It's based on suspicion from what it seems. It's still good to check the integrity of programs you're going to run on your system.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
Steampunk
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
August 24, 2016, 03:59:42 PM
 #39


Can you tell me what GFW is? I may know what it is, but I do not know that acronym. Apologies for my ignorance and thank you for the information.

Great Firewall
fitraok09
Legendary
*
Offline Offline

Activity: 1049
Merit: 1009

TRX: TCRKDukYt2zDie9vJDhToKrP3tyTV29U48


View Profile
August 25, 2016, 04:01:31 AM
 #40


Here's the relevant alert issued. It's based on suspicion from what it seems. It's still good to check the integrity of programs you're going to run on your system.

ok. I will look it. thanks for advance
Pages: « 1 [2] 3 4 5 6 7 8 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!