Bitcoin Forum
December 05, 2016, 04:41:06 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Concerns - IRC DDOS Attacks, Wallet Limits  (Read 1539 times)
somethinghidden
Newbie
*
Offline Offline

Activity: 14


View Profile
June 14, 2011, 08:03:33 AM
 #1

Hi all,  I would first like to welcome everyone looking at this to my first thread on the forum!  Grin

My first concern is that of peer discovery, I know by briefly looking through the code for the BitcoinJ client that it seems the general way to discover peers is by connecting to an IRC server and looking for peers in the channel list. IRC servers are vulnerable to DDoS it would be quite easy for the U.S. Government, or anyone with a botnet to launch an attack on the IRC server. I'm not sure if it is true for the official bitcoin client but the BitcoinJ client only specifies one IRC server. Is there a plan to setup a mirror service like we seen with WikiLeaks but for IRC? I guess as along as one node could be found you could potentially receive the list of peers by that node. My concern is for clients that have not discovered any nodes yet. I also seen a DNS resolution file but it was not implented yet. I know in the official client there are some IP addresses that are commented out and I suppose people could look on a site for at least one node to connect to, so maybe I answered my own question.

Second, what if someone mined Wallets instead of bitcoins? What I mean by this is that if someone created a client that continuously created send and receive wallets how long would it take before all of the addresses are used up? How would you prevent this?

Gimme some bitcoins: 1CnJ7X4QBk8UDoiRmuTrSoxXVgUWbo4dTZ Smiley Thanks!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480956066
Hero Member
*
Offline Offline

Posts: 1480956066

View Profile Personal Message (Offline)

Ignore
1480956066
Reply with quote  #2

1480956066
Report to moderator
1480956066
Hero Member
*
Offline Offline

Posts: 1480956066

View Profile Personal Message (Offline)

Ignore
1480956066
Reply with quote  #2

1480956066
Report to moderator
jaime
Sr. Member
****
Offline Offline

Activity: 337


División de Poderes s.XXI es Descentralización


View Profile WWW
June 14, 2011, 08:55:12 AM
 #2

Second, what if someone mined Wallets instead of bitcoins? What I mean by this is that if someone created a client that continuously created send and receive wallets how long would it take before all of the addresses are used up? How would you prevent this?

There are 2^160 possible addresses, so your investment in wallet mining to find a collision would be astronomical. You would not get any benefit from it --besides the big news-- as the only wallet who would be able to spend that address's balance is the one who has the private key.

Stardust
Full Member
***
Offline Offline

Activity: 190


View Profile
June 14, 2011, 09:01:28 AM
 #3

I don't know about BitcoinJ, but in the original Bitcoin client, you can add nodes manually.  See the wiki for nodes.
somethinghidden
Newbie
*
Offline Offline

Activity: 14


View Profile
June 14, 2011, 09:06:03 AM
 #4

Second, what if someone mined Wallets instead of bitcoins? What I mean by this is that if someone created a client that continuously created send and receive wallets how long would it take before all of the addresses are used up? How would you prevent this?

There are 2^160 possible addresses, so your investment in wallet mining to find a collision would be astronomical. You would not get any benefit from it --besides the big news-- as the only wallet who would be able to spend that address's balance is the one who has the private key.

I do not plan to do it, I'm throwing it out there as a what if. If all of the addresses have been generated is there a function that will reclaim empty wallets? The only people interested in this are like the two senators that want to see it shutdown.

Gimme some bitcoins: 1CnJ7X4QBk8UDoiRmuTrSoxXVgUWbo4dTZ Smiley Thanks!
cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 14, 2011, 09:15:12 AM
 #5

Second, what if someone mined Wallets instead of bitcoins? What I mean by this is that if someone created a client that continuously created send and receive wallets how long would it take before all of the addresses are used up? How would you prevent this?

There are 2^160 possible addresses, so your investment in wallet mining to find a collision would be astronomical. You would not get any benefit from it --besides the big news-- as the only wallet who would be able to spend that address's balance is the one who has the private key.

I do not plan to do it, I'm throwing it out there as a what if. If all of the addresses have been generated is there a function that will reclaim empty wallets? The only people interested in this are like the two senators that want to see it shutdown.

Ah. It's perfectly legal to generate an existing wallet again.
Yes, someone could generate your wallet and take your coins. It's unlikely.
Unlikely: all the air in the room happens to congregate at the other end; you die of asphyxia.

somethinghidden
Newbie
*
Offline Offline

Activity: 14


View Profile
June 14, 2011, 09:18:19 AM
 #6

Second, what if someone mined Wallets instead of bitcoins? What I mean by this is that if someone created a client that continuously created send and receive wallets how long would it take before all of the addresses are used up? How would you prevent this?

There are 2^160 possible addresses, so your investment in wallet mining to find a collision would be astronomical. You would not get any benefit from it --besides the big news-- as the only wallet who would be able to spend that address's balance is the one who has the private key.

I do not plan to do it, I'm throwing it out there as a what if. If all of the addresses have been generated is there a function that will reclaim empty wallets? The only people interested in this are like the two senators that want to see it shutdown.

Ah. It's perfectly legal to generate an existing wallet again.
Yes, someone could generate your wallet and take your coins. It's unlikely.
Unlikely: all the air in the room happens to congregate at the other end; you die of asphyxia.


I think you guys are missing the point. I'm not worried about my coins. I'm worried about the future of the bitcoin if someone were to launch that attack on the bitcoin network. If all wallet addresses were allocated, what measures are in place to reclaim empty/unused wallets?

Gimme some bitcoins: 1CnJ7X4QBk8UDoiRmuTrSoxXVgUWbo4dTZ Smiley Thanks!
cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 14, 2011, 09:24:26 AM
 #7

Second, what if someone mined Wallets instead of bitcoins? What I mean by this is that if someone created a client that continuously created send and receive wallets how long would it take before all of the addresses are used up? How would you prevent this?

There are 2^160 possible addresses, so your investment in wallet mining to find a collision would be astronomical. You would not get any benefit from it --besides the big news-- as the only wallet who would be able to spend that address's balance is the one who has the private key.

I do not plan to do it, I'm throwing it out there as a what if. If all of the addresses have been generated is there a function that will reclaim empty wallets? The only people interested in this are like the two senators that want to see it shutdown.

Ah. It's perfectly legal to generate an existing wallet again.
Yes, someone could generate your wallet and take your coins. It's unlikely.
Unlikely: all the air in the room happens to congregate at the other end; you die of asphyxia.


I think you guys are missing the point. I'm not worried about my coins. I'm worried about the future of the bitcoin if someone were to launch that attack on the bitcoin network. If all wallet addresses were allocated, what measures are in place to reclaim empty/unused wallets?

Wallet addresses are NOT ALLOCATED.

Stardust
Full Member
***
Offline Offline

Activity: 190


View Profile
June 14, 2011, 09:27:04 AM
 #8

You are still worried because you didn't understand that Bitcoin is not fully dependent on IRC.  And because you don't know that there haven't been any PGP keys collisions yet.

But if you are really that worried, you can use multiple addresses, to reduce such an unlikely risk. ^_^
somethinghidden
Newbie
*
Offline Offline

Activity: 14


View Profile
June 14, 2011, 09:29:37 AM
 #9


Wallet addresses are NOT ALLOCATED.


So your telling me other peers have no clue about what address is assigned where and there are absolutely no records to prevent duplication?

Gimme some bitcoins: 1CnJ7X4QBk8UDoiRmuTrSoxXVgUWbo4dTZ Smiley Thanks!
cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 14, 2011, 09:31:33 AM
 #10


Wallet addresses are NOT ALLOCATED.


So your telling me other peers have no clue about what address is assigned where and there are absolutely no records to prevent duplication?

There're records. But there's no de-duplication. If 2 people generate the same address, they can both spend coins sent there.

somethinghidden
Newbie
*
Offline Offline

Activity: 14


View Profile
June 14, 2011, 09:33:29 AM
 #11


Wallet addresses are NOT ALLOCATED.


So your telling me other peers have no clue about what address is assigned where and there are absolutely no records to prevent duplication?

There're records. But there's no de-duplication. If 2 people generate the same address, they can both spend coins sent there.

So what your telling me is I really do need to write code to generate all possible wallets and I can spend bitcoins out of everyone's wallet?

Gimme some bitcoins: 1CnJ7X4QBk8UDoiRmuTrSoxXVgUWbo4dTZ Smiley Thanks!
cuddlefish
Full Member
***
Offline Offline

Activity: 126



View Profile
June 14, 2011, 09:37:00 AM
 #12


Wallet addresses are NOT ALLOCATED.


So your telling me other peers have no clue about what address is assigned where and there are absolutely no records to prevent duplication?

There're records. But there's no de-duplication. If 2 people generate the same address, they can both spend coins sent there.

So what your telling me is I really do need to write code to generate all possible wallets and I can spend bitcoins out of everyone's wallet?

Yep, exactly.

There's only 2^140 possible addresses! Get cracking!

2^140 = 1393796574908163946345982392040522594123776

dr_nix
Newbie
*
Offline Offline

Activity: 26


View Profile
June 14, 2011, 09:45:04 AM
 #13

I think you guys are missing the point. I'm not worried about my coins. I'm worried about the future of the bitcoin if someone were to launch that attack on the bitcoin network. If all wallet addresses were allocated, what measures are in place to reclaim empty/unused wallets?

Wallet addresses are NOT ALLOCATED.


Exactly. But in more detail: If you generate a wallet you are basically generating a (bunch of) key pair(s): a public one (basically this is the receive address) and a private one (which can send BTC that were received by its corresponding public key earlier). No one notices when you do this on your computer.
So, you can generate lots of addresses, but you can't do anything with them (do transactions that clog the network, so someone does notice): unless you have some huge amount of BTC lying around you can send send them some fractional bitcoin. *
If someone else generates an address that is already generated in your astronomical pool, he can just use it. (And you can drain his funds, but this is astronomically difficult, as some else said before)**

* = spamming attack
** = generating lots of addresses: Collision attack
See https://en.bitcoin.it/wiki/Weaknesses, it has lots of information and of course it explains it more elaborately than I do Smiley
somethinghidden
Newbie
*
Offline Offline

Activity: 14


View Profile
June 15, 2011, 06:40:39 PM
 #14


Yep, exactly.

There's only 2^140 possible addresses! Get cracking!

2^140 = 1393796574908163946345982392040522594123776

After making some code changes on a single thread on a CPU I was able to generate these stats after 12 hours:
 wallet                 9793ms
Rescanning last 131051 blocks (from block 0)...
 rescan                24540ms
Done loading
mapBlockIndex.size() = 131055
nBestHeight = 131051
mapKeys.size() = 399643
mapPubKeys.size() = 399643
mapWallet.size() = 0
mapAddressBook.size() = 399538

So about 33294.833333333 public/private key pairs per hour on a shitty processor. I also did mispeak I now realize that I'm not generating "wallets" but rather just a hash that contains public/private key pairs. This is probably not the most efficient way to perform such an attack, having a pool of computers generating the public/private keypairs would be a much better method. However, I have determined that the current system is safe enough for me Smiley I hope that someone with more time to dedicate to this is not successful. I will still trust in a bank external to the bitcoin system with the vast majority of my money because there is a remote chance out of "luck" someone may generate my public/private key pair, reconstruct the transactions in their wallet and drain all of my cash. I will be testing again with some GPUs once my hardware comes in, sorry about the RPC flood, lol. I guess at least the network is resilient enough to not even notice.

Gimme some bitcoins: 1CnJ7X4QBk8UDoiRmuTrSoxXVgUWbo4dTZ Smiley Thanks!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!