Bitcoin Forum
November 16, 2024, 06:08:35 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Beginners & Help > Integrity of ensuring the correct recipient of a BTC public address?
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Integrity of ensuring the correct recipient of a BTC public address?  (Read 465 times)
WhatsUpFreak (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
May 17, 2013, 02:21:03 PM
 #1
If a hacker gains access to a website and proceeds to vandalize the website, including changing the public-key of a BTC wallet, this would direct all payments to the hacker. Is this a security risk inherent to the use of BTC or is there something implemented that could prevent this? I am new to BTC/crypto-currency, so I don't fully understand all the details.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
May 17, 2013, 02:28:55 PM
 #2
There is work in progress to tie public address generation to CA certificates for commercial sites (am not sure how that has progressed so far but it is likely to be appearing in the next major release from what I gather).

Another perhaps less satisfactory solution is already available via the use of "firstbits". As an example you can go to blockchain.info and type in 1ciyam to find my project's public address (assuming you trust blockchain.info to show you the correct one).
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
WhatsUpFreak (OP)
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
May 17, 2013, 03:23:47 PM
 #3
Quote from: CIYAM Open on May 17, 2013, 02:28:55 PM
There is work in progress to tie public address generation to CA certificates for commercial sites (am not sure how that has progressed so far but it is likely to be appearing in the next major release from what I gather).

Another perhaps less satisfactory solution is already available via the use of "firstbits". As an example you can go to blockchain.info and type in 1ciyam to find my project's public address (assuming you trust blockchain.info to show you the correct one).


Interesting...Thanks. This seems like it could be very dangerous for small online vendors if they do not follow proper security implementations. Could this not be fixed with newly generated public-keys every time a transaction takes place? Similar to when you generate a new wallet on bitaddress.org.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
May 17, 2013, 03:32:28 PM
 #4
Quote from: WhatsUpFreak on May 17, 2013, 03:23:47 PM
Could this not be fixed with newly generated public-keys every time a transaction takes place? Similar to when you generate a new wallet on bitaddress.org.

Indeed it is best practice to generate a separate address per tx but of course you still have to trust that whatever address you are presented with *does* belong to the site you think it does.
With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Pages: [1]
  Print  
Bitcoin Forum > Other > Beginners & Help > Integrity of ensuring the correct recipient of a BTC public address?
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!