Bitcoin Forum
September 28, 2016, 05:10:04 AM *
News: Due to DDoS attacks, there may be periodic downtime.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoin and buffer overflow attacks  (Read 2710 times)
da2ce7
Legendary
*
Offline Offline

Activity: 1216


Live and Let Live


View Profile
December 11, 2010, 05:49:22 AM
 #1

I am convinced that the foundation of bitcoin (ie. the block chain) is secure from any non-nationally funded attack.  The only attack that makes me scared is a buffer overflow attack that steals the private keys in the wallet, however doesn't spend them.

If a significantly large attack happens to the block chain, we can always make a new branch that doesn't include the attack; with the theft of private keys, there is no easy recovery option, save (in the case of a massive attack), starting the block chain from 0 again.

As I'm not a security expert, I do not know how secure bitcoin is against this sort of attack.  However from my non-expert understanding direct to IP address transfers seems like a obvious surface area to attack.

Two questions: what attack areas dose the current bitcoin software have that could enable the theft of bitcoin private keys?
Secondly, what efforts can be taken to minimize the attack surface area of bitcoin?

One off NP-Hard.
1475039404
Hero Member
*
Offline Offline

Posts: 1475039404

View Profile Personal Message (Offline)

Ignore
1475039404
Reply with quote  #2

1475039404
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1475039404
Hero Member
*
Offline Offline

Posts: 1475039404

View Profile Personal Message (Offline)

Ignore
1475039404
Reply with quote  #2

1475039404
Report to moderator
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
December 11, 2010, 05:52:40 AM
 #2

I am convinced that the foundation of bitcoin (ie. the block chain) is secure from any non-nationally funded attack.  The only attack that makes me scared is a buffer overflow attack that steals the private keys in the wallet, however doesn't spend them.

If a significantly large attack happens to the block chain, we can always make a new branch that doesn't include the attack; with the theft of private keys, there is no easy recovery option, save (in the case of a massive attack), starting the block chain from 0 again.

As I'm not a security expert, I do not know how secure bitcoin is against this sort of attack.  However from my non-expert understanding direct to IP address transfers seems like a obvious surface area to attack.

Two questions: what attack areas dose the current bitcoin software have that could enable the theft of bitcoin private keys?
Secondly, what efforts can be taken to minimize the attack surface area of bitcoin?

I've always thought that the only known possible attacks could allow double spendin or freeze the whole network.

I doubt any attack could steal private keys, apart from conventionnal attacks to the file system.

But I'm not an expert at all.
da2ce7
Legendary
*
Offline Offline

Activity: 1216


Live and Let Live


View Profile
December 11, 2010, 06:03:38 AM
 #3

this isn't about protocol attacks, eg double spend and freezing.  Rather implementation security weaknesses.

One off NP-Hard.
wumpus
Hero Member
*****
qt
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
December 11, 2010, 09:59:40 AM
 #4

There is no way to be absolutely sure that there are no buffer overflow attacks. Although it would help to implement the client in a language that doesn't have buffer overflows because it checks array indices (Python, Java, C#, ...).

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
satoshi
Founder
Sr. Member
*
qt
Offline Offline

Activity: 364


View Profile
December 11, 2010, 01:32:37 PM
 #5

direct to IP address transfers seems like a obvious surface area to attack.
If you ever find anyone who turned it on.  It's disabled by default.

There is no way to be absolutely sure that there are no buffer overflow attacks. Although it would help to implement the client in a language that doesn't have buffer overflows because it checks array indices (Python, Java, C#, ...).
It's all STL.  There are almost no buffers.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!