Bitcoin Forum
October 26, 2025, 06:20:34 AM *
News: Pumpkin carving contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bitcoin and buffer overflow attacks  (Read 3726 times)
da2ce7 (OP)
Legendary
*
Offline Offline

Activity: 1222
Merit: 1016


Live and Let Live


View Profile
December 11, 2010, 05:49:22 AM
Merited by ABCbits (2)
 #1

I am convinced that the foundation of bitcoin (ie. the block chain) is secure from any non-nationally funded attack.  The only attack that makes me scared is a buffer overflow attack that steals the private keys in the wallet, however doesn't spend them.

If a significantly large attack happens to the block chain, we can always make a new branch that doesn't include the attack; with the theft of private keys, there is no easy recovery option, save (in the case of a massive attack), starting the block chain from 0 again.

As I'm not a security expert, I do not know how secure bitcoin is against this sort of attack.  However from my non-expert understanding direct to IP address transfers seems like a obvious surface area to attack.

Two questions: what attack areas dose the current bitcoin software have that could enable the theft of bitcoin private keys?
Secondly, what efforts can be taken to minimize the attack surface area of bitcoin?

One off NP-Hard.
grondilu
Legendary
*
Offline Offline

Activity: 1288
Merit: 1091


View Profile
December 11, 2010, 05:52:40 AM
 #2

I am convinced that the foundation of bitcoin (ie. the block chain) is secure from any non-nationally funded attack.  The only attack that makes me scared is a buffer overflow attack that steals the private keys in the wallet, however doesn't spend them.

If a significantly large attack happens to the block chain, we can always make a new branch that doesn't include the attack; with the theft of private keys, there is no easy recovery option, save (in the case of a massive attack), starting the block chain from 0 again.

As I'm not a security expert, I do not know how secure bitcoin is against this sort of attack.  However from my non-expert understanding direct to IP address transfers seems like a obvious surface area to attack.

Two questions: what attack areas dose the current bitcoin software have that could enable the theft of bitcoin private keys?
Secondly, what efforts can be taken to minimize the attack surface area of bitcoin?

I've always thought that the only known possible attacks could allow double spendin or freeze the whole network.

I doubt any attack could steal private keys, apart from conventionnal attacks to the file system.

But I'm not an expert at all.

da2ce7 (OP)
Legendary
*
Offline Offline

Activity: 1222
Merit: 1016


Live and Let Live


View Profile
December 11, 2010, 06:03:38 AM
 #3

this isn't about protocol attacks, eg double spend and freezing.  Rather implementation security weaknesses.

One off NP-Hard.
laanwj
Hero Member
*****
qt
Offline Offline

Activity: 826
Merit: 1034


View Profile
December 11, 2010, 09:59:40 AM
Merited by ABCbits (1)
 #4

There is no way to be absolutely sure that there are no buffer overflow attacks. Although it would help to implement the client in a language that doesn't have buffer overflows because it checks array indices (Python, Java, C#, ...).
satoshi
Founder
Sr. Member
*
qt
Offline Offline

Activity: 364
Merit: 8282


View Profile
December 11, 2010, 01:32:37 PM
Merited by EFS (4), ABCbits (2), jjjfff (1), Phobosator32 (1)
 #5

direct to IP address transfers seems like a obvious surface area to attack.
If you ever find anyone who turned it on.  It's disabled by default.

There is no way to be absolutely sure that there are no buffer overflow attacks. Although it would help to implement the client in a language that doesn't have buffer overflows because it checks array indices (Python, Java, C#, ...).
It's all STL.  There are almost no buffers.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!