Bitcoin Forum
December 11, 2016, 06:37:46 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: The biggest security hole -> Default values  (Read 3545 times)
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 06, 2011, 02:45:43 PM
 #1

Having default values set is the biggest security hole on most software, this behavior allows malicious software to know exactly what and where to find what it wants. Some examples are:

C:\Windows
%AppData%\Mozilla Firefox
%AppData%\Mozilla Thunderbird
%AppData%\Filezilla
%AppData%\Bitcoin

For some sort of data this ok, like the blockchain, for personal data ain't. Bitcoin client needs to be patched to allow the users to choose where to store wallet.dat and, more over, to choose what name to give to that file.
Think about it...
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
zhalox
Full Member
***
Offline Offline

Activity: 175


XMR = BTC in 2010. Rise chikun.


View Profile
July 06, 2011, 03:00:37 PM
 #2

That's a brilliant idea - if this is implemented, much of the current Bitcoin malware will be obsolete for those who upgrade to the newest version (although new malware will adapt to any changes, I'm sure).  I assume you're suggesting that the user could specify a wallet name and location in the "Options" dialog box?  Perhaps you could go to the developers' IRC channel and inform them of this proposal, if they haven't heard about it yet...

EDIT:
Please don't misunderstand, I'm not saying that this will "fix" the client or "protect" against all malware (remember, security experts/black-hat hackers always find ways around security eventually).

jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
July 06, 2011, 03:03:42 PM
 #3

Having default values set is the biggest security hole on most software, this behavior allows malicious software to know exactly what and where to find what it wants. Some examples are:

C:\Windows
%AppData%\Mozilla Firefox
%AppData%\Mozilla Thunderbird
%AppData%\Filezilla
%AppData%\Bitcoin

For some sort of data this ok, like the blockchain, for personal data ain't. Bitcoin client needs to be patched to allow the users to choose where to store wallet.dat and, more over, to choose what name to give to that file.
Think about it...
Question...how does the client find the new wallet.dat (or whatever it gets called).

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 06, 2011, 03:04:58 PM
 #4

useless! trojans cloud scan the whole computer for the wallet.

this is just security through obscurity, and will NOT WORK.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
July 06, 2011, 03:11:36 PM
 #5

useless! trojans cloud scan the whole computer for the wallet.

this is just security through obscurity, and will NOT WORK.


You stole my thunder man.  I was leading up to that. 

Point is that even if you called the file a random name...the client needs to know what that is.   Which means you store it somewhere....

Only exception I see is if you are willing to select the file each time you start the client up.   In which case the file might have some distinguishing characteristics so you could just san the whole machine for it (or anything resembling it).   Which means you could encrypt it with a sufficiently padded OTP...which you store somewhere....

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 06, 2011, 04:10:55 PM
 #6

Security IS obscurity. That dogma you stated makes no sense at all. Anything that's open isn't by nature secure; it's just open.

The value of BTC justifies for the user to search for it when he opens the client, so the wallet place isn't stored anywhere outside its owner brain. the client could well also allow hot-swap of wallets.


Yes, a trojan may scan your computer... making it dead slow and probably making you try to figure what's going on. But the current way the trojan have all the way open %APPDATA%\Bitcoin\wallet.dat; easy pick virus for any script kiddie.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
July 06, 2011, 04:14:15 PM
 #7

useless! trojans cloud scan the whole computer for the wallet.

this is just security through obscurity, and will NOT WORK.


You stole my thunder man.  I was leading up to that. 

Point is that even if you called the file a random name...the client needs to know what that is.   Which means you store it somewhere....

Only exception I see is if you are willing to select the file each time you start the client up.   In which case the file might have some distinguishing characteristics so you could just san the whole machine for it (or anything resembling it).   Which means you could encrypt it with a sufficiently padded OTP...which you store somewhere....
At least you probably wouldn't be able to write a done-in-10-seconds wallet stealer in AutoIt anymore.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 06, 2011, 04:24:19 PM
 #8

Quote
Security IS obscurity. That dogma you stated makes no sense at all. Anything that's open isn't by nature secure; it's just open.
real security, cryptography is (for now) secure in the next few million years.

The value of BTC justifies for the user to search for it when he opens the client, so the wallet place isn't stored anywhere outside its owner brain. the client could well also allow hot-swap of wallets.


Quote
Yes, a trojan may scan your computer... making it dead slow and probably making you try to figure what's going on. But the current way the trojan have all the way open %APPDATA%\Bitcoin\wallet.dat; easy pick virus for any script kiddie.
eazy pick by script kiddie:
1. replace client,
2. wait until user open teh wallet.dat
3. send wallet.dat to script kiddie.
4. PROFIT!!!

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 06, 2011, 04:29:15 PM
 #9

Wrong! Cryptography IS NOT security. Cryptography is a WAY to provide you OBSCURITY.
If you believe on security in open air, then just post your password. Better on, why use passwords? Just come, pick an username and wear it up.

A script kiddie normally go by AutoIt scripts and easy to implement code he can pick from the web; hooking into a running process isn't part of it.
This is also NOT the magical bullet that will kill all malicious software, is a way to make it harder to do so less people CAN do it, therefore less people DO IT.

Why make it easy to attack when all it takes is a file open dialog in the client or an argument passed to the bitcoind to make it way harder?
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 06, 2011, 04:34:21 PM
 #10

Quote
Wrong! Cryptography IS NOT security. Cryptography is a WAY to provide you OBSCURITY.
If you believe on security in open air, then just post your password. Better on, why use passwords? Just come, pick an username and wear it up.
LOL! troll!

Quote
A script kiddie normally go by AutoIt scripts and easy to implement code he can pick from the web; hooking into a running process isn't part of it.
This is also NOT the magical bullet that will kill all malicious software, is a way to make it harder to do so less people CAN do it, therefore less people DO IT.
i did not say it was a magical bullet.

Quote
Why make it easy to attack when all it takes is a file open dialog in the client or an argument passed to the bitcoind to make it way harder?
R U MAD? i could make a fake client, in about an hour. (no i will not, but i can)

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
July 06, 2011, 04:36:38 PM
 #11

Security IS obscurity. That dogma you stated makes no sense at all. Anything that's open isn't by nature secure; it's just open.

You changed the verb.  Kokjo said "security through obscurity".   What he (and most IT professionals mean) that obscurity is your methodology not your end product.

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 06, 2011, 04:40:50 PM
 #12

Troll, no. Many folks failed to understand the purpose of encryption and confuse it by "security" when all it does it "hide things" - therefore: provides obscurity.

Everyone with coding skills can make a fake client... what's your point with that one?!
I'm talking about implement this in the open source one...

@jgraham

Obscurity is meant to be something just you know, or a specific recipient; cryptography is just one way to do it. But to very end, security is obscurity and the more obscurity you add to it the more security you get; may it be in method or final product.
The worse part in security is to believe it's unbreakable... but that's "a wrong assumption" no matter the methods you used.

Actually, going a bit side line here, security and cryptography works this way:

If you're a good cryptographer and can create your own algorithms you get twice of the protection: Your own algorithm nobody else's knows and the final product.
If you can't or don't want to create new algorithms you get standard protection: just the final product is protected, but the algorithm is widely known.
If you are a lousy crypto and still go for it, you get half or less of protection; your easy to break/figure out algorithm and poorly encrypted data.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 06, 2011, 04:58:37 PM
 #13

Quote
Troll, no. Many folks failed to understand the purpose of encryption and confuse it by "security" when all it does it "hide things" - therefore: provides obscurity.
im not confused, you are.

Quote
Everyone with coding skills can make a fake client... what's your point with that one?!
I'm talking about implement this in the open source one...
yes, im not talking about including 'my code' in the client, im talking about replacing it with a fake, by a trojan.


Quote
Obscurity is meant to be something just you know, or a specific recipient; cryptography is just one way to do it. But to very end, security is obscurity and the more obscurity you add to it the more security you get; may it be in method or final product.
security!=obscurity , cryptography, ensures that by a certian chance that something is unbreakable.

Quote
The worse part in security is to believe it's unbreakable... but that's "a wrong assumption" no matter the methods you used.
we did not say that some security is not breakable.
i can make a 100% unbreakeable cipher, i can publish how it works, but you still can't break it, without my key.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 06, 2011, 05:08:16 PM
 #14

i can make a 100% unbreakeable cipher

Wow! I'm impressed!  Grin
Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one.
jgraham
Full Member
***
Offline Offline

Activity: 140


<Pretentious and poorly thought out latin phrase>


View Profile
July 06, 2011, 05:12:21 PM
 #15

@jgraham
Obscurity is meant to be something just you know, or a specific recipient; cryptography is just one way to do it. But to very end, security is obscurity and the more obscurity you add to it the more security you get; may it be in method or final product.

You are engaging in "ignoratio elenchi".  

Obscurity in the sense you're using it is simply something that a few people know.  Here kokjo and myself are saying that what is being proposed only moderately increases the difficulty in finding the file with - no useful lower bound - by putting it in a location that is not expected.  This is not even obscurity in your sense since the application itself has to know where the file is.

If the application does not know where the file is then you have to specify it each time (kokjo makes a good point about replacing the app but I'm assuming that we are trying to deal with a very narrow class of attacks).

However the facility for finding it exists in the OS (and in RAM but again that's another class of attack) and any user program has unrestricted access to this facility.  Ergo this hurdle does not defeat a class of attacks and makes it marginally slower with no useful lower bound (I could scan your drive over the course of a day or two without putting very much load on your system).

Edit: Even if we go further and encrypt the file with a OTP that the user enters from memory (good luck!).  I can still make short work of finding the file by search for files with some meta-characteristic.  Like a small file with a write-lock.

Quote
If you're a good cryptographer and can create your own algorithms you get twice of the protection: Your own algorithm nobody else's knows and the final product.

Cryptography is subtle.  It is just as likely that your algorithm misses something because you have not shown it to nobody else.  History is replete with people cracking algorithms which were not known.  e.g. DVD's : 40 bit CSS had us ROTFL the day it was released.

Teams of people have poured over MD5, SHA1 and we still are finding collisions and shortcuts. Please formally justify (using actually math) how the probability has a lower bound of absolutely no less than 2x of a key being found through an obscured algorithm than an unobscured one.  Please show your work.

Quote
If you can't or don't want to create new algorithms you get standard protection: just the final product is protected, but the algorithm is widely known.

Which is done because we know the attack surface of these algorithms whereas your algorithm we do not.

Quote
If you are a lousy crypto and still go for it, you get half or less of protection; your easy to break/figure out algorithm and poorly encrypted data.

...and here it looks like you are begging the question.

I'm rather good with Linux.  If you're having problems with your mining rig I'll help you out remotely for 0.05.  You can also propose a flat-rate for some particular task.  PM me for details.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 06, 2011, 05:12:32 PM
 #16

i can make a 100% unbreakeable cipher

Wow! I'm impressed!  Grin
Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one.
no nobel price to me, already invented http://en.wikipedia.org/wiki/One-time_pad

by you saying that, can conclude that you have no knowledge at all on the subject. and therefor you are a troll. Cheesy

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 06, 2011, 06:07:23 PM
 #17

i can make a 100% unbreakeable cipher

Wow! I'm impressed!  Grin
Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one.
no nobel price to me, already invented http://en.wikipedia.org/wiki/One-time_pad

by you saying that, can conclude that you have no knowledge at all on the subject. and therefor you are a troll. Cheesy

That's an improvement of
http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher

The indecipherable cipher suffers from patterns, the pathetic attempt done by Gilbert was to create an algorithm where the key matches in size the crypt text. Resulting in a stupidity, as if you can send such key securely, you rather send the plain text the same way and spare you from some worthless work.

Given a long enough key and a short enough text to Vernam's method and you would get that effect already.

PS - This topic isn't about cryptography anyway... my idea just provides a "hiding the wallet" not "encrypt it". -> This means that currently is like if everybody was using their wallets in the back pocket, making life easier to pickpockets. My method would simply make anyone put the wallet wherever he wishes... making pickpockets to have to look for it - still doesn't mean you get rid of pickpockets, just their job gets harder.
 Roll Eyes
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 06, 2011, 06:30:44 PM
 #18

i can make a 100% unbreakeable cipher

Wow! I'm impressed!  Grin
Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one.
no nobel price to me, already invented http://en.wikipedia.org/wiki/One-time_pad

by you saying that, can conclude that you have no knowledge at all on the subject. and therefor you are a troll. Cheesy

That's an improvement of
http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher

The indecipherable cipher suffers from patterns, the pathetic attempt done by Gilbert was to create an algorithm where the key matches in size the crypt text. Resulting in a stupidity, as if you can send such key securely, you rather send the plain text the same way and spare you from some worthless work.

Given a long enough key and a short enough text to Vernam's method and you would get that effect already.

PS - This topic isn't about cryptography anyway... my idea just provides a "hiding the wallet" not "encrypt it". -> This means that currently is like if everybody was using their wallets in the back pocket, making life easier to pickpockets. My method would simply make anyone put the wallet wherever he wishes... making pickpockets to have to look for it - still doesn't mean you get rid of pickpockets, just their job gets harder.
 Roll Eyes
if the pickpocketsers already has locked your in a prison, and searched you, you are doomed.
by hiding your wallet you gain nothing, if you gets a trojan, you are doomed.

im comparing a trojan with a prison. you are comparing a trojan with a pickpocketser, a trojan haves more control on your computer, then a pickpocketer haves on you, and it is therefor stupid to compare them.

about the cryptography, it is not stupid it is usable:
give 1mb key to a submarine, when they are at port, and keep the key yourself. you can now communicate 1mb of data between the submarine, when its 10000 miles away, 100% securely. not near 100%, but exactly 100%.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
July 06, 2011, 06:52:06 PM
 #19

Depends on what the trojan does.

Still, you believe it doesn't worth 2 lines of code because some other attacks will get through? Then we rather let go computer security all at once, as eventually some kind of attacks will pass... so what's the use?

You give 1MB key for OTP comm with a sub, and rather you not send them any block longer than 1MB, send him War and Peace and you start to get a pattern.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
July 06, 2011, 06:59:49 PM
 #20

Quote
Depends on what the trojan does.
no, trojans often install backdoors, an attaker can/will return.

Quote
Still, you believe it doesn't worth 2 lines of code because some other attacks will get through? Then we rather let go computer security all at once, as eventually some kind of attacks will pass... so what's the use?
100LOC in the client, and 5LOC in a trojan.

Quote
You give 1MB key for OTP comm with a sub, and rather you not send them any block longer than 1MB, send him War and Peace and you start to get a pattern.
sending him the pattern "War and Peace" in 1MB, does not create a pattern, in the encrypted data.
giving him a 10^100 byte key, and sending him 10^100 bytes "War and Peace", also does not.

it seems you simply dont understand it.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!