The biggest security hole -> Default values

[Jaime Frontero]

ummm... returning to the thread topic (i.e., Default Vaues), i don't understand something.

we can already control where the client looks for its configuration file (-conf=<file>), and where it looks for its data (-datadir=<dir>).

why can't we have an option like -wallet=<file> ?

it's hardly perfect, or even particularly elegant:  but it seems to me that the ability to run a wallet.dat file that was called foo.bar would eliminate about 90% of the scriptkiddie issues.

no?

Not for very long - for example under unix I could just query the process table and find out the command line arguments.  You could change the binary itself...

diff -Naur bitcoin/src/init.cpp bitcoin2/src/init.cpp
--- bitcoin/src/init.cpp        2011-07-06 16:26:16.920000001 -0400
+++ bitcoin2/src/init.cpp       2011-07-06 16:28:27.890000001 -0400
@@ -386,7 +386,7 @@
     printf("Loading wallet...\n");
     nStart = GetTimeMillis();
     bool fFirstRun;
-    pwalletMain = new CWallet("wallet.dat");
+    pwalletMain = new CWallet("boogie.dat");
     if (!pwalletMain->LoadWallet(fFirstRun))
         strErrors += _("Error loading wallet.dat      \n");
     printf(" wallet      %15"PRI64d"ms\n", GetTimeMillis() - nStart);

but then you can look at the files the app is using (kokjo did) or scan the binary...blah blah...

yes.

but how many of the scriptkiddies have your level of knowledge?  the heavies run darkcomet by rote...

a -wallet=<file> command line option isn't a panacea - but there's very little that is in the realm of security.  we chip away at attack vectors like the attackers chip away at us.

eh.  i wouldn't mind having the option to run wallet off a thumbdrive, without the rest of the data directory on it.

[joepie91]

If there were to be a browser vulnerability that facilitated the stealing of a file (without relying on something like Java), what would be an incredibly easy target? Exactly, a Bitcoin wallet in a default location.

likewise a file I can use the OS search facility to find.

You seem to have conveniently left out the second part of my post.

The chance of a browser exploit that allows scanning the disk for a certain file is infinitely smaller than the chance of a browser exploit that allows stealing a file in a predefined location.

[BCEmporium]

DELETE THAT S*** ASAP

From where I stand, despite you look a good coder, you're RETARDED!
You just posted MASM32 code for a virus, do you at least have a clue on what you're doing?! Or trolling is more important to you?!

[BitterTea]

DELETE THAT S*** ASAP

From where I stand, despite you look a good coder, you're RETARDED!
You just posted MASM32 code for a virus, do you at least have a clue on what you're doing?! Or trolling is more important to you?!

So what? It's already out there, anybody who wants to can find it easily. It's not like your browser's going to execute it or something. 

I hope nobody's listening to you for security obscurity advice.

[jgraham]

DELETE THAT S*** ASAP

From where I stand, despite you look a good coder, you're RETARDED!

Uh...You look a good agitated?

You just posted MASM32 code for a virus, do you at least have a clue on what you're doing?! Or trolling is more important to you?!

So it would be bad if something on the internet was posted some where else on the internet?

Anyway don't get your panties in a bunch there grandma.

This isn't a virus.   Just the payload.  This is, essentially no different than the script that was posted kokjo yesterday.

Or didn't your l33t security sk1lz tell you that.

[BCEmporium]

Yeah... I already come across 5 variants (normally just with user/pass replaced) of that ftp stealer. Why not make it easier and publish it everywhere?
Coders normally wage enough to not need to steal, script kiddies however doesn't and will thank you a lot for your effort.

This isn't even about "security through obscurity or clarity" this is just making their life easier.

I see most of those to pretend to be security experts to be nothing but dumb brats; security isn't about making an attack impossible, because that's also impossible to achieve. Security is about make the attackers' life as hard as we can and keep vigilante.

[jgraham]

Yeah... I already come across 5 variants (normally just with user/pass replaced) of that ftp stealer. Why not make it easier and publish it everywhere?

In other words I *thought* you wrote this yourself but now that I googled it I see you didn't...and I forgot to admit that it isn't a Virus.

Coders normally wage enough to not need to steal, script kiddies however doesn't and will thank you a lot for your effort.

Ok, in case you haven't heard of it I'd like you to introduce to you Google.   It's this idea that the Internet should have some relatively centralized way of finding things.  Essentially it means that if it's in one place...it's everywhere.

This isn't even about "security through obscurity or clarity" this is just making their life easier.

Yes, I have now enabled those hackers who have access to the Bitcoin forum but not access to Google.   Do you really see that as a large group?

I see most of those to pretend to be security experts to be nothing but dumb brats;

Not sure to whom you are referring but I've actually explicitly stated that I'm not an expert.  I'm a professional.   IT Security is simply part of my job.

security isn't about making an attack impossible, because that's also impossible to achieve.

Equivocation.   "an attack" is not the same as "any attack".   Obviously it is possible to remove some attack vectors.

[BCEmporium]

I didn't run your code or even googled it, just read the claims and it seams you were improving it to scan the hard-drive for any position where the wallet may be. Sorry if you didn't, anyway there's always a good reason to not re-publish it.

Removing attack vectors == make the attacker's life harder.

Moving the wallet already removes one attack vector; its sitting duck place.

Encrypt it, as you suggest earlier, removes another; be able to easily open it.

[jgraham]

I didn't run your code or even googled it, just read the claims and it seams you were improving it to scan the hard-drive for any position where the wallet may be. Sorry if you didn't, anyway there's always a good reason to not re-publish it.

You clearly did not read the post very well and do not understand the attack posted and did not understand what I said about modifying it and apparently how it's almost irrelevant if something is published once on the internet or a hundred times.   Ever hear the adage: "You don't know enough to know what you don't know?"

Removing attack vectors == make the attacker's life harder.

You are using the term in an obscure way.   Clearly you can remove a vector  that is not a threat.

So rather than deal with your oddness I'll talk about my approach to security:

It is rare to know the probability of specific exploit being employed because it is rare to know enough about the environment to determine the probability of attack.  If it is rare to know the probability of an attack you are unlikely to know the utility of a defense.   i.e. how likely it was worth the cost of deployment.  So rather than talk about fixing potential attacks I tend to talk about reducing the attack surface.   That is removing or increasing the difficulty by a useful median case of a group of methods situated around obtaining an asset.
 
The wallet.dat file contains an asset you want to protect.   Moving it does not alter the attack surface.  It may have utility but as established....you can't know that!
However encrypting the wallet.dat file can reduce the attack surface.  It can remove the potential for an attacker to obtain the asset by a useful median case.

[BCEmporium]

You miss some utility on my proposal, the improved security of make you have to scan the computer to find it is just a surplus of the overall functionality.

And scan the computer gives out an alert to the user, by over usage of hd access and slowness of the system - this alone already worth it; more important than prevent an attack is to know when you're attacked so you can try to do something about, actually your idea of encrypt it voids mostly by refusing my idea, if the wallet is still a sitting duck under ~/.bitcoin/wallet.dat or %APPDATA%\Bitcoin\wallet.dat a trojan targeting it can get it without ringing any bells, leaving the robber time enough to try to break the user's password while the user is still using that wallet totally unaware of any danger. This means sooner or later the attacker manages to break the key and the user is pretty much done and caught by surprise.

My idea could be improved by hot-swap, allowing you to load another wallet without need to restart the client. It can be good to split wallets, allowing yet another security layer; by having his wallets spawned for 3 or 4 thumbdrives or SD cards will allow that even if one is attacked he doesn't go back to 0 coins. - Damage control.

Therefore, encrypt the wallet can be seen as complementary to this idea. If you think your idea alone is the panacea of everything and will reduce any attack surface then you're wrong and are selling false sense of security.

[jgraham]

You miss some utility on my proposal,

No, no I don't.

And scan the computer gives out an alert to the user, by over usage of hd access and slowness of the system

Not significantly as evidenced by actual tests.  Kokjo demonstrated using the /proc pseudo-filesystem to find the file without any exhaustive scanning. 

Therefore, encrypt the wallet can be seen as complementary to this idea.

To the idea of the on system relocating or renaming of the file.  Encryption reduces the attack surface moving does not.  I have explained this already.

If you think your idea alone is the panacea of everything and will reduce any attack surface then you're wrong and are selling false sense of security.

Again either you simply don't read, don't understand or don't want to.  It's all up there.  Moving a wallet off-system is fine it's better than just relocating the file on your hard drive but the scanning technique doesn't need to be changed very much to compensate.  The value is in how frequently you keep your wallet offline.  The difference between encrypting and moving is that the reduction in attack surface is predictable in the case of encryption and is not in the case of moving.   So the value of encrypting is known, the value of moving is not.

IMHO: You should not be giving security advice.

[BCEmporium]

Not significantly as evidenced by actual tests.  Kokjo demonstrated using the /proc pseudo-filesystem to find the file without any exhaustive scanning. 

This is just valid for LINUX, there's no such "/proc" vfs under Windows. For Linux his shell script was actually a goof attempt of show something, not only there're no known virus targeting bitcoin under Linux at the moment, as the script itself would need to be chmoded to get the executable bit.

The value of encrypt without move is zero. Either you use a password you can remember and potentially weak as so, or you use a great password you need to store in your computer. If that "ultimate stealer" can find the renamed and moved wallet.dat, can also get that other file where you stored the password to the wallet.

If you've nothing else to do than troll, then just leave. IMO you're just trolling.

[jgraham]

Not significantly as evidenced by actual tests.  Kokjo demonstrated using the /proc pseudo-filesystem to find the file without any exhaustive scanning. 

This is just valid for LINUX, there's no such "/proc" vfs under Windows.

So it's valid.  Good. 

there's no such "/proc" vfs under Windows.

Process explorer finds files opened by processes just fine...and you missed the part about me scanning my system in 8 seconds.

as the script itself would need to be chmoded to get the executable bit.

You really don't get how these things work do you.  Nobody claimed that the script was a completely functional trojan.

The value of encrypt without move is zero. Either you use a password

So you have to use a password cracker not a file stealer.   You have just admitted that the attack surface has been reduced.  Congratulations, on your enlightenment.

you can remember and potentially weak as so, or you use a great password you need to store in your computer.

False dichotomy.  Some of us, every day use passwords that would take a hundred years to crack.  That doesn't even take into consideration things like passphrases or sequential memory-hard algorithms.  As stated before using encryption creates a known median case.  How much time moving buys you is an unknown.  So it's value is unknown.

QED.

[BCEmporium]

Enough with your fallacies! Either do something productive or zip it!

Your stating resumes to:

You're doing a life vest and the attackers will come with a canon... so for your "solution" I can say you are creating an armor that to stand a canon attack and they will come with a nuke.

And you miss the central point:
In nowhere I stated my "solution" was the panacea of all wallet.dat issues It's an interesting and easy to implement feature, not the "ultimate anti-hack bullshit" as you're trying to sell out yours.

And yeah, some might use AReallyF*#@ngLongPassw00rdWhichTakesAgesToCrack, whereas others don't like to be bothered and will simply input 123...

[jgraham]

Enough with your fallacies! Either do something productive or zip it!

Your stating resumes to:

You're doing a life vest and the attackers will come with a canon... so for your "solution" I can say you are creating an armor that to stand a canon attack and they will come with a nuke.

I fully confess to having no idea how to parse that sentence.

And you miss the central point:
In nowhere I stated my "solution" was the panacea of all wallet.dat issues It's an interesting and easy to implement feature, not the

Strawman.  I never said you did.  I just said it has no quantifiable value.  However you did say: "Having default values set is the biggest security hole on most software".  So if moving solves this issue then simple substitution reveals that you believe that moving default files "Solves the biggest security hole on most software".  While that isn't saying that it makes security perfect it does say a heck of a lot more than: "an interesting and easy to implement feature".

"ultimate anti-hack bullshit" as you're trying to sell out yours.

Strawman again.  I just said that encryption has a quantifiable value.

And yeah, some might use AReallyF*#@ngLongPassw00rdWhichTakesAgesToCrack, whereas others don't like to be bothered and will simply input 123...

Which is irrelevant to the discussion.  In one case the attack surface is reduced in the other it is not.

I'm glad we had this talk.

[MikesMechanix]

http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect

Since you think passwords are so easy to break, here is a SINGLE-ROUND md5 hash of a password I use daily. It even has dictionary based words in it so that it's easier to remember. Let me know when you've cracked it: 3dcd7dd499205f7f36544e71d3e8ed49

Here's another single-round md5 which would be considered very weak by most security professionals: 827a9861340aa529ad351cd80fcd1283
Let me know when you've cracked that one, too!