Bitcoin Forum
December 08, 2016, 08:17:21 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Feature request: Implement SSH-like conn encryption into protocol (OpenSSL ?)  (Read 1556 times)
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
January 21, 2011, 01:59:14 PM
 #1

I propose something that has been discussed many times on the forums - implementing connection encryption to the bitcoin protocol.

Details:
- Like SSH, people will be able to connect to each other securely, using cryptographic keys / identities they need to exchange first.
- As in SSH, each host will generate its fingerprint, and set of private/public keys. So nodes connecting will be able to verify each other
- Some nodes (like banks) will be able to publish their keys/fingerprints somewhere (like on their site), so that everybody can confirm who they are when connecting to their bitcoin clients
- When key/fingerprint of remote node changes, user will be warned & asked if he wants to connect anyway (like in SSH).

- To make things easier, one could use openssl library present in every major operating system to implement this.

Possible benefits:
- Possibility of having almost 100% anonymity for each node. (if some random traffic generator will be also implemented) A third party no longer will be able to tell who is who and which transaction is which by sniffing the traffic coming in/out of a node.
- Real security & more anonymity when connecting through TOR (right now the exit nodes can easily sniff/intercept all traffic, so using bitcoin on TOR is somewhat dangerous).
- Eleminate man-in-the-middle attacks.
- People will be able to create "semi-certificate authorities", which will store each node's fingerprints and show them publicly, so nodes of the network can be verified.
- Clients (like banks) could choose to connect only to trusted, SSL-verified nodes, and ignore the rest.

Possible disadvantages:
- Possibility of centralization of the network ?

1481185041
Hero Member
*
Offline Offline

Posts: 1481185041

View Profile Personal Message (Offline)

Ignore
1481185041
Reply with quote  #2

1481185041
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
January 21, 2011, 02:28:55 PM
 #2

I can see the advantage on the authentication part. You could have a set of trusted nodes to connect to in order to avoid being "surrounded" by attackers.
But, as most people minded with security (banks and other institutions included) will probably hide their IP, this wouldn't be so useful, unless the client could connect to hidden services. But then the anonymity network itself guarantees authenticity, no need for the client to sign its messages...

Now, on the encryption part of an SSH-like connection, I fail to see the advantages. All messages your client send are supposed to be propagated to the entire public network anyway. They are not secret. Why encrypt?

I'd rather change your request to something like "being able to configure a set of IPs and/or Tor/I2P hidden services ids to connect to".

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
January 21, 2011, 02:50:10 PM
 #3

Now, on the encryption part of an SSH-like connection, I fail to see the advantages. All messages your client send are supposed to be propagated to the entire public network anyway. They are not secret. Why encrypt?

Simple. So that nobody knows what IP were these transactions created by.

And SSH-like connection will be almost exactly the same as a SSL-like connection, but without central certificate authorities. Of course some mechanism of reading fingerprints from a HTTPS site could also be implemented, so people could create "semi-certificate authorities" which would be simply a list of node IP's with their fingerprints.

caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
January 21, 2011, 03:00:32 PM
 #4

Now, on the encryption part of an SSH-like connection, I fail to see the advantages. All messages your client send are supposed to be propagated to the entire public network anyway. They are not secret. Why encrypt?

Simple. So that nobody knows what IP were these transactions created by.

That's anonymity you want. Why Tor isn't enough?
Actually, encrypting won't make it anonymous, the nodes you're connecting to would see the messages coming from you.


By the way, are propagated messages any different from those sent by their creators?

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
January 21, 2011, 03:32:35 PM
 #5

Simple. So that nobody knows what IP were these transactions created by.
That wouldn't change anything.

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
January 21, 2011, 04:58:30 PM
 #6

That's anonymity you want. Why Tor isn't enough?
Actually, encrypting won't make it anonymous, the nodes you're connecting to would see the messages coming from you.

That is a fair point, why didn't i think of it ?
Encryption is pointless, because when an attacker can control enough bitcoin nodes, SSL won't help at all...

jgarzik
Legendary
*
qt
Offline Offline

Activity: 1470


View Profile
January 21, 2011, 06:12:33 PM
 #7

Encryption is pointless, because when an attacker can control enough bitcoin nodes, SSL won't help at all...

Encryption is not pointless, because it is unlikely an attacker can control enough bitcoin nodes today.

Furthermore, it is nice to not be observed when I am submitting a new transaction to the network.  Those in the coffee shop have no business knowing that I am submitting a new transaction, even if the TX is propagated in the clear throughout the network.

Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
January 21, 2011, 08:00:14 PM
 #8

Encryption is pointless, because when an attacker can control enough bitcoin nodes, SSL won't help at all...

Encryption is not pointless, because it is unlikely an attacker can control enough bitcoin nodes today.

Furthermore, it is nice to not be observed when I am submitting a new transaction to the network.  Those in the coffee shop have no business knowing that I am submitting a new transaction, even if the TX is propagated in the clear throughout the network.

Well, maybe not completely pointless, but much less useful than i thought, and certainly not much more anonymous.

Cdecker
Hero Member
*****
Offline Offline

Activity: 487



View Profile WWW
January 22, 2011, 12:01:18 AM
 #9

Actually the reasoning behind not needing the encryption is because we always assume an adversarial peer we're communicating through. The only thing that should be considered is reducing timing attacks which would enable to track back the origin of a client, but that's a pretty slim chance, and partially solved by using Tor.

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!