challenging hackers to promote bitcoin

[grondilu]

Bitcoin has quite a decent monetary value, so we should consider an alternative way of promoting bitcoin.

Instead of saying "It's great, you should use it!", one could say "Some morons are paying for this stuff, let's hack the whole thing and make a lot of money!".


One advantage of this approach is that it can help improving the security of bitcoin, and failures of hacking can be used as a promotional argument.

[markm]

What is 'leet for "What's your bitcoin address?"

Then too what is 'leet for "huh? whaddayamean you don't got one? I thought you were 'leet?!"

-MarkM- (Not as cutesey as nano's "I can haas bitcoin nao?" but wth.)

[comboy]

I like this idea very much. I think we should put some effort in doing whatever bad we can think of to the system while it's still relatively flexible.

I don't believe there could be some security hole that would let you do things like stoling bitcoins or double spending, but maybe there are ways to make system unusable for some time for others? That is definitely a bad thing and I haven't heard it discussed here (sorry if it was, really hard to keep track lately). So I really haven't got to know with protocol well yet, but got this small idea: when I create a new block, some other people need to check if it's actually valid, right? So what if I spam network with some huge amount of invalid blocks? Can that do some damage to the network? Another thing that comes to my mind would be trying to do some crazy things on this IRC channel that if I understand correctly is still used by client to learn about other users.

Maybe we can clearly define somehow what kind of security holes can be found in the system (can be even theoretical ones, very hard to exploit), and try to set some bounties for finding them?

[Gavin Andresen]

In this thread I said:

Bitcoin's p2p network is subject to various kinds of denial of service attacks.

There, I said it.

Bitcoin is still vulnerable to DOS attacks.  I'm not sure anybody knows how to prevent DOS attacks on a p2p network that allows untrusted/unverified peers to join (but I'd very much like a networking expert to tell me I'm wrong, and would like it even more if they volunteered to fix it....).

Asking hackers to prove that they can DOS the bitcoin network wouldn't prove anything, it would just slow down transactions for however long they decided to keep up the attack.

Giving bounties for uncovering vulnerabilities besides a network-denial-of-service attack is a good idea (demonstrated on the -testnet, preferably).

[grondilu]

In this thread I said:

Bitcoin's p2p network is subject to various kinds of denial of service attacks.

There, I said it.

Yeah I remembered that just after I posted my message.  Sorry.

[comboy]

Bitcoin is still vulnerable to DOS attacks.  I'm not sure anybody knows how to prevent DOS attacks on a p2p network that allows untrusted/unverified peers to join (but I'd very much like a networking expert to tell me I'm wrong, and would like it even more if they volunteered to fix it....).

Thanks for link, I've been reading this forum for some time, I think I never came up with an idea that was not mentioned here

Asking hackers to prove that they can DOS the bitcoin network wouldn't prove anything, it would just slow down transactions for however long they decided to keep up the attack.

Wouldn't it? From the discussion in the linked thread it seems it is not all that obvious what can be done. And if it can be done, I would say we better exploit it ourselves and see how bad is it. I think we are still at the point where nobody's life depends on need to make immediate transaction. Date and time could be set up and everybody could be warned. It's like vaccination. It's good to know your weak points. If I would be creating alternative currency, that's the way to make people change their mind. If some third party would do such thing, it could produce a panic attack among bitcoiners (OK, I've been reading this forum for some time, I trust btc with my money because I trust most people here in the way that I believe in their rationality, so hopefully that would not be such a big panic attack). Even if some small percent of bitcoin users would panic thinking system is vulnerable, they may want to sell, if they sell, price drops, so I want to sell too before it drops even more. You know how it works.

Of course trying to find solution is another interesting story. But I think it helps a lot knowing how bad is it.

And to try to provide some idea instead of just bitching: I like idea of PoW on connection, but I don't think it would really work. With mining it's a different story, but for average users, they have very little computing power to provide, so in general even if this PoW would be something that does not scale on GPU, attacker usually still does not have problem to provide at least 100x average computing power.  

So I would suggest rather something based on assumption of limited IP addresses attacker can have. What if nodes that I'm connected to, would share with me IP addresses of nodes connected to them? And say one more step (so also nodes connected to these shared nodes). With 10 connections on average that's 1000 IPs. So 4KB. 4KB ain't that much. We can count then to how many other clients is this IP connected already, and deny if too many. I think that makes things much harder for attacker already. And you obviously can go somewhere further with this like propagating network blacklist if some IP tries too hard (this one would need some careful planning)