Security

[Bitcoiner]

Has there been a concerted effort to attack, subvert, or break Bitcoin? One way to test that it is secure from attack would be to actually try to undermine it, by double-spending coins, creating fake coins, posting false transactions, etc... and if flaws are found, better that they are found now than later, when the bitcoin economy is potentially larger and there is more to lose.

[1713520904]

1713520904

[1713520904]

1713520904

[1713520904]

1713520904

[1713520904]

1713520904

[1713520904]

1713520904

[Gavin Andresen]

It's a bad idea to try to break the "in-production" bitcoin network.

If anybody is starting serious work on either extending Bitcoin or developing compatible implementations or trying to break it by creating bad transactions, I think creating a "parallel universe" test network with its own block chain, data directory, etc makes sense.

Satoshi:  would you be open to a --testnetwork (or something) flag to bitcoin that swapped to an alternate genesis block, data directory, listen port and IRC channel?  Maybe with a really short average block generation time, too (like once per minute instead of once per 10 minutes) so everything happens ten times a fast to make testing quicker.
 

[llama]

Satoshi:  would you be open to a --testnetwork (or something) flag to bitcoin that swapped to an alternate genesis block, data directory, listen port and IRC channel?  Maybe with a really short average block generation time, too (like once per minute instead of once per 10 minutes) so everything happens ten times a fast to make testing quicker.
 

I second this, however I don't think block generation time should be changed.  I think it should be identical to the production network.  This, for example, would allow testers to try to subvert the system by creating nodes with particularly low latency, and keep the results applicable to the real network.

Great idea Gavin!

[satoshi]

I'll start thinking about how to do this.

At the moment, you can kind of use -connect.  You can use -connect to make it connect to local computers on your LAN, like -connect=192.168.0.100.  If you start it out blank and don't let it connect to the main network, the difficulty is still at the original low difficulty.  If you've port-forwarded though, then outside nodes might still connect inward to you.

With -connect it still uses IRC, do you think it shouldn't get on IRC when you're telling it to only connect to specific nodes with -connect?  The main scenario for -connect is where you have a server farm, with two connected to the network and the rest connected to the first two.  In that case, you wouldn't want the -connect computers on IRC.

void ThreadIRCSeed(void* parg)
{
    if (mapArgs.count("-connect"))
        return;

[laszlo]

It really only makes sense for nodes with the port forwarded to remain on the IRC channel, right?  Maybe it could just ping a php script or another node randomly (this might be a better idea) which tells it YES/NO on whether the connect-back is working, and then just terminate the IRC thread if it's not needed anymore.  It could re-probe every 6 hours or so in case the user changes their port forwarding settings, or it could just be an option even..

[lachesis]

Oh I like that idea a lot Laszlo. There's no reason for a non-forwarded client to idle in the IRC.

[Stone Man]

Has there been a concerted effort to attack, subvert, or break Bitcoin? One way to test that it is secure from attack would be to actually try to undermine it, by double-spending coins, creating fake coins, posting false transactions, etc... and if flaws are found, better that they are found now than later, when the bitcoin economy is potentially larger and there is more to lose.

I agree. We the software needs to be vetted.

For one thing, I just ran across some rates to rent time on a supercomputer:
http://news.softpedia.com/news/Rent-Your-Own-Supercomputer-for-2-77-per-Hour-82166.shtml
$2.77 / core / hr

I don't know a lot about breaking secure encryption and out hashing a proof-of-work, but Satoshi said in his paper that as long as no more than half of the network was owned by an attacker it could not be broken.

I wonder if someone could rent this super-computer or one bigger and theoretically undermine bitcoin for only the cost of renting the machine for an hour.

Based on my rough calculations, if 2200 machines like my duel core were owned by an attacker he could theoretically take down the network for only about $12,000 USD.

I hope I am wrong. Someone who is more knowledgeable should comment here.

[bdonlan]

Has there been a concerted effort to attack, subvert, or break Bitcoin? One way to test that it is secure from attack would be to actually try to undermine it, by double-spending coins, creating fake coins, posting false transactions, etc... and if flaws are found, better that they are found now than later, when the bitcoin economy is potentially larger and there is more to lose.

I agree. We the software needs to be vetted.

For one thing, I just ran across some rates to rent time on a supercomputer:
http://news.softpedia.com/news/Rent-Your-Own-Supercomputer-for-2-77-per-Hour-82166.shtml
$2.77 / core / hr

I would think EC2 would be a better option - $0.17/hr for two cores (using a high-cpu medium instance) that way.

[Insti]

Isn't just changing the genesis node enough?
Each branch would just ignore the others 'invalid' blocks and transactions.

(although it would probably be polite to try and construct a different network.)

[sirius]

A possible attack against the system was suggested on the IRC: an organization that controls an overwhelming amount of CPU power could start generating coins, and then stop generating when the proof-of-work difficulty gets very high after the next 2000 blocks. Normally it should take 2 weeks to generate 2000 blocks. If an attacker with 10 times more CPU power than the rest of the network were to increase the proof-of-work difficulty and then stop, the total block generation would become 10 times slower and the next difficulty readjustment would be after 20 weeks.

By the time when Bitcoin is big enough to threaten the established currencies, hopefully there'll be no single party that has enough CPU power to do an attack like this.

[Insti]

A possible attack against the system was suggested on the IRC: an organization that controls an overwhelming amount of CPU power could start generating coins, and then stop generating when the proof-of-work difficulty gets very high after the next 2000 blocks. Normally it should take 2 weeks to generate 2000 blocks. If an attacker with 10 times more CPU power than the rest of the network were to increase the proof-of-work difficulty and then stop, the total block generation would become 10 times slower and the next difficulty readjustment would be after 20 weeks.

By the time when Bitcoin is big enough to threaten the established currencies, hopefully there'll be no single party that has enough CPU power to do an attack like this.

This could be solved with a software patch to modify the difficulty, as long as it could be distributed to 50% of the nodes...

[FreeMoney]

Is it true that the difficulty can be changed with a patch accepted by 50% of nodes? Doesn't this mean that an attacker only needs to set up a bunch of nodes and not actually have a majority of cpu power? How hard would it be to do an attack like that? What does it take to have a node? A 2880 bps modem and a Pentium 386? Can a computer hold multiple nodes?

[Insti]

Is it true that the difficulty can be changed with a patch accepted by 50% of nodes? Doesn't this mean that an attacker only needs to set up a bunch of nodes and not actually have a majority of cpu power? How hard would it be to do an attack like that? What does it take to have a node? A 2880 bps modem and a Pentium 386? Can a computer hold multiple nodes?

Majority of the cpu power is probably more technically correct than 50% of the nodes.
As long as the patched nodes are generating blocks faster than the unpatched nodes they will 'win'.

[Svick]

Is it true that the difficulty can be changed with a patch accepted by 50% of nodes? Doesn't this mean that an attacker only needs to set up a bunch of nodes and not actually have a majority of cpu power? How hard would it be to do an attack like that? What does it take to have a node? A 2880 bps modem and a Pentium 386? Can a computer hold multiple nodes?

I don't think so. I think that if you created a block with lower difficulty than what I think is the current difficulty, I wouldn't accept it. That means I wouldn't accept any coins that originated in a block with this lower difficulty. This would effectively split the network in two.

[sirius]

I don't think so. I think that if you created a block with lower difficulty than what I think is the current difficulty, I wouldn't accept it. That means I wouldn't accept any coins that originated in a block with this lower difficulty. This would effectively split the network in two.

That's right.