Bitcoin Forum
December 03, 2016, 03:54:45 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: BitCoin Confirmation Honeypot  (Read 753 times)
skubeedooo
Newbie
*
Offline Offline

Activity: 22


View Profile
September 21, 2011, 12:56:49 PM
 #1

I think that we should build a confirmation honeypot so the community can get a better handle on how long you have to wait for a transaction to be effectively irreversible.  If it turns out that it only really needs 1 minute rather than 1 hour, that could be a huge win for bitcoin adoption by bricks-and-mortar businesses.

More details on my blog http://newmeraire.blogspot.com/2011/09/bitcoin-confirmation-honeypot.html.

What do you think?
1480780485
Hero Member
*
Offline Offline

Posts: 1480780485

View Profile Personal Message (Offline)

Ignore
1480780485
Reply with quote  #2

1480780485
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480780485
Hero Member
*
Offline Offline

Posts: 1480780485

View Profile Personal Message (Offline)

Ignore
1480780485
Reply with quote  #2

1480780485
Report to moderator
BadBear
v2.0
Administrator
Legendary
*
Offline Offline

Activity: 1652



View Profile WWW
September 21, 2011, 01:10:05 PM
 #2

I think we should do this, everyone click on MY blog to see my response. 


1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 21, 2011, 01:17:07 PM
 #3

I don't think it will help much.  It doesn't take into account the different things a skilled attacker might try.  If someone isn't trying to double-spend, or is trying with a "cheap shot" method a couple seconds later, demonstrating that the first spend succeeds virtually all of the time doesn't prove anything useful.  It would be like trying to prove that a padlock is secure against skilled locksmiths by having you and all of your friends try to pick it and concluding it is secure because none of you succeeded.

Other proposals have been discussed, a notable one of which is to have a third party (call it a "bank") who holds a portion of the customer's balance on deposit provide the service of "guaranteeing" the eventual success of the transaction against the customer's own deposited funds.  If the transaction turns out to have been voided due to a double spend, the merchant collects from the bank, who collects from the customer, making the guarantee pretty much instant.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
skubeedooo
Newbie
*
Offline Offline

Activity: 22


View Profile
September 21, 2011, 01:23:18 PM
 #4

I don't think it will help much.  It doesn't take into account the different things a skilled attacker might try.  If someone isn't trying to double-spend, or is trying with a "cheap shot" method a couple seconds later, demonstrating that the first spend succeeds virtually all of the time doesn't prove anything useful.  It would be like trying to prove that a padlock is secure against skilled locksmiths by having you and all of your friends try to pick it and concluding it is secure because none of you succeeded.


I don't really understand what you're saying here. The bitcoin honeypot would be open to 'skilled locksmiths' as well as friends. If there is an outstanding bounty of, say, 50 BTC for a 1-minute delay then it does at least say that as a merchant you're pretty safe accepting 1-minute confirms in the same manner as the honeypot. You could also think of it like a bug-bounty.
vermorel
Newbie
*
Offline Offline

Activity: 14


View Profile WWW
September 21, 2011, 01:26:24 PM
 #5

Even if the approach isn't perfect, I think it deserves some credit. At the very least, it tells what time-span are provably insecure. The reverse is not true (aka provably secure); but this knowledge is still of interest for the community. In particular, it will ultimately helps a bank to position itself as value-added middleman to speed-up transactions.

My 2cts on the question.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!