Bitcoin Forum
November 13, 2024, 07:29:28 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bitcoin Core RPC Security Concerns  (Read 271 times)
MixMAx123 (OP)
Full Member
***
Offline Offline

Activity: 161
Merit: 168


View Profile
October 23, 2023, 09:34:39 PM
Last edit: January 21, 2024, 01:47:51 AM by MixMAx123
 #1

please delete!
achow101
Staff
Legendary
*
Offline Offline

Activity: 3542
Merit: 6886


Just writing some code


View Profile WWW
October 24, 2023, 12:54:06 AM
Merited by vapourminer (1), ABCbits (1), nc50lc (1)
 #2

The passphrase can be written as a hash in the config using the rpcauth option.

Any authentication method that requires multiple rounds of communication just to be authenticated will not work for a HTTP RPC server.

ABCbits
Legendary
*
Offline Offline

Activity: 3052
Merit: 8086


Crypto Swap Exchange


View Profile
October 24, 2023, 10:42:16 AM
Merited by vapourminer (1), MixMAx123 (1)
 #3

In case you don't know to create hashed password, you can use any of these tools
https://github.com/bitcoin/bitcoin/tree/v25.1/share/rpcauth
https://jlopp.github.io/bitcoin-core-rpc-auth-generator/

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7374


Top Crypto Casino


View Profile WWW
October 24, 2023, 12:58:23 PM
Merited by cafter (1), MixMAx123 (1)
 #4

There are some unofficial ways to front HTTPS through a Bitcoin Core node, such as this proxy right here which I saw recently: https://github.com/CodeByZ/bitcoin-json-rpc-proxy

Although, it is really only useful on an individual basis. A client program cannot expect HTTPS connections to nodes to be available on any basis, because there is a lack of such support in the Bitcoin Core client itself. Although there's a BIP I read somewhere that might allow the use of an alternate security protocol.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1708
Merit: 8336


Fiatheist


View Profile WWW
October 25, 2023, 07:25:49 AM
Merited by vapourminer (1), MixMAx123 (1)
 #5

Why can RPC commands not contain signatures?
That's actually a good question. I believe it has to do with the same reason we don't encrypt information with nodes' public keys in the Bitcoin network; it might be trivial to execute a man-in-the-middle attack.

I found these two:
- https://stackoverflow.com/q/12385240
- https://groups.google.com/g/grpc-io/c/SbajPhgcdqk

The TL;DR as I see it, is that security tokens provide better levels of security and are easier to implement.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
seek3r
Legendary
*
Offline Offline

Activity: 1316
Merit: 2018



View Profile
October 25, 2023, 08:02:42 AM
 #6


Why can RPC commands not contain signatures?



It could contain signatures but I think that this will not happen in the near future coz the priorities of the developers are on more critical things when it comes to security.
Bitcoin Core already provides some level of security through existing authentication mechanisms like username and password authentication or IP whitelisting for RPC access and these are simpler and faster compared to signature verification.
You can't compare these when it comes to the security level but you have to see it from the use-case perspective.

achow101
Staff
Legendary
*
Offline Offline

Activity: 3542
Merit: 6886


Just writing some code


View Profile WWW
October 25, 2023, 07:31:42 PM
Merited by BlackHatCoiner (4), DaveF (3)
 #7

Why can RPC commands not contain signatures?
RPC is not intended for public consumption - you're not supposed to expose it to the internet or to untrusted networks.

f I could sign my RPC commands, there would be no problems with RPC security at Bitcon-Core.
I hereby officially wish to be able to sign RPC commands :-)
PRs welcome.

DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6670


Crypto Swap Exchange


View Profile WWW
October 26, 2023, 11:54:08 AM
 #8

...
I develop a wallet that communicates with Core via RPC. These things will not work because it would not be sure.

WHY?
RPC is slow and not really designed for it.
Core is really not designed for it either.

Think about how long it takes when you have to rescan the blockchain for something.

And as you discovered, it's designed for single user desktop use more or less in terms of security.

And if someone has access to the PC and can get to the bitcoin.conf file, you already have other security issues going on.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6670


Crypto Swap Exchange


View Profile WWW
October 27, 2023, 01:34:42 PM
 #9

....Core isn't designed for it, but in past i've seen people have hundred to million address on their wallet.dat file for their services.

Dave bangs head on desk. Why would anyone use a personal desktop client for running a commercial service?
And even worse, one that is single-threaded for a lot of things.

Ugh.

Yes, I have done it, but usually within a bubble and with everyone knowing what was involved.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4284
Merit: 8805



View Profile WWW
October 30, 2023, 10:25:29 AM
Merited by ABCbits (1)
 #10

....Core isn't designed for it, but in past i've seen people have hundred to million address on their wallet.dat file for their services.
Dave bangs head on desk. Why would anyone use a personal desktop client for running a commercial service?
And even worse, one that is single-threaded for a lot of things.
Ugh.
Yes, I have done it, but usually within a bubble and with everyone knowing what was involved.

Because its written and reviewed by many of the foremost experts in the field.  The commercial alternatives have consistently been jokes zero peer review, zero security auditing, comical flaws aren't even the beginning... from MTGOX self-doublespending malleability tripped up private key leaking mess,  to bitcoin armory letting its keys being corrupted using shared thread unsafe memory for storing hashes, to bitpay's bitcore using 64-bit values for their nonces, to libbitcoin's recent comic fail -- there is a long history of disaster.  The fastest way to lose all your customers bitcoin's is "post your private keys online", but the second fastest way is probably to use some "commercial solution".

Bitcoin core is node software. It runs the entire network. By definition it handles the *entire* capacity of the network, even on modest hardware.

DaveF
Legendary
*
Offline Offline

Activity: 3654
Merit: 6670


Crypto Swap Exchange


View Profile WWW
October 30, 2023, 03:15:13 PM
 #11

Because its written and reviewed by many of the foremost experts in the field.  The commercial alternatives have consistently been jokes zero peer review, zero security auditing, comical flaws aren't even the beginning... from MTGOX self-doublespending malleability tripped up private key leaking mess,  to bitcoin armory letting its keys being corrupted using shared thread unsafe memory for storing hashes, to bitpay's bitcore using 64-bit values for their nonces, to libbitcoin's recent comic fail -- there is a long history of disaster.  The fastest way to lose all your customers bitcoin's is "post your private keys online", but the second fastest way is probably to use some "commercial solution".

Bitcoin core is node software. It runs the entire network. By definition it handles the *entire* capacity of the network, even on modest hardware.



Bitcoin Core isn't strictly personal desktop client though. There are many feature which geared towards developer for commercial service such as bitcoind, RPC-JSON, REST API and various tutorial/script provoded on Bitcoin Core on directory "doc" and "contrib".

Not saying it does not. Or that it is not good software. And there are many things it does well.

But if you are running a public service you should have something very robust with a ton of security between the internet and RPC commands to core.

Core is the back end, there are a lot of things you can put in the front end to keep is isolated. Which was the original discussion, about RPC security.

That was more or less what I was trying to say.

Can you run a block explorer just with core? Yes, with some limitations but dumping everything to a database works better.
Can you run a public web wallet for people with core? Yes, but it's going to be a logistical and security nightmare if you don't put a lot of other things between it and the internet. And there are just flat out better ways to do it and just talk to core when needed.


-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4284
Merit: 8805



View Profile WWW
October 30, 2023, 07:19:29 PM
Last edit: October 30, 2023, 08:21:26 PM by gmaxwell
Merited by EFS (4), DaveF (2), ABCbits (2)
 #12

Fair enough!  Indeed-- it shouldn't be used to make a block explorer (except as the backing node to obtain the blockchain) -- though not because of anything with the RPC, but just because it's out of scope for what it does.

The Bitcoin Core RPC isn't intended to be exposed to potentially malicious software/systems--  having to manage the attack surface of the P2P protocol is already trouble enough.  And unfortunately the 'standard' mechanisms for rpc security are endless sources of vulnerabilities, and using a non-standard method would make the RPC much less useful.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!