Anders (OP)
|
|
July 12, 2014, 05:11:44 PM |
|
The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3990
Merit: 2713
Join the world-leading crypto sportsbook NOW!
|
|
July 12, 2014, 05:23:47 PM |
|
It's possible you could download a client that someone has modified or compiled to steal your coins so that's why it's a good idea to only download them from secure/trusted sources. You could test out any new client or pc by sennding a small amount there and if it gets stolen straight away you know it's not safe.
|
|
|
|
joshraban76
|
|
July 12, 2014, 05:44:54 PM |
|
It is probably a good idea to check the md5 hash for wallets. Even then if the site itself were to be compromised the attacker could just change that as well. I think it is a serious concern though. hilariousandco suggestion might be the safest bet. I started off dealing with extremely small amounts so it wasn't a huge concern at the time for me.
|
|
|
|
InwardContour
|
|
July 12, 2014, 07:54:35 PM |
|
The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?
Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.
|
|
|
|
franky1
Legendary
Offline
Activity: 4396
Merit: 4761
|
|
July 12, 2014, 10:37:01 PM |
|
Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.
typical geek answer. so this is what you would reply with if your grandma asked the question, just before she went and downloaded a wallet from a website she never personally heard of but had been told by a friend to go there...
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
CEG5952
|
|
July 12, 2014, 10:44:03 PM |
|
It is probably a good idea to check the md5 hash for wallets. Even then if the site itself were to be compromised the attacker could just change that as well. I think it is a serious concern though. hilariousandco suggestion might be the safest bet. I started off dealing with extremely small amounts so it wasn't a huge concern at the time for me.
Checking the MD5 really just ensures that the file is the right size (data has not been lost/corrupted) and integrity maintained after download. Potentially, an attacker who hacks the site or executes a MITM attack could change the MD5 checksum to match the compromised file. I prefer a PGP signature. MultiBit provides this, for instance.
|
|
|
|
R2D221
|
|
July 12, 2014, 11:34:43 PM |
|
Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.
Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store?
|
An economy based on endless growth is unsustainable.
|
|
|
ar9
|
|
July 12, 2014, 11:34:59 PM Last edit: July 12, 2014, 11:48:02 PM by ar9 |
|
Depends on the wallet.
Sometimes I wish I could change my username to CptObvious.
|
|
|
|
CEG5952
|
|
July 12, 2014, 11:45:10 PM |
|
Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.
Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store? This is why I would rely only on a PGP signature. In theory, it can only be generated by the owner of the corresponding private key. So if you trust the developer (of say, Multibit or Electrum), the signature verifies the integrity of the file and shows that the key owner vouches for the file contents. That's pretty much as good as it gets.
|
|
|
|
pirsquared
Member
Offline
Activity: 109
Merit: 10
|
|
July 13, 2014, 12:22:59 AM |
|
It's possible you could download a client that someone has modified or compiled to steal your coins so that's why it's a good idea to only download them from secure/trusted sources. You could test out any new client or pc by sennding a small amount there and if it gets stolen straight away you know it's not safe.
This is possible and has been done.
|
If you HODL store it CODL!
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4832
|
|
July 13, 2014, 12:44:30 AM |
|
What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins?
Fraudulent wallets? Certainly. If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended.
Absolutely. This is why it is important to be careful about ANY software that you install on your computer (not just bitcoin software). It is entirely possible that you could install non-bitcoin software that has bitcoin wallet stealing programming hidden in it. Install some "free game" that some friend on Facebook tells you about, and the next time that you log into your wallet, poof all your bitcoins are gone.
|
|
|
|
Anders (OP)
|
|
July 13, 2014, 06:55:51 AM |
|
A similar problem could happen with for example web browsers. In practice for desktops the vast majority of people use one of the established browsers such as Internet Explorer, Google Chrome, Firefox, Safari or Opera. These browsers are sincere, unless someone downloads and installs a hacked version. And for mobile devices the situation is similar although a few less known web browsers are available there.
For Bitcoin something similar could happen, that only a few big and trusted Bitcoin wallets would be used in practice if Bitcoin becomes really huge and mainstream.
Still, the trustless innovation in Bitcoin is revolutionizing and it would be good to have that even for the wallets.
|
|
|
|
EtherCoin
|
|
July 13, 2014, 08:33:05 AM |
|
Recap:
a) Download from trusted source b) Check MD5 hash c) Check PGP signature (if available?) d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?) e) Encrypt wallet
With this I would feel quite safe... There are evil wizards around tho... physically disconnect LAN cable when not in use for paranoia users.
Eth.
|
|
|
|
hashman
Legendary
Offline
Activity: 1264
Merit: 1008
|
|
July 13, 2014, 09:28:09 AM |
|
The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?
Short answer: no. Long answer: if the wallet is running on an offline machine in a faraday cage then yes
|
|
|
|
Gimmelfarb
|
|
July 13, 2014, 09:46:32 AM |
|
Recap:
a) Download from trusted source b) Check MD5 hash c) Check PGP signature (if available?) d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?) e) Encrypt wallet
With this I would feel quite safe... There are evil wizards around tho... physically disconnect LAN cable when not in use for paranoia users.
Eth.
PGP signature is a must for me. but i'm a stickler for security. this is also the reason why i miss out on all the altcoin pumps -- don't trust the developers or the software.
|
|
|
|
Gimmelfarb
|
|
July 13, 2014, 10:04:04 AM |
|
Stick with the most common used walles and you should be fine.
bitcoin-qt, electum, multibit or armory.
Choices enough.
i agree -- i just think it's important to make sure you're getting the file that the developer intends. as another poster pointed out, an attack on the developer's site/man-in-the-middle attack could put you at risk if you don't confirm with a PGP signature.
|
|
|
|
EtherCoin
|
|
July 13, 2014, 10:05:32 AM |
|
Stick with the most common used walles and you should be fine.
bitcoin-qt, electum, multibit or armory.
Choices enough.
Good point too, recap updated: a) Download a well known, often used wallet from trusted source b) Check MD5 hash c) Check PGP signature d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?) e) Encrypt wallet f) Physically disconnect LAN cable when not in use for paranoia users. g) Faraday cage... wait, wouldn't this also screw the HDD? Eth.
|
|
|
|
hhanh00
|
|
July 13, 2014, 10:18:56 AM |
|
With this I would feel quite safe... There are evil wizards around tho... physically disconnect LAN cable when not in use for paranoia users.
Many malware apps are smart enough to go dormant when the network is off and will reactivate when it comes back. For 40$, you could make a dedicated raspberry pi wallet entirely offline. Download the official OS Image. Add the required packages. Then disconnect from the network forever. Install the rest from official tar balls. Create an encrypted wallet and you are good to go. For backups, take a picture of the qr code from an old phone with no SIM card. Check that they can be decoded. Save to several micro SD. Hide them. Then wipe your phone. I hope that it's good enough.
|
|
|
|
Light
|
|
July 13, 2014, 11:27:09 AM |
|
i agree -- i just think it's important to make sure you're getting the file that the developer intends. as another poster pointed out, an attack on the developer's site/man-in-the-middle attack could put you at risk if you don't confirm with a PGP signature.
This, I cannot stress how important it is to make sure that you are getting the version that the developer intended and not one that has been placed there with malicious intent thanks to some security hole on the site. The best thing would be to go through every line of code for the open source program and understand what each does, but this requires both a shit ton of time and a knowledge that a majority of people lack.
|
|
|
|
ShakyhandsBTCer
Sr. Member
Offline
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
|
|
July 13, 2014, 05:04:25 PM |
|
Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.
Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store? This is why I would rely only on a PGP signature. In theory, it can only be generated by the owner of the corresponding private key. So if you trust the developer (of say, Multibit or Electrum), the signature verifies the integrity of the file and shows that the key owner vouches for the file contents. That's pretty much as good as it gets. This is an important step to take if you truly want to be paranoid about your wallet. This would only prevent an attack if an attacker was able to get control over the domain, but not the dev's private PGP key, and the public PGP key is found somewhere outside of the domain. If a user finds the dev's public PGP key on the same website/domain that they are downloading the file from then the attacker could simply change the PGP key listed and sign a message saying that their (malicious) download is the most up to date and correct one.
|
|
|
|
|