kokjo (OP)
Legendary
 Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
 |
May 09, 2011, 06:18:30 PM |
|
https://en.bitcoin.it/wiki/Protocol_specification#txhow are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw? or is there some kind mecanisme that prevent that? a simple attack scenario: 1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client. 2. when the isolated client makes a Tx it transmits it to you. 3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection. 4. wait for it to be included in a block. 5. PROFIT!  is this possible? it is a BIG BIG flaw if its real! 
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2301
Chief Scientist
|
|
May 09, 2011, 06:21:57 PM |
|
No, it is not possible, there is a rule against that.
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
May 09, 2011, 06:28:02 PM |
|
https://en.bitcoin.it/wiki/Protocol_specification#txhow are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw? or is there some kind mecanisme that prevent that? a simple attack scenario: 1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client. 2. when the isolated client makes a Tx it transmits it to you. 3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection. 4. wait for it to be included in a block. 5. PROFIT! is this possible? it is a BIG BIG flaw if its real! Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible. Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start. In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself. This kind of theft attack would only affect one user. As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have. If you cannot sign the modified transaction, the transaction would fail on that point. |
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
kokjo (OP)
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 09, 2011, 06:40:23 PM |
|
https://en.bitcoin.it/wiki/Protocol_specification#txhow are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw? or is there some kind mecanisme that prevent that? a simple attack scenario: 1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client. 2. when the isolated client makes a Tx it transmits it to you. 3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection. 4. wait for it to be included in a block. 5. PROFIT! is this possible? it is a BIG BIG flaw if its real! Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible. Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start. In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself. This kind of theft attack would only affect one user. As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have. If you cannot sign the modified transaction, the transaction would fail on that point. what i can read from the source and the wiki is: not the whole transaction that is signed. only the TxIns. its like signing "i would like to give some btcs away" |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
kokjo (OP)
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 09, 2011, 06:43:07 PM |
|
No, it is not possible, there is a rule against that.
rules is here to be broken. |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
May 09, 2011, 06:55:50 PM |
|
https://en.bitcoin.it/wiki/Protocol_specification#txhow are you not sure that the TxIn is not taken out from a transaction and put in to another? is this a flaw? or is there some kind mecanisme that prevent that? a simple attack scenario: 1. put a lot of your clients on the network(with different IPs). so you are sure that you can isolate another client. 2. when the isolated client makes a Tx it transmits it to you. 3. with the Tx you extract the TxIns and puts them in a new Tx, that sends it all to you, you can do that because there is no protection. 4. wait for it to be included in a block. 5. PROFIT! is this possible? it is a BIG BIG flaw if its real! Try it, and you will find that it doesn't work in practice, even if it is theoreticly possible. Most likely you won't even be able to isolate a client in order to actually steal from it's transactions in the start. In any case, this is an attack upon a particular user of Bitcoin, not a flaw in the system itself. This kind of theft attack would only affect one user. As you describe it, the modified transaction would fail a validity check anyway because the transaction must be hashed as a whole after being 'signed' by the sender's private key, which you don't have. If you cannot sign the modified transaction, the transaction would fail on that point. what i can read from the source and the wiki is: not the whole transaction that is signed. only the TxIns. its like signing "i would like to give some btcs away" Hmmm, I see what you are saying. Good eye. This might be a possible exploit, indeed. You deserve kudos if this is true. This could be fixed by requiring that the transaction as a whole be signed by the first input private key. This would still require absolute isolation to work consistantly, but might work often enough by forcing a double spend type event to be a worthwhile criminal endeavor. Gavin, thoughts? |
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2301
Chief Scientist
|
|
May 09, 2011, 07:01:15 PM |
|
The entire transaction is signed. See: https://en.bitcoin.it/wiki/OP_CHECKSIG for the rules. |
How often do you get the chance to work on a potentially world-changing project?
|
|
|
kokjo (OP)
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 09, 2011, 07:05:13 PM |
|
OP_CHECKSIG is script opcode used to verify that the signature for a tx input is valid first line. the entire transaction can't be signed. its logicly impossible. its like have in a hash of a hash, which is equal. sha256(a)!=a |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2301
Chief Scientist
|
|
May 09, 2011, 07:10:19 PM |
|
Fine, the entire transaction except for:
"The scripts for all transaction inputs in txCopy are set to empty scripts"
... is signed. You're starting to make me grumpy...
|
How often do you get the chance to work on a potentially world-changing project?
|
|
|
kokjo (OP)
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
May 09, 2011, 07:17:31 PM |
|
Fine, the entire transaction except for:
"The scripts for all transaction inputs in txCopy are set to empty scripts"
... is signed.
thanks you! i see it now, in script.cpp lines 870-930. looks right to me.  You're starting to make me grumpy...
sorry for that... i just didn't seemt right. and i though if it was a flaw, it was best to make it public as fast as possible. so it could be corrected. |
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
MoonShadow
Legendary
Offline
Activity: 1708
Merit: 1010
|
|
May 09, 2011, 07:19:20 PM |
|
And the confidence in the Bitcoin system increases by one Brownie point.
|
"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."
- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
|
|
|
|
Enochian
|
|
May 09, 2011, 09:53:26 PM |
|
what i can read from the source and the wiki is: not the whole transaction that is signed. only the TxIns. its like signing "i would like to give some btcs away" The documentation is somewhat unclear. What gets signed is the entire transaction, with all the input scripts nulled except the one that is being signed, which is replaced by the output script it references containing the OP_CHECKSIG, with the hashtype appended to the end as an int. So the only thing you could change without making the signature invalid is the input script. Who the money goes to and where it comes from gets signed, which is the stuff that matters. So you can't change that, and all you could do by modifying the input script is make it fail, in which case the transaction would be tossed. |
|
|
|
|
|
