Bitcoin Forum
December 08, 2016, 10:12:40 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: please delete  (Read 1880 times)
Mike3574
Jr. Member
*
Offline Offline

Activity: 34



View Profile
May 02, 2012, 12:43:01 PM
 #1

please delete
"Apparently, so I am told, there exist "people" who prefer to wipe sitting down. From the front. Initial research indicates it could be up to half the population." -- benjamindees
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481191960
Hero Member
*
Offline Offline

Posts: 1481191960

View Profile Personal Message (Offline)

Ignore
1481191960
Reply with quote  #2

1481191960
Report to moderator
1481191960
Hero Member
*
Offline Offline

Posts: 1481191960

View Profile Personal Message (Offline)

Ignore
1481191960
Reply with quote  #2

1481191960
Report to moderator
GTRsdk
Member
**
Offline Offline

Activity: 87

COIN SUPPORTER


View Profile WWW
May 02, 2012, 01:15:34 PM
 #2

Nice!

Just one question... How did you get the liquidcoin blocks?

I have had issues with the client being stuck at like 1,000 blocks or so and not moving.

Let's make some Dogecoins together! http://doge.litemoons.com:9555
Mike3574
Jr. Member
*
Offline Offline

Activity: 34



View Profile
May 02, 2012, 01:25:24 PM
 #3

Nice!

Just one question... How did you get the liquidcoin blocks?

I have had issues with the client being stuck at like 1,000 blocks or so and not moving.

I didn't experience any problems with that. It just downloaded like all the other chains. I have no clue what is wrong with your client. Wish I could help!
Dusty
Hero Member
*****
Offline Offline

Activity: 722


Libertas a calumnia


View Profile WWW
May 02, 2012, 01:50:50 PM
 #4

What I'd like to have is a dump in JSON format or other format easy to read for non-ufficial bitcoin client.

Articoli bitcoin: Il portico dipinto
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
May 02, 2012, 09:28:25 PM
 #5

download the blockchain the hard way through the client (which is the safest way after all).

For one thing, your site isn't even SSL capable, so even if you are entirely honest, an attacker could alter the contents of the traffic between you and me, and I could end up downloading a different file than what you are hosting.   Each bitcoin blockchain binary from BitcoinCharts gets digitally signed so that the download can be verified as being truly the one built by the site.
 - http://eu1.bitcoincharts.com/blockchain/

Using your blockchain binaries means that I am trusting that you haven't injected data that would cause my client to think a transaction was valid, when elsewhere on the network that transaction will be rejected.

Using these is something unsafe, yet for small amounts the convenience might outweight the risk of loss.  Just wanted to make sure the risks of use got mentioned here.

Mike3574
Jr. Member
*
Offline Offline

Activity: 34



View Profile
May 03, 2012, 06:00:00 AM
 #6

download the blockchain the hard way through the client (which is the safest way after all).

For one thing, your site isn't even SSL capable, so even if you are entirely honest, an attacker could alter the contents of the traffic between you and me, and I could end up downloading a different file than what you are hosting.   Each bitcoin blockchain binary from BitcoinCharts gets digitally signed so that the download can be verified as being truly the one built by the site.
 - http://eu1.bitcoincharts.com/blockchain/

Using your blockchain binaries means that I am trusting that you haven't injected data that would cause my client to think a transaction was valid, when elsewhere on the network that transaction will be rejected.

Using these is something unsafe, yet for small amounts the convenience might outweight the risk of loss.  Just wanted to make sure the risks of use got mentioned here.

I appreciate you bringing these things to my attention. I have inside the zip files the hashes of the individual files contained inside. However, as you said, if someone is able to modify that then it doesn't really matter. I will makes hashes of the actual zip files (which are still on my PC) and add them to the page. Would that solve this problem? Or is there still another way around it for an attacker? Please let me know. I want to do all I can to ensure that nothing is tampered with.

All Best,

Michael
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
May 03, 2012, 06:55:04 AM
 #7

I appreciate you bringing these things to my attention. I have inside the zip files the hashes of the individual files contained inside. However, as you said, if someone is able to modify that then it doesn't really matter. I will makes hashes of the actual zip files (which are still on my PC) and add them to the page. Would that solve this problem? Or is there still another way around it for an attacker? Please let me know. I want to do all I can to ensure that nothing is tampered with.

No, it won't solve the problem, and the way for the attacker to get around it is... the same way, actually. If someone is modifying the responses from your site, the can modify the page source (as received by the victim) just as easily as the zip files, and they can just replace your hashes with the hashes of the modified files. You need PGP signatures, not hashes, to protect against this attack (though even that won't work unless your PGP key is already available from a trusted source). Or SSL. Or both, if you're really paranoid.

EDIT: I just realised something. I don't know about other cryptocurrencies, but in Bitcoin each block contains a hash of the previous block, and therefore the Bitcoin client will instantly know something's gone horribly wrong when it downloads the next block and the hash doesn't match the blocks it already has, and will fix the problem by re-downloading the "erroneous" blocks. The only way this won't happen is if the maliciously altered blockchain has a higher total difficulty than the real one, in which case they don't even need to attack your site - we're all doomed anyway. Only light clients (which don't need a blockchain download anyway) have a need to implicitly trust the blocks they receive. Exactly how does a maliciously altered blockchain pose any kind of threat?

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
Dusty
Hero Member
*****
Offline Offline

Activity: 722


Libertas a calumnia


View Profile WWW
May 03, 2012, 07:06:07 AM
 #8

For one thing, your site isn't even SSL capable, so even if you are entirely honest, an attacker could alter the contents of the traffic between you and me, and I could end up downloading a different file than what you are hosting.
Even with SSL the thing you state is possible, it's not SSL per se that forbid a man in the middle attack, you also need authentication.

He could get a valid SSL certificate signed by some central issuer, but even in that case the government can ask (and obtain) the issuer to issue for him a valid certificate with the same credentials so he can execute a man in the middle attack with a completely unaware user.

SSL prevents eavesdrop to casual sniffers but there is really no point in doing so with a public available file :-)

So, as you correctly stated, the only way to prevent this is to digitally sign the files so they can be checked using the public key that one must get via other channels.

EDIT: foxpup, you made it quicker than me ;-)

Articoli bitcoin: Il portico dipinto
Zoiner
Member
**
Offline Offline

Activity: 74



View Profile
May 03, 2012, 12:39:33 PM
 #9

Where did you get a Realpay blockchain from? !!!

I had no idea there was a client ready or it had started?

Zoiner

https://vircurex.com/welcome/index?referral_id=648-281
The QR code in my picture is not me but a worthwhile software.
LWwhT53CdLsSaenoMy2AqhwsxL5MMFmwWY
Mike3574
Jr. Member
*
Offline Offline

Activity: 34



View Profile
May 03, 2012, 12:54:29 PM
 #10

Where did you get a Realpay blockchain from? !!!

I had no idea there was a client ready or it had started?

Zoiner

Go to realpay.org and scroll down to the bottom where it says "Download". It's available for Windows and Linux.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!