From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1UZUGG-0001ML-J7 for bitcoin-development@lists.sourceforge.net; Mon, 06 May 2013 22:52:00 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.83.45 as permitted sender) client-ip=74.125.83.45; envelope-from=adam.back@gmail.com; helo=mail-ee0-f45.google.com; Received: from mail-ee0-f45.google.com ([74.125.83.45]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1UZUGF-0007J5-Ai for bitcoin-development@lists.sourceforge.net; Mon, 06 May 2013 22:52:00 +0000 Received: by mail-ee0-f45.google.com with SMTP id l10so1968207eei.18 for ; Mon, 06 May 2013 15:51:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent:x-hashcash :x-hashcash:x-hashcash:x-hashcash; bh=3k8YZHgd09jtWt6WhjcH8RzWYQJf4DM+k72Nrtct+c8=; b=X0ht6TYPOAXk7fVNNCij0Pc7H+1Vl/fy9GVOPuuxTD1wqK29uLpylojmoI2+0xSr3d dTPulCLskIbduPfPUU/kWA+x65hvpnPUGPx0z6jlji0xFUOKANGaayhgF8H7WhQrTSke 4OL1Q8nG3Xb/qIVFk4AGyitbROAGIBpL+L1bTUmUYE8nAWe/+rhEhfzzVSCP3TSgvh9s GerJpC8aJJrvWO2SkAgtYoYwy6pv7MJw649VKLLbzCXOk7NR3hpLLCql4i4nN1jMkbER GBcvPQJ6m9fd65MOczxxfrp8GAEbWwviUiBZtDq0ISyQPGwujBQM9oBT479WPSIHTnPg RFLw== X-Received: by 10.14.194.70 with SMTP id l46mr65173427een.28.1367880712936; Mon, 06 May 2013 15:51:52 -0700 (PDT) Received: from netbook (c83-90.i07-21.onvol.net. [92.251.83.90]) by mx.google.com with ESMTPSA id e50sm35924899eev.13.2013.05.06.15.51.51 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 06 May 2013 15:51:51 -0700 (PDT) Received: by netbook (Postfix, from userid 1000) id 8073C2E0442; Tue, 7 May 2013 00:51:49 +0200 (CEST) Received: by flare (hashcash-sendmail, from uid 1000); Tue, 7 May 2013 00:51:46 +0200 Date: Tue, 7 May 2013 00:51:46 +0200 From: Adam Back To: Gregory Maxwell Message-ID: <20130506225146.GA6657@netbook.cypherspace.org> References: <20130506161216.GA5193@petertodd.org> <20130506163732.GB5193@petertodd.org> <20130506180418.GA3797@netbook.cypherspace.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Hashcash: 1:20:130506:gmaxwell@gmail.com::fDvR0UGH52ncgc9K:0000000000000000000 0000000000000000000000002xQv X-Hashcash: 1:20:130506:mike@plan99.net::DvPhSPCo5wq/UznE:006auX X-Hashcash: 1:20:130506:bitcoin-development@lists.sourceforge.net::HPX0/3PzeYV93 0Qj:000000000000000000002DdN X-Hashcash: 1:20:130506:adam@cypherspace.org::9GJjSSv/T7mFpc8U:00000000000000000 0000000000000000000000006y3F X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (adam.back[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 0.0 LOTS_OF_MONEY Huge... sums of money X-Headers-End: 1UZUGF-0007J5-Ai Cc: Bitcoin Dev Subject: [Bitcoin-development] limits of network hacking/netsplits (was: Discovery/addr packets) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 May 2013 22:52:00 -0000 On Mon, May 06, 2013 at 11:25:50AM -0700, Gregory Maxwell wrote: >On Mon, May 6, 2013 at 11:04 AM, Adam Back wrote: >> bitcoins primaryvulnerability IMO (so far) is network attacks to induce >> network splits, local lower difficulty to a point that a local and >> artificially isolated area of the network can be fooled into accepting an >> orphan branch as the one-true block chain, > >It currently costs about 2016*25*$120 = six million dollars to >reduce the difficulty in your isolated fork by a factor of 4. Well I take your point that you have to produce 2016 blocks, but at a lower rate. But that doesnt directly translate into my cost, I am thinking pure network hacking. Maybe I could hack a pool to co-opt it into my netsplit and do the work for me, or segment enough of the network to have some miners in it, and they do the work. I am just thinking $500k/day worth of relatively perfect crime reward is a lot of motivation for hacking networks. Many routers home and even carrier are vulnerable to people armed with cisco source code & 0-days. The netsplit doesnt have to be geographical, nor even topological, nor even particularly long-lived. If you control enough people's network routing at a low enough level, you dont even have to stop transactions, nor do any mining work, just stop blocks from the netsplit crossing over, and hold that position for say a day (if your netsplit has 1/24 of network hash rate in it, so the split gets 6 confirmations to reassure the victims) and let the miners do the work. Do enough transactions to do a big cash out (spend differently on the two netsplits). Obviously a big and human inattentive pool, dark-miner etc is the ideal target to put into the netsplit to increase the power while controlling less nodes. Malware could do the same thing for clients, dont forget most are running windows. Malware could also start a miner if none present. >> maybe even from node first install time. > >Protecting against that— making sure any such attack has to start from >a high difficulty— is, in my opinion, the biggest continued >justification for checkpoints. Do you know if there is any downwards limit on difficulty? I know it takes going slow for a long and noticeable time, but I am just curious on the theoretical limit. >> (btw I notice most of the binaries and tar balls are not signed, nor served >> from SSL - at least for linux). > >They are signed. I dont see the signatures. http://bitcoin.org/en/download I see no signatures for linux and none in the tarball. There are some public keys inside the tarball, thats it. Also no SSL. sourceforge support SSL so you can download that. But bitcoin.org doesnt even answer 443, and the source forge link is HTTP. But even if the sourceforge link was SSL one should not serve an SSL download link from an HTTP page, any more than type a password into an HTTPS form action on an HTTP page. The attacker can just redirect and the user doesnt know what is legitimate. Consequently even if there is code signing on the windows exe, the user doesnt know that, nor who they should be signed by, and as they are served via HTTP, its bypassable. I guess by far the easiest way to attack right now (at least linux users) is just to change the binaries to create a user operated netsplit, or just have all their wallets empty to you via a mix once the amount gets interesting. (All attacks hypothetical of course - I'm actually a white-hat type of person). Adam