public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Adam Back <adam@cypherspace.org>
To: Wladimir <laanwj@gmail.com>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] mid-term bitcoin security (Re: Warning message when running wallet in Windows XP (or drop support?))
Date: Wed, 16 Apr 2014 13:06:27 +0200	[thread overview]
Message-ID: <20140416110627.GA8131@netbook.cypherspace.org> (raw)
In-Reply-To: <CA+s+GJB6aThjpMOUodK2Uc-jw=x6rSuRyX5gqsS+mK=DxJ7N5g@mail.gmail.com>

Big picture/mid-term I think air-gaps and zero-trust ecosystem components
are the only solution.  (zero-trust meaning like real-time auditability, or
type 2/type 3 exchanges based on atomic-swap, trustless escrow etc).

Need a mass-production and air-drop of trezors :)

There is one more problem address-substitution via untrusted network/user
and weak site with 1mil lines of swiss-cheese security app-store.  So some
kind of address authentication TOFU.  Aside from X509 bloatware which could
be extended from payment protocol to do that, I'd argue for a native simple
TOFU format like Alan Reiner's multiplier * base approach (where base is the
TOFU handle).  And/or something like the IBE address proposal (which gives a
bandwidth efficiently SPV queryable way to check if funds received).  Worst
case if weil-pairing gets broken it auto-devolves to the current status
quo.

Btw not to reignite the stealth vs reusable address bike shedding, but
contrarily I was thinking it maybe actually better to try to rebrand address
as "invoice number".  People understand double paying an invoice is not a
good idea.  And if they receive the same invoice twice they'll query it.

Adam

On Wed, Apr 16, 2014 at 11:41:48AM +0200, Wladimir wrote:
>   On Wed, Apr 16, 2014 at 10:45 AM, Melvin Carvalho
>   <[1]melvincarvalho@gmail.com> wrote:
>
>   XP with a trezor would work fine tho?
>
>   Probably - but that's a very rare edge case. People that are security
>   conscious enough to buy a Trezor will not run XP. Also I don't dare to
>   say that there is not some way to sociaal-engineer the user with
>   malware on a compromised OS even with a trezor.
>   Maybe: for 0.9.2 add a warning message and push people to upgrade
>   (either to Win8.1 or something else), then in the next major release
>   0.10.0 drop XP support completely.
>   Wladimir
>
>References
>
>   1. mailto:melvincarvalho@gmail.com

>------------------------------------------------------------------------------
>Learn Graph Databases - Download FREE O'Reilly Book
>"Graph Databases" is the definitive new guide to graph databases and their
>applications. Written by three acclaimed leaders in the field,
>this first edition is now available. Download your free book today!
>http://p.sf.net/sfu/NeoTech

>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development




  reply	other threads:[~2014-04-16 11:06 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-16  8:14 [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?) Wladimir
2014-04-16  8:45 ` Melvin Carvalho
2014-04-16  9:41   ` Wladimir
2014-04-16 11:06     ` Adam Back [this message]
2014-04-18 14:26       ` [Bitcoin-development] mid-term bitcoin security (Re: Warning message when running wallet in Windows XP (or drop support?)) Jeff Garzik
2014-04-18 14:39       ` Justus Ranvier
2014-04-16 15:12 ` [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?) Kevin
2014-04-16 15:20   ` Pieter Wuille
2014-04-16 15:28     ` Wladimir
2014-04-16 16:27       ` Kevin
2014-04-16 16:35         ` Mark Friedenbach
2014-04-16 16:41           ` Chris Williams
2014-04-16 16:44             ` Mark Friedenbach
2014-04-16 16:50               ` Chris Williams
2014-04-16 18:59             ` Kevin
2014-04-16 19:43       ` Adam Back
2014-04-16 20:42     ` Roy Badami
2014-04-16 21:10       ` Laszlo Hanyecz
2014-04-16 21:29         ` Kevin
2014-04-16 21:39           ` Mark Friedenbach
2014-04-16 22:00             ` Pieter Wuille
2014-04-16 15:23   ` Mark Friedenbach
2014-04-16 22:06 ` Gregory Maxwell
2014-04-17  7:39   ` Wladimir
     [not found] ` <CACKnu1prEkZb5L4bGeKfjHtW+1CLmAuYr2-OWq0z5z+SvxhLTg@mail.gmail.com>
2014-04-17  7:27   ` Wladimir

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140416110627.GA8131@netbook.cypherspace.org \
    --to=adam@cypherspace.org \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=laanwj@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox