public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Tamas Blummer <tamas@bitsofproof.com>
To: slush <slush@centrum.cz>
Cc: "bitcoin-development@lists.sourceforge.net"
	<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] SIGHASH_WITHINPUTVALUE
Date: Fri, 23 Jan 2015 17:08:50 +0100	[thread overview]
Message-ID: <954BF4E3-8DF2-4927-9E25-C5D66127FFA5@bitsofproof.com> (raw)
In-Reply-To: <CAJna-HiXxt5E=FBiDuWMCKrK4C0dcvhHEjTAoK3LGQLafJOqtQ@mail.gmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 1185 bytes --]

You mean an isolated signing device without memory right? 

An isolated node would still know the transactions substantiating its coins, why would it sign them away to fees ?

Tamas Blummer

On Jan 23, 2015, at 4:47 PM, slush <slush@centrum.cz> wrote:

> Correct, plus the most likely scenario in such attack is that the malware even don't push such tx with excessive fees to the network, but send it directly to attacker's pool/miner.
> 
> M.
> 
> On Fri, Jan 23, 2015 at 4:42 PM, Alan Reiner <etotheipi@gmail.com> wrote:
> Unfortunately, one major attack vector is someone isolating your node, getting you to sign away your whole wallet to fee, and then selling it to a mining pool to mine it before you can figure why your transactions aren't making it to the network.  In such an attack, the relay rules aren't relevant, and if the attacker can DoS you for 24 hours, it doesn't take a ton of mining power to make the attack extremely likely to succeed.
> 
> 
> 
> 
> On 01/23/2015 10:31 AM, Tamas Blummer wrote:
>> Not a fix, but would reduce the financial risk, if nodes were not relaying excessive fee transactions.
>> 
>> Tamas Blummer
>> 
>> 
> 
> 


[-- Attachment #1.2: Type: text/html, Size: 3624 bytes --]

[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]

  reply	other threads:[~2015-01-23 16:09 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-23 14:51 [Bitcoin-development] SIGHASH_WITHINPUTVALUE slush
2015-01-23 15:24 ` Alan Reiner
2015-01-23 15:40   ` slush
2015-01-23 16:05   ` Gregory Maxwell
2015-01-23 16:18     ` slush
2015-01-23 16:52       ` Gregory Maxwell
2015-01-23 17:40         ` slush
2015-01-23 18:51           ` Gregory Maxwell
2015-01-23 19:19             ` slush
2015-01-23 16:23     ` Alan Reiner
2015-01-23 16:27     ` Alan Reiner
2015-01-23 16:33       ` Alan Reiner
2015-01-23 16:35       ` slush
2015-01-23 17:49         ` Peter Todd
2015-01-23 15:31 ` Tamas Blummer
2015-01-23 15:42   ` Alan Reiner
2015-01-23 15:47     ` slush
2015-01-23 16:08       ` Tamas Blummer [this message]
2015-01-23 16:12         ` Adam Back
2015-01-23 16:17           ` Adam Back

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=954BF4E3-8DF2-4927-9E25-C5D66127FFA5@bitsofproof.com \
    --to=tamas@bitsofproof.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=slush@centrum.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox