public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Electrum security model concerns
Date: Thu, 15 Nov 2012 18:45:09 -0500	[thread overview]
Message-ID: <CAAS2fgQWpkJZ26qx6_2ECVg3qGFw7H5Nx9L0ow0bboD6PWV4Lg@mail.gmail.com> (raw)
In-Reply-To: <CAAS2fgTVp7PhdJMfz-huyOsp=6Ca9wH6cVkedMgntXnK+ZpDXg@mail.gmail.com>

On Sat, Oct 6, 2012 at 12:37 PM, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> I'm concerned about how the particular security model of electrum is
> being described; or rather— not being described.

Just to close the loop on this: I finally got in touch with Thomas on
IRC and walked over the security issues I brought up here, plus a
number of other ones.

He took the concerns seriously and rapidly redesigned big swaths of
electrum to eliminate the issues structurally.  Electrum no longer a
classical thin client it is now a slightly watered down
simplified-payment-validation node with generally the same security
properties as other SPV nodes. Its network behavior leaves it somewhat
more vulnerable to isolation and compromise by a high hash power
attacker, because it does not (yet) make an effort to make sure it's
really on the longest chain. It is also more vulnerable to transaction
hiding (a DOS attack) for similar reasons.  But this is still a
massive improvement.  The UI was also changed and the confirmation
status of payments is no longer hidden.

There are still things to improve— both in the client and the security
communication to users. But I wanted to leave a note that it's come a
long way and that I now feel confident that any remaining issues will
be resolved.



  parent reply	other threads:[~2012-11-15 23:45 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-06 16:37 [Bitcoin-development] Electrum security model concerns Gregory Maxwell
2012-10-08 11:52 ` Mike Hearn
2012-10-09  3:22   ` Gregory Maxwell
2012-10-10 11:19     ` Mike Hearn
2012-10-10 14:06       ` Gary Rowe
2012-10-10 15:23       ` Gregory Maxwell
2012-10-10 15:55         ` Mike Hearn
2012-11-15 23:45 ` Gregory Maxwell [this message]
2012-11-16 15:59   ` Mike Hearn
2012-11-16 17:44     ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAS2fgQWpkJZ26qx6_2ECVg3qGFw7H5Nx9L0ow0bboD6PWV4Lg@mail.gmail.com \
    --to=gmaxwell@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox