public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Natanael <natanael.l@gmail.com>
To: Brian Erdelyi <brian.erdelyi@gmail.com>
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware
Date: Sat, 31 Jan 2015 23:38:55 +0100	[thread overview]
Message-ID: <CAAt2M18kRgJeNGu9GeKabRpTKPX9rVeoYiKoanz99bmV2jaf4w@mail.gmail.com> (raw)
In-Reply-To: <27395C55-CF59-4E65-83CA-73F903272C5F@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2470 bytes --]

Den 31 jan 2015 23:17 skrev "Brian Erdelyi" <brian.erdelyi@gmail.com>:
>
> Hello all,
>
> The number of incidents involving malware targeting bitcoin users
continues to rise.  One category of virus I find particularly nasty is when
the bitcoin address you are trying to send money to is modified before the
transaction is signed and recorded in the block chain.  This behaviour
allows the malware to evade two-factor authentication by becoming active
only when the bitcoin address is entered.  This is very similar to how
man-in-the-browser malware attack online banking websites.
>
> Out of band transaction verification/signing is one method used with
online banking to help protect against this.  This can be done in a variety
of ways with SMS, voice, mobile app or even security tokens.  This video
demonstrates how HSBC uses a security token to verify transactions online.
https://www.youtube.com/watch?v=Sh2Iha88agE.
>
> Many Bitcoin wallets and services already use Open Authentication (OATH)
based one-time passwords (OTP).  Is there any interest (or existing work)
in in the Bitcoin community adopting the OATH Challenge-Response Algorithm
(OCRA) for verifying transactions?
>
> I know there are other forms of malware, however, I want to get thoughts
on this approach as it would involve the use of a decimal representation of
the bitcoin address (depending on particular application).  In the HSBC
example (see YouTube video above), this was the last 8 digits of the
recipient’s account number.  Would it make sense to convert a bitcoin
address to decimal and then truncate to 8 digits for this purpose?  I
understand that truncating the number in some way only increases the
likelihood for collisions… however, would this still be practical or could
the malware generate a rogue bitcoin address that would produce the same 8
digits of the legitimate bitcoin address?

See vanitygen. Yes, 8 characters can be bruteforced.

You need about 100 bits of security for strong security, and at the very
least NOT less than ~64 (see distributed bruteforce projects attacking 64
bit keys for reference, you can find plenty via Google).

You shouldn't rely on mechanisms intended to be used for one-shot auth
where the secret is supposed to be unguessable for another system where the
attacker knows what the target string is and have a fair amount of time to
attempt bruteforce.

Use something more like HMAC instead.

[-- Attachment #2: Type: text/html, Size: 2733 bytes --]

  reply	other threads:[~2015-01-31 22:39 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-31 22:15 [Bitcoin-development] Proposal to address Bitcoin malware Brian Erdelyi
2015-01-31 22:38 ` Natanael [this message]
2015-01-31 23:04   ` Brian Erdelyi
2015-01-31 23:37     ` Natanael
2015-01-31 23:41       ` Natanael
2015-02-01 12:49         ` Brian Erdelyi
2015-02-01 13:31           ` Martin Habovštiak
2015-02-01 13:46             ` Mike Hearn
2015-02-01 13:54             ` Brian Erdelyi
2015-02-01 13:48           ` Mike Hearn
2015-02-01 14:28 ` mbde
2015-02-02 17:40   ` Brian Erdelyi
2015-02-02 17:54     ` Martin Habovštiak
2015-02-02 17:59       ` Mike Hearn
2015-02-02 18:02         ` Martin Habovštiak
2015-02-02 18:25           ` Mike Hearn
2015-02-02 18:35             ` Brian Erdelyi
2015-02-02 18:45               ` Eric Voskuil
2015-02-02 19:58                 ` Brian Erdelyi
2015-02-02 20:57                   ` Joel Joonatan Kaartinen
2015-02-02 21:03                     ` Brian Erdelyi
2015-02-02 21:09                       ` Pedro Worcel
2015-02-02 21:30                         ` devrandom
2015-02-02 21:49                           ` Brian Erdelyi
2015-02-02 21:42                         ` Brian Erdelyi
2015-02-02 21:02                   ` Pedro Worcel
2015-02-03  7:38                   ` Eric Voskuil
2015-02-02 18:10         ` Brian Erdelyi
2015-02-02 18:07       ` Brian Erdelyi
2015-02-02 18:05     ` Eric Voskuil
2015-02-02 18:53       ` Mike Hearn
2015-02-02 22:54         ` Eric Voskuil
2015-02-03  0:41           ` Eric Voskuil

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAt2M18kRgJeNGu9GeKabRpTKPX9rVeoYiKoanz99bmV2jaf4w@mail.gmail.com \
    --to=natanael.l@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=brian.erdelyi@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox