From: Allen Piscitello <allen.piscitello@gmail.com>
To: Mark Friedenbach <mark@monetize.io>
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Message Signing based authentication
Date: Sat, 2 Nov 2013 19:29:28 -0500 [thread overview]
Message-ID: <CAJfRnm6Jbm+6__zgvodAroDWRugyX_4atHH1k4+U9_1-GLThjw@mail.gmail.com> (raw)
In-Reply-To: <527573DA.7010203@monetize.io>
[-- Attachment #1: Type: text/plain, Size: 3050 bytes --]
This was one of my concerns when implementing a scheme where you sign a
refund transaction before the original transaction is broadcast. I
originally tried to pass a hash and have the server sign it. However, I
had no way to know that what I was signing wasn't a transaction that was
spending my coins! So I changed the code to require sending the full
transaction, not just the hash. The other way to mitigate this is through
not having any unspent outputs from this key.
For authentication, you could have both a user-generated and
server-generated portion, so that you signed something that clearly had
data from you, so even if the server-data was a hash of $EVIL_DOCUMENT, you
have clear plausible deniability in that your data that is also signed is
"ATTEMPTING LOGIN TO XYZ.COM Hash($EVIL_DOCUMENT)".
On Sat, Nov 2, 2013 at 4:51 PM, Mark Friedenbach <mark@monetize.io> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Or SIGHASH of a transaction spending those coins or updating the SIN...
>
> On 11/2/13 2:14 PM, Johnathan Corgan wrote:> On 11/01/2013 10:01 PM,
> bitcoingrant@gmx.com wrote:
> >
> >> Server provides a token for the client to sign.
> >
> > Anyone else concerned about signing an arbitrary string? Could be
> > a hash of $EVIL_DOCUMENT, no? I'd want to XOR the string with my
> > own randomly generated nonce, sign that, then pass the nonce and
> > the signature back to the server for verification.
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJSdXPaAAoJEAdzVfsmodw4+m8P/1Ce/PwZOYfiFuFJ8pmT2tb2
> ro7tw7zSr12RSTvs+qRl7lDzJzQ6BDXOdXZCkcU0Vj3TDm8fdrrXN/iw3iQYU/5Y
> 3K7hj2mGqQUMovCLw0CbrMWrMvor7FhO6MZsRwe0+VxDV/dDrX5f5vSEhnkR26be
> NrzOFU4hqGM3R4eLq8Bmw5rVD/VCrRzKoXXAvJb1EwM1+fQPjKi+bNMJu3reyfXU
> 5eMbbiM6tUMmPXy9M6vZrN+6ad53x3KUVP6+/hXxsrnfPp57WQzRZlvwTo/qdJ1C
> Oxl71m6o2zkXbLTFmg1xmK/A4V1BPTLD6nLDIsw+wTBBfdn22pfDv6Q8d3VRctrd
> 6x+PMkwysoMjhemmkXCY/7G9GD6AGsrYSqIShSULd9QO5WxAFzRO01ewiRUCUFHi
> Dn0LEjy8/R/CWK3jvj9uL3vQh9DLdOtqf/X7cEtjF3LThVP+stFTsmXObhTh/8Ai
> YYjpnwOFG5ZtDzRZfP3OCwyhqlsaMlNgN4xnyR4GPaoJRP3a0zllblIbTWzg6nhY
> jbON5Ec9N9txGhagYOoAvcQYqGyJdffkBzW82CRUsFYuYYmW2oLUQXPhAGDBIzzj
> g/7RjMlM1OEp3qctxMZQlrTj7VJmhD768PRLh2XvEDmEC5Qb8Tcq28Nq5t85/O/6
> i3+pzT5rMuiIZWLx7Msv
> =tAUY
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
[-- Attachment #2: Type: text/html, Size: 4119 bytes --]
next prev parent reply other threads:[~2013-11-03 0:29 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-02 5:01 [Bitcoin-development] Message Signing based authentication bitcoingrant
2013-11-02 5:54 ` Luke-Jr
2013-11-02 13:02 ` Mike Hearn
2013-11-02 13:16 ` Melvin Carvalho
2013-11-02 13:19 ` Hannu Kotipalo
2013-11-02 16:26 ` Mike Hearn
2013-11-02 16:26 ` Mike Hearn
2013-11-02 16:52 ` Melvin Carvalho
2013-11-02 17:08 ` Jeff Garzik
2013-11-02 17:16 ` Hannu Kotipalo
2013-11-02 21:14 ` Johnathan Corgan
2013-11-02 21:51 ` Mark Friedenbach
2013-11-03 0:29 ` Allen Piscitello [this message]
2013-11-03 0:33 ` Luke-Jr
2013-11-03 1:19 ` Allen Piscitello
2013-11-03 1:27 ` Luke-Jr
2013-11-03 1:36 ` Allen Piscitello
2013-11-03 6:23 ` Timo Hanke
2013-11-06 3:38 ` Melvin Carvalho
2013-11-02 21:57 ` slush
2013-11-06 3:01 ` Melvin Carvalho
2013-11-06 6:41 ` slush
2013-12-06 10:44 ` Melvin Carvalho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJfRnm6Jbm+6__zgvodAroDWRugyX_4atHH1k4+U9_1-GLThjw@mail.gmail.com \
--to=allen.piscitello@gmail.com \
--cc=bitcoin-development@lists.sourceforge.net \
--cc=mark@monetize.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox