public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* Re: [Bitcoin-development] Bitcoin-development Digest, Vol 31, Issue 41
       [not found] <mailman.388916.1387882054.12996.bitcoin-development@lists.sourceforge.net>
@ 2013-12-25  6:53 ` Ryan Carboni
  2013-12-25 20:21   ` Allen Piscitello
  0 siblings, 1 reply; 2+ messages in thread
From: Ryan Carboni @ 2013-12-25  6:53 UTC (permalink / raw)
  To: bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 2503 bytes --]

You just completely ignored my point. I'm not sure who's trying to insult
whom, or if you're attempting an argumentum ad hominem. My idea is
completely valid.

The only way to man in the middle to have such a large percentage of hash
power is to either a) attack a pool (which people would notice when their
withdrawals go nowhere), b) attack a large number of nodes, which must have
enough combined hash power to mine four blocks within three days for people
to notice (I think it is unlikely for Bitcoin point of sale nodes to have
significant hash power), or c) the attacker himself has 1% of the hash
power and is diverting it to conduct a man in the middle attack against one
single person (as opposed to a major retailer who has a round the clock IT
staff). In order for a large number of nodes to be attacked, it must be by
someone who either is a state actor or an ISP, at which point you've
already lost.

It's really simple math, it require on even the most optimistic estimates a
tenth of a percent of the total network hash power to mine 4 blocks within
three days with good luck. Or maybe this single person is on vacation, then
it would take a hundredth of a percent of the total hash power over two
weeks. I think very few people even have a hundredth of a percent of the
total hash power, which goes to show how secure the network is, and how
little my proposal would weaken network security. I'll concede that
difficulty could be reduced only by 80% if only four blocks were mined in 3
days, which would provide sufficient margin against these proposed man in
the middle attacks, because block-chain growth would be noticeably reduced.

But I repeat myself. Repeatedly. I wish you would understand my points. I'm
making a good faith effort to provide an original idea before it's possibly
too late. But fine. I have nothing more to add, and it's the holidays.


On Tue, Dec 24, 2013 at 2:47 AM, <
bitcoin-development-request@lists.sourceforge.net> wrote:

> An attacker with some small hashpower isolates you (as an individual)
> from the network by MITMing your network. You just switch the the
> attackers chain as if nothing happened because of the network rule
> that defines it as OK. Today, you will see that you're behind and warn
> the user.
>
> Was it really so hard to write a three-sentence paragraph to clarify
> the attack instead of insulting people? Still, posting ideas here
> without spending time to ensure you understand the Bitcoin network
> well is frowned upon.
>

[-- Attachment #2: Type: text/html, Size: 4090 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Bitcoin-development] Bitcoin-development Digest, Vol 31, Issue 41
  2013-12-25  6:53 ` [Bitcoin-development] Bitcoin-development Digest, Vol 31, Issue 41 Ryan Carboni
@ 2013-12-25 20:21   ` Allen Piscitello
  0 siblings, 0 replies; 2+ messages in thread
From: Allen Piscitello @ 2013-12-25 20:21 UTC (permalink / raw)
  To: Ryan Carboni; +Cc: Bitcoin Development

[-- Attachment #1: Type: text/plain, Size: 3499 bytes --]

No, you don't get it, and it's been explained clearly to you twice.  Take
it to bitcointalk, this does not belong on this list.  Your cure is worse
than the disease.


On Wed, Dec 25, 2013 at 12:53 AM, Ryan Carboni <ryan.jc.pc@gmail.com> wrote:

> You just completely ignored my point. I'm not sure who's trying to insult
> whom, or if you're attempting an argumentum ad hominem. My idea is
> completely valid.
>
> The only way to man in the middle to have such a large percentage of hash
> power is to either a) attack a pool (which people would notice when their
> withdrawals go nowhere), b) attack a large number of nodes, which must have
> enough combined hash power to mine four blocks within three days for people
> to notice (I think it is unlikely for Bitcoin point of sale nodes to have
> significant hash power), or c) the attacker himself has 1% of the hash
> power and is diverting it to conduct a man in the middle attack against one
> single person (as opposed to a major retailer who has a round the clock IT
> staff). In order for a large number of nodes to be attacked, it must be by
> someone who either is a state actor or an ISP, at which point you've
> already lost.
>
> It's really simple math, it require on even the most optimistic estimates
> a tenth of a percent of the total network hash power to mine 4 blocks
> within three days with good luck. Or maybe this single person is on
> vacation, then it would take a hundredth of a percent of the total hash
> power over two weeks. I think very few people even have a hundredth of a
> percent of the total hash power, which goes to show how secure the network
> is, and how little my proposal would weaken network security. I'll concede
> that difficulty could be reduced only by 80% if only four blocks were mined
> in 3 days, which would provide sufficient margin against these proposed man
> in the middle attacks, because block-chain growth would be noticeably
> reduced.
>
> But I repeat myself. Repeatedly. I wish you would understand my points.
> I'm making a good faith effort to provide an original idea before it's
> possibly too late. But fine. I have nothing more to add, and it's the
> holidays.
>
>
> On Tue, Dec 24, 2013 at 2:47 AM, <
> bitcoin-development-request@lists.sourceforge.net> wrote:
>
>> An attacker with some small hashpower isolates you (as an individual)
>> from the network by MITMing your network. You just switch the the
>> attackers chain as if nothing happened because of the network rule
>> that defines it as OK. Today, you will see that you're behind and warn
>> the user.
>>
>> Was it really so hard to write a three-sentence paragraph to clarify
>> the attack instead of insulting people? Still, posting ideas here
>> without spending time to ensure you understand the Bitcoin network
>> well is frowned upon.
>>
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>

[-- Attachment #2: Type: text/html, Size: 5643 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-12-25 20:21 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <mailman.388916.1387882054.12996.bitcoin-development@lists.sourceforge.net>
2013-12-25  6:53 ` [Bitcoin-development] Bitcoin-development Digest, Vol 31, Issue 41 Ryan Carboni
2013-12-25 20:21   ` Allen Piscitello

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox