From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Vvuxb-0007Iy-So for bitcoin-development@lists.sourceforge.net; Wed, 25 Dec 2013 20:21:43 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.82.46 as permitted sender) client-ip=74.125.82.46; envelope-from=allen.piscitello@gmail.com; helo=mail-wg0-f46.google.com; Received: from mail-wg0-f46.google.com ([74.125.82.46]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Vvuxa-0000kj-H6 for bitcoin-development@lists.sourceforge.net; Wed, 25 Dec 2013 20:21:43 +0000 Received: by mail-wg0-f46.google.com with SMTP id m15so6715795wgh.25 for ; Wed, 25 Dec 2013 12:21:36 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.180.215.3 with SMTP id oe3mr26431894wic.35.1388002896325; Wed, 25 Dec 2013 12:21:36 -0800 (PST) Received: by 10.194.190.133 with HTTP; Wed, 25 Dec 2013 12:21:36 -0800 (PST) In-Reply-To: References: Date: Wed, 25 Dec 2013 14:21:36 -0600 Message-ID: From: Allen Piscitello To: Ryan Carboni Content-Type: multipart/alternative; boundary=001a11360b7c9530e404ee619b32 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: doubleclick.net] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (allen.piscitello[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Vvuxa-0000kj-H6 Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Bitcoin-development Digest, Vol 31, Issue 41 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2013 20:21:44 -0000 --001a11360b7c9530e404ee619b32 Content-Type: text/plain; charset=ISO-8859-1 No, you don't get it, and it's been explained clearly to you twice. Take it to bitcointalk, this does not belong on this list. Your cure is worse than the disease. On Wed, Dec 25, 2013 at 12:53 AM, Ryan Carboni wrote: > You just completely ignored my point. I'm not sure who's trying to insult > whom, or if you're attempting an argumentum ad hominem. My idea is > completely valid. > > The only way to man in the middle to have such a large percentage of hash > power is to either a) attack a pool (which people would notice when their > withdrawals go nowhere), b) attack a large number of nodes, which must have > enough combined hash power to mine four blocks within three days for people > to notice (I think it is unlikely for Bitcoin point of sale nodes to have > significant hash power), or c) the attacker himself has 1% of the hash > power and is diverting it to conduct a man in the middle attack against one > single person (as opposed to a major retailer who has a round the clock IT > staff). In order for a large number of nodes to be attacked, it must be by > someone who either is a state actor or an ISP, at which point you've > already lost. > > It's really simple math, it require on even the most optimistic estimates > a tenth of a percent of the total network hash power to mine 4 blocks > within three days with good luck. Or maybe this single person is on > vacation, then it would take a hundredth of a percent of the total hash > power over two weeks. I think very few people even have a hundredth of a > percent of the total hash power, which goes to show how secure the network > is, and how little my proposal would weaken network security. I'll concede > that difficulty could be reduced only by 80% if only four blocks were mined > in 3 days, which would provide sufficient margin against these proposed man > in the middle attacks, because block-chain growth would be noticeably > reduced. > > But I repeat myself. Repeatedly. I wish you would understand my points. > I'm making a good faith effort to provide an original idea before it's > possibly too late. But fine. I have nothing more to add, and it's the > holidays. > > > On Tue, Dec 24, 2013 at 2:47 AM, < > bitcoin-development-request@lists.sourceforge.net> wrote: > >> An attacker with some small hashpower isolates you (as an individual) >> from the network by MITMing your network. You just switch the the >> attackers chain as if nothing happened because of the network rule >> that defines it as OK. Today, you will see that you're behind and warn >> the user. >> >> Was it really so hard to write a three-sentence paragraph to clarify >> the attack instead of insulting people? Still, posting ideas here >> without spending time to ensure you understand the Bitcoin network >> well is frowned upon. >> > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --001a11360b7c9530e404ee619b32 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
No, you don't get it, and it's been explained clea= rly to you twice. =A0Take it to bitcointalk, this does not belong on this l= ist. =A0Your cure is worse than the disease.


On Wed, Dec 25, 2013 at 12:53 AM, Ryan Carbo= ni <ryan.jc.pc@gmail.com> wrote:
You just completely ignored my point. I'm not sure who= 's trying to insult whom, or if you're attempting an argumentum ad = hominem. My idea is completely valid.

The only way to ma= n in the middle to have such a large percentage of hash power is to either = a) attack a pool (which people would notice when their withdrawals go nowhe= re), b) attack a large number of nodes, which must have enough combined has= h power to mine four blocks within three days for people to notice (I think= it is unlikely for Bitcoin point of sale nodes to have significant hash po= wer), or c) the attacker himself has 1% of the hash power and is diverting = it to conduct a man in the middle attack against one single person (as oppo= sed to a major retailer who has a round the clock IT staff). In order for a= large number of nodes to be attacked, it must be by someone who either is = a state actor or an ISP, at which point you've already lost.

It's really simple math, it require on even the mos= t optimistic estimates a tenth of a percent of the total network hash power= to mine 4 blocks within three days with good luck. Or maybe this single pe= rson is on vacation, then it would take a hundredth of a percent of the tot= al hash power over two weeks. I think very few people even have a hundredth= of a percent of the total hash power, which goes to show how secure the ne= twork is, and how little my proposal would weaken network security. I'l= l concede that difficulty could be reduced only by 80% if only four blocks = were mined in 3 days, which would provide sufficient margin against these p= roposed man in the middle attacks, because block-chain growth would be noti= ceably reduced.

But I repeat myself. Repeatedly. I wish you would under= stand my points. I'm making a good faith effort to provide an original = idea before it's possibly too late. But fine. I have nothing more to ad= d, and it's the holidays.


On Tue, = Dec 24, 2013 at 2:47 AM, <bitcoin-develop= ment-request@lists.sourceforge.net> wrote:
An attacker with some small hashpower isolates you (as an individual)
from the networ= k by MITMing your network. You just switch the the
attackers chain as if nothing happened because of = the network rule
that defines it= as OK. Today, you will see that you're behind and warn
the user.

Was it really so hard to write a= three-sentence paragraph to clarify
the attack inst= ead of insulting people? Still, posting ideas here
without spending time to ensure you understand the= Bitcoin network
well is frowned= upon.

-----------------------------------------------------------------------= -------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance=
affects their revenue. With AppDynamics, you get 100% visibility into your<= br> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynami= cs Pro!
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D84349831&iu=3D/4140/ostg.clktrk
___________________= ____________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment


--001a11360b7c9530e404ee619b32--