From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VviLx-0002di-Lu for bitcoin-development@lists.sourceforge.net; Wed, 25 Dec 2013 06:54:01 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.178 as permitted sender) client-ip=209.85.212.178; envelope-from=ryacko@gmail.com; helo=mail-wi0-f178.google.com; Received: from mail-wi0-f178.google.com ([209.85.212.178]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VviLw-0007vz-FG for bitcoin-development@lists.sourceforge.net; Wed, 25 Dec 2013 06:54:01 +0000 Received: by mail-wi0-f178.google.com with SMTP id bz8so7830353wib.5 for ; Tue, 24 Dec 2013 22:53:54 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.194.240.41 with SMTP id vx9mr100799wjc.70.1387954434161; Tue, 24 Dec 2013 22:53:54 -0800 (PST) Sender: ryacko@gmail.com Received: by 10.194.188.6 with HTTP; Tue, 24 Dec 2013 22:53:54 -0800 (PST) In-Reply-To: References: Date: Tue, 24 Dec 2013 22:53:54 -0800 X-Google-Sender-Auth: r3AFo2s9tMEku0uefYmmtCqvCVM Message-ID: From: Ryan Carboni To: bitcoin-development@lists.sourceforge.net Content-Type: multipart/alternative; boundary=001a11c28dcc03421a04ee5653a4 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ryacko[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1VviLw-0007vz-FG Subject: Re: [Bitcoin-development] Bitcoin-development Digest, Vol 31, Issue 41 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Dec 2013 06:54:01 -0000 --001a11c28dcc03421a04ee5653a4 Content-Type: text/plain; charset=ISO-8859-1 You just completely ignored my point. I'm not sure who's trying to insult whom, or if you're attempting an argumentum ad hominem. My idea is completely valid. The only way to man in the middle to have such a large percentage of hash power is to either a) attack a pool (which people would notice when their withdrawals go nowhere), b) attack a large number of nodes, which must have enough combined hash power to mine four blocks within three days for people to notice (I think it is unlikely for Bitcoin point of sale nodes to have significant hash power), or c) the attacker himself has 1% of the hash power and is diverting it to conduct a man in the middle attack against one single person (as opposed to a major retailer who has a round the clock IT staff). In order for a large number of nodes to be attacked, it must be by someone who either is a state actor or an ISP, at which point you've already lost. It's really simple math, it require on even the most optimistic estimates a tenth of a percent of the total network hash power to mine 4 blocks within three days with good luck. Or maybe this single person is on vacation, then it would take a hundredth of a percent of the total hash power over two weeks. I think very few people even have a hundredth of a percent of the total hash power, which goes to show how secure the network is, and how little my proposal would weaken network security. I'll concede that difficulty could be reduced only by 80% if only four blocks were mined in 3 days, which would provide sufficient margin against these proposed man in the middle attacks, because block-chain growth would be noticeably reduced. But I repeat myself. Repeatedly. I wish you would understand my points. I'm making a good faith effort to provide an original idea before it's possibly too late. But fine. I have nothing more to add, and it's the holidays. On Tue, Dec 24, 2013 at 2:47 AM, < bitcoin-development-request@lists.sourceforge.net> wrote: > An attacker with some small hashpower isolates you (as an individual) > from the network by MITMing your network. You just switch the the > attackers chain as if nothing happened because of the network rule > that defines it as OK. Today, you will see that you're behind and warn > the user. > > Was it really so hard to write a three-sentence paragraph to clarify > the attack instead of insulting people? Still, posting ideas here > without spending time to ensure you understand the Bitcoin network > well is frowned upon. > --001a11c28dcc03421a04ee5653a4 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
You just completely ignored my point. I'm not sure who= 's trying to insult whom, or if you're attempting an argumentum ad = hominem. My idea is completely valid.

The only way to ma= n in the middle to have such a large percentage of hash power is to either = a) attack a pool (which people would notice when their withdrawals go nowhe= re), b) attack a large number of nodes, which must have enough combined has= h power to mine four blocks within three days for people to notice (I think= it is unlikely for Bitcoin point of sale nodes to have significant hash po= wer), or c) the attacker himself has 1% of the hash power and is diverting = it to conduct a man in the middle attack against one single person (as oppo= sed to a major retailer who has a round the clock IT staff). In order for a= large number of nodes to be attacked, it must be by someone who either is = a state actor or an ISP, at which point you've already lost.

It's really simple math, it require on even the mos= t optimistic estimates a tenth of a percent of the total network hash power= to mine 4 blocks within three days with good luck. Or maybe this single pe= rson is on vacation, then it would take a hundredth of a percent of the tot= al hash power over two weeks. I think very few people even have a hundredth= of a percent of the total hash power, which goes to show how secure the ne= twork is, and how little my proposal would weaken network security. I'l= l concede that difficulty could be reduced only by 80% if only four blocks = were mined in 3 days, which would provide sufficient margin against these p= roposed man in the middle attacks, because block-chain growth would be noti= ceably reduced.

But I repeat myself. Repeatedly. I wish you would under= stand my points. I'm making a good faith effort to provide an original = idea before it's possibly too late. But fine. I have nothing more to ad= d, and it's the holidays.


On Tue, = Dec 24, 2013 at 2:47 AM, <bitcoin-develop= ment-request@lists.sourceforge.net> wrote:
An attacker with some small hashpower isolates you (as an individual)
from the networ= k by MITMing your network. You just switch the the
attackers chain as if nothing happened because of = the network rule
that defines it= as OK. Today, you will see that you're behind and warn
the user.

Was it really so hard to write a= three-sentence paragraph to clarify
the attack inst= ead of insulting people? Still, posting ideas here
without spending time to ensure you understand the= Bitcoin network
well is frowned= upon.
--001a11c28dcc03421a04ee5653a4--