1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <alex.mizrahi@gmail.com>) id 1YsVk0-0007Vm-JO
for bitcoin-development@lists.sourceforge.net;
Wed, 13 May 2015 12:26:24 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 74.125.82.44 as permitted sender)
client-ip=74.125.82.44; envelope-from=alex.mizrahi@gmail.com;
helo=mail-wg0-f44.google.com;
Received: from mail-wg0-f44.google.com ([74.125.82.44])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YsVjz-0005bG-Gm
for bitcoin-development@lists.sourceforge.net;
Wed, 13 May 2015 12:26:24 +0000
Received: by wgbhc8 with SMTP id hc8so8175953wgb.3
for <bitcoin-development@lists.sourceforge.net>;
Wed, 13 May 2015 05:26:17 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.231.4 with SMTP id tc4mr14156576wic.27.1431519977480;
Wed, 13 May 2015 05:26:17 -0700 (PDT)
Received: by 10.27.102.73 with HTTP; Wed, 13 May 2015 05:26:17 -0700 (PDT)
In-Reply-To: <CAE-z3OVBUu=6sqNc3RUJqFPuqhPdw1Ej0RZ-tSygoQ6LowhVXg@mail.gmail.com>
References: <5550D8BE.6070207@electrum.org>
<ce3d34c92efd1cf57326e4679550944e@national.shitposting.agency>
<CABsx9T1VgxEJWxrYTs+2hXGnGrSLGJ6mVcAexjXLvK7Vu+e3EA@mail.gmail.com>
<5551F376.4050008@electrum.org>
<CABsx9T1h7p3hDr7ty43uxsYs-oNRpndzg=dowST2tXtogxRm2g@mail.gmail.com>
<555210AF.3090705@electrum.org>
<CABsx9T3AxM3et7hgXx3+Rn3BvhQkF-Cn797sHcyztkMpD1UQmA@mail.gmail.com>
<55531E19.3090503@electrum.org>
<CAE-z3OXa8vk6Q1EBChoRYDOLKw--CXNXz4AokXCbVam_8LFFDg@mail.gmail.com>
<CAE28kURWFveC0B-WvFebMpGm1GY-8juxQ+UDpuYtOwVnbOgu-A@mail.gmail.com>
<CAE-z3OVBUu=6sqNc3RUJqFPuqhPdw1Ej0RZ-tSygoQ6LowhVXg@mail.gmail.com>
Date: Wed, 13 May 2015 15:26:17 +0300
Message-ID: <CAE28kUR-0ozFg6D4Es7RCm1pA5xaW-E1R_YSTRRTj3z4XXiWxw@mail.gmail.com>
From: Alex Mizrahi <alex.mizrahi@gmail.com>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a1134cc28bf26c80515f5b72c
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(alex.mizrahi[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YsVjz-0005bG-Gm
Subject: Re: [Bitcoin-development] Long-term mining incentives
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 12:26:24 -0000
--001a1134cc28bf26c80515f5b72c
Content-Type: text/plain; charset=UTF-8
Let's consider a concrete example:
1. User wants to accept Bitcoin payments, as his customers want this.
2. He downloads a recent version of Bitcoin Core, checks hashes and so on.
(Maybe even builds from source.)
3. Let's it to sync for several hours or days.
4. After wallet is synced, he gives his address to customer.
5. Customer pays.
6. User waits 10 confirmations and ships the goods. (Suppose it's something
very expensive.)
7. Some time later, user wants to convert some of his bitcoins to dollars.
He sends his bitcoins to an exchange but they never arrive.
He tries to investigate, and after some time discovers that his router (or
his ISP's router) was hijacked. His Bitcoin node couldn't connect to any of
the legitimate nodes, and thus got a complete fake chain from the attacker.
Bitcoins he received were totally fake.
Bitcoin Core did a shitty job and confirmed some fake transactions.
User doesn't care that *if *his network was not impaired, Bitcoin Core *would
have *worked properly.
The main duty of Bitcoin Core is to check whether transactions are
confirmed, and if it can be fooled by a simple router hack, then it does
its job poorly.
If you don't see it being a problem, you should't be allowed to develop
anything security-related.
If a node is connected to 99 dishonest nodes and 1 honest node, it can
> still sync with the main network.
>
Yes, it is good against Sybil attack, but not good against a network-level
attack.
Attack on user's routers is a very realistic, plausible attack.
Imagine if SSL could be hacked by hacking a router, would people still use
it?
Fucking no.
> A 3 month reversal would be devastating, so the checkpoint isn't adding
> much extra security.
>
WIthout checkpoints an attacker could prepare a fork for $10.
With checkpoints, it would cost him at least $1000, but more likely upwards
of $100000.
That's quite a difference, no?
I do not care what do you think about the reasons why checkpoints were
added, but it is a fact that they make the attack scenario I describe above
hard to impossible.
Without checkpoints, you could perform this attack using a laptop.
With checkpoints, you need access to significant amounts of mining ASICs.
--001a1134cc28bf26c80515f5b72c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Let's consider a concrete example:<div><br></div><div>=
1. User wants to accept Bitcoin payments, as his customers want this.</div>=
<div>2. He downloads a recent version of Bitcoin Core, checks hashes and so=
on. (Maybe even builds from source.)</div><div>3. Let's it to sync for=
several hours or days.</div><div>4. After wallet is synced, he gives his a=
ddress to customer.</div><div>5. Customer pays.=C2=A0</div><div>6. User wai=
ts 10 confirmations and ships the goods. (Suppose it's something very e=
xpensive.)</div><div>7. Some time later, user wants to convert some of his =
bitcoins to dollars. He sends his bitcoins to an exchange but they never ar=
rive.</div><div><br></div><div>He tries to investigate, and after some time=
discovers that his router (or his ISP's router) was hijacked. His Bitc=
oin node couldn't connect to any of the legitimate nodes, and thus got =
a complete fake chain from the attacker.</div><div>Bitcoins he received wer=
e totally fake.</div><div><br></div><div>Bitcoin Core did a shitty job and =
confirmed some fake transactions.</div><div>User doesn't care that <i>i=
f </i>his network was not impaired, Bitcoin Core <i>would have </i>worked p=
roperly.</div><div>The main duty of Bitcoin Core is to check whether transa=
ctions are confirmed, and if it can be fooled by a simple router hack, then=
it does its job poorly.</div><div><br></div><div>If you don't see it b=
eing a problem, you should't be allowed to develop anything security-re=
lated.</div><div><br></div><div><div class=3D"gmail_extra"><div class=3D"gm=
ail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bor=
der-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gm=
ail_extra"><div class=3D"gmail_quote"><div>If a node is connected to 99 dis=
honest nodes and 1 honest node, it can still sync with the main network.<br=
></div></div></div></div></blockquote><div><br></div><div>Yes, it is good a=
gainst Sybil attack, but not good against a network-level attack.</div><div=
>Attack on user's routers is a very realistic, plausible attack.</div><=
div>Imagine if SSL could be hacked by hacking a router, would people still =
use it?</div><div><br></div><div>Fucking no.</div><div>=C2=A0=C2=A0</div><b=
lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
#ccc solid;padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmail_extra"><d=
iv class=3D"gmail_quote"><div></div><div>A 3 month reversal would be devast=
ating, so the checkpoint isn't adding much extra security.<br></div></d=
iv></div></div></blockquote><div><br></div><div>WIthout checkpoints an atta=
cker could prepare a fork for $10.</div><div>With checkpoints, it would cos=
t him at least $1000, but more likely upwards of $100000.</div><div>That=
9;s quite a difference, no?</div><div><br></div><div>I do not care what do =
you think about the reasons why checkpoints were added, but it is a fact th=
at they make the attack scenario I describe above hard to impossible.</div>=
<div><br></div><div>Without checkpoints, you could perform this attack usin=
g a laptop.</div><div>With checkpoints, you need access to significant amou=
nts of mining ASICs.</div><div><br></div></div></div></div></div>
--001a1134cc28bf26c80515f5b72c--
|