1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <joel.kaartinen@gmail.com>) id 1YIO3S-0004tT-Ts
for bitcoin-development@lists.sourceforge.net;
Mon, 02 Feb 2015 20:57:10 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.214.180 as permitted sender)
client-ip=209.85.214.180; envelope-from=joel.kaartinen@gmail.com;
helo=mail-ob0-f180.google.com;
Received: from mail-ob0-f180.google.com ([209.85.214.180])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YIO3R-0001ZE-LW
for bitcoin-development@lists.sourceforge.net;
Mon, 02 Feb 2015 20:57:10 +0000
Received: by mail-ob0-f180.google.com with SMTP id vb8so18712638obc.11
for <bitcoin-development@lists.sourceforge.net>;
Mon, 02 Feb 2015 12:57:04 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.60.92.5 with SMTP id ci5mr13107309oeb.26.1422910624188; Mon,
02 Feb 2015 12:57:04 -0800 (PST)
Received: by 10.202.197.141 with HTTP; Mon, 2 Feb 2015 12:57:04 -0800 (PST)
In-Reply-To: <4B53C1B0-A677-4460-8A69-C45506424D7F@gmail.com>
References: <27395C55-CF59-4E65-83CA-73F903272C5F@gmail.com>
<54CE3816.6020505@bitwatch.co>
<68C03646-02E7-43C6-9B73-E4697F3AA5FD@gmail.com>
<CALkkCJbk0czFj5mdMB6_0+Umw5V-fo-4tdBHgvg92zhyRZWiYQ@mail.gmail.com>
<CANEZrP0QjPm+TTgV9Fh84vt2zLaGp0R2Wt2ZL2ZXYhxzOFPHVA@mail.gmail.com>
<CALkkCJYuM_T=_nfBOCF4S8XhVecUZA0ug==Y_n+qdFpb-F628g@mail.gmail.com>
<CANEZrP1QZqP6wSxcNJt81c4=xXLJsEsPF-CN71NZzwdOFSpB2A@mail.gmail.com>
<57186618-F010-42E6-A757-B617C4001B5B@gmail.com>
<F4C9E954-6A29-4A31-B09B-7F0B62270EF8@voskuil.org>
<4B53C1B0-A677-4460-8A69-C45506424D7F@gmail.com>
Date: Mon, 2 Feb 2015 22:57:04 +0200
Message-ID: <CAGKSKfW8seFosxzdSL-t8MJ4ewXPUpNh4BJQVVhMn4qPf_BtqQ@mail.gmail.com>
From: Joel Joonatan Kaartinen <joel.kaartinen@gmail.com>
To: Brian Erdelyi <brian.erdelyi@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b33d9744d4f43050e213200
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(joel.kaartinen[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YIO3R-0001ZE-LW
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2015 20:57:11 -0000
--047d7b33d9744d4f43050e213200
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
If the attacker has your desktop computer but not the mobile that's acting
as an independent second factor, how are you then supposed to be able to
tell you're not signing the correct transaction on the mobile? If the
address was replaced with the attacker's address, it'll look like
everything is ok.
- Joel
On Mon, Feb 2, 2015 at 9:58 PM, Brian Erdelyi <brian.erdelyi@gmail.com>
wrote:
>
> > Confusing or not, the reliance on multiple signatures as offering
> greater security than single relies on the independence of multiple
> secrets. If the secrets cannot be shown to retain independence in the
> envisioned threat scenario (e.g. a user's compromised operating system)
> then the benefit reduces to making the exploit more difficult to write,
> which, once written, reduces to no benefit. Yet the user still suffers th=
e
> reduced utility arising from greater complexity, while being led to belie=
ve
> in a false promise.
>
> Just trying to make sure I understand what you=E2=80=99re saying. Are yo=
u eluding
> to that if two of the three private keys get compromised there is no gain
> in security? Although the likelihood of this occurring is lower, it is
> possible.
>
> As more malware targets bitcoins I think the utility is evident. Given
> how final Bitcoin transactions are, I think it=E2=80=99s worth trying to =
find
> methods to help verify those transactions (if a user deems it to be
> high-risk enough) before the transaction is completed. The balance is
> trying to devise something that users do not find too burdensome.
>
> Brian Erdelyi
>
> -------------------------------------------------------------------------=
-----
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take =
a
> look and join the conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--047d7b33d9744d4f43050e213200
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">If the attacker has your desktop computer but not the mobi=
le that's acting as an independent second factor, how are you then supp=
osed to be able to tell you're not signing the correct transaction on t=
he mobile? If the address was replaced with the attacker's address, it&=
#39;ll look like everything is ok.<div><br></div><div>- Joel<br><div class=
=3D"gmail_extra"><br><div class=3D"gmail_quote">On Mon, Feb 2, 2015 at 9:58=
PM, Brian Erdelyi <span dir=3D"ltr"><<a href=3D"mailto:brian.erdelyi@gm=
ail.com" target=3D"_blank">brian.erdelyi@gmail.com</a>></span> wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex"><span class=3D""><br>
> Confusing or not, the reliance on multiple signatures as offering grea=
ter security than single relies on the independence of multiple secrets. If=
the secrets cannot be shown to retain independence in the envisioned threa=
t scenario (e.g. a user's compromised operating system) then the benefi=
t reduces to making the exploit more difficult to write, which, once writte=
n, reduces to no benefit. Yet the user still suffers the reduced utility ar=
ising from greater complexity, while being led to believe in a false promis=
e.<br>
<br>
</span>Just trying to make sure I understand what you=E2=80=99re saying.=C2=
=A0 Are you eluding to that if two of the three private keys get compromise=
d there is no gain in security?=C2=A0 Although the likelihood of this occur=
ring is lower, it is possible.<br>
<br>
As more malware targets bitcoins I think the utility is evident.=C2=A0 Give=
n how final Bitcoin transactions are, I think it=E2=80=99s worth trying to =
find methods to help verify those transactions (if a user deems it to be hi=
gh-risk enough) before the transaction is completed.=C2=A0 The balance is t=
rying to devise something that users do not find too burdensome.<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
Brian Erdelyi<br>
---------------------------------------------------------------------------=
---<br>
Dive into the World of Parallel Programming. The Go Parallel Website,<br>
sponsored by Intel and developed in partnership with Slashdot Media, is you=
r<br>
hub for all things parallel software development, from weekly thought<br>
leadership blogs to news, videos, case studies, tutorials and more. Take a<=
br>
look and join the conversation now. <a href=3D"http://goparallel.sourceforg=
e.net/" target=3D"_blank">http://goparallel.sourceforge.net/</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div></div></div>
--047d7b33d9744d4f43050e213200--
|