1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
Delivery-date: Sat, 06 Apr 2024 23:19:15 -0700
Received: from mail-yb1-f184.google.com ([209.85.219.184])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCQ6HM7U3YGRBWXVZCYAMGQEJ6MB4TI@googlegroups.com>)
id 1rtLs2-0005iN-TM
for bitcoindev@gnusha.org; Sat, 06 Apr 2024 23:19:15 -0700
Received: by mail-yb1-f184.google.com with SMTP id 3f1490d57ef6-dc3645a6790sf5792074276.0
for <bitcoindev@gnusha.org>; Sat, 06 Apr 2024 23:19:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1712470748; x=1713075548; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=bAAfbuoLDAfCidP1wWeNeJZwhHDRw6Xk7hmiBiM4QZY=;
b=SnkowfZ7rBRwcc3KCkmcnNliGsRl48KyN8VqFXp8sm6UJxiVPleGeRuZDKvwopChol
332SjyHJ2Ro7f9nsSNFbW/K+rZ8xeRbGShn/IBnakvDnEhQwak41N7UWi9RBGiXdYJkO
lORP659xDmbmCfBGNsWH59rmr/uchImbVP8H1gVZA0j+zZ9Lzg+okRvR50bPWCEHrugG
UBLdY55uO0b2oAiK3jotR0JBIwGbpvne6F0iielL0N2I/1LN+nUwM1+FjFrVp/w+nV7n
iAhO2nWuoQPV3TMfwmwBEIpK5eoEm79jHF85p0wiBk87fIa/jIVnkzfv+m9O4TZew9NL
bE2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1712470748; x=1713075548;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=bAAfbuoLDAfCidP1wWeNeJZwhHDRw6Xk7hmiBiM4QZY=;
b=gALitx3aEcNiJIgVAoK2Oa4mDPy+XgQKtmgKnAIrjKZZmAD40YOv7dVZvLlro2Y9V3
fSJl4exmPbMbTjtXrIRBuG6deMnrNlLGcbN4etl1Y8a8G3+lLxMuhjz/AGkFTvr4Myvn
u8ceL731wbsMB2aXmPoSdXKgc6//bSRwd5BdyGKx7LBwtW0FSn6Hke5oyc17nX33Lje3
r3ZEeen3VdpoktuRI/agmD1OvJXnaaNb9sxcTE0gr9LL5IZtwV+UXgHQh7NNunhtUUcV
QhUGKgXloKjEi31uDg74cQcchcglnvSLJatZoLJaGNMaT6RwcWE/0FUBsCRoDoSJzk3C
p8vw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCXw4Q+B0OG1x2wDejMeT+x1bj3ptOra3SdZV0TybTW7oHEapt16aJv+H8PApc2fkl6Y7Iy96MstbWTuLYeMS0HQK445+6Q=
X-Gm-Message-State: AOJu0Yy8Ut26FCFL+6IfhgIkGBxnO7EuiptiHSqYywTnRcuvs3ghII5k
J/xl4M0HOV4x+l6M0rlsQMO/HQQvU+Smum5B+bbWoVFx+ZXTF9+J
X-Google-Smtp-Source: AGHT+IGoc2uZ43qyxNygYpkT3ha2Fyvde3at0VH8yTH5WlBO1j0r6fkkCcWQ+Rm+R8fJBV0+JmOc0w==
X-Received: by 2002:a25:f307:0:b0:dd1:7a2c:95c3 with SMTP id c7-20020a25f307000000b00dd17a2c95c3mr4492114ybs.36.1712470748187;
Sat, 06 Apr 2024 23:19:08 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a25:70c5:0:b0:dc7:4417:ec4e with SMTP id l188-20020a2570c5000000b00dc74417ec4els1384603ybc.1.-pod-prod-04-us;
Sat, 06 Apr 2024 23:19:06 -0700 (PDT)
X-Received: by 2002:a0d:d7c4:0:b0:617:fdc5:a135 with SMTP id z187-20020a0dd7c4000000b00617fdc5a135mr251569ywd.6.1712470746735;
Sat, 06 Apr 2024 23:19:06 -0700 (PDT)
Received: by 2002:a05:690c:d89:b0:615:6ba5:7389 with SMTP id 00721157ae682-617c8099b2ems7b3;
Sat, 6 Apr 2024 22:57:17 -0700 (PDT)
X-Received: by 2002:a0d:db43:0:b0:615:3262:ffa0 with SMTP id d64-20020a0ddb43000000b006153262ffa0mr1586915ywe.9.1712469436622;
Sat, 06 Apr 2024 22:57:16 -0700 (PDT)
Date: Sat, 6 Apr 2024 22:57:16 -0700 (PDT)
From: Ali Sherief <ali@notatether.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <a358aaac-62d5-4d30-a599-40c94da66c4fn@googlegroups.com>
Subject: [bitcoindev] Security implications of using pseudorandom JSON-RPC IDs
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_253938_1775543737.1712469436286"
X-Original-Sender: ali@notatether.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.7 (/)
------=_Part_253938_1775543737.1712469436286
Content-Type: multipart/alternative;
boundary="----=_Part_253939_703445326.1712469436286"
------=_Part_253939_703445326.1712469436286
Content-Type: text/plain; charset="UTF-8"
I am trying to figure out how the Bitcoin Core RPC server stores the
UniValue JSON-RPC requests.
The reason being is because I have an application that uses pseudorandom
IDs for the JSON-RPC calls, and I'm trying to make sure that Core isn't
going to send me someone else's JSON-RPC response if somebody else happens
to be making a request with that ID at the same instant, which could be a
potential security issue.
So far I don't have any leads on the Github codebase yet, but I'm still
looking.
Anyway I would appreciate if someone would clarify this topic for me.
---
Ali
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/a358aaac-62d5-4d30-a599-40c94da66c4fn%40googlegroups.com.
------=_Part_253939_703445326.1712469436286
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
I am trying to figure out how the Bitcoin Core RPC server stores the UniVal=
ue JSON-RPC requests.<div><br /></div><div>The reason being is because I ha=
ve an application that uses pseudorandom IDs for the JSON-RPC calls, and I'=
m trying to make sure that Core isn't going to send me someone else's JSON-=
RPC response if somebody else happens to be making a request with that ID a=
t the same instant, which could be a potential security issue.</div><div><b=
r /></div><div>So far I don't have any leads on the Github codebase yet, bu=
t I'm still looking.</div><div><br /></div><div>Anyway I would appreciate i=
f someone would clarify this topic for me.</div><div><br /></div><div>---</=
div><div>Ali</div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/a358aaac-62d5-4d30-a599-40c94da66c4fn%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/a358aaac-62d5-4d30-a599-40c94da66c4fn%40googlegroups.com</a>.=
<br />
------=_Part_253939_703445326.1712469436286--
------=_Part_253938_1775543737.1712469436286--
|