1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <brian.erdelyi@gmail.com>) id 1YIO9v-0006tI-EI
for bitcoin-development@lists.sourceforge.net;
Mon, 02 Feb 2015 21:03:51 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.192.53 as permitted sender)
client-ip=209.85.192.53; envelope-from=brian.erdelyi@gmail.com;
helo=mail-qg0-f53.google.com;
Received: from mail-qg0-f53.google.com ([209.85.192.53])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YIO9u-0003Fn-5a
for bitcoin-development@lists.sourceforge.net;
Mon, 02 Feb 2015 21:03:51 +0000
Received: by mail-qg0-f53.google.com with SMTP id a108so49433869qge.12
for <bitcoin-development@lists.sourceforge.net>;
Mon, 02 Feb 2015 13:03:44 -0800 (PST)
X-Received: by 10.224.96.196 with SMTP id i4mr39245631qan.44.1422911024544;
Mon, 02 Feb 2015 13:03:44 -0800 (PST)
Received: from [192.168.1.58] ([64.147.83.112])
by mx.google.com with ESMTPSA id
107sm19325261qgf.21.2015.02.02.13.03.43
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Mon, 02 Feb 2015 13:03:43 -0800 (PST)
Content-Type: multipart/alternative;
boundary="Apple-Mail=_4BBF5A5A-AB52-4F57-94FF-F05D134270D8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Brian Erdelyi <brian.erdelyi@gmail.com>
In-Reply-To: <CAGKSKfW8seFosxzdSL-t8MJ4ewXPUpNh4BJQVVhMn4qPf_BtqQ@mail.gmail.com>
Date: Mon, 2 Feb 2015 17:03:42 -0400
Message-Id: <CB45FC36-3B3E-486D-95FE-596D7380C3D2@gmail.com>
References: <27395C55-CF59-4E65-83CA-73F903272C5F@gmail.com>
<54CE3816.6020505@bitwatch.co>
<68C03646-02E7-43C6-9B73-E4697F3AA5FD@gmail.com>
<CALkkCJbk0czFj5mdMB6_0+Umw5V-fo-4tdBHgvg92zhyRZWiYQ@mail.gmail.com>
<CANEZrP0QjPm+TTgV9Fh84vt2zLaGp0R2Wt2ZL2ZXYhxzOFPHVA@mail.gmail.com>
<CALkkCJYuM_T=_nfBOCF4S8XhVecUZA0ug==Y_n+qdFpb-F628g@mail.gmail.com>
<CANEZrP1QZqP6wSxcNJt81c4=xXLJsEsPF-CN71NZzwdOFSpB2A@mail.gmail.com>
<57186618-F010-42E6-A757-B617C4001B5B@gmail.com>
<F4C9E954-6A29-4A31-B09B-7F0B62270EF8@voskuil.org>
<4B53C1B0-A677-4460-8A69-C45506424D7F@gmail.com>
<CAGKSKfW8seFosxzdSL-t8MJ4ewXPUpNh4BJQVVhMn4qPf_BtqQ@mail.gmail.com>
To: Joel Joonatan Kaartinen <joel.kaartinen@gmail.com>
X-Mailer: Apple Mail (2.2070.6)
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(brian.erdelyi[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YIO9u-0003Fn-5a
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal to address Bitcoin malware
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 02 Feb 2015 21:03:51 -0000
--Apple-Mail=_4BBF5A5A-AB52-4F57-94FF-F05D134270D8
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Joel,
The mobile device should show you the details of the transaction (i.e. =
amount and bitcoin address). Once you verify this is the intended =
recipient and amount you approve it on the mobile device. If the =
address was replaced, you should see this on the mobile device as it =
won=E2=80=99t match where you were intending to send it. You can then =
not provide the second signature.
Brian Erdelyi
> On Feb 2, 2015, at 4:57 PM, Joel Joonatan Kaartinen =
<joel.kaartinen@gmail.com> wrote:
>=20
> If the attacker has your desktop computer but not the mobile that's =
acting as an independent second factor, how are you then supposed to be =
able to tell you're not signing the correct transaction on the mobile? =
If the address was replaced with the attacker's address, it'll look like =
everything is ok.
>=20
> - Joel
>=20
> On Mon, Feb 2, 2015 at 9:58 PM, Brian Erdelyi <brian.erdelyi@gmail.com =
<mailto:brian.erdelyi@gmail.com>> wrote:
>=20
> > Confusing or not, the reliance on multiple signatures as offering =
greater security than single relies on the independence of multiple =
secrets. If the secrets cannot be shown to retain independence in the =
envisioned threat scenario (e.g. a user's compromised operating system) =
then the benefit reduces to making the exploit more difficult to write, =
which, once written, reduces to no benefit. Yet the user still suffers =
the reduced utility arising from greater complexity, while being led to =
believe in a false promise.
>=20
> Just trying to make sure I understand what you=E2=80=99re saying. Are =
you eluding to that if two of the three private keys get compromised =
there is no gain in security? Although the likelihood of this occurring =
is lower, it is possible.
>=20
> As more malware targets bitcoins I think the utility is evident. =
Given how final Bitcoin transactions are, I think it=E2=80=99s worth =
trying to find methods to help verify those transactions (if a user =
deems it to be high-risk enough) before the transaction is completed. =
The balance is trying to devise something that users do not find too =
burdensome.
>=20
> Brian Erdelyi
> =
--------------------------------------------------------------------------=
----
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, =
is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. =
Take a
> look and join the conversation now. http://goparallel.sourceforge.net/ =
<http://goparallel.sourceforge.net/>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net =
<mailto:Bitcoin-development@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development =
<https://lists.sourceforge.net/lists/listinfo/bitcoin-development>
>=20
--Apple-Mail=_4BBF5A5A-AB52-4F57-94FF-F05D134270D8
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">Joel,<div class=3D""><br class=3D""></div><div class=3D"">The =
mobile device should show you the details of the transaction (i.e. =
amount and bitcoin address). Once you verify this is the intended =
recipient and amount you approve it on the mobile device. If the =
address was replaced, you should see this on the mobile device as it =
won=E2=80=99t match where you were intending to send it. You can =
then not provide the second signature.</div><div class=3D""><br =
class=3D""></div><div class=3D"">Brian Erdelyi</div><div class=3D""><br =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On =
Feb 2, 2015, at 4:57 PM, Joel Joonatan Kaartinen <<a =
href=3D"mailto:joel.kaartinen@gmail.com" =
class=3D"">joel.kaartinen@gmail.com</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><div dir=3D"ltr" =
class=3D"">If the attacker has your desktop computer but not the mobile =
that's acting as an independent second factor, how are you then supposed =
to be able to tell you're not signing the correct transaction on the =
mobile? If the address was replaced with the attacker's address, it'll =
look like everything is ok.<div class=3D""><br class=3D""></div><div =
class=3D"">- Joel<br class=3D""><div class=3D"gmail_extra"><br =
class=3D""><div class=3D"gmail_quote">On Mon, Feb 2, 2015 at 9:58 PM, =
Brian Erdelyi <span dir=3D"ltr" class=3D""><<a =
href=3D"mailto:brian.erdelyi@gmail.com" target=3D"_blank" =
class=3D"">brian.erdelyi@gmail.com</a>></span> wrote:<br =
class=3D""><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 =
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=3D""><br =
class=3D"">
> Confusing or not, the reliance on multiple signatures as offering =
greater security than single relies on the independence of multiple =
secrets. If the secrets cannot be shown to retain independence in the =
envisioned threat scenario (e.g. a user's compromised operating system) =
then the benefit reduces to making the exploit more difficult to write, =
which, once written, reduces to no benefit. Yet the user still suffers =
the reduced utility arising from greater complexity, while being led to =
believe in a false promise.<br class=3D"">
<br class=3D"">
</span>Just trying to make sure I understand what you=E2=80=99re =
saying. Are you eluding to that if two of the three private keys =
get compromised there is no gain in security? Although the =
likelihood of this occurring is lower, it is possible.<br class=3D"">
<br class=3D"">
As more malware targets bitcoins I think the utility is evident. =
Given how final Bitcoin transactions are, I think it=E2=80=99s worth =
trying to find methods to help verify those transactions (if a user =
deems it to be high-risk enough) before the transaction is =
completed. The balance is trying to devise something that users do =
not find too burdensome.<br class=3D"">
<div class=3D"HOEnZb"><div class=3D"h5"><br class=3D"">
Brian Erdelyi<br class=3D"">
=
--------------------------------------------------------------------------=
----<br class=3D"">
Dive into the World of Parallel Programming. The Go Parallel Website,<br =
class=3D"">
sponsored by Intel and developed in partnership with Slashdot Media, is =
your<br class=3D"">
hub for all things parallel software development, from weekly thought<br =
class=3D"">
leadership blogs to news, videos, case studies, tutorials and more. Take =
a<br class=3D"">
look and join the conversation now. <a =
href=3D"http://goparallel.sourceforge.net/" target=3D"_blank" =
class=3D"">http://goparallel.sourceforge.net/</a><br class=3D"">
_______________________________________________<br class=3D"">
Bitcoin-development mailing list<br class=3D"">
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" =
class=3D"">Bitcoin-development@lists.sourceforge.net</a><br class=3D"">
<a =
href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development" =
target=3D"_blank" =
class=3D"">https://lists.sourceforge.net/lists/listinfo/bitcoin-developmen=
t</a><br class=3D"">
</div></div></blockquote></div><br class=3D""></div></div></div>
</div></blockquote></div><br class=3D""></div></body></html>=
--Apple-Mail=_4BBF5A5A-AB52-4F57-94FF-F05D134270D8--
|
