summaryrefslogtreecommitdiff
path: root/91/b49c61a5b0522764e7d15f3979e3779b1d3bdd
blob: d616c99c8dd67492fe8f6842f2de1af5eff7f588 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <hozer@grid.coop>) id 1XL8s1-0005kC-9r
	for bitcoin-development@lists.sourceforge.net;
	Sat, 23 Aug 2014 10:48:29 +0000
X-ACL-Warn: 
Received: from nl.grid.coop ([50.7.166.116])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1XL8rp-0002Lx-M0 for bitcoin-development@lists.sourceforge.net;
	Sat, 23 Aug 2014 10:48:29 +0000
Received: from localhost (localhost [127.0.0.1]) (uid 1000)
	by nl.grid.coop with local; Sat, 23 Aug 2014 01:39:06 -0500
	id 000000000006E277.0000000053F8370A.00004D3A
Date: Sat, 23 Aug 2014 01:39:06 -0500
From: Troy Benjegerdes <hozer@hozed.org>
To: Mike Hearn <mike@plan99.net>
Message-ID: <20140823063906.GS22640@nl.grid.coop>
References: <c45a638f1e1640fe84bef01d12cda4c3@hotmail.com>
	<BLU402-EAS2546AD6C97DCED8FCE9C04CC6D20@phx.gbl>
	<CAACjpwKX9cwowiCruP9xw2UiqfsVXVC1TdKvA1HbQZ6UZ6qBsA@mail.gmail.com>
	<CANEZrP0WC2XL3Z0==BMjhWJuA8DgxBKUMKMdhh267JXduCZ0KQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
In-Reply-To: <CANEZrP0WC2XL3Z0==BMjhWJuA8DgxBKUMKMdhh267JXduCZ0KQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Spam-Score: 0.4 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
	-0.7 RP_MATCHES_RCVD Envelope sender domain matches handover relay
	domain
X-Headers-End: 1XL8rp-0002Lx-M0
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Proposal: Encrypt bitcoin messages
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 23 Aug 2014 10:48:29 -0000

I think it's a little disingenuous to talk about encrypting the P2P protocol
as a security improvement, when all the organized crime agencies need to do is
borrow a Fedex/UPS truck and deliver some laptops to Github employees and they
can insert whatever monitoring/0-day they want.

Encryption is complicated stuff to actually **get right**, and the more stuff
you throw crypto around, the more likely it is you'll get a Heartbleed 0-day

If you want to increase security, make it simpler. I'm not even sure it can
be easily simplified... how could you separate the P2P network transport from
the core blockchain functionality?

On Wed, Aug 20, 2014 at 04:37:24PM +0200, Mike Hearn wrote:
> I would be very happy if we upgraded the P2P protocol with MAC keys and a
> simple home grown encryption layer, because:
> 
>    1. It's practically guaranteed that 5-eyes intelligence agencies are
>    either systematically deanonymising Bitcoin users already (linking
>    transactions to real world identities) or close to succeeding. Peter is
>    correct. Given the way their infrastructure works, encrypting link level
>    traffic would significantly raise the bar to such attacks. Quite possibly
>    to the level where it's deemed unprofitable to continue.
> 
>    2. Tor is not a complete solution. The most interesting links to monitor
>    are those from SPV clients connecting to Core nodes. Whilst Java SPV
>    clients have the nice option of an easy bundled Tor client (er, once we fix
>    the last bugs) clients that are not based on bitcoinj would have to use the
>    full-blown Tor client, which is not only a PITA to bundle as Tor is not at
>    all library-fied, but is a giant pile of C which is almost certainly
>    exploitable. Even if it runs in a separate address space, for many
>    platforms this is insufficient as a compromised Tor client could then go
>    ahead and compromise your wallet app too.
> 
> Implementing a full Tor client is not a reasonable thing to ask of a wallet
> developer, but doing HMAC checks and a simple ECDH exchange + AES would be
> quite realistic.

> ------------------------------------------------------------------------------
> Slashdot TV.  
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/

> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


-- 
----------------------------------------------------------------------------
Troy Benjegerdes                 'da hozer'                  hozer@hozed.org
7 elements      earth::water::air::fire::mind::spirit::soul        grid.coop

      Never pick a fight with someone who buys ink by the barrel,
         nor try buy a hacker who makes money by the megahash