From: Adam Back <adam@cypherspace•org>
To: Wladimir <laanwj@gmail•com>
Cc: Bitcoin Dev <bitcoin-development@lists•sourceforge.net>
Subject: [Bitcoin-development] mid-term bitcoin security (Re: Warning message when running wallet in Windows XP (or drop support?))
Date: Wed, 16 Apr 2014 13:06:27 +0200 [thread overview]
Message-ID: <20140416110627.GA8131@netbook.cypherspace.org> (raw)
In-Reply-To: <CA+s+GJB6aThjpMOUodK2Uc-jw=x6rSuRyX5gqsS+mK=DxJ7N5g@mail.gmail.com>
Big picture/mid-term I think air-gaps and zero-trust ecosystem components
are the only solution. (zero-trust meaning like real-time auditability, or
type 2/type 3 exchanges based on atomic-swap, trustless escrow etc).
Need a mass-production and air-drop of trezors :)
There is one more problem address-substitution via untrusted network/user
and weak site with 1mil lines of swiss-cheese security app-store. So some
kind of address authentication TOFU. Aside from X509 bloatware which could
be extended from payment protocol to do that, I'd argue for a native simple
TOFU format like Alan Reiner's multiplier * base approach (where base is the
TOFU handle). And/or something like the IBE address proposal (which gives a
bandwidth efficiently SPV queryable way to check if funds received). Worst
case if weil-pairing gets broken it auto-devolves to the current status
quo.
Btw not to reignite the stealth vs reusable address bike shedding, but
contrarily I was thinking it maybe actually better to try to rebrand address
as "invoice number". People understand double paying an invoice is not a
good idea. And if they receive the same invoice twice they'll query it.
Adam
On Wed, Apr 16, 2014 at 11:41:48AM +0200, Wladimir wrote:
> On Wed, Apr 16, 2014 at 10:45 AM, Melvin Carvalho
> <[1]melvincarvalho@gmail•com> wrote:
>
> XP with a trezor would work fine tho?
>
> Probably - but that's a very rare edge case. People that are security
> conscious enough to buy a Trezor will not run XP. Also I don't dare to
> say that there is not some way to sociaal-engineer the user with
> malware on a compromised OS even with a trezor.
> Maybe: for 0.9.2 add a warning message and push people to upgrade
> (either to Win8.1 or something else), then in the next major release
> 0.10.0 drop XP support completely.
> Wladimir
>
>References
>
> 1. mailto:melvincarvalho@gmail•com
>------------------------------------------------------------------------------
>Learn Graph Databases - Download FREE O'Reilly Book
>"Graph Databases" is the definitive new guide to graph databases and their
>applications. Written by three acclaimed leaders in the field,
>this first edition is now available. Download your free book today!
>http://p.sf.net/sfu/NeoTech
>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development@lists•sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development
next prev parent reply other threads:[~2014-04-16 11:06 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-16 8:14 [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?) Wladimir
2014-04-16 8:45 ` Melvin Carvalho
2014-04-16 9:41 ` Wladimir
2014-04-16 11:06 ` Adam Back [this message]
2014-04-18 14:26 ` [Bitcoin-development] mid-term bitcoin security (Re: Warning message when running wallet in Windows XP (or drop support?)) Jeff Garzik
2014-04-18 14:39 ` Justus Ranvier
2014-04-16 15:12 ` [Bitcoin-development] Warning message when running wallet in Windows XP (or drop support?) Kevin
2014-04-16 15:20 ` Pieter Wuille
2014-04-16 15:28 ` Wladimir
2014-04-16 16:27 ` Kevin
2014-04-16 16:35 ` Mark Friedenbach
2014-04-16 16:41 ` Chris Williams
2014-04-16 16:44 ` Mark Friedenbach
2014-04-16 16:50 ` Chris Williams
2014-04-16 18:59 ` Kevin
2014-04-16 19:43 ` Adam Back
2014-04-16 20:42 ` Roy Badami
2014-04-16 21:10 ` Laszlo Hanyecz
2014-04-16 21:29 ` Kevin
2014-04-16 21:39 ` Mark Friedenbach
2014-04-16 22:00 ` Pieter Wuille
2014-04-16 15:23 ` Mark Friedenbach
2014-04-16 22:06 ` Gregory Maxwell
2014-04-17 7:39 ` Wladimir
[not found] ` <CACKnu1prEkZb5L4bGeKfjHtW+1CLmAuYr2-OWq0z5z+SvxhLTg@mail.gmail.com>
2014-04-17 7:27 ` Wladimir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140416110627.GA8131@netbook.cypherspace.org \
--to=adam@cypherspace$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=laanwj@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox