Where would you verify that? On 2/3/2015 10:03 AM, Brian Erdelyi wrote: > Joel, > > The mobile device should show you the details of the transaction (i.e. > amount and bitcoin address). Once you verify this is the intended > recipient and amount you approve it on the mobile device. If the > address was replaced, you should see this on the mobile device as it > won’t match where you were intending to send it. You can then not > provide the second signature. > > Brian Erdelyi > >> On Feb 2, 2015, at 4:57 PM, Joel Joonatan Kaartinen >> > wrote: >> >> If the attacker has your desktop computer but not the mobile that's >> acting as an independent second factor, how are you then supposed to >> be able to tell you're not signing the correct transaction on the >> mobile? If the address was replaced with the attacker's address, >> it'll look like everything is ok. >> >> - Joel >> >> On Mon, Feb 2, 2015 at 9:58 PM, Brian Erdelyi >> > wrote: >> >> >> > Confusing or not, the reliance on multiple signatures as >> offering greater security than single relies on the independence >> of multiple secrets. If the secrets cannot be shown to retain >> independence in the envisioned threat scenario (e.g. a user's >> compromised operating system) then the benefit reduces to making >> the exploit more difficult to write, which, once written, reduces >> to no benefit. Yet the user still suffers the reduced utility >> arising from greater complexity, while being led to believe in a >> false promise. >> >> Just trying to make sure I understand what you’re saying. Are >> you eluding to that if two of the three private keys get >> compromised there is no gain in security? Although the >> likelihood of this occurring is lower, it is possible. >> >> As more malware targets bitcoins I think the utility is evident. >> Given how final Bitcoin transactions are, I think it’s worth >> trying to find methods to help verify those transactions (if a >> user deems it to be high-risk enough) before the transaction is >> completed. The balance is trying to devise something that users >> do not find too burdensome. >> >> Brian Erdelyi >> ------------------------------------------------------------------------------ >> Dive into the World of Parallel Programming. The Go Parallel Website, >> sponsored by Intel and developed in partnership with Slashdot >> Media, is your >> hub for all things parallel software development, from weekly thought >> leadership blogs to news, videos, case studies, tutorials and >> more. Take a >> look and join the conversation now. >> http://goparallel.sourceforge.net/ >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development