newbie
Activity: 14
Merit: 0
I find it strange that only casascius is voicing these concerns over your service. I'd like to state some thoughts that came to mind reading this thread.
The last 4 or 5 bytes of every bitcoin address is a checksum, you should be able to check that an address is valid the same way that the client does. Anything less would mean you're lazy.
Fair enough, this goes into the TODO-pile.
Really?
Really?This is such a common and trivial thing to do, any developer who has worked with bitcoin for 3 days will code it as an afterthought to his base58 decode function. It is
literally the difference between
def DecodeAddress(address):
hex = b58ToHex(address)
address = hex[0:-4]
return address
and
def DecodeAddress(address):
hex = b58ToHex(address)
address = hex[0:-4]
checksum = hex[-4:0]
if hash(address)[0:4] != checksum:
error "This is not a valid address"
return address
I've been a web app developer for years and I've worked at shops at all levels of, uh, evolution in the software development as engineering vs "code it, wrap it, ship it." This is also what raised the biggest red flag for me.
In any shop/group with a solid software development and quality assurance process, the revelation of the checksum thing would have been met (assuming embarrassment wasn't being concealed) with an "oh shit, I have NO idea how we could've overlooked that, but my partner himself just committed a fix, we all code reviewed it on Skype 30 min ago, and it'll be live by tonight" type response.
I'm not trying to be a pain, and I don't think casascuius is either, it's that sites like Bitcoin Fog are
really important and we want you to get them right. Thanks for even trying, BTW.
as of now, all payouts are mostly done from the same address
That seems strange, for an anonymizing service, but you plan on fixing that, so it should be okay.
"It should be okay." ...what. Those are not words you should be saying as a developer on BitcoinFog.
There is no hard logic to what you are proposing. If you or anyone else has any hard math on this, please provide it. We couldn't find any. And your answer only suggests that it "feels" secure to you, and you don't have any actual models of this.
I haven't seen you post any hard math, or hard logic. For example, you "feel" 28 addresses is more secure than 3. Maybe this is the case. Maybe it's bullshit. Did you do any calculations?
I'm gonna step up and say that I hope to fucking $deity that somebody running some of these services has done some of the shit you see in your discrete math / state machines / logic class in an undergrad CS curriculum, but beyond that:
mathematical proofs. I can't do that, I retook that fucking class twice, but I'd raise BTC and pay somebody who can if I were launching a coin mixer.
It's ironic - all this runs over Tor - have y'all read any of the
papers these guys write? About the holes in their
own system? There's very little "thinking it should be okay." Again - not to be mean - but be aware of the complexity of the problem you are trying to solve and that you
need mathematical assurance that you're selling something other than snake oil, if you give two shits about your users thinking they're anonymous by using your service, and then getting jailed, tortured, or killed because they were not.
[1]
http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf[2]
http://swiki.cc.gatech.edu:8080/ugResearch/uploads/7/ImprovingTor.pdf[3]
http://archives.seul.org/or/dev/Jul-2010/msg00021.html[4]
http://dl.acm.org/citation.cfm?doid=1029179.1029199[5]
http://link.springer.com/chapter/10.1007%2F978-3-642-14527-8_10[6]
http://link.springer.com/chapter/10.1007%2F978-3-642-14527-8_11[7]
https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise (hell, even the blog posts involve a ton of thought about security)
For further light reading, here is a bibliography on the topic of digital anonymity which starts in 1977:
http://freehaven.net/anonbib/#DBLP:conf/ccs/EdmanS09In summary: I think your service does some things right (e.g. the having no public IP, only connecting through tor), while other things seem a bit strange. The core though remains, that you've shattered all my trust in your skills at the very beginning, when you didn't implement a core safety mechanism, which is trivial to implement but paramount to prevent mistakes. This mistake, along with your attitude about it the ~5 posts after that, leads me to question a lot of other things about your service, which I might normally assume to be secure/obvious. I can see that casascius's reasoning is similar. (casascius: correct me if I'm wrong)
+1. Thank you, thank you, thank you for trying.
Now throw it away and write it again, with proofs, and open source the fucker so there are a million coin mixers.
