Can Bitcoin wallets be trusted? - page 3.

pirsquared

member

Activity: 109

Merit: 10

Quote from: hilariousandco on July 12, 2014, 01:23:47 PM

It's possible you could download a client that someone has modified or compiled to steal your coins so that's why it's a good idea to only download them from secure/trusted sources. You could test out any new client or pc by sennding a small amount there and if it gets stolen straight away you know it's not safe.

This is possible and has been done.

CEG5952

hero member

Activity: 658

Merit: 500

Buy and sell bitcoins,

Quote from: R2D221 on July 12, 2014, 07:34:43 PM

Quote from: InwardContour on July 12, 2014, 03:54:35 PM

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store?

This is why I would rely only on a PGP signature. In theory, it can only be generated by the owner of the corresponding private key. So if you trust the developer (of say, Multibit or Electrum), the signature verifies the integrity of the file and shows that the key owner vouches for the file contents. That's pretty much as good as it gets.

ar9

sr. member

Activity: 352

Merit: 250

Depends on the wallet.

Sometimes I wish I could change my username to CptObvious.

R2D221

hero member

Activity: 658

Merit: 500

Quote from: InwardContour on July 12, 2014, 03:54:35 PM

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store?

CEG5952

hero member

Activity: 658

Merit: 500

Buy and sell bitcoins,

Quote from: joshraban76 on July 12, 2014, 01:44:54 PM

It is probably a good idea to check the md5 hash for wallets. Even then if the site itself were to be compromised the attacker could just change that as well. I think it is a serious concern though. hilariousandco suggestion might be the safest bet. I started off dealing with extremely small amounts so it wasn't a huge concern at the time for me.

Checking the MD5 really just ensures that the file is the right size (data has not been lost/corrupted) and integrity maintained after download. Potentially, an attacker who hacks the site or executes a MITM attack could change the MD5 checksum to match the compromised file.

I prefer a PGP signature. MultiBit provides this, for instance.

franky1

legendary

Activity: 4270

Merit: 4534

Quote from: InwardContour on July 12, 2014, 03:54:35 PM

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

typical geek answer. so this is what you would reply with if your grandma asked the question, just before she went and downloaded a wallet from a website she never personally heard of but had been told by a friend to go there...

InwardContour

sr. member

Activity: 644

Merit: 260

Quote from: Anders on July 12, 2014, 01:11:44 PM

The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

joshraban76

sr. member

Activity: 252

Merit: 250

It is probably a good idea to check the md5 hash for wallets. Even then if the site itself were to be compromised the attacker could just change that as well. I think it is a serious concern though. hilariousandco suggestion might be the safest bet. I started off dealing with extremely small amounts so it wasn't a huge concern at the time for me.

hilariousandco

global moderator

Activity: 3850

Merit: 2643

Join the world-leading crypto sportsbook NOW!

It's possible you could download a client that someone has modified or compiled to steal your coins so that's why it's a good idea to only download them from secure/trusted sources. You could test out any new client or pc by sennding a small amount there and if it gets stolen straight away you know it's not safe.

Anders

full member

Activity: 126

Merit: 100

The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?

Topic: Can Bitcoin wallets be trusted? - page 3. (Read 3788 times)