Author

Topic: Certificate Renewal or Man-in-the-middle attack? (Read 198 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
February 15, 2024, 06:54:39 AM
#14
Regarding your original question, it seems it's already answered on Sparrow Wallet FAQ.

I’m getting a “man-in-the-middle” certificate warning when connecting

This is an SSL error, mostly likely due to an expired certificate. If you are using a public server, it may simply be that the certificate has been replaced, in which case it is safe to proceed. Otherwise, it may make sense to be cautious, especially if you are connecting over a public wifi. To find the existing certificate, look in the certs folder of Sparrow home for a file with the same name as the URL of the server. You can delete that file to clear Sparrow’s record of the SSL cert. It will download the cert again on reconnection.

An expired certificate is not the only way you'll get a warning when connecting to Sparrow Wallet. Also if the certificate being served is for a different hostname than the one that the wallet is making the request to, the validation will fail and you will also get this recording.

SSH was (and still is) very big about this back in the day. That's why it always shows you the fingerprint before you connect to a server and even makes you type "Yes" or click OK before proceeding, and a lot of software has copied it. It is something that Sparrow should also do tbh. With a checkbox to "don't show this again" of course.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Regarding your original question, it seems it's already answered on Sparrow Wallet FAQ.

I tried accessing the website from browser and got different error.

Quote
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for electrum.diynodes.com. The certificate is only valid for api.testnet.diynodes.com.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

It looks like owner of that domain doesn't configure SSL certificate properly. And after i choose to proceed, it shows 504 Gateway timeout. I don't think it's dangerous to click yes, but you better use properly configured Electrum server.
Got it, thank you for checking with Firefox. Is there a rule of thumb for which public servers are safe to go with?

I never see anyone create or share such rule of thumb. List of server on Electrum wallet actually list server which has been online for long time, excluding known malicious node. And IIRC Sparrow already manually choose 5 or 6 public Electrum server that seems trustworthy.

If I run my own bitcoin node, will my sparrow wallet still be compromised from connecting to public servers in the past?

Most likely no. If they compromise your wallet in past, they usually would take everything you have back then.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Currently I have the most air gapped solution where my cold storage hasn't once been connected to my laptop at any point.
In that case, it's completely safe.
That's considering that you haven't exported any of your air-gap wallet's private key, even one.
Because if you do, if compromised, it can be used together with the extended public key in the online machine to compute all of your other private keys.
Otherwise, it's safe.

Is my sparrow wallet at all compromised for having connected to public servers in the past? If so, is there anything I can do to ensure my funds don't get stolen via man in the middle attack once I set up my own node? (i.e. delete and reinstall Sparrow) Currently I have the most air gapped solution where my cold storage hasn't once been connected to my laptop at any point. Thank you for the help!
The public server and the MITM attacker don't have access to users' private keys even in a non-air-gap setup anyways.
All it can access are privacy-related data which are your transactions and addresses, and as you know it, fake the data that you receive.
SPV wallets sign transactions locally.
(this is considering Sparrow doesn't have bugs that will lead to the attacker to intercept the private key in another way, so keep it air-gap)

The warnings about it's unsafe to access your air-gap machine (PC) in an online environment is because that will defeat its purpose.
It may or may still be safe depending on the online device's security but it's not "air-gap" anymore once connected to the internet even after disconnection.
newbie
Activity: 5
Merit: 1
When I open Sparrow, I receive a popup titled "SSL Handshake Failed". The message says "The certificate provided by the server at electrum.diynodes.com appears to have changed. This may be simply due to a certificate renewal, or it may indicate a man-in-the-middle attack. Do you still want to proceed?".

Has anyone else gotten this? Is it safe to click Yes and proceed? Is it safe to connect my cold storage to my computer and/or conduct a transaction? Thank you in advance

You can check  electrum.diynodes.com  certificate on sslchecker. It flags Missing Root certificate  for given server and it would be a red flag for me.

I never connect my Sparrow to any public server as I use my own Bitcoin Core node.

Thus, I encourage you to  act  in  the same way.

" Better safe than sorry"

Thank you so much for sharing that link. I've checked every public server so far on SSL Checker, and of the ones that return results, they all show a missing root certificate. I will definitely migrate to my own Bitcoin Core node.

Is my sparrow wallet at all compromised for having connected to public servers in the past? If so, is there anything I can do to ensure my funds don't get stolen via man in the middle attack once I set up my own node? (i.e. delete and reinstall Sparrow) Currently I have the most air gapped solution where my cold storage hasn't once been connected to my laptop at any point. Thank you for the help!
newbie
Activity: 5
Merit: 1
I tried accessing the website from browser and got different error.

Quote
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for electrum.diynodes.com. The certificate is only valid for api.testnet.diynodes.com.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

It looks like owner of that domain doesn't configure SSL certificate properly. And after i choose to proceed, it shows 504 Gateway timeout. I don't think it's dangerous to click yes, but you better use properly configured Electrum server.

Got it, thank you for checking with Firefox. Is there a rule of thumb for which public servers are safe to go with? If I run my own bitcoin node, will my sparrow wallet still be compromised from connecting to public servers in the past?

Thank you!
newbie
Activity: 5
Merit: 1
When you connect to a new server, the wallet creates the server certificate and keeps it, and when any change occurs, this error appears. Therefore, if you do not change the server or do not trust electrum.diynodes.com, click on No and go to file, Preferences, Server tab


That server is managed by https://twitter.com/openoms, and I don't think there will be a problem by clicking Yes.


Thank you for clarifying. I likely did receive the popup due to connecting to a new server as you mentioned.

A few questions for you:
  • How were you able to verify this server is managed by openoms?
  • How do you know it's still safe to connect to? I ask because after checking this server on sslchecker.com it appears this server's root certificate is missing which was flagged as a red flag by others who responded to my post.
Thank you for all the help!
legendary
Activity: 2730
Merit: 7065
I do not own electrum.diynodes.com and have never heard of it until the popup that I received.
Then there is no reason that you have to stick with that electrum.diynodes server that is causing those Sparrow error messages. Go into the settings menu and pick a different one. If you have plans to run your own Bitcoin Node, you don't have to worry about Electrum servers anymore, as you are going to be using the Bitcoin Core client.
newbie
Activity: 5
Merit: 1
I don't know what caused this issue but are you using a VPN while using Sparrow? It won't be safe if you proceed better report this issue since I never heard someone had the same issue.

Do you own this electrum.diynodes.com or this is what you paste under private electrum?
It seems you need to enable SSL on the settings or provide the server certificate.

Check their GitHub page below and make a report issue.

- https://github.com/sparrowwallet/sparrow/issues



Sometimes I have VPN turned on. I do not own electrum.diynodes.com and have never heard of it until the popup that I received. I am currently not running my own instance of an Electrum server but am planning on running my own Bitcoin Core node after this incident. When you say I need to enable SSL on the settings or provide server certificate, this is relevant if I run my own private Electrum server but does not apply if I'm running my own Bitcoin Core node, right? Thank you for sharing the GitHub page. I will report the issue.
legendary
Activity: 2730
Merit: 7065
I would suggest going to the server settings and finding a different server to connect to. If you don't see the same error message, it's safe to say that there is an error message with that electrum.diynodes.com server. If you can change the server and there is no reason which you aren't telling us about that makes you use that particular one, just pick a different one.

Is it safe to connect my cold storage to my computer and/or conduct a transaction?
That depends on what you mean with cold storage? Are we talking about a hardware wallet or some airgapped machine you intend to bring online? It stops being cold storage if the private keys touch an internet-connected computer. So, please pay attention to what you are doing to not reduce the security of your setup.
hero member
Activity: 714
Merit: 1298
When I open Sparrow, I receive a popup titled "SSL Handshake Failed". The message says "The certificate provided by the server at electrum.diynodes.com appears to have changed. This may be simply due to a certificate renewal, or it may indicate a man-in-the-middle attack. Do you still want to proceed?".

Has anyone else gotten this? Is it safe to click Yes and proceed? Is it safe to connect my cold storage to my computer and/or conduct a transaction? Thank you in advance

You can check  electrum.diynodes.com  certificate on sslchecker. It flags Missing Root certificate  for given server and it would be a red flag for me.

I never connect my Sparrow to any public server as I use my own Bitcoin Core node.

Thus, I encourage you to  act  in  the same way.

" Better safe than sorry"
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I tried accessing the website from browser and got different error.

Quote
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for electrum.diynodes.com. The certificate is only valid for api.testnet.diynodes.com.
 
Error code: SSL_ERROR_BAD_CERT_DOMAIN

It looks like owner of that domain doesn't configure SSL certificate properly. And after i choose to proceed, it shows 504 Gateway timeout. I don't think it's dangerous to click yes, but you better use properly configured Electrum server.
hero member
Activity: 630
Merit: 510
When you connect to a new server, the wallet creates the server certificate and keeps it, and when any change occurs, this error appears. Therefore, if you do not change the server or do not trust electrum.diynodes.com, click on No and go to file, Preferences, Server tab


That server is managed by https://twitter.com/openoms, and I don't think there will be a problem by clicking Yes.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
I don't know what caused this issue but are you using a VPN while using Sparrow? It won't be safe if you proceed better report this issue since I never heard someone had the same issue.

Do you own this electrum.diynodes.com or this is what you paste under private electrum?
It seems you need to enable SSL on the settings or provide the server certificate.

Check their GitHub page below and make a report issue.

- https://github.com/sparrowwallet/sparrow/issues

newbie
Activity: 5
Merit: 1
When I open Sparrow, I receive a popup titled "SSL Handshake Failed". The message says "The certificate provided by the server at electrum.diynodes.com appears to have changed. This may be simply due to a certificate renewal, or it may indicate a man-in-the-middle attack. Do you still want to proceed?".

Has anyone else gotten this? Is it safe to click Yes and proceed? Is it safe to connect my cold storage to my computer and/or conduct a transaction? Thank you in advance
Jump to: