Topic: Defeating MITM attacks through Paypal (Read 844 times)
If it's just a regular email, the man in the middle will be able to impersonate the buyer perfectly. He can use a throwaway email and never look back, no info about him to trace.
Seems unnecessarily complicated when both side could simply email each other for verification.
Looks I can only post in the noob forum 
Reading the funny thread with Foodstamp and the grief he's caused, it surprised me how easy it was to execute a man in the middle (mitm) attack. In order to overcome this, the seller accepting paypal has to know he is giving his bitcoins to the same address the paypal is coming from, and the mitm succeeds because he doesn't have to provide a paypal account, which may be traced. So basically my idea is, for every transaction, you get a new receiving address, take the first 10 digits of it, and register that as a one time use email address and associate it with paypal. So for example you would create [email protected] and then email the seller
"Hey, send me 10btc at address y2fQ63m05kPV........... I just sent you $15 from [email protected]"
If the seller were being scammed, the email he could see in paypal would not match up with the address he was being told to send coins to, and would not complete the transaction, hopefully refunding the paypal to the unknown victim, or emailing the victim directly. The buyer would then transfer the 10btc to a new wallet and get a new email address for the next transaction. If he kept the same one, an attacker could register [email protected] and use it for a future attack. Thoughts?
Reading the funny thread with Foodstamp and the grief he's caused, it surprised me how easy it was to execute a man in the middle (mitm) attack. In order to overcome this, the seller accepting paypal has to know he is giving his bitcoins to the same address the paypal is coming from, and the mitm succeeds because he doesn't have to provide a paypal account, which may be traced. So basically my idea is, for every transaction, you get a new receiving address, take the first 10 digits of it, and register that as a one time use email address and associate it with paypal. So for example you would create [email protected] and then email the seller"Hey, send me 10btc at address y2fQ63m05kPV........... I just sent you $15 from [email protected]"
If the seller were being scammed, the email he could see in paypal would not match up with the address he was being told to send coins to, and would not complete the transaction, hopefully refunding the paypal to the unknown victim, or emailing the victim directly. The buyer would then transfer the 10btc to a new wallet and get a new email address for the next transaction. If he kept the same one, an attacker could register [email protected] and use it for a future attack. Thoughts?
Jump to: