Bitcoin Forum>Other>Beginners & Help
Author

Topic: Integrity of ensuring the correct recipient of a BTC public address? (Read 445 times)

CIYAM
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
Integrity of ensuring the correct recipient of a BTC public address?
May 17, 2013, 11:32:28 AM
#4
Quote from: WhatsUpFreak on May 17, 2013, 11:23:47 AM
Could this not be fixed with newly generated public-keys every time a transaction takes place? Similar to when you generate a new wallet on bitaddress.org.

Indeed it is best practice to generate a separate address per tx but of course you still have to trust that whatever address you are presented with *does* belong to the site you think it does.
WhatsUpFreak
newbie
Activity: 33
Merit: 0
Re: Integrity of ensuring the correct recipient of a BTC public address?
May 17, 2013, 11:23:47 AM
#3
Quote from: CIYAM on May 17, 2013, 10:28:55 AM
There is work in progress to tie public address generation to CA certificates for commercial sites (am not sure how that has progressed so far but it is likely to be appearing in the next major release from what I gather).

Another perhaps less satisfactory solution is already available via the use of "firstbits". As an example you can go to blockchain.info and type in 1ciyam to find my project's public address (assuming you trust blockchain.info to show you the correct one).


Interesting...Thanks. This seems like it could be very dangerous for small online vendors if they do not follow proper security implementations. Could this not be fixed with newly generated public-keys every time a transaction takes place? Similar to when you generate a new wallet on bitaddress.org.
CIYAM
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
Re: Integrity of ensuring the correct recipient of a BTC public address?
May 17, 2013, 10:28:55 AM
#2
There is work in progress to tie public address generation to CA certificates for commercial sites (am not sure how that has progressed so far but it is likely to be appearing in the next major release from what I gather).

Another perhaps less satisfactory solution is already available via the use of "firstbits". As an example you can go to blockchain.info and type in 1ciyam to find my project's public address (assuming you trust blockchain.info to show you the correct one).
WhatsUpFreak
newbie
Activity: 33
Merit: 0
Re: Integrity of ensuring the correct recipient of a BTC public address?
May 17, 2013, 10:21:03 AM
#1
If a hacker gains access to a website and proceeds to vandalize the website, including changing the public-key of a BTC wallet, this would direct all payments to the hacker. Is this a security risk inherent to the use of BTC or is there something implemented that could prevent this? I am new to BTC/crypto-currency, so I don't fully understand all the details.
Bitcoin Forum>Other>Beginners & Help
Jump to: