Author

Topic: Integrity of ensuring the correct recipient of a BTC public address? (Read 466 times)

legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Could this not be fixed with newly generated public-keys every time a transaction takes place? Similar to when you generate a new wallet on bitaddress.org.

Indeed it is best practice to generate a separate address per tx but of course you still have to trust that whatever address you are presented with *does* belong to the site you think it does.
newbie
Activity: 33
Merit: 0
There is work in progress to tie public address generation to CA certificates for commercial sites (am not sure how that has progressed so far but it is likely to be appearing in the next major release from what I gather).

Another perhaps less satisfactory solution is already available via the use of "firstbits". As an example you can go to blockchain.info and type in 1ciyam to find my project's public address (assuming you trust blockchain.info to show you the correct one).


Interesting...Thanks. This seems like it could be very dangerous for small online vendors if they do not follow proper security implementations. Could this not be fixed with newly generated public-keys every time a transaction takes place? Similar to when you generate a new wallet on bitaddress.org.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
There is work in progress to tie public address generation to CA certificates for commercial sites (am not sure how that has progressed so far but it is likely to be appearing in the next major release from what I gather).

Another perhaps less satisfactory solution is already available via the use of "firstbits". As an example you can go to blockchain.info and type in 1ciyam to find my project's public address (assuming you trust blockchain.info to show you the correct one).
newbie
Activity: 33
Merit: 0
If a hacker gains access to a website and proceeds to vandalize the website, including changing the public-key of a BTC wallet, this would direct all payments to the hacker. Is this a security risk inherent to the use of BTC or is there something implemented that could prevent this? I am new to BTC/crypto-currency, so I don't fully understand all the details.
Jump to: