Author

Topic: please delete (Read 2095 times)

newbie
Activity: 34
Merit: 0
May 03, 2012, 07:54:29 AM
#10
Where did you get a Realpay blockchain from? !!!

I had no idea there was a client ready or it had started?

Zoiner

Go to realpay.org and scroll down to the bottom where it says "Download". It's available for Windows and Linux.
member
Activity: 74
Merit: 10
May 03, 2012, 07:39:33 AM
#9
Where did you get a Realpay blockchain from? !!!

I had no idea there was a client ready or it had started?

Zoiner
hero member
Activity: 731
Merit: 503
Libertas a calumnia
May 03, 2012, 02:06:07 AM
#8
For one thing, your site isn't even SSL capable, so even if you are entirely honest, an attacker could alter the contents of the traffic between you and me, and I could end up downloading a different file than what you are hosting.
Even with SSL the thing you state is possible, it's not SSL per se that forbid a man in the middle attack, you also need authentication.

He could get a valid SSL certificate signed by some central issuer, but even in that case the government can ask (and obtain) the issuer to issue for him a valid certificate with the same credentials so he can execute a man in the middle attack with a completely unaware user.

SSL prevents eavesdrop to casual sniffers but there is really no point in doing so with a public available file :-)

So, as you correctly stated, the only way to prevent this is to digitally sign the files so they can be checked using the public key that one must get via other channels.

EDIT: foxpup, you made it quicker than me ;-)
legendary
Activity: 4551
Merit: 3445
Vile Vixen and Miss Bitcointalk 2021-2023
May 03, 2012, 01:55:04 AM
#7
I appreciate you bringing these things to my attention. I have inside the zip files the hashes of the individual files contained inside. However, as you said, if someone is able to modify that then it doesn't really matter. I will makes hashes of the actual zip files (which are still on my PC) and add them to the page. Would that solve this problem? Or is there still another way around it for an attacker? Please let me know. I want to do all I can to ensure that nothing is tampered with.

No, it won't solve the problem, and the way for the attacker to get around it is... the same way, actually. If someone is modifying the responses from your site, the can modify the page source (as received by the victim) just as easily as the zip files, and they can just replace your hashes with the hashes of the modified files. You need PGP signatures, not hashes, to protect against this attack (though even that won't work unless your PGP key is already available from a trusted source). Or SSL. Or both, if you're really paranoid.

EDIT: I just realised something. I don't know about other cryptocurrencies, but in Bitcoin each block contains a hash of the previous block, and therefore the Bitcoin client will instantly know something's gone horribly wrong when it downloads the next block and the hash doesn't match the blocks it already has, and will fix the problem by re-downloading the "erroneous" blocks. The only way this won't happen is if the maliciously altered blockchain has a higher total difficulty than the real one, in which case they don't even need to attack your site - we're all doomed anyway. Only light clients (which don't need a blockchain download anyway) have a need to implicitly trust the blocks they receive. Exactly how does a maliciously altered blockchain pose any kind of threat?
newbie
Activity: 34
Merit: 0
May 03, 2012, 01:00:00 AM
#6
download the blockchain the hard way through the client (which is the safest way after all).

For one thing, your site isn't even SSL capable, so even if you are entirely honest, an attacker could alter the contents of the traffic between you and me, and I could end up downloading a different file than what you are hosting.   Each bitcoin blockchain binary from BitcoinCharts gets digitally signed so that the download can be verified as being truly the one built by the site.
 - http://eu1.bitcoincharts.com/blockchain/

Using your blockchain binaries means that I am trusting that you haven't injected data that would cause my client to think a transaction was valid, when elsewhere on the network that transaction will be rejected.

Using these is something unsafe, yet for small amounts the convenience might outweight the risk of loss.  Just wanted to make sure the risks of use got mentioned here.

I appreciate you bringing these things to my attention. I have inside the zip files the hashes of the individual files contained inside. However, as you said, if someone is able to modify that then it doesn't really matter. I will makes hashes of the actual zip files (which are still on my PC) and add them to the page. Would that solve this problem? Or is there still another way around it for an attacker? Please let me know. I want to do all I can to ensure that nothing is tampered with.

All Best,

Michael
legendary
Activity: 2506
Merit: 1010
May 02, 2012, 04:28:25 PM
#5
download the blockchain the hard way through the client (which is the safest way after all).

For one thing, your site isn't even SSL capable, so even if you are entirely honest, an attacker could alter the contents of the traffic between you and me, and I could end up downloading a different file than what you are hosting.   Each bitcoin blockchain binary from BitcoinCharts gets digitally signed so that the download can be verified as being truly the one built by the site.
 - http://eu1.bitcoincharts.com/blockchain/

Using your blockchain binaries means that I am trusting that you haven't injected data that would cause my client to think a transaction was valid, when elsewhere on the network that transaction will be rejected.

Using these is something unsafe, yet for small amounts the convenience might outweight the risk of loss.  Just wanted to make sure the risks of use got mentioned here.
hero member
Activity: 731
Merit: 503
Libertas a calumnia
May 02, 2012, 08:50:50 AM
#4
What I'd like to have is a dump in JSON format or other format easy to read for non-ufficial bitcoin client.
newbie
Activity: 34
Merit: 0
May 02, 2012, 08:25:24 AM
#3
Nice!

Just one question... How did you get the liquidcoin blocks?

I have had issues with the client being stuck at like 1,000 blocks or so and not moving.

I didn't experience any problems with that. It just downloaded like all the other chains. I have no clue what is wrong with your client. Wish I could help!
member
Activity: 87
Merit: 10
COIN SUPPORTER
May 02, 2012, 08:15:34 AM
#2
Nice!

Just one question... How did you get the liquidcoin blocks?

I have had issues with the client being stuck at like 1,000 blocks or so and not moving.
newbie
Activity: 34
Merit: 0
May 02, 2012, 07:43:01 AM
#1
please delete
Jump to: