Author

Topic: This message was too old and has been purged (Read 1221 times)

staff
Activity: 4284
Merit: 8808
January 10, 2015, 10:25:08 AM
#12
Gmaxwell, I studied the code, and noticed that the "version" message would include the "addrMe" field, which is populated from LocalAddrs, which again contains the own public IP (for example gotten from UPNP). Would that be a concern when using tor? If so, using Tor would be pointless.
Study harder.  It doesn't in that case.  (And, even if it did make such a colossal goof the other advantages of using tor would still persist.).

There is no feasible way to MITM diffie hellman. If you can do so, you will get all my BTC if you provide a working way.
So you've flipped to the other side of wrong these days.  MITMing a DH key exchange is trivial, you just _do_.

Quote
I should have mentioned that we need some kind of authentication.
Authentication is basically all the complexity in a system, not something you just can wave away.

Quote
Similar to the way it is implemented in TOR.
It's unclear of what you mean here; if you mean the way the tor network prevents MITM/sybil attacks between it's own participants; thats accomplished via centralized "directory authorities".
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
staff
Activity: 4284
Merit: 8808
We have encryption: Use Tor. It's a strongly supported solution which addresses many privacy concerns that plain encryption cannot.

Quote
diffie-hellman handshake
Weren't you trying to sell your "crack" of ECC here some months ago?
hero member
Activity: 506
Merit: 500
Quote
Anyone who wants to monitor you can initiate a connection to you
-listen=0

Still, it's trivial to MITM a DH exchange. How are you going to authenticate people?. Via ECDSA signatures with their bitcoin addresses?.
legendary
Activity: 1260
Merit: 1019
Quote
Anyone who wants to monitor you can initiate a connection to you
-listen=0
hero member
Activity: 506
Merit: 500
The problem with your idea is simple: Anyone who wants to monitor you can initiate a connection to you, and see if you broadcast the transaction first.

There are other issues, as a simple Diffie-Hellman key agreement is unauthenticated. It's trivial to MITM you and relay the communications with another client without you even knowing. You're assuming the attacker only has the ability to sniff packets and not alter them or get in the middle (or just connect to you!).
legendary
Activity: 1260
Merit: 1019
Quote
If you sent an "inv" mesaage containing your transaction hash without receiving that same message before, you are the initiator.
... or you have another connection.
for example through tor

legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
hero member
Activity: 560
Merit: 501
Regarding your second point: how would a malicious entity differentiate between normal transaction rebroadcasting between nodes and an original transaction being broadcast?
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
Jump to: