Pages:
Author

Topic: Timejacking & Bitcoin - page 2. (Read 6057 times)

legendary
Activity: 1246
Merit: 1016
Strength in numbers
May 27, 2011, 09:26:30 PM
#5
I'm surprised there isn't something more damaging that can be done if you get enough nodes to change a majorities time. It seems like all he gets is a small chance to put a few false confirms on one or a few nodes.
legendary
Activity: 1708
Merit: 1010
May 27, 2011, 05:55:55 PM
#4
This is an elaborate version of a known attack vector, but one that is limited to a particular target, not the blockchain itself or the network as a whole.  Basicly, it's another way to perform a double spend fraud against a particular node.  There are many ways that a major vendor node could use to thwart this that are not mentioned by the article, probably due to lack of research on the author's part in this forum's thread history.  One defense is mentioned in the article, but he largely dismisses it's value. 

"Monitor network health and shutdown if there's suspicious activity.
Definitely a good thing, but wouldn't resolve conflicts automatically."

This is the 'blockchain watchdog' process mentioned in many prior threads.  It does not exist, but it could.  There are many signs that known attack vectors are underway.  No, this would not necessarily result in an automatic response, but it could notify the user that something is wrong as well as suspend transactions on an ecommerce site.

"Use the median block chain time exclusively when validating blocks."


This is a client issue, and one that can differ between client versions.  If a programmer wishes to come out with a version that does this, he is free to do so.

In short, this attack is possible, but very difficult even if the attacker is aware of any secret defenses the target may have already taken.  Nor is it a threat to bitcoin itself.
 
legendary
Activity: 2940
Merit: 1090
May 27, 2011, 05:30:31 PM
#3
It seems to rely though on knowing exactly which machine you need to timejack in order to double-spend in a way that results in useable services or merchandise.

For example suppose I run a website that accepts Bitcoin payments in return for some promptly delivered readily-resellable product or service.

It knows the IP address and port of my, or my financial service provider's, bitcoind or of a tunnel to such a bitcoind.

The attacker tells my website it wants to buy, my website asks the remote bitcoind for an address for the transaction and tells it to the attacker.

What machine is the attacker going to try to timejack in order to fool my website into handing over its good or service?

-MarkM- (Could Ocean's Thirteen timejack all the major pools' pool-servers at once, maybe?)

legendary
Activity: 1288
Merit: 1080
May 27, 2011, 05:03:43 PM
#2
Anyone seen this article?  http://culubas.blogspot.com/2011/05/timejacking-bitcoin_802.html

Curious to know what your thoughts are and what implications this has on the network...

Too complicated for me but if I was to try to attack the bitcoin network, I would probably explore an idea like that.

The time adjustment algorithm might indeed be the most obvious possible weakness in the protocol.

legendary
Activity: 800
Merit: 1001
May 27, 2011, 04:14:02 PM
#1
Anyone seen this article?  http://culubas.blogspot.com/2011/05/timejacking-bitcoin_802.html

Curious to know what your thoughts are and what implications this has on the network...

-EP
Pages:
Jump to: