Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1396. (Read 4671575 times)

Are we going to have nightly build of the wallet file? That is quite inconvenient.

Is it plausible to make clients checkpoint themselves regularly? This would require the checkpoints to be saved in some external file that is integrity-verifiable.

Hmm sounds like a businnessplan

Well, actually, to some degree it is a form of centralised control. I'll quote from IRC -


[11:28:52]  fluffypony:    the best way to prevent this sort of attack is to have a very, very large network hashrate
[11:29:01]  fluffypony:    ours is still relatively small
[11:29:36]  Myagui:    yeah, which begs for more/better miner software - particularly opensource for AMD (of which I have none, btw)
[11:29:57]  fluffypony:    attacking Monero now using brute hashrate alone is a cop-out, because our network isn't strong enough to be considered "safe" by decentralised standards
[11:30:08]  dnaleor_:    Myagui, bitcoin solved this problem exactly like xmr: https://en.bitcoin.it/wiki/Checkpoint_Lockin
[11:31:19]  Myagui:    dnaleor_: got it, but just as fluffypony and I were getting too, that's not really a "solution", it's mitigation (and requires babysitting)
[11:31:29]  fluffypony:    Myagui: yes
[11:31:41]  fluffypony:    remember, Monero isn't a decentralised cryptocurrency yet
[11:31:54]  fluffypony:    it *can be* one in the future when the network is bigger / stronger
[11:32:17]  fluffypony:    so anyone buying Monero now isn't buying it because it's a perfect example of a decentralised cryptocurrency
[11:32:25]  fluffypony:    they're buying it because it can potentially be one in future


A poor use of "perfect", but you get the drift.

There is actually nothing preventing a user from adding a checkpoint to the code they are using and recompiling. All they are actually saying is that they trust, as part of the consensus making process, a chain that matches up to the checkpoint over a longer chain that differs before the checkpoint.

Does checkpointing make XMR more like a centralized currency?

What effect would checkpointing every hour cause vs daily? Is it correct in saying that checkpoints have to be manually recovered from?

XMR is the future.

Correct on checkpointing as regular (but temporary mitigation). I would kindly request that the dev team release binaries as well, to ensure that the checkpoints are further distributed. Presumably, exchanges & pools will take the checkpoints from source at regular intervals, but compiling is not accessible to the average user.

From what I understand, the dev team is working on additional preventive measures, aiming for a more permanent solution to this type of attack. This experience should also highlight the importance of a healthy (read: strong/fast) Monero mining network. An open source AMD miner is perhaps one important measure in this regard.

Reminder: There's still an open bounty to this effect, and Wolf0 has generously posted some partial code towards this goal, so someone taking up the task, will not need to start from scratch.
https://bitcointalksearch.org/topic/bounty-for-open-sourced-xmrcryptonight-gpu-miner-bounties-thread-656841

PS: Please edit/remove text when quoting the troll(s), as this partly defeats the ignore function. Better options are:



^{Edit: Credits due to the community members who came up with these creative responses. Thank you!}

You're almost correct. By checkpointing daily for a bit (till he/she/it loses interest and it realises that it is both unethical and incompetent) we prevent it from being able to produce a non-checkpointed chain of any length.

It can literally become a war of attrition; however if the defence is in the process of developing a permanent fix then time is on the side of the defence. I compiled bitmonerod 4x over the last 24 hours on different computers.  

OK, I'm thoroughly confused. But I do know that if XMR survives this thorough thrashing, it will rise like a Pheonix. I commend those who would protect the ring signatures from the time warp.

Unless I am missing something obvious, doing so delays the attack and makes it considerably worse.
You want the attack to come as quickly as possible. The longer it is prolonged, the greater the effect.

His agenda may be to simply buy low and sell high. Anyone with asymmetric information can profit by manipulating the market. Another possibility is that he was paid (or manipulated) by the Bytecoin/CryptoNote scammers to harm XMR relative to the other CN coins. A twist on that scenario is that, at some point the B/CN scammers will realize (or have already realized) that it is better to join XMR than to fight it. Perhaps this was their way to board the train on advantageous terms. Note that none of this would require any actual flaw in XMR; it could all be smoke and mirrors. If so, then the scammers adroitly exploited TFM/AM to amplify the FUD. I doubt he would wittingly participate in such a scheme. He has apparently helped to identify and characterize some possible vulnerabilities in all the CN coins, though the significance of his findings has not yet been dispassionately analyzed. Whatever comes of TFM's discoveries, I doubt BCX truly had grounds to believe XMR to be flawed, until TFM surprisingly seconded the claim and then went on to doggedly pursue BCX's red herring. TFM is a brilliant and imaginative guy who stumbled into a pre-planned hoax, assumed that there must be something to BCX's claims, and then devoted himself to analyzing XMR's anonymity. That he didn't come up with anything resembling BCX's initial claim is reassuring, but not surprising. I am impressed with the XMR devs and community.

Any everyday, people would need to download a new wallet? Of course, you could make it so that the wallet ignores any blockchains that reorganise more than X blocks maybe? However, in this case - i'm not even sure if that is the issue here.

So if, by BCX's admission, it takes a couple of days for the timewarp symptoms to occur (presumably while building up the attacking chain), a viable mitigation strategy may be to checkpoint daily. This then results in him having to continually restart the attack before it builds up a long enough chain to go anywhere. Could do it at a random point each day to keep it unpredictable. If I understand the situation correctly.

It also appears less and less likely to me that BCX has a viable private-key compromising attack.

In a temewarp attack the attacking chain has to be built up first in private over a period of time. It is then released in the visible portion of the attack. Every time a checkpoint is added this process of building the attacking chain has to be restarted from scratch again, effectively delaying the visible portion of the attack.

Edit: Complacency while the attacking chain is being built, the non visible portion of the attack, becomrs the biggest enemy of the defence. This quote summarizes this very well.

1 - spread fud
2 - buy XMR
3 - pretend to attack
4 - buy XMR
5 - say that the flaw has been fixed by devs
6 - sell XMR
7 - repeat on an other coin
8 - ??

so now we are kept in captivity?

I still cannot see bcxs agenda

If it is just 4MH/s, then is it easier for BCX to attack BCN or BBY to prove his point?