<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 15 May 2013 13:38, Peter Todd <span dir="ltr"><<a href="mailto:pete@petertodd.org" target="_blank">pete@petertodd.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Now that I have the replace-by-fee reward, I might as well spread the<br>
wealth a bit.<br>
<br>
<br>
So for all this discussion about replace-by-fee and the supposed<br>
security of zero-conf transactions, no-one seems to think much about how<br>
in practice very few vendors have a setup to detect if conflicting<br>
transactions were broadcast on the network simultaneously - after all if<br>
that is the case which transaction gets mined is up to chance, so much<br>
of the time you'll get away with a double spend. We don't yet have a<br>
mechanism to propagate double-spend warnings, and funny enough, in the<br>
case of a single txin transaction the double-spend warning is also<br>
enough information to allow miners to implement replace-by-fee.<br>
<br>
<br>
So I'm offering 2BTC for anyone who comes up with a nice and easy to use<br>
command line tool that lets you automagically create one version of the<br>
transaction sending the coins to the desired recipient, and another<br>
version sending all the coins back to you, both with the same<br>
transaction inputs. In addition to creating the two versions, you need<br>
to find a way to broadcast them both simultaneously to different nodes<br>
on the network. One clever approach might be to use <a href="http://blockchain.info" target="_blank">blockchain.info</a>'s<br>
raw transaction POST API, and your local Bitcoin node.<br>
<br>
If you happen to be at the conference, a cool demo would be to<br>
demonstrate the attack against my Android wallet. I'll buy Bitcoins off<br>
of you at Mt. Gox rates + %10, and you can see if you can rip me off.<br>
Yes, you can keep the loot. :) This should be videotaped so we can put<br>
an educational video on youtube after.<br></blockquote><div><br></div><div>Isnt it potentially inviting trouble by encouraging people to insert double spends into the block chain?<br><br></div><div>Sure, zero conf isnt 100% safe, we all know that.<br>
<br>But neither is the postal service. Doesnt mean we should be going around promoting the creation of tools to go into people's maiilboxes and open their letters!</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class="HOEnZb"><font color="#888888"><br>
--<br>
'peter'[:-1]@<a href="http://petertodd.org" target="_blank">petertodd.org</a><br>
00000000000000bafd0a55f013e058cc2a672ee0c66b9265a02390d80e4748f5<br>
</font></span><br>------------------------------------------------------------------------------<br>
AlienVault Unified Security Management (USM) platform delivers complete<br>
security visibility with the essential security capabilities. Easily and<br>
efficiently configure, manage, and operate all of your security controls<br>
from a single console and one unified framework. Download a free trial.<br>
<a href="http://p.sf.net/sfu/alienvault_d2d" target="_blank">http://p.sf.net/sfu/alienvault_d2d</a><br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href="mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-development@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/bitcoin-development" target="_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-development</a><br>
<br></blockquote></div><br></div></div>