[Bitcoin-development] mid-term bitcoin security (Re: Warning message when running wallet in Windows XP (or drop support?))
adam at cypherspace.org
Wed Apr 16 11:06:27 UTC 2014
Big picture/mid-term I think air-gaps and zero-trust ecosystem components
are the only solution. (zero-trust meaning like real-time auditability, or
type 2/type 3 exchanges based on atomic-swap, trustless escrow etc).
Need a mass-production and air-drop of trezors :)
There is one more problem address-substitution via untrusted network/user
and weak site with 1mil lines of swiss-cheese security app-store. So some
kind of address authentication TOFU. Aside from X509 bloatware which could
be extended from payment protocol to do that, I'd argue for a native simple
TOFU format like Alan Reiner's multiplier * base approach (where base is the
TOFU handle). And/or something like the IBE address proposal (which gives a
bandwidth efficiently SPV queryable way to check if funds received). Worst
case if weil-pairing gets broken it auto-devolves to the current status
Btw not to reignite the stealth vs reusable address bike shedding, but
contrarily I was thinking it maybe actually better to try to rebrand address
as "invoice number". People understand double paying an invoice is not a
good idea. And if they receive the same invoice twice they'll query it.
On Wed, Apr 16, 2014 at 11:41:48AM +0200, Wladimir wrote:
> On Wed, Apr 16, 2014 at 10:45 AM, Melvin Carvalho
> <melvincarvalho at gmail.com> wrote:
> XP with a trezor would work fine tho?
> Probably - but that's a very rare edge case. People that are security
> conscious enough to buy a Trezor will not run XP. Also I don't dare to
> say that there is not some way to sociaal-engineer the user with
> malware on a compromised OS even with a trezor.
> Maybe: for 0.9.2 add a warning message and push people to upgrade
> (either to Win8.1 or something else), then in the next major release
> 0.10.0 drop XP support completely.
> 1. mailto:melvincarvalho at gmail.com
>Learn Graph Databases - Download FREE O'Reilly Book
>"Graph Databases" is the definitive new guide to graph databases and their
>applications. Written by three acclaimed leaders in the field,
>this first edition is now available. Download your free book today!
>Bitcoin-development mailing list
>Bitcoin-development at lists.sourceforge.net
More information about the bitcoin-dev