[Bitcoin-development] mid-term bitcoin security (Re: Warning message when running wallet in Windows XP (or drop support?))

Adam Back adam at cypherspace.org
Wed Apr 16 11:06:27 UTC 2014


Big picture/mid-term I think air-gaps and zero-trust ecosystem components
are the only solution.  (zero-trust meaning like real-time auditability, or
type 2/type 3 exchanges based on atomic-swap, trustless escrow etc).

Need a mass-production and air-drop of trezors :)

There is one more problem address-substitution via untrusted network/user
and weak site with 1mil lines of swiss-cheese security app-store.  So some
kind of address authentication TOFU.  Aside from X509 bloatware which could
be extended from payment protocol to do that, I'd argue for a native simple
TOFU format like Alan Reiner's multiplier * base approach (where base is the
TOFU handle).  And/or something like the IBE address proposal (which gives a
bandwidth efficiently SPV queryable way to check if funds received).  Worst
case if weil-pairing gets broken it auto-devolves to the current status
quo.

Btw not to reignite the stealth vs reusable address bike shedding, but
contrarily I was thinking it maybe actually better to try to rebrand address
as "invoice number".  People understand double paying an invoice is not a
good idea.  And if they receive the same invoice twice they'll query it.

Adam

On Wed, Apr 16, 2014 at 11:41:48AM +0200, Wladimir wrote:
>   On Wed, Apr 16, 2014 at 10:45 AM, Melvin Carvalho
>   <[1]melvincarvalho at gmail.com> wrote:
>
>   XP with a trezor would work fine tho?
>
>   Probably - but that's a very rare edge case. People that are security
>   conscious enough to buy a Trezor will not run XP. Also I don't dare to
>   say that there is not some way to sociaal-engineer the user with
>   malware on a compromised OS even with a trezor.
>   Maybe: for 0.9.2 add a warning message and push people to upgrade
>   (either to Win8.1 or something else), then in the next major release
>   0.10.0 drop XP support completely.
>   Wladimir
>
>References
>
>   1. mailto:melvincarvalho at gmail.com

>------------------------------------------------------------------------------
>Learn Graph Databases - Download FREE O'Reilly Book
>"Graph Databases" is the definitive new guide to graph databases and their
>applications. Written by three acclaimed leaders in the field,
>this first edition is now available. Download your free book today!
>http://p.sf.net/sfu/NeoTech

>_______________________________________________
>Bitcoin-development mailing list
>Bitcoin-development at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/bitcoin-development





More information about the bitcoin-dev mailing list