[bitcoin-dev] BIP 151

Eric Voskuil eric at voskuil.org
Tue Jun 28 18:35:26 UTC 2016


Hi Peter,

What in this BIP makes a MITM attack easier (or easy) to detect, or increases the probability of one being detected?

e

> On Jun 28, 2016, at 8:22 PM, Peter Todd <pete at petertodd.org> wrote:
> 
> On Tue, Jun 28, 2016 at 06:45:58PM +0200, Eric Voskuil via bitcoin-dev wrote:
>>> 1) Transaction censorship
>>> ISPs, WIFI provider or any other MITM, can holdback/censor unconfirmed
>>> transactions. Regardless if you are a miner or a validation/wallet node.
>>> 
>>> 2) Peer censorship
>>> MITM can remove or add entries from a "addr" message.
>>> 
>>> 3) Fingerprinting
>>> ISPs or any other MITM can intercept/inject fingerprinting relevant
>>> messages like "mempool" to analyze the bitcoin network.
>> 
>> Encryption alone cannot protect against a MITM attack in an anonymous and permissionless network. This is accepted in the BIP (and your follow-up reply).
> 
> Being able to easily detect MITM attacks is a _huge_ step forward that
> shouldn't be underestimated; even if 99% of users aren't in a position to
> detect the MITM you only need a small subset of users that do the necessary
> checks to alert the wider community, who can then respond with stronger
> security measures. Those measures are likely to be more costly - authenticated
> systems are significantly harder than not - so better to save your efforts
> until the need for them is more obvious.
> 
> Also the fact that an attack has a reasonable probability of detection is a big
> disincentive for many types of attackers - note how one of the things revealed
> in the Snowden leaks was the fact that the NSA generally tries quite hard to
> avoid tipping off targets to the fact that they're being surveilled, with a
> myriad of carefully scripted policies to control when and how exploits are used
> against targets.
> 
> -- 
> https://petertodd.org 'peter'[:-1]@petertodd.org


More information about the bitcoin-dev mailing list