Laszlo Hanyecz [ARCHIVE] on Nostr: š Original date posted:2014-08-08 š Original message:Mutual CHAP could work. ...
š
Original date posted:2014-08-08
š Original message:Mutual CHAP could work. This is commonly done in PPP and iSCSI. The idea is simply that both sides authenticate. The server expects the client to provide a password, and the client expects the server to provide a (different) password. If you masquerade as the server, you won't be able to authenticate because every client has a different password they expect from the server, so they won't do work for you. MITM on the server can capture the exchange but CHAP protects against replay.
https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol
-Laszlo
On Aug 8, 2014, at 6:21 PM, Jeff Garzik <jgarzik at bitpay.com> wrote:
> gmaxwell noted on IRC that enabling TLS could be functionally, if not
> literally, a DoS on the pool servers. Hence the thought towards a
> more lightweight method that simply prevents client payout redirection
> + server impersonation.
>
>
> On Fri, Aug 8, 2014 at 5:53 AM, Mike Hearn <mike at plan99.net> wrote:
>>> Certificate validation isn't needed unless the attacker can do a direct
>>> MITM
>>> at connection time, which is a lot harder to maintain than injecting a
>>> client.reconnect.
>>
>>
>> Surely the TCP connection will be reset once the route reconfiguration is
>> completed, either by the MITM server or by the client TCP stack when it
>> discovers the server doesn't know about the connection anymore?
>>
>> TLS without cert validation defeats the point, you can still be connected to
>> a MITM at any point by anyone who can simply interrupt or corrupt the
>> stream, forcing a reconnect.
>>
>> ------------------------------------------------------------------------------
>> Want fast and easy access to all the code in your enterprise? Index and
>> search up to 200,000 lines of code with a free copy of Black Duck
>> Code Sight - the same software that powers the world's largest code
>> search on Ohloh, the Black Duck Open Hub! Try it now.
>> http://p.sf.net/sfu/bds
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
>
> --
> Jeff Garzik
> Bitcoin core developer and open source evangelist
> BitPay, Inc. https://bitpay.com/
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
š Original message:Mutual CHAP could work. This is commonly done in PPP and iSCSI. The idea is simply that both sides authenticate. The server expects the client to provide a password, and the client expects the server to provide a (different) password. If you masquerade as the server, you won't be able to authenticate because every client has a different password they expect from the server, so they won't do work for you. MITM on the server can capture the exchange but CHAP protects against replay.
https://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol
-Laszlo
On Aug 8, 2014, at 6:21 PM, Jeff Garzik <jgarzik at bitpay.com> wrote:
> gmaxwell noted on IRC that enabling TLS could be functionally, if not
> literally, a DoS on the pool servers. Hence the thought towards a
> more lightweight method that simply prevents client payout redirection
> + server impersonation.
>
>
> On Fri, Aug 8, 2014 at 5:53 AM, Mike Hearn <mike at plan99.net> wrote:
>>> Certificate validation isn't needed unless the attacker can do a direct
>>> MITM
>>> at connection time, which is a lot harder to maintain than injecting a
>>> client.reconnect.
>>
>>
>> Surely the TCP connection will be reset once the route reconfiguration is
>> completed, either by the MITM server or by the client TCP stack when it
>> discovers the server doesn't know about the connection anymore?
>>
>> TLS without cert validation defeats the point, you can still be connected to
>> a MITM at any point by anyone who can simply interrupt or corrupt the
>> stream, forcing a reconnect.
>>
>> ------------------------------------------------------------------------------
>> Want fast and easy access to all the code in your enterprise? Index and
>> search up to 200,000 lines of code with a free copy of Black Duck
>> Code Sight - the same software that powers the world's largest code
>> search on Ohloh, the Black Duck Open Hub! Try it now.
>> http://p.sf.net/sfu/bds
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
>
> --
> Jeff Garzik
> Bitcoin core developer and open source evangelist
> BitPay, Inc. https://bitpay.com/
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development