Mike Hearn [ARCHIVE] on Nostr: 📅 Original date posted:2014-08-20 📝 Original message:I would be very happy if ...
📅 Original date posted:2014-08-20
📝 Original message:I would be very happy if we upgraded the P2P protocol with MAC keys and a
simple home grown encryption layer, because:
1. It's practically guaranteed that 5-eyes intelligence agencies are
either systematically deanonymising Bitcoin users already (linking
transactions to real world identities) or close to succeeding. Peter is
correct. Given the way their infrastructure works, encrypting link level
traffic would significantly raise the bar to such attacks. Quite possibly
to the level where it's deemed unprofitable to continue.
2. Tor is not a complete solution. The most interesting links to monitor
are those from SPV clients connecting to Core nodes. Whilst Java SPV
clients have the nice option of an easy bundled Tor client (er, once we fix
the last bugs) clients that are not based on bitcoinj would have to use the
full-blown Tor client, which is not only a PITA to bundle as Tor is not at
all library-fied, but is a giant pile of C which is almost certainly
exploitable. Even if it runs in a separate address space, for many
platforms this is insufficient as a compromised Tor client could then go
ahead and compromise your wallet app too.
Implementing a full Tor client is not a reasonable thing to ask of a wallet
developer, but doing HMAC checks and a simple ECDH exchange + AES would be
quite realistic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140820/d2763572/attachment.html>;
📝 Original message:I would be very happy if we upgraded the P2P protocol with MAC keys and a
simple home grown encryption layer, because:
1. It's practically guaranteed that 5-eyes intelligence agencies are
either systematically deanonymising Bitcoin users already (linking
transactions to real world identities) or close to succeeding. Peter is
correct. Given the way their infrastructure works, encrypting link level
traffic would significantly raise the bar to such attacks. Quite possibly
to the level where it's deemed unprofitable to continue.
2. Tor is not a complete solution. The most interesting links to monitor
are those from SPV clients connecting to Core nodes. Whilst Java SPV
clients have the nice option of an easy bundled Tor client (er, once we fix
the last bugs) clients that are not based on bitcoinj would have to use the
full-blown Tor client, which is not only a PITA to bundle as Tor is not at
all library-fied, but is a giant pile of C which is almost certainly
exploitable. Even if it runs in a separate address space, for many
platforms this is insufficient as a compromised Tor client could then go
ahead and compromise your wallet app too.
Implementing a full Tor client is not a reasonable thing to ask of a wallet
developer, but doing HMAC checks and a simple ECDH exchange + AES would be
quite realistic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140820/d2763572/attachment.html>;