Jonas Schnelli [ARCHIVE] on Nostr: 📅 Original date posted:2017-03-08 📝 Original message:Hi Tom > Do you know the ...
📅 Original date posted:2017-03-08
📝 Original message:Hi Tom
> Do you know the trick of having an open wifi basestation in a public street
> and how that can lead to tracking? Especially if you have a network of them.
> The trick is this; you set up an open wifi base station with a hidden ssid
> and phones try to connect to it by saying “Are you ssid=xyz?”
> This leads the basestation to know that the phone has known credentials with
> another wifi that has a specific ssid. (the trick is slightly more elaborate,
> but the basics are relevant here).
>
> Your BIP is vulnarable to the same issue, as a node wants to connect using
> the AUTHCHALLENGE which has as an argument the hash of the person I’m trying
> to connect with.
This thread is not about BIP150/151.
The hash includes the encryption session which makes it impossible to distinct identities.
>
> Your BIP says "Fingerprinting the requesting peer is not possible”.
> Unfortunately, this is wrong. Yes the peer is trivial to fingerprint. Your
> hash never changes and as you connect to a node anyone listening can see you
> sending the same hash on every connect to that peer, whereever you are or
> connect from.
Not true. The hash includes the encryption session which is based on a ephemeral ECDH/HKDF per connection-session.
Have you read the BIP?
</jonas>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170308/42405465/attachment.sig>;
📝 Original message:Hi Tom
> Do you know the trick of having an open wifi basestation in a public street
> and how that can lead to tracking? Especially if you have a network of them.
> The trick is this; you set up an open wifi base station with a hidden ssid
> and phones try to connect to it by saying “Are you ssid=xyz?”
> This leads the basestation to know that the phone has known credentials with
> another wifi that has a specific ssid. (the trick is slightly more elaborate,
> but the basics are relevant here).
>
> Your BIP is vulnarable to the same issue, as a node wants to connect using
> the AUTHCHALLENGE which has as an argument the hash of the person I’m trying
> to connect with.
This thread is not about BIP150/151.
The hash includes the encryption session which makes it impossible to distinct identities.
>
> Your BIP says "Fingerprinting the requesting peer is not possible”.
> Unfortunately, this is wrong. Yes the peer is trivial to fingerprint. Your
> hash never changes and as you connect to a node anyone listening can see you
> sending the same hash on every connect to that peer, whereever you are or
> connect from.
Not true. The hash includes the encryption session which is based on a ephemeral ECDH/HKDF per connection-session.
Have you read the BIP?
</jonas>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170308/42405465/attachment.sig>;