Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1YsVk0-0007Vm-JO for bitcoin-development@lists.sourceforge.net; Wed, 13 May 2015 12:26:24 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 74.125.82.44 as permitted sender) client-ip=74.125.82.44; envelope-from=alex.mizrahi@gmail.com; helo=mail-wg0-f44.google.com; Received: from mail-wg0-f44.google.com ([74.125.82.44]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1YsVjz-0005bG-Gm for bitcoin-development@lists.sourceforge.net; Wed, 13 May 2015 12:26:24 +0000 Received: by wgbhc8 with SMTP id hc8so8175953wgb.3 for ; Wed, 13 May 2015 05:26:17 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.180.231.4 with SMTP id tc4mr14156576wic.27.1431519977480; Wed, 13 May 2015 05:26:17 -0700 (PDT) Received: by 10.27.102.73 with HTTP; Wed, 13 May 2015 05:26:17 -0700 (PDT) In-Reply-To: References: <5550D8BE.6070207@electrum.org> <5551F376.4050008@electrum.org> <555210AF.3090705@electrum.org> <55531E19.3090503@electrum.org> Date: Wed, 13 May 2015 15:26:17 +0300 Message-ID: From: Alex Mizrahi To: Bitcoin Dev Content-Type: multipart/alternative; boundary=001a1134cc28bf26c80515f5b72c X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (alex.mizrahi[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1YsVjz-0005bG-Gm Subject: Re: [Bitcoin-development] Long-term mining incentives X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2015 12:26:24 -0000 --001a1134cc28bf26c80515f5b72c Content-Type: text/plain; charset=UTF-8 Let's consider a concrete example: 1. User wants to accept Bitcoin payments, as his customers want this. 2. He downloads a recent version of Bitcoin Core, checks hashes and so on. (Maybe even builds from source.) 3. Let's it to sync for several hours or days. 4. After wallet is synced, he gives his address to customer. 5. Customer pays. 6. User waits 10 confirmations and ships the goods. (Suppose it's something very expensive.) 7. Some time later, user wants to convert some of his bitcoins to dollars. He sends his bitcoins to an exchange but they never arrive. He tries to investigate, and after some time discovers that his router (or his ISP's router) was hijacked. His Bitcoin node couldn't connect to any of the legitimate nodes, and thus got a complete fake chain from the attacker. Bitcoins he received were totally fake. Bitcoin Core did a shitty job and confirmed some fake transactions. User doesn't care that *if *his network was not impaired, Bitcoin Core *would have *worked properly. The main duty of Bitcoin Core is to check whether transactions are confirmed, and if it can be fooled by a simple router hack, then it does its job poorly. If you don't see it being a problem, you should't be allowed to develop anything security-related. If a node is connected to 99 dishonest nodes and 1 honest node, it can > still sync with the main network. > Yes, it is good against Sybil attack, but not good against a network-level attack. Attack on user's routers is a very realistic, plausible attack. Imagine if SSL could be hacked by hacking a router, would people still use it? Fucking no. > A 3 month reversal would be devastating, so the checkpoint isn't adding > much extra security. > WIthout checkpoints an attacker could prepare a fork for $10. With checkpoints, it would cost him at least $1000, but more likely upwards of $100000. That's quite a difference, no? I do not care what do you think about the reasons why checkpoints were added, but it is a fact that they make the attack scenario I describe above hard to impossible. Without checkpoints, you could perform this attack using a laptop. With checkpoints, you need access to significant amounts of mining ASICs. --001a1134cc28bf26c80515f5b72c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Let's consider a concrete example:

= 1. User wants to accept Bitcoin payments, as his customers want this.
=
2. He downloads a recent version of Bitcoin Core, checks hashes and so= on. (Maybe even builds from source.)
3. Let's it to sync for= several hours or days.
4. After wallet is synced, he gives his a= ddress to customer.
5. Customer pays.=C2=A0
6. User wai= ts 10 confirmations and ships the goods. (Suppose it's something very e= xpensive.)
7. Some time later, user wants to convert some of his = bitcoins to dollars. He sends his bitcoins to an exchange but they never ar= rive.

He tries to investigate, and after some time= discovers that his router (or his ISP's router) was hijacked. His Bitc= oin node couldn't connect to any of the legitimate nodes, and thus got = a complete fake chain from the attacker.
Bitcoins he received wer= e totally fake.

Bitcoin Core did a shitty job and = confirmed some fake transactions.
User doesn't care that i= f his network was not impaired, Bitcoin Core would have worked p= roperly.
The main duty of Bitcoin Core is to check whether transa= ctions are confirmed, and if it can be fooled by a simple router hack, then= it does its job poorly.

If you don't see it b= eing a problem, you should't be allowed to develop anything security-re= lated.

If a node is connected to 99 dis= honest nodes and 1 honest node, it can still sync with the main network.

Yes, it is good a= gainst Sybil attack, but not good against a network-level attack.
Attack on user's routers is a very realistic, plausible attack.
<= div>Imagine if SSL could be hacked by hacking a router, would people still = use it?

Fucking no.
=C2=A0=C2=A0
A 3 month reversal would be devast= ating, so the checkpoint isn't adding much extra security.

WIthout checkpoints an atta= cker could prepare a fork for $10.
With checkpoints, it would cos= t him at least $1000, but more likely upwards of $100000.
That= 9;s quite a difference, no?

I do not care what do = you think about the reasons why checkpoints were added, but it is a fact th= at they make the attack scenario I describe above hard to impossible.
=

Without checkpoints, you could perform this attack usin= g a laptop.
With checkpoints, you need access to significant amou= nts of mining ASICs.

--001a1134cc28bf26c80515f5b72c--