1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <allen.piscitello@gmail.com>) id 1VclZR-0002iJ-1Y
for bitcoin-development@lists.sourceforge.net;
Sun, 03 Nov 2013 00:29:37 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.212.175 as permitted sender)
client-ip=209.85.212.175;
envelope-from=allen.piscitello@gmail.com;
helo=mail-wi0-f175.google.com;
Received: from mail-wi0-f175.google.com ([209.85.212.175])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VclZO-0005lt-U7
for bitcoin-development@lists.sourceforge.net;
Sun, 03 Nov 2013 00:29:37 +0000
Received: by mail-wi0-f175.google.com with SMTP id hm4so2446455wib.14
for <bitcoin-development@lists.sourceforge.net>;
Sat, 02 Nov 2013 17:29:28 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.194.200.100 with SMTP id jr4mr7212582wjc.37.1383438568717;
Sat, 02 Nov 2013 17:29:28 -0700 (PDT)
Received: by 10.194.85.112 with HTTP; Sat, 2 Nov 2013 17:29:28 -0700 (PDT)
In-Reply-To: <527573DA.7010203@monetize.io>
References: <20131102050144.5850@gmx.com> <52756B2E.7030505@corganlabs.com>
<527573DA.7010203@monetize.io>
Date: Sat, 2 Nov 2013 19:29:28 -0500
Message-ID: <CAJfRnm6Jbm+6__zgvodAroDWRugyX_4atHH1k4+U9_1-GLThjw@mail.gmail.com>
From: Allen Piscitello <allen.piscitello@gmail.com>
To: Mark Friedenbach <mark@monetize.io>
Content-Type: multipart/alternative; boundary=047d7bb03e1e75050904ea3ae463
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(allen.piscitello[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: doubleclick.net]
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1VclZO-0005lt-U7
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Message Signing based authentication
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sun, 03 Nov 2013 00:29:37 -0000
--047d7bb03e1e75050904ea3ae463
Content-Type: text/plain; charset=ISO-8859-1
This was one of my concerns when implementing a scheme where you sign a
refund transaction before the original transaction is broadcast. I
originally tried to pass a hash and have the server sign it. However, I
had no way to know that what I was signing wasn't a transaction that was
spending my coins! So I changed the code to require sending the full
transaction, not just the hash. The other way to mitigate this is through
not having any unspent outputs from this key.
For authentication, you could have both a user-generated and
server-generated portion, so that you signed something that clearly had
data from you, so even if the server-data was a hash of $EVIL_DOCUMENT, you
have clear plausible deniability in that your data that is also signed is
"ATTEMPTING LOGIN TO XYZ.COM Hash($EVIL_DOCUMENT)".
On Sat, Nov 2, 2013 at 4:51 PM, Mark Friedenbach <mark@monetize.io> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Or SIGHASH of a transaction spending those coins or updating the SIN...
>
> On 11/2/13 2:14 PM, Johnathan Corgan wrote:> On 11/01/2013 10:01 PM,
> bitcoingrant@gmx.com wrote:
> >
> >> Server provides a token for the client to sign.
> >
> > Anyone else concerned about signing an arbitrary string? Could be
> > a hash of $EVIL_DOCUMENT, no? I'd want to XOR the string with my
> > own randomly generated nonce, sign that, then pass the nonce and
> > the signature back to the server for verification.
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJSdXPaAAoJEAdzVfsmodw4+m8P/1Ce/PwZOYfiFuFJ8pmT2tb2
> ro7tw7zSr12RSTvs+qRl7lDzJzQ6BDXOdXZCkcU0Vj3TDm8fdrrXN/iw3iQYU/5Y
> 3K7hj2mGqQUMovCLw0CbrMWrMvor7FhO6MZsRwe0+VxDV/dDrX5f5vSEhnkR26be
> NrzOFU4hqGM3R4eLq8Bmw5rVD/VCrRzKoXXAvJb1EwM1+fQPjKi+bNMJu3reyfXU
> 5eMbbiM6tUMmPXy9M6vZrN+6ad53x3KUVP6+/hXxsrnfPp57WQzRZlvwTo/qdJ1C
> Oxl71m6o2zkXbLTFmg1xmK/A4V1BPTLD6nLDIsw+wTBBfdn22pfDv6Q8d3VRctrd
> 6x+PMkwysoMjhemmkXCY/7G9GD6AGsrYSqIShSULd9QO5WxAFzRO01ewiRUCUFHi
> Dn0LEjy8/R/CWK3jvj9uL3vQh9DLdOtqf/X7cEtjF3LThVP+stFTsmXObhTh/8Ai
> YYjpnwOFG5ZtDzRZfP3OCwyhqlsaMlNgN4xnyR4GPaoJRP3a0zllblIbTWzg6nhY
> jbON5Ec9N9txGhagYOoAvcQYqGyJdffkBzW82CRUsFYuYYmW2oLUQXPhAGDBIzzj
> g/7RjMlM1OEp3qctxMZQlrTj7VJmhD768PRLh2XvEDmEC5Qb8Tcq28Nq5t85/O/6
> i3+pzT5rMuiIZWLx7Msv
> =tAUY
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--047d7bb03e1e75050904ea3ae463
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">This was one of my concerns when implementing a scheme whe=
re you sign a refund transaction before the original transaction is broadca=
st. =A0I originally tried to pass a hash and have the server sign it. =A0Ho=
wever, I had no way to know that what I was signing wasn't a transactio=
n that was spending my coins! =A0So I changed the code to require sending t=
he full transaction, not just the hash. =A0The other way to mitigate this i=
s through not having any unspent outputs from this key.<div>
<br></div><div>For authentication, you could have both a user-generated and=
server-generated portion, so that you signed something that clearly had da=
ta from you, so even if the server-data was a hash of $EVIL_DOCUMENT, you h=
ave clear plausible deniability in that your data that is also signed is &q=
uot;ATTEMPTING LOGIN TO <a href=3D"http://XYZ.COM">XYZ.COM</a> Hash($EVIL_D=
OCUMENT)".</div>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Sat,=
Nov 2, 2013 at 4:51 PM, Mark Friedenbach <span dir=3D"ltr"><<a href=3D"=
mailto:mark@monetize.io" target=3D"_blank">mark@monetize.io</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">-----BEGIN PGP SIGNED MESS=
AGE-----<br>
Hash: SHA1<br>
<br>
</div>Or SIGHASH of a transaction spending those coins or updating the SIN.=
..<br>
<br>
On 11/2/13 2:14 PM, Johnathan Corgan wrote:> On 11/01/2013 10:01 PM,<br>
<div class=3D"im"><a href=3D"mailto:bitcoingrant@gmx.com">bitcoingrant@gmx.=
com</a> wrote:<br>
><br>
>> Server provides a token for the client to sign.<br>
><br>
> Anyone else concerned about signing an arbitrary string? =A0Could be<b=
r>
> a hash of $EVIL_DOCUMENT, no? =A0I'd want to XOR the string with m=
y<br>
> own randomly generated nonce, sign that, then pass the nonce and<br>
> the signature back to the server for verification.<br>
><br>
</div>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)<br>
Comment: GPGTools - <a href=3D"http://gpgtools.org" target=3D"_blank">http:=
//gpgtools.org</a><br>
<div class=3D"im">Comment: Using GnuPG with Thunderbird - <a href=3D"http:/=
/www.enigmail.net/" target=3D"_blank">http://www.enigmail.net/</a><br>
<br>
</div>iQIcBAEBAgAGBQJSdXPaAAoJEAdzVfsmodw4+m8P/1Ce/PwZOYfiFuFJ8pmT2tb2<br>
ro7tw7zSr12RSTvs+qRl7lDzJzQ6BDXOdXZCkcU0Vj3TDm8fdrrXN/iw3iQYU/5Y<br>
3K7hj2mGqQUMovCLw0CbrMWrMvor7FhO6MZsRwe0+VxDV/dDrX5f5vSEhnkR26be<br>
NrzOFU4hqGM3R4eLq8Bmw5rVD/VCrRzKoXXAvJb1EwM1+fQPjKi+bNMJu3reyfXU<br>
5eMbbiM6tUMmPXy9M6vZrN+6ad53x3KUVP6+/hXxsrnfPp57WQzRZlvwTo/qdJ1C<br>
Oxl71m6o2zkXbLTFmg1xmK/A4V1BPTLD6nLDIsw+wTBBfdn22pfDv6Q8d3VRctrd<br>
6x+PMkwysoMjhemmkXCY/7G9GD6AGsrYSqIShSULd9QO5WxAFzRO01ewiRUCUFHi<br>
Dn0LEjy8/R/CWK3jvj9uL3vQh9DLdOtqf/X7cEtjF3LThVP+stFTsmXObhTh/8Ai<br>
YYjpnwOFG5ZtDzRZfP3OCwyhqlsaMlNgN4xnyR4GPaoJRP3a0zllblIbTWzg6nhY<br>
jbON5Ec9N9txGhagYOoAvcQYqGyJdffkBzW82CRUsFYuYYmW2oLUQXPhAGDBIzzj<br>
g/7RjMlM1OEp3qctxMZQlrTj7VJmhD768PRLh2XvEDmEC5Qb8Tcq28Nq5t85/O/6<br>
i3+pzT5rMuiIZWLx7Msv<br>
=3DtAUY<br>
-----END PGP SIGNATURE-----<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
---------------------------------------------------------------------------=
---<br>
Android is increasing in popularity, but the open development platform that=
<br>
developers love is also attractive to malware creators. Download this white=
<br>
paper to learn more about secure code signing practices that can help keep<=
br>
Android apps secure.<br>
<a href=3D"http://pubads.g.doubleclick.net/gampad/clk?id=3D65839951&iu=
=3D/4140/ostg.clktrk" target=3D"_blank">http://pubads.g.doubleclick.net/gam=
pad/clk?id=3D65839951&iu=3D/4140/ostg.clktrk</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>
--047d7bb03e1e75050904ea3ae463--
|