1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <marek@palatinus.cz>) id 1YEgTA-000664-Qb
for bitcoin-development@lists.sourceforge.net;
Fri, 23 Jan 2015 15:48:24 +0000
X-ACL-Warn:
Received: from mail-ie0-f173.google.com ([209.85.223.173])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YEgT9-0004wb-4D
for bitcoin-development@lists.sourceforge.net;
Fri, 23 Jan 2015 15:48:24 +0000
Received: by mail-ie0-f173.google.com with SMTP id tr6so7766406ieb.4
for <bitcoin-development@lists.sourceforge.net>;
Fri, 23 Jan 2015 07:48:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc:content-type;
bh=84ca8hDB6SNcEMd8XaF/vXIFWc/6giODC3iDZ7NVB+s=;
b=D2Cn2MkV4+cDzWdLQMCgOqGOpEvE9KwBdp68BfjN9QTw2TU9PhNZgHfYJkzPbp0zme
r9PxKVg4PNt9oYlZy/BVK1h6trzWDLCecuWvYCBGAT3RY1RaaPYSmlAquhePYBhKvdUh
jbU4LEOAZKY4ThI5ivXFSubt5DtZkGDV1QeHHuf51lRNYIeWjv2o/VCt5xc4wtuPMJHS
jQ3pJGD+tSKjKr516O9Fs0IYbrEPEJT1a4AcguZ+u7vWdT7Pd6I9Gg1D4ZdilMPKxfiM
KjGAtorQFiTR8bnpKPWINtqU4Xe8DbufgOxSh3KKGaeJhwtp9WKonJAxa+F5yBwQAJf4
bF6w==
X-Gm-Message-State: ALoCoQkxeAaNe3opJ49rco20rRVVVcN6kOhcDJbGRTL6ROLpUe3Onzld341L08uR5WxeIroKB9hO
X-Received: by 10.50.82.68 with SMTP id g4mr2569999igy.26.1422028091412; Fri,
23 Jan 2015 07:48:11 -0800 (PST)
MIME-Version: 1.0
Sender: marek@palatinus.cz
Received: by 10.64.31.138 with HTTP; Fri, 23 Jan 2015 07:47:41 -0800 (PST)
In-Reply-To: <54C26BFE.1080103@gmail.com>
References: <CAJna-HjwMRff_+7BvcR2YME9f2yUQPvfKOGZ1qq9d0nOGqORkg@mail.gmail.com>
<78662993-6C67-4480-8062-55CC9FA63908@bitsofproof.com>
<54C26BFE.1080103@gmail.com>
From: slush <slush@centrum.cz>
Date: Fri, 23 Jan 2015 16:47:41 +0100
X-Google-Sender-Auth: bi1ZC76a1JwttLLmNe1z87rVbn0
Message-ID: <CAJna-HiXxt5E=FBiDuWMCKrK4C0dcvhHEjTAoK3LGQLafJOqtQ@mail.gmail.com>
To: Alan Reiner <etotheipi@gmail.com>
Content-Type: multipart/alternative; boundary=047d7bf18db0400f4a050d53b717
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(slush[at]centrum.cz)
1.0 HTML_MESSAGE BODY: HTML included in message
1.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1YEgT9-0004wb-4D
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] SIGHASH_WITHINPUTVALUE
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 23 Jan 2015 15:48:24 -0000
--047d7bf18db0400f4a050d53b717
Content-Type: text/plain; charset=ISO-8859-1
Correct, plus the most likely scenario in such attack is that the malware
even don't push such tx with excessive fees to the network, but send it
directly to attacker's pool/miner.
M.
On Fri, Jan 23, 2015 at 4:42 PM, Alan Reiner <etotheipi@gmail.com> wrote:
> Unfortunately, one major attack vector is someone isolating your node,
> getting you to sign away your whole wallet to fee, and then selling it to a
> mining pool to mine it before you can figure why your transactions aren't
> making it to the network. In such an attack, the relay rules aren't
> relevant, and if the attacker can DoS you for 24 hours, it doesn't take a
> ton of mining power to make the attack extremely likely to succeed.
>
>
>
>
> On 01/23/2015 10:31 AM, Tamas Blummer wrote:
>
> Not a fix, but would reduce the financial risk, if nodes were not relaying
> excessive fee transactions.
>
> Tamas Blummer
>
>
>
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--047d7bf18db0400f4a050d53b717
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Correct, plus the most likely scenario in such attack is t=
hat the malware even don't push such tx with excessive fees to the netw=
ork, but send it directly to attacker's pool/miner.<div><br></div><div>=
M.</div></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On =
Fri, Jan 23, 2015 at 4:42 PM, Alan Reiner <span dir=3D"ltr"><<a href=3D"=
mailto:etotheipi@gmail.com" target=3D"_blank">etotheipi@gmail.com</a>></=
span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8e=
x;border-left:1px #ccc solid;padding-left:1ex">
=20
=20
=20
<div bgcolor=3D"#FFFFFF" text=3D"#000000">
Unfortunately, one major attack vector is someone isolating your
node, getting you to sign away your whole wallet to fee, and then
selling it to a mining pool to mine it before you can figure why
your transactions aren't making it to the network.=A0 In such an
attack, the relay rules aren't relevant, and if the attacker can Do=
S
you for 24 hours, it doesn't take a ton of mining power to make the
attack extremely likely to succeed.<span class=3D""><br>
<br>
<br>
<br>
<br>
<div>On 01/23/2015 10:31 AM, Tamas Blummer
wrote:<br>
</div>
<blockquote type=3D"cite">
=20
<div>Not a fix, but would reduce the financial risk, if nodes were
not relaying excessive fee transactions.</div>
<div><br>
</div>
<div>
<div style=3D"color:rgb(0,0,0);font-family:Helvetica;font-size:12px=
;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:no=
rmal;line-height:normal;text-align:start;text-indent:0px;text-transform:non=
e;white-space:normal;word-spacing:0px">Tamas
Blummer</div>
<div style=3D"color:rgb(0,0,0);font-family:Helvetica;font-size:12px=
;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:no=
rmal;line-height:normal;text-align:start;text-indent:0px;text-transform:non=
e;white-space:normal;word-spacing:0px"><br>
</div>
</div>
<br>
</blockquote>
<br>
</span></div>
<br>-----------------------------------------------------------------------=
-------<br>
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.<br>
GigeNET is offering a free month of service with a new server in Ashburn.<b=
r>
Choose from 2 high performing configs, both with 100TB of bandwidth.<br>
Higher redundancy.Lower latency.Increased capacity.Completely compliant.<br=
>
<a href=3D"http://p.sf.net/sfu/gigenet" target=3D"_blank">http://p.sf.net/s=
fu/gigenet</a><br>_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
<br></blockquote></div><br></div>
--047d7bf18db0400f4a050d53b717--
|