1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gavinandresen@gmail.com>) id 1WSRk1-0006Kz-3b
for bitcoin-development@lists.sourceforge.net;
Tue, 25 Mar 2014 13:50:09 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.213.41 as permitted sender)
client-ip=209.85.213.41; envelope-from=gavinandresen@gmail.com;
helo=mail-yh0-f41.google.com;
Received: from mail-yh0-f41.google.com ([209.85.213.41])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WSRk0-0002fl-Bw
for bitcoin-development@lists.sourceforge.net;
Tue, 25 Mar 2014 13:50:09 +0000
Received: by mail-yh0-f41.google.com with SMTP id v1so451835yhn.14
for <bitcoin-development@lists.sourceforge.net>;
Tue, 25 Mar 2014 06:50:02 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.236.119.99 with SMTP id m63mr35127412yhh.65.1395755402763;
Tue, 25 Mar 2014 06:50:02 -0700 (PDT)
Received: by 10.170.133.195 with HTTP; Tue, 25 Mar 2014 06:50:02 -0700 (PDT)
In-Reply-To: <20140325133925.GW3180@nl.grid.coop>
References: <CANEZrP25N7W_MeZin_pyVQP5pC8bt5yqJzTXt_tN1P6kWb5i2w@mail.gmail.com>
<0720C223-E9DD-4E76-AD6F-0308CA5B5289@gmail.com>
<CAAS2fgTGDzPFDP=ii08VXcXYpWr2akYWxqJCNHW-ABuN=ESc8A@mail.gmail.com>
<7E50E1D6-3A9F-419B-B01E-50C6DE044E0F@gmail.com>
<CAAS2fgScLKgq8_V0oVpvP1gYAKxiyVNGVWA86XfecSmPqsMKUg@mail.gmail.com>
<CANEZrP1+=JY0RGEMvm9iL09L-tZAWqsSOOwFaroYUKkWumx+xg@mail.gmail.com>
<CAAt2M19R_97aXs9rwo8UY5PE7DwHZDT12esPhz76M1EOdGrrdQ@mail.gmail.com>
<20140325133925.GW3180@nl.grid.coop>
Date: Tue, 25 Mar 2014 09:50:02 -0400
Message-ID: <CABsx9T0TEPLEUAf3q2jLJL5+2S9K8DuFRXkUz3cFTrTO4=MfWQ@mail.gmail.com>
From: Gavin Andresen <gavinandresen@gmail.com>
To: Troy Benjegerdes <hozer@hozed.org>
Content-Type: multipart/alternative; boundary=20cf3011e287f9a49004f56ea053
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gavinandresen[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WSRk0-0002fl-Bw
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] New side channel attack that can recover
Bitcoin keys
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 25 Mar 2014 13:50:09 -0000
--20cf3011e287f9a49004f56ea053
Content-Type: text/plain; charset=ISO-8859-1
Y'all are getting deep into tinfoil-wearing-hat-conspiracy-theory territory.
If you are worried about the NSA compromising your hardware or software,
then use multisig transactions and
sign on diverse hardware/software stacks. Generate the multiple private
keys on different hardware/software
stacks, too.
Or, in other words, eliminate the single point of failure and you will
mitigate whole families of possible attacks,
from "NSA compromised the hardware random number generator in my CPU" to
"NSA is listening to EMF
radiation coming from my dedicated server in my data center" to the much
more likely "data center employee
is tricked into letting somebody have access to my dedicated server."
--
--
Gavin Andresen
--20cf3011e287f9a49004f56ea053
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra">Y'all are getting deep into=
tinfoil-wearing-hat-conspiracy-theory territory.</div><div class=3D"gmail_=
extra"><br></div><div class=3D"gmail_extra">If you are worried about the NS=
A compromising your hardware or software, then use multisig transactions an=
d</div>
<div class=3D"gmail_extra">sign on diverse hardware/software stacks. Genera=
te the multiple private keys on different hardware/software</div><div class=
=3D"gmail_extra">stacks, too.</div><div class=3D"gmail_extra"><br></div><di=
v class=3D"gmail_extra">
Or, in other words, eliminate the single point of failure and you will miti=
gate whole families of possible attacks,</div><div class=3D"gmail_extra">fr=
om "NSA compromised the hardware random number generator in my CPU&quo=
t; to "NSA is listening to EMF</div>
<div class=3D"gmail_extra">radiation coming from my dedicated server in my =
data center" to the much more likely "data center employee</div><=
div class=3D"gmail_extra">is tricked into letting somebody have access to m=
y dedicated server."<br clear=3D"all">
<div><br></div>-- <br>--<br>Gavin Andresen<br>
</div></div>
--20cf3011e287f9a49004f56ea053--
|