Re: [Tails-dev] Electrum doc wrt. avoiding the negative effe…

Supprimer ce message

Répondre à ce message
Auteur: Thomas White
Date:  
À: The Tails public development discussion list
Sujet: Re: [Tails-dev] Electrum doc wrt. avoiding the negative effects of DoS [was: Re: Article: Bitcoin over Tor isn't a good idea]
If I have followed this topic correctly, a solution or defence against
it would be to have more hidden service electrum services?

T

On 28/02/2015 21:35, Minoru wrote:
> sajolida,
>
> Yes, this attack is not targeted. I think that I have provided
> enough information about the attack, so now we need to work towards
> a solution. Currently, I do not think that there a simple solution
> for all users. I wanted to write documentation so that users who
> were concerned could execute some solutions. I proposed writing
> the documentation for Tails because this attack is specific to
> Tails. Electrum would not want it on their website because it
> effects so few of their users and they do not host very much
> documentation anyway. You still have not told me what you think of
> the three sections of documentation that I proposed writing. I
> wanted your approval before I started working on it to meet the
> 1.3.1 release.
>
>
> On Mon, 23 Feb 2015 23:31:06 +0000 Minoru <minoru@???>
> wrote:
>
>> sajolida,
>>
>> I agree with your changes so far. The reason for the specific
>> explanation is that Electrum over Tor is extremely vulnerable to
>> attack. If you read the article
>> http://arxiv.org/pdf/1410.6079v2.pdf it only takes 2500 USD and
>> publicly available information to have complete control over
>> which Bitcoin blocks and transactions users are aware of. Would
>> you still be interested in the additional documentation that I
>> proposed? I wanted to add three subsections to the Electrum
>> documentation focused on Tor DoS on SPV: 1. Explain block
>> confirmations (temporary fix for Electrum displaying money that
>> you actually do not have) 2. Explain watching-only wallets
>> (temporary fix for Electrum not displaying money that you
>> actually do have) 3. Explain a possible long term solution to
>> this problem by using trusted Electrum servers accessed by a Tor
>> hidden service (I might remove this point because I'm not sure if
>> it is currently possible execute this solution since not many
>> .onion Electrum servers exist and it is difficult to trust
>> centralized services) I understand that you want to keep the
>> documentation short and easy to understand, but Electrum over Tor
>> using SPV has a serious vulnerability that needs a little more
>> documentation to help users avoid the negative effects of DoS.
>>
>> Cheers, Minoru
> _______________________________________________ Tails-dev mailing
> list Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev To unsubscribe from
> this list, send an empty email to Tails-dev-unsubscribe@???.
>


- --
Activist, anarchist and a bit of a dreamer.
Keybase: https://keybase.io/thomaswhite

PGP Keys: https://www.thecthulhu.com/pgp-keys/
Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Key-ID: 0CCA4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
Key-ID: EF1009F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966