Re: [Bitcoin-development] Tor and Bitcoin
Various ideas are possible: * Use the Tor SOCKS proxy in such a way that it creates a guaranteed independent circuit to a different exit node each time you connect. This gets you back to the slightly stronger clearnet heuristic of if I saw a bunch of peers announce my tx, then it's probably valid. I don't know if this is possible. * Have a set of hard-coded long term stable hidden peers, that are run by known community members who are not going to collaborate to defraud people. Of course if they're run by people who are well known that rather defeats the point of them being hidden, but you benefit from the fact that the .onion names double as authentication tokens. * Talk the Tor protocol directly and have the app explicitly pick its own diverse set of exit nodes, one per p2p connection. This is likely to be complicated. Last time I looked Tor doesn't provide any kind of library or API. I agree that it's a kind of theoretical attack right now, but then again, I'm not aware of any countries that block Bitcoin either. The thing with Thailand seems like it might be the result of some confusion over who exactly can make laws in that country. I'd be more concerned about Argentina, but we're a long way from ISPs searching for people to arrest by looking for port 8333. Supporting SOCKS (really: blocking sockets) would be a good thing anyway. Using blocking sockets also means we'd get SSL support, so if at some point Bitcoin nodes start supporting SSL we'd be able to use it more easily. -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor and Bitcoin
On Tue, Jul 30, 2013 at 8:41 AM, Mike Hearn m...@plan99.net wrote: * Talk the Tor protocol directly and have the app explicitly pick its own diverse set of exit nodes, one per p2p connection. This is likely to be complicated. Last time I looked Tor doesn't provide any kind of library or API. This has been discussed on IRC, and would be interesting to explore. For several applications, linking directly with a Tor library is far superior to the fragility of requiring a properly configured external process. Lacking such a Tor library right now, one must be written hint hint -- Jeff Garzik Senior Software Engineer and open source evangelist BitPay, Inc. https://bitpay.com/ -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor and Bitcoin
Apparently that won't help. That's just embeding the existing tor code and rerouting internal Cocoa internet communication via tors proxy. What guys need is bigger configurability in tor itself. I can understand that. It's doable tough. Gosh, why a day has only 24h? :) /b grabhive.com (http://grabhive.com) | twitter.com/grabhive (http://twitter.com/grabhive) | gpg: A1D5047E On Tuesday, 30 July 2013 at 19:02, Wendell wrote: I suppose it isn't quite what you're talking about but we did push this out today: Tor.framework, for Cocoa developers, similar to our BitcoinKit: https://github.com/grabhive/Tor.framework -wendell grabhive.com (http://grabhive.com) | twitter.com/grabhive (http://twitter.com/grabhive) | gpg: 6C0C9411 On Jul 30, 2013, at 4:01 PM, Jeff Garzik wrote: This has been discussed on IRC, and would be interesting to explore. For several applications, linking directly with a Tor library is far superior to the fragility of requiring a properly configured external process. Lacking such a Tor library right now, one must be written hint hint -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net (mailto:Bitcoin-development@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/bitcoin-development -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor and Bitcoin
Thank you Peter. Does this advice apply equally to both full and SPV nodes? At this point I'm merely curious, since we don't have the option to run bitcoinj over Tor right now anyway. -wendell grabhive.com | twitter.com/grabhive | gpg: 6C0C9411 On Jul 30, 2013, at 8:30 PM, Peter Todd wrote: tl;dr: Users should be using Tor to preserve their privacy and the MITM risks are minimal to anyone using Bitcoin correctly. (don't trust zero-conf transactions, they are not secure!) signature.asc Description: Message signed with OpenPGP using GPGMail -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Tor and Bitcoin
On Tue, Jul 30, 2013 at 09:36:50PM +0200, Wendell wrote: Thank you Peter. Does this advice apply equally to both full and SPV nodes? At this point I'm merely curious, since we don't have the option to run bitcoinj over Tor right now anyway. Yes, although remember that in general SPV nodes are significantly less safe because they depend soley on confirmations for security; it's often not appreciated that an attacker can target multiple SPV-using entities at once by creating a invalid block header with any number of completely fake payments linked to it; if you can attack n targets at once, the cost to perform the attack is n times less per target. Unrelated to Tor, but an interesting possibility to improve SPV security is to ask for the history of a given txout - that is the previous transactions that funded it. You could even do this with a zero-knowledge proof, sampling some subset of the prior transactions to detect fraud. Unfortunately none of the infrastructure is setup to do this, and txid's aren't constructed in ways that make these kinds of proofs cheap. (you really want a merkle tree over the txin and txout sets) Work thinking about for the future in any case - the above can be implemented as a soft-fork. -- 'peter'[:-1]@petertodd.org 0077bb3b12c68ada1e2965411a973b07fc721834154df07aa5c9 signature.asc Description: Digital signature -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development