-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If I have followed this topic correctly, a solution or defence against it would be to have more hidden service electrum services?
T On 28/02/2015 21:35, Minoru wrote: > sajolida, > > Yes, this attack is not targeted. I think that I have provided > enough information about the attack, so now we need to work towards > a solution. Currently, I do not think that there a simple solution > for all users. I wanted to write documentation so that users who > were concerned could execute some solutions. I proposed writing > the documentation for Tails because this attack is specific to > Tails. Electrum would not want it on their website because it > effects so few of their users and they do not host very much > documentation anyway. You still have not told me what you think of > the three sections of documentation that I proposed writing. I > wanted your approval before I started working on it to meet the > 1.3.1 release. > > > On Mon, 23 Feb 2015 23:31:06 +0000 Minoru <[email protected]> > wrote: > >> sajolida, >> >> I agree with your changes so far. The reason for the specific >> explanation is that Electrum over Tor is extremely vulnerable to >> attack. If you read the article >> http://arxiv.org/pdf/1410.6079v2.pdf it only takes 2500 USD and >> publicly available information to have complete control over >> which Bitcoin blocks and transactions users are aware of. Would >> you still be interested in the additional documentation that I >> proposed? I wanted to add three subsections to the Electrum >> documentation focused on Tor DoS on SPV: 1. Explain block >> confirmations (temporary fix for Electrum displaying money that >> you actually do not have) 2. Explain watching-only wallets >> (temporary fix for Electrum not displaying money that you >> actually do have) 3. Explain a possible long term solution to >> this problem by using trusted Electrum servers accessed by a Tor >> hidden service (I might remove this point because I'm not sure if >> it is currently possible execute this solution since not many >> .onion Electrum servers exist and it is difficult to trust >> centralized services) I understand that you want to keep the >> documentation short and easy to understand, but Electrum over Tor >> using SPV has a serious vulnerability that needs a little more >> documentation to help users avoid the negative effects of DoS. >> >> Cheers, Minoru > _______________________________________________ Tails-dev mailing > list [email protected] > https://mailman.boum.org/listinfo/tails-dev To unsubscribe from > this list, send an empty email to [email protected]. > - -- Activist, anarchist and a bit of a dreamer. Keybase: https://keybase.io/thomaswhite PGP Keys: https://www.thecthulhu.com/pgp-keys/ Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983 Key-ID: 0CCA4983 Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0 Key-ID: EF1009F0 Twitter: @CthulhuSec XMPP: thecthulhu at jabber.ccc.de XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJU8jpPAAoJEFwqjFoMykmDqvoP/R/vndptW6gOT7olARc4TLnH +K7n/8Hu/0EsoU7KpHXU58UO1o+a6tjQ2BUE2Hh+F4/hgbejOuiwCW+Wm50Gsb7i 9+7RYf/v+Z5/dIw275xgt0buWdR6eccSWE80tSz1l4v1RAiWaAR279gXtItD+s7L 5jhg8wAig3WRm/DKMsAisxiQo6LIMpVHizOFEbyXXl+p9qMJ04bOaWtPhJRRH6UQ EgLkx8UwJ1igRcrX7jZEULurEJ4sNbc/yhN/3jtL1kV9LwtaFS9C28Fqvftx4ska R0aTiHZVF2LkVUKQ+93sXHnJMPl6Fe7j/HWz8R0BmjIWP5jtL1I5HsvMqXDAuxdR MeW07ipn/+Bkox9tqXGwsIXYhNDvgrwNRZps6BnM7RRcSZXCE4cFyiqnOmFtwweZ iA+0/+dkpaDUDLtBegHTsNxWs8ou2NgS4K22j3Gh6Kq/mQj5tMEmB7pSWWC7vXwN R+RNt3IaNRJ9MFJs0Y7gZSNLdPr9IJYsAGxHmpsYyM73Cym+XgvGvPFOJSy62YDy jTjHlS48LcwtGKDdeJKvNYxamChevGFXB27zTF4o3epf3I5PsDs+k2CjJqbORA1H /fQ+/t+LyCxN9fO5IL2WRjWRU3W6wxTv0Gfc+UoRKTyRwKvHafaye6JR+stiD8FS rxDfib10NOsr2njVM2+F =LSM8 -----END PGP SIGNATURE----- _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
