On Sat, Jun 2, 2018 at 4:27 PM, John Levine <johnl@iecc.com> wrote:
In article <b7b2bffa-47ae-3f50-fbf5-08a248c79680@agner.io> you write:
"Hijacking Bitcoin: Routing Attacks on Cryptocurrencies" -> https://btc-hijack.ethz.ch/ https://www.marcoagner.org/
Thanks, that was the sort of thing I was looking for, assumptions in the security model that may not be true, and bad things happen if they are indeed not true.
It is my impression that blockchains generally assume a flat mostly reliable connection among nodes. This paper says that 13 ISPs host 30% of the whole Bitcoin network, and 60% of connections cross three ISPs. I wonder who and where those three are.
Bitcoin Core BTC... and most all other cryptocurrencies... head in sand. If you're not encrypting end to end over the wire you're just opening yourself up to so many bad things. Only a few out of 1000+ among them had a clue to implement mandatory TLS with operational mode options including Accept All for the Stupid, fingerprint pinning, TOFU, etc, all with cert logging capabilities for change debugging, and handy management tools as needed. There's maybe five decent privacy coins that are using fully encrypted end to end transports natively, even if not yet offering a full matrix of possible usage modes therein. And a similar number known to be additionally supporting interop with anonymous overlay networks. And a growing number actually taking privacy tech inside the coin itself as a necessary fundamental property of the promise of cryptocurrency. Kudos to them. The first part of cryptocurrency... is "crypto". Don't launch without it. [bcc cpunks because cryptocurrency is banned at metz, lol]