New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security of identities #376
Comments
I forgot: You can even manipulate conversations with spoofed identities. |
Probably users should be discouraged from creating identities using passphrases and instead use the random generation. Maybe passphrases should be limited to chans. |
Another thing: even the randomly generated identities could potentially have a "collision", no? |
No. That is Almost Sure not to happen, just like with Bitcoin. |
This is not a bug, it is a feature. Being able to receive messages on multiple devices is a very useful ability for an email alternative to have. |
Yep. Feature. This is why they are called 'deterministic' keys. On a minor tangent, I think the real problem is that it's not immediately obvious how to import/export random keys, and that's not exposed as a feature. That would make it easier for people to stick to random addresses and only use deterministic addresses for things like chans. |
@hasufell, You misunderstand the purpose of deterministic addresses. You described this as a problem:
..when in fact that is the feature's purpose. It is up to you to use a strong passphrase. The UI even makes this clear:
|
I've changed my mind (I now oppose deterministic addresses) for one simple reason: I don't want to rely on the recipient's choice of passphrase. A majority of passwords used on websites are easily attacked (brute-force, dictionary, etc), and there's no real reason to believe that the UI's clear warning will prevent this from happening with Bitmessage. With Bitcoin, it's OK: if you send money to someone with a weak deterministic address, they lose the money. You still paid them; it's like a store got robbed after you walked out with your product. With Bitmessage, it's NOT OK: if you send a message to someone with a weak deterministic address, YOU are made vulnerable. If deterministic addresses are kept as a feature without any changes, every correspondence I make will have to start with a message asking "is this a deterministic address?" I see two solutions:
|
I agree that given the option to create deterministic addresses many users will just use dictionary words which are easy to brute force. A minimum entropy seems reasonable, although what that minimum value should be I don't know. |
Maybe deterministic addresses should only be used by channels? Or: would it be possible to inform me if a buddy uses a deterministic address? edit: maybe the latter is a bad idea |
I am not a security expert, so don't expect too much.
However I think bitmessage currently has zero protection against dictionary and Rainbow table attacks since the passphrase generated identities are always the same.
I could easily set up a spying server creating identities at random and based on dictionaries or commonly used passphrases and thus getting the content of mails that were not intended for me.
The sender would still be kind of anonymous, but the content-data from those mails might help me to get some real-world identities, especially if I run such a spying server at large scale.
The text was updated successfully, but these errors were encountered: