Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent address exhaustion attack #119

Closed
bartekn opened this issue Oct 20, 2017 · 1 comment
Closed

Prevent address exhaustion attack #119

bartekn opened this issue Oct 20, 2017 · 1 comment
Assignees
@howardtw

Comments

@bartekn
Copy link
Contributor

bartekn commented Oct 20, 2017
edited

This is theoretical attack but should be discussed and at least mentioned in a README file.

BIP-32 allows generating up to 2,147,483,648 - 1 addresses using a single public master key. In theory, someone could send lots of requests and generates lots of unused addresses.

RPS Exhausted in
100 248 days
1000 24 days
10000 59 hours

Possible solutions:

  • Use m / purpose' / coin_type' derivation path and generate a new account when address_index level becomes exhausted.
  • Rate limiting (implemented in bifrost?)
  • Captcha (implemented in bifrost?)
@bartekn bartekn mentioned this issue Oct 20, 2017
Merged
37 tasks
@howardtw howardtw self-assigned this Mar 20, 2019
@howardtw
Copy link
Contributor

Closing because it's bifrost related

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@howardtw howardtw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bartekn @howardtw