Re: [Tails-dev] Electrum doc wrt. avoiding the negative effe…

Delete this message

Reply to this message
Author: Minoru
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Electrum doc wrt. avoiding the negative effects of DoS [was: Re: Article: Bitcoin over Tor isn't a good idea]
sajolida,

Yes, this attack is not targeted. I think that I have provided enough
information about the attack, so now we need to work towards a
solution. Currently, I do not think that there a simple solution for
all users. I wanted to write documentation so that users who were
concerned could execute some solutions. I proposed writing the
documentation for Tails because this attack is specific to Tails.
Electrum would not want it on their website because it effects so few
of their users and they do not host very much documentation anyway. You
still have not told me what you think of the three sections of
documentation that I proposed writing. I wanted your approval before I
started working on it to meet the 1.3.1 release.


On Mon, 23 Feb 2015 23:31:06 +0000
Minoru <minoru@???> wrote:

> sajolida,
>
> I agree with your changes so far. The reason for the specific
> explanation is that Electrum over Tor is extremely vulnerable to
> attack. If you read the article http://arxiv.org/pdf/1410.6079v2.pdf
> it only takes 2500 USD and publicly available information to have
> complete control over which Bitcoin blocks and transactions users are
> aware of. Would you still be interested in the additional
> documentation that I proposed? I wanted to add three subsections to
> the Electrum documentation focused on Tor DoS on SPV:
> 1. Explain block confirmations (temporary fix for Electrum displaying
> money that you actually do not have)
> 2. Explain watching-only wallets (temporary fix for Electrum not
> displaying money that you actually do have)
> 3. Explain a possible long term solution to this problem by using
> trusted Electrum servers accessed by a Tor hidden service (I might
> remove this point because I'm not sure if it is currently possible
> execute this solution since not many .onion Electrum servers exist and
> it is difficult to trust centralized services)
> I understand that you want to keep the documentation short and easy to
> understand, but Electrum over Tor using SPV has a serious
> vulnerability that needs a little more documentation to help users
> avoid the negative effects of DoS.
>
> Cheers,
> Minoru