Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 1 from 1 user
a better bot net use & software assurance (Re: defending ahead the p2p nature)
by
adam3us
on 21/04/2013, 12:11:56 UTC
⭐ Merited by paid2 (1)
Quote from: ChristianK on April 20, 2013, 09:02:00 PM
In an age where an attacker can rent a botnet of 1,000,000 PC, you don't want a function that can effectively run on a normal PC.

Well thats an interesting and valid pro-ASIC friendly argument.  People with ASICs will try to secure them and notice if their coins are stolen. 

But also there is an indirect human utility to having botnets being used for mining - it is a very benign payload compared to other things criminal hacking activities have historically used botnets for.  Maybe spam would even fall if hashcash CPU/GPU mining is a more profitable market than spamming.  It seems to me highly likely that it would be even.  Maybe hashcash beats spammers yet in an incredibly indirect and unexpected way Cheesy  Thats amusing.

Quote from: ChristianK
Quote from: adam3us
I dont think you even need a lot of money for that, the grey/black hat hacker just does it as his own project...  There ought to be some really serious scrutiny of every byte every check-in.  Maybe bitcoin should think about paying a bounty for the bugs out of some slush even.
Who's that bitcoin that you want to pay a bounty?

Well I would be alarmed if anyone tried to impose that by fiat, as its payment system political interference EU-troika style, but what I meant for example the bitcoin foundation (and/or any other trustworthy organization with a public interest - eg EFF?) might collect donations from bitcoin users to be divided up between the most dangerous 0-day problems in bitcoin code.  And maybe the bitcoin code changes should not even be shipped until it has survived a months and a few $million of the best code analysis minds on the planets best efforts.  In that way it is actually in the bitcoin holder and users mutual and selfish interest to donate to that because if such an attack happens they maybe the losers.

I mean think about it - bitcoin surreptitious hidden code check in attacks, or accidental code mistake attacks - they could be the perfect payout allowing a 0-dayer to retire on Satoshi like money.  Say bitcoin grows by another factor of 100x in transaction volume and market cap over the next few years.  This is a higher assurance code security scenario than society has ever seen, the security of the code and development and review model maybe its only technical security weakness.

Another defensive thought: bitcoin may like to take a leaf from mondex, p2p respendable electronic currency cash card.  They had a hot spare crypto protocol ready and predeployed switched on via peer2peer transfer of signed upgrade notice cards in case of cryptographic or implementation problem.  In a bitcoin world that might more be a spare implementation in another language or something.  (Its a common concept in mission critical systems eg spacecraft navigation computer, to have two or three different implementations in different languages, by different programmers, but from the same spec, voting on what is the correct reaction and course adjustment).

Adam