Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Lending
Re: CoinLenders :: Get bitcoin loans, and earn interest on your deposits!
by
shawshankinmate37927
on 01/07/2013, 06:30:55 UTC
Quote from: siliclone on July 01, 2013, 03:48:12 AM
Quote from: shawshankinmate37927 on June 30, 2013, 12:18:26 AM
Quote from: siliclone on June 29, 2013, 08:16:18 PM
Quote from: wolverine.ks on June 29, 2013, 08:04:40 PM
So newb question to break up all the drama a bit....

what is all this verification to prevent MITM stuff?

ive seen it, but what do I do with it?

thanks
It's there for your peace of mind. It's an optional step that you can use to verify the authenticity of the deposit address prior to sending funds. My guess as to the reasoning is that if a MITM attack was taking place, the attacker would not posses certain information found in the message and therefore the generated signature from the injected address would not match.

The attacker would not possess the private key associated with that deposit address.  Only someone with the private key that corresponds to that deposit address would be able to generate that signature with that message.

I'm assuming that an attacker that injects a deposit address would also possess the private key for that address.

If an attacker injects a fake deposit address, then yes, it only makes sense to that he possesses the private key to that fake address.  However, when you attempt to verify a message that was signed with the private key of the real deposit address, the signature will not match up with the fake deposit address, causing validation to fail.