Re: [ANN] CoinMessage: Secure Messaging with Bitcoin Addresses

Quote from: altoz on December 17, 2013, 05:58:17 PM

Quote from: phelix on December 17, 2013, 05:52:13 PM

Bitmessage keys are only used for encryption, not for signing. I tried talking atheros into it but to no avail Cheesy

Btw:Bitmessage does not have a blockchain.

IMHO the point is: Getting encryption right is difficult so don't complicate things any more than absolutely necessary.

Interesting, I didn't know they don't have a blockchain. Isn't there some large block of data that stores the encrypted messages there in some way, though?

Unfortunately I did not yet find the time to dive into Bitmessage but from the little I know clients store the messages for some days, I guess in a normal database.

Quote

I guess what I'm asking is, my project seems about as secure as bitmessage, just from what we're both doing with the secp256k1 curve. So if coinmessage is not considered secure, can bitmessage? If not, what am I missing?

The problem is that you use the same private key for both signing and encryption. Bitmessage does not do this.

By using the same key for both signing and encryption and you being able to influence the input / read output there are certainly additional attack vectors. For example you could create an unsigned transaction and try tricking the other party into signing it like a normal message.