I find it strange that only casascius is voicing these concerns over your service. I'd like to state some thoughts that came to mind reading this thread.
Really? Really?
This is such a common and trivial thing to do, any developer who has worked with bitcoin for 3 days will code it as an afterthought to his base58 decode function. It is literally the difference between
Your whole attitude to something that is this trivial to implement, but has such important consequences for your users, is astounding. I can understand why casascius reached the conclusion that you either don't know much about bitcoin. This doesn't need to be added to a to-do list. This doesn't need to be prioritized above or below something else. This is an integral part of the core address handling system. Not having this in the first place decreases my confidence in you as developers greatly. (Take this how you want it. This is not an insult per se, but just an example of how people might look at your service when they first encounter it.)
In any case, I'm glad we've been able to convince you of the importance of the checksum. Eventually.
That was the main thing that bugged me.
Anything else? Let's see
i.e.; Security through obscurity is no security.
About the powers of two/random fractions:
Ideally, when you use your anonymizer, there would be no trace in the blockchain of ever actually using an anonymizer. Considering that, it's probably better not to use powers of two, so in that case I agree with you. (And yes, withdrawing a different amount than depositing does fix the problem of adding up fractions up to a total, as far as I can tell)
For not having a trace on the blockchain, however, this needs to be fixed:
In summary: I think your service does some things right (e.g. the having no public IP, only connecting through tor), while other things seem a bit strange. The core though remains, that you've shattered all my trust in your skills at the very beginning, when you didn't implement a core safety mechanism, which is trivial to implement but paramount to prevent mistakes. This mistake, along with your attitude about it the ~5 posts after that, leads me to question a lot of other things about your service, which I might normally assume to be secure/obvious. I can see that casascius's reasoning is similar. (casascius: correct me if I'm wrong)
The last 4 or 5 bytes of every bitcoin address is a checksum, you should be able to check that an address is valid the same way that the client does. Anything less would mean you're lazy. 
Fair enough, this goes into the TODO-pile.This is such a common and trivial thing to do, any developer who has worked with bitcoin for 3 days will code it as an afterthought to his base58 decode function. It is literally the difference between
Code:
def DecodeAddress(address):
hex = b58ToHex(address)
address = hex[0:-4]
return address
andhex = b58ToHex(address)
address = hex[0:-4]
return address
Code:
def DecodeAddress(address):
hex = b58ToHex(address)
address = hex[0:-4]
checksum = hex[-4:0]
if hash(address)[0:4] != checksum:
error "This is not a valid address"
return address
hex = b58ToHex(address)
address = hex[0:-4]
checksum = hex[-4:0]
if hash(address)[0:4] != checksum:
error "This is not a valid address"
return address
Your whole attitude to something that is this trivial to implement, but has such important consequences for your users, is astounding. I can understand why casascius reached the conclusion that you either don't know much about bitcoin. This doesn't need to be added to a to-do list. This doesn't need to be prioritized above or below something else. This is an integral part of the core address handling system. Not having this in the first place decreases my confidence in you as developers greatly. (Take this how you want it. This is not an insult per se, but just an example of how people might look at your service when they first encounter it.)
In any case, I'm glad we've been able to convince you of the importance of the checksum. Eventually.
That was the main thing that bugged me.
Anything else? Let's see
as of now, all payouts are mostly done from the same address
That seems strange, for an anonymizing service, but you plan on fixing that, so it should be okay.the only checks on addresses we did were for the proper number of characters and proper set of characters
Uhm, I'm afraid to ask this
You took into account that addresses can also have less than 34 characters, right? As in, anywhere from 25 to 35?There is no hard logic to what you are proposing. If you or anyone else has any hard math on this, please provide it. We couldn't find any. And your answer only suggests that it "feels" secure to you, and you don't have any actual models of this.
I haven't seen you post any hard math, or hard logic. For example, you "feel" 28 addresses is more secure than 3. Maybe this is the case. Maybe it's bullshit. Did you do any calculations?The bitcoind service is run on a different machine than the front-end. They communicate by the means of a database. The database engine is not run on the same machine as the front-end either.
The front-end does not have access to the private keys.
I might be able to answer more specific questions, but I will not reveal much more about our exact configuration, because while it might be reassuring to you, it could also aid a hypothetical attacker. And any attacker in the world would just love the owner of a server to describe how it is built and setup
This is not a valid argument. If your system is secure, then full knowledge of how it operates does not help. If your system is insecure, but you don't tell people how it works, then we can't point out flaws. Eventually an attacker would then break it, through random or intelligent poking.The front-end does not have access to the private keys.
I might be able to answer more specific questions, but I will not reveal much more about our exact configuration, because while it might be reassuring to you, it could also aid a hypothetical attacker. And any attacker in the world would just love the owner of a server to describe how it is built and setup
i.e.; Security through obscurity is no security.
You don't seem to have a grasp on what other services in the same category do either (they do much less than we do).
This is also not an argument.About the powers of two/random fractions:
Ideally, when you use your anonymizer, there would be no trace in the blockchain of ever actually using an anonymizer. Considering that, it's probably better not to use powers of two, so in that case I agree with you. (And yes, withdrawing a different amount than depositing does fix the problem of adding up fractions up to a total, as far as I can tell)
For not having a trace on the blockchain, however, this needs to be fixed:
as of now, all payouts are mostly done from the same address
In summary: I think your service does some things right (e.g. the having no public IP, only connecting through tor), while other things seem a bit strange. The core though remains, that you've shattered all my trust in your skills at the very beginning, when you didn't implement a core safety mechanism, which is trivial to implement but paramount to prevent mistakes. This mistake, along with your attitude about it the ~5 posts after that, leads me to question a lot of other things about your service, which I might normally assume to be secure/obvious. I can see that casascius's reasoning is similar. (casascius: correct me if I'm wrong)