Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Merits 4 from 1 user
Re: [ANN] Whirlwind.money | ⚡No Fee⚡ | Ultimate Privacy | Bitcoin Mixer
by
zartafuydo
on 29/04/2023, 13:18:54 UTC
⭐ Merited by LoyceV (4)
Quote from: whirlwindmoney on April 26, 2023, 04:41:56 AM
If you are accessing the website from the clearnet link, the frontend will generate an Elliptic Curve Cryptography (ECC) key pair, and will never send the private key anywhere. The backend server already has a permanent ECC key pair generated, and its public key is stored in the frontend. With the ECIES scheme, you can encrypt data using the public key and you can only decrypt it using the private key. When the client needs to send any kind of D.A.D to the backend, it appends the frontend generated public key to the said D.A.D, and then encrypts it using the backend's public key. Now, Cloudflare can read the ECC encrypted data, but they cannot read the plaintext data. When the encrypted D.A.D reaches the backend, it will be decrypted using the permanent private key. The backend then processes the request, and the response must also be encrypted since it contains potential D.A.D, so it encrypts the response using the client's public key that it received within the request. When the response gets to the client (frontend), it is decrypted using the private key generated locally. This is how full end-to-end encryption and privacy between the user and the backend server was achieved, even with Cloudflare decrypting TLS data.

It seems to me that you underestimate the ability of MITM attacks on your traffic. When cloudfare MITMs your traffic, they can do anything with it. I mean, really, really anything. Generally speaking, nothing prevents them from MITMing your "second layer of encryption as well as the first one" and sending a fake public key for your ECC to the user. They can also remove the ECC encryption entirely. Theoretically, after that they can even send a fake bitcoin address to the user and seize the BTC the user was going to mix (although in reality, I doubt they are ready to act so openly yet).

With your current design, the easiest technological solution for cloudfare is to access your on-premises server via tor after they receive a HTTPS request to their "ddos-protection" MITM server. Nobody will notice anything. The clearnet user will just see a bitcoin address and send BTC there, and you will see in your server logs that someone accessed your server "via TOR". Nobody will notice anything before the user suddenly gets arrested a few years later.