Author: Daniel F 2013-08-05 15:54:02
Published on: 2013-08-05T15:54:02+00:00
In a message posted to the Bitcoin-development mailing list on August 5th, 2013, Wendell from Hive raised some questions about implementing an auto-updater for their wallet app. He noted that Bitcoin-QT lacks such an updater for security reasons and asked whether there was a safe way to implement one. Wendell proposed the idea of placing one server behind a Tor hidden service that would output a checksum of the update package. If the server is well-secured, it would be immune to tampering at the physical hosting level. However, some members of the mailing list pointed out that using only a checksum is not sufficient for package authentication. They recommended including digital signing in the implementation instead of just relying on a checksum. With a compromised host, both the binary and checksum can be changed undetectably, but if there's a signature made by a key that is not kept on the host, there's no way to fake a valid binary. The discussion ended with some members offering advice and recommendations on how to safely implement an auto-updater. The conversation also veered off-topic when someone shared information about getting SQL databases under version control.
Updated on: 2023-06-07T15:23:55.043385+00:00