Author: Brian Erdelyi 2015-02-01 12:49:05
Published on: 2015-02-01T12:49:05+00:00
The context discusses the challenges faced by online banking and Bitcoin transactions, specifically related to security concerns. In online banking, account numbers are generated by banks, making it difficult for attackers to generate their own account number and transfer funds. However, with Bitcoin, the Bitcoin address is similar to a recipient's bank account number, and attackers can brute force the Bitcoin address with vanitygen. The author suggests generating an 8-digit number that could be used to verify transactions in such a way that brute forcing a Bitcoin address would take longer than a reasonable period of time. The author also looks into BIP70 (Payment Protocol) as a potential solution to protect against man-in-the-middle/man-in-the-browser (MitB) based attacks. Out-of-band transaction verification is a common way to protect against MitB attacks, and BIP70 verifies payment requests. However, the author questions whether there is a way to verify that the transaction signed by the wallet matches the request before it is sent to the blockchain, and how this supports out-of-band verification. It is suggested that this may only be supported when sending money with web-based wallets.
Updated on: 2023-06-09T16:12:01.710546+00:00