Author: Mike Hearn 2015-02-01 13:46:52
Published on: 2015-02-01T13:46:52+00:00
TREZOR does not support BIP70, but it is hoped that it will be added to their roadmap following the implementation of multi-sig support. Despite this, payment processors have already implemented the signing features of BIP70, making mobile wallets (Android, iOS) reasonably secure. Desktops require TREZOR and the Bitcoin Authenticator 2-factor wallet to support BIP70, which they may already do or have planned to do. BIP70 is considered safe against MitB attacks, although an attacker can buy from the same merchant with a user's money by sending them a different URL. This can be mitigated by the merchant setting a "memo" to the basket description and user information. The use of Bitcoin addresses in transactions has raised concerns about brute force attacks using vanitygen. It is suggested that generating an 8-digit number from the Bitcoin address and hashing it could potentially slow down brute force attacks to take longer than a reasonable period of time. Additionally, BIP70 (Payment Protocol) claims to protect against MitB attacks, with out-of-band transaction verification being a common way to protect against this. However, it is unclear whether there is a way to verify that the transaction signed by the wallet matches the request before it is sent to the blockchain, and how this could support out-of-band verification.
Updated on: 2023-06-09T16:10:06.495347+00:00