Author: Brian Erdelyi 2015-01-31 22:15:53
Published on: 2015-01-31T22:15:53+00:00
The number of malware incidents targeting bitcoin users is on the rise, with one particularly troubling form occurring when the bitcoin address to which a transaction is intended to be sent is modified before the transaction is signed and recorded in the blockchain. This allows the malware to evade two-factor authentication. Out-of-band transaction verification/signing is used by banks to counter this type of attack, but bitcoin currently lacks such a system. While many bitcoin wallets and services use OATH-based password systems, the question remains whether OCRA could be adopted for verifying transactions. One possible issue with OCRA is that it involves the use of decimal representations of bitcoin addresses, an approach that could increase the likelihood of collisions or even allow rogue bitcoin addresses to be generated that produce the same eight digits as legitimate ones.
Updated on: 2023-06-09T16:11:13.117423+00:00