Author: Mike Hearn 2014-03-20 18:31:27
Published on: 2014-03-20T18:31:27+00:00
The discussion revolves around the security of Bluetooth in Bitcoin transactions. Java can theoretically be used to wrap a Bluetooth socket in SSL for encryption, but it has not been tested yet. The concern is that Bluetooth requires encryption, MACs, and signing to be secure due to radio MITM attacks. While PKI signing in BIP70 overlaps with this, it does not provide confidentiality and authenticity for local face-to-face transactions that may require unsigned payment requests. Alex Kotenko asks if there is another way to protect from Bluetooth MITM attacks, suggesting the use of signed payment requests. Mike Hearn suggests finishing and standardizing the Bluetooth support (r=bt:mac), adding an encryption/auth layer on top for proof of owning the Bitcoin key, and writing a BIP for interoperability. Two options are SSL with ignored server certificates and signing of the session public key with the Bitcoin key or a custom lightweight protocol using basic ECDH. It is suggested that finding a volunteer in the forums who enjoys cryptography could help grow the community.
Updated on: 2023-06-08T01:04:49.713123+00:00