Published on: 2017-03-08T21:31:01+00:00
In a message exchange between Tom and an unknown sender, the sender warns Tom about the security risks associated with open wifi base stations in public areas. The sender explains that setting up an open wifi base station with a hidden ssid can lead to tracking, as phones will automatically try to connect to it by revealing their ssid. This could be particularly problematic if there is a network of these base stations.The sender goes on to mention that this same issue could potentially affect Tom's BIP (Bitcoin Improvement Proposal) as well. In the BIP, a node wants to connect using the AUTHCHALLENGE, which includes the hash of the person they are trying to connect with. Tom argues that the hash includes encryption session information, making it impossible to distinguish identities. However, the sender disagrees, stating that the hash never changes and anyone listening can see the same hash being sent on every connection to that peer, regardless of where it's connected from.Despite their disagreement, Tom asks if the sender has read the BIP, suggesting that their discussion is related to a technical document or protocol. On March 8th, 2017, Jonas Schnelli wrote a message about BIP150 on the bitcoin-dev mailing list. He explained that BIP150 has an optional authentication feature designed to not reveal any node identity without first obtaining a crypto-proof from another peer who already knows the identity. This feature is meant to be fingerprint-free. Schnelli also mentioned that peers cannot be identified without having the identity-keys pre-shared by node operators.Tom Zander, however, pointed out a vulnerability in the BIP. He compared it to the issue of having an open wifi base station in a public street, explaining that the connection process of BIP involves sending the same hash every time one connects to a node. This makes it easy to fingerprint and track a peer's activity. Zander proposed using industry standards like Diffie-Hellman key exchange as a more secure alternative.Zander's concern was primarily focused on privacy and tracking. By using the analogy of an open wifi base station, he illustrated the potential weaknesses in BIP150's authentication process. This discussion shed light on the need for improvements in BIP150's design and suggested alternative solutions to address the identified vulnerabilities.
Updated on: 2023-08-01T19:45:15.460649+00:00