Bitmessage/PyBitmessage-2025-02-17
Archived
2
0
Fork 0
Code Issues 167 Pull Requests 54 Actions Packages Projects Releases 5 Wiki Activity

Proof of work setting allows address correlation #430

New Issue
Open
opened 2013-08-22 01:57:33 +02:00 by nimdahk · 1 comment
nimdahk commented 2013-08-22 01:57:33 +02:00 (Migrated from github.com)
Copy Link

Summary

Sending a message to a recipient with a nonstandard proof-of-work requirement allows the sender to determine whether or not the originating address is part of the receiver's address book. This poses a problem because it allows address correlation.

Reproduction steps

  • Alice has a proof-of-work setting of 2.
  • She maintains two addresses, A1 and A2, which she does not want correlated.
  • A1 communicates with Bob frequently, so Alice adds his address, B1, to her address book.
  • Bob can now confirm that A1 and A2 are the same person by sending each two messages, one from B1 and one from B2. B1 will be notified by both A1 and A2 that it only needs a proof-of-work difficulty of 1, while B2 will not.

Suggested remedy: Remove the custom proof of work functionality, at least from the client.
Source: https://bitmessage.org/forum/index.php/topic,2969.0.html

# Summary Sending a message to a recipient with a nonstandard proof-of-work requirement allows the sender to determine whether or not the originating address is part of the receiver's address book. This poses a problem because it allows address correlation. # Reproduction steps - Alice has a proof-of-work setting of 2. - She maintains two addresses, A1 and A2, which she does not want correlated. - A1 communicates with Bob frequently, so Alice adds his address, B1, to her address book. - **Bob can now confirm that A1 and A2 are the same person** by sending each two messages, one from B1 and one from B2. B1 will be notified by both A1 and A2 that it only needs a proof-of-work difficulty of 1, while B2 will not. --- **Suggested remedy**: Remove the custom proof of work functionality, at least from the client. **Source:** https://bitmessage.org/forum/index.php/topic,2969.0.html
Atheros1 commented 2013-08-22 05:41:05 +02:00 (Migrated from github.com)
Copy Link

This is a UI problem. Alice wants A1 to be friendly with Bob but A2 to not be friendly. We need to control that somehow.

This is a UI problem. Alice wants A1 to be friendly with Bob but A2 to not be friendly. We need to control that somehow.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working as it's supposed to
build
Related to building or build system
dependencies
Pull requests that update a dependency file
developers
The issue is relevant mainly for developers rather than users
documentation
duplicate
enhancement
New feature
formatting
Code or UI text formatting
invalid
legal
mobile
Frontend for mobile devices (kivy)
obsolete
packaging
performance
protocol
Protocol change
question
refactoring
regression
Some issue, fixed in the past, appears again
security
test
translation
usability
wontfix
No Label
bug
Milestone
No items
No Milestone v0.8.0
Projects
Clear projects
No project
Assignees
Clear assignees
PeterSurda
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2025-02-17#430
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?