📅 Original date posted:2014-01-03
📝 Original message:On 3 January 2014 05:45, Troy Benjegerdes <hozer at hozed.org> wrote:
> On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:
> > On Tue, Dec 31, 2013 at 5:39 AM, Drak <drak at zikula.org> wrote:
> > > The NSA has the ability, right now to change every download of
> bitcoin-qt,
> > > on the fly and the only cure is encryption.
>
> No, the only cure is the check the hashes. We should know something
> about hashes here. TLS is a big pile of 'too big to audit'. Spend
> a couple of satoshis and put the hash of the source tar.gz and the
> binaries in the blockchain. Problem solved.
Which is why, as pointed out several times at 30c3 by several renowned
figures, why cryptography has remained squarely outside of mainstream use.
It needs to just work and until you can trust the connection and what the
end point sends you, automatically, it's a big fail and the attack vectors
are many.
<sarcasm>I can just see my mother or grandma manually checking the hash of
a download... </sarcasm>
Drak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140103/37cd808c/attachment.html>;
Drak [ARCHIVE] /
npub12r…3aqxc
2023-06-07 17:11:21
in reply to nevent1q…5xvd
Author Public Key
npub12rkw0jajmsck4uwdtksdvtswrlkypusfryjzera7m4fhqta6jhdsz3aqxcPublished at
2023-06-07 17:11:21Event JSON
{
"id": "b6f55d1f572376e244e14495d4d189a71710fdfcf8ee1704a503e1e85a2e3002",
"pubkey": "50ece7cbb2dc316af1cd5da0d62e0e1fec40f20919242c8fbedd53702fba95db",
"created_at": 1686150681,
"kind": 1,
"tags": [
[
"e",
"2011b767c16285ff848807a81713a335415663efaabe15ae3e3ea269f035984b",
"",
"root"
],
[
"e",
"7970d9b2bed57d88790b4aee41e00d135acd46cc6f5474af1085fb7431bdd1ae",
"",
"reply"
],
[
"p",
"de834b230daa8e6d04c44e51929c52dfdc36dc2f4105a0b67060d9dfc30d6ccc"
]
],
"content": "📅 Original date posted:2014-01-03\n📝 Original message:On 3 January 2014 05:45, Troy Benjegerdes \u003chozer at hozed.org\u003e wrote:\n\n\u003e On Tue, Dec 31, 2013 at 05:48:06AM -0800, Gregory Maxwell wrote:\n\u003e \u003e On Tue, Dec 31, 2013 at 5:39 AM, Drak \u003cdrak at zikula.org\u003e wrote:\n\u003e \u003e \u003e The NSA has the ability, right now to change every download of\n\u003e bitcoin-qt,\n\u003e \u003e \u003e on the fly and the only cure is encryption.\n\u003e\n\u003e No, the only cure is the check the hashes. We should know something\n\u003e about hashes here. TLS is a big pile of 'too big to audit'. Spend\n\u003e a couple of satoshis and put the hash of the source tar.gz and the\n\u003e binaries in the blockchain. Problem solved.\n\n\nWhich is why, as pointed out several times at 30c3 by several renowned\nfigures, why cryptography has remained squarely outside of mainstream use.\nIt needs to just work and until you can trust the connection and what the\nend point sends you, automatically, it's a big fail and the attack vectors\nare many.\n\n\u003csarcasm\u003eI can just see my mother or grandma manually checking the hash of\na download... \u003c/sarcasm\u003e\n\nDrak\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140103/37cd808c/attachment.html\u003e",
"sig": "3ecbbbb9a7053e94c7defb109f0b1634e57fd24960f7a3f164d9623ea6ca2ac8dcfa200823baddfea18a47be456c20e15aafa3c193f4a18237e8fa5373c56ef3"
}