Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network criteria: Fingerprint specific client version based on SSL cipher suites #142

Open
kristovatlas opened this issue Dec 29, 2016 · 1 comment
Open

Network criteria: Fingerprint specific client version based on SSL cipher suites #142

kristovatlas opened this issue Dec 29, 2016 · 1 comment
Labels
criteria
Milestone
4th edition

Comments

@kristovatlas
Copy link
Member

via @crwatkins: The client could have cipher suite support hard coded, and change over the course of versions. A passive network observer could see which ciphers are supported and fingerprint to a particular client on this basis in conjunction with other data leaked such DNS lookup of the wallet provider's domain.

This would fall under here in the current working version of threat model:
Network observer
Derive the type of wallet used to create a transaction by passively observing idiosyncrasies in the interactive behaviour of the wallet
OBPPV3/CM29: Avoid using a non-Bitcoin network protocol that leaks information about the type of client in use
@kristovatlas kristovatlas added this to the 4th edition milestone Dec 29, 2016
@dcousens
Copy link

dcousens commented Jan 3, 2017

Wouldn't this just come under wallet idiosyncrasies? Or is the point to be more specific?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
criteria
Projects
None yet
Milestone
4th edition
Development

No branches or pull requests
2 participants
@dcousens @kristovatlas