Bitcoin Improvement Proposes BIP and BIP39 - A mn how to generate a determinative key.
Users of Bitcoin wallet Electrum are facing a phishing attack, according to the Devi Security Lab. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
"Bitcoin Core is not a fully democratic organization, and while you can contribute your code and your suggestions on Github, "which codes can be merged into the Core client" and "who can have access to the merge code (PGP KEY)" is up to a five-member panel led by Wladimir J. vander Laan, Peter said in his article "BitcoinCore, the Crown of Power in the Bitcoin World." In particular, who can have Core's PGP KEY authority is a black box decision made within the current PGP KEY5 team, where the change of leadership can only be appointed by the current leader."
Although factors such as contribution, reputation, philosophy, etc. may be considered in decision-making, but to be honest, Bitcoin Core is not a democratic organization. Core’s top leadership team of 5 members, the party and government, has undisputedly controlled the administrative power of the Core client. "Which codes can be merged into the Core client" and personnel rights: "Who can have the authority to merge codes (PGP KEY)". Who can have the authority of Core’s PGP KEY is made by the current PGP KEY group of 5 people to make a black-box decision. Leader replacement can only be specified by the current leader. Note: These two powers are powers for the Core client, not for Bitcoin.
All merge submissions must be signed with a trusted PGP key, and Bitcoin Core has a continuously integrated system to check each submitted PGP key. Although we know who the keys are in, they are not absolutely secure because they can be stolen or cracked. Therefore, submitting a key to sign is not a perfect security scenario, they just make it more difficult for attackers to add code at will.
PGP effectively replaces the sealing device. The workflow is as follows. First, you must generate a pair of public key private keys. Next, you write an e-mail. Then, you hold the private key and write the email through PGP.
Wright wants to prove that he has another key: He should have the PGP key that MIT provides for the server. But Brito also points out that Mr. Tsung's PGP has never been publicly used, making it difficult to prove where it belongs, and that any keys can be stolen or shared with close friends.
December 9, 2019: Initial contact is made with the affected vendor and the PGP key is exchanged.
PGP key concerns.
It is unlikely that an attacker will break the PGP key of a Bitcoin Core maintainer.
In this demo, Electrum developer Chris Belcher shows how to set up and use an Electrum personal server.
Generate key KEY
From a confrontational point of view, GitHub cannot be trusted. Any GitHub employee can use administrative privileges to inject code into the code repository without the consent of a maintenance person. However, GitHub's attackers are almost impossible to compromise the PGP keys of Bitcoin's core maintainers (carbon chain value note: PGP key, an encryption system that combines public key encryption with traditional key encryption). )