BitShares Forum

Main => Technical Support => Topic started by: Sage on March 15, 2016, 10:40:57 am

Title: Signed BTS Wallet Download?
Post by: Sage on March 15, 2016, 10:40:57 am: I'm downloading the wallet from Bitshares.org. But want to be sure I'm not getting spoofed in the middle by confirming the signature. Currently I don't see any signatures for the download?

Am I missing something?
Title: Re: Signed BTS Wallet Download?
Post by: karnal on March 15, 2016, 10:43:41 am: I've said it before, the downloads should be GPG-signed, and the key used to sign the downloads mentioned here in the forum, on bitshares.org, and on the github download page.

It's peoples' money we're dealing with here.
Title: Re: Signed BTS Wallet Download?
Post by: xeroc on March 15, 2016, 11:30:05 am: paging @valentine @theoreticalbts
Title: Re: Signed BTS Wallet Download?
Post by: Sage on March 15, 2016, 01:51:55 pm: Anyway we can get this done ASAP? It shouldn't take long to sign a file & post the signature.

I have a good deal of funds to secure, and simply can't risk a spoofing attack.
Title: Re: Signed BTS Wallet Download?
Post by: karnal on March 15, 2016, 01:59:34 pm: Quote from: Sage on March 15, 2016, 01:51:55 pm
Anyway we can get this done ASAP? It shouldn't take long to sign a file & post the signature.

I have a good deal of funds to secure, and simply can't risk a spoofing attack.

In the mean time, downloading through tor, your normal connection and for extra paranoid points from a server you have access to online, and then comparing the checksums of all the downloads, should be good proof that you were not the victim of such an attack.

We gotta keep it in perspective, this type of attack is highly unlikely, but when it comes down to it, I dont' think highly unlikely is enough guarantee; the downloads really should be signed. I believe most of us out there installing software in servers wouldn't be satisfied if the packages we're installing are not cryptographically signed to guarantee they were not tampered with in transit, and for crypto wallet software where users will potentially store nontrivial amounts of money, it is just as important, if not even more, to guarantee that the download really is what the user expects it to be.
Title: Re: Signed BTS Wallet Download?
Post by: Tuck Fheman on March 16, 2016, 12:35:00 am: Quote from: Sage on March 15, 2016, 10:40:57 am
I'm downloading the wallet from Bitshares.org. But want to be sure I'm not getting spoofed in the middle by confirming the signature. Currently I don't see any signatures for the download?

Am I missing something?

one more try to see how to format this to work.

#sharebits "Sage" I agree 100 PERCENT