Be carefully when you download Bitcoin Core from bitcoin.org

in #bitcoin8 years ago

It seems that some Man-In-The-Middle attacks are planned to regulate Bitcoins by replacing/manipulating wallet downloads from the original website bitcoin.org

Unfortunately bitcoin.org is not strong enough to avoid attacks like that.
When 0.13.0 is released please check the fingerprint of the HTTPS certificate of bitcoin.org.
It has to be 01EA5486DE18A882D4C2684590C8019E36C2E964. Also check the signing of the downloaded file. I will post the PGP key at the end of this post.
But the best way is to download sources from original git repository and build your own wallet. This is the most secure way!

Original Message: https://bitcoin.org/en/alert/2016-08-17-binary-safety
Bitcoin Core Sources: https://github.com/bitcoin/bitcoin
Fingerprint HTTPS Cert from Bitcoin.org: 01EA5486DE18A882D4C2684590C8019E36C2E964
PGP public key for download signing: https://bitcoin.org/laanwj-releases.asc

But please use this one, the download link for the public key could also be compromised.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFWKlBcBEACgZJd/6LrSgNSVxiyq5N9h0E7zgSHG/ahuWAnWeFtxaxHeukH+
Q2Zq6F8FLbq40PphyroRylMBpzPBcyxjee7mDj1DpJ9ayv6GGPTyQzOImhChEV8p
bA42dvXnB5ju0rPh2GxctbiZZD1kiPH4jlmDIgomvupAj9OFntA5jfkuSFBekZrw
QyZowz/paMBIe24YH2LyaZjC2DqLy8Znh78OfAZxZsWSdZxK5LsbkCE9l8Li3gQa
rxm4aEMBHhvns+s8Ufa47sdJAYAfVnAWb5Dfe4oVFh70PvB8GSGFS9qeib0eEQBD
71c9MN+REDTSOYO2VnUSFbu7IrKsPsClqwfT9KzI/uz5fpHSKdCp5AO7oDZiU36s
LsSOBbukTmFQfVrAniFEZxHLCBufXCsAwp07xtUH9ytbW0Y/eHYlZojoWJJPT//1
cQ/A2Ix/nxbSkSPq8wpCUhBxvTQoU9BXeQIbSy0yUmj5nS+3DR7IK2Q7ACyVClr7
LVQOGxgZhHr9Kq87RDqc1wlvbCxb+KTJQhJySpOVoiaME6jLBzgE7G+5N6IXTK5u
OriOsQwcLdeBu7TPgft79uBYnmYeaNVdovlBB//7H7UvY0kAxAg4NPgK6eYRdzn+
8ZtbntNXi/23RJvzeZJVBqQ7bYt4fjmHmRYrbM4jWKJEoJOE6wzpmELUowARAQAB
tFVXbGFkaW1pciBKLiB2YW4gZGVyIExhYW4gKEJpdGNvaW4gQ29yZSBiaW5hcnkg
cmVsZWFzZSBzaWduaW5nIGtleSkgPGxhYW53akBnbWFpbC5jb20+iQI+BBMBAgAo
BQJVipQXAhsDBQkDFwQABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCQyAGe
NsLpZOBRD/wLfujEC4ZYMFwPXnhvOGEWAPeuOg06iXhEqJ1biOvxhFfwwjPoXGMQ
i/pdfGck5xZVFcxObpdHBp0p9ardos1aRXAS8JTnTQXTX0qs0QNxnLTBz+5DrIc4
l7r5DAlr/FapUKNSbjobOrbv+F371b7XhLJ7oob5XXo+IS7kEY+Si5BXb0uVy8ms
SaKDooO2RfByrFI3LTHW3VESuuNnXgH6309yeGORgBazKtnxZPPlD2raTNXe9q7U
dF2Xv6Rr53iCGGN5xncL5A6nF3fou0tGvqLFBkrs4BqeNNwC6/jQLfpOfqiQ+XGR
q1KmT9E5E1qRXOb1Fc2koIUt/mSzRzxfxaEjI1UR0I4QtPsF2aP11sOJ1MJXyrEi
Kx1Nb0eUAYw0ZLTfm+uToUUTXzaB5gZqxmyY/eRFddCuGn+UwZnCiUImCWuk5yLq
ivyNbPfD1nwiZqNd879DkwFovNQfbOes4gfZyS28FXuYD/3mNN2WqGeJHZBGpglR
8EbiuJcgo7wPVC7aiIG0deSe6Flw04f2JE75zBKbzWccydtk16GzUBorbhJ4+Q7V
ikss1m4O/hDCU32t9V02+666l0ewM3H7AlTGxmWPWcaeADkywDHGb3frZU8Wh7to
e8I7ST0ap2vf11stL4Ejeyymcy2Xx1S7C57GuBSBCMJv962YIalk+4kBHAQQAQoA
BgUCVYqVFgAKCRB0gQsBI0bJpmthB/9tHtBEUuR9Ce1HBWin8AG18FDhw+019GvK
uMysu004imrPQRnH+I780W3htFBFhiZ+yhSllb4sJrW5awitIQxxe3V+xcDjyidh
32GjKDXvb4GHHuDC6uK2Hj0PB8XfqT1O1eCN3E/tn00al6qx/SvLnhW0BlqWwvVh
cJpQE5pa7E97Gw+arD1/XPy0WRX8SuEphdZ+sN1tP8yZZK8Bvi0rz+p0n5aop6Z6
6Fj2buJnVQK6xDfXwt6/F5s7lyx1QKC4wF0MiMA8jv2KkbFEuiuiteNynrsGV7UZ
0VNvCdXe1cDKPnC64HP7nPluFRMLZbWq4DESbfGCCrmzz7f7eAEn
=mufP
-----END PGP PUBLIC KEY BLOCK-----

#hack #security
8 years ago in #bitcoin by
$0.00
    3 votes
    Reply 0