The new upgrade to Bitcoin-Qt released this week brings several improvements in the security field, mainly fixing some important bugs. The version 0.8.4 is being recommended to all users, who should update their system in order to fix some vulnerabilities: the core of this new version is composed of three security upgrades to avoid the application to crash or the corruption of the databases.
The first major security improvement provided by this new version is the update of several security vulnerabilities discovered in the 0.8.0 Bloom Filter implementation, a compact data structure that allowed for more flexibility with respect to how much of the blockchain must be downloaded. Bloom Filters also allowed the implementation of simplified payment verification (SPV) clients. Some of the vulnerabilities discovered in the 0.8.0 implementation allowed an hacker to perform a denial-of-service attack.
Other upgrade refers to password security, relative to previous versions of the Bitcoin-Qt RPC (remote procedure call). In this case, the password was verified by comparing the entered password to the stored one byte-by-byte and this could help a crafty attacker to enter your account. Although this was a long shot, the situation concerned some users, so this new version fixing it is good news. To solve this vulnerability, Bitcoin-Qt implemented a constant-time algorithm for password attempts.
Finally, the method introduced by the version 0.8.3 to truncate transactions was a nice improvement to the previous version, but also introduced additional vulnerabilities that could allow a malicious party to take advantage of it and double-spend Bitcoins or spread malicious transactions through the network. These bugs can now be fixed.
According to The Genesis Block, users that want to upgrade don’t need to download again the entire blockchain. Just download the right file for your operating system.
Comments are closed.