3

Does stratum mining use something similar to "https" to secure traffic between the pool and the miners?

stone.212
  • 173
  • 5

1 Answers1

3

No, all traffic is plaintext. The connections are hijackable and attacks against this have occurred in the past where ISPs redirected hashrate to themselves.

Claris
  • 15,323
  • 2
  • 26
  • 43
  • Really? So there is no way to have username/password logins for the stratum miners either I guess (if it's all plaintext). – stone.212 Dec 07 '17 at 04:05
  • They have logins, but it’s all in plaintext so can be stolen by observers or redirected. – Claris Dec 07 '17 at 04:26
  • Oh. Do you know a more secure mining method for pools? And how many miners can that method handle on one pool? – stone.212 Dec 07 '17 at 05:01
  • You can wrap a normal stratum socket (or any tcp connection) with SSL using `stunnel`, but this needs to be supported by the pool as well as the client. As far as I know nobody does this presently. – Claris Dec 07 '17 at 05:06
  • Thank you but my question was if you know a more secure (than stratum) mining method for pools, and how many miners such pools can handle. I worry about HTTP because I'm not sure if they handle https and I hear that they don't handle lots of miners at one time. – stone.212 Dec 07 '17 at 08:04
  • Stratum is JSON over raw TCP, there's no HTTP involved in it. There's no other protocols in use, 21.co had a binary protocol based on protobuf but there's nothing using that today. It also, was not encrypted or authenticated. – Claris Dec 07 '17 at 08:28
  • I didn't say Stratum uses http. But http mining is a thing that exists. I am trying to decide if using it would be preferable from a security standpoint. – stone.212 Dec 08 '17 at 07:32
  • HTTP based mining hasn't existed since 2011 with `getwork` and `getblocktemplate` which never gained any adoption. For very latency sensitive things (i.e., mining) HTTP is a ridiculously bad choice. – Claris Dec 08 '17 at 08:54
  • That's helpful. Some mining pool software on Github offers HTTP so I thought it was a viable alternative. I wonder why EthOS still requires you to specify stratum if stratum is all that's used? – stone.212 Dec 08 '17 at 10:50