Topic: [ANN][CLOAK] Private, Secure, Untraceable & Decentralized Digital Currency - page 57. (Read 810899 times)

For someone to applaud the audit, you certainly came to conclusions that were not in the audit. I suspect troll but will forge ahead.  The audit was not able to discover anything associated with the recipient of the transaction. They were able to determine the send amount and the sender. This has been solved. Read the audit. The random number generator was not seeded which means.only that the random numbers would follow a sequence. You would still need to know where in the sequence you were when transactions were done. It has benn solved quite simply  other problems are not considered high risk issues. Your concern is warranted but we are on top of them

Cloak team

Please post an ETH address
Id rather donate coins/tokens other than cloak as I'm using centralized exchanges as little as possible, I dont want to part with any cloak, BTC is too expensive to move, and this way you can take any ERC20 token

So weissratings have decided to also do cryptocurrencies now.

https://weisscryptocurrencyratings.com/

Bitcoin is rated C+ overall. I can certainly understand that sort of rating given it's made up of a variety of things which include stuff like risk, volatility etc. I REALLY don't get how they then turn around and give etherium a B and some "coins" that are nothing more than pipe dreams or ETH tokens, a higher rating. But there's only a handful of those and the rest are "real" coins. Anyway, I just wanted to highlight that Cloak is on the list as well which is nice to see with an overall rating of C-. Most coins were rated between C- and C+.

I just sent a donation, use it to make this project even greater!

Cloakcoin to Allow Truly Anonymous Transaction using ENIGMA - NEWSBTC

It’s Invest Diva’s Kiana with News BTC and here is your cryptocurrency update. While the large-cap cryptocurrencies try to erase last week’s losses, today I’d like to take a look at a cryptocurrency way down in the bottom, ranking 203 on the list, called CloakCoin. The reason why I’m bringing it up is that its technology appears to be certified allowing truly anonymous transactions. Categorized under “privacy coins”, Cloakcoin uses the next generation Enigma encryption to create fully private transactions.

https://www.youtube.com/watch?v=4Qu5rq4RSDk

Please join us at chat.cloakcoin.com
Join #wallet there
there are all solutions for the issues.

Just join the chat. So far, all probelms have been solved ;-)


https://chat.cloakcoin.com

Guys I am having the WORST time syncing from scratch. It syncs a day, and I leave it for a hour and it stops. I have to close and restart it, and it syncs another day. Ive left it sometimes for 4-5 hours and it doesnt move. Ive downloaded the latest .conf and it doesnt help. I even found a bootstrap, but that only took my to early November 2014. Does anyone have a bootstrap that goes until February 2015 they can upload? PLEASE?

I think you're missing the point. Cognosec wasn't able to trace the receiver and they found a theoretical possibility to identify the sender. This problem has been solved BECAUSE OF the audit, which consequently made Cloak better. That IS a success! Other coins didn't put the future of their product at risk by letting a third party review the code. Monero have their own "Monero Research Lab" to make their coin more "trustworthy".
Apart from #1 Cognosec only found minor issues and let's face it - they had to justify their existence. 

Well, the code base is the same. The Cloak-Enigma in the live version is out-dated. The new Cloak-Enigma that was audited is much much more improved than the one on the current live-wallets. That i why we had the audit! Regarding the old Code base, we planed and we already started the move to LTC Base (because of Segwit/Lightning/Atomic Swaps in the future) but this is another big and complex task to be done. It would have caused even more delays in opening the code and having it audited. The next steps what we are doing: Final finish of the current version and release of live-wallet. Then we will go ahead with the move to LTC Base which is one of the major tasks this year! An updated Roadmap is coming out soon, after we are done with releasing the new (currently audited) wallet.

I hope this clarifies the situation a bit. Thanks.

Ah, okay.  So the current wallet/enigma platform is even *more* out of date, and presumably exposed to even more attack vectors, than your latest-greatest recently audited version.  Do I have that about right?

+1 for the audit.  But there is a clearly a lot of work remaining.

Well, the code that was audited is live on github and this is the code for the coming live-wallet release. This code was audited not the current wallet which operates the live-net.

Excuse me, but the audit focused on your current wallet release, which definitely is "live".  That is stated pretty clearly in the first few pages of the report.

I applaud the audit, but how many people actually read it?  Stand out items:  no mathematical analysis performed on involved cryptographic algorithms and methods (outside the scope of the audit); Cloaking transactions with few cloakers can be traced, both sender and receiver; reliance on out of date bitcoin and Tor code; random number generator doesn't really work for enigma transactions; source code analysis found multiple instances of reliance out out-of-date and unsafe methods, transaction history stored in an unencrypted format.  Compromise of Anonymity is flagged as a current "high" severity risk factor on cloak transactions with, say, three cloakers.  It is susceptible to a DLL preload attack; page 17 describes the issues resulting from using old and out of date Bitcoin code base; page 20 addresses how the Tor code is out of date and vulnerable to a list of exploits; page 21 several functions found in the source code which leave Cloak vulnerable to buffer overflow attacks.  You can't back up the wallet using the currently accepted best practice of using a seed phrase.  I'll stop there.  To the people that are saying "wow!" I ask again:  did you read the audit report?

The Cloak team replies to a number of these identified shortcomings by simply stating that in the future an upgrade of the wallet software will address these issues.  I hope so.

+1 for the audit, but it seems there is still quite a bit of work to be done to make this world class.

I think you misunderstand what an audit is used for. An audit is made to find bugs in the software before it goes live! The idea behind an audit is to make a software product more secure and better. And exactly this is what the audit report did. It revealed the weak points we have to work on. And as you can see we already improved most of the findings.

The decision to go through the audit was a right one. I believe it would be worthy to have a follow up after the issues pointed out in the report are addressed.

This is an interesting coin however I had bigger expectations from the audit. Face it, literally the only "positive" thing it mentioned was a sandwich phrase saying that the "basic mechanisms are quite robust" but after that it is all just hammering a large number of specific negative points, some of which do not correspond with the whitepaper.

I understand that lot of us hold bags but can we please be a bit more realistic and not sell this report as a great success?