Thank you guys.
I realized my mistake. Your links are very useful for me. Sorry for my English ))
Topic: protocol vulnerability? (Read 1180 times)
If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...
He's concerned that the signature doesn't cover the output of the current transactionQuote
As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.
Certainly, but he said it "seems that signed only scriptPubKey", and clearly that isn't true. Therefore, it should be obvious to him, from reading the paragraph below the drawing, that he misunderstood the drawing.
See all those arrows passing through the "Signed Data" box? That means all those fields are included in what gets signed.
I readed this.ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?
No. That is not right.
I can't tell if you are failing to pay attention, or if you are just trolling.
With sighash all, all of the data in the current transaction, except for the signature itself, is signed. This prevents any transaction data from being changed.
Which has already been explained 3 times, and several links have been included to provide additional details for better understanding.
I'm beginning to think we are being trolled.
NO! With sighash all, all of the data in the current transaction, except for the signature itself, is signed. This prevents any transaction data from being changed.
Where this wrote? Give me please link to any document or source code?
[/quote]
You have been provided several links.
The source code is in github. Here:
https://github.com/bitcoin/bitcoin
Now i can see only
Quote
includes the txid and vout from the previous transaction
andQuote
also includes the pubkey script from the previous transaction
If that's all you can see in this whole thread, then you are only looking for things that you can take out of context to create confusion. I'm nearly certain you are just trolling now.
He's been told that the entire transaction is signed multiple times. He's been supplied with links with additional details about what is signed. And yet, he carefully searches through posts and links looking for small pieces that he can take out of context and then exclaim that only the inputs are signed. Nonsense.
I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?
Where this wrote? Give me please link to any document or source code?
Now i can see only
Quote
includes the txid and vout from the previous transaction
andQuote
also includes the pubkey script from the previous transaction
It's also in the source somewhere.
I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?
Where this wrote? Give me please link to any document or source code?
Now i can see only
Quote
includes the txid and vout from the previous transaction
andQuote
also includes the pubkey script from the previous transaction
I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?
Picture from https://bitcoin.org/en/developer-examples#offline-signing
- snip -
It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.
- snip -
It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.
Nope.
See all those arrows passing through the "Signed Data" box? That means all those fields are included in what gets signed.
If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...
Quote
As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.
I readed this.
ONLY data from the PREVIOUS transaction is signed!
Data in CURRENT transaction is not signet and not protected from changing.
Right?
If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...
Quote
As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.
He's concerned that the signature doesn't cover the output of the current transaction - which it does for all signature types besides SIGHASH_NONE.
To be honest, I don't understand this drawing either. This explanation works better for me.
https://en.bitcoin.it/wiki/OP_CHECKSIG
Picture from https://bitcoin.org/en/developer-examples#offline-signing
- snip -
It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.
- snip -
It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.
Nope.
See all those arrows passing through the "Signed Data" box? That means all those fields are included in what gets signed.
If you had read the paragraph after the picture, you would have known that there is more signed than just the scriptPubKey...
Quote
As illustrated above, the data that gets signed includes the txid and vout from the previous transaction. That information is included in the createrawtransaction raw transaction. But the data that gets signed also includes the pubkey script from the previous transaction, even though it doesn’t appear in either the unsigned or signed transaction.
Picture from https://bitcoin.org/en/developer-examples#offline-signing
-snip img-
It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.
Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid.
Thank you for responce.
Is there any documentation how "scriptSig" is constructing for given transaction?
[/quote]
Picture from https://bitcoin.org/en/developer-examples#offline-signing
It seems that signed only scriptPubKey for the previous transaction.
"PubKey Script" for the new transaction is not signed and new transaction is not signed too! So anyone may change scriptPubKey for unconfirmed transaction.
Is there any documentation how "scriptSig" is constructing for given transaction?
http://bitcoin.stackexchange.com/a/5241
https://en.bitcoin.it/w/images/en/7/70/Bitcoin_OpCheckSig_InDetail.png
Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid.
Thank you for responce.
Is there any documentation how "scriptSig" is constructing for given transaction?
[/quote]
There is probably something about it on https://bitcoin.org/en/developer-documentation. Otherwise you can look in the code.
Hi,
I'm learning the basics of Bitcoin protocol and have a question.
When i push raw transaction to the network, all nodes may read it for checking...
If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?
Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid.I'm learning the basics of Bitcoin protocol and have a question.
When i push raw transaction to the network, all nodes may read it for checking...
If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?
Thank you for responce.
Is there any documentation how "scriptSig" is constructing for given transaction?
Hi,
I'm learning the basics of Bitcoin protocol and have a question.
When i push raw transaction to the network, all nodes may read it for checking...
If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?
Nope, not possible. The scriptsig, if using sighash all (the default), is a signature of the hash of the transaction. If part of the transaction is changed, the hash will no longer match and thus the signature will no longer be valid and thus the transaction ID invalid. I'm learning the basics of Bitcoin protocol and have a question.
When i push raw transaction to the network, all nodes may read it for checking...
If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?
Hi,
I'm learning the basics of Bitcoin protocol and have a question.
When i push raw transaction to the network, all nodes may read it for checking...
If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?
I'm learning the basics of Bitcoin protocol and have a question.
When i push raw transaction to the network, all nodes may read it for checking...
If some "bad-hacker" node will save my "scriptSig" for transaction inputs, but will change my "scriptPubKey" for outputs. Then the scammer may send a fake transaction to other nodes and there's a possibility to lose my money?
Jump to: