Topic: Researchers crack online encryption system - Bitcoin affected? (Read 2899 times)
The only vulnerability known to ECDSA are timing attacks (measuring how long it takes to generate a key). Bitcoin does not suffer of this because it always generates a pool of keys instead of a single one and there's no way of knowing how long it took (at least with the implementations I've seen).
February 15, 2012, 04:42:19 PM
This doesn't affect Bitcoin at all, because the ECDSA algorithm that Bitcoin uses does not use pairs of prime numbers to do it's thing.
February 15, 2012, 04:17:54 PM
What are some languages for which a safe context is the standard paradigm and which could be used to generate both Windows and *nix targets?
Assembly February 15, 2012, 04:03:09 PM
... C++, a language in which unsafe context is the standard paradigm.
What are some languages for which a safe context is the standard paradigm and which could be used to generate both Windows and *nix targets?
February 15, 2012, 03:13:32 PM
My technical knowledge/english was not good enough to understand the details.. thank you guys.
February 15, 2012, 01:30:35 PM
Read: business dudes can't do crypto. Tell me something new. *yawns*
In fact, this is a fairly good result. I know someone who's good at crypto, and boy, he discovers flaws everywhere, all the time, mostly by accident. He didn't have much to complain about concerning Bitcoin, so I guess it's safe enough for now. Only thing I could complain about is the standard client being written in C++, a language in which unsafe context is the standard paradigm.
But that's not an issue of the Bitcoin protocol. Alternative clients will hopefully pop up as Bitcoin evolves, which would be desirable for many reasons anyway... nice! I just found BitcoinSharp, a .NET/Mono compatible port of BitcoinJ. Hell yeah, I might even make my own "lite" client version with this.
Bottom line: Bitcoin protocol seems secure, and Bitcoin infrastructure is evolving as we speak. Stay careful for now, but the long-term outlook is good!
In fact, this is a fairly good result. I know someone who's good at crypto, and boy, he discovers flaws everywhere, all the time, mostly by accident. He didn't have much to complain about concerning Bitcoin, so I guess it's safe enough for now. Only thing I could complain about is the standard client being written in C++, a language in which unsafe context is the standard paradigm.
But that's not an issue of the Bitcoin protocol. Alternative clients will hopefully pop up as Bitcoin evolves, which would be desirable for many reasons anyway... nice! I just found BitcoinSharp, a .NET/Mono compatible port of BitcoinJ. Hell yeah, I might even make my own "lite" client version with this.
Bottom line: Bitcoin protocol seems secure, and Bitcoin infrastructure is evolving as we speak. Stay careful for now, but the long-term outlook is good!
February 15, 2012, 12:45:21 PM
February 15, 2012, 12:25:32 PM
*affected.
The paper:
eprint.iacr.org/2012/064.pdf
With their extensive collection of millions of keys they only found 1 ECDSA public key.
Can anybody think of somewhere they could look to find a few more ECDSA public keys?
February 15, 2012, 09:59:20 AM
The paper is mostly about potentially worrying trends in RSA, which Bitcoin doesn't use.
Summary of the paper: We gathered several million TLS/PGP certificates in the wild. A surprisingly large percentage of RSA keys and maybe a few DSA keys were generated in such a way that they share certain properties with other keys which are never supposed to be shared, making encryption using the affected keys weak or totally useless. We're not sure why this happened.
Summary of the paper: We gathered several million TLS/PGP certificates in the wild. A surprisingly large percentage of RSA keys and maybe a few DSA keys were generated in such a way that they share certain properties with other keys which are never supposed to be shared, making encryption using the affected keys weak or totally useless. We're not sure why this happened.
February 15, 2012, 09:54:00 AM
First thing:
Second thing:
Quote
The researchers studied 6.6 million public keys generated using the RSA algorithm, and found that 12,720 were not secure at all and 27,000 others were vulnerable.
Bitcoin does not use RSA it uses Eliptical Curve Cryptography (ECC).Second thing:
Quote
the problem had to do with the manner in which the keys were generated
not the underlying cryptographic system. February 15, 2012, 09:46:00 AM
Jump to: