Topic: Reused R values again - page 18. (Read 121336 times)
Johoe is gentlemen.
Mr. Johoe, hats off to you sir.
I'm impressed. 
Johoe is now a crypto superhero. I must to bump
It is *so* relieving to see some decency around here after many months of disgraceful attitude.
Thank you, johoe, for being generally awesome.
Thank you, johoe, for being generally awesome.
I hope to expect an announcement that they're hiring this guy as a security consultant.
The money has been returned to blockchain.info. Please write to blockchain support to claim refund.
That's very ethical of you. I hope they gave you a substantial reward.
I posted on reddit that BC.i should hire him and pay him well just to keep his eyes on the Blockchain and look for issues. He already earned a year's worth of wages I would say.
But perhaps he has no need.
Nice job johoe!
You sir... are a fucking champion *tips hat*
The money has been returned to blockchain.info. Please write to blockchain support to claim refund.
The return address is SINGLE SIG??!? C'mon guys.
I absolutely love Blockchain -- but there is not a great excuse to not use multi signin this of all transactions.
Quote
From: Ben Reeves <[email protected]>
If you could return the funds to address 15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP that would be fantastic.
If you could return the funds to address 15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP that would be fantastic.
The return address is SINGLE SIG??!? C'mon guys.
I absolutely love Blockchain -- but there is not a great excuse to not use multi signin this of all transactions.
The money has been returned to blockchain.info. Please write to blockchain support to claim refund.
That's very ethical of you. I hope they gave you a substantial reward.
The money has been returned to blockchain.info. Please write to blockchain support to claim refund.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJUh5AdAAoJEP3NqDUC96SQqH0H/3pTTawCXZWfWAwIoVQPkSYa
DgpioEvHLDHXegfAfXyo8X9vc50kEseQVeZ5FAvoeC3Hy76gNIgEDllP5o6FUXL2
HsEj7qcafY5AxlxMgRRG9p1OcbeJS6mlbZrjB78BD+zrtzZaLFoSAf4+lw3YZHg5
xvA0WyNoHE1Hzg8+pdPbg1PPN6dHT38+PCyqFgYIjkjq07UbxxtyyWs8KIQqSuTe
4XIh0gjd73Wqtxm4CAHtnwy0PA5Pi/lE7v0d6qqF2l86SlxDkT6067asMw9Te0JJ
WgnFM8fePrM8HU980n0xvamae7J71zlFMN2/RYfj2t/pTIEWz25ZI2iVS0MGg14=
=9MGK
-----END PGP SIGNATURE——
PGP key is available from https://blockchain.info/security.txt
https://blockchain.info/tx/ea8fa447d59000843910932a42bf7a28915772d97a006e97714d026b78885754
Quote
From: Ben Reeves <[email protected]>
If you could return the funds to address 15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP that would be fantastic.
I should also add if that using our admin tools, if users supply us with the correct wallet information, we are able to accurately determine which refund claims are valid and which are not. So far we have processed over 30 refund requests and will be processing more over the rest of this week.
If you could return the funds to address 15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP that would be fantastic.
I should also add if that using our admin tools, if users supply us with the correct wallet information, we are able to accurately determine which refund claims are valid and which are not. So far we have processed over 30 refund requests and will be processing more over the rest of this week.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJUh5AdAAoJEP3NqDUC96SQqH0H/3pTTawCXZWfWAwIoVQPkSYa
DgpioEvHLDHXegfAfXyo8X9vc50kEseQVeZ5FAvoeC3Hy76gNIgEDllP5o6FUXL2
HsEj7qcafY5AxlxMgRRG9p1OcbeJS6mlbZrjB78BD+zrtzZaLFoSAf4+lw3YZHg5
xvA0WyNoHE1Hzg8+pdPbg1PPN6dHT38+PCyqFgYIjkjq07UbxxtyyWs8KIQqSuTe
4XIh0gjd73Wqtxm4CAHtnwy0PA5Pi/lE7v0d6qqF2l86SlxDkT6067asMw9Te0JJ
WgnFM8fePrM8HU980n0xvamae7J71zlFMN2/RYfj2t/pTIEWz25ZI2iVS0MGg14=
=9MGK
-----END PGP SIGNATURE——
PGP key is available from https://blockchain.info/security.txt
https://blockchain.info/tx/ea8fa447d59000843910932a42bf7a28915772d97a006e97714d026b78885754
Can someone point me to the actual commit that introduced this bug?
"Improvments to RNG":https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c
Is it the unconditional use of Math.random() after the use of the Crypto API (if available), that lead to the bug? Or is there some other problem, I don't see?
Why isn't there a fixing commit, yet?
zootreeves added a note an hour ago:
Quote
For those interested. The bug was caused by missing line 29 and not initialising rng_pptr to 0. This commit was force pushed over.
I just want to say that I contacted the blockchain.info support, but I haven't heard back from them, yet.
To avoid double reimbursement, I want coordinate this with the blockchain.info people. They should, hopefully, be able to check whether claims are valid or not. If you lost funds due to this bug, contact the blockchain support, not me. I cannot answer all PMs regarding this problem.
To avoid double reimbursement, I want coordinate this with the blockchain.info people. They should, hopefully, be able to check whether claims are valid or not. If you lost funds due to this bug, contact the blockchain support, not me. I cannot answer all PMs regarding this problem.
In my support ticket with them, I mentioned you. Hopefully this may elevate /escalate the priority.
Can someone point me to the actual commit that introduced this bug?
"Improvments to RNG":https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c
Is it the unconditional use of Math.random() after the use of the Crypto API (if available), that lead to the bug? Or is there some other problem, I don't see?
Why isn't there a fixing commit, yet?
Most of the coins were saved (216BTC) the remeaning ones went to this address https://blockchain.info/address/1xyWYGDStMKVmNH4hivbfhJZa5xWFVWfd
Someone claimed to have lost 99 BTC
http://www.reddit.com/r/Bitcoin/comments/2oo72b/victim_100_bitcoins_stolen_from_blockchaininfo/
They ended up here:
https://blockchain.info/address/18MFgZkAqcBLJcQof81xLFzAQ4r4XLS6sn
Only a tiny amount from them ended up at https://blockchain.info/address/1xyWYGDStMKVmNH4hivbfhJZa5xWFVWfd
Most of the coins were saved (216BTC) the remeaning ones went to this address https://blockchain.info/address/1xyWYGDStMKVmNH4hivbfhJZa5xWFVWfd
I just want to say that I contacted the blockchain.info support, but I haven't heard back from them, yet.
To avoid double reimbursement, I want coordinate this with the blockchain.info people. They should, hopefully, be able to check whether claims are valid or not. If you lost funds due to this bug, contact the blockchain support, not me. I cannot answer all PMs regarding this problem.
To avoid double reimbursement, I want coordinate this with the blockchain.info people. They should, hopefully, be able to check whether claims are valid or not. If you lost funds due to this bug, contact the blockchain support, not me. I cannot answer all PMs regarding this problem.
Just remember, no good deed goes unpunished. Perhaps this should be in a new thread too.
I just want to say that I contacted the blockchain.info support, but I haven't heard back from them, yet.
To avoid double reimbursement, I want coordinate this with the blockchain.info people. They should, hopefully, be able to check whether claims are valid or not. If you lost funds due to this bug, contact the blockchain support, not me. I cannot answer all PMs regarding this problem.
To avoid double reimbursement, I want coordinate this with the blockchain.info people. They should, hopefully, be able to check whether claims are valid or not. If you lost funds due to this bug, contact the blockchain support, not me. I cannot answer all PMs regarding this problem.
Can someone point me to the actual commit that introduced this bug?
"Improvments to RNG":https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c
Can someone point me to the actual commit that introduced this bug?
"Improvments to RNG":https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c
Jump to: