Reused R values again - page 2. | Bitcointalksearch.org

itod

legendary

Activity: 1974

Merit: 1075

^ Will code for Bitcoins

Quote from: amaclin on January 03, 2015, 07:32:52 PM

Quote

It doesn't mean that banks are better than the blockchain

It does. Or what the meaning of the word "better" in your language?

If one system has better security then the other, it says nothing about other aspects of these systems. If you level them to common denominator so that you can claim one is better, you completely lose sight of their complexity which is above that common denominator. It's best seen when internet was described in the mid-90's as "electronic post-office". As a post office, old school ones may be "better", but internet is so much more. The same way banks are "better", but blockchain is so much more then "electronic money".

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: amaclin on January 03, 2015, 08:02:44 PM

Quote

Bitcoin is an ongoing experiment, not a finished product.
Hence, we enjoy some of the early adopter's advantage.

No. You enjoy seeing the fall of one another financial pyramid. You are not early adopter today.
You are looser in ponzi scheme called "crypto-currency"

Quote from: amaclin on January 03, 2015, 08:02:44 PM

Quote

Bitcoin is an ongoing experiment, not a finished product.
Hence, we enjoy some of the early adopter's advantage.

No. You enjoy seeing the fall of one another financial pyramid. You are not early adopter today.
You are looser in ponzi scheme called "crypto-currency"

I think I found a Russian government official spreading fud. Cause he specifically cited cryptocurrencies, and his previous posts are in russian.

BlindMayorBitcorn

legendary

Activity: 1260

Merit: 1115

Quote from: amaclin on January 03, 2015, 08:02:44 PM

Quote

Bitcoin is an ongoing experiment, not a finished product.
Hence, we enjoy some of the early adopter's advantage.

No. You enjoy seeing the fall of one another financial pyramid. You are not early adopter today.
You are looser in ponzi scheme called "crypto-currency"

Ta da! Fun eh?

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

Bitcoin is an ongoing experiment, not a finished product.
Hence, we enjoy some of the early adopter's advantage.

No. You enjoy seeing the fall of one another financial pyramid. You are not early adopter today.
You are looser in ponzi scheme called "crypto-currency"

newIndia

legendary

Activity: 2198

Merit: 1049

Quote from: amaclin on January 03, 2015, 07:42:14 PM

Quote

1. Free service like email has done better than the paid physical mail

These are different services. And you have to pay your internet provider even you do not use email

- They serve the same purpose. Cost of internet is like bitcoin transaction fee for sending 1 M USD between 2 different continent.

Quote

2. Free service like news websites have done better than the paid news papers

Do not compare ass and finger.

- I compared stick with finger as the former is stronger than the later. Not sure how u end up to an asshole !!!

Quote

"Money can't buy the will power"

The cost you are paying for using bitcoin is too high compared with any other system

- Once upon a time people had to LEARN computer operation to send an email. Now your granny can do it. Bitcoin is an ongoing experiment, not a finished product. Hence, we enjoy some of the early adopter's advantage. Risk is the part and parcel of anything new.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

1. Free service like email has done better than the paid physical mail

These are different services. And you have to pay your internet provider even you do not use email

Quote

2. Free service like news websites have done better than the paid news papers

Do not compare ass and finger.

Quote

"Money can't buy the will power"

The cost you are paying for using bitcoin is too high compared with any other system

newIndia

legendary

Activity: 2198

Merit: 1049

Quote from: amaclin on January 03, 2015, 06:55:20 PM

Quote

The problem is that the security of cryptosystems can't be assured by following a checklist.

The problem is that you have to pay for everything.
Free cheese is only in mousetrap.
Free service (bitcoin/blockchain) can not be better than professional one (fiat/banks)

1. Free service like email has done better than the paid physical mail

2. Free service like news websites have done better than the paid news papers

It is about changing business model with technological advancement. I remember an old saying...

"Money can't buy the will power"

Quote from: amaclin on January 03, 2015, 07:32:52 PM

-snip-

Quote

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

It doesn't mean that banks are better than the blockchain

It does. Or what the meaning of the word "better" in your language?

Quote

...When bitcoin accumulates few decades...

Bitcoin will die in three months maximum. May be sooner.

itod

legendary

Activity: 1974

Merit: 1075

^ Will code for Bitcoins

Quote from: amaclin on January 03, 2015, 06:55:20 PM

Free service (bitcoin/blockchain) can not be better than professional one (fiat/banks)

Hard lesson to swallow but ultimately true. It doesn't mean that banks are better than the blockchain, but bank security is certainly better for that simple reason highly paid professionals are doing security for banks, and they've been doing that for a long time. When bitcoin accumulates few decades of safe security practices under the belt things like this will not happen.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

The problem is that the security of cryptosystems can't be assured by following a checklist.

The problem is that you have to pay for everything.
Free cheese is only in mousetrap.
Free service (bitcoin/blockchain) can not be better than professional one (fiat/banks)

gmaxwell

staff

Activity: 4172

Merit: 8419

I'm not sure that people actually have much to learn from it; or at least the lesson most learn isn't the lesson they need to learn.

The problem is that the security of cryptosystems can't be assured by following a checklist. Do this. Don't do that. Do this. No finite set of instructions is necessary or sufficient for security.

The real lesson is the serious hard work, challenge, public review, testing, and residual risk there is with writing cryptographic software. When you fixate on the list you feel like you have control of the security.

There is far too much adhoc cryptographic code being written in this community (and beyond) by people who are not putting in the serious effort to make sure it's done right. No matter how awesome a coder you are, no matter how many lists of things to avoid, if you're going it alone your code will not be secure, if you're just following instructions from the forum your code is not going to be secure, etc. Maybe it will be _mostly_ secure, but mostly isn't really good enough.

Put another way, if this thread is alerting you to the concern here then it's very likely that you are not yet prepared to be writing cryptographic software for large numbers of people.

newIndia

legendary

Activity: 2198

Merit: 1049

May I request the mods to make this thread sticky ? Because, I think, new people have a lot to learn from this thread.

goosoodude

hero member

Activity: 584

Merit: 500

Quote from: JorgeStolfi on December 29, 2014, 12:32:34 AM

Quote from: Willisius on December 29, 2014, 12:11:11 AM

It sounds like it is somewhat safe to use blockchain.info again.

I would also say this just shows the importance of rigorously testing any new release of any software that in any way controls any kind of money because people may not immediately continue the upgrade cycle after a 2nd release is released to fix any potential problem

I haven't seen any sign that they have fixed the organizational problem that created the technical problem.

According to other reports, they have a single super-programmer who ships changes without independent review.

If that is true, good luck...

They have another problem now as they are incorrectly marking transactions as double spend.
Its time people moved on from there, too risky to keep valuables there.

Willisius

sr. member

Activity: 364

Merit: 250

I'm really quite sane!

Quote from: JorgeStolfi on December 29, 2014, 12:32:34 AM

Quote from: Willisius on December 29, 2014, 12:11:11 AM

It sounds like it is somewhat safe to use blockchain.info again.

I would also say this just shows the importance of rigorously testing any new release of any software that in any way controls any kind of money because people may not immediately continue the upgrade cycle after a 2nd release is released to fix any potential problem

I haven't seen any sign that they have fixed the organizational problem that created the technical problem.

According to other reports, they have a single super-programmer who ships changes without independent review.

If that is true, good luck...

That is probably not a good idea. Regardless of how "good" someone is at their job it is always important to have people check behind workers' work in order to make sure it meets a certain quality standard.

Although it would generally not be a good idea to have one person (or even one team) in charge of such programming, it would still potentially be feasible as long as a completely separate group is able to independently test and audit the code prior to it being released

JorgeStolfi

hero member

Activity: 910

Merit: 1003

Quote from: Willisius on December 29, 2014, 12:11:11 AM

It sounds like it is somewhat safe to use blockchain.info again.

I would also say this just shows the importance of rigorously testing any new release of any software that in any way controls any kind of money because people may not immediately continue the upgrade cycle after a 2nd release is released to fix any potential problem

I haven't seen any sign that they have fixed the organizational problem that created the technical problem.

According to other reports, they have a single super-programmer who ships changes without independent review.

If that is true, good luck...

Willisius

sr. member

Activity: 364

Merit: 250

I'm really quite sane!

Quote from: johoe on December 28, 2014, 04:25:24 PM

Quote from: smoothie on December 28, 2014, 04:09:33 PM

Sorry for my ignorance, but has this issue been resolved on BC.I's end?

Yes, there haven't been any bad transactions for a week now.

There are still people paying to addresses that were exposed by the bug or that were created by the buggy random number generator, but there is nothing BC.I can do about this.

Edit: I should add that bc.i claimed to fix this bug within a few hours. There is no way to prove this from my end, but the logs support this as more than 75% of the bad transactions occurred during a few hours.

BC.I has changed to RFC 6979, now. Thus, the signatures do not depend on the random number generator anymore.

It sounds like it is somewhat safe to use blockchain.info again.

I would also say this just shows the importance of rigorously testing any new release of any software that in any way controls any kind of money because people may not immediately continue the upgrade cycle after a 2nd release is released to fix any potential problem

goosoodude

hero member

Activity: 584

Merit: 500

Quote from: johoe on December 28, 2014, 04:25:24 PM

BC.I has changed to RFC 6979, now. Thus, the signatures do not depend on the random number generator anymore.

The issue was known from a long time back, so why did a company like Blockchain which handles huge amounts of BTC failed to correct it? Its a very serious lax, and the users should be educated to keep BTC there only when necessary. Many use Blockchain as a primary storage wallet.

temen

member

Activity: 119

Merit: 10

johoe: As a sidestep to this, to me it looks like you "found" these bitcoins and returned them to BC.info. In here Finland there is a law that ensures some 10% of findings to the finder. Hope you got your share for doing these people a service, that was quite a feat!

johoe

full member

Activity: 217

Merit: 238

Quote from: smoothie on December 28, 2014, 04:09:33 PM

Sorry for my ignorance, but has this issue been resolved on BC.I's end?

Yes, there haven't been any bad transactions for a week now.

There are still people paying to addresses that were exposed by the bug or that were created by the buggy random number generator, but there is nothing BC.I can do about this.

Edit: I should add that bc.i claimed to fix this bug within a few hours. There is no way to prove this from my end, but the logs support this as more than 75% of the bad transactions occurred during a few hours.

BC.I has changed to RFC 6979, now. Thus, the signatures do not depend on the random number generator anymore.

smoothie

legendary

Activity: 2492

Merit: 1473

LEALANA Bitcoin Grim Reaper

Sorry for my ignorance, but has this issue been resolved on BC.I's end?

Topic: Reused R values again - page 2. (Read 121128 times)