Topic: Reused R values again - page 3. (Read 121128 times)

Interesting, so how did you detect that there was a serious problem?  Just by code inspection, or did you see a clash on randomly created addresses?


I'm not sure about the legality, but it was the only way to save the money.  I didn't break into other computers; I just took the public ledger and extracted the private keys from that.  Usually, if there is a problem with repeated R values, it is exploited within a few hours.  In this case it took a bit more than 24 hours.

I wonder why you didn't sweep the remaining coins that required to break the RNG.  When I did this after six days, I was astonished how much money there still was on these addresses.


I think, I never gave a step by step instruction of how to break an address.  You are probably referring to the posting how to break a particular address using a particular chain of R values and other addresses.  That description showed how I broke one particular key, but that key didn't have any money anyway.  I didn't include the details, or any of the private keys.  Of course, you can look up the details at Wikipedia.  Or you can find the other step-by-step instructions on the web. The knowledge that it is possible to follow R values over several addresses was already out; there was another thread that started two weeks earlier.  Also my posting was at a time when there were already bots sweeping the addresses when they were exploited.  I tried to keep the details of the RNG secret as long as possible.

There's a huge difference between a general fact "their security practice is poor" and a statement like "some user stole $50 it might be yours". One can be widely reported, one generally will not.

Full disclosure is still good, because it will wipe bad service providers from the market and teach careless users a lesson. And the reporter's greatest asset is not some change for reward, but great achievements in his vita.

Companies have to die at some point, and some users unfortunately have to learn their responsibilities the hard way.

If you start using a service to store your money, you better have at least one common language with the service provider.

But johoe did not steal anything, he just picked it up. There is no perfect real world analogy, but this one makes more sense than yours.

So, this:


But then also this:


 

It went from here to various different news / social media sites without johoe having to lift a finger.

^^^^

Fair enough nogf.

You guys are so tech savvy, very impressive tbh.

There's somewhat of a difference with this case, in that he was explaining things a lot of us knew about already. Due to the way this particular event played out all of those private keys are compromised and that's the end of it. There's no further exploitation to be done, no further thefts, no further damage. If nothing else he raised awareness for RFC6979 signatures which mitigate this particular problem entirely.

In general there's little value to doing full disclosure. It's a net loss for the reporter (no bounty payout), for the users (they could be negatively affected) and for the company (that has to deal with the fall out). However, in some cases it's necessary to act in that way in order to get things fixed. If a company is being obtuse, lying, or otherwise not fulfilling their obligations to their customer then there's really no choice.

This is important.
Please refrain from giving a step by step instruction on how to hack people's addresses.

I highly respect what johoe did but I think he got carried away with his new 'fame' by telling everybody how he did it.
Not cool.

Not everybody reads this little pit on the side of the internet. Not everybody speaks English. Unless it's a very high profile event "saving" someones money will just be theft with no positive identification. Especially in the cases here, the private key was exposed so it could never be proved who owned it in the first place.



Lay off playing the concerned. There's a balance that needs to be struck no matter how you look at it. If people don't voice concern about the security practice of a company, there's an assumption that everything is just fine. I've given no information that could aid anybody in finding vulnerabilities in their code.

Of course there is. The blockchain is a public ledger. Sweeping coins to an address and then posting about it and the address is exactly that. The word will spread quick enough, as was shown in johoe's case.



Yes, I think it makes a difference. This thread is about the R values. You claim that there are more flaws to be found. This could be motivation to poke around some more.

There's no method of doing that in Bitcoin.


There's existing incentive of being able to steal millions of dollars worth of Bitcoin. Do you really think some terse comments confirming that there are issues will make even the slightest difference? It's very much public knowledge that there's huge problems with their management of security, else this thread wouldn't be 20 pages long and I wouldn't be posting here.

Oh really how did you make that conclusion when mtgox had over several hundred thousand accounts and then went belly up?

Your assertion that it is the #1 theft in number of affected people is so far off.

Please do your research before talking.

Merry Christmas!

That car IMO has in that case become more like a wallet you forgot on a bench in the park. I, as the owner of the car/wallet would appreciate it, if somebody takes it in to safe-keep and leaves a message at the location they took it, how to contact them. Sort of what johoe did.



Also, by posting that there are more flaws to be found at bc.i you just gave the black hats a motivational boost.

You can't justify stealing a car because "it was going to be stolen anyway".


If you had $30M USD in your pocket and $400,000 a month in revenue resting entirely on your security, no doubt you'd be making that your first priority.

But when the first reused R values appear, everybody knows that the RNG is flawed anyway. And then fixed RNG code does not help you much to protect transactions that were created with the flawed RNG. Let alone the whole problem of users and their browsers' cache, still executing the broken code.

Are you sure that bitcoin-related startups will be able to pay salary on a distance of several months?
(My point of view: no)

Just realised 'yo hoe' too

They will be interested in the money provided by the start ups to get the hoe or gf

Are you sure that a persons like johoe or nogf are interested in bitcoin-related startups ? 

It also leaves you with no gf (just realised what the username means)

It will make you known and get you hired. There are a lot of start ups running various types of services which use some kind of online wallet and they may be interested in you if you show value.