Author

Topic: [SDC] ShadowCash | Welcome to the UMBRA - page 107. (Read 1289644 times)

legendary
Activity: 1456
Merit: 1000
February 11, 2016, 05:03:40 PM
I would be interested to see SDC try to implement zerocash.

First market with this currency would be worth watching.

https://z.cash/team.html

edit

Let's see.

ZCash say they are going to launch in ~6months.

That would be a nice target window for SDC too. Let's say it works out great, you figure out a way to get the market connected; and you can figure out a way to get the launch handled in a way that people trust.

Where would that leave both competing anon and markets?
legendary
Activity: 2968
Merit: 1198
February 11, 2016, 04:58:25 PM
...nazi member...

 Grin Grin Grin Nice! Now explain me how come the output of `diff nazi.deeds zionism.deeds`is nada.

Except for your middled notions of people, everything else sounds plausible. Even if the hash turns to be a critical bug, the fact that competitors are paying serious attention to ShadowCash, speaks for itself. $1.5K is how much? A day's wage.

Sorry to disappoint but there was no serious attention. Shen identified the potential pitfall while working on something else decided to look at existing ring signature implementations he could find to see if any of them had the bug. Both OZcoin and Shadow seemed to have it. It's possible he missed something too, and Shadow is protected in some manner, although it doesn't really look that way (the code posted here doesn't seem to fix it). I guess we'll see after further attention is given to it.
hero member
Activity: 671
Merit: 505
February 11, 2016, 04:45:37 PM
...nazi member...

 Grin Grin Grin Nice! Now explain me how come the output of `diff nazi.deeds zionism.deeds`is nada.

Except for your middled notions of people, everything else sounds plausible. Even if the hash turns to be a critical bug, the fact that competitors are paying serious attention to ShadowCash, speaks for itself. $1.5K is how much? A day's wage.
newbie
Activity: 36
Merit: 0
February 11, 2016, 03:00:41 PM
blabla   Roll Eyes

Thank you all for this bullshit so i can get me more cheap coins  lol Grin Grin
hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 11, 2016, 01:58:27 PM
Speak the devil's name and he shall appear? Tongue There is nothing to respond to. More baseless assumptions and more of you saying "are we there yet?"

BTW trolls shenNoether, newb4now, Smooth, sidhujag, and nazi member X1235 have already been debunked by code! Legit Code! Good work! Subscribe to the SDC git to get a front row seat.

Code:
Line 42: if (!(hG = EC_POINT_new(ecGrp))) //generates new generator.
Line: 48: if (hashToEC(&publicKey[0], publicKey.size(), bnTmp, hG) != 0) //passes new hG to hashToEC.

Which should result in the usage of a random new point if the code strictly does what's described here:
Line 8: // - bn(hash(data)) * G


ShenNoether is now grasping at straws. rofl


Are you really rolling on the floor and laughing?
I doubt ShenNoether is grasping at straws, but we shall see.

Quoting peoples past posts is fun isnt it erok? Wink
My cameo appearance is at an end.

stupid things
I am happy to be grouped with educated gentleman such as DaSource and Child_Harold.
I never said you were of low intelligence (that i can remember). I still don't think you are stupid. Just misguided and prone to tantrums. I still think you could do cool things and great work if you chose to. And yes quoting people from A MONTH AGO is rather efficient to prove my point that Monero is trolling their competition hard. You are referencing a quote of mine that is more than 6 months old which is not applicable anymore unfortunately.
hero member
Activity: 812
Merit: 1000
February 11, 2016, 01:51:22 PM
Speak the devil's name and he shall appear? Tongue There is nothing to respond to. More baseless assumptions and more of you saying "are we there yet?"

BTW trolls shenNoether, newb4now, Smooth, sidhujag, and nazi member X1235 have already been debunked by code! Legit Code! Good work! Subscribe to the SDC git to get a front row seat.

Code:
Line 42: if (!(hG = EC_POINT_new(ecGrp))) //generates new generator.
Line: 48: if (hashToEC(&publicKey[0], publicKey.size(), bnTmp, hG) != 0) //passes new hG to hashToEC.

Which should result in the usage of a random new point if the code strictly does what's described here:
Line 8: // - bn(hash(data)) * G


ShenNoether is now grasping at straws. rofl


Are you really rolling on the floor and laughing?
I doubt ShenNoether is grasping at straws, but we shall see.

Quoting peoples past posts is fun isnt it erok? Wink
My cameo appearance is at an end.

stupid things
I am happy to be grouped with educated gentleman such as DaSource and Child_Harold.
hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 11, 2016, 01:42:29 PM
I question your competence if you spend a month trolling with child_harold then finally realize SDC is legit after stating "I haven't looked at it recently" (troll admission)

If your gonna call my name out then at least let me respond.

I created the uncensored thread and did plenty of research and dug up lots of links. I am entitled to my opinions and you can respond over there.

What has happened here today is totally deserved after the SDC Team failed to get the Zeuner crytpo peer review completed (after the community paid for it well over one year ago).

I assume the market is on indefinite hold as a result.
Speak the devil's name and he shall appear? Tongue There is nothing to respond to. More baseless assumptions and more of you saying "are we there yet?"

BTW trolls shenNoether, newb4now, Smooth, sidhujag, and nazi member X1235 have already been debunked by code! Legit Code! Good work! Subscribe to the SDC git to get a front row seat.

Code:
Line 42: if (!(hG = EC_POINT_new(ecGrp))) //generates new generator.
Line: 48: if (hashToEC(&publicKey[0], publicKey.size(), bnTmp, hG) != 0) //passes new hG to hashToEC.

Which should result in the usage of a random new point if the code strictly does what's described here:
Line 8: // - bn(hash(data)) * G


ShenNoether is now grasping at straws. rofl
hero member
Activity: 812
Merit: 1000
February 11, 2016, 01:30:31 PM
I question your competence if you spend a month trolling with child_harold then finally realize SDC is legit after stating "I haven't looked at it recently" (troll admission)

If your gonna call my name out then at least let me respond.

I created the uncensored thread and did plenty of research and dug up lots of links. I am entitled to my opinions and you can respond over there.

What has happened here today is totally deserved after the SDC Team failed to get the Zeuner crytpo peer review completed (after the community paid for it well over one year ago).

I assume the market is on indefinite hold as a result.
hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 11, 2016, 12:17:38 PM
I don't think this is the standard for handling security flaws in this industry.

You apparently don't understand the nature of the error.

The code can be fixed going forward, but you can't remove the broken ring signatures from the blockchain. Responsible disclosure has no benefit to users in this instance.

Given the lack of competence indicated by the nature of the mathematical error, users should also ask whether fixing the code is sufficient remedy.

I understand you would prefer to sugar-coat it, but there is really no way to prevent these sorts of flaws other than by having people who know what they are doing (and not just copying stuff without apparently understanding it, as I have pointed out here several times before is a frequent pattern, not a one-time occurrence).

Quote
Immediately after posting that, smooth posted this image

I thought it was funny, especially since I did mention ShadowMarket along with the shopping reference. You seem a bit thin-skinned for crypto.

FWIW, I also thought X1235's omg post mocking the idea of paying a bounty to be somewhat funny if dismissive, and for whatever it wasn't deleted by the thread moderator as mine was.
I question your competence if you spend a month trolling with child_harold then finally realize SDC is legit after stating "I haven't looked at it recently" (troll admission) and now come back with this crap? LOL try harder kiddo. You seem a bit thick headed for actual innovation. Keep riding CH and flufy's nuts. Take your troll team back to homebase because you are about to get disproved and ridiculed because you don't even understand what you are trolling.

https://bitcointalksearch.org/topic/m.13259632

newbie
Activity: 36
Merit: 0
February 11, 2016, 11:59:21 AM

Quote
Howver i do believe the devs here have a little bit of merit and should they wish to work on real projects instead

Can you Name a "real" proejct ?  Cheesy
legendary
Activity: 2044
Merit: 1005
February 11, 2016, 11:53:34 AM
I don't think this is the standard for handling security flaws in this industry.

You apparently don't understand the nature of the error.

The code can be fixed going forward, but you can't remove the broken ring signatures from the blockchain. Responsible disclosure has no benefit to users in this instance.

Given the lack of competence indicated by the nature of the mathematical error, users should also ask whether fixing the code is sufficient remedy.

I understand you would prefer to sugar-coat it, but there is really no way to prevent these sorts of flaws other than by having people who know what they are doing (and not just copying stuff without apparently understanding it, as I have pointed out here several times before is a frequent pattern, not a one-time occurrence).

Quote
Immediately after posting that, smooth posted this image

I thought it was funny, especially since I did mention ShadowMarket along with the shopping reference. You seem a bit thin-skinned for crypto.


Apparently it works all the way up with this one, one look at the source should tell you more than you need to know... Howver i do believe the devs here have a little bit of merit and should they wish to work on real projects instead of ones based off of uneven mathematical footing then I would be willing to offer them work.. However they woukd have to put their egos aside. Gluck
legendary
Activity: 2968
Merit: 1198
February 11, 2016, 11:50:15 AM
I don't think this is the standard for handling security flaws in this industry.

You apparently don't understand the nature of the error.

The code can be fixed going forward, but you can't remove the broken ring signatures from the blockchain. Responsible disclosure has no benefit to users in this instance.

Given the lack of competence indicated by the nature of the mathematical error, users should also ask whether fixing the code is sufficient remedy.

I understand you would prefer to sugar-coat it, but there is really no way to prevent these sorts of flaws other than by having people who know what they are doing (and not just copying stuff without apparently understanding it, as I have pointed out here several times before is a frequent pattern, not a one-time occurrence).

Quote
Immediately after posting that, smooth posted this image

I thought it was funny, especially since I did mention ShadowMarket along with the shopping reference. You seem a bit thin-skinned for crypto.

FWIW, I also thought X1235's omg post mocking the idea of paying a bounty to be somewhat funny if dismissive, and for whatever it wasn't deleted by the thread moderator as mine was.
legendary
Activity: 2044
Merit: 1005
February 11, 2016, 11:04:06 AM
Warning to anyone that relied on supposedly-anonymous payments using shadowcash (in particular ring signatures): all such payments can be trivially deanonymised.

https://shnoe.wordpress.com/2016/02/11/de-anonymizing-shadowcash-and-oz-coin/
+5% interesting.. I personally think that monero itself will be deannonymized soon enough aswell
legendary
Activity: 1512
Merit: 1012
Still wild and free
February 11, 2016, 10:31:16 AM
This is not me who found the flaw. Shen Noether from the Monero Research Lab did, and as he explains at the end of his article, he already applied for the bounty.
I hope nobody was using "anonymous" payments for anything critical. Be safe!



I don't think this is the standard for handling security flaws in this industry.

The way you've both handled this has malicious intent written all over it.

Huh what? Care to explain what you think was wrong here? Or worse, malicious?


Releasing it publicly on a non-technical forum. Standard is to notify the developers and allow them to take action, notify the community, etc,..  If nothing results from that, then a public release is standard and acceptable.

You realize blockchain-based systems are not your usual security software, and your "standard practice" doesn't make sense in that context? Transactions are recorded in the blockchain and there is no possible fix for that flaw after the fact.
(For a flaw that wouldn't apply to past transactions, I agree it could be released to developpers first).


You know where the trolls will take this. You know it will cause panic in those who don't have technical knowledge. The original blog post is written with sarcastic, demeaning tone.
I don't care personally about trolls or possible panic. What I personally care about is for crypto users in general to know flaws that apply retrospectively to their past transactions, and to know that asap, because if they used the flawed feature for anything critical, they need to cover their ass quick. Thus they have the right to know it as soon as possible.


Immediately after posting that, smooth posted this image:
 

Tell me how this wasn't a malicious attack on the developer's credibility and reputation?
Smooth does what he wants. People in general do what they want. If you think Smooth, Shen, me and others all prepared some kind of conspiracy discredit, you're really paranoid and surely have some illusions of grandeur. Smiley
A flaw in the maths is pointed out in a neutral article; you better focus on this and thank for the research rather than whining about how you feel some people are mocking you.
I posted here with the best intentions. I'm leaving that dodgy conspiracy discussion anyway. Good luck.


[...]
It means you could handle it in a more professional way, instead of using the patronizing tone we've seen here and in the post of shnoe.
[...]
I have honestly no idea how you found any patronizing tone in my posts previous to this one. If you're not happy with Shen's tone, go complain to him. Stop considering a variety of actors as one entity.
legendary
Activity: 868
Merit: 1006
February 11, 2016, 10:26:49 AM
This is not me who found the flaw. Shen Noether from the Monero Research Lab did, and as he explains at the end of his article, he already applied for the bounty.
I hope nobody was using "anonymous" payments for anything critical. Be safe!



I don't think this is the standard for handling security flaws in this industry.

The way you've both handled this has malicious intent written all over it.

Huh what? Care to explain what you think was wrong here? Or worse, malicious?


It means you could handle it in a more professional way, instead of using the patronizing tone we've seen here and in the post of shnoe.

The bounty will be paid if the deanonymization is verified, it's what it's settled for.

Where schnoe can be contacted ? Our slack is open if he wants to come and discuss.
hero member
Activity: 606
Merit: 500
February 11, 2016, 10:11:27 AM
This is not me who found the flaw. Shen Noether from the Monero Research Lab did, and as he explains at the end of his article, he already applied for the bounty.
I hope nobody was using "anonymous" payments for anything critical. Be safe!



I don't think this is the standard for handling security flaws in this industry.

The way you've both handled this has malicious intent written all over it.

Huh what? Care to explain what you think was wrong here? Or worse, malicious?


Releasing it publicly on a non-technical forum. Standard is to notify the developers and allow them to take action, notify the community, etc,..  If nothing results from that, then a public release is standard and acceptable.

You know where the trolls will take this. You know it will cause panic in those who don't have technical knowledge. The original blog post is written with sarcastic, demeaning tone.

Immediately after posting that, smooth posted this image:
 

Tell me how this wasn't a malicious attack on the developer's credibility and reputation?
legendary
Activity: 1512
Merit: 1012
Still wild and free
February 11, 2016, 09:57:32 AM
This is not me who found the flaw. Shen Noether from the Monero Research Lab did, and as he explains at the end of his article, he already applied for the bounty.
I hope nobody was using "anonymous" payments for anything critical. Be safe!



I don't think this is the standard for handling security flaws in this industry.

The way you've both handled this has malicious intent written all over it.

Huh what? Care to explain what you think was wrong here? Or worse, malicious?
hero member
Activity: 606
Merit: 500
February 11, 2016, 09:51:22 AM
This is not me who found the flaw. Shen Noether from the Monero Research Lab did, and as he explains at the end of his article, he already applied for the bounty.
I hope nobody was using "anonymous" payments for anything critical. Be safe!



I don't think this is the standard for handling security flaws in this industry.

The way you've both handled this has malicious intent written all over it.
sr. member
Activity: 624
Merit: 250
February 11, 2016, 09:43:31 AM
code: We're looking into this issue as we speak. We want to take the time to thank Shen and the Monero Research Lab for the research they have conducted, if confirmed then they are indeed eligible for a bounty.
legendary
Activity: 1512
Merit: 1012
Still wild and free
February 11, 2016, 09:12:26 AM
This is not me who found the flaw. Shen Noether from the Monero Research Lab did, and as he explains at the end of his article, he already applied for the bounty.
I hope nobody was using "anonymous" payments for anything critical. Be safe!
Jump to: