Topic: This message was too old and has been purged (Read 5009 times)
I'm confused. Even if this is true, what does modifying the message (the message hash, in fact) have to do with transaction malleability? If you change the script to be signed in the transaction that transaction will have a different tx hash anyway, even if the same signature is valid, not to mention even if you were able to construct such message hash you still can't figure out the message as long as the hash function is secure.
Now we can create a modified message, which will lead in the same signature WITHOUT KNOWING THE PRIVATE KEY!
Although this signature is the same it will (in this example) not get verified correctly. But with some "formula bingo" you can create a different signature which WILL validate.
I need some time on this to fully get a "out of the box runnable" proof of concept. But it really disencourages people, when there are some guys who give you bad ratings. In fact I will only continue working on this, when the User who rated me bad for this topic, removes his rating.
Although this signature is the same it will (in this example) not get verified correctly. But with some "formula bingo" you can create a different signature which WILL validate.
I need some time on this to fully get a "out of the box runnable" proof of concept. But it really disencourages people, when there are some guys who give you bad ratings. In fact I will only continue working on this, when the User who rated me bad for this topic, removes his rating.
Put up or shut up. There are plenty of messages in this thread. If you can do what you say, prove it. Otherwise GTFO.
Take the following python example program.
A question for Evil-Knievel: What does this function from the python example suppose to do:
Code:
def halve( self ):
Guessing it is the opposite of 'double', in an attempt to create EC point divide. This looks rather naive, how are you going to solve problem of finding the X mod Y = Z if you only have Y and Z? It's impossible.
Point Havling is trivial, it is just multiplying by the "multiplicative inverse to the modulo group order of G of 2".
I know that it's trivial, but even that "trivial" is not in the code, there is a copy/paste code from the 'double' method.
That was not my question, question was what's the use of the 'halve' method at all? Hypothetical point divide?
This message was too old and has been purged
Take the following python example program.
A question for Evil-Knievel: What does this function from the python example suppose to do:
Code:
def halve( self ):
Guessing it is the opposite of 'double', in an attempt to create EC point divide. This looks rather naive, how are you going to solve problem of finding the X mod Y = Z if you only have Y and Z? It's impossible.
Well, whenever you sign a message/transaction/block you have to pick some random k value. If you ever pick k twice the same, people can recover your private key, so you are advised to pick it completely randomly. In this example k was picked to be 908.
Yeah, I'm fully aware of the meaning of k and why you need to pick it at random. My concern is that you are setting yourself up for a repeat. Do you remember that time when you wrote a shitty not-so-random key generator, and then wrote a program that "found" your shitty weak keys?
If you use a shitty not-so-random k generator, and then you exploit your shitty ks, no one gives a fuck because you are exploiting your own lousy programming, not the software people are using, and not the math it is based on.
I could be wrong about that, of course. Your latest scam might not depend on using shitty k values. It is also entirely possible that you don't understand that message signing is done on hashes instead of integers. Or, you may have "discovered" the property of key-recovery that gmaxwell mentioned earlier.
I am actually looking forward to this.
This message was too old and has been purged
This message was too old and has been purged
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.
And I took my time to sign a message. Never really thought it would come to something - but sometimes you never know. Maths is amazing but clearly not for this chap.
Sorry guys, I was in the NXT thread. There, people also laughed at me when I tried to talk about a potential issue a few weeks ago, now I collected a 100,000 NXT bounty for identifying the bug.
I will be back shortly, to finish up this demonstration here.
The potential issue you bringed some days ago and the "bug" you found are two different things.
-You claimed it was possible to funds NXT account with unlimited funds, and you didn't proved that at all.
-The bug you discovered was an injected flaw by the NXT dev to make sure people audit the source code. You got it, congrats for the 100k bounty.
This message was too old and has been purged
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.
And I took my time to sign a message. Never really thought it would come to something - but sometimes you never know. Maths is amazing but clearly not for this chap.
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.
Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber? I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?
--------
Quote from: Message
No, you got a bad trust rating because you continually cry wolf without any evidence to back up your claims. You said you could provide valid sigs for posted messages as an example of the flaw you found. There are numerous signed messages posted in this thread. Put up or shut up.
Quote from: Sig
IDHNVL6lJx04wYMjBU5yJG5OcGUUiRpRWYyzgyrySufLDOFYaIIbnFtSCyz3q6mT9iqXOjWtqStXwUF 5PvjewBo=
Quote from: Address
1D4LM66YwaoqcfHF1366pqvxvxHxvq66EZ
You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.
He also claims to have found a flaw in Nxt and wanted money before he writes the code to exploit it.
https://bitcointalksearch.org/topic/m.5663483
The balls on this guy.
Why isn't this thread locked yet? Hilarity?
This shitty community eagerly awaits your proof. You're in danger getting blamed for what you criticized us.
What you do not seem to understand at all, is that these claim i make are not bogus. Just because you cannot understand them, this doesn't mean they are not present.
I cannot judge to what degree this is a potential thread, whan I can say is that all I am saying is 100% right.
You seem to be a very arrogant person, who blames anyone who has contrary opinions to you. Not sure why you are this way, but this disencourages people to help auditing the bitcoin code at all (even if they are wrong sometimes).
If all bitcoin-qt developers are so ignorant and arrogant like you are, I am not surprised why the transaction malleability was ignored for such a long time causing users to lose over 800000 BTC. Maybe you just ignored it because you felt that all "code auditers" where just spreading FUD and should therefore just shut the fuck up. I mean this issue was known for a long time, did it?
I understand that you might have some problem accepting people thinking differently than you do, but don't you think that you have some kind of responsibility (to the users) to listen to everyone and (more importantly) be thankful to anyone trying to help, instead of seeing you as the king and looking down on everyone else?
edit
the crypographic tenderfoots thank Eadeqa for pointing out this difference technologique
You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.
What you do not seem to understand at all, is that these claim i make are not bogus. Just because you cannot understand them, this doesn't mean they are not present.
I cannot judge to what degree this is a potential thread, whan I can say is that all I am saying is 100% right.
You seem to be a very arrogant person, who blames anyone who has contrary opinions to you. Not sure why you are this way, but this disencourages people to help auditing the bitcoin code at all (even if they are wrong sometimes).
If all bitcoin-qt developers are so ignorant and arrogant like you are, I am not surprised why the transaction malleability was ignored for such a long time causing users to lose over 800000 BTC. Maybe you just ignored it because you felt that all "code auditers" where just spreading FUD and should therefore just shut the fuck up. I mean this issue was known for a long time, did it?
I understand that you might have some problem accepting people thinking differently than you do, but don't you think that you have some kind of responsibility (to the users) to listen to everyone and (more importantly) be thankful to anyone trying to help, instead of seeing you as the king and looking down on everyone else?
edit
What would SHA256 has anything to do with this? This is curve related (secp256k1)
the crypographic tenderfoots thank Eadeqa for pointing out this difference technologique
But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.
There are a few signatures in this thread so where's the beef?
So what's up? Do we have devcon 1 or is this just an alarm drill?
It is possible I think but would take some kind of genius inspiration to break the encryption algorithm. I remember there was some Chinese girl who did (then didn't yeah right) break the sha256 algorithm... still waiting for his asics to crunch the numbers...
This means if his Asperger turns out misunderstood genius, sha256 is basically broken? Is there a way we can "easily" follow/confirm his claim?
Well if he posts a message that I can verify as signed my me - then yeah shit hits the fan. Probability is low though but you can't rule out a mule (isaac asimov
)[edit] and then we would need to know how he did it... yeah
[edit2] even if he did manage to post a message that I could verify as signed by me - it's more likely to be a a 'feature' in bitcoin qt 0.8.6 rather than a crack for sha256...
What would SHA256 has anything to do with this? This is curve related (secp256k1)
Jump to: