Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 782. (Read 4670673 times)

Welcome back.

Monero...still have some after all this time very good coin

Great :-)

EDIT: Oh, just saw it was you who funded the remainder. Great job and thanks!

This is now at 100%.

Wolf0 will always do a good job, if nothing else, because he has a reputation to maintain! 

I am sure Wolf will do his best! Early optimization gains are easier than later ones. Eventually there is a point of diminishing returns.

That's nice, I would like to see Wolf not hold back on this project. I've read that his previous code was only "partly optimized'. Impress us!

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

That's funny, because BlockaFett was online today at Today at 10:52:40 AM : https://bitcointalksearch.org/user/blockafett-340495 and you post is from Today at 12:30:06 PM. 

   

Thanks for clarifying Fluffy, and it's true I have seen you say several times that MyMonero is more for convenience but if you want the best security then use SimpleWallet.

I wish I hadn't posted now, I will sign off.  Good luck with your upcoming DB release.

BF

That's fair enough, and I apologise for misreading your comment as trolling.

Two things, then. First up, it hasn't occurred (at all) since that thread, and at the time I could not reproduce it by regular access even from different machines around the globe. I also couldn't reproduce finding the errant code (as it would appear by default, ie. without fudging JS versioning) either via archive.org or in Bing / Google's cache. Since then I have checked periodically to see if it is appearing, but have not seen the session-to-cookie snippet pop up. The snippet has not existed on the server in any way, shape, or form for many, many months, and so I can only assume it was isolated and unexpected. Needless to say that if it *is* ever reproducible by me then I will be able to tackle the exact cause and fix it from there.

Which leads me to the second thing I wanted to mention: I made it clear in that original thread, and it behoves repeating, web-based wallets are not "safe". Where a local wallet has a set of security risks (eg. a deviant local process can hijack your transactions as they are being built and redirect the funds) web wallets open up an additional class of security risks: trusting code that is delivered live, and passes through multiple points on the Internet. Using MyMonero involves trusting your ISP, trusting CloudFlare, trusting the CA, trusting MyMonero, and trusting the various data providers en-route, each and every time you use the web wallet. That having been said, MyMonero represents a smaller attack surface than a Bitcoin / altcoin-based web wallet where the keys are held on the server, as MyMonero is unable to spend funds independently of the user. Thus this attack would involve serving up compromised JavaScript, which would be noticed were it done on any sort of scale.

To that end, I'd like to reiterate my original comment from our previous discussion on the security of MyMonero:


One final bootnote: the view key is sent to the MyMonero server every single time, so we don't state that "no keys" are sent to the server, merely that the spend key is not. That is a factually correct statement, barring any number of circumstances outside of our control, such as a user's ISP being compromised. I hope it is unnecessary for me to qualify that statement every time I make it:)

What I'd like to know is, does the vulnerability still exist or not?

It's certainly good to point out with a clear disclosure that it did exist, but if has in fact been fixed then I'm not going to include a footnote about a former vulnerability every time someone asks a question about how MyMonero works. That's silly -- you would have to include such a disclosure about every site or piece of software that has ever had a vulnerability, which is pretty much all of them.

Hi Fluffy.  No it is me, Blockafett.  I can confirm that if you want but I would have to recover the account details as I scrambled the password - the reason is I didn't like how BCT was taking up all my time trying to argue with the dozens of posts a day attacking the main coin I am interested in coming from a minority of users here who get a kick out of bullying people and generally make life hell for anyone interested in that coin, now I just use the official forum and hardly look at BCT and life is much better.  I made this second account when I came back temporarily.

Please don't get me wrong, I am not saying that I think that this was done deliberately to hurt Monero users, because I don't - if it was, it wouldn't be intermittent - it's more likely to be a CloudFlare cache issue / test code as we discussed, I explained this in that thread.  

The reason I posted the above, is because I don't think it's fair for users to hear that private keys are never sent to the server, because they were (are?) being, for whatever reason.

You can be 100% honest but this can still undermine user's security - priv keys are stored on their local HD in clear text, and also sent up the wire to your server, so there are many ways these can be collected / intercepted / cached.

I don't think it's unfair for me to point this out - if I was a MyMonero user (i'm not, but I have invested in Monero before) I would want to know this.  So with Smooth here now saying priv keys are never sent, when 5 months ago I showed they were being, for whatever reason, is just not true, and he knows that very well because we spoke about it there.

A lot of users here care about security, I think it's fair to point this out, and users have a right to know this vulnerability existed so they can take corrective action.

And I'm not trolling, I never mentioned this issue on this thread once before, just on a separate thread in the alt section, I would have expected some official announcement here - maybe this happened already, and this issue is fixed.  I don't know.  

If this happened on the other coin I mentioned, I think we all know there would be like 20 posts a day from Icebreaker and crew accusing the dev of being a "scammer!!!" in gigantic red posts as usual and generally trying to make people's lives there a misery for their own agenda - I haven't done that, but I don't like that it seems like users don't have this information when it's 6 months old already, which is why I posted it.  And I do have issues with Smooth as I have stated before but that is not something I want to comment on here, but is the reason I felt I should post today.

So to clarify, this is not a "Scam" accusation in any way, just I think users have the right to know their keys might have been compromised by anyone with access to their PC all the way up to MyMonero ISP / servers.  

What is the situation then, has this vulnerability been fixed or is CloudFlare still serving the code that sends the private keys?  Apologies if this was announced already, but I didn't see it and I did a quick search on the thread earlier too.

I'm going to hazard that you're not BlockaFett, as he and I had a good chat about this months ago and all was resolved. He seemed a reasonable, logical person who understood the situation and was content with the resolution.

He's also perfectly capable of following up on his own research, you seem to lack the technical chops to do so. Pity, one always hopes that trolls will be a little less "talk" and a little more "action".

Nonetheless, it's probably not a bad idea for you to exit stage right and let BlockaFett talk on this matter if he so desires.

To make them more strictly correct, add "by design" to my comments. I will be more careful to note that in the future.

I don't know anything about the current status of the implementation or any security bugs that may exist, or may have been fixed, as I have nothing to do with operating the site, nor did I have anything to do with development it. You will have to take those up with fluffypony.

Fluffy's original response


from his multi page response: https://bitcointalksearch.org/topic/m.11531304

"It is not sent to the server"

For the sake of the Monero community I think I have to point out here that this is actually a lie that is told repeatedly by Fluffypony & Smooth and other core members.

As I showed back in June, and Smooth is fully aware of, MyMonero.com had code specifically inserted to send private keys to the server, and was doing so successfully (and as far as I know, still is) https://bitcointalksearch.org/topic/m.11529538

Fluffypony provided an explanation that it was used for 'testing' on that thread, but as far as I know, the Monero community was never told about it officially, apart from my post in the alt section.

So if you have used MyMonero, it's likely your private keys *have* been sent to the server, and also stored in clear text on your own HD in a cookie.

I never saw an announcement that this as fixed, or that the vulnerability exists - if it's fixed and you still want to use MyMonero, the safe thing to do is move your funds from any old addresses to new addresses, as the old ones are potentially compromised.

The spend key (and therefore one-time private key for each output on the chain) are derived by Javascript in the browser when you type in your login key. It is not sent to the server. Any transactions you send are likewise created and signed in the browser before being sent to the server.

What is sent to the server is your view key which the server uses to identify your incoming transactions. That key alone does not allow spending.

It is great if someone can explain why "only you know your private keys." is true and how mymonero.com can check balance and send transactions on behalf of user without exposing his private key to mymonero.com owner. I think that it would be a FAQ.

To summarize the comments, there seems to be broad agreement on a change to 2 minutes. A few people suggested higher, which is in line with the range of opinions in previous developer discussions, but given that no one has a really strong case to made for the "right" block time I think it is fair to say we will almost certainly go with 2 minutes in the upcoming hard fork.