lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Mar 2014 07:34:44 -0400
From: Ron Scott-Adams <ron@...uw.net>
To: Julius Kivimäki <julius.kivimaki@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: OT What is happening with bitcoins?

Julius hit the nail on the head here. Transaction malleability is not some heretofore undiscovered bug in the Bitcoin implementation. It was a known entity long ago, and presumably with the creator(s) awareness. It really isn’t a problem itself; it’s perfectly mitigable with the correct implementations on the exchange’s side. It’s worth noting nearly all of the FUD surrounding BTC comes down to mistakes made with and among exchanges. Exchanges of any kind carry risk, and a new kind of exchange such as this is bound to have some serious question marks in the first many years of existence.

For more on transaction malleability and the technical considerations, see https://en.bitcoin.it/wiki/Transaction_Malleability, noting especially the following:
“...this does mean that, for instance, it is not safe to accept a chain of unconfirmed transactions under any circumstance because the later transactions will depend on the hashes of the previous transactions, and those hashes can be changed until they are confirmed in a block.”

The above is a huge note, and is made clear elsewhere as well. However, mistakes around this were still made, and continue to be made today. Live and learn, caveat emptor, etc.

On Mar 10, 2014, at 10:57 AM, Julius Kivimäki <julius.kivimaki@...il.com> wrote:

> Saying that the malleability thing is an issue with bitcoins is like saying that sql injection is an issue with mysql.
> 
> 
> 2014-03-07 15:58 GMT+02:00 Meaux, Kirk <Kirk.Meaux@...d.edu>:
> More to the point, has the transaction malleability issue been fixed that caused Magic’s downfall?
> 
> Even though most exchanges just code around it, it’s still kind of a really big issue if it isn’t fixed. :d
> 
>  
> 
>  
> 
> From: Full-Disclosure [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Pedro Worcel
> Sent: Thursday, March 06, 2014 6:09 PM
> To: Georgi Guninski
> Cc: full-disclosure
> Subject: Re: [Full-disclosure] OT What is happening with bitcoins?
> 
>  
> 
> Bitcoins are doing great actually. =)
> 
> Used to be worth 0 a few years back, useless, and now you can use them to buy some stuff.
> 
> 
>  
> 
> 2014-03-07 4:06 GMT+13:00 Georgi Guninski <guninski@...inski.com>:
> 
> Read on theregister that bitcoins are in trouble.
> 
> Allegedly mtgox lost $400M maybe related to
> transactions.
> 
> Are the bugs in bitcoin or just sufficiently
> many ones got rooted?
> 
> Is bitcoin still alive?
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 
> 
> 
> --
> 
> GPG: http://is.gd/droope
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists