| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <7A918790-5D75-4E96-87C3-3AB6AC6A87ED@tohuw.net> Date: Tue, 11 Mar 2014 07:34:44 -0400 From: Ron Scott-Adams <ron@...uw.net> To: Julius Kivimäki <julius.kivimaki@...il.com> Cc: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: OT What is happening with bitcoins? Julius hit the nail on the head here. Transaction malleability is not some heretofore undiscovered bug in the Bitcoin implementation. It was a known entity long ago, and presumably with the creator(s) awareness. It really isn’t a problem itself; it’s perfectly mitigable with the correct implementations on the exchange’s side. It’s worth noting nearly all of the FUD surrounding BTC comes down to mistakes made with and among exchanges. Exchanges of any kind carry risk, and a new kind of exchange such as this is bound to have some serious question marks in the first many years of existence. For more on transaction malleability and the technical considerations, see https://en.bitcoin.it/wiki/Transaction_Malleability, noting especially the following: “...this does mean that, for instance, it is not safe to accept a chain of unconfirmed transactions under any circumstance because the later transactions will depend on the hashes of the previous transactions, and those hashes can be changed until they are confirmed in a block.” The above is a huge note, and is made clear elsewhere as well. However, mistakes around this were still made, and continue to be made today. Live and learn, caveat emptor, etc. On Mar 10, 2014, at 10:57 AM, Julius Kivimäki <julius.kivimaki@...il.com> wrote: > Saying that the malleability thing is an issue with bitcoins is like saying that sql injection is an issue with mysql. > > > 2014-03-07 15:58 GMT+02:00 Meaux, Kirk <Kirk.Meaux@...d.edu>: > More to the point, has the transaction malleability issue been fixed that caused Magic’s downfall? > > Even though most exchanges just code around it, it’s still kind of a really big issue if it isn’t fixed. :d > > > > > > From: Full-Disclosure [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Pedro Worcel > Sent: Thursday, March 06, 2014 6:09 PM > To: Georgi Guninski > Cc: full-disclosure > Subject: Re: [Full-disclosure] OT What is happening with bitcoins? > > > > Bitcoins are doing great actually. =) > > Used to be worth 0 a few years back, useless, and now you can use them to buy some stuff. > > > > > 2014-03-07 4:06 GMT+13:00 Georgi Guninski <guninski@...inski.com>: > > Read on theregister that bitcoins are in trouble. > > Allegedly mtgox lost $400M maybe related to > transactions. > > Are the bugs in bitcoin or just sufficiently > many ones got rooted? > > Is bitcoin still alive? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > > GPG: http://is.gd/droope > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists