|
Title: Researchers crack online encryption system - Bitcoin affected? Post by: tosaki on February 15, 2012, 01:46:00 PM http://www.computerworld.com/s/article/9224265/Researchers_crack_online_encryption_system?taxonomyId=85
Is Bitcoin affected? Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: BurtW on February 15, 2012, 01:54:00 PM First thing:
Quote The researchers studied 6.6 million public keys generated using the RSA algorithm, and found that 12,720 were not secure at all and 27,000 others were vulnerable. Bitcoin does not use RSA it uses Eliptical Curve Cryptography (ECC).Second thing: Quote the problem had to do with the manner in which the keys were generated not the underlying cryptographic system. Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: theymos on February 15, 2012, 01:59:20 PM The paper is mostly about potentially worrying trends in RSA, which Bitcoin doesn't use.
Summary of the paper: We gathered several million TLS/PGP certificates in the wild. A surprisingly large percentage of RSA keys and maybe a few DSA keys were generated in such a way that they share certain properties with other keys which are never supposed to be shared, making encryption using the affected keys weak or totally useless. We're not sure why this happened. Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: hashman on February 15, 2012, 04:25:32 PM *affected. The paper: eprint.iacr.org/2012/064.pdf With their extensive collection of millions of keys they only found 1 ECDSA public key. Can anybody think of somewhere they could look to find a few more ECDSA public keys? Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: BurtW on February 15, 2012, 04:45:21 PM ;)
Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: Vandroiy on February 15, 2012, 05:30:35 PM Read: business dudes can't do crypto. Tell me something new. *yawns*
In fact, this is a fairly good result. I know someone who's good at crypto, and boy, he discovers flaws everywhere, all the time, mostly by accident. He didn't have much to complain about concerning Bitcoin, so I guess it's safe enough for now. Only thing I could complain about is the standard client being written in C++, a language in which unsafe context is the standard paradigm. But that's not an issue of the Bitcoin protocol. Alternative clients will hopefully pop up as Bitcoin evolves, which would be desirable for many reasons anyway... nice! I just found BitcoinSharp, a .NET/Mono compatible port of BitcoinJ. Hell yeah, I might even make my own "lite" client version with this. :) Bottom line: Bitcoin protocol seems secure, and Bitcoin infrastructure is evolving as we speak. Stay careful for now, but the long-term outlook is good! Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: tosaki on February 15, 2012, 07:13:32 PM My technical knowledge/english was not good enough to understand the details.. thank you guys.
Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: Proofer on February 15, 2012, 08:03:09 PM ... C++, a language in which unsafe context is the standard paradigm. What are some languages for which a safe context is the standard paradigm and which could be used to generate both Windows and *nix targets? Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: check_status on February 15, 2012, 08:17:54 PM What are some languages for which a safe context is the standard paradigm and which could be used to generate both Windows and *nix targets? AssemblyTitle: Re: Researchers crack online encryption system - Bitcoin affected? Post by: Gavin Andresen on February 15, 2012, 08:42:19 PM This doesn't affect Bitcoin at all, because the ECDSA algorithm that Bitcoin uses does not use pairs of prime numbers to do it's thing.
Title: Re: Researchers crack online encryption system - Bitcoin effected? Post by: DiThi on February 15, 2012, 09:04:09 PM The only vulnerability known to ECDSA are timing attacks (measuring how long it takes to generate a key). Bitcoin does not suffer of this because it always generates a pool of keys instead of a single one and there's no way of knowing how long it took (at least with the implementations I've seen).
|