Bitcoin Forum
November 19, 2019, 12:31:02 PM *
News: Help collect the most notable posts made over the last 10 years.
 
   Home   Help Search Login Register More  
Poll
Question: What should I do?
Full disclosure right now! - 1 (12.5%)
Full disclosure after MM manages to exploit it to fullest potential - 1 (12.5%)
Privately notify site owners and probably get nothing or get in trouble - 6 (75%)
Exploit and keep silent forever! - 0 (0%)
Don't exploit, keep silent, let someone else to find the same exploit - 0 (0%)
Total Voters: 8

Pages: [1]
  Print  
Author Topic: [Poll added] Please save this SHA256 or timestamp it!  (Read 1668 times)
MysteryMiner
Legendary
*
Offline Offline

Activity: 1204
Merit: 1005


Show middle finger to system and then destroy it!


View Profile
April 07, 2013, 09:01:23 PM
Last edit: April 08, 2013, 01:52:03 PM by MysteryMiner
 #1

aedd6c30a81f53c301a2862901c32719f40e4b891c47a27039093b2c539e7f95

Please save this here or timestamp/sign it. GPG or Namecoin.

It is needed if I decide to make public announcement later as a proof I did not made it up after the shit hit the fan. Until then it will remain Mystery to be mined.

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1574166662
Hero Member
*
Offline Offline

Posts: 1574166662

View Profile Personal Message (Offline)

Ignore
1574166662
Reply with quote  #2

1574166662
Report to moderator
1574166662
Hero Member
*
Offline Offline

Posts: 1574166662

View Profile Personal Message (Offline)

Ignore
1574166662
Reply with quote  #2

1574166662
Report to moderator
1574166662
Hero Member
*
Offline Offline

Posts: 1574166662

View Profile Personal Message (Offline)

Ignore
1574166662
Reply with quote  #2

1574166662
Report to moderator
phantastisch
Staff
Legendary
*
Offline Offline

Activity: 2221
Merit: 1245



View Profile
April 07, 2013, 09:02:45 PM
 #2

aedd6c30a81f53c301a2862901c32719f40e4b891c47a27039093b2c539e7f95

Please save this here or timestamp/sign it. GPG or Namecoin.

It is needed if I decide to make public announcement later as a proof I did not made it up after the shit hit the fan. Until then it will remain Mystery to be mined.

I will quote it for now.

HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐       
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
Joost
Member
**
Offline Offline

Activity: 68
Merit: 10



View Profile
April 07, 2013, 09:50:06 PM
 #3

aedd6c30a81f53c301a2862901c32719f40e4b891c47a27039093b2c539e7f95

Please save this here or timestamp/sign it. GPG or Namecoin.

It is needed if I decide to make public announcement later as a proof I did not made it up after the shit hit the fan. Until then it will remain Mystery to be mined.

I will quote it for now.

And I shall quote your quote. For now.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
April 07, 2013, 10:21:16 PM
 #4

aedd6c30a81f53c301a2862901c32719f40e4b891c47a27039093b2c539e7f95

Please save this here or timestamp/sign it. GPG or Namecoin.
Is this what you're looking for?

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2013-04-07 I saw MysteryMiner post the following hash:

aedd6c30a81f53c301a2862901c32719f40e4b891c47a27039093b2c539e7f95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBAgAGBQJRYfHeAAoJECoisBQbQ4v01AAH/1ugpXKuHQMJ/DLTpMSpXdXc
G0IOvofgUC5O0d1aBw6PvrJJTvnv8aEm3RmZp7vIwyfiYCttbG3/RYXAKqdZB2sl
vnTvDVg0FEcdDrAVyL+Riq+TuXpVJ3Hn/HFTPB9gpR00PWAFgmc1nVhsXJANxMXh
xKjgJ4s/dQugE51szKKm1rz3I/ibZN4EgBD7cANCt6Pt7fJ6OOTIfjpgBUXNDhRR
UtJYVnuRZRlZlMAt6F7AStJDp5dOwpblIvYvr0VMx3Ko7EWv+KlCX6zcNTdo4lfG
8No1jgAQJxleoNOwDSDRVPqoJ6XXV7EuPNOpXz2SSsFHjQrX2aSY+Bi1pIxdI2U=
=IpFk
-----END PGP SIGNATURE-----
jackjack
Legendary
*
Offline Offline

Activity: 1134
Merit: 1027


May Bitcoin be touched by his Noodly Appendage


View Profile
April 08, 2013, 10:43:30 AM
 #5

aedd6c30a81f53c301a2862901c32719f40e4b891c47a27039093b2c539e7f95

Please save this here or timestamp/sign it. GPG or Namecoin.
Is this what you're looking for?

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2013-04-07 I saw MysteryMiner post the following hash:

aedd6c30a81f53c301a2862901c32719f40e4b891c47a27039093b2c539e7f95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBAgAGBQJRYfHeAAoJECoisBQbQ4v01AAH/1ugpXKuHQMJ/DLTpMSpXdXc
G0IOvofgUC5O0d1aBw6PvrJJTvnv8aEm3RmZp7vIwyfiYCttbG3/RYXAKqdZB2sl
vnTvDVg0FEcdDrAVyL+Riq+TuXpVJ3Hn/HFTPB9gpR00PWAFgmc1nVhsXJANxMXh
xKjgJ4s/dQugE51szKKm1rz3I/ibZN4EgBD7cANCt6Pt7fJ6OOTIfjpgBUXNDhRR
UtJYVnuRZRlZlMAt6F7AStJDp5dOwpblIvYvr0VMx3Ko7EWv+KlCX6zcNTdo4lfG
8No1jgAQJxleoNOwDSDRVPqoJ6XXV7EuPNOpXz2SSsFHjQrX2aSY+Bi1pIxdI2U=
=IpFk
-----END PGP SIGNATURE-----

And... Quoted!
Inb4 nothing happens

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1204
Merit: 1005


Show middle finger to system and then destroy it!


View Profile
April 08, 2013, 01:42:56 PM
 #6

Thanks everyone! I'm not sure I will come out with the data corresponding to this hash before someone else figures out this and announces it publicly. Learning from history the good guys get no profit and only troubles from being white knight on donkey instead of black knight on stallion. I'm not sure how seriously it might affect Bitcoin but it is about exploitable vulnerability on Bitcoin accepting service that might go down completely as a result of this.

Adding poll to vote.

edit: no poll option found. Changing my glasses.

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
Ditto
Sr. Member
****
Offline Offline

Activity: 330
Merit: 250


View Profile
April 08, 2013, 02:02:23 PM
 #7

Voted for notify. Can you tell us what the site is?
MysteryMiner
Legendary
*
Offline Offline

Activity: 1204
Merit: 1005


Show middle finger to system and then destroy it!


View Profile
April 08, 2013, 02:07:33 PM
Last edit: April 08, 2013, 02:49:50 PM by MysteryMiner
 #8

Voted for notify. Can you tell us what the site is?
Will not tell anyone until I finish one of first 4 options. If one is following Bitcointalk closely he easily might figure out that by himself.

Update: I'm dissapointed. I will goatse them at midnight. I don't want to do this because I and other people need them but what is going to be inevitable must happen sooner or later. Better it's me who pull the trigger and not someone else gets all the little fun.

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
MysteryMiner
Legendary
*
Offline Offline

Activity: 1204
Merit: 1005


Show middle finger to system and then destroy it!


View Profile
April 09, 2013, 12:35:50 AM
 #9

Notified the owners and got response. I will explain everything tomorrow and post both the file behind the hash and full dump. Im very drunk right now.

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
vog
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
April 09, 2013, 05:13:22 AM
 #10

Regarding the timestamping of your SHA256: Why don't you let the bitcoin network prove your timestamp? (e.g. via Bitcoinproof)
MysteryMiner
Legendary
*
Offline Offline

Activity: 1204
Merit: 1005


Show middle finger to system and then destroy it!


View Profile
April 09, 2013, 08:27:41 PM
 #11

Regarding the timestamping of your SHA256: Why don't you let the bitcoin network prove your timestamp? (e.g. via Bitcoinproof)
Thanks for the link! I did not know about it's existence. But does Namecoins serve the same purpose better? And Bitcoin network cannot be very accurate for this because it can vary block times for +/- 2 hours right? But it sill is very reasonable way to do, will take deeper look when have better state of mind.

The flaw turned out to be not so dramatic. I will post everything at once as soon as I get in mood of writing long text.

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
vog
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
April 10, 2013, 09:42:59 AM
 #12

But does Namecoins serve the same purpose better?

Bitcoin seems to be more active, and seems to attract more computing power, AFAICS.

And Bitcoin network cannot be very accurate for this because it can vary block times for +/- 2 hours right?

On average, every 10 minutes a new block is generated. So yes, that timestamp could be 10 minutes after you sent the transaction, or even some more minutes later. In addition, the block is only "really" assured after 6 transactions, so add 1 hour just to be safe.

However, I doubt that this will cause any problem, because it's usually not about minutes but days. I bet that quite some time elapsed between your discovery and the creation of the dataset whose SHA-256 hash you published. So I guess that adding 1 more hour (maybe 2) won't make any difference.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1204
Merit: 1005


Show middle finger to system and then destroy it!


View Profile
April 10, 2013, 05:22:12 PM
 #13

The data behind the hash is here: https://bitcointalk.org/index.php?topic=172527.0

First I tried to exploit alone for profit (failed), then notified owners, then did full disclosure for everyone to know and be aware.

Do not trust commercial VPN to save You from oppressive government! Get VPN service offered by a real cyber-dissenter https://bitcointalk.org/index.php?topic=4426691.0

1PG5HMwN51j8xYHKVFv9h1Tw4Jzc3fWXw3
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!