Bitcoin Forum
November 09, 2024, 11:34:33 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they believe that the creator of this topic displays some red flags which make them high-risk. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 ... 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 [60] 61 62 63 64 65 »
  Print  
Author Topic: Nxt source code flaw reports  (Read 113366 times)
CrazyEyes
Full Member
***
Offline Offline

Activity: 137
Merit: 100


View Profile
February 07, 2014, 08:05:43 PM
 #1181

100K reward should go to him

https://nextcoin.org/index.php/topic,3884

Indeed, he got a bounty of 10 btc though. The priority whos getting bountys or not isnt the most logical one. This was a HUGE bug and deserved a lot more attention. Instead they arguing about who getting a part of the 10M nxt and they can give some guy 250k for client. The priorites arent clear. There does not seem to exist any form of true leadership or core team. End of discussion.

"If we have nothing else to do, we can always vote on something."

Regards
j0b
pandaisftw
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
February 08, 2014, 02:18:24 AM
 #1182

100K reward should go to him

https://nextcoin.org/index.php/topic,3884

Indeed, he got a bounty of 10 btc though. The priority whos getting bountys or not isnt the most logical one. This was a HUGE bug and deserved a lot more attention. Instead they arguing about who getting a part of the 10M nxt and they can give some guy 250k for client. The priorites arent clear. There does not seem to exist any form of true leadership or core team. End of discussion.

"If we have nothing else to do, we can always vote on something."

Regards
j0b

As far as I know, there was no reward at all, but c-f-b decided to reward him 10 BTC anyways. Plus, there is still the 100k bounty for the the fatal flaw...

NXT: 13095091276527367030
Vannicke
Member
**
Offline Offline

Activity: 95
Merit: 10


That guy, you know, with the face


View Profile
February 09, 2014, 05:43:46 AM
 #1183

Jeeps ... only took me 8 days to finally get to the end of this thread, kudos to the many more experienced java coders than me that trudged through that beast of a file.

Even so it seems that the fatal flaw has not been found, I might not be able to get in much time to really tear into the logic in the code, with recent snow days I had a little time to delve into it, but I'll try in what time I can find anyhow.

Smaragda, gimre, ricot, ImmortAlex, doctorevil et al. (sorry if I forgot all your names >_<) awesome stuff!

Also curious as to why this thread has been silent for days... O.o

The Satoshi Jar: 16t2BLGZyaMpGm3vzYWxucGz8g4bVotr1h
bitcoinpaul
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
February 14, 2014, 02:37:21 PM
 #1184

Come on, guys. Find the flaw!
BloodyRookie
Hero Member
*****
Offline Offline

Activity: 687
Merit: 500


View Profile
February 14, 2014, 05:49:34 PM
 #1185

I am busy coding other stuff at the moment.

Nothing Else Matters
NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ
NXT: 11095639652683007953
bitcoinpaul
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
February 15, 2014, 04:56:21 PM
 #1186

Nice.
Vannicke
Member
**
Offline Offline

Activity: 95
Merit: 10


That guy, you know, with the face


View Profile
February 17, 2014, 02:01:28 PM
 #1187

Just as a random gander because it seems too simple ... The fatal flaw couldn't be that the genesis block is hardcoded into the source? Right?

That is, I say the fatal flaw is that the NXT genesis block is hardcoded into the source, so copycoins could theoretically connect to a nxt node and think the next legit block is that second block in the NXT chain, and then end up trying to download the entire Nxt chain instead of starting a new one for a separate coin.

I think the chance is slim that this is the correct answer, but hey, just in case it really is that simple.

The Satoshi Jar: 16t2BLGZyaMpGm3vzYWxucGz8g4bVotr1h
Come-from-Beyond (OP)
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
February 17, 2014, 02:08:49 PM
 #1188

Just as a random gander because it seems too simple ... The fatal flaw couldn't be that the genesis block is hardcoded into the source? Right?

That is, I say the fatal flaw is that the NXT genesis block is hardcoded into the source, so copycoins could theoretically connect to a nxt node and think the next legit block is that second block in the NXT chain, and then end up trying to download the entire Nxt chain instead of starting a new one for a separate coin.

I think the chance is slim that this is the correct answer, but hey, just in case it really is that simple.

No, a copycoin won't download Nxt blockchain if it has another genesis.
Dusty
Hero Member
*****
Offline Offline

Activity: 731
Merit: 503


Libertas a calumnia


View Profile WWW
February 19, 2014, 05:52:20 PM
 #1189

Hello,
I see that two of the bounties have already been claimed, is it possible to know which flaws where without having to read all the thread? Smiley

Thanks

Articoli bitcoin: Il portico dipinto
Dusty
Hero Member
*****
Offline Offline

Activity: 731
Merit: 503


Libertas a calumnia


View Profile WWW
February 19, 2014, 06:55:58 PM
 #1190

TY very much, smaragda

Articoli bitcoin: Il portico dipinto
lophie
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1001

Unlimited Free Crypto


View Profile
February 20, 2014, 02:34:43 AM
 #1191


Critical flaw description:
Code:
Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:
Code:
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

Will take me a while to climb up again, But where is a will, there is a way...
Come-from-Beyond (OP)
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
February 20, 2014, 06:59:00 AM
 #1192


Critical flaw description:
Code:
Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:
Code:
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.
FrictionlessCoin
Legendary
*
Offline Offline

Activity: 868
Merit: 1000


Cryptotalk.org - Get paid for every post!


View Profile
February 21, 2014, 02:25:44 PM
 #1193


Critical flaw description:
Code:
Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:
Code:
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash. 


 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
klee
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
February 21, 2014, 04:03:29 PM
 #1194


Critical flaw description:
Code:
Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:
Code:
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash. 
Why don't YOU fix it? After all YOU are the code GURU Tongue
FrictionlessCoin
Legendary
*
Offline Offline

Activity: 868
Merit: 1000


Cryptotalk.org - Get paid for every post!


View Profile
February 21, 2014, 04:15:01 PM
 #1195


Critical flaw description:
Code:
Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:
Code:
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash. 
Why don't YOU fix it? After all YOU are the code GURU Tongue

Because it can't be fixed for Nxt without destroying the entire block chain.   

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
klee
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
February 21, 2014, 04:34:43 PM
 #1196


Critical flaw description:
Code:
Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:
Code:
888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash. 
Why don't YOU fix it? After all YOU are the code GURU Tongue

Because it can't be fixed for Nxt without destroying the entire block chain.   
Why do you care? You have your own blockchain without this bug Wink
Let it crash & burn!
nesstka
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
February 23, 2014, 09:53:15 PM
 #1197

The block payload hash and generation signature excluded from the block signature.

Code:
			byte[] data = block.getBytes();
byte[] data2 = new byte[data.length - 64];
System.arraycopy(data, 0, data2, 0, data2.length);
block.blockSignature = Crypto.sign(data2, secretPhrase);

These bytes shouldn't be excluded from the generation signature or the block signature.

The code above, surrounding code, and relevant code in verifyBlockSignature() and verifyGenerationSignature() is fatally flawed.
Come-from-Beyond (OP)
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
February 23, 2014, 09:57:30 PM
 #1198

The block payload hash and generation signature excluded from the block signature.

Code:
			byte[] data = block.getBytes();
byte[] data2 = new byte[data.length - 64];
System.arraycopy(data, 0, data2, 0, data2.length);
block.blockSignature = Crypto.sign(data2, secretPhrase);

These bytes shouldn't be excluded from the generation signature or the block signature.

The code above, surrounding code, and relevant code in verifyBlockSignature() and verifyGenerationSignature() is fatally flawed.

No, only placeholder for block signature is excluded.
nesstka
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
February 23, 2014, 11:14:30 PM
 #1199

The block hash is excluded from generation signature.

Code:
    block.payloadHash = digest.digest();

    // ???

    block.generationSignature = Crypto.sign(Block.getLastBlock().generationSignature, secretPhrase);

Flaw: Blocks can be mutated after the fact, by the account which generated the block.
Come-from-Beyond (OP)
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
February 24, 2014, 07:10:18 AM
 #1200

The block hash is excluded from generation signature.

Code:
    block.payloadHash = digest.digest();

    // ???

    block.generationSignature = Crypto.sign(Block.getLastBlock().generationSignature, secretPhrase);

Flaw: Blocks can be mutated after the fact, by the account which generated the block.

It's not a flaw, it's a feature.
Pages: « 1 ... 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 [60] 61 62 63 64 65 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!