This message was too old and has been purged

[podizzle]

WHAT KIND OF COMMUNITY IS THIS???

I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?

How can this be? Don't you guys think this is unfair?

are you a bitch? because you act like a bitch.

[1714021958]

1714021958

[1714021958]

1714021958

[1714021958]

1714021958

[gmaxwell]

You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.

[Evil-Knievel]

This message was too old and has been purged

[Serpens66]

I think you all should calm down. You all made mistakes by offending the other users.

So Evil-Knievel, please just prove the things you are saying.
Next time you maybe should start with the evidences =/

[Evil-Knievel]

This message was too old and has been purged

[jubalix]

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.

I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.

Dear EK, given the walls of text you are makeing , and the magnitude of your claim, you would be up 3.AM no worries setting out a brief proof....

You have had signed messages or so forth as you requested and only walls of text follow.

Do you see how this make you harder to believe?

I/m not ruling anything out, it just he story does not square at this time

[gmaxwell]

Eight hours after the original post and not a single thing of substance has been said, just more FUD and whining like the prior incidents with this poster. Soon I suppose we'll see requests for payment.

Since he's asking for signmessages in particular, let me guess that if we get anything at all it'll be repetitions of the same signature and different messages with different public keys, which is exactly how it's supposed to work (every validly encoded signature is valid, which is why bitcoind's veryify message functionality forces you to provide the expected address.)

E.g.

verifymessage '1NskFs6D7NYP9rpnaAVAdz7NhLLNkSjf1J 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '1'

verifymessage '17aiPTrsQtAHpRFvzxGoYiZ1m63ujDX43K' 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '2'

verifymessage '1AY1MXXY6aPHW1Raj9QVjJprMo8BewMdB9' 'Gyk26Le4ER0EUvZiFGUCXhJKWVEoTtQNU449puYZPaiUmYyrcozt2LuAMgLvnEgpoF6cw8ob9Mj/CjP9ATydO1k=' '3'
Which is just a property of public key recovery and isn't interesting or related to Bitcoin transactions. Every possible signature,message pair is valid for some public-key.

[Rampion]

This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.

The fact is that you tried to sell a useless program that simply did not work, while promoting it with fake arguments that could be explained only by a) a total lack of understanding of basic cryptography, or b) malice.

Now please prove you can generate multiple valid signatures for the messages + public keys posted above.

[ganabb]

Malleability With security it is best move to solve problems.

[btc_jumpnrl]

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.
But what I can say at least is, that such unprofessional people should never ever be part of a development team involved in a multi-billion-dollar-project.
This guy sounds like "if you say anything bad about bitcoin, i will give you a bad rating, mimimimi". I am sorry, but this is unprofessional.

I am really thinking about offering a donation of 50 BTC to the bitcoin foundation if they kick this guy out.

You shouldn't make your ulterior intentions so clear. Either man-up and prove the point in your OP or quit this holy crusade of yours.

[Eadeqa]

You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.

He also claims to have found a flaw in Nxt and wanted money before he writes the code to exploit it.

https://bitcointalk.org/index.php?topic=345619.msg5663483#msg5663483

[podizzle]

yup, hes a bitch

[nottm28]

But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.

Ok, I'm mathematically minded - what do you want me to do exactly - please post clear reproducible instructions and I'll give it a go...

Just sign a message with a btc address, and post message + signature + public key (the "address") - just as Automatic did.

sig : Hzkosd/No+cUbW8WvUdJvgCIV0F4xkPVKk2anyMp7NPedJkcmg/VD8BrAgGGuaP52tlsCv/csnAcpmTNDc3YH6A=

message : This is my Transaction Malleability Reloaded message

address : 1JuRLLT7YrtPKWooSPsuqgFU2EHSCN6Hdq

Any joy?

[Eadeqa]

So what's up? Do we have devcon 1 or is this just an alarm drill?

It is possible I think but would take some kind of genius inspiration to break the encryption algorithm. I remember there was some Chinese girl who did (then didn't yeah right) break the sha256 algorithm... still waiting for his asics to crunch the numbers...

This means if his Asperger turns out misunderstood genius, sha256 is basically broken? Is there a way we can "easily" follow/confirm his claim?

Well if he posts a message that I can verify as signed my me - then yeah shit hits the fan. Probability is low though but you can't rule out a mule (isaac asimov )

[edit] and then we would need to know how he did it... yeah

[edit2] even if he did manage to post a message that I could verify as signed by me - it's more likely to be a a 'feature' in bitcoin qt 0.8.6 rather than a crack for sha256...

What would SHA256 has anything to do with this? This is curve related (secp256k1)

[mezzomix]

But I would prove it to you anyway. Just sign some text and post it along with a signature. Maybe the significance will become clear then.

There are a few signatures in this thread so where's the beef?

[Lord F(r)og]

This shitty community eagerly awaits your proof. You're in danger getting blamed for what you criticized us.

You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.

What you do not seem to understand at all, is that these claim i make are not bogus. Just because you cannot understand them, this doesn't mean they are not present.
I cannot judge to what degree this is a potential thread, whan I can say is that all I am saying is 100% right.

You seem to be a very arrogant person, who blames anyone who has contrary opinions to you. Not sure why you are this way, but this disencourages people to help auditing the bitcoin code at all (even if they are wrong sometimes).

If all bitcoin-qt developers are so ignorant and arrogant like you are, I am not surprised why the transaction malleability was ignored for such a long time causing users to lose over 800000 BTC. Maybe you just ignored it because you felt that all "code auditers" where just spreading FUD and should therefore just shut the fuck up. I mean this issue was known for a long time, did it?

I understand that you might have some problem accepting people thinking differently than you do, but don't you think that you have some kind of responsibility (to the users) to listen to everyone and (more importantly) be thankful to anyone trying to help, instead of seeing you as the king and looking down on everyone else?

edit

What would SHA256 has anything to do with this? This is curve related (secp256k1)

the crypographic tenderfoots thank Eadeqa for pointing out this difference technologique

[instagibbs]

You got a negative trust rating because you've hyped bogus and deceptive security claims multiple times and tried to charge people for exploit tools that didn't. But hey, you could still collect on that 50 BTC bounty I offered you for your last set of claims, and I'll even remove the negative trust to boot.

He also claims to have found a flaw in Nxt and wanted money before he writes the code to exploit it.

https://bitcointalk.org/index.php?topic=345619.msg5663483#msg5663483

The balls on this guy. 

Why isn't this thread locked yet? Hilarity?

[luv2drnkbr]

I have just gotten a negaitve trust rating from gmaxwell, just because I wanted to discuss some potential security issues with you guys? What kind of cumminity is this, please? Do you get a negative rating if you talk about your concerns? Is it better to shut up completely, even if sometimes a false alarm might be sent off?

--------

No, you got a bad trust rating because you continually cry wolf without any evidence to back up your claims. You said you could provide valid sigs for posted messages as an example of the flaw you found.  There are numerous signed messages posted in this thread.  Put up or shut up.

IDHNVL6lJx04wYMjBU5yJG5OcGUUiRpRWYyzgyrySufLDOFYaIIbnFtSCyz3q6mT9iqXOjWtqStXwUF 5PvjewBo=

1D4LM66YwaoqcfHF1366pqvxvxHxvq66EZ

[gmaxwell]

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.

Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?

[Lord F(r)og]

Hi Serpens! I will be doing a demonstration soon, the problem is that we have 3 am at night over here and I am a bit tired.

Almost three days later after the original post, should someone call emergency response to wake Mr. Kinevel from his slumber?

funny, I just asked him if he's willing to give a brief statment over here. But he played the stalling tactics card, says he's too disappointed...sniff. There's nothing left to believe in him. Guess you were right about him right from the beginning. Just another thickhead wasted his five minutes of fame, case closed.