Bitcoin Forum
December 08, 2016, 12:13:27 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Researchers crack online encryption system - Bitcoin affected?  (Read 2672 times)
tosaki
Sr. Member
****
Offline Offline

Activity: 407



View Profile
February 15, 2012, 01:46:00 PM
 #1

http://www.computerworld.com/s/article/9224265/Researchers_crack_online_encryption_system?taxonomyId=85

Is Bitcoin affected?
1481199207
Hero Member
*
Offline Offline

Posts: 1481199207

View Profile Personal Message (Offline)

Ignore
1481199207
Reply with quote  #2

1481199207
Report to moderator
1481199207
Hero Member
*
Offline Offline

Posts: 1481199207

View Profile Personal Message (Offline)

Ignore
1481199207
Reply with quote  #2

1481199207
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481199207
Hero Member
*
Offline Offline

Posts: 1481199207

View Profile Personal Message (Offline)

Ignore
1481199207
Reply with quote  #2

1481199207
Report to moderator
1481199207
Hero Member
*
Offline Offline

Posts: 1481199207

View Profile Personal Message (Offline)

Ignore
1481199207
Reply with quote  #2

1481199207
Report to moderator
1481199207
Hero Member
*
Offline Offline

Posts: 1481199207

View Profile Personal Message (Offline)

Ignore
1481199207
Reply with quote  #2

1481199207
Report to moderator
BurtW
Legendary
*
Offline Offline

Activity: 1792

All paid signature campaigns should be banned.


View Profile WWW
February 15, 2012, 01:54:00 PM
 #2

First thing:
Quote
The researchers studied 6.6 million public keys generated using the RSA algorithm, and found that 12,720 were not secure at all and 27,000 others were vulnerable.
Bitcoin does not use RSA it uses Eliptical Curve Cryptography (ECC).

Second thing:
Quote
the problem had to do with the manner in which the keys were generated
not the underlying cryptographic system.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 2506


View Profile
February 15, 2012, 01:59:20 PM
 #3

The paper is mostly about potentially worrying trends in RSA, which Bitcoin doesn't use.

Summary of the paper: We gathered several million TLS/PGP certificates in the wild. A surprisingly large percentage of RSA keys and maybe a few DSA keys were generated in such a way that they share certain properties with other keys which are never supposed to be shared, making encryption using the affected keys weak or totally useless. We're not sure why this happened.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
hashman
Hero Member
*****
Offline Offline

Activity: 915



View Profile
February 15, 2012, 04:25:32 PM
 #4


*affected.

The paper:
eprint.iacr.org/2012/064.pdf

With their extensive collection of millions of keys they only found 1 ECDSA public key.

Can anybody think of somewhere they could look to find a few more ECDSA public keys?
BurtW
Legendary
*
Offline Offline

Activity: 1792

All paid signature campaigns should be banned.


View Profile WWW
February 15, 2012, 04:45:21 PM
 #5

 Wink

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Vandroiy
Legendary
*
Offline Offline

Activity: 1036


View Profile
February 15, 2012, 05:30:35 PM
 #6

Read: business dudes can't do crypto. Tell me something new. *yawns*

In fact, this is a fairly good result. I know someone who's good at crypto, and boy, he discovers flaws everywhere, all the time, mostly by accident. He didn't have much to complain about concerning Bitcoin, so I guess it's safe enough for now. Only thing I could complain about is the standard client being written in C++, a language in which unsafe context is the standard paradigm.

But that's not an issue of the Bitcoin protocol. Alternative clients will hopefully pop up as Bitcoin evolves, which would be desirable for many reasons anyway... nice! I just found BitcoinSharp, a .NET/Mono compatible port of BitcoinJ. Hell yeah, I might even make my own "lite" client version with this. Smiley

Bottom line: Bitcoin protocol seems secure, and Bitcoin infrastructure is evolving as we speak. Stay careful for now, but the long-term outlook is good!
tosaki
Sr. Member
****
Offline Offline

Activity: 407



View Profile
February 15, 2012, 07:13:32 PM
 #7

My technical knowledge/english was not good enough to understand the details.. thank you guys.
Proofer
Sr. Member
****
Offline Offline

Activity: 251


View Profile
February 15, 2012, 08:03:09 PM
 #8

... C++, a language in which unsafe context is the standard paradigm.

What are some languages for which a safe context is the standard paradigm and which could be used to generate both Windows and *nix targets?
check_status
Full Member
***
Offline Offline

Activity: 196


Web Dev, Db Admin, Computer Technician


View Profile
February 15, 2012, 08:17:54 PM
 #9

What are some languages for which a safe context is the standard paradigm and which could be used to generate both Windows and *nix targets?
Assembly

For Bitcoin to be a true global currency the value of BTC needs always to rise.
If BTC became the global currency & money supply = 100 Trillion then ⊅1.00 BTC = $4,761,904.76.
P2Pool Server List | How To's and Guides Mega List |  1EndfedSryGUZK9sPrdvxHntYzv2EBexGA
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
February 15, 2012, 08:42:19 PM
 #10

This doesn't affect Bitcoin at all, because the ECDSA algorithm that Bitcoin uses does not use pairs of prime numbers to do it's thing.

How often do you get the chance to work on a potentially world-changing project?
DiThi
Full Member
***
Offline Offline

Activity: 157

Firstbits: 1dithi


View Profile
February 15, 2012, 09:04:09 PM
 #11

The only vulnerability known to ECDSA are timing attacks (measuring how long it takes to generate a key). Bitcoin does not suffer of this because it always generates a pool of keys instead of a single one and there's no way of knowing how long it took (at least with the implementations I've seen).

1DiThiTXZpNmmoGF2dTfSku3EWGsWHCjwt
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!