|
Gillette
|
 |
February 12, 2016, 04:31:41 PM |
|
I hope SDC will come out from this XMR attack as strong as before!
|
|
|
|
|
|
erok
|
|
February 12, 2016, 04:56:00 PM |
|
I hope SDC will come out from this XMR attack as strong as before!
Now that Monero has been unsuccessful in their de-anon attempts and FUD I think it should actually strengthen the core idea that Shadow is the real cutting edge anon leader. Good PR for the upcoming releases. |
"the destruction of privacy widens the existing power imbalance between the ruling factions and everyone else" -- Julian Assange
|
|
|
LiteBit
Legendary
 Offline
Activity: 1133
Merit: 1050
|
|
February 12, 2016, 05:05:48 PM |
|
I'd like to thank the Monero Research Lab for the peer review.
Cheers!
|
|
|
|
|
|
child_harold
|
|
February 12, 2016, 08:48:59 PM |
|
I just read through this and am slightly confused. It's not clear to me whether a problem exists or not. All Im getting is: a) we couldn't de-anon a tx using the vulnerability published after trying for 10 hours. This does not seem exhaustive and the blog shows no fancy maths to prove everything is OK b) Your NOT gonna award the bounty cause he declared it publicly first. Am I the only one who thinks more investigation is needed? |
|
|
|
|
Wheatclove
|
|
February 12, 2016, 08:56:55 PM |
|
I just read through this and am slightly confused. It's not clear to me whether a problem exists or not. All Im getting is: a) we couldn't de-anon a tx using the vulnerability published after trying for 10 hours. This does not seem exhaustive and the blog shows no fancy maths to prove everything is OK b) Your NOT gonna award the bounty cause he declared it publicly first. Am I the only one who thinks more investigation is needed? They're still testing it. Can't answer your other questions. |
|
|
|
|
LiteBit
Legendary
Offline
Activity: 1133
Merit: 1050
|
|
February 12, 2016, 08:59:59 PM |
|
Am I the only one who thinks more investigation is needed?
They're still testing it. Can't answer your other questions. The github issue is still "open" https://github.com/shadowproject/shadow/issues/25We will of course keep looking into the claim and come up with a detailed report as soon as possible. official word still not issued |
|
|
|
|
|
child_harold
|
|
February 12, 2016, 09:07:37 PM
Last edit: February 12, 2016, 09:20:33 PM by child_harold |
|
The following quote shows this matter is unresolved: Today showed us that public security reports can cause panic and FUD (fear, uncertainty and doubt) among our users, while in fact, the issue at hand might be easily solved by our team members or not be an issue at all. The word "might" is hardly re-assuring or one oft used by mathematicians. So isn't the headline Deanonymize Shadow? Nope. misleading when the matter is still unresolved? Also this discussion https://github.com/shadowproject/shadow/issues/25 is an exchange between kewde (code i guess - who is not a crytographer) and ShenNoether. Ryno's only comment is to say he doesnt know who runs the bounty (and he adds a ty) and no comments at all from the elusive tecnovert (SDC's heralded crytopgrapher whom nobody save ryno knows iirc). Perhaps I should add that, as I understand it, ShenNoether is some kinda academic/crytographer/mathematician who presumably knows his stuff. Describing him as a "user" in the Research Labs struck me as odd. |
|
|
|
|
Wheatclove
|
|
February 12, 2016, 09:19:29 PM |
|
The following quote shows this matter is unresolved: Today showed us that public security reports can cause panic and FUD (fear, uncertainty and doubt) among our users, while in fact, the issue at hand might be easily solved by our team members or not be an issue at all. The word might is hardly re-assuring or one oft used by mathematicians. So isn't the headline Deanonymize Shadow? Nope. misleading when the matter is still unresolved? Also this discussion https://github.com/shadowproject/shadow/issues/25 is an exchange between kewde (code i guess - who is not a crytographer) and ShenNoether. Ryno's only comment is to say he doesnt know who runs the bounty (and he adds a ty) and no comments at all from the elusive tecnovert (SDC's heralded crytopgrapher whom nobody save ryno knows iirc). Who gives a fuck bro? It's being worked on. Stop grasping at straws. |
|
|
|
|
|
child_harold
|
|
February 12, 2016, 09:22:49 PM |
|
Who gives a fuck bro? It's being worked on. Stop grasping at straws.
The headline bro, it's misleading. I sure hope you wont have to edit it in a few days from Nope to Yup. |
|
|
|
|
Wheatclove
|
|
February 12, 2016, 09:24:12 PM |
|
Who gives a fuck bro? It's being worked on. Stop grasping at straws.
The headline bro, it's misleading. I sure hope you font have to edit it in a few days from Nope to Yup. The entire Monero campaign has been misleading. Nobody cares though so fuck off now |
|
|
|
|
|
erok
|
|
February 12, 2016, 09:29:42 PM |
|
Who gives a fuck bro? It's being worked on. Stop grasping at straws.
The headline bro, it's misleading. I sure hope you wont have to edit it in a few days from Nope to Yup. No actually they never proved that it could be de-anon'ed. They have effectively failed at that when challenged and now the internal team is spending days trying to prove his theory and are unable to because his theory is bullcrap. And now you are trolling again for an emotional response. lol |
"the destruction of privacy widens the existing power imbalance between the ruling factions and everyone else" -- Julian Assange
|
|
|
|
child_harold
|
|
February 12, 2016, 09:36:32 PM |
|
Who gives a fuck bro? It's being worked on. Stop grasping at straws.
The headline bro, it's misleading. I sure hope you font have to edit it in a few days from Nope to Yup. The entire Monero campaign has been misleading. Nobody cares though so fuck off now Nobody cares. Your probably right. How sad for you. Now I'll gladly fuck off since I am reminded of what a nightmare it is posting anything in this heavily moderated thread. |
|
|
|
|
erok
|
|
February 12, 2016, 10:51:51 PM |
|
Who gives a fuck bro? It's being worked on. Stop grasping at straws.
The headline bro, it's misleading. I sure hope you font have to edit it in a few days from Nope to Yup. The entire Monero campaign has been misleading. Nobody cares though so fuck off now Nobody cares. Your probably right. How sad for you. Now I'll gladly fuck off since I am reminded of what a nightmare it is posting anything in this heavily moderated thread. Noone has deleted anything you have said so far. I'm actually impressed you seem more civilized than usual although you completely disregarded my response. HOW RUDE.  |
"the destruction of privacy widens the existing power imbalance between the ruling factions and everyone else" -- Julian Assange
|
|
|
|
X1235
|
|
February 12, 2016, 10:59:26 PM |
|
Noone has deleted no one...
Quite controversial statement. Btw, who is Noone? Some imaginary friend from your early childhood?  |
|
|
|
|
|
erok
|
|
February 12, 2016, 11:10:45 PM
Last edit: February 12, 2016, 11:34:08 PM by erok |
|
Noone has deleted no one...
Quite controversial statement. Btw, who is Noone? Some imaginary friend from your early childhood? You really are below average intelligence, X1235. You are like a racist Kylo Ren if Princess Leia got the Zika virus during pregnancy and passed on Microcephaly. BAZINGA! |
"the destruction of privacy widens the existing power imbalance between the ruling factions and everyone else" -- Julian Assange
|
|
|
RyanOlstren
Newbie
Offline
Activity: 29
Merit: 0
|
|
February 13, 2016, 02:22:27 AM |
|
I just read through this and am slightly confused. It's not clear to me whether a problem exists or not. All Im getting is: a) we couldn't de-anon a tx using the vulnerability published after trying for 10 hours. This does not seem exhaustive and the blog shows no fancy maths to prove everything is OK b) Your NOT gonna award the bounty cause he declared it publicly first. Am I the only one who thinks more investigation is needed? You are not. The discussion on the github thread is anything but conclusive. Also "trying for 10 hours" to deanonymize a transaction may mean that they didn't find a particular instance where this problem applies. I'd hate to be the politically persecuted individual who tried to send an "anonymous" token only to get it deanonymized because this particular vulnerability applied to my transaction. The most likely case is that they couldn't find any transactions to deanonymize because no one actually uses this anonymous system. Probably for good reason. |
|
|
|
|
LiteBit
Legendary
Offline
Activity: 1133
Merit: 1050
|
|
February 13, 2016, 03:02:45 AM |
|
^^ Shadow's #1 fan!
6 posts ever made and all in this thread!
|
|
|
|
|
|
rutherford
|
|
February 13, 2016, 03:26:38 AM |
|
code: I'm a humble person in contrast to the arrogance in the altcoin scene, I chose not to declare myself as an expert cryptographer or programmer because I haven't worked with the OpenSSL API or the code in Shadow at all. However I feel completly capable of analyzing the situation and testing if the bug is a reality. Cryptography is a tedious case of testing all components used in the attack vector, in this situation being the generator, hash and the mathematics involved into combining them. While the blogpost points out a flaw in the mathematical relationship between the generator and the hash, we have to make sure that it exists and all necessary components are in place as described within the bug report. I'm not sure about letting a minority of both communities with the same goal abuse this situation to generate financial profits.
A message for Child_Harold,
If you have anything to say about my actions or words, please direct them to me. I don't trust you, or any of your puppet accounts, they are easily spottable by the way. The fact is your approach may be effective from time to time, but it's unethical. If you ever feel about debating your ethics, feel free to quote me.
|
|
|
|
RyanOlstren
Newbie
Offline
Activity: 29
Merit: 0
|
|
February 13, 2016, 03:33:49 AM |
|
^^ Shadow's #1 fan!
6 posts ever made and all in this thread!
I've probably made 30 here but they get deleted. Criticism really isn't tolerated here. It shows in the code vulnerabilities. |
|
|
|
|
LiteBit
Legendary
Offline
Activity: 1133
Merit: 1050
|
|
February 13, 2016, 03:40:03 AM |
|
^^ Shadow's #1 fan!
6 posts ever made and all in this thread!
I've probably made 30 here but they get deleted. Criticism really isn't tolerated here. It shows in the code vulnerabilities. Wow, super fan! Batting 1000. Come join the rest of the community on slack https://shadowproject.herokuapp.com/ |
|
|
|
|
|
