196
General Discussion / Re: Rumor Has It - Big News Coming Out Tomorrow at BTC Miami
« on: January 16, 2015, 12:30:20 pm »I really hope a good news is coming, because on the bad news side... : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/FUD news ... old issue ..
Can someone evaluate the significance of this ? That doesn't smell good...
from #bitcoinQuote12:49:11 | op_mul> coindesk is pushing more nonsense about ECDSA flaws
12:49:30 | op_mul> "Each time a bitcoin transaction is signed, the signature is generated partly from a random number known as 'k'. The compromised ECDSA uses a specific formula to select 'k' .."
12:49:35 | op_mul> no fucking shit.
12:50:26 | Anduck> so.. nothing new there?
12:50:36 | op_mul> nothing new at all.
12:50:40 | Anduck> also can't you do the k-pickin in a deterministic way?
12:51:19 | op_mul> you can, but with bitcoin's ECDSA you can't prove it was picked deterministically without the private key.
12:51:53 | Anduck> so re-using 'k' is impossible if done right
12:52:06 | op_mul> improbable.
12:52:36 | op_mul> there's ~2^128 possible nonces. if you've made the same one twice you've got bigger problems than signatures.
12:53:21 | op_mul> ie, you used the same RNG to make the private key in the first place.
12:55:15 | wumpus> an ecdsa *implementation* flaw
12:56:18 | op_mul> wumpus: point was it's being presented as some new wild attack.
12:56:26 | wumpus> but yes, old well-known problem
12:56:38 | wumpus> recycling old problems is very much like FUD
12:56:48 | op_mul> I'm aware of at least one claimed attack where it has actually been used, though I wasn't able to confirm it.
12:57:48 | wumpus> broken wallet impementations that reused nonces, sure, I don't know of any cases where it was done intentionally
Thanks xeroc, I'm glad to hear that