Author Topic: Bug in Web Wallet's implementation of memo encryption/decryption! Please read!  (Read 4779 times)

0 Members and 1 Guest are viewing this topic.

Offline dannotestein

  • Hero Member
  • *****
  • Posts: 760
    • View Profile
    • BlockTrades International
  • BitShares: btsnow
Both the BlockTrades bridge and the OpenLedger gateways depend on the command-line interface (cli) wallet to encrypt and decrypt transaction memos. We recently observed that very occassionally the cli wallet was unable to decrypt a memo that the web wallet was able to decrypt. This is potentially a very serious issue for automated processing of transactions as the platform scales to larger numbers of transactions, so we began analyzing the web wallet and the cli wallet to see where the difference lay.

Our initial suspicion was that there might be a hard-to-trigger bug in the relatively new secp256k1 library that replaced the traditional openssl library, but after some tests we were able to determine that both libraries produced the same results. Ultimately we were able to identify a bug that it was the loss of a leading zero in the shared secret calculation performed by the web wallet that caused the bug.

This bug was never apparent in the web wallet, because both the encryption and the decryption routines use the same flawed algorithm, and it only rarely showed up in the cli wallet in the fairly rare case where the first byte in the shared secret was 0x00 (probably 1 in every 256 memos on average, I suppose, assuming that byte value is randomly distributed).

We have a fix for the bug, but one side effect of the fix is that some small number of old memos will no longer be viewable in the web wallet. If someone needs to decrypt these old memos at some point, it would still be possible to view them using an older version of the web wallet. All future memos generated with the fixed code will be properly viewable in the web wallet and the cli wallet.

I believe this is the only reasonable solution to the problem, but of course it’s up to the community to make a final determination on this issue. If there’s anyone who objects to this change, please let us know as soon as possible.
« Last Edit: May 18, 2016, 01:33:28 am by dannotestein »
http://blocktrades.us Fast/Safe/High-Liquidity Crypto Coin Converter