Bitcointalk Mobile Browser presented by IRLBTC™

<< >> (p.60)

Author

Topic: Nxt source code flaw reports (Read 113427 times)

CrazyEyes

Full Member

Offline

Activity: 137
Merit: 100

Re: Nxt source code flaw reports

February 07, 2014, 08:05:43 PM

#1181

Quote from: Eadeqa on February 07, 2014, 07:51:25 PM

100K reward should go to him

https://nextcoin.org/index.php/topic,3884

Indeed, he got a bounty of 10 btc though. The priority whos getting bountys or not isnt the most logical one. This was a HUGE bug and deserved a lot more attention. Instead they arguing about who getting a part of the 10M nxt and they can give some guy 250k for client. The priorites arent clear. There does not seem to exist any form of true leadership or core team. End of discussion.

"If we have nothing else to do, we can always vote on something."

Regards
j0b

pandaisftw

Full Member

Offline

Activity: 224
Merit: 100

Re: Nxt source code flaw reports

February 08, 2014, 02:18:24 AM

#1182

Quote from: CrazyEyes on February 07, 2014, 08:05:43 PM

Quote from: Eadeqa on February 07, 2014, 07:51:25 PM

100K reward should go to him

https://nextcoin.org/index.php/topic,3884

As far as I know, there was no reward at all, but c-f-b decided to reward him 10 BTC anyways. Plus, there is still the 100k bounty for the the fatal flaw...

NXT: 13095091276527367030

Vannicke

Member

Offline

Activity: 95
Merit: 10

That guy, you know, with the face

Re: Nxt source code flaw reports

February 09, 2014, 05:43:46 AM

#1183

Jeeps ... only took me 8 days to finally get to the end of this thread, kudos to the many more experienced java coders than me that trudged through that beast of a file.

Even so it seems that the fatal flaw has not been found, I might not be able to get in much time to really tear into the logic in the code, with recent snow days I had a little time to delve into it, but I'll try in what time I can find anyhow.

Smaragda, gimre, ricot, ImmortAlex, doctorevil et al. (sorry if I forgot all your names >_<) awesome stuff!

Also curious as to why this thread has been silent for days... O.o

The Satoshi Jar: 16t2BLGZyaMpGm3vzYWxucGz8g4bVotr1h

bitcoinpaul

Hero Member

Offline

Activity: 910
Merit: 1000

Re: Nxt source code flaw reports

February 14, 2014, 02:37:21 PM

#1184

Come on, guys. Find the flaw!

BloodyRookie

Hero Member

Offline

Activity: 687
Merit: 500

Re: Nxt source code flaw reports

February 14, 2014, 05:49:34 PM

#1185

I am busy coding other stuff at the moment.

Nothing Else Matters
NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ
NXT: 11095639652683007953

bitcoinpaul

Hero Member

Offline

Activity: 910
Merit: 1000

Re: Nxt source code flaw reports

February 15, 2014, 04:56:21 PM

#1186

Nice.

Vannicke

Member

Offline

Activity: 95
Merit: 10

That guy, you know, with the face

Re: Nxt source code flaw reports

February 17, 2014, 02:01:28 PM

#1187

Just as a random gander because it seems too simple ... The fatal flaw couldn't be that the genesis block is hardcoded into the source? Right?

That is, I say the fatal flaw is that the NXT genesis block is hardcoded into the source, so copycoins could theoretically connect to a nxt node and think the next legit block is that second block in the NXT chain, and then end up trying to download the entire Nxt chain instead of starting a new one for a separate coin.

I think the chance is slim that this is the correct answer, but hey, just in case it really is that simple.

The Satoshi Jar: 16t2BLGZyaMpGm3vzYWxucGz8g4bVotr1h

Come-from-Beyond (OP)

Legendary

Offline

Activity: 2142
Merit: 1010

Newbie

Re: Nxt source code flaw reports

February 17, 2014, 02:08:49 PM

#1188

Quote from: Vannicke on February 17, 2014, 02:01:28 PM

No, a copycoin won't download Nxt blockchain if it has another genesis.

Dusty

Hero Member

Offline

Activity: 731
Merit: 503

Libertas a calumnia

Re: Nxt source code flaw reports

February 19, 2014, 05:52:20 PM

#1189

Hello,
I see that two of the bounties have already been claimed, is it possible to know which flaws where without having to read all the thread?

Thanks

Articoli bitcoin: Il portico dipinto

Dusty

Hero Member

Offline

Activity: 731
Merit: 503

Libertas a calumnia

Re: Nxt source code flaw reports

February 19, 2014, 06:55:58 PM

#1190

TY very much, smaragda

Articoli bitcoin: Il portico dipinto

lophie

Hero Member

Offline

Activity: 924
Merit: 1003

Unlimited Free Crypto

Re: Nxt source code flaw reports

February 20, 2014, 02:34:43 AM

#1191

Quote from: Come-from-Beyond on January 12, 2014, 04:47:35 PM

Critical flaw description:

Code:

Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:

Code:

888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

Will take me a while to climb up again, But where is a will, there is a way...

Come-from-Beyond (OP)

Legendary

Offline

Activity: 2142
Merit: 1010

Newbie

Re: Nxt source code flaw reports

February 20, 2014, 06:59:00 AM

#1192

Quote from: lophie on February 20, 2014, 02:34:43 AM

Quote from: Come-from-Beyond on January 12, 2014, 04:47:35 PM

Critical flaw description:

Code:

Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:

Code:

888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

FrictionlessCoin

Legendary

Offline

Activity: 868
Merit: 1000

Cryptotalk.org - Get paid for every post!

Re: Nxt source code flaw reports

February 21, 2014, 02:25:44 PM

#1193

Quote from: Come-from-Beyond on February 20, 2014, 06:59:00 AM

Quote from: lophie on February 20, 2014, 02:34:43 AM

Quote from: Come-from-Beyond on January 12, 2014, 04:47:35 PM

Critical flaw description:

Code:

Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:

Code:

888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash.

. ██████████. .████████████████. .██████████████████████. -█████████████████████████████ .██████████████████████████████████. -█████████████████████████████████████████ -███████████████████████████████████████████████ .-█████████████████████████████████████████████████████. .████████████████████████████████████████████████████████████ .██████████████████████████████████████████████████████████████. .██████████████████████████████████████████████████████████████. ..████████████████████████████████████████████████████████████.. . .██████████████████████████████████████████████████████. . .████████████████████████████████████████████████. . .██████████████████████████████████████████████ . ██████████████████████████████████████████████████████ .█████████████████████████████████████████████████████████████. .███████████████████████████████████████████████████████████ .█████████████████████████████████████████████████████ .████████████████████████████████████████████████ ████████████████████████████████████████ ██████████████████████████████████ ██████████████████████████ ████████████████████ ████████████████ █████████ .CryptoTalk.org. | .MAKE POSTS AND EARN BTC!. 🏆

klee

Legendary

Offline

Activity: 1498
Merit: 1000

Re: Nxt source code flaw reports

February 21, 2014, 04:03:29 PM

#1194

Quote from: FrictionlessCoin on February 21, 2014, 02:25:44 PM

Quote from: Come-from-Beyond on February 20, 2014, 06:59:00 AM

Quote from: lophie on February 20, 2014, 02:34:43 AM

Quote from: Come-from-Beyond on January 12, 2014, 04:47:35 PM

Critical flaw description:

Code:

Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:

Code:

888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash.

Why don't YOU fix it? After all YOU are the code GURU Tongue

FrictionlessCoin

Legendary

Offline

Activity: 868
Merit: 1000

Cryptotalk.org - Get paid for every post!

Re: Nxt source code flaw reports

February 21, 2014, 04:15:01 PM

#1195

Quote from: klee on February 21, 2014, 04:03:29 PM

Quote from: FrictionlessCoin on February 21, 2014, 02:25:44 PM

Quote from: Come-from-Beyond on February 20, 2014, 06:59:00 AM

Quote from: lophie on February 20, 2014, 02:34:43 AM

Quote from: Come-from-Beyond on January 12, 2014, 04:47:35 PM

Critical flaw description:

Code:

Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:

Code:

888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash.

Why don't YOU fix it? After all YOU are the code GURU Tongue

Because it can't be fixed for Nxt without destroying the entire block chain.

klee

Legendary

Offline

Activity: 1498
Merit: 1000

Re: Nxt source code flaw reports

February 21, 2014, 04:34:43 PM

#1196

Quote from: FrictionlessCoin on February 21, 2014, 04:15:01 PM

Quote from: klee on February 21, 2014, 04:03:29 PM

Quote from: FrictionlessCoin on February 21, 2014, 02:25:44 PM

Quote from: Come-from-Beyond on February 20, 2014, 06:59:00 AM

Quote from: lophie on February 20, 2014, 02:34:43 AM

Quote from: Come-from-Beyond on January 12, 2014, 04:47:35 PM

Critical flaw description:

Code:

Only 64 bits of the previous block hash are used. This gives ability to inject blocks with another set of transactions.

SHA256-hash:

Code:

888f278c773d39b8334a651d84ee78871bd0e5d45e09be8fdb190ba1b2969530

You are telling me BCNxt solved tx malleability?

No. But malleability is not a problem for Nxt, it can be easily solved by any Java coder.

Is this bug going to be fixed in Nxt?

Right now Nxt uses Java long (64 bits) to encode the previous block hash.

Why don't YOU fix it? After all YOU are the code GURU Tongue

Because it can't be fixed for Nxt without destroying the entire block chain.

Why do you care? You have your own blockchain without this bug Wink

Let it crash & burn!

nesstka

Newbie

Offline

Activity: 7
Merit: 0

Re: Nxt source code flaw reports

February 23, 2014, 09:53:15 PM

#1197

The block payload hash and generation signature excluded from the block signature.

Code:

byte[] data = block.getBytes();
byte[] data2 = new byte[data.length - 64];
System.arraycopy(data, 0, data2, 0, data2.length);
block.blockSignature = Crypto.sign(data2, secretPhrase);

These bytes shouldn't be excluded from the generation signature or the block signature.

The code above, surrounding code, and relevant code in verifyBlockSignature() and verifyGenerationSignature() is fatally flawed.

Come-from-Beyond (OP)

Legendary

Offline

Activity: 2142
Merit: 1010

Newbie

Re: Nxt source code flaw reports

February 23, 2014, 09:57:30 PM

#1198

Quote from: nesstka on February 23, 2014, 09:53:15 PM

The block payload hash and generation signature excluded from the block signature.

Code:

byte[] data = block.getBytes();
byte[] data2 = new byte[data.length - 64];
System.arraycopy(data, 0, data2, 0, data2.length);
block.blockSignature = Crypto.sign(data2, secretPhrase);

No, only placeholder for block signature is excluded.

nesstka

Newbie

Offline

Activity: 7
Merit: 0

Re: Nxt source code flaw reports

February 23, 2014, 11:14:30 PM

#1199

The block hash is excluded from generation signature.

Code:

block.payloadHash = digest.digest();

/ ???

block.generationSignature = Crypto.sign(Block.getLastBlock().generationSignature, secretPhrase);

Flaw: Blocks can be mutated after the fact, by the account which generated the block.

Come-from-Beyond (OP)

Legendary

Offline

Activity: 2142
Merit: 1010

Newbie

Re: Nxt source code flaw reports

February 24, 2014, 07:10:18 AM

#1200

Quote from: nesstka on February 23, 2014, 11:14:30 PM

The block hash is excluded from generation signature.

Code:

block.payloadHash = digest.digest();

/ ???

block.generationSignature = Crypto.sign(Block.getLastBlock().generationSignature, secretPhrase);

Flaw: Blocks can be mutated after the fact, by the account which generated the block.

It's not a flaw, it's a feature.

Pages: « 1 ... 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 [60] 61 62 63 64 65 »

Page 59

Viewing Page: 60