Welcome, Guest. Please login or register.

Author Topic: Details regarding the critical security vulnerability  (Read 513 times)

0 Members and 2 Guests are viewing this topic.

Offline Come-from-Beyond

  • Legendary Nxter
  • *****
  • Posts: 602
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #15 on: February 07, 2014, 09:49:49 PM »
Wouldn't it be the simplest fix to check in the method verify() if v is smaller than the group order and return false if that is not the case?

We chose (2) coz this solves other issues too.

Offline antanst

  • Fresh Nxter
  • *
  • Posts: 2
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #16 on: February 07, 2014, 09:50:38 PM »
Respect. Thanks for not being malicious, and congratulations to the team for the phenomenal response.
Tips: 17890349170981050860

Offline BloodyRookie

  • Fresh Nxter
  • *
  • Posts: 33
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #17 on: February 07, 2014, 09:55:38 PM »
Wouldn't it be the simplest fix to check in the method verify() if v is smaller than the group order and return false if that is not the case?

We chose (2) coz this solves other issues too.

And those other issues are?
nxt: 11095639652683007953

Online doctorevil

  • Fresh Nxter
  • *
  • Posts: 16
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #18 on: February 07, 2014, 10:23:21 PM »
Wouldn't it be the simplest fix to check in the method verify() if v is smaller than the group order and return false if that is not the case?

Kinda.  Signature canonicalization is tricky to rollout.  First you need to make sure sign() never outputs a v larger than the group order; then you need to patch verify to reject sigs where v is larger than group order.  However, if there are fubar v's already on the blockchain that don't follow the new rules you need logic to grandfather them in.  That said, neither of these changes is prudent to do without getting review from a few folks who grok crypto since you're really tinkering with voodoo sex magic at this level ... especially given the obfuscation the optimizations in Curve25519.java add.

The sign() function should also be modified per your earlier recommendation to prevent it from outputting things that won't verify and need be retried ... I kinda have conflicting thoughts ATM about the best way to do this ... still thinking it through. 

BTW, your earlier analysis was so close to spotting this security flaw ... I'm kinda surprised you didn't stumble into it.
Send all ransom payments to: NXT: 11046963052173795996 - BTC 13mSL7XMnyaHCvhkFPofX7gkQq2Bk7SoyB

Offline Come-from-Beyond

  • Legendary Nxter
  • *****
  • Posts: 602
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #19 on: February 07, 2014, 10:39:08 PM »
And those other issues are?

Can't tell without revealing the injected fatal flaw that is not found yet.

Offline hughmanwho

  • Established Nxter
  • ***
  • Posts: 185
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #20 on: February 08, 2014, 02:51:51 AM »
10BTC for a Nxt fix...  should have been paid in Nxt.  I'll donate some your way as soon as I get home and have wallet access!  I'd suggest everyone else also send some Nxt to give him more of a vested interest in keeping us all safe :)

And big thank you for not stealing all the Nxt from dgex or BTER, turning around and selling them, making a profit probably bigger than 100 BTC yourself, while probably crashing Nxt down to 0.000001 BTCs and instead helping out the community and this very promising coin.  Must have been tempting.  It's nice to know we have someone as awesome as you in the community!
« Last Edit: February 11, 2014, 02:30:53 AM by hughmanwho »
Please send Nxt: 5409832991870808944

Offline allwelder

  • Nxter
  • **
  • Posts: 82
  • nxts.org
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #21 on: February 08, 2014, 03:07:33 AM »
you are a evil,but a best one for Nxt.
Website:nxts.org 
Video:i.youku.com/nextcoin  Weibo:weibo.com/nxtcoin https://twitter.com/nextcoin
Donation welcomed for Nxt development :14698193345900192135

Offline mannimmond

  • Fresh Nxter
  • *
  • Posts: 13
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #22 on: February 08, 2014, 03:36:08 AM »
is this fixed now??

Offline salsacz

  • Senior Nxter
  • ****
  • Posts: 303
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #23 on: February 08, 2014, 04:51:00 AM »
yes
NXT: 15003961341330858247

Offline lucky88888

  • Established Nxter
  • ***
  • Posts: 177
  • Nxt Forge Competition:Click the little earth Below
    • View Profile
    • Next Forging Competition Expires After Block 79,500
Re: Details regarding the critical security vulnerability
« Reply #24 on: February 08, 2014, 10:26:15 AM »
WoW... That is one scary exploit!
You just saved all of our asses for being honest! I thank you for that! :)

EDIT:You truly deserved every single btc from the 10BTC rewarded to you.
« Last Edit: February 08, 2014, 11:36:35 AM by lucky88888 »
http://dgex.com/index.htm?2601 Trade on DGex First NXT Exchange! Donate Nxt:8897013707391239174
https://bter.com/signup/150302 Trade on Bter Biggest NXT Exchange! NXT FORGE COMPETITION CLICK earth under my AVATAR
www.cryptsy.com/users/register?refid=165975 ALTCOIN EXCHANGE CRYPTSY

Offline mannimmond

  • Fresh Nxter
  • *
  • Posts: 13
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #25 on: February 08, 2014, 11:22:12 AM »
good guy. definitely deserves some big nxt!

Offline BloodyRookie

  • Fresh Nxter
  • *
  • Posts: 33
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #26 on: February 08, 2014, 11:45:34 AM »
BTW, your earlier analysis was so close to spotting this security flaw ... I'm kinda surprised you didn't stumble into it.

Maybe I was too much concentrated on finding the bug that made verification fail sometimes. Your marvelous, evil mind was needed to find the flaw ;)
nxt: 11095639652683007953

Offline 2Kool4Skewl

  • Nxter
  • **
  • Posts: 124
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #27 on: February 08, 2014, 11:59:06 AM »
Thank you for pointing out the vulnerability and not exploiting it.  I'm glad you're part of our community.

Honesty and integrity should be rewarded.  I'm sending some Nxt your way.

Offline Graviton

  • Administrator
  • Legendary Nxter
  • *****
  • Posts: 610
  • Dominus Cryptonomicon
    • View Profile
    • DGEX
Re: Details regarding the critical security vulnerability
« Reply #28 on: February 08, 2014, 12:36:57 PM »
What a blessing to have Doctorevil onboard! Keep up the good work.
DGEX.com operator :: Nextcoin.org founder

Offline EvilDave

  • Fresh Nxter
  • *
  • Posts: 44
    • View Profile
Re: Details regarding the critical security vulnerability
« Reply #29 on: February 08, 2014, 02:09:42 PM »
And a thumbs up from me, thanks, man!

Now, about the shark lasers.....
AWS VPS (always on, hopefully!) 54.201.107.122
NXT: 1580825311588963305
BTC: 1DEQdSjc7YKhxaKbPoJDW6G7vjAa8Q227C