Details regarding the critical security vulnerability

[Come-from-Beyond]

Wouldn't it be the simplest fix to check in the method verify() if v is smaller than the group order and return false if that is not the case?

We chose (2) coz this solves other issues too.

[antanst]

Respect. Thanks for not being malicious, and congratulations to the team for the phenomenal response.

[BloodyRookie]

Wouldn't it be the simplest fix to check in the method verify() if v is smaller than the group order and return false if that is not the case?

We chose (2) coz this solves other issues too.

And those other issues are?

[doctorevil]

Wouldn't it be the simplest fix to check in the method verify() if v is smaller than the group order and return false if that is not the case?

Kinda.  Signature canonicalization is tricky to rollout.  First you need to make sure sign() never outputs a v larger than the group order; then you need to patch verify to reject sigs where v is larger than group order.  However, if there are fubar v's already on the blockchain that don't follow the new rules you need logic to grandfather them in.  That said, neither of these changes is prudent to do without getting review from a few folks who grok crypto since you're really tinkering with voodoo sex magic at this level ... especially given the obfuscation the optimizations in Curve25519.java add.

The sign() function should also be modified per your earlier recommendation to prevent it from outputting things that won't verify and need be retried ... I kinda have conflicting thoughts ATM about the best way to do this ... still thinking it through. 

BTW, your earlier analysis was so close to spotting this security flaw ... I'm kinda surprised you didn't stumble into it.

[Come-from-Beyond]

And those other issues are?

Can't tell without revealing the injected fatal flaw that is not found yet.

[hughmanwho]

10BTC for a Nxt fix...  should have been paid in Nxt.  I'll donate some your way as soon as I get home and have wallet access!  I'd suggest everyone else also send some Nxt to give him more of a vested interest in keeping us all safe

And big thank you for not stealing all the Nxt from dgex or BTER, turning around and selling them, making a profit probably bigger than 100 BTC yourself, while probably crashing Nxt down to 0.000001 BTCs and instead helping out the community and this very promising coin.  Must have been tempting.  It's nice to know we have someone as awesome as you in the community!

[allwelder]

you are a evil,but a best one for Nxt.

[mannimmond]

is this fixed now??

[salsacz]

yes

[lucky88888]

WoW... That is one scary exploit!
You just saved all of our asses for being honest! I thank you for that!

EDIT:You truly deserved every single btc from the 10BTC rewarded to you.

[mannimmond]

good guy. definitely deserves some big nxt!

[BloodyRookie]

BTW, your earlier analysis was so close to spotting this security flaw ... I'm kinda surprised you didn't stumble into it.

Maybe I was too much concentrated on finding the bug that made verification fail sometimes. Your marvelous, evil mind was needed to find the flaw

[2Kool4Skewl]

Thank you for pointing out the vulnerability and not exploiting it.  I'm glad you're part of our community.

Honesty and integrity should be rewarded.  I'm sending some Nxt your way.

[Graviton]

What a blessing to have Doctorevil onboard! Keep up the good work.

[EvilDave]

And a thumbs up from me, thanks, man!

Now, about the shark lasers.....