IOTA

Discussion in 'Digital Currencies' started by leo25, Nov 14, 2017.

  1. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    definitely arse, maybe front crack by her description.
     
    mmm....shiney! likes this.
  2. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    sadly i am :(

    from reading her tweets it was 2 days ago
    https://twitter.com/SarahJamieLewis/status/1015395299035045890

    seems the side tangle was stitched to the main tangle that took down all nodes. https://medium.com/@lewisfreiberg/whats-up-with-the-tangle-d825c692e7a8
     
  3. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    looks like a total clusterfuq as they scrambled to update their security hole before it was exposed at blackhat, which they didnt do in time.

    reads like a dogs breakfast of a project https://twitter.com/matthew_d_green/status/1027198787448659969

    kudos for fixing it but not being transparent and internal politics could make the whole thing implode.
     
    leo25 and mmm....shiney! like this.
  4. mmm....shiney!

    mmm....shiney! Administrator Staff Member Silver Stacker

    Joined:
    Nov 15, 2010
    Messages:
    18,610
    Likes Received:
    4,396
    Trophy Points:
    113
    Long history of a lack of transparency
     
    leo25 likes this.
  5. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya

    indeed

     
    mmm....shiney! likes this.
  6. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    every other coin in the top 10 has been more transparent. not sure i can site an example for another coin where a vulnerability was exposed, only partly fixed and the party that highlighted the vulnerability then being attacked.

    they have all been transparent about their code base and security, i would say these are fundamentals in any crypto and black hat to pwn the iota price even further after their presentation.
     
  7. mmm....shiney!

    mmm....shiney! Administrator Staff Member Silver Stacker

    Joined:
    Nov 15, 2010
    Messages:
    18,610
    Likes Received:
    4,396
    Trophy Points:
    113
    Bug bounties rewarding parties which find critical flaws are quite common. EOS has offered them, I think Nano maybe from memory and Dash are examples.
     
  8. mmm....shiney!

    mmm....shiney! Administrator Staff Member Silver Stacker

    Joined:
    Nov 15, 2010
    Messages:
    18,610
    Likes Received:
    4,396
    Trophy Points:
    113
    Didn’t the IOTA team claim at first that the bug was all part of their plan?
     
  9. leo25

    leo25 Well-Known Member Silver Stacker

    Joined:
    Jun 8, 2010
    Messages:
    3,585
    Likes Received:
    1,937
    Trophy Points:
    113
    I don't think IOTA is not being transparent. Rather the team don't really know what they are doing, so they can't really communicate something they don't know. They openly say they don't know how it will work in the wild!
     
  10. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    its more than a single (supposed) vulnerability. they admitted it and fixed it but are yet to fix it in the centralised coordinator node, which they now admit have been quietly trying to fix in the background. this will be the subject of the black hat presentation.

    definitely appear not to be a cohesive team, however they do at least acknowledge the vulnerability is serous.
     
  11. mmm....shiney!

    mmm....shiney! Administrator Staff Member Silver Stacker

    Joined:
    Nov 15, 2010
    Messages:
    18,610
    Likes Received:
    4,396
    Trophy Points:
    113
    Doesn’t matter that I don’t have the technical skills to understand or explain what the issue is. There’s enough comment from others pointing to a lack of honesty to satisfy myself.
     
  12. mmm....shiney!

    mmm....shiney! Administrator Staff Member Silver Stacker

    Joined:
    Nov 15, 2010
    Messages:
    18,610
    Likes Received:
    4,396
    Trophy Points:
    113
    The hallmark of a thinking individual is that they assess each issue on merit. I'm satisfied that IOTA is not for me as I'm satisfied that AGW is premised on shaky scientific ground. Let's focus on the topic and not on me.
     
  13. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    think you have the blinkers on still

    [​IMG]

    they way i read this they acknowledge its a problem and are concerned about the blackhat presentation.
     
  14. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    they are up for the crypto pwnies award at the blackhat conference, makes me think they are worried. also the fact that they are trying to update it, if they didnt see it as an issue why spend so much effort in changing it, especially before the blackhat?

    https://latacora.singles/2018/08/08/roca-vs-robot.html

    good luck to iota winning the pwnies award :)
     
  15. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    enough to call it out in their conference.

    its a real issue, blackhat presentations dont just present 'zomg we think this could be a problem'. theres billions at stake here, total recklessness.
     
  16. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    pwnies award nomination https://pwnies.com/nominations/

    IOTA Curl-P

    Credit: Ethan Heilman and Neha Narula

    We are informed reliably by the community of IOTA token owners on Twitter of the following important facts:

    Because of the unique challenges of operating in the space of cryptographic tangles it is necessary to compute using balanced ternary, with trits and trytes instead of bidgets and bytes. 3 is closer to the universal optimum 2.71 than is 2. Balanced ternary is the future, and so the cryptocurrencies of the future need a hash function optimized for their number system. Only IOTA (ticker: MIOTA) provides that today, with its proprietary Curl hash.

    There is no truth to the claims of Heilman and Narula that Curl could be broken using a cryptanalysis technique discovered in the 1970s and taught to college sophomores. Curl is not vulnerable to differential cryptanalysis. It is not trivially possible to generate practical collisions for messages of the same length. The paper Heilman and Narula wrote was irresponsible and sensational and they should be disgraced publicly. Heilman and Narula did not send the IOTA team valid payments that pay different amounts but hash to the same Curl value. Even if they did, the IOTA team knew about those vulnerabilities all along. Obviously, Heilman and Narula paid Black Hat to present their research there. Hopefully, the IOTA foundation will pay more to present their side next year.

    IOTA prices are rallying, building on current gains, poised to pop, outperforming another top 10 cryptocurrencies rated by market value as per CoinMarketCap. Buy now!
     
  17. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    lets see what they present at blackhat.
    facts: heilman and narula found the vulnerability, iota team acknowledged and changed it (including attacking them), except for their centralised controller and now argue internally that they havent fixed it in time for heilman and narulas blackhat presentation.
    do you still think its not a vulnerability? why did they update it?
     
  18. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    might be time to bow out of this thread again and admit no amount of evidence will sway the believer.
     
  19. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    ok ill bite, what was their reasoning for changing it?

    https://www.blackhat.com/us-18/brie...-forgeries-in-the-iota-signature-scheme-10891

     
  20. dozerz

    dozerz Well-Known Member Silver Stacker

    Joined:
    May 21, 2013
    Messages:
    2,248
    Likes Received:
    1,204
    Trophy Points:
    113
    Location:
    straya
    reads just as i stated, the vulnerability was found and they patched it, bringing the whole network down for 3 days while it was upgraded. they intended to also fix the cetralised controller but for whatever reason they havent gotten around to it, hence the vulnerability still exists.

    their presentation at blackhat was last week, seems to have triggered the leak of their board meeting.

    not something i would want to be heavily invested in, risk profile is off the charts, you have bigger cojones than me.
     

Share This Page