dcousens | 8 years ago | on: Sudan, last male northern white rhino, dies in Kenya
dcousens | 8 years ago | on: Hacker News Clone Using GraphQL and React
dcousens | 8 years ago | on: Foxconn to Build $10B Factory in U.S
I think you agree with the OP?
dcousens | 8 years ago | on: Spoilerwall: Respond to port scanning requests with movie spoilers
dcousens | 8 years ago | on: Important security vulnerabilities in OpenVPN
dcousens | 8 years ago | on: Switching to the Mutt Email Client
dcousens | 9 years ago | on: Show HN: BreakLock – A hybrid of Mastermind and the Android pattern lock
dcousens | 9 years ago | on: Ask HN: Why doesn't Adobe just kill the Flash Player?
dcousens | 9 years ago | on: Saving the Internet 2000TB a Day: Fixing Font Awesome’s Fonts
dcousens | 9 years ago | on: About pull request reviews
dcousens | 9 years ago | on: Show HN: Tomato – Pomodoro Timer
dcousens | 9 years ago | on: Stealing Bitcoin with Math
The commit that fixed the issue: https://github.com/bitcoinjs/bitcoinjs-lib/commit/bc37e65014...
The issue itself was that a `Buffer` was being interpreted as `0` by crypto-js's cryptographic hash functions in our implementation of RFC6979, thus creating a case of duplicate `k` values.
The second most interesting point was the majority of the funds (>20k USD) stolen from Counterparty (the only known users of our master branch at that time) was returned by a grey hat.
dcousens | 9 years ago | on: Stealing Bitcoin with Math
dcousens | 11 years ago | on: BitcoinJS
Thanks for pointing this out, thankfully the implementation already failed on a negative s value, but you're correct in that it wasn't definitive.
I also whole-heartedly agree with your comment about the unnecessary inclusion of a bignum that allows for negative values. The lack of typing in this (and other cases) has lead to several problematic scenarios for users to the point we have littered the code with assertions to enforce whatever we can.
dcousens | 11 years ago | on: BitcoinJS
