Quote from: gavinandresen on July 25, 2010, 21:38:19 Great catch! Simpler fix is to specify the BIO_FLAGS_BASE64_NO_NL in the rpc.cpp/EncodeBase64 function SVN rev 111 Related posts: Re: JSON-RPC password Quote from: gavinandresen on July 21, 2010, 12:11:10 I just… Re: JSON-RPC password Quote from: gavinandresen on July 23, 2010, 15:11:45 […]

Quote from: BitLex on July 25, 2010, 20:45:38 i got some problems here too trying to get this run on PHP. so far i had no luck, neither the wiki-sample (jsonRPCClient trying to fopen(http://username:password@localhost:8332/)), nor my curl-sample (using setopt CURLOPT_HTTPAUTH, CURLAUTH_BASIC) seem to work. That’s strange, didn’t someone just say […]

Quote from: lachesis on July 25, 2010, 19:52:35 I found what appears to be a bug: with a long enough username and password combination, the base64 encoder in bitcoind produces authorization headers that look like this: Code: … Authorization: Basic YWJiYWJiYWFiYmE6aGVsbG93b3JsZGhlbGxvd29ybGRoZWxsb3dvcmxkaGVsbG93 b3JsZGhlbGxvd29ybGRoZWxsb3dvcmxk It inserts a newline every 64 characters, which […]

Quote Here is a paper that claims to find SHA-1 collisions in 2^52 crypto operations. And optimally secure hash would take 2^80 operations. 2^52 time is still large, but it is getting into cluster and botnet range. 2^80 is if you can use a birthday attack.  You can’t use a […]

Quote from: knightmb on July 25, 2010, 19:44:02 If I figure out that Public Key 123456 generates Hash ABCD and Public Key 654321 also generates Hash ABCD I’m still left without the Private Key. But from what you are saying, all I need is Public Key 654321 and I can […]

You stopped my post just in time! 🙂 Red, thanks for telling me privately first!  Please go ahead and post it (and relieve the suspense for everyone!) His point is that transactions paid to a Bitcoin Address are only as secure as the hash function.  To make Bitcoin Addresses short, […]

I think there is a pretty significant crypto flaw in Bitcoin as currently implemented. I’m not sure it is exploitable now (I’m not a real cryptohacker) but it is more than plausible that will be in the near future. The flaw would enable anonymous stealing of coins from arbitrary bitcoin […]

Please upgrade to 0.3.3!  Important security improvements were made in 0.3.2 and 0.3.3. New features: – Gavin Andresen’s HTTP authentication to secure JSON-RPC – 5x faster initial block download, under 30 minutes Related posts: Re: Bitcoin 0.3.2 released Anyone know where the changelist is, I’m curious to what… Re: Bitcoin […]

Was that on the test network? http://bitcointalk.org/index.php?topic=363.0 No. Please do these tests on the test network.  That’s what it’s for.  Thanks. Related posts: Re: a simple traffic load test run I have seen some speculation about scalability and denial of… Version 0.3.9 rc1, please test Here’s a test build if […]

I have seen some speculation about scalability and denial of service by spam transactions in the IRC channel so I thought it would be a good idea to try a test. I set up a stupid little bitcoind script on a couple of my linux machines to send 1000 tiny […]