Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Nice write-up explaining the problems, but the killer for me is a hint as to how others may have been fooled:

  Note that the antepenultimate line says ‘signiture’ instead 
  of ‘signature’, so the script doesn’t do what is claimed. In 
  particular, it reads the signature from the environment 
  variable ‘signiture’ rather than from the command-line 
  argument. Hence, if you populate the environment variable 
  with your own public-key, rather than Satoshi’s, you can 
  cause the test to pass!
Subtle and clever, if that is indeed what has happened.


Without getting into Sicilian poison cup arguments around "I knew they'd think that," I find it hard to believe that someone would go to all this trouble, then innocently publish their magic trick to the world in a screenshot like that.

Edit: to be clear, I'm inclined to believe Kaminsky et al that this is a ruse. I just don't think it's that ruse.


It isn't that ruse. I replicated the file that is verified in the screenshots - the ruse is that it contains an old bitcoin transaction from Satoshi rather than Sartre's writings.

https://rya.nc/sartre.html


Very nice writeup!


It was not. Gavin's discussion makes zero mention of anything to do with OpenSSL. In the account he gave to Wired, it was Electrum all the way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: