Archive for November, 2012

Bitmessage v1.0: completely broken crypto

EDIT: This posts covered Bitmessage protocol v1.0 before it switched to OpenSSL ECC because of these problems. When I heard about Bitmessage (http://bitmessage.org) I was pleased to find a new privacy/security preserving project being born. But after I looked at the source code and grasped the crypto protocol (which is not described in the white […]

10 Comments

Lessons from DoS vulnerabilities found in Bitcoin

A month ago I presented my talk about Bitcoin and Mavepay at Ekoparty 2012. The second part of the talk was about Bitcoin vulnerabilities. I talked about the four Denial of Service vulnerabilities I found and “Avalanche”, the most deadly one, carefully hiding information not to let an attacker create an exploit. It was fun. […]

Leave a comment