Satoshi Nakamoto - Satoshi Nakamoto -

How Craig constructed the "message" that he "signed" using Satoshi's key

Craig was a bit clever here. He did not cheat, and did not use modified command line tools. He indeed posted a message signed by Satoshi's key, that validates correctly. This might explain how he fooled a few people. However, that message just so happens to be a hash of an early Bitcoin transaction, not anything proving his identity. Here's how he did it.
First, check out Dan Kaminsky's blogpost for less-stupid instructions and an archive of the files you need (instead of having to transcribe hex from Craig's post). Although Dan concludes that the signature does not validate, that's actually only due to the & vs. && bug in the last bash command. If you run the corrected command, it works:
$ base64 --decode signiture.der > sig.asn1 && openssl dgst -verify sn-pub.pem -signature sig.asn1 sn7-message.txt Verified OK 
What's the signed message? This:
$ xxd sn7-message.txt 00000000: 479f 9dff 0155 c045 da78 4021 7785 5fdb [email protected]!w._. 00000010: 4f0f 396d c0d2 c24f 7376 dd56 e2e6 8b05 O.9m...Osv.V.... 
That's just binary junk. It was really signed by Satoshi though.
We now know that the signature turned out to correspond to a real Bitcoin transaction (credit to JoukeH). Compare its input script with:
$ xxd sig.asn1 00000000: 3045 0221 00c1 2a7d 5497 2f26 d14c b311 0E.!..*}T./&.L.. 00000010: 339b 5122 f8c1 8741 7dde 1e8e fb68 41f5 3.Q"...A}....hA. 00000020: 5c34 220a e002 2066 632c 5cd4 161e fa3a \4"... fc,\....: 00000030: 2837 764e ee9e b849 75dd 54c2 de28 65e9 (7vN...Iu.T..(e. 00000040: 7525 85c5 3e7c ce u%..>|. 
So where did sn7-message.txt come from? To put it together, we need to follow the OP_CHECKSIG documentation. Specifically, the message to be signed is the transaction, but with the input script replaced with the output script of the transaction that sent the coins in the first place, plus the hash type value of '1'.
First we download the two transactions:
$ curl -so send.bin $ curl -so spend.bin 
Then we dike out the script bit from send.bin and insert it into spend.bin, replacing the input script, and append '1' as a 32-bit little endian integer:
$ head -c 41 spend.bin >sig_txn.bin $ dd if=send.bin bs=1 skip=204 count=68 status=none >>sig_txn.bin $ tail -c 161 spend.bin >>sig_txn.bin $ echo -ne '\x01\x00\x00\x00' >>sig_txn.bin 
Take the SHA-256 hash and there you go:
$ sha256sum sig_txn.bin 479f9dff0155c045da78402177855fdb4f0f396dc0d2c24f7376dd56e2e68b05 sig_txn.bin 
You can also validate this against the Signature Hash field in webbtc's script debug view. Bitcoin actually does a double SHA-256 here, once as part of the protocol, and once as part of the elliptic curve code. So apply sha256sum again:
$ sha256sum sn7-message.txt 3ec9cbc0d1aa849c16a1b276b246e057e7232b21926e428cc09b692c14336f44 sn7-message.txt 
... and you get the Signature Hash.
Interestingly, the source address of this transaction (the bit cut out from send.bin) is the same as in the example on the OP_CHECKSIG documentation wiki page - so he was too lazy even to pick another address, although he picked a different spend transaction.
This is what us security guys call a replay attack. Well played, Craig.
Edits: links and spelling.
Edit2: to make it clear, as bedstefar points out, this doesn't prove that Craig is not Satoshi. It only proves that his blog post doesn't prove that he is Satoshi, and anyone could've written a similar blog post.
Edit3: the blog post does claim that the (incompletely displayed, unverifiable) Sartre text hashes to the same hash as my sig_txn.bin. That much is obviously a lie and patent nonsense, unless you believe he's the first person in the world to come up with a SHA-256 preimage attack. He didn't have to doctor any screenshots or tools for that, the lie is that where he says "The contents of this file have been displayed in the figure below." he's displaying the contents of a different file.
Edit4: Wow, thanks for the gold!
submitted by marcan42 to Bitcoin [link] [comments]

Dan Kaminsky: How the Internet Actually Works @ r00tz'16 DEF CON 24 Life on Bitcoin - YouTube Bitcoin nasıl alınır? Bitcoin ve altcoin satın alma - YouTube Earn 180$ To 223$ On Bitcoin Per Day Dan Kaminsky - YouTube

Wikimedia Deutschland e. V. Über uns. Stellenangebote. Impressum & Kontakt. Mitwirken. Mitglied werden. Jetzt spenden. Mittelverwendung. Vereinskanäle. Unser Blog Some people were suspected of being Satoshi Nakamoto, like Gavin Andresen, Chief Scientist at the Bitcoin Foundation, as well as Dan Kaminsky. A recent revelation has led many to now suspect a man named Yasutaka Nakamoto, the drug runner of the 'King of Cocaine' himself, Pablo Escobar, as possibly being the real Satoshi Nakamoto. Yasutaka Nakamoto was the brother of Dorian Satoshi Nakamoto ... Craig Wright veröffentlichte die kryptografische Signatur in seinem Block, die laut den Forschern Dan Kaminsky und Jeff Garzic ein Betrug war. Am 5. Mai 2016 schickte Wright eine E-Mail mit einem Link zu der neuen Geschichte: "Craig Wright ist in Großbritannien mit strafrechtlichen Anklagen und schwerer Gefängnisstrafe konfrontiert." Wright erklärte, dass "ich als Schöpfer von Bitcoin die ... I tried to hack BitCoin and failed - Dan Kaminsky ( submitted 6 years ago by imbspar. 133 comments; share; save; hide. report; other discussions. Want to add to the discussion? Post a comment! Create an account. 0. 1. 2. NEWS Dan Kaminsky in 2013: "what do we do about the fact that we’ve built a global economy on a system optimized for moving pictures of cats ... Craig Wright published the cryptographic signature in his block that according to researcher Dan Kaminsky and Jeff Garzik was a scam. 5 May 2016, Wright sent around an e-mail with a link to the new story: "Craig Wright faces criminal charges and serious jail time in the UK." Wright stated that "I am the source of terrorist funds as bitcoin creator or I am a fraud to the world. At least a fraud ...

[index] [38] [32898] [17373] [43260] [21871] [42113] [22631] [21782] [50329] [51072]

Dan Kaminsky: How the Internet Actually Works @ r00tz'16 DEF CON 24

Eh, pernah nggak sih kalian denger tentang bitcoin? Atau bertanya Apa sih Bitcoin itu? Yang katanya Bitcoin nilainya setara dengan ratusan juta rupiah loh! I... Gier frisst Hirn. Diese einfache Erkenntnis ist nicht neu. Denken wir nur an die börseneuphorische, die sich vor knapp 20 Jahren weltweit aufba... in 2013, a young couple decided to put Bitcoin (and themselves) to the ultimate test. If Bitcoin is going to change the world, it has to start with regular people using it every day. Bitcoin nasıl alınır diye merak ediyorsanız, hem BTC hem de altcoinlerin nasıl alınabildiğini... In his fascinating talk at r00tz, Dan Kaminsky spoke about how the Internet came to be and how it actually works: "You have to understand how things work, but you also need to understand how ...