Re: [bitcoin-dev] KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected.

2018-04-10 Thread Jason Davies via bitcoin-dev
On 10 Apr 2018, at 00:39, m...@musalbas.com wrote: > The original disclosure didn't contain any information about the library > in question, so I did some digging. > > I think that the vulnerability disclosure is referring to a pre-2013 > version of jsbn, a JavaScript crypto library. Before it

Re: [bitcoin-dev] KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected.

2018-04-10 Thread Aymeric Vitte via bitcoin-dev
I used jsbn in the past, then I made some research too Apparently window.crypto.getRandomValues was introduced in jsbn mid 2012 (according to the wayback machine, but 2012/2013 does not make any difference, see below), was available in Chrome since 2011 (but indeed see

Re: [bitcoin-dev] KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected.

2018-04-10 Thread Jason Davies via bitcoin-dev
>> Note that even with v1.4, it still does not use high-quality entropy for >> Internet Explorer, because getRandomValues is provided under window.msCrypto >> for that browser. > > I don't know for that one, what was the issue? I simply meant that Internet Explorer implements the Web Cryptography

Re: [bitcoin-dev] KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected.

2018-04-10 Thread Aymeric Vitte via bitcoin-dev
Indeed, this impacts jsbn only normally since all others from the time getRandomValues was available are supposed to implement both Le 10/04/2018 à 15:32, Jason Davies a écrit : >>> Note that even with v1.4, it still does not use high-quality entropy for >>> Internet Explorer, because

[bitcoin-dev] Few questions regarding ListTransaction

2018-04-10 Thread Maksim Solovjov via bitcoin-dev
Hi, I have few questions regarding ListTransaction RPC call and I hope you can help me. Documentation for the RPC call is here: https://bitcoin.org/en/developer-reference#listtransactions 1. What does it mean for a transaction ( with 0 confirmations ) to be *trusted* or not? There is such field

Re: [bitcoin-dev] Few questions regarding ListTransaction

2018-04-10 Thread Joseph Gleason ⑈ via bitcoin-dev
2) -1 doesn't mean conflicted, it means the transaction is not only unconfirmed buy depends on another unconfirmed transaction. 1) Depends on what you mean by trusted. If you are giving the user online access to something that costs you next to nothing to revoke if there is a problem later, no

Re: [bitcoin-dev] Few questions regarding ListTransaction

2018-04-10 Thread Karl-Johan Alm via bitcoin-dev
Clarification on one part below: On Wed, Apr 11, 2018 at 2:21 PM, Karl-Johan Alm wrote: > On Wed, Apr 11, 2018 at 5:29 AM, Maksim Solovjov via bitcoin-dev > wrote: >> 1. What does it mean for a transaction ( with 0 confirmations

Re: [bitcoin-dev] Few questions regarding ListTransaction

2018-04-10 Thread Karl-Johan Alm via bitcoin-dev
On Wed, Apr 11, 2018 at 5:29 AM, Maksim Solovjov via bitcoin-dev wrote: > 1. What does it mean for a transaction ( with 0 confirmations ) to be > trusted or not? It is trusted if (1) it is final (i.e. it can't be replaced), (2) it is not in a block that was