You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is my understanding that this has not been addressed in Peercoin or Peershares.
Overview
Bitcoin protocol has an alert system to spread important news regarding the digital currency. Alerts are signed with a private ECDA key, so only the development team can issue new alerts. Nevertheless, prior version 0.7.0, alerts were identified by the hash of the message, which includes the signature. Bitcoin accepts BED-encoded signatures, which are malleable. An attacker build new signatures at a high rate by changing the signature of an alert still in circulation and therefore increasing dramatically the number of valid alerts spreading across the network. This leads to halting all Bitcoin nodes in the network by RAM exhaustion in approximately 4 hours. The attack is persistent, since if a nodes restarted get flooded again by online peers.
It is my understanding that this has not been addressed in Peercoin or Peershares.
Overview
Bitcoin protocol has an alert system to spread important news regarding the digital currency. Alerts are signed with a private ECDA key, so only the development team can issue new alerts. Nevertheless, prior version 0.7.0, alerts were identified by the hash of the message, which includes the signature. Bitcoin accepts BED-encoded signatures, which are malleable. An attacker build new signatures at a high rate by changing the signature of an alert still in circulation and therefore increasing dramatically the number of valid alerts spreading across the network. This leads to halting all Bitcoin nodes in the network by RAM exhaustion in approximately 4 hours. The attack is persistent, since if a nodes restarted get flooded again by online peers.
References
CVE-2012-4684
Announcement
The text was updated successfully, but these errors were encountered: