security – The shortest ECDSA signature

the shortest ecdsa secp256k1 outputs I’ve ever seen have

x value = 3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63

0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0 --> 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63, 0x3f3979bf72ae8202983dc989aec7f2ff2ed91bdd69ce02fc0700ca100e59ddf3
0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1 --> 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63, 0xc0c686408d517dfd67c2367651380d00d126e4229631fd03f8ff35eef1a61e3c

in your ecdsa function, if you use

p = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141

then you can derive the above results using

((p-1)/2) = 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0

or

((p+1)/2) = 0x7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1

if there is anything smaller, i’d be curious to see it.

Edit

due to comments, I have been directed to a testnet tx that suggests maybe you can get R=1. thanks to amaclin.

testnet tx c6c232a36395fa338da458b86ff1327395a9afc28c5d2daa4273e410089fd433

this tx appears to validate,
there are also others,
c42bea01f1387072772759f32ad860a680e0eea5664732bf2057a66780e7a25d

23202c2534be0567d4b339142f8a9a53545123eb61f61717fdedbef8effc53e0

maybe even more, please add to comments if so.

if I validate the public key signature

026d2204a9535443657a88a0724fbd49a0e78d305f50a82f2cc9dd9bea10a6c5cd

taken from the testnet tx

c6c232a36395fa338da458b86ff1327395a9afc28c5d2daa4273e410089fd433

it gives this point where the x = 1

(0x01, 0xbde70df51939b94c9c24979fa7dd04ebd9b3572da7802290438af2a681895441)

while I can’t verify that this point is actually on the sep256k1 curve, it seems to behave like it is, so this is a very interesting one.

if I multiply this point several times by 0x5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72 (lambda value from here)

it produces this cycle of points (3 points with same Y)

(0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee, 0xbde70df51939b94c9c24979fa7dd04ebd9b3572da7802290438af2a681895441)

(0x851695d49a83f8ef919bb86153cbcb16630fb68aed0a766a3ec693d68e6afa40, 0xbde70df51939b94c9c24979fa7dd04ebd9b3572da7802290438af2a681895441)

(0x01, 0xbde70df51939b94c9c24979fa7dd04ebd9b3572da7802290438af2a681895441)

if I do the same with the inverse of the point, I get these (inverses of above)

(0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee, 0x4218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee)

(0x851695d49a83f8ef919bb86153cbcb16630fb68aed0a766a3ec693d68e6afa40, 0x4218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee)

(0x1, 0x4218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee)

The X value

0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee 

in some of those results, also happens to be the beta value from here

security – Is each Bitcoin address unique?

TL;DR: There are so many addresses that it is improbable that anyone will ever generate a duplicate of another address in use – as long as random number generators work as they should.

2^160 possible addresses

Bitcoin addresses consist of an alphanumerical string with a length of up to 34 characters, excluding the capital “O”, the capital “I” and the lowercase “l”, as well as the number “0”. This would allow for 58^34 possible combinations, however, as some of the positions are used for a checksum this is reduced to 2^160 valid addresses. The checksum on the other hand allows to detect mistyped addresses as invalid, so that it is highly unlikely to accidentally input another valid address.

Chance of 3.42*10^(-27) for a collision at one trillion addresses

Even if we generously assume that at some point there will be one trillion addresses (approx. 160 for each of this planet’s population), according to the simple approximation formula for the Birthday attack given on Wikipedia, the chance is 3.42*10^(-27) that any two of those Bitcoin addresses collide. In comparison, the figure of addresses that were ever used to receive bitcoins was just over 13 million in May 2013.

Address space could be augmented

Especially as the protocol at any point could be adapted to accept even longer addresses, we can say, yes, it is theoretically possible, but unlikely enough that we can assume for our purposes that it will never happen.*

It’s impractical to generate addresses for gain

To answer your other question: For each address there apparently are 2^96 different private keys whose corresponding public key will map to the same address. So to actually try to pursue Bitcoin theft, it would be much more sensible to just generate random private keys and hope to find one that has a corresponding address with money on it. In all likelihood the power for such calculations would cost more than anyone could earn with such a scheme.

*As long as certain random number generators work as well as they should… 🙂

security – Is it bad idea to store my passwords on blockchain with a smart contract?

I want to save my passwords and some other personal data on a ethereum like blockchain. it seems more persistant to me. I may lose my e-mail , my pc may crush and I may lose my usb stick. But nothing will happen to a blockchain.

I will encryp it and put require(msg.sender,myaddress); to even read functions.
But still is there a way someone else can retrieve these information as it would be very bad because they could just easily login to my wallets with that info and steal funds.

security – In AFWall+, how do you block everything by default?

I want the default to be blocked unless I specifically allow that app. I understand you can tick all what you want blocked or not. But, what I want is for any app that gets installed to be automatically, completely, blocked from the git go – unless I get in AFWall+ and allow it. So if an app called X is installed, it wouldn’t have any access to network without me having to block it. Appreciate any pointers.

security – What would happen if SHA256’s pre-image or collision resistance would be broken?

Preimage resistance and collision resistance are not absolute, they are just matters of amount of computation that is necessary to solve certain problems. For example, for an ideal hash function with 256-bit output, an order of 2256 evaluations are needed to find a preimage, and an order of 2128 evaluations are needed to find a collision. Anything less is considered an attack.

For example, if you can find collisions with just 2124 evaluations (and not because you are lucky, but because you use some approach specific to the function), this is an attack, but it is not practical because 2124 is still immensely large.

Moreover, for Bitcoin mining, you need to find only partial preimages, not full preimages. For example, to find a value such that first 50 bits of its hash are zeros, you need 250 hash evaluations, assuming the hash is ideal. And there is a problem: if the hash is not preimage-resistant (so you need, for example, just 2240 evaluations to find a preimage, rather than 2256), this doesn’t tell anything about resistance to finding partial preimages (so the above problem may still take 250 evaluations, but may take only 234). And lack of collision resistance doesn’t tell anything at all about the difficulty of finding partial preimages. However, Bitcoin depends on collision resistance of SHA256 in other places, so it is still important.

security – Malicious code on a WP site‏

So the other day I received a message from Google Search Console alerting that one of the websites I host contain malicious code, and I did manage to find numerous encrypted code lines in several files including wp-config.php and inside a plugin which was installed and activated (not by me) and contained some encrypted code in its settings.
I’ve deleted everything I found, installed the Sucuri Security plugin, and after scanning I installed WordFence which found a few more malicious files. I know for 100% that a “nulled” theme is the source of the malicious code. I’ve replaced the theme with an authentic one and also reinstalled its plugins.

My question, is it possible to clean an infected WP website? I mean the malicious code/hacker must have gotten access to the database/other sites on the server which probably doesn’t give me any other choice but rebuild am I, right? What’s your opinion?

I also would like to point out that the infected website has high traffic, which made it valuable for the “hacker”, which what probably brought him to insert extra code into the site (which is something I didn’t notice in other websites that use the same theme but have less traffic).

Let me know if there’s a complete procedure I can do that will clean this website & database completely from any malicious code.

Thank you and regards.

security – How many peers do you need to securely synchronize with the blockchain?

One! Your full node will check every transaction and every block for validity while synchronizing. You therefore can be sure that whatever blockchain data your node accepts follows all rules of Bitcoin. If you are provided the correct blockchain, a single node will be able to provide all data for you to catch up with the network’s blockchain tip.

That said, your node will accept any data that follows all rules of Bitcoin. If an attacker knew that you were going to synchronize from scratch, they managed to sybil your node, they could attack you in two ways. First, they could withhold data from you, i.e. not give you the complete blockchain. The attacker could use this to set you up for a doublespend, by sending you money that they’ve already sent somewhere else in a block that they didn’t tell you about. This is easy to defend against, by requiring confirmation before accepting payments or by verifying your local blockchain tip against the network’s via third party resources such as blockchain explorers.

The second attack would entail feeding you a series of blocks that are not part of the most-work blockchain. This would require an immense amount of work as the blocks would have to adhere to the current network’s difficulty level to pass your full node’s verification. These blocks would have to be tailored to an attack on you, to include one or more transactions that send money to you that the attacker wants you to be believe to be valid. Mining valid blocks that are not part of the most-work chain is an investment on par of finding the same number of blocks in the most-work chain. Unless you’re routinely accepting very large payments with few confirmations, you are not a likely target to such an attack on the Bitcoin blockchain. Note that some altcoins have very low difficulty levels and the cost of creating valid blocks would therefore be significantly lower.

The latter two scenarios are why generally Bitcoin nodes will connect to eight peers (and SPV nodes usually to four) and compare all of these peers’ information about their best blockchain tip. Your node will still only download each piece of blockchain data a single time (as it can verify that it is part of the most-work blockchain).

security – Is it safe to use the basic administration with reduced rights for private member space

I know it´s not clearly a technical question, I did not find on the Web (maybe my location makes the job harder).
I have to develop a private member space.
It´s easier for me to use the administration with reduced rights but I´m little scary to make problems of security.
Is it safe to do this or make a private member space only on front-end is a clearly better way to do that ( excluding the question of user interface customizing ) ?

html – Are there security issues around controlled cross site sharing behind SSO?

Very simply we have a ton of websites at our company behind SSO.

I am having a hard time figuring out what security issues there are if we open cross-site sharing between these sites but wanted to get a broader view. This is really a result of browser updates around cross site sharing in iframes in chrome and IE a few months back. With those security features disabled at the browser level (yes we will not have users do that) iframing within our sites work fine.

Let me give you context of the specific problem:

  1. example.com – main site
  2. subdomain1.example.com – subdomain we have a ton
  3. subdomain2.example.com – another sub
  4. example.login.com – SSO server we authenticate to
  5. example.cms.com – random vendor that uses our SSO

So right now as long as the servers in 1, 2, and 3 allow cross site sharing iframes work… as long as your cookie/token is already active. If it is not active then it just errors out trying to connect to example.login.com.

We are discussing changing the CORS/sharing settings on the login server and others brought up possible security issues. I just don’t see how there are issues with clickjacking or anything else when we control all of the sites ourselves. Am I missing something here? Are there security issues with sharing between controlled tenets? Let me know if I need to provide anymore info.