On Sat, Mar 8, 2014 at 11:34 AM, Luke-Jr <l...@dashjr.org> wrote: > On Wednesday, March 05, 2014 4:21:52 PM Kevin wrote: >> How can we patch this issue? > No need, it is not an issue for Bitcoin. > Properly used, there is only ever one signature per public key.
Security shouldn't depend on perfect use. There are many things that result in multiple key use: Bitcoin address authentication (something which the pool you created uses!), someone spamming you with multiple payments to a common address which you didn't solicit (what, are you just going to ignore the extra coins?), ... or just practical considerations— I note the mining pool you founded continually pays a single address for 'fall back' payments when it can't pay in the coinbase transact, I know you consider that a bug, but its the reality today. Most security issues aren't the result of one problem but several problems combined, so it's important to make each layer strong even if the strength shouldn't be important due to proper use in other layers. Fortunately, libsecp256k1 has a nearly constant time/constant memory access multiply for signing which should reduce exposure substantially (and is generally built in a way that reduces vulnerabilities). ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
