Craig Wright is such an obvious fraud, liar and attentionseeker, but puts this fake "I don't want to be public!" facade on. If he was actually Satoshi he would've already been able to show it. People giving him the light of day are doing everyone a disservice.
Maybe we could change the link to point @ the Vimeo link, or is there a better one directly from GQ instead (I keep getting taken to the German GQ and can't figure out how to get the English version, so can't find it myself)
People in tech shouldn't accept that kind of bullying from asshats like Craig Wright. Courtois clearly outgunned him intellectually, but he still let himself be shouted at.
If you liked that, there's a long article out there somewhere in New Yorker or some such mag about two kids who got in way over their heads with russian gangs bringing drugs into the automated container facility on rotterdam's docks.
That said, I'd love it if someone could explain the argument by the other cryptographer. At the beginning (I couldn't make it to the end of the recording, the exchange was just painful to listen to) he's saying if you have the source code to a RNG, you can derive private keys just by looking at encrypted messages? As an absolute statement that is obviously nonsense, but I feel there's some important context missing to parse the critique.
I'm not sure I have it, but I believe that with DSA, given the message, signature and message specific private value, you can derive the private key. Wright is calling that message specific value a nonce, but for DSA, it has to be secret and unpredictable ( https://rdist.root.org/2010/11/19/dsa-requirements-for-rando... ).
In the Playstation hack, a single private value was mistakenly used in multiple messages (so it could be recovered from just a couple signatures https://www.imperialviolet.org/2013/06/15/suddendeathentropy... ), but it's also true that if you have information about how the private value was created and it was poorly done, you can just check all the remaining possibilities. So that's what the cryptographer is talking about, given information about sufficiently poor generation of the message specific secret, you can pull private keys out of a single signature.
But in the context of bitcoin, it seems likely that if the bitcoin client originally had such a problem, someone would have already exploited it to steal funds. All the old funds, mined with the original version of the bitcoin software, are still just waiting there at the original addresses.
Especially in light of the creative crypto attacks people have done on other implementations (like the one where attackers stole from android wallets based on a flaw in the system-wide android PRNG). Money is a powerful motivator.
I have learned to love meetings like this one, when customers behave like Mr. Wright. Seeing them in such a ridiculous position is a joy. So much joy, that I find myself worried about my brain health.
Is there still any belief in serious circles that Wright is SN? Whatever happened to those credible thought leaders who initially supported his claim? I lost track of this after the initial splash announcement and immediately ensuing controversy.
21 comments
[ 3.2 ms ] story [ 50.9 ms ] threadhttps://vimeo.com/177403785
http://www.lrb.co.uk/v38/n13/andrew-ohagan/the-satoshi-affai...
EDIT: not as funny as this clip though. The man is a transparent fantasist/fraudster.
It is like something out of Breaking Bad
It's not as long-form as I remember but still a fun read.
Craig Wright is a fantasist and conman.
That said, I'd love it if someone could explain the argument by the other cryptographer. At the beginning (I couldn't make it to the end of the recording, the exchange was just painful to listen to) he's saying if you have the source code to a RNG, you can derive private keys just by looking at encrypted messages? As an absolute statement that is obviously nonsense, but I feel there's some important context missing to parse the critique.
In the Playstation hack, a single private value was mistakenly used in multiple messages (so it could be recovered from just a couple signatures https://www.imperialviolet.org/2013/06/15/suddendeathentropy... ), but it's also true that if you have information about how the private value was created and it was poorly done, you can just check all the remaining possibilities. So that's what the cryptographer is talking about, given information about sufficiently poor generation of the message specific secret, you can pull private keys out of a single signature.
Especially in light of the creative crypto attacks people have done on other implementations (like the one where attackers stole from android wallets based on a flaw in the system-wide android PRNG). Money is a powerful motivator.
I have learned to love meetings like this one, when customers behave like Mr. Wright. Seeing them in such a ridiculous position is a joy. So much joy, that I find myself worried about my brain health.
Weird comment, I know.