The Iota developers haven’t been able to explain to me why they think their insecure hash function is safe, so they’ve instead dumped a bunch of private emails with security researchers who reported it.https://twitter.com/tangleblog/status/967513038374031360 …
-
Show this thread
-
Replying to @matthew_d_green @zooko
Not a fan of IOTA but AFAIK it's not a cryptographic hash. Kinda like consistent hashing.
2 replies 1 retweet 5 likes -
Replying to @therevoltingx @zooko
They hashed messages and then signed them. So yes, it was a cryptographic hash.
1 reply 0 retweets 5 likes -
If you hash messages and then sign them, your signature is valid for any message with the same hash. If your hash isn’t cryptographic that means you can forge signatures on new messages.
3 replies 1 retweet 7 likes -
(facepalm) Matthew: the curl-p hash function did nothing. It was a trick. The coordinator did the work. It was a bit of sleight-of-hand meant to frustrate scammy code cloners. The collisions *was the intended function*: misdirection.
4 replies 4 retweets 24 likes


$IOTA #StoreOfDrama
Debunking the ‘IOTA Vulnerability Report’ – IOTA Demystified – Mediumhttps://medium.com/iota-demystified/debunking-the-iota-vulnerability-report-c40fb07a6ae8 …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.