1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mark@monetize.io>) id 1VcjSI-0006sE-GP
for bitcoin-development@lists.sourceforge.net;
Sat, 02 Nov 2013 22:14:06 +0000
Received: from mail-ie0-f182.google.com ([209.85.223.182])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1VcjSH-0004uu-5s
for bitcoin-development@lists.sourceforge.net;
Sat, 02 Nov 2013 22:14:06 +0000
Received: by mail-ie0-f182.google.com with SMTP id as1so10127802iec.13
for <bitcoin-development@lists.sourceforge.net>;
Sat, 02 Nov 2013 15:13:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:message-id:date:from:organization:user-agent
:mime-version:to:subject:references:in-reply-to:content-type
:content-transfer-encoding;
bh=ZHLCGLtddUzVpBxcj8PyY9KvcJb0yrrAaIveNDbLZNA=;
b=XwOhlLI4HwhWw9rVxjFUOtBmXsQK2Di1ICNHMgtxZeM4cWEAyaVjB4Q+mb7wt2TqV8
Tu4jueGscLek0GAlZtNrj32lCrts82pBrJgRqNivuqArItTA8prHMpLDJ+M4tyRxXYfP
II6dSnbshCHD54fJgsVXo2lyOkeLi8eUF70i/MPL/Q2esDHgSt+vMgmL/kPPMJxBZvLv
Uyk5yGKrwu9mB3T5W1NHVB5Aab8EQVvoXcaCsXWrHyqO7kyhx7PUzbYk2qBtf5nB70Vb
nHBjBDI+6EXl7mwBxX2zTG0Ib/4ssSEtjyVDNH3SxKjc0LSNJB6k2Iovobsf46yXjWgh
ZGEA==
X-Gm-Message-State: ALoCoQnu0y11Jorl8E2JLWcUTJw01Mdwp3nfnY73VDLHoqqMlK9zv7FDvLQVV18TcwSr5YbvrTcQ
X-Received: by 10.50.66.163 with SMTP id g3mr6986775igt.20.1383429086976;
Sat, 02 Nov 2013 14:51:26 -0700 (PDT)
Received: from [192.168.1.118] (adsl-71-131-186-92.dsl.sntc01.pacbell.net.
[71.131.186.92])
by mx.google.com with ESMTPSA id i3sm12333474igh.0.2013.11.02.14.51.25
for <bitcoin-development@lists.sourceforge.net>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Sat, 02 Nov 2013 14:51:26 -0700 (PDT)
Message-ID: <527573DA.7010203@monetize.io>
Date: Sat, 02 Nov 2013 14:51:22 -0700
From: Mark Friedenbach <mark@monetize.io>
Organization: Monetize.io Inc.
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <20131102050144.5850@gmx.com> <52756B2E.7030505@corganlabs.com>
In-Reply-To: <52756B2E.7030505@corganlabs.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: enigmail.net]
X-Headers-End: 1VcjSH-0004uu-5s
Subject: Re: [Bitcoin-development] Message Signing based authentication
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2013 22:14:06 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Or SIGHASH of a transaction spending those coins or updating the SIN...
On 11/2/13 2:14 PM, Johnathan Corgan wrote:> On 11/01/2013 10:01 PM,
bitcoingrant@gmx.com wrote:
>
>> Server provides a token for the client to sign.
>
> Anyone else concerned about signing an arbitrary string? Could be
> a hash of $EVIL_DOCUMENT, no? I'd want to XOR the string with my
> own randomly generated nonce, sign that, then pass the nonce and
> the signature back to the server for verification.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSdXPaAAoJEAdzVfsmodw4+m8P/1Ce/PwZOYfiFuFJ8pmT2tb2
ro7tw7zSr12RSTvs+qRl7lDzJzQ6BDXOdXZCkcU0Vj3TDm8fdrrXN/iw3iQYU/5Y
3K7hj2mGqQUMovCLw0CbrMWrMvor7FhO6MZsRwe0+VxDV/dDrX5f5vSEhnkR26be
NrzOFU4hqGM3R4eLq8Bmw5rVD/VCrRzKoXXAvJb1EwM1+fQPjKi+bNMJu3reyfXU
5eMbbiM6tUMmPXy9M6vZrN+6ad53x3KUVP6+/hXxsrnfPp57WQzRZlvwTo/qdJ1C
Oxl71m6o2zkXbLTFmg1xmK/A4V1BPTLD6nLDIsw+wTBBfdn22pfDv6Q8d3VRctrd
6x+PMkwysoMjhemmkXCY/7G9GD6AGsrYSqIShSULd9QO5WxAFzRO01ewiRUCUFHi
Dn0LEjy8/R/CWK3jvj9uL3vQh9DLdOtqf/X7cEtjF3LThVP+stFTsmXObhTh/8Ai
YYjpnwOFG5ZtDzRZfP3OCwyhqlsaMlNgN4xnyR4GPaoJRP3a0zllblIbTWzg6nhY
jbON5Ec9N9txGhagYOoAvcQYqGyJdffkBzW82CRUsFYuYYmW2oLUQXPhAGDBIzzj
g/7RjMlM1OEp3qctxMZQlrTj7VJmhD768PRLh2XvEDmEC5Qb8Tcq28Nq5t85/O/6
i3+pzT5rMuiIZWLx7Msv
=tAUY
-----END PGP SIGNATURE-----
|