1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <etotheipi@gmail.com>) id 1ROXDs-0000JT-Oz
for bitcoin-development@lists.sourceforge.net;
Thu, 10 Nov 2011 16:11:28 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.212.47 as permitted sender)
client-ip=209.85.212.47; envelope-from=etotheipi@gmail.com;
helo=mail-vw0-f47.google.com;
Received: from mail-vw0-f47.google.com ([209.85.212.47])
by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-MD5:128)
(Exim 4.76) id 1ROXDn-0004QX-GH
for bitcoin-development@lists.sourceforge.net;
Thu, 10 Nov 2011 16:11:28 +0000
Received: by vwe42 with SMTP id 42so3364341vwe.34
for <bitcoin-development@lists.sourceforge.net>;
Thu, 10 Nov 2011 08:11:18 -0800 (PST)
Received: by 10.52.24.11 with SMTP id q11mr13783286vdf.83.1320941476801;
Thu, 10 Nov 2011 08:11:16 -0800 (PST)
Received: from [192.168.1.85] (c-76-111-108-35.hsd1.md.comcast.net.
[76.111.108.35])
by mx.google.com with ESMTPS id ey9sm12732723vdc.19.2011.11.10.08.11.14
(version=SSLv3 cipher=OTHER); Thu, 10 Nov 2011 08:11:16 -0800 (PST)
Message-ID: <4EBBF7A7.8030708@gmail.com>
Date: Thu, 10 Nov 2011 11:11:19 -0500
From: Alan Reiner <etotheipi@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.2.23) Gecko/20110921 Thunderbird/3.1.15
MIME-Version: 1.0
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative;
boundary="------------040906040300090304080306"
X-Spam-Score: -0.8 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(etotheipi[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.2 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1ROXDn-0004QX-GH
Subject: [Bitcoin-development] Wallet encryption issue
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2011 16:11:28 -0000
This is a multi-part message in MIME format.
--------------040906040300090304080306
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sorry guys, I just realized I should've posted this to the dev list
first, before/instead of putting it on the forums.
https://bitcointalk.org/index.php?topic=51474
*I still have some of my private keys in plaintext. *I would guess that
BSDDB sometimes will "overwrite" data by just discarding a pointer to
the old data, and writing the replacement to a new location within the
file. In that case, examining the file with a BSDDB library tool is not
going to find this problem. You'll have to examine the raw binary file
as I did. Instructions for verifying this problem are in the post.
Can someone please verify that this is a real problem? (and should we
maybe remove my post until there's a remediation plan? This is problem
the best kind of problem to disclose after it's fixed)
-Alan
--------------040906040300090304080306
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
Sorry guys, I just realized I should've posted this to the dev list
first, before/instead of putting it on the forums. <br>
<br>
<a class="moz-txt-link-freetext" href="https://bitcointalk.org/index.php?topic=51474">https://bitcointalk.org/index.php?topic=51474</a><br>
<br>
<b>I still have some of my private keys in plaintext. </b>I would
guess that BSDDB sometimes will "overwrite" data by just discarding
a pointer to the old data, and writing the replacement to a new
location within the file. In that case, examining the file with a
BSDDB library tool is not going to find this problem. You'll have
to examine the raw binary file as I did. Instructions for verifying
this problem are in the post.<br>
<br>
Can someone please verify that this is a real problem? (and should
we maybe remove my post until there's a remediation plan? This is
problem the best kind of problem to disclose after it's fixed)<br>
-Alan<br>
<br>
<br>
</body>
</html>
--------------040906040300090304080306--
|