API tools faq
paste
Advertisement
Guest User

Kanzure/Gwern

a guest
Dec 9th, 2015
206
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.67 KB | None | 0 0
raw download clone embed print report
  1. 16:28 <@gwern> kanzure: the signed messages were all to wrong keys, is the problem. and it made things even harder to writeup. you know the editor didn't even want me to mention the blocksize controversy or nick szabo because we'd have to explain them to regular readers?
  2.  
  3. 16:28 < kanzure> huh? shouldn't [the journalists] mention it was the wrong key?
  4.  
  5. 16:29 <@gwern> kanzure: all the other satoshi keys were uploaded 2008/2009 as far as we could tell, but of course, the keyservers don't give you any unforgeable timestamps, so it's the same problem as the blog posts - only circumstantial evidence
  6.  
  7. 16:29 < kanzure> you're talking about the satoshin@vistomail.net key, and not the satoshi@vistomail.net key, right?
  8.  
  9. 16:30 <@gwern> kanzure: the non-bitcoin.org keys
  10.  
  11. 16:30 < kanzure> btw, satoshi nakamoto never signed anything [in public, using the bitcoin.org satoshi nakamoto key]
  12.  
  13. 16:30 <@gwern> sure, it points to wright being satoshi - but on the alternate theory that wright has been forging all this stuff as a hoax, he could have created the keys recently with backdated timestamps and uploaded them. since they don't offer any evidence one way or other and are hard to explain, they got cut
  14.  
  15. 16:43 < kanzure> 16:41 <gmaxwell> Existance of a pgp signature could be proved without revealing the message, only its hash.
  16.  
  17. 16:43 <@gwern> really? I didn't know that
  18.  
  19. 16:43 < kanzure> are you willing
  20.  
  21. 16:44 <@gwern> hm. I guess that makes sense. you'd be verifying the signature part, not the hash
  22.  
  23. 16:44 <@gwern> right. a signature is a signed hash, etc. I'd just never realized before, or needed to, prove possession of a signature rather than message
  24.  
  25. 16:45 <@gwern> I mean, I can pull out the signatures, sure, but as I said, because they're all to the non-bitcoin.org key and there is nothing verifiably timestamping the uploaded keys to 2008/2009, the signed hashes would prove little
  26.  
  27. 16:46 < kanzure> so the signed messages from your purported vistomail leak are not to the bitcoin.org claimed satoshi nakamoto key?
  28.  
  29. 16:46 <@gwern> no, I already explained as much
  30.  
  31. 16:46 < kanzure> which leaks were these?
  32.  
  33. 16:46 <@gwern> this is a totally brand new set of leaks you have heard of solely through wired and gawker today, nothing whatsoever to do with earlier hacks
  34.  
  35. 16:57 < kanzure> 16:55 <kanzure> could you check if pgp.mit.edu timestamps can be trivially forged? or do you happen to know?
  36.  
  37. 16:57 < kanzure> 16:55 <gmaxwell> they can.
  38.  
  39. 16:57 < kanzure> gwern: i suggest that in the future if you want wired.com publicity that you can achieve that without wasting everyone's time. don't be so quick to sacrifice your pseudonym's reputation nor the time and patience of your readers.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!