[ryan-c]

If anyone's particularly bored, the password, from which the master key used in my original backdoor is derived, should be fairly easy to crack. It is eight nonrandom characters.

[aexaey]

Actually, you don't need the master password to recover. Reusing master hash (MASTER_PUB_HEX) works just fine.

https://gist.github.com/aexaey/3646bb438f8712cbadf5/revision...

Scroll to the third change from the top - stupid github doesn't allow (an obvious) way to make a direct link to a particular gist's revision.

[ryan-c]

That only works in your changed version because it incorrectly uses MASTER_PUB_HEX as a private key.

[aexaey]

Well, that's the version that samvartaka linked to. ;-)

[ryan-c]

Well it isn't my code, which does not have that bug. Apparently it is possible to update other peoples gists? WTF? I've emailed the author to fix the link. I've also fixed the gist. No idea how that got there.

Mine is here: https://gist.github.com/ryancdotorg/18235723e926be0afbdd

Edit: Looks like you forked my code, replaced the curve25519 lib and broke the NOBUS and forward secrecy properties, then Nightling forked your fork (making no changes), and I accidentally hit fork on his fork.

[brianclements]

what a cluster fork