Hacker News new | ask | show | jobs
by PaulRobinson 3698 days ago
Nice write-up explaining the problems, but the killer for me is a hint as to how others may have been fooled:

  Note that the antepenultimate line says ‘signiture’ instead 
  of ‘signature’, so the script doesn’t do what is claimed. In 
  particular, it reads the signature from the environment 
  variable ‘signiture’ rather than from the command-line 
  argument. Hence, if you populate the environment variable 
  with your own public-key, rather than Satoshi’s, you can 
  cause the test to pass!
Subtle and clever, if that is indeed what has happened.
2 comments
geoelectric 3698 days ago
Without getting into Sicilian poison cup arguments around "I knew they'd think that," I find it hard to believe that someone would go to all this trouble, then innocently publish their magic trick to the world in a screenshot like that.

Edit: to be clear, I'm inclined to believe Kaminsky et al that this is a ruse. I just don't think it's that ruse.

link
ryan-c 3698 days ago
It isn't that ruse. I replicated the file that is verified in the screenshots - the ruse is that it contains an old bitcoin transaction from Satoshi rather than Sartre's writings.

https://rya.nc/sartre.html

link
geoelectric 3698 days ago
Very nice writeup!
link
aab0 3698 days ago
It was not. Gavin's discussion makes zero mention of anything to do with OpenSSL. In the account he gave to Wired, it was Electrum all the way.
link