[sorenso]

I'm not surprised.

But this sure surprised me:Pierrick Gaudry, from Lorraine University, was able to break the Ethereum-based smart contract encryption in only 20 minutes using nothing more than an average desktop computer and free, publicly available software. Gaudry estimates more modern equipment and sophisticated techniques could crack the encryption in only 10 minutes."

[dmix]

Poor programming and cryptography by the contract developers is always going to be the biggest weakness of smart contracts. This one was developed by a government entity so the quality issue is not really surprising...

> It was developed in-house by the Moscow Department of Information Technology

The developers claim [1] they were only using a weak private key during a "trial period" which doesn't really make sense. Who releases a different public/private key scheme before launching into production?

If the development team doesn't hire outside security testing or request public review - to test the real software - then it's pretty useless. Their response notes a meetup in Moscow in Sept (which is the same month as the election?) which seems like a strange requirement if they were expecting solid public feedback.

1. https://medium.com/@unassuming_teal_crab_127/dear-julia-7bac...