10

Looking at the code of the iota.lib.js' bundle creation mechanism, a normalized hash is computed and then checked for inclusion of 13 /* = M */. If one is found, the obsoleteTag is incremented, and the hashing is repeated.

What is the reason behind a 13 indicating an insecure bundle hash?

mihi
  • 7,324
  • 2
  • 15
  • 34
Akkumulator
  • 1,468
  • 9
  • 19
  • 3
    When the normalized hash contains a 'M', the signing process will leave that block of the private key unhashed. If there was a bug in generating the private key that allowed correlations from a leaked block to future blocks, it would cause more than that one block to leak. The IOTA foundation promised a blog post about the backgrounds when they (turned off the coo for 3 days and) fixed that bug, but so far nothing was released, so I guess any answers to that question which do not come from the core team would be speculation. – mihi Jan 12 '18 at 19:25
  • I’m voting to close this question because it is about the legacy-network and it is a good idea to keep only Shimmer/ShimmerEVM and latest IOTA Chrysalis questions – Antonio Nardella Apr 24 '23 at 14:05

1 Answers1

9

There was a bug in the wallet software related to absence of https://github.com/Come-from-Beyond/ISS/commit/de1a279450558848a81858fd57b023719eb9a0d3. "M" should be avoided to prevent leakage of the corresponding (and following) private key fragments.

Come-from-Beyond
  • 1,540
  • 9
  • 15
  • And to clarify, do I understand this change correctly that implementing this change would change the key generation algorithm so everybody would have to transition again; therefore the IOTA foundation decided to "paper over" this bug instead of fixing by preventing 'M' in normalized hash? – mihi Jan 13 '18 at 12:58
  • Address generation algorithm would indeed be changed, for the IOTA Foundation's choice you should ask them. – Come-from-Beyond Jan 13 '18 at 13:08
  • 2
    What is your affiliation to the Foundation? I did ask them (shortly after the incident) and they said that they will make a blog post about this issue (describing both why it is insecure and why they decided to fix it as they did) available later. Not happened yet and being polite I don't ask again... – mihi Jan 13 '18 at 14:08
  • I code stuff which the Foundation uses in their projects. – Come-from-Beyond Jan 13 '18 at 15:54