- Still using the centralized coordinator
- Increased coordinator fee
- Only 2 pool size available
Remains vulnerable to https://groups.google.com/g/bitcoindev/c/CbfbEGozG7c/m/w2B-RRdUCQAJ
Discussion
- Huge mistake. They should have launched without centralized coordinator
- 5% is crazy.
- I'm actually OK with this. It just seems a waste of all that unspent capacity. I do understand the reasons why though.
I'm out.
Its the same fee as it used to be and it's important for Sybil protection.
Yeah I was wondering about that. Coordinator needs decentralisation.
…glad to see progress.
i appreciate your investigation here floppy
he apparently missed that they have a RSA key hardcoded into the client now
so... 😕
Seems like clients don’t verify that signatures actually come from that hardcoded key (which they are definitely able to do). Until that is done clients are still vulnerable to a coordinator tagging attack.
have you also verified about the signatures
or are you just taking floppy's word for it?
Ya `unblind` is called w/o signature verification. Easy fix http://ashicodepbnpvslzsl2bz7l2pwrjvajgumgac423pp3y2deprbnzz7id.onion/Ashigaru/Ashigaru-Terminal/src/commit/0bbed17ea5130bcf2aec5af6d3cc93f54aa9d871/darkjar/src/main/java/com/samourai/whirlpool/client/mix/MixProcess.java#L206-L214
Gotcha
thanks for the link
/dev/fud