what I'm saying is that the blog post doesn't seem to be addressing that issue at all
Discussion
Looks like he might be barking up the wrong tree.
Bug is in whirlpool and not the wallet.
Seems like the terminal client has a hard coded key. Is the client using that to check that against the one sent from the coordinator?
No match, no mix?
Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.
its not a vulnerability if they're modulating the hardcoded key per CJ round correct?
as nostr:nprofile1qqsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2qpz9mhxue69uhkummnw3ezuamfdejj7nxasma suggested on original vulnerability disclosure post Jan 7th?
either way, the server CANNOT give clients a unique key for identification.