Reply to topic  [ 42 posts ]  Go to page 1, 2, 3, 4, 5  Next
Warning: OpenSSL Consensus Bug 
Author Message

Posts: 1624
Post Warning: OpenSSL Consensus Bug
Due to a bug in OpenSSL Linux and Mac 64-bit Namecoin Classic (v0.3.80 and earlier) and Namecoin Core clients accepted a wider range of cryptographic signature formats than other builds. This brought us into the dangerous situation of potentially forking the network. To resolve the situation the largest pool F2Pool manually preponed a consensus activation protocol change (BIP66), other pools are following.

Miners
A majority of Namecoin hashrate started enforcing BIP66 on Monday, 2015-08-03. This means that all mining pools MUST upgrade to Namecoin Core or will have all blocks orphaned. Either 32-bit or 64-bit is fine. We apologize for the short notice.
Until BIP66 blocks are at 95% the source and clients below currently still build on old version blocks that will be orphaned. This means you might get more orphaned blocks than usual until ca. 2015-08-09.

Namecoin Core Repo
Linux binary
Inofficial Windows binary


Users
There may be false confirmations, wait for at least six blocks, more for important transactions.


(edited as per Biolizard89's suggestions)

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Wed Jul 29, 2015 8:47 am
Profile

Posts: 1624
Post Re: Warning: OpenSSL Consensus Bug
...

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Wed Jul 29, 2015 9:43 am
Profile

Posts: 1828
os: linux
Post Re: Warning: OpenSSL Consensus Bug
phelix wrote:
For now we suggest this:

Miners
Use Namecoin Core or stick to a 32bit version of v0.3.80.

Users
Stick to v0.3.80 32bit and only trust transactions with at least six confirmations.


Windows binaries are always 32bit. Linux and Mac binaries are available in both 32 and 64 bit!


Correction from my point of view: Miners should use the 32-bit version of Namecoin Core. (64-bit Namecoin Core and 64-bit v0.3.80 are not safe for mining until further notice. To help the network, use 32-bit Namecoin Core for mining, not 32-bit v0.3.80.) Users should assume that incoming transactions are not confirmed, and so should not ship goods until further notice. Users should not purchase new names until further notice. Users who have a name that is expiring very soon should assume that their transactions may be delayed unexpectedly, so renewing those names before the last minute would be advisable. I don't believe there are advantages for non-miners to use either 32-bit or 64-bit at this time.

_________________
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5


Wed Jul 29, 2015 10:11 am
Profile

Posts: 313
Post Re: Warning: OpenSSL Consensus Bug
Statement #1:
biolizard89 wrote:
Users should not purchase new names until further notice.
Statement #2:
biolizard89 wrote:
renewing those names before the last minute would be advisable.

These two contradict each other, IMO. If we warn users from creating name_new operations (#1) then we shouldn't recommend the use of name_update operations (#2). Both name_new and name_update have currently the same risk of getting refused.
I think we should display a decision table with unmistakable instructions for non-miners, e.g.

Users:
  • Registering new names:
    ...
  • Renewing existing names:
    ...
  • Purchasing existing names from other users:
    ...
  • Accepting NMC payments for goods/services:
    ...


Thu Jul 30, 2015 3:02 pm
Profile

Posts: 1828
os: linux
Post Re: Warning: OpenSSL Consensus Bug
cassini wrote:
Statement #1:
biolizard89 wrote:
Users should not purchase new names until further notice.
Statement #2:
biolizard89 wrote:
renewing those names before the last minute would be advisable.

These two contradict each other, IMO. If we warn users from creating name_new operations (#1) then we shouldn't recommend the use of name_update operations (#2). Both name_new and name_update have currently the same risk of getting refused.
I think we should display a decision table with unmistakable instructions for non-miners, e.g.

Users:
  • Registering new names:
    ...
  • Renewing existing names:
    ...
  • Purchasing existing names from other users:
    ...
  • Accepting NMC payments for goods/services:
    ...


Reason I said that was because in the event of a consensus failure, some transactions may be temporarily reversed during the reorg. This could cause the salt of pending name_new transactions to be revealed, which could lead to stolen names. This issue doesn't affect name_update. The issue that affects name_update is that if a reorg occurs, some transactions may be delayed getting into blocks (this happened during the Bitcoin LevelDB consensus failure); users who get their name_update mined before the consensus failure occurs won't be adversely affected by this.

So, my advice:

Do not register new names until further notice, regardless of what client you are on.
If you have a name that is expiring very soon, consider renewing it early, regardless of what client you are on.
If you are on OS X or 64-bit Linux, do not trust any incoming transactions from untrusted users, as there is a small chance they could be double-spent. (This applies both to names and currency payments.)
If you are on Windows or 32-bit Linux, incoming transactions are probably safe with the standard 6 confirmations.

This advice is intentionally super-paranoid. It is unlikely that anything bad will happen, but better safe than sorry.

_________________
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5


Thu Jul 30, 2015 3:35 pm
Profile

Posts: 1624
Post Re: Warning: OpenSSL Consensus Bug
cassini wrote:
Statement #1:
biolizard89 wrote:
Users should not purchase new names until further notice.
Statement #2:
biolizard89 wrote:
renewing those names before the last minute would be advisable.

These two contradict each other, IMO. If we warn users from creating name_new operations (#1) then we shouldn't recommend the use of name_update operations (#2). Both name_new and name_update have currently the same risk of getting refused.
I think we should display a decision table with unmistakable instructions for non-miners, e.g.

Users:
  • Registering new names:
    ...
  • Renewing existing names:
    ...
  • Purchasing existing names from other users:
    ...
  • Accepting NMC payments for goods/services:
    ...

A name_firstupdate gives away a name that somebody else might steal if the tx does not go threw. There is no risk in name_update.

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Thu Jul 30, 2015 3:39 pm
Profile

Posts: 313
Post Re: Warning: OpenSSL Consensus Bug
biolizard89 wrote:
So, my advice:

Do not register new names until further notice, regardless of what client you are on.
If you have a name that is expiring very soon, consider renewing it early, regardless of what client you are on.
If you are on OS X or 64-bit Linux, do not trust any incoming transactions from untrusted users, as there is a small chance they could be double-spent. (This applies both to names and currency payments.)
If you are on Windows or 32-bit Linux, incoming transactions are probably safe with the standard 6 confirmations.

Ok, this makes it perfectly clear.


Thu Jul 30, 2015 6:03 pm
Profile

Posts: 1624
Post Re: Warning: OpenSSL Consensus Bug
64bit client miners are at risk of having blocks orphaned.

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Thu Jul 30, 2015 9:55 pm
Profile

Posts: 13
Post Re: Warning: OpenSSL Consensus Bug
Any hints on how to build a 32-bit statically linked Namecoin Core binary to run on a 64-bit Linux?

Not having any luck getting configure to do what I want.

_________________
▶▶▶ Bitminter.com - Your trusted mining pool since 2011.


Fri Jul 31, 2015 2:35 pm
Profile WWW

Posts: 13
Post Re: Warning: OpenSSL Consensus Bug
Btw, with Discus Fish at 67% hashpower, what are they mining with? 32-bit Namecoin Core?

_________________
▶▶▶ Bitminter.com - Your trusted mining pool since 2011.


Fri Jul 31, 2015 2:48 pm
Profile WWW
Display posts from previous:  Sort by  
Reply to topic   [ 42 posts ]  Go to page 1, 2, 3, 4, 5  Next

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.