testing. IOTA is vulnerable to replay attacks but has no int(2)

Still, it is worth noting that, while the vulnerability is similar to the signature issue previously disclosed by Neha Narula from the MIT Digital Currency Initiative (DCI), this is a newly discovered flaw.

“ Fortunately, since IOTA discourages the reuse of addresses it is uncommon for there to be any funds left on the address,” the researcher clarifies. “The replay attack is only applicable where addresses has [sic] been reused.”

“ However it should not be confused with the signature reuse issue, which is only a theoretical concern for a single reuse,” Rebstock continues. “The replay attack applies with only one reuse and is easy to implement.”

The good thing, the author highlights, is that the glitch is relatively easy to eliminate.

IOTA developer Lewis Freiberg has since confirmed the issue is indeed authentic in a statement on Reddit. Still, the developer downplayed the severity of the vulnerability, adding that the company has no intention of tweaking the core architecture of the network to “accommodate this edge case.”

“ If the user in the example scenario above had [refrained from reusing their wallet address,] then all of the IOTA from that address would have been sent else where,” Freiberg says. “Thus the attack would’ve never worked.”

In any case, the decision not to patch the exploit is odd – especially because both the Rebstock and Freiberg agree it is a pretty “simple fix.”

One important outtake the researcher emphasizes is that missing to provide a solution to “ such an obvious problem should give everyone involved with IOTA [a] pause and hopefully a bit more humility.”

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/ruanjian/article-88137-2.html