pinata update since money may be reused this year
This commit is contained in:
parent
fd186c8da3
commit
aa07aa39a8
1 changed files with 4 additions and 2 deletions
|
|
@ -13,7 +13,8 @@ X.509, TCP/IP, of the virtual machine image is 4MB, which is less than 4% of a
|
|||
comparable system using a Linux kernel and OpenSSL.
|
||||
|
||||
When a TLS handshake is successfully completed with mutual authentication, the
|
||||
Piñata transmits the private key to a bitcoin wallet which is filled with ~10BTC.
|
||||
Piñata transmits the private key to a bitcoin wallet which initially contained
|
||||
10BTC. In 2018, most of them will be reused for other projects.
|
||||
|
||||
On startup, the Piñata generates its certificate authority on the fly, including
|
||||
certificates and private keys. This means that only the Piñata itself contains
|
||||
|
|
@ -22,7 +23,8 @@ an exploitable flaw in any software layer (OCaml runtime, virtual network
|
|||
device, TCP/IP stack, TLS library, X.509 validation, or elsewhere) to complete the challenge.
|
||||
|
||||
The Piñata is online since February 2015, and even though thousands of unique IP
|
||||
addresses initiated connections, the wallet still contains the 10 BTC.
|
||||
addresses established connections and initiated TLS handshakes, no bitcoins were
|
||||
taken. Looks like its security is decent or obscure enough.
|
||||
|
||||
By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody
|
||||
can observe (by looking into the Bitcoin blockchain) whether it has been
|
||||
|
|
|
|||
Loading…
Reference in a new issue