From aa07aa39a81c1f3fdf0773e6c756395589e745b7 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Sun, 14 Jan 2018 17:19:59 +0100 Subject: [PATCH] pinata update since money may be reused this year --- Projects/Pinata | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Projects/Pinata b/Projects/Pinata index 9a66755..340c7db 100644 --- a/Projects/Pinata +++ b/Projects/Pinata @@ -13,7 +13,8 @@ X.509, TCP/IP, of the virtual machine image is 4MB, which is less than 4% of a comparable system using a Linux kernel and OpenSSL. When a TLS handshake is successfully completed with mutual authentication, the -Piñata transmits the private key to a bitcoin wallet which is filled with ~10BTC. +Piñata transmits the private key to a bitcoin wallet which initially contained +10BTC. In 2018, most of them will be reused for other projects. On startup, the Piñata generates its certificate authority on the fly, including certificates and private keys. This means that only the Piñata itself contains @@ -22,7 +23,8 @@ an exploitable flaw in any software layer (OCaml runtime, virtual network device, TCP/IP stack, TLS library, X.509 validation, or elsewhere) to complete the challenge. The Piñata is online since February 2015, and even though thousands of unique IP -addresses initiated connections, the wallet still contains the 10 BTC. +addresses established connections and initiated TLS handshakes, no bitcoins were +taken. Looks like its security is decent or obscure enough. By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody can observe (by looking into the Bitcoin blockchain) whether it has been