网赚论坛

 找回密码
 免费注册
查看: 278|回复: 0
打印 上一主题 下一主题

MT.Gox技术核心人员对公司对比特币的指责作出回应

[复制链接]

14

主题

19

帖子

56

积分

Ⅰ级财主

Rank: 1

积分
56
跳转到指定楼层
楼主
发表于 2017-10-21 19:20:43 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
Mt. Gox 刚刚发布了关于其最近决定停止所有比特币提现的官方声明。

事实上,他们声称在已出现的比特币协议问题获得解决之前,不允许客户进行比特币提现。


格雷格·麦克斯韦(Greg Maxwell )的回应

就这个严重的技术问题我采访了MT.Gox比特币核心开发者格雷格·麦克斯韦。Greg Maxwell 和 Peter Wuille是Mt. Gox咨询处的核心开发人员,以下是访谈新闻稿:

Mt. Gox的新闻稿似乎有忽悠我的意思。他们描述的比特币系统特征作为新的东西在2011年以后是众所周知的(其中甚至有自己的维基页面)。

这些特征是令人烦恼的,但不影响基本操作。他们正在慢慢地被固定 -但把它们完全固定可能需要花费几年的时间去固定他们的钱包软件。正确编写的钱包软件可以解决这个问题,但我不明白为什么它们到了其它的钱包地址会发生变化。

Andreas Antonopoulus在一定程度上已经审查了 Mt. Gox 的代码,并且说他们使用一种奇怪的“大杂烩的技术真的不适合交易。”你认为问题是出现在他们的代码上而不是比特币协议上吗?

哦,这有一个比特币协议问题,因为至少在2011年已经发现这个问题(详情参考我给的链接)。但是对于一般的应用,不涉及未确认的交易,不会造成任何严重的问题,因为比特币钱包可以本地处理。

基本上,第三方可以改变交易ID ,这意味着钱包软件必须写入当交易发生时能正确识别交易的协议。

新闻发布会谈是增加一个第二类交易ID,这是一种强大的反对改变协议,通过寻求技术支持是非常有帮助的。但它不能解决目前修改交易的所产生的所有问题。

所以,换句话说, Mt. Gox能通过修改他们内部的系统来解释这种已知的问题吗?


是的,只有内部的改变才能说明这个问题。 Mt. Gox唯一剩下的一些应用问题可能是一些技术支持问题。在这里如果一个用户的交易受到一个恶意攻击(交易ID),Mt. Gox会告诉他们不要期望任何一个能最出现在区块链( blockchain)里面。

市场似乎受负面新闻的影响较大,在这种情况下你会给平均比特币玩家什么样的建议呢?

我在这里提供的一些我所面临的挑战对于我来说已经不是新闻 – 这些年– 它从来没引起一个特别大关注。这不会列出比特币技术的十大风险的。

感谢您的意见。

更新1:市场稳定

13:35 GMT+2,由于最近的利空消息比特币的市场价格已经下跌了60%左右。

我个人认为Mt. Gox已经对比特币的伤害比通过声明带来的好处要大的多。这种情况下的处理应该尽量减少市场的影响。


更新2:进一步的技术细节。
Rannasha 根据MT.Gox的声明在BitcoinTalk(国外权威比特币媒体)上发布了简单的分析总结:

该缺陷对比特币本身的影响并不大,因为它存在于交易所系统上。许多交易使用TX-ID来作为唯一标识,但事实证明,攻击者可以在不改变实际交易的情况下改变TX-ID,重置交易(有效地创建一个双重支付),如果在合理操作的前提下改变交易,那么攻击者将收回他的比特币,并且抱怨这次未完成的交易。该交易所将检查他们的数据库,从中提取TX-ID,看看是否能在blockchain中找到它,当然他们并不会找到它。这样他们就可以得出结论,该交易确实是失败的,将会向该攻击者的信用账户返还比特币。

一个简单的解决方法就是不使用TX-ID来标识交易,而通过使用金额、地址、时间戳来代替。如果用户抱怨他们的交易没有完成且没有收回投入的比特币,那么交易所完全可以通过金额、地址、时间戳来审查此次交易。虽然这需要工作量上的一点点支持,但它可以有效防止这种恶意攻击的得手。

虽然TX-id协议本身的延展性并不好,但将问题归结于该协议的缺陷显然是一个很好的托词。

我问Greg Maxwell 是否同意上述总结。他的回答是:
我不反对,但实际上这个话题缺少一个零界点,我仅仅是为了及时更新比特币的最新发展状况。关于上面提到的比特币最新发展状况,DRAK提出了以下问题:
2014年2月10日也就是周一上午3:28,DRAK写道:MT.Gox核心开发人员针对公司声明中将过错归结于比特币钱包客户端而不是公司的说法作出了正式回应。比特币钱包客户端的一些旧版本在处理未确认的交易时存在问题,但这个问题在2011年就已经发现了。这次的事故完全由Mtgox自己的内部系统造成。
技术人士分析,MtGox将过错归结于钱包只是这个烂摊子开始的前兆。 (比特币之家刘友-smile、那谁儿合译,转载请注明出处)



英文原文:



Mt. Gox Official StatementMt. Gox have just released their official statement regarding their recent decision to halt all Bitcoin withdrawals.Essentially, they are claiming they can’t release customers’ funds until a known bug in the Bitcoin protocol is resolved.The market is reacting very negatively to the Gox announcement, falling ~$160 on high volume since the news.
Greg Maxwell RespondsI spoke with Bitcoin core developer, Greg Maxwell, about this highly technical issue. Greg Maxwell and Peter Wuille are the core developers in consultation with Mt. Gox, as per their press release. The Gox press release seems a little ‘spun’ to me. They portray characteristics of the Bitcoin system well known since at least 2011 (which even have their own wiki page ) as something new.These characteristics are annoying but don’t inhibit basic operation. They are slowly being fixed – but fixing them completely will likely take years as they require changing all wallet software. Correctly-written wallet software can cope with the consequences, and I cannot understand why they would gate their withdraws on external changes. Andreas Antonopoulus has examined Gox’s code to some degree, and remarked that they are using a strange “hodgepodge of technologies that are really not suitable for running an exchange.” Do you believe the problem lies in their code rather than the Bitcoin protocol? Oh there is a “problem” in the Bitcoin protocol, known since at least 2011 (see the link I gave). But for normal applications, not involving unconfirmed transactions, it shouldn’t cause any severe problems because wallets can handle it locally.Basically, third parties can change the transaction IDs of transactions. This means what wallet software must be written to accomodate that and still recognize them when that happens.What the press release talks about is adding a second kind of transaction ID, which is robust against changes, which would be helpful for tech support purposes. Though it doesn’t resolve all of the issues that being able to modify transactions presents. So in other words, Gox should be able to account for this known problem by modifying their internal systems? Yes, internal only changes should account for it. The only remaining issue for Mt. Gox’s application would be some tech support problems, where if a user’s transaction is mutated by a malicious party the txid ["transaction ID"] Mt. Gox told them to expect wouldn’t be the one that ultimately showed up in the blockchain. It seems the market is reacting very negatively to the news. What advice would you give to the average Bitcoiner regarding this situation? The challenge for me in offering something here is that this isn’t news to me – for years – and it’s never been a particularly large concern. This wouldn’t make the top ten list of dangers in the Bitcoin technology. Thanks for your comments.-Update 1: Market StabilisingAs of 13:35 GMT+2, the market has retraced about 60% of the recent loss as the news is digested.In my personal opinion, Gox have done more harm to the Bitcoin community than good to themselves through their statement. This situation should have been handled in such a way as to minimize the market impact.Bitstamp 30 minute chart.
Update 2: Further technical details.In a BitcoinTalk thread relating to Mt. Gox’s statement, Rannasha offers this concise summary of the situation:
The flaw isn’t so much in Bitcoin as it is in exchange-systems. Many exchanges use the tx-id to uniquely identify transactions, but as it turns out, an attacker can change the tx-id without changing the actual transaction, rebroadcast the changed transaction (effectively creating a double-spend) and if his altered transaction gets accepted into a block instead of the legit transaction, the attacker receives his coins and can complain with the exchange that he didn’t. The exchange will then check their db, fetch the tx-id from it, look it up in the blockchain and not find it. So they could conclude that the transaction indeed failed and credit the account with the coins.A simple workaround is to not use the tx-id to identify transactions on the exchange side, but the set of (amount, address, timestamp) instead. If a user complains about not receiving their withdrawal, support can look it up using these 3 variables. It takes a little bit more work from support, but it prevents this attack from succeeding.While it’d be nice if the tx-id isn’t malleable, blaming this problem on a flaw in the protocol is quite a stretch.
I asked Greg Maxwell whether he agreed with this summary. His reply:
I don’t disagree but it’s actually missing a critical point on that subject that I posted about on Bitcoin-development just now.
As per the above link, Drak posed the following question:
On Mon, Feb 10, 2014 at 3:28 AM, Drak  wrote: What is the official response from the Bitcoin Core developers about MtGox’ assertion that their problems are due to a fault of bitcoin, as opposed to a fault of their own?The technical analysis preluding this mess, was that MtGox was at fault for their faulty wallet implementation.



欢迎加入比特币之家 微信:btc798 QQ群: 296098880 315436002













回复

使用道具 举报

您需要登录后才可以回帖 登录 | 免费注册

本版积分规则

广告合作|Archiver|手机版|小黑屋|财富吧

GMT+8, 2026-7-18 20:34 , Processed in 0.468001 second(s), 35 queries , Gzip On.

Powered by Discuz! X3.1

© 2014-2021 财富吧

快速回复 返回顶部 返回列表