Archive | Bugs RSS for this section

Dices provably fair – Nonce overflow vulnerability

Most of bitcoin dice software use a system to prove the fair play of the server for each bet. Most of them implement this mechanism using two seed (server seed and client seed) combined with a session nonce in the aim to provide a fair random number for each bet and usually this nonce is initialized to 0 after each seed change.

But, what if this nonce is stored in an unsigned integer variable (32bit in 32bit systems, 2³² values)? Theorically after 2³²-1 bets, the nonce goes in overflow and return to 0.

Saving each bet roll for every play in the first 2³²-1 window, will provide a map function:

f: n → roll . (n < 2³²)

that could be used to declare a function g(m) that predicts every future roll:

g (m) = f (m % 2³²)

A simple fix for this problem is to regenerate the server seed and reset the nonce after 2³² bets.

Advertisements

Fix eclipse random crash with libsoup-2.4

After upgrading libsoup to version 2.4 on funtoo, eclipse began to present random crash while using auto-completation; the fail-log says that the problem is in libsoup.

The fix is easy, just add this line to your eclipse.ini, don’t ask me why:

-Dorg.eclipse.swt.browser.DefaultType=mozilla