Jump to content

Secret Key doesn't match public key

supersonic

By supersonic
in Technical Discussion

 Share

Recommended Posts

  • Replies 111
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

JoelKatz
JoelKatz

If someone could track down exactly what's going on here, that would be extremely helpful. I've heard a few reports of this and suspect it's some incompatibility between ripple-lib and Safari. It may

karlos
karlos

Try using Chrome, I think that was the browser it was designed to run on.

pftq
pftq

@JoelKatz There are a number of issues with ripplelib and Mac/iOS in general as a result of Apple changing its javascript interpreter in May.  Below is also a big issue that arose starting May and mig

Guest

Guest

Posted
Posted
17 minutes ago, T8493 said:

No one can say this for sure, because the exact reason hasn't been identified IMHO. 

Ah ok thanks.   I thought it had been identified that a particular largenumber lib was at fault and that later versions were ok.   Isn't that what @pftq is saying that the fault is not an issue with his Worldexchange wallet?

Link to comment
Share on other sites
T8493

T8493

Posted
Posted
21 minutes ago, Tinyaccount said:

Ah ok thanks.   I thought it had been identified that a particular largenumber lib was at fault and that later versions were ok.   Isn't that what @pftq is saying that the fault is nott an issue with his Worldexchange wallet?

His arguments didn't convince me that this error (or something similar) didn't exist in the more recent versions of RippleAPI. However, "proving" this can be very hard if not impossible given the limited amount of resources that this community has.

Link to comment
Share on other sites
jargoman

jargoman

Posted
Posted
On 8/3/2017 at 11:47 AM, supersonic said:

I've tried it multiple times and multiple different keys showed up. At some point even the correct one. 

There is your glimmer or hope. If you can figure out how that is happening. Hopefully the bug occurs BEFORE the key generation. Someone should set up a javascript debugger with the ability to set break points and set a break point right before key generation and inspect the key. It might be the key that generated the address that received the funds.

Another thing I thought of. Maybe things work differently in javascript but in strictly typed programming languages the results are always the same. Equal inputs should always equate to equal outputs. The exception to this is muti-threading where you have no control over which order things occur. Then you can have different outputs.

A memory overflow could cause different result, but I would expect the results to always be different, not correct some of the time. 

It seems as though there really is different inputs.... then Eureeka  whitespace!

make sure the results don't change with or without trailing whitespace, that includes, the newline character "\n"  "\r" 

Link to comment
Share on other sites
w3dg3a

w3dg3a

Posted
Posted
On 8/5/2017 at 2:35 PM, Tinyaccount said:

So sorry for your loss OP.   At least you found out early....   would be much worse to think you have a new fortune for ages then finally discover it's out of reach.

i wonder how many people are in that boat?    :o

In the boat (HMS Security Irony) and appreciate this thread for that reason. 

Link to comment
Share on other sites
Warbler

Warbler

Posted
Posted
On 8/7/2017 at 4:37 AM, Mercury said:

bithomp took over hosting the ripplyeu wallet when they stopped their service. The github repository is here https://github.com/ihomp/ripply-paper-wallet/blob/master/coldwallet-SHA1-cdfbe3260927b6073180a1099f02ef99ce0495e8.html

We didn't took over... it was just forked, and hosted on github.. ripply didn't get back to us..

https://ihomp.github.io/ripply-paper-wallet/coldwallet-SHA1-cdfbe3260927b6073180a1099f02ef99ce0495e8.html

Link to comment
Share on other sites
  • 1 month later...
Kakoyla

Kakoyla

Posted
Posted
18 hours ago, w3dg3a said:

today banks can always choose to reverse a transaction if the other bank agrees.

You still need to have cooperation between the two accounts, really what he is saying is, if you make a mistake just have the recipient send the same amount back. This is similar to the current wire process,yeah you can recall a wire, it doesn't mean it will happen, but usually does because the majority of banks in the system either have relationships with each other or worrying about their reputation among their peers. Also the mistakes are usually relatively low amounts. 

Link to comment
Share on other sites
  • 1 month later...
yellowsubmarine

yellowsubmarine

Posted
Posted (edited)

I found out about this a few days ago when I tried to sell. Due to this bug, I have 10,000 XRP lost in a wallet that has no key.

Emailing Ripple Support and Ripple employees has got me nowhere - not even a reply.

I guess they're hoping that the fall-out from this just goes away.

But XRP is not Bitcoin, or some dodgy altcoin apparently? Ripple wants to do business with banks so they don't get to shrug this off as far as I see.

Any update at all from anyone at Ripple?

 

Edited by yellowsubmarine
Link to comment
Share on other sites
Guest

Guest

Posted
Posted
5 minutes ago, yellowsubmarine said:

I found out about this a few days ago when I tried to sell. Due to this bug, I have 10,000 XRP lost in a wallet that has no key.

Emaling Ripple Support and Ripple employees has got me nowhere - not even a reply.

I guess they're hoping that the fall-out from this just goes away.

But XRP is not Bitcoin, or some dodgy altcoin apparently? Ripple wants to do business with banks so they don't get to shrug this off as far as I see.

Any update at all from anyone at Ripple?

 

I am very sorry to hear that.  It sucks big time.  But unfortunately you have no recourse through Ripple.

The use of XRP an open sourced technology is entirely at your own risk.   If you really want to point fingers of blame then Ripple are entirely innocent...    The bug was in Apples use of an old buggy version of a BigNumber library.  But Apple won't be responsible either I'm afraid.

 

I know this sucks and it's a terrible thing to happen.  If I knew of any hint of a solution I would point you to it but I believe there is none.   You mentioned banks...     If you were a bank using their software (not the wallet generator that you used) then you might be able to get some support but you were using non-proprietary public software that has no liability as far as I know.  I don't know how to finish because anything I say seems inadequate...  I hope something good happens to you to recompense.

Link to comment
Share on other sites
yellowsubmarine

yellowsubmarine

Posted
Posted (edited)

"If you really want to point fingers of blame then Ripple are entirely innocent...    The bug was in Apples use of an old buggy version of a BigNumber library."

As I understand it, this is not so.

The bug is in Ripple's software, called "ripple-lib". On versions below 0.13 and on some platforms it outputs a non-matching identity and secret (public and private key) which is a black hole.

Ripple could have prevented this by verifying that the keypair is correct and matching before returning it. They did not do that.

Additionally, they charged XRP50 to open the wallet without any checks that there is a valid key in someone's possession. At best, that is accepting money to provide a useless service, at worst it is a serious design flaw in Ripple.

The fact they then allow this wallet to accept further unlimited funds (in my case XRP 10,000) without any chance of ever recovering these funds is not a good look if you want to work with banks. We call that "reputational damage" and banks avoid that like the plague.

I work for a bank, we're working on blockchain. I understand the technology to some degree. 

Trying to pass the buck to others (Apple, jatchili) or hide behind a no warranty claim is a useless strategy when you have released financial software with a catastrophic bug that has lost customer funds permanently and you're still trying to present your product to large financial institutions as a professional and trustworthy solution.

It would take Ripple nothing to refund my XRP10050, compared to the fees to fight lawsuits, never mind the reputational damage that they would face.

The right thing to do would be to apologise, fix the bug and compensate those who are out of pocket. 

This would demonstrate that they are trustworthy.

This isn't going away. I'm not going away. My co-workers are fascinated by this, especially the guys and girls in the blockchain team.

 

Edited by yellowsubmarine
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I'm sorry mate but you have a few mistaken beliefs.  I'm tempted to just say read up on it but I feel your pain so I am going to try and address them all.  Truly Ripple have no part or responsibility in this.

First up...   if it was a Ripple.lib issue then all wallets and browsers would be affected.  They are not.  Only Apples Safari is/was.  That's because Safari had a older version than the current one of BigNumber.lib. ( I'm working on memory here... I might have the name a bit wrong)

Ripple could not have verified your wallet key because they are not doing it...  Your browser is running JavaScript using various libraries that are in the public domain...  if the versions were all up at date your wouldn't have had an issue.  It wasn't Ripple doing anything.  You need to know a bit of history to see how this all evolved but Ripple do not own or support the software you used.

Ripple didn't charge you anything.  No one gets paid that 50xrp wallet keeping fee...  it is a part of this public ledger software (again not Ripples though they initially created it and do roll out improvements into the public domain).  The fee is a anti spam feature and just sits in the wallet and goes to no-one.  if the fee is ever reduced because XRP price rises then the extra bits of XRP would be available to the wallet owners to use.

They didn't allow the wallet to do anything...  You say they are culpable because they 'allowed' the wallet to accept funds...  the ledger is public domain and not owned by anyone...   it's up to us to use it and ensure we can manage our funds.

I am sure that there are other aspects of all this that you may be misunderstanding and I deeply regret that you lost funds...   but this ledger thing is a public good...  it's not Ripples, and they did absolutely nothing wrong.  As I said before if there is any blame at all it is squarely in Apples domain...  but I'm certain that they are indemnified against any damages.

 

Lastly can I say that you keep confusing the XRP that we use, and Ripples propriety softwares that they sell to banks and financial institutions. They are seperate things that both use the XRP digital asset.  Their reputation and standing is not, and should not, be confused with this browser issue.

I know you are unhappy about this and that is very understandable...  but you are barking up several wrong trees.  I honestly hope this has been helpful.  If not then I've done what I can...

Link to comment
Share on other sites
yellowsubmarine

yellowsubmarine

Posted
Posted

"Ripple could not have verified your wallet key because they are not doing it...  Your browser is running JavaScript using various libraries that are in the public domain...  if the versions were all up at date your wouldn't have had an issue.  It wasn't Ripple doing anything.  You need to know a bit of history to see how this all evolved but Ripple do not own or support the software you used."

They released ripple-lib. It returns a black hole. They could have coded against that by verifying the wallet key (which is possible). They did not due to lack of diligence. Buck stops there.

"Ripple didn't charge you anything.  No one gets paid that 50xrp wallet keeping fee...  it is a part of this public ledger software (again not Ripples though they initially created it and do roll out improvements into the public domain).  The fee is a anti spam feature and just sits in the wallet and goes to no-one.  if the fee is ever reduced because XRP price rises then the extra bits of XRP would be available to the wallet owners to use.

They didn't allow the wallet to do anything...  You say they are culpable because they 'allowed' the wallet to accept funds...  the ledger is public domain and not owned by anyone...   it's up to us to use it and ensure we can manage our funds."

If it ever goes to court, then we find out. Seems like an expensive way to get clarity.

I assume that you are not a representative of Ripple. Which means Ripple still have not responded.

I think people here are more worried about the XRP price than anything else. Picture the price falling when Ripple take their own reputational damage.

There's only one way for Ripple to build trust and that is to make good with those who are affected.

Personally, I'm not interested in damages etc, I just want my XRP back (actually, it's equivalent in Bitcoin - never personally using XRP again).

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Ok I'm out..   I tried to help but failed.  You are completely wrong but I see that only a lot of time and tears will teach you that.

Oh...  and I'm a little annoyed that you think my motive is price protection of Ripple reputation...    I was honestly trying to help you.

I don't think you have the slightest chance of affecting anything other than you own peace of mind.

Link to comment
Share on other sites
  • Guest locked this topic
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...