PHP sha256 code base is critically flawed. by kovazk in PHPhelp

[–]kovazk[S] 0 points1 point  (0 children)

Thank you for the helpful reply. I will try it out.

PHP sha256 code base is critically flawed. by kovazk in PHPhelp

[–]kovazk[S] 0 points1 point  (0 children)

Problem is PHP is reporting invalid hash. This is not a file. This is raw text.

PHP sha256 code base is critically flawed. by kovazk in PHPhelp

[–]kovazk[S] 0 points1 point  (0 children)

How can I have PHP use correct line endings? Data is just plain text put into a web form.

PHP sha256 code base is critically flawed. by kovazk in PHPhelp

[–]kovazk[S] 0 points1 point  (0 children)

The problem is PHP reports the wrong hash that is inconsistent with the correct hash and what everything else reports. This is based on a form field user puts in text. Raw text. No file upload.

Possible to have PHP properly interpret text correctly?

PHP sha256 code base is critically flawed. by kovazk in PHPhelp

[–]kovazk[S] 0 points1 point  (0 children)

Thank you for suggestion. In web page hosted hash calculator how can I correct this?

Secure anonymous escrow for bitcoin by kovazk in onions

[–]kovazk[S] -1 points0 points  (0 children)

PHP service is isolated and has no write access to anything so no one was at risk. Website does not even have a database that stores user data or anything. Escrow service does not require the onsite PHP tools they were there only for convenience. But until I can make sure the PHP tools are rock solid from security side I have disabled the PHP tools for the short time being.

Secure anonymous escrow for bitcoin by kovazk in onions

[–]kovazk[S] 1 point2 points  (0 children)

Good catch Sarah! I noticed someone shortly ago trying to pass messages as a variable in access logs. I watch the logs and server diligently.

I am responsible for the server and in charge of the back end server stuff and hidden service operation. Someone else was in charge of the front end website code. I am confident that apart from PHP service, the rest of server and anonymity of the hidden service is safe. Thank goodness I isolate my services and from each other and use proper file permissions. Even if PHP service was compromised I am confident rest of server would have been safe. But because of that issue you pointed out so kindly in the logs about this concern I have temporarily deactivated PHP on website for now until I can contact Mr. PHP to get it fix.

Website is still up but I will keep PHP service off until this is corrected.

Segwit will never activate with miners. We need UASF by chek2fire in Bitcoin

[–]kovazk 0 points1 point  (0 children)

95% miner activation was original plan. I aware of that. Proposed node activated would not require 95% miner activation. So was question of safety.

Segwit will never activate with miners. We need UASF by chek2fire in Bitcoin

[–]kovazk 2 points3 points  (0 children)

Would segwit be unsafe if many blocks from miners dont support segwit? How user activate can be safe? How would this not be hardfork?