
Dr. Wrong and the Art of Digital Misdirection - jere
http://jere.in/dr-wrong-and-the-art-of-digital-misdirection
======
itsjohnny
Holy moly! The oddly curious decision to add 'CSW' to a message that was
otherwise chosen by the 'audience', had been bothering me all along! Thank you
for drawing attention and offering insight on that!

I think it's purpose may be even a little more devious than just ensuring the
outcome wasn't always success (VERIFIED) in the off-chance the audience chose
to test with other inputs.

I think the first failure that happened was intentional, planned, and part of
the setup -- intended precisely to register into the audience's mind that they
had witnessed a negative test case (failure) and a positive test case
(success) in normal operation.

It’s easy for someone in hindsight to ponder if the software was compromised
to always say VERIFIED. But they would recall having witnessed a negative test
case and a positive test case, and it would quickly squash such a doubt and
take away focus from the possibility of corrupted software!

And similarly, during the demonstration itself, it would remove the need for
the audience to request additional tests with incorrect input, because they
had already witnessed a failure -- which when corrected, led to success!

The Wired article says “At first, the Electrum software's verification of the
signature mysteriously failed. But then Andresen noticed that they'd
accidentally left off Wright's initials from the message they were testing,
and checked again”

Note it says "they'd accidentally left off" \-- it doesn't say "he'd
accidentally left off", which to me suggests Craig was participating in the
verification. It’s interesting that it was precisely the addition of the CSW
that was ‘accidentally’ left out. It wasn’t a typo or extra space or incorrect
upper/lower case that was the mismatch.

If that is indeed the case, that is frighteningly shrewd.

~~~
jere
>Note it says "they'd accidentally left off" \-- it doesn't say "he'd
accidentally left off", which to me suggests Craig was participating in the
verification.

Yes! I had made that exact point in an updated footnote:

[http://jere.in/dr-wrong-and-the-art-of-digital-
misdirection#...](http://jere.in/dr-wrong-and-the-art-of-digital-
misdirection#footnote-3)

------
dooglus
Of your three possibilities, I don't think either of the first two make sense
when you consider that Gavin was using Electrum to verify the signature:

1\. electrum's signature verification dialog takes a message, address, and
signature and doesn't the hashing for you; there's no option to provide a pre-
hashed input so the hashing couldn't have only happened on CSW's machine

2\. the electrum download includes the code used to do the hashing, so if the
hashing code was corrupted, it implies the electrum download itself was
compromised

So that leaves 3. The electrum developer has said that their .sig file wasn't
downloaded from a UK IP address on the day the demo took place, so we know
Gavin didn't verify that the electrum download was correct. I expect your 3rd
possibility is the most likely one.

~~~
jere
>1\. electrum's signature verification dialog takes a message, address, and
signature and doesn't the hashing for you; there's no option to provide a pre-
hashed input so the hashing couldn't have only happened on CSW's machine

>2\. the electrum download includes the code used to do the hashing, so if the
hashing code was corrupted, it implies the electrum download itself was
compromised

The part I didn't explain thoroughly (because I thought it would be confusing)
is that there are two hashes involved. The signature/verification only does
one hashing internally. BUT Wright performs (or claims to perform) an
additional one beforehand.

Why 2 hashes? Because it matches the transaction signing process of bitcoin,
where he is copying his inputs/outputs from.

It's described in more (technical) detail here:
[http://blog.erratasec.com/2016/05/satoshi-how-craig-
wrights-...](http://blog.erratasec.com/2016/05/satoshi-how-craig-wrights-
deception.html)

------
dooglus
> Oh, and also claimed to be Satoshi, which implies he owns half a million
> dollars in BTC

I think you mean half a million BTC, which is about 446 times more right now.

~~~
jere
Yes, it was a pretty bad typo. One I didn't catch after half a dozen rereads
because I wrote the article from 4am-8am this morning after little sleep.

