
Attempting (Failed) Verification of the Wright Signature - joeyspn
https://github.com/patio11/wrightverification
======
zenon
_The non-experts did not ask to see things which would be hard for non-Satoshi
to provide -- they were at the mercy of the charlatan (paging James Randi,
James Randi to the courtesy phone please).

I'm mystified as to how this got past Andresen, though._

I think Randi would be the first to tell us that the skills required to detect
a good conman are quite different from skills in technical fields.

[http://www.livescience.com/9066-magician-scientists-
assume-i...](http://www.livescience.com/9066-magician-scientists-assume-
infallibility.html)

I bet Andresen simply got tricked, and I think he should not feel to ashamed
about it (although he will) -- most of us would have fallen for it.

~~~
rudolf0
I agree, but look at what Andresen said:

[https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_p...](https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_please_detail_all_parts_of_the/d2plygg)

>Craig signed a message that I chose ("Gavin's favorite number is eleven. CSW"
if I recall correctly) using the private key from block number 1.

>That signature was copied on to a clean usb stick I brought with me to
London, and then validated on a brand-new laptop with a freshly downloaded
copy of electrum.

>I was not allowed to keep the message or laptop (fear it would leak before
Official Announcement).

It's quite suspect he wouldn't be allowed to keep the message, and that no
public message and signature has been produced. But assuming he's not lying,
this doesn't really seem like a scenario where he could be easily tricked.

~~~
isp
My best guess is that Gavin has been duped by a sleight of hand (like a
magician would use) by Craig.

My best guess, based on what I've read so far, is this:

\- Gavin supplied his own text for the message.

\- Craig faked running "sha256sum" on this message on his own laptop. The real
"sha256sum" program could have been overwritten with a fake program that
always output the same "hash". This is the "magic trick": the "hash" is
attacker-controlled, and doesn't actually correspond to Gavin's message.
Rather, the hash corresponds to an old message on the block chain - see, e.g.,
[https://gist.github.com/ryancdotorg/893815f426f181d838c1b44a...](https://gist.github.com/ryancdotorg/893815f426f181d838c1b44aa187f05a)

\- Then from there, presto. The signature validates (and can be validated on
Gavin's clean laptop) - because it's a real Satoshi signature, from the public
blockchain years ago. But what it validates _against_ is a "fake" hash - that
Gavin thinks corresponds to his own message, but actually doesn't.

Easy to see how that would be a very, very convincing demonstration, after
some social engineering. But all sleight of hand.

This is (I believe) why Craig has all this blurb up on
[https://dankaminsky.com/2016/05/02/validating-satoshi-or-
not...](https://dankaminsky.com/2016/05/02/validating-satoshi-or-not/) \- it's
to hide the trick, which is that he doesn't give us the file "Spartre". He
supplies only a (presumably faked) screenshot of sha256sum against this file.
Making you type in the hash by hand is misdirection, so you don't realise that
you don't have the original file.

~~~
jere
Thank you. The part I couldn't understand is how Gavin could verify the
signature without retaining the message. But your explanation (with the hash)
makes perfect sense.

Wright supplied all the inputs. Amazing.

~~~
isp
If my hunch is right, I feel quite sorry for Gavin for having being duped. It
would have been very convincing. We're not all James Randi!

------
cubano
I am enjoying the spectacle and irony of the crypto-currency media being
"hacked" by someone who barely understands the basics of the very thing that
underpins the system itself.

 _One of the very few things that Bitcoin meaningfully has accomplished as an
ecosystem is a world-readable repository of reasonably-well-attested-to-keys._

Yeah no shit.

~~~
empath75
I don't think _anyone_ in the 'crypto-currency media' believes that this guy
is Satoshi. The mainstream media that covers bitcoin seems to have been
conned, though.

~~~
Karunamon
These variations on a "we found Satoshi for reals this time" story seems to be
on a ~6 month cycle. It happens, it gets debunked, it fades, it happens again.

~~~
Bartweiss
It's striking that they got burned by the same guy _again_ though. Craig
Wright came through as a fake Satoshi a bit over a year ago:
[http://hackingdistributed.com/2015/12/10/how-to-spot-
satoshi...](http://hackingdistributed.com/2015/12/10/how-to-spot-satoshi/)

------
seren
This is hard to believe but Craig Wright might actually have posted the hack
in his blog announcement...

From one of the reply to Gavinandressen:

[https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_p...](https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_please_detail_all_parts_of_the/d2poy67)

~~~
StavrosK
Why would you be so obvious as to misspell "signature", rather than replace
one of the letters with an identical-looking high-Unicode alternative?

~~~
scott_s
Because you didn't know such things existed?

I'm inclined to think this whole thing is a con, but I'm unsure if bash
variable is a part of it, or just a mistake. But if it is a con, then we can't
assume the person perpetrating it has the same level of technical mastery as
we do.

~~~
StavrosK
Given how easy it would be to prove that it's _not_ a con, I'm surprised how
anyone is buying any of this, really.

All Wright has to do is sign today's headlines with the genesis key and
publish the signature, and that's it. No other speculation or "convincing of a
core developer" needed.

------
jere
>Part of that time was spent on a careful cryptographic verification of
messages signed with keys that only Satoshi should possess. But _even before I
witnessed the keys signed_ and then verified on a clean computer that could
not have been tampered with, I was reasonably certain I was sitting next to
the Father of Bitcoin.

[http://gavinandresen.ninja/satoshi](http://gavinandresen.ninja/satoshi)

Probably a bit of confirmation bias there.

------
lottin
From TFA:

 _You 'll have to visually compare this against Wright's screenshots, but it
matches. If this sounds fishy to you, well, you're right. Also fishy: making
people hand-edit hex values to verify trivial parts of this evidence chain._

To say that this is "fishy" is an understatement. To me it's proof enough that
the man is a total fraud.

------
dantiberian
I really don't understand how these media outlets were fooled for so long when
it took Redditors familiar with the subject ~6 hours to see right through it.

