
Email exchange between MIT Media Lab and the IOTA Foundation [pdf] - dsr12
http://www.tangleblog.com/wp-content/uploads/2018/02/letters.pdf
======
rdtsc
> Hey Ethan, Did you receive the invite? We can also setup a chat with our ex-
> NSA post-Quantum hash function experts after we get the initial confusion
> out of the way. Best, David

It is a great example of someone (the "expert") convincing a non-technical
person that they are the "ninja rockstar 11x post-quantum hash function
expert".

I've seen this many times. Managers / owners don't have ability to assess who
is an expert and who isn't. So whoever talks more convincingly is the "ninja
rockstar". After that they can do no wrong. Also after that somehow admitting
publicly that the person they picked is a scam artist becomes pretty hard,
because it also means admitting to their own mistake of believing them.

Others who see what's going on, leave and this this eventually leads to the
whole ship sinking.

Oh and accusations of drunkenness of course, those are always so constructive
and helpful.

~~~
ShorsHammer
> We can also setup a chat with our ex-NSA post-Quantum hash function experts

Is there a modern secure hash function considered to be under threat from
quantum computing? I was under the impression there isnt one.

It's scary to see marketing spiels thrown into technical discussions, it's
even worse when the thread is released as some sort of defense and those less
informed see the big words and appeal-to-authority name dropping.

~~~
hatsunearu
It's only asymmetric crypto used today that's broken under quantum. Symmetric
and Hashes should be OK.

~~~
charleslmunger
Grover's algorithm means you need to double the length of your hashes, but
that hardly puts sha-512 in danger. Even sha-256 is safer than a naive
calculation would suggest:

[https://arxiv.org/pdf/1603.09383](https://arxiv.org/pdf/1603.09383)

------
thisisit
This is full of little gems. Like:

> We were just reached out to by a CoinDesk journalist that Ethan contacted in
> an attempt to rush out this publication. This may be the biggest scandal I
> have ever heard of from what has been portrayed as a professional
> 'responsible disclosure'. Ethan is clearly in complete conflict of interest
> and pushing this for his own gain, this is no longer about academic merits,
> but a desperate attempt by Ethan to make money.

I can be wrong but the suggestion here seems to be that Coindesk journalist
reaching out to the Iota team was a ploy to force them to pay a bounty.

But, after devolving into a personal attack. They expect him to reply back a
month later?

> Hi Ethan, I can't get a single reply from you, looks like you put me on
> ignore on Twitter.

This whole saga seems to be symptomatic of the cryptocurrency scene. Lot of
expertise on money, economics, cryptography, programming language etc is out
there. But, any criticism of cryptocurrency devolves into either personal
attacks or a know-all attitude which ensures not many people want to lend
their expertise.

Edit: After re-reading the blog post, I realized the agenda of this leak was
to show evidence of conflict of interest. The correct link for the post should
have been:

[http://www.tangleblog.com/2018/02/24/full-emails-ethan-
heilm...](http://www.tangleblog.com/2018/02/24/full-emails-ethan-heilman-
digital-currency-initiative-iota-team-leaked/)

~~~
eastWestMath
I’m a bit nervous for the graduate student in this equation. There’s a lot of
angry people in the iota subreddit - maybe the iota foundation is trying to
direct an angry internet mob at this student.

The lab director should have handled all communications.

------
roywiggins
>2\. If the IOTA project wishes to ensure that trinary logic is involved in
the proof of work and signature hashing process we suggest that a trinary
function could be composed with a secure hash algorithm in a construction such
as: >Hash(msg) = MD6(msg || TrinaryFunction(msg)).

Haha this is a wonderful suggestion. "If you weirdos think ternary arithmetic
has any benefits, just combine it with a crypto primitive you didn't handroll,
ya dingus"

And then they say it's okay because of "higher level checks" that a colliding
transaction wouldn't validate, so then when one is demonstrated, they say
"it's okay because we'd just decide to reject the bad one even if the hash is
the same" and the final defense is "something something distributed ledgers
Satoshi"

------
kylegalbraith
I can't believe I read that entire train wreck front to back. If IOTA
published this to "expose" MIT, it does quite the opposite. Rule number one,
all together now, don't roll your own crypto.

~~~
killerstorm
It actually worked. People who are clueless about cryptography (i.e. like 99%
of crypto investors) are totally on IOTA side here. Invancheglo is a grade A
troll.

~~~
wybiral
I've noticed that too. They seem to have a decent army of people spreading
nonsense on social media right now.

If you post something negative about IOTA you're likely to get a bunch of
troll responses from accounts with histories of nothing but IOTA-related
likes, retweets, and responses.

------
Jedi72
I made a post on the Iota subreddit which supported the MIT team, removed 30
minutes later. It honestly terrifies me how easy it is to manipulate discourse
online - there are many other posts calling the MIT team frauds and the
general tone is that Iota were saints defending against corrupt evil
cryptography researchers.

~~~
curuinor
back when something awful and metafilter were comparatively big, much of the
impetus for the paywalls they put on registrations was to structurally prevent
the possibility of this sort of thing. worked fine, although those two
communities themselves are pretty moribund.

it would all be solved forever and anon with a paywall. 5 mao men, botheads,
shilling, you would raise the cost to them by orders of magnitude (stealing
other people's credit card numbers cost real money)

~~~
vertex-four
The problem isn’t “bots”. It’s the moderators of these forums. You’ll always
find a core group of people willing to believe almost any scam, but putting
them on a forum where critical discussion is banned by the moderators is where
things go wrong.

~~~
tmz
Ask your Questions here:
[https://iota.stackexchange.com/](https://iota.stackexchange.com/)

------
mbgaxyz
Interesting to see the range of opinions about IOTA.

The conclusions on HN are (so far) completely at odds from those on the
cryptocurrency subreddit:
[https://www.reddit.com/r/CryptoCurrency/comments/7zztey/full...](https://www.reddit.com/r/CryptoCurrency/comments/7zztey/full_emails_of_ethan_heilman_and_the_digital/)

Meanwhile the commercial world seems happy to engage with IOTA:

"Volkswagen CDO will join the supervisory board of the IOTA foundation. And
now, Volkswagen is going to utilise this technology in their automobiles." \--
[https://coingape.com/iota-volkswagen-partnership-raises-
hope...](https://coingape.com/iota-volkswagen-partnership-raises-hopes-for-
investors/)

"Bosch makes first investment in distributed ledger technology, purchase of
IOTA tokens to support creation of new business models for the Internet of
Things" \-- [http://www.bosch-presse.de/pressportal/de/en/robert-bosch-
ve...](http://www.bosch-presse.de/pressportal/de/en/robert-bosch-venture-
capital-makes-first-investment-in-distributed-ledger-technology-137411.html)

"Taiwan's capital city of Taipei is working with the IOTA Foundation to bring
Tangle - IOTA's answer to blockchain - to its citizen identification plans."
\-- [https://www.coindesk.com/city-of-taipei-confirms-its-
testing...](https://www.coindesk.com/city-of-taipei-confirms-its-testing-iota-
blockchain-for-id/)

So what to make of all this?

~~~
sova
IOTA actually has status as an NGO in Germany which gives them a lot of
credibility (clout?) and therefore companies are intrigued to start deals, but
as an amateur cryptographer I must say that having hash derivatives leaking
through your hash function [which has been known for a long time actually with
IOTA!] is not the way to make a bulletproof currency. Coverups sadly don't
make the protocol more robust, either, but so many people have an [in]vested
interest in IOTA being successful that it makes sense they want to minimize
FUD and/or flaw pointing-out.

~~~
pimeys
Don't take this as a source of truth, it's just my gut feeling, but:

Germany is lacking behind in tech, and the country is putting lots of bets to
their car industry, the Volkswagen scandal not helping there. Now there is
this new thing called cryptocurrency and one of them comes from Berlin. I
don't know is it just me, but it's not that hard to start speculating why
these big German companies want to announce themselves to be working with a
Germany-based cryptocurrency.

~~~
sova
Eh, maybe, but I think IOTA has more to prove and more to gain by showing that
they are associating with well established giants rather than the other way
around. Besides, Switzerland is the place for Crypto now.

~~~
pimeys
Again just speculation, but could it be that these announcements are boosted
by the IOTA folks? That the giants are not that much into the tech, IOTA just
using the attention to boost their value? These guys are rich and I really
doubt they'll do anything more than spend quality time in their Florida
penthouse.

------
loxias
Confirming basically everything I already suspected about IOTA -- don't trust
anything crypto related that's not written by a professional. "You're gonna
have a bad time."

[Edit to add this plug for Zcash! Made with _real cryptographers_ ]

~~~
emmelaich
> You're gonna have a bad time."

A major wake-up call for me in the crypto currency world was Gavin Andresen's
ludicrous "validation" of Colin Wright as Satoshi.

When a so-called leader clearly does not even understand the basics you
realise it's 98% shit. Sturgeon's law applies again. But I keep on forgetting
that.

~~~
loxias
The crypto world has certainly inspired me to pursue whole new fields of
research. Not in cryptocurrencies, because while the idea of a distributed
ledger I think is solid and here to stay, but because at least 90% of these
"currencies" must have their value drop to zero given a long enough time frame
-- there's simply no reason for the market to support anything else.

No, for the past half a year or so I've been trying to learn all I can about
market microstructure, quantitative finance, anything that makes money off of
high variance.

Because if there's one thing I _will_ bet on, it's that there's a ton of risk
and volatility here in these hills, and there's probably money to be made
somehow while it all crashes and burns.

~~~
charleslmunger
This is an extremely dangerous way to think - it preys on the natural
irrationality of the human mind. Someone is out there laying bait of all
kinds. Iota is bait for people who think they barely missed out on bitcoin,
but this new thing with buzzword salad as it's description and a lead
developer that has clearly lost touch with reality will make then rich.

Then there's the second level bait - since there are all these suckers out
there, surely money can be made by predicting them!

And then it's turtles all the way down. You won't know if you're a sucker or
at the very top level until it all comes crashing down.

------
cjbprime
This is being leaked with the agenda of purporting to show malfeasance from
MIT DCI, but if anything shows the opposite, in my opinion.

~~~
C4K3
/r/iota sure seems to believe that's what it shows. One comment with 20
upvotes:

> I read the emails and it seems to me that Ethan doesnt understand what
> theyve done in IOTA or has very different way of interpretting what they
> have done aka hes trained by a textbook and if you deviate from textbook its
> wrong bla bla. I think come_from_behind is and will continue to run laps
> around these University morons

[https://www.reddit.com/r/Iota/comments/8016uc/debunking_the_...](https://www.reddit.com/r/Iota/comments/8016uc/debunking_the_iota_vulnerability_report/)

------
fabianhjr
> I have a feeling that you refuse to accept existence of cryptographic
> protocols not mentioned in the textbooks read by you.

That is a cringe worthy statement by someone doing a cryptographic
decentralized project. The whole conversation is a trainwreck. :/

~~~
charleslmunger
The best part is that part of their argument for why it's not a real
vulnerability is that the coordinator might have rejected it - except that the
coordinator is essentially a server run by them, which makes the entire
"crypto" part of crypto currency totally unnecessary.

~~~
Rebelgecko
Also doesn't help when the byline on their website is "Scalable,
Decentralized, Modular, No Fees". Well, maybe 2/4\. Having a central
coordinator sounds pretty essential to their current design

------
QML
I only got to page 30 before moving on, but this line is telling:

> In this case you are right, second-preimage resistance is an anti-feature,
> collision resistance threat is nullified by Coordinator while allows us to
> easily attack scam-driven copycats. (pg. 24)

The Coordinator referenced is a validation node ran by the IOTA team which
currently processes all transactions.

~~~
Ar-Curunir
Telling of what? The paper makes a simple claim that because collision-
resistance is broken, their custom signature scheme is broken

~~~
QML
A creator of IOTA said that broken collision-resistance is actually a feature,
allowing them to use their centralized node to attack "scammers".

The whole narrative from the start has been decentralized cryptocurrencies;
but IOTA it seems is neither decentralized nor a currency backed by secure
cryptography.

------
dude01
I read most of it. I suppose if you're interested in IOTA you should read it,
it puts IOTA in a terrible light. Check this out:

Ethan (MIT): > I am shocked that you would call a hash function deployed in
production, with "a 800 million dollar bug bounty" as Dominik put it, a
prototype.

Sergey (IOTA): I see Greek wasn’t your favorite subject in school :), don’t
worry, word “prototype” is similar to
[https://en.wikipedia.org/wiki/Prototype_pattern](https://en.wikipedia.org/wiki/Prototype_pattern),
not to what you thought about. It is also important to keep in mind that all
distributed ledgers are currently in a “prototype phase“.

------
memebox3v
I think I work with a clone of Sergey. He has somehow managed to convince his
boss that he knows what he is doing. Every interaction with him is painful as
he subconcsiously does everything in his power to discredit me and make
himself look good.

------
eindiran
This was as juicy as something can be while remaining a discussion on
cryptographic hash functions.

------
rkagerer
That was a painful read. Considering the amount of money invested into this
coin, someone should have coughed up travel expenses to get these guys into a
room together for a few days so they could more efficiently clarify themselves
to each other, maybe establish a bit of trust and rapport from working
alongside each other on a problem, and reach consensus as to what facts and
opinions they agree on vs. what is in dispute. I would have loved to see some
of that energy they spent fretting over optics instead put into solid
engineering work.

Just my two cents. Most of this is over my head as I'm not by any means a
cryptography expert.

~~~
charleslmunger
This is a conclusion you might reach if you're not familiar with the
terminology the MIT researcher used. Here's an analogy - suppose a professor
of engineering is looking at a new car from a promising startup, and discovers
that the car uses banana peels as brake pads. (this is about as irresponsible
and naive as rolling your own crypto.)

Prof: I've noticed that you're using a non-standard brakepad material, which
functions very poorly for stopping the motion of the car. You should fix this.

Startup: That's fine, these peels are organic and eco friendly, and they're
safe because I modelled them in the same shape and size as normal brake pads.

------
amenghra
The first time I heard about IOTA was when I read [https://shitcoin.com/iota-
cannot-be-used-for-iot-loss-of-fun...](https://shitcoin.com/iota-cannot-be-
used-for-iot-loss-of-funds-may-occur-e45b1ed9dd6b)

It’s a fun read and you’ll probably end up unimpressed to say the least.

~~~
tmz
Maybe you should also read
[https://twitter.com/ShitcoinDotCom/status/965910847645212672](https://twitter.com/ShitcoinDotCom/status/965910847645212672)

It is from the same author

~~~
Blackthorn
Your point is what, exactly?

Doing research into things, publishing results, and shorting is perfectly
legitimate. It's how Lumber Liquidators was found to be using formaldehyde.
Just because someone says something you don't like, and they have a short
position in the thing, doesn't mean they are wrong.

~~~
generalizethis
He went out of his way to foul up (read the comment section for how
obviously), not that that validates his assumption that ease-of-use = IOT
suitability.

~~~
Blackthorn
He most certainly did not. In fact, you already legislated this exact point
with him and he explained exactly why he made the choices he made -- in your
own comment history.

~~~
tmz
I did exactly what he tried to do. It took me less than 1 hour and my node was
in sync. If you use a dedicated server with sufficient bandwidth and not your
laptop at home for a fullnode this can easily been done. IOT devices are
connected to this fullnode and are not fullnodes themselves. I dont know what
made him think otherwise.

------
oil7abibi
Ah IOTA, the same ‘company’ that created a fake partnership with Microsoft to
pump up their cryptocurrency price...

~~~
smrtfkkr
Good to see that's still the only broken argument you can muster up.

~~~
lawn
A completely new account with all comments defending IOTA. Hmm...

------
reallymental
I'm a person with no background in cryptography. I am in the tech industry
however, so I can follow about 30% of the technical jargon that's going on. I
read the entire thing. smh.

The whole thing started with someone finding something wrong with the 'Curl'
wrapper around a packet that's being sent from A->B. Apparently, this violates
a EU-CMA security protocol, and this is an issue. Lots of holes in my
knowledge there, but I got the jist.

What I don't get, is HOW this became a bipartisan issue with HN/Reddit.
Because if you read the 124 pages, it becomes clear that both the IOTA team,
as well as the MIT team were bad at communicating with each other, the purpose
of this bad communication is unknown, but both are at fault.

So we at HN look at some emails from IOTA and call out their unprofessional
behavior, and Reddit does the same thing with MIT's team.

What if someone has no perspective of how these communications usually take
place? It looks like (upon the assumption that IOTA's team member was indeed
in an 'incomprehensible' state when he typed that email out) MIT's team member
without a __second __warning, just went ahead with publishing the paper.

So what's the big mess? It's pretty clear that both parties messed by being
sloppy at emailing each other.

~~~
jkachmar
The way I view it there's a serious asymmetry here in that the IOTA team is
denigrating seasoned professionals in the field of cryptography (e.g. Matthew
Green) on social media without offering a serious rebuttal of their concerns.

From my PoV there seems to be little-to-no miscommunication in bad faith on
the part of the MIT researchers in these emails, but a lot of dismissiveness
from the IOTA developers towards the concerns that were brought to them.

Over the past few days, it seems to have only gotten worse on Twitter (I
encourage you to check out the recent threads in which @matthew_d_green
engages with @c___f___b only to be accused of professional incompetence).

tl;dr (from my perspective) is that the big mess here comes from a party
without proper education in the field producing a $1B+ market cap
cryptocurrency while _unnecessarily rolling their own crypto primitives_, and
then steadfastly ignoring the suggestions academics who have spent their
entire lives researching this field.

~~~
generalizethis
Green is the only guy who could take something as novel as zsnarks and latch
it onto a trusted setup (you need it, but it should have been 50 Peter Todds)
and optional privacy. He trolled Monero with this same kind of vehemence when
he should be turning his critical eye on zcash--so let's not pretend he's an
infallible god when he can't even get his own project right. Also, if you read
the side convo between CFB and Aumasson you'll get an indicator of why CFB was
correct (also polite when someone intelligent listens).

~~~
Ar-Curunir
Lol this entire thread you've been defending Iota without facts.

a) there's nothing broken in the Zcash cryptography. Some cryptographic
assumptions used by SNARKs are a bit hairy and novel, but these assumptions,
and variants there-of, haven't been broken in over 25 years of trying.

b) State-of-the-art efficient SNARKs require trusted setup, but this can be
distributed, as was done with Zcash and will be done, in a better way, in the
next Zcash upgrade.

c) CFB called Aumasson's methods 'primitive'. Hardly polite, especially
considering Aumasson is co-creator of solid hash functions like Blake2.

~~~
generalizethis
\- Fungibility is broken when you have optional privacy--also stuff like this
happens [http://jeffq.com/blog/on-the-linkability-of-zcash-
transactio...](http://jeffq.com/blog/on-the-linkability-of-zcash-
transactions/)

-No one but the participants should trust a trusted setup, and even then, it's only if they can vouch for their OPSEC.

\- B goes to my point that Green is inept as that should have been where they
started.

\- And they were cordial after they talked through the issues and Aumasson
reliezed CFB's point (also, appeal to authority backfires when the authority
agrees with the person you are criticizing).

Spend less time worrying about what I'm doing elsewhere and more on the
argument in front of you. But it does seem fitting that you are supporting a
dev who shows more concern for what others are doing than the product he
helped drive into the ground.

------
KKKKkkkk1
_As a participant in the SHA hash function contest who broke one of the 51
Round-1 SHA-3 proposals and who worked on security proofs for another SHA-3
proposal I can say with some authority that using the sponge construction and
showing statistical properties of the transformation function is not
sufficient to ensure security. Of the 51 Round-1 SHA-3 proposals all of them
passed statistical tests and at least one round of review by NIST yet 33 /51
were broken.

A more general point is that you should never roll your own crypto and if you
must then it should be submitted for peer review by cryptographers before
using it in a security critical application._

I know this is a pretty standard way to carry a technical conversation in the
crypto community, but this is a pure and unadulterated argument from
authority. I don't think other fields of computer science get away with this
bullshit (you can't invent anything new unless you get a blessing from "the
community").

~~~
mikeash
That’s because other fields of computer science can either prove or
demonstrate that their solution works. Cryptography almost never has solid
proofs, and demonstrations prove nothing.

When you’re working on something where “works great” and “completely broken”
are almost indistinguishable, the only way to even have a hope of avoiding the
second one is by having a lot of smart people bang on it for a long time.

~~~
Ar-Curunir
What? Modern cryptography is based on proofs and definitions. Sure, we can't
prove that SHA2 is cryptographically-strong (that imply P≠NP), but we can show
that it resists certain kinds of attacks.

Furthermore, assuming certain properties are satisfied by SHA2, we can order
that different constructions based on it (eg a Merkle tree) are secure.

Cryptography is highly mathematical.

~~~
mikeash
I’m talking about proofs that the stuff works, i.e. that the algorithms or
code are cryptographically strong. As far as I know, only the one-time pad has
such a proof.

~~~
Ar-Curunir
As I said, proving that the underlying crypto is unbreakable would involving
proving statements stronger than P≠NP, and so isn't going to happen for a
while. What you can do is conjecture that your favourite hardness assumption
(SHA-256 is a CRH, AES is a PRF, factorisation is not in P) holds, and then
base your cryptographic constructions off such assumptions.

~~~
mikeash
I understand that. Starting with a conjecture and "proving" your algorithm's
security based on that is not actually a solid proof. This is _why_ things are
the way I said they are.

------
curiousDog
Fascinating read.

I think we've all worked with a Sergey in our careers so far. And most of us
end up doing what Ethan did.

~~~
sova
I'm intrigued by your comment, I thought Sergey was also very thoughtful -- or
are we not talking about the Sergey of google?

~~~
grzm
They're referring to Sergey Ivancheglo, one of the founders of IOTA.

[http://untangled.world/iota-founders/](http://untangled.world/iota-founders/)

~~~
sova
Oh! thank you that makes a lot more sense.

------
raitucarp
I'm curious, is the date header important or not? OMG, Is this a real
conversation? Even this tweet from the tangleblog who leak this document is
hilarious:
[https://twitter.com/tangleblog/status/966286394636296192](https://twitter.com/tangleblog/status/966286394636296192)

~~~
raitucarp
also this:
[https://twitter.com/tangleblog/status/967513038374031360](https://twitter.com/tangleblog/status/967513038374031360)

~~~
hatsunearu
The replies! I see a reality distortion field...

~~~
raitucarp
this!

------
DyslexicAtheist
Maybe instead of whipping up a pdf like Manafort that requires trust in the
authors copy/paste & editing process it would be better to see the real email
conversations incl. message headers. Not saying this isn't how it unfolded but
this isn't <evidence> either.

Why go through the trouble of creating a pdf from different emails (he calls
"letters") when he could just save the messages verbatim as plain text incl
timestamps & other metadata. Some of the justifications for creating a
homebrew-crypto says a lot. This sure is nonsense.

------
philfrasty
Can someone explain which side leaked this? The blog seems IOTA related but
not affiliated.

~~~
SolarNet
They are definitely IOTA something, their latest tweet was about how Bitcoin
will fail and IOTA will stay standing.

------
mizzao
Straight out of the Trump / Nunez playbook...just leak something that
questionable or even contradicts your point, but tell your supporters that it
exposes fraud...and most of them will conveniently apply confirmation bias to
believe you.

------
kevinwang
Wow, this was the juiciest goss I've seen in a while. Seems like the bitter
tone was due to some early passive aggressive comments by the Mit media lab
team, though.

------
john_minsk
I read the whole thing and was awaiting Ethan to send "just watch" to the
thread and transferring all IOTA to his wallet (or whatever is relevant for
IOTA)

~~~
SolarNet
The system would have to be stable for that to work.

------
hguhghuff
Without reading reams of stuff over my head, why is this interesting?

~~~
atdrummond
IOTA rolled their own crypto. As they were warned by many in and out of the
crypto (in both senses of the word) communities at the time, it was
susceptible to attack. MIT Media Lab wrote a responsible disclosure report on
a vulnerability. IOTA kept pushing back the publication date, based on a
mixture of amateur cryptography arguments and nitpicking over disclosure
issues. MIT Media Lab finally published, well after the originally agreed
deadline, after realizing IOTA was not serious about improving the code
further and was using the time to attempt to improve their appearance in the
disclosure report's narrative. IOTA got upset, as this publication exposed
them with their pants down. They've now threatened the involved academics with
legal action. (There is, of course, no actionable basis for such.)

It is interesting if you find cryptocurrencies interesting, as it shows how
"well" run many are - and IOTA is by no means an outlier here. The foundations
are simply not lousy with cryptography, programming and economics experts who
are solely interested in best practices.

~~~
sanmon3186
>MIT Media Lab wrote a responsible disclosure report

Pardon my ignorance but I am confused with engagement of MIT Media lab in
this. Was it volunteer or there was some formal engagement between IOTA
foundation and MIT Media lab?

------
atomical
> I can't get a single reply from you, looks like you put me on ignore on
> Twitter. I don't blame you, sometimes I'm pretty annoying, I spend too much
> time with computers and lack some skills required for proper interaction
> with humans.

That says it all.

------
SamyGe
after reading the mails, MIT has lost cred imho. Neha seems to be a 16 year
old person who cant code well enough to be in this position.

------
bitcoinfatalist
eikons
[https://www.reddit.com/r/CryptoCurrency/comments/7zztey/full...](https://www.reddit.com/r/CryptoCurrency/comments/7zztey/full_emails_of_ethan_heilman_and_the_digital/)

IOTA: Can you look into our laundry detergent product and review it's safety?
DCI: Sure. We've got some accomplished chemists that will do a careful review.
IOTA: Cool, let us know what you find. DCI: Uh oh, it looks like we found a
critical problem with your detergent. We tested the product and it seems to
have poisonous properties. IOTA: How did that happen? Did someone accidentally
ingest it? DCI: Can you prove that your laundry detergent pods are safe when
ingested? IOTA: Don't ingest them. Use them to do laundry. DCI: I see, so you
don't deny that they are unsafe for consumption? IOTA: I don't understand. Why
would you try to eat them? Our instructions clearly say that's not what they
are for. DCI: Look, we have a lot of experience with chemicals. Every chemist
out there will tell you that these ingredients are unsafe for consumption. Ask
for a second opinion if you like. IOTA: Ok but can you show that they are
unsafe to use for laundry? DCI: We'll let everyone know that this laundry
detergent is unsafe. IOTA: Wait, can you also tell everyone that they
shouldn't eat them? DCI: ... IOTA: Did you just publish?

~~~
mizzao
Nice. Another account created just to attack this thread. They really do have
an army of either trolls or heavily invested people (see link above)

------
merlincorey
Second Preimage Resistance is important with most cryptocurrencies based off
bitcoin because they are often calculated as a hash of a hash, which is what
second preimage resistance is all about preventing predicting.

In this case, the `curl` function is not being used as a hash function, but a
different type of mapping. Unfortunately, that mapping is supposed to be
psuedo-random and now it is known that it is not.

~~~
comex
The "second" in "second preimage" doesn't refer to hashing something twice. It
means that you already have one preimage for a hash (presumably because you
started with the "preimage" and calculated the hash from that), and you want
to find a second, different one.

~~~
QML
In simpler terms, given H(x), it is impossible to find x’ such that H(x’) ==
H(x) in polynomial time.

~~~
comex
To be pedantic: given x and H(x), it is impossible to find x’ such that H(x’)
== H(x) in a practical amount of time.

(You need x, and an attack doesn't need to be polynomial to break the hash
function; it just needs to be fast enough, considering constant factors, to
fit within some plausible attacker's computational resources.)

------
bitcoinfatalist
IOTA: Can you look into our laundry detergent product and review it's safety?
DCI: Sure. We've got some accomplished chemists that will do a careful review.
IOTA: Cool, let us know what you find. DCI: Uh oh, it looks like we found a
critical problem with your detergent. We tested the product and it seems to
have poisonous properties. IOTA: How did that happen? Did someone accidentally
ingest it? DCI: Can you prove that your laundry detergent pods are safe when
ingested? IOTA: Don't ingest them. Use them to do laundry. DCI: I see, so you
don't deny that they are unsafe for consumption? IOTA: I don't understand. Why
would you try to eat them? Our instructions clearly say that's not what they
are for. DCI: Look, we have a lot of experience with chemicals. Every chemist
out there will tell you that these ingredients are unsafe for consumption. Ask
for a second opinion if you like. IOTA: Ok but can you show that they are
unsafe to use for laundry? DCI: We'll let everyone know that this laundry
detergent is unsafe. IOTA: Wait, can you also tell everyone that they
shouldn't eat them? DCI: ... IOTA: Did you just publish?

