@baabeetaa and I hit this trying to make our blockchain interoperate with steemit. What this seems to show is that steems implementation of secp256k1 does not work like other implementations. We will not speculate on what this means for security here.
We had been talking API problems with steem. I was wrong. I never considered what @baabeetaa found today, which is that the problems are with encryption. It took him a great deal of work to confirm this.
I would have reported this privately as is the norm but have been deleted from steemit slack.
We thought it was an API problem. We thought it was an encryption problem. Both of these, because that's what they look like. And folks here deny it's a problem?
That's the problem guys. And the way it's handled is extra-baroque.
I'm installing Parity now to see how this is handled by Ethereum on @xeroc 's advice.
Update: It's handled differently, in a way that is more developer-friendly.
But hey, now we know about @bilthon83 's graphenej, that's cool.
So now I go off the cuff. Look, we tried, quite a bit, over quite a bit of time, to get this all working properly, and didn't. And I can see how it happened, and why. And I guess that's the root of issues here. I'm not going to go and say there's no issue, because there clearly is. It has to do with docs, and attitude, and support for a developer community. It seems to me that this is far more difficult and error-prone (both) than it needs to be. If you want to keep interfaces like this, fine. That's not my decision to make.
Don't be shocked after some time passes, and there's a second @faddat. And a third. And a fourth. And after a while, there'll have been a number of me's. I didn't do this to FUD. When I saw this it looked like a security threat and an insane way to use the tools at our disposal. We all looked at it, and that's what we saw, so we treated it as one. Look I get that it's early days for all things blockchain, but someone said to me yesterday:
...and I agree. It should be much easier to write tools that interface with graphene blockchains.
And I said to someone yesterday....
I'll stand by that, too. it reads like straight-up alien talk. This is what I mean:
And it's clearly not @xeroc's fault that it sounds like alien-talk, the procedure is bound to be, well, alien. I don't know of any other software interfaces that work even remotely like this one, and learning about this one definitely involved something that looked like, walked like, floated like and quacked like a security problem.
Here's another thing I said yesterday:
Thanks to everyone who helped us understand this futuristic method of doing things that involves adding 4 and 27 to stay compatible with other protocols. We'd surely never have guessed.