-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Someone else generated the same private seed phrase with "sign up with Deso seed" #143
Comments
If what you're saying is true, I want to go gambling with you. It's close to impossible to generate the same seed as someone else. Maybe there's another explanation, but closing this one because it can't be seed generation. |
The arrogance to just close this without asking any more information is truly astounding. We all know that there are no bugs or issues in the DeSo codebase, right? 🤦♂️ |
@iPaulPro the issue title suggests a critical vulnerability in identity without sufficient explanation and ability to reproduce the issue, hence I decided to close it. It's also coming from a new GH account that was created two days ago. But Paul you're right, @Japz0r is there any more information that you could give us about this issue, and why do you suspect it's seed generation that's at fault? |
I had a couple of anonymous accounts in my deso identity (also all
generated with "sign up with seed" on deso) i created these somewhere in
between august-October 2021 and didn't touched them. Those accounts where
created on my Android phone. One of those accounts became active 44 days
ago. As someone else her account. I noticed this a couple days back.
The man who created the account for his daughter has created 3 accounts in
total. He has written down all 3 of the seed phrases (all 3 generated with
"sign up with seed" on deso). After being notified by me of this situation
he checked his seed phrases. He found out the seed phrase he stored for his
daughter doesn't give him accès to the specific account. It's like a ghost
account he says.
You can find his answers to my post on DeSo here:
https://diamondapp.com/posts/b0584ef0be4708b74207cccb375864b5c3b21fedb267aa0bb82897d718de989a
I'm just a normal user on deso and i thought this was to big to not be
mentioned. Since i didn't get a serious reaction elsewhere i created this
GitHub account.
If you need more information you can contact me. Will provide any
information you want.
Kind regards,
Jasper Westra
Op za 4 jun. 2022 17:42 schreef Piotr Nojszewski ***@***.***>:
… @iPaulPro <https://github.com/iPaulPro> the issue title suggests a
critical vulnerability in identity without sufficient explanation and
ability to reproduce the issue, hence I decided to close it. It's also
coming from a new GH account that was created two days ago.
But Paul you're right, @Japz0r <https://github.com/Japz0r> is there any
more information that you could give us about this issue, and why do you
suspect it's seed generation that's at fault?
—
Reply to this email directly, view it on GitHub
<#143 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZOMRG5IWFV5BEQI2K4LX6LVNN2NBANCNFSM5XUVI42Q>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
I have a couple of alt accounts and anonymous accounts in my DeSo identity on my mobile phone. 2 days ago i noticed that one of my anonymous accounts became active 43 days ago as the account @mayadoesart (the daughter of @VindictiveTJ according to the profile info).
It looks like she generated the same private seed phrase as my anonymous account. I'm so lucky I didn't ever used this account to hold my DeSo or NFT's in it, and no one was harmed by this event.
The text was updated successfully, but these errors were encountered: