--- Day changed Sat Sep 23 2017
00:42 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
02:03 -!- roconnor_ [~roconnor@host-45-78-192-3.dyn.295.ca] has quit [Ping timeout: 252 seconds]     
06:27 -!- roconnor_ [~roconnor@host-45-58-247-162.dyn.295.ca] has joined #secp256k1     
06:52 -!- jtimon [~quassel@199.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 240 seconds]     
11:34 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Read error: Connection reset by peer]     
14:19 -!- jtimon [~quassel@199.31.134.37.dynamic.jazztel.es] has joined #secp256k1     
14:58 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Remote host closed the connection]     
14:58 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1     
21:26 -!- roconnor_ [~roconnor@host-45-58-247-162.dyn.295.ca] has quit [Quit: Konversation terminated!]     
21:47 -!- gmaxwell [gmaxwell@wikimedia/KatWalsh/x-0001] has joined #secp256k1     
21:49 < gmaxwell> I found the preimage for the unexplained initial state in tht multiset PR, looks like it is in fact unintentionally backdoored... it's initial multiset actually contains a member, the empty string.
21:51 < sipa> i don't see how that could be abused, though
21:51 < gmaxwell> depends on the usage.
21:51 < gmaxwell> I could certantly construct an example application where it's an exploitable vulnerablity.
21:52 < gmaxwell> though if it's storing something which can never be an empty string by external constraints, then it wouldn't be.
21:53 < sipa> even if the empty string is a valid element, i don't see how to exploit it
21:54 < sipa> now you know an element you can 'remove' from the set to turn the state into infinity
21:54 < sipa> but that's it
21:54 < gmaxwell> Which then can't be serialized and would probably result in weird behavior.  But it's not it...
21:55 < sipa> i guess it can be an issue if your software can't serialized infinity, true
21:55 < gmaxwell> well perhaps that is it.
21:55 < gmaxwell> But indeed, it cannot serialize infinity, I think the existing code would seralize implementation specific random stuff in the case of infinity.
23:06 -!- jtimon [~quassel@199.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 252 seconds]