Does the signature of the message give the possibility of stealing my coins?

Aleksandr2

New Member
Sep 4, 2019
5
1
3
40
Hello, operator allnodes.com requires me to sign a his message to start a masternode, can he to steal my coins after? Wallet issues a warning that it is not recommended to sign obscure messages, this can take advantage to scam

signmessage XwDnps*******************UArEDS XwDnps*******************UArEDS|0|XhWA**************************DfSPAeE|XhWA**************************DfSPAeE|c521bd90b********************************************************************0b1384020a
 

AgnewPickens

Moderator
Moderator
Mar 11, 2017
299
100
103
56
AllNodes is a trusted MN host and signing a message is routine, it is strictly to verify that you are the holder of the collateral key and doesn't reveal info that can allow a hack. It is a pretty routine procedure.
 

Aleksandr2

New Member
Sep 4, 2019
5
1
3
40
I do not want to trust, I want to know that the by signature of the message can not access to the 1000 coins, it can only be done by signing the transaction. They're not asking to sign a transaction, they're asking to sign a message (give them only the signature of the message)
 

qwizzie

Well-known Member
Aug 6, 2014
1,576
736
183
AllNodes is a trusted MN host and signing a message is routine, it is strictly to verify that you are the holder of the collateral key and doesn't reveal info that can allow a hack. It is a pretty routine procedure.
Am i correct in assuming that the warning that the wallet is showing with regards to the signing of an unknown / obscure message is only to prevent a possible exploitation of a masternode owner's voting power
when dealing with the signing of an unknown message ? To make sure that the voting key of a masternode owner does not fall in the wrong hands ? Or does that wallet warning apply to something else ?
 
Last edited:

Aleksandr2

New Member
Sep 4, 2019
5
1
3
40
the risk is minimal, in simplifying the task for a quantum machine to compute a private key having a signature result

It should be OK, but I wouldn't do it.
DIP3 was designed to remove trust.
The commands to register a node should be run you.
ie protx register_prepare .. signmessage ... protx register_submit ... if you are signing a message and handing it back to them they have proof you own the DASH, still not enough to spend it, but wrong process.
 
  • Like
Reactions: AgnewPickens

strophy

Administrator
Dash Core Team
Moderator
Dash Support Group
Feb 13, 2016
712
413
133
The warning against sharing signed messages is designed to prevent impersonation for e.g. identity authentication. Sharing a signed message has no risk of leaking the private key used to sign the message because cryptographic hash functions only work in one direction. You cannot currently reverse engineer a private key from a signed message (or signed transaction, for that matter).

However, @Aleksandr2 is correct. It is not necessary to share this signed message with Allnodes, it is sufficient to simply specify the operator BLS public key they provide to you in the signmessage and register_submit steps in order to uniquely identify them as the host. They might be offering to handle this for you to reduce complexity, since the registration process is not straightforward. You should discuss this with Allnodes, I am sure they will accomodate you if you wish to prepare your protx transaction yourself.