• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Does the signature of the message give the possibility of stealing my coins?

Aleksandr2

New member
Hello, operator allnodes.com requires me to sign a his message to start a masternode, can he to steal my coins after? Wallet issues a warning that it is not recommended to sign obscure messages, this can take advantage to scam

signmessage XwDnps*******************UArEDS XwDnps*******************UArEDS|0|XhWA**************************DfSPAeE|XhWA**************************DfSPAeE|c521bd90b********************************************************************0b1384020a
 
AllNodes is a trusted MN host and signing a message is routine, it is strictly to verify that you are the holder of the collateral key and doesn't reveal info that can allow a hack. It is a pretty routine procedure.
 
I do not want to trust, I want to know that the by signature of the message can not access to the 1000 coins, it can only be done by signing the transaction. They're not asking to sign a transaction, they're asking to sign a message (give them only the signature of the message)
 
AllNodes is a trusted MN host and signing a message is routine, it is strictly to verify that you are the holder of the collateral key and doesn't reveal info that can allow a hack. It is a pretty routine procedure.

Am i correct in assuming that the warning that the wallet is showing with regards to the signing of an unknown / obscure message is only to prevent a possible exploitation of a masternode owner's voting power
when dealing with the signing of an unknown message ? To make sure that the voting key of a masternode owner does not fall in the wrong hands ? Or does that wallet warning apply to something else ?
 
Last edited:
the risk is minimal, in simplifying the task for a quantum machine to compute a private key having a signature result

It should be OK, but I wouldn't do it.
DIP3 was designed to remove trust.
The commands to register a node should be run you.
ie protx register_prepare .. signmessage ... protx register_submit ... if you are signing a message and handing it back to them they have proof you own the DASH, still not enough to spend it, but wrong process.
 
The warning against sharing signed messages is designed to prevent impersonation for e.g. identity authentication. Sharing a signed message has no risk of leaking the private key used to sign the message because cryptographic hash functions only work in one direction. You cannot currently reverse engineer a private key from a signed message (or signed transaction, for that matter).

However, @Aleksandr2 is correct. It is not necessary to share this signed message with Allnodes, it is sufficient to simply specify the operator BLS public key they provide to you in the signmessage and register_submit steps in order to uniquely identify them as the host. They might be offering to handle this for you to reduce complexity, since the registration process is not straightforward. You should discuss this with Allnodes, I am sure they will accomodate you if you wish to prepare your protx transaction yourself.
 
Back
Top