Is Far cry 3-keygen-first leak com Safe and Legal? | Pros and Cons of Using a Keygen for Far Cry 3
however, even if far cry 6s rngs have been fixed, attackers can still game the system by leveraging the attack presented in the far cry 3 leak. the difference is that there is now a better attack. at the end of the day, the attacker still needs to know which bits of their nonce are biased, just as in the far cry 3 leak. the best attack i could find in the far cry 3 leak was to bias every other bit of the nonce. however, this attack has a very high collision probability with other signatures.
Far cry 3-keygen-first leak com
however, the attack presented in the far cry 3 leak is actually worse than this, as its weaker on average. in fact, if you read the paper, you will see that its possible to get a better attack if you bias every other bit! so, if the attacker doesnt know which bits are biased, they can bias every other bit. given that most people use a 16-byte nonce, the probability of a collision on 256-bit ecdsa is 1 in about 150,000.
essentially, ubisoft is using the leak as a way to draw attention to the game, and to try and further their own marketing efforts. the whole thing seems a little shady to us, but if the game is good, they're probably right. there are also some interesting details about the game, such as the fact that it's set on a tropical island in the future. the game has also been confirmed to use ecdsa, which is why it's such an interesting thing to see this leak. it highlights the fragility of ecdsa, and how even slight biases can be exploitable.
but this method was leaking signatures. turns out it was leaking the nonce from ecdsa. the reason was that the nonce was being stored in the signed signature. in the final version of the game, the nonce is moved to the signedmessage object, which has the isnoncestored flag set to false.