Even proper reuse of ECDSA private key makes it less secure. Satoshi did very good work protecting Bitcoin from possible future advances in cryptography - new addresses are created whenever it is appropriate, before first (and, ideally, the last) use public key is secret, only hash of it (address) is exposed to the public. But Satoshi did not forbid intentional address reuse, thus making key reuse possible. Of course - I fully agree with you and thanks for pointing it out. But still, reusing addresses is one of the core features of Bitcoin - otherwise our life would be so much more complicated. Bitcoin would have probably never got adopted, in the fist place, if one could not reuse an address. Moreover, if this is so crucial for security, deterministic wallets do not seem to be a right way to go forward, do they?
|
|
|
If one has a screwed up RNG, not reusing addresses does not make him anyhow safer, if the same generator is used to make new private keys.
|
|
|
Yeah. The thesis that reusing an address is not "using Bitcoin correctly", is kind of weird, to say the least. Especially said as a solution for a guy who plays SatoshiDice...
|
|
|
the reuse of the same k value allows anyone to be able to recover the private key.
It appears that this is what may be happening.
It appears that the bug occurs in both the blockchain.info android wallet and the Andreas Schildbach Android Wallet so I suspect a bug in a crypto library or an implementation detail shared by both applications. Ouch... Thanks for the info - I spent the whole morning triple checking if my wallet would not make a similar mistake, by a chance. Seems that I'm fine, but you got me scared, sir
|
|
|
This seems risky located on TOR and all.
Maybe that's why it's in the Gambling section. This service is definitely useful and the business model seems solid, so they can have a nice steady profit, if it kicks in - unfortunately that is the only thing we have to relay on, as a trust measure. I'm careful myself, but I just love this idea and could not resist... Anyway, so far so good - that's all we know.
|
|
|
AFAIK the only place where the time matters is when accepting a new block - it's time stamp must be not father in the future than now +2 hours. So the precision is not so important. In fact I believe if there was no network time concept (every node would just use its own time), bitcoin would have worked equally well.
|
|
|
So if someone gives me an extended public key, I can generate public keys to addresses that the other person can unlock (by generating the appropriate private key on their side). Is this correct?
Not quite. You need to give him your public key and the secret. From these two, one can "guess" further private keys. The bolded part is incorrect. It might be a typo. You can never derive private keys from public keys. If you could do that it would shake the very foundation of bitcoin and public key cryptography. piotr_n must have meant public key. Yeah, sorry guys - I indeed meant public keys. Thanks for correcting
|
|
|
There is a huge difference between "weakness" and "broken". In general: weakness does not mean shit - at least in this specific case. Even if it is weak - very very weak, you still need to calc it, which still takes you some time that is bigger than 0, which is the only point that matters.
|
|
|
max tx size is 100kb, not 10000 - and why would any sane person need more? even 4kb seems too much. there are no economically justified reasons to complicate the protocol allowing a 100GB transactions or a TB blocks. why would anyone even whant that?
there is no hard max tx size. The 100kb is just a soft limit like the 5430 satoshi policy so what? it works like it does - if you would like to improve something, I guess there are better ways than just complaining about arbitrary numbers
|
|
|
in general, before you can confirm, mine a tx in deep enough, it is equally valid as is orphaned copy - that's the only risk,
|
|
|
I guess there are plenty of ideas to do such kind of things Good lucku with your project
|
|
|
(except the fact that it's a double spending attempt)
so what is the problem? it doesnt work, or what?
|
|
|
max tx size is 100kb, not 10000 - and why would any sane person need more? even 4kb seems too much. there are no economically justified reasons to complicate the protocol allowing a 100GB transactions or a TB blocks. why would anyone even whant that?
|
|
|
There is no known input Transaction details (for your information): 1 Input(s): 0 6890e56c36b48811cbb38cb21d67a984c147cdd08aaf57443e3ce9fc0d03ff0f-000 - UNKNOWN INPUT 1 Output(s): 0.00090000 BTC to 14itww7qbQNVYdsEnjovLDT7ZjWL5PRRj2 WARNING: There are missing inputs and we cannot calc input BTC amount.
|
|
|
so that is why the secret (being part of the extended public key) is basically reveling all your further desposit addresses, for a given branch (customer).
unless you can keep it secret. but assuming that the first reason for anyone would be to use it for non secured environments, keeping it secret seems kind of a problem
|
|
|
So if someone gives me an extended public key, I can generate public keys to addresses that the other person can unlock (by generating the appropriate private key on their side). Is this correct?
Not quite. You need to give him your public key and the secret. From these two, one can "guess" further private keys. (EDIT: public) But you should also know that this might be dangerous for your privacy. It you make your "public key + the secret", anywhere, anyone can find out that all the further addresses determined from it belong to you.
|
|
|
Mining is the voting - everyone knows that. That's why the miner ostracism was suggested. To give bitcoin users some leverage on miners, to let them affect the future of bitcoin. Currently the only leverage available for bitcoin users is rambling on forums Not really. Currently the only leverage available for bitcoin users is buying a mining hardware - which has been all along the key design idea behind bitcoin's security, and thus it's value.
|
|
|
I guess you forgot the actual magic number: {0xF9,0xBE,0xB4,0xD9}
You ask why such numbers were chosen here and there - valid questions. But take your car, for example. Get it to the guy who engineered it and start asking him why he chose this screw to have such a shape, why the wheels are in such a size, or why such a type of brakes, not like they have in that other car...? I guess you could think of thousands of question to annoy a guy who once engineered your car. But you don't really want to do it, do you? Because it servers no purpose.
|
|
|
|