Well, I just find a way to save it.
Let's have a new SIGHASH type called SIGHASH_ANYUTXO. Signing with this tag means that the signer would allow the redemption of any UTXO of the same address. So the signer don't need to specify the hash of the UTXO. The signature is valid no matter how the txid is changed. As long as the signer is not reusing the address, that would be safe.
Any comment?
That's what I've been saying for ages... though it'll have to be implemented as a new CHECKSIG operator due to Satoshi screwing up upgrade possibilities in CHECKSIG. I'm not sure you can really blame Satoshi for this. Either OP_CHECKSIG is useless, or any changes to it mean a hardfork anyway. Consider an "upgrade" that your node is unaware of. Your node will see it as an invalid signature. You can either accept all invalid signatures (which makes it pointless to check), or you can be forced to upgrade your software to keep up (which is what a hard fork is). Contracts can be fixed with a softfork, bumping the block version to 3 and requiring that all signatures in version 3 blocks be in minimized form. |
|
|
|
|
Ask the user to generate and submit an address. Save it somewhere.
Later, when the user wishes to authenticate, generate a random cookie and present it to the user.
The user signs it using bitcoind signmessage <address> <cookie> and returns the result.
The device then verifies it using bitcoind verifymessage <address> <signature> <message>.
|
|
|
|
|
You are passing your keys as two arrays, each with one anonymous element. You need to combine them into a single array with two elements.
If you don't need the txin info:
signrawtransaction 'hex' '' '[key1,key2,...]'
|
|
|
|
|
You have extra stuff in your call. It should be:
signrawtransaction <hex> <tx array> <key array>
The arrays are used to fill in missing information needed to complete the signature, mostly for offline use.
If all of the transactions being redeemed by the transaction being signed are already in the block chain (as seen by the signing node), you can skip them. Otherwise, you need to provide them. If this is an offline (secret) transaction, you have them from when you created the secret transaction. If the transaction isn't secret, but the signing computer is offline, your gateway needs to look them up and you need to include them in your signing package.
Always keep in mind that the tx array is filled with information about the inputs to the current transaction, not about the current transaction itself.
|
|
|
|
When signing the transaction does the order matters? I mean, does the first key needs to be the first to sign?
Nope, the signing can be done in any order. |
|
|
|
|
The difficulty adjustment system has lag. This means that while the network is growing, the time between adjustments is compressed, and some fraction of that time is "lost". This moves the date of the final subsidized block forward. This cannot be calculated in advance, because it depends on when new hash power comes online
This is not a change to the system, just a recognition that the initial timeline was calculated from an idealized curve.
|
|
|
|
|
In case anyone is interested, the only connection that mtgox has to trading MtG cards is the domain name*. Someone had a (defunct?) card trading site and got interested in bitcoin, so they wrote an exchange and put it on the domain they happened to already own instead of registering a new one. It took off, and the exchange was sold, domain name and all.
Plenty of morons around here like to talk trash about it, but it should only take a few minutes thinking about how a bitcoin bid/ask engine would work, in contrast to how an engine for discrete auctions operates, to send you looking for ignore buttons.
Regarding the original question, the blockchain will not be particularly useful here. Most of the fun was happening in mempools across the network.
* Possibly some UI stuff too. I have no inside knowledge, but plenty of history is available here.
|
|
|
|
Having some experience in running a front-line customer service helpdesk, I know that a significant amount of time and therefore money can be wasted transmitting long strings of information over the phone (e.g. a 64-character hash string), or from handwriting which can be worse. Also since we already have a notion of a 32-byte transaction hash encoded as a 64-digit hex string, it could be very confusing for users who do not understand the difference.
I'm having a really, really hard time coming up with a situation where someone would ever need to transmit a ntxid over the phone. A transaction ID isn't data useful to the system, it is merely the name of some useful data. Since inputs are also referenced by txid, that particular name can also be useful if, for example, you ever find yourself in a bizarre situation where you need to create an offline transaction by phone. Such a situation is on the borderline of imagination though. A name that is purely a name is not useful for moving information around, but only for comparison and searching. For example, if you are searching your local node or some website for a transaction, the first few letters will suffice, and if they don't provide your desired result, the remainder of the letters aren't any help at all. These use cases are common and plentiful, and we can make them better without adding yet another entity to our pantheon of ad hoc identifiers and strings. |
|
|
|
Scripts do not have access to amounts and addresses, so currently this can be done. It can be simulated with multisig and a trusted party. Banks could offer this service if they wanted. Experimentation with this would be a good first step before deciding to extend the scripting system.
Is it easier, then, to create a one time use key? With a set of one time use keys, that had a time restriction, you could produce a set of 3650 keys for the next year (365 days x 10 keys per day). Each one of these keys could have a limit of say $30 worth of bitcoin, and only work on a given day. So you'd have 10 $30 keys that would work on January 1st, 2015, 10 more on January 2nd, 2015, etc. On another note, I don't like the idea of using a standard multi-sig and having a bank as a trusted party, because what if the bank decides to freeze you out? They don't get to spend your funds, but they can still stop you from spending it. With a master key and a bunch of companion keys, this wouldn't be an issue, because you could give out companion keys to many "trusted" third parties (who you may not trust too much), who are all independent of each other. So for example, you could set up the address so 1 master key and 1 companion key would unlock the funds, but 2 companion keys could not and hand out companion keys to a USA institution, one in Japan, a trusted relative, etc. You have some basic research to do. Bitcoin does not work at all like you think it does. Your questions are not answerable, and inventing your own terminology is not a winning strategy when you are asking for help. |
|
|
|
My outcome is the only possible one.
What is your outcome? I cannot find any your messages in this thread! He's just posting nonsense in random threads to bolster his post count. Probably planning to send a bunch of PM spam, or run some sort of scam. |
|
|
|
It's not a matter of belief, it's the limitation of their optics. They operate under presumptions set forth by authorities without question. Limiting ones measure to only profits demonstrates that only tools that measure profits are used and any other data is discarded. This is called observational bias.
When you use words like "goodness" and you define them as subjective, you have already dismissed any objectivity. Measuring phenomena is multidisciplinary. There is no need to rely solely on "subjective measurements." It is easy enough to measure objective qualities of goodness. Qualities such as pleasure, nutrition and health, productivity (in general terms), social connectedness, etc. could partially define goodness. I would not interpret goodness in any moral sense, but in the overall wellness of people that tend to be generalized as good. This way we can independently measure factors that discern perceived goodness from acceptable norms. I'm not talking about a "school of thought," but demonstrable quantities subject to falsification and used for making useful predictions. This is an oversimplified explanation, but that's what science is. A truth can be told easily, but it's explanation is almost never easy when it comes to epistemological terms.
Until there is a multidisciplinary correlation supporting the hypothesis that profit is a measure of goodness, it appears to be a fallacy. Fallacies are the bread of authorities. It is far too easy to falsify and support the opposite view that profit leads to pain, pain leads to suffering, and someone loses a hand.
Howabout the obvious one. Slavery.
We're talking about free markets and voluntary exchanges, slavery is not a voluntary exchange. How convenient to define the conversation to your arbitrary parameters. I am sure everyone in the world agrees with your worldview. Folks, this is what institutional insanity looks like. Just out of curiosity, which school do you teach at? |
|
|
|
You make a capital mistake here.
You assume that because an exchange was made voluntarily it means that the outcome is per se good for the exchangers.
What if, in your example, the bitcoin seller knows that the price will drop sharply in a few days?
Would that still be considered a 'good' deal by most people? It sure looked that way when the exchange was made.
If God is playing the market, there isn't much we can do about it. Or are you thinking of some other entity that knows the future? In reality, someone that thinks that something is overvalued (by taking into account their predictions of the future), they sell, and their very act of selling drives the market down. They are helping the market discover the correct price. If they are right, they are rewarded. If they are wrong, they are punished. Same goes for the buyer. If either of them is wrong, they lose their ability to influence the market in the future. This is, of course, ignoring fraud, coercion, etc. You have funny ideas about what prices are, and what markets do. You can probably blame your parents and teachers. It is hard for people to grasp that such important mechanisms in our daily lives just emerge without having been planned. |
|
|
|
It's not a matter of belief, it's the limitation of their optics. They operate under presumptions set forth by authorities without question. Limiting ones measure to only profits demonstrates that only tools that measure profits are used and any other data is discarded. This is called observational bias.
Do you have an example of an objective measurement of goodness that I (and everyone other human being from the beginning of time until today) missed? I have no doubt that you can come up with any number of subjective measurements that just by sheer coincidence happen to support your views. Any fool can do that, and plenty have. |
|
|
|
Because here in reality, what corporate raiders do is find companies that are inefficient and that can be broken up and the assets sold. Sold means that someone else is buying, which then strongly suggests that the buyers are able to make better use of those assets. Basically the opposite of waste.
Yeah, maybe i was exaggerating. That process can be a good purge. What i was talking about is more like hostile takeovers where one firm takes over a competitor just to rip it apart. Meanwhile, the efficiency you talk about is not directly related to the quality of the product or service the company delivers. Maximizing profits is more often than not the goal for these gutting operations. That is for the good of the shareholders, not for the good of people in general. See? This is why I usually just skip over this thread. Profit is the only objective measure of goodness that the world has. |
|
|
|
I'm not sure how somebody can waste resources without being connected to them?
Corporate raiding comes to mind... Anyway, there is so much wasting of resources and energy going on in various markets that i wouldn't know where to start... Just out of curiosity, what do you think that corporate raiders do exactly? Is it like the Monty Python skit where a bunch of accountants swoop in with cutlasses, kill everyone and burn the place to the ground? Because here in reality, what corporate raiders do is find companies that are inefficient and that can be broken up and the assets sold. Sold means that someone else is buying, which then strongly suggests that the buyers are able to make better use of those assets. Basically the opposite of waste. |
|
|
|
Nothing wrong there, though the chances are about as good as with vanitygen (maybe a bit faster, if you directly attack the key and don't have to compare addresses) so far.
It is significantly faster, because the algorithm needs O(sqrt(n)) (expected) operations where vanitygen needs O(n), however with the space size we're talking here sqrt makes practically no difference. Basically the efficiency of this algorithm is on par with other general-dlp-solving algorithms, of which none practically works on this kind of space. Ugh. No, brute force (vanitygen) is O(sqrt(n)) because EC (and, in general, everything that reduces to the discrete log problem) has a strength equal to half the key length. 256 bit EC provides 128 bits of security. sqrt(2 256)=2 128. |
|
|
|
This is a scam. This has been known to be a scam since post #125, nearly a week ago now. Why are you still talking about it?There is no statistical project. There are no rendezvous points. There is no algorithm. He isn't washing Pollard's jockstrap, much less trying to implement any actual math. His script generates keys from a tiny, tiny keyspace, and then his "cracker" searches that same tiny keyspace. Also, Ritual is almost certainly the same person as Evil-Knievel. Re-read the whole thread and watch out for posts from both accounts that appear to be in the other character's voice. Here's what's going on. Evil-Knievel has pre-computed a couple points on the secp256k1 curve. Specifically points where the exponent is of the form 2**N. (see 1,2) He then wrote a program, the "cracker", that can search the area around those points. If a Bitcoin key-pair lies close to one of those points, his program will find it. This isn't dangerous. It's improbable (~impossible) that any uniformly random Bitcoin key-pairs are weak to his pre-computed points. The secp256k1 keyspace is, for all practical purposes, infinitely large. It doesn't matter if Evil-Knievel had a gabillion-gajillion pre-computed points and all the computing power in the universe. His approach still wouldn't crack a normal Bitcoin key-pair. To me, having just read Evil-Knievel's thread, it sounds like he's insinuating that there is danger here. He's insinuating that a uniformly random Bitcoin key-pair has a reasonable chance of being tractably close to one of his pre-computed points. There is no reasonable chance of this, and his claims are ridiculous. The thread should be closed as a scam, because he's asking for money on misleading premises. If he has nothing to hide, why was his HTML generator obfuscated? I'll help and de-obfuscate the generator for everyone. Here's the algorithm: Pick a random N, [128, 255].
Pick a random M, [1, 20000000].
Spit out 2**N - M as a private key.
See the problem? He just needs to take a generated public key, add G to it ~20,000,000 until it matches one of the 128 pre-computed keys (which are of the form 2**N), and BAM the private key is "cracked". This doesn't make Bitcoin weak. It never will. It's a rainbow table attack. But mankind will never have enough computational and storage power to make rainbow tables work against secp256k1. As for the bitprobing.com "project". That's a load of bollocks. If you don't believe what the experts have to say about ECDSA, that's fine. But go learn group theory and number theory first, before asking the public to help run unsubstantiated "experiments." I know these forums are intentionally soft-modded, and appreciate that to an extent. But it's times like these I wish the forums were more aggressively moderated so that Evil-Knievel could just be banned for misleading and scamming people. (1) Actually, he fscked this up. He interpretes the decimal result of 2**N as hexadecimal. (2) 2**128 is 340282366920938463463374607431768211456. Interpret that as a hexadecimal private key and you get a public key of 04864f29af3191e135f5c78499271961f2313110fb2a296bf072733475529da1fb4d5cef64d1212 a946775bfb2db5319fb618089ae8806d618f44d68d3bdb18650. The least significant 32-bits of the X coordinate is 0x529da1fb. That matches one of the constant in his script. I assume the rest match similarly.
|
|
|
|
I'm not on a mac, but try these anyway. This is a minimal, but functional, PHP script that can be called from walletnotify: !/bin/php
<?php
if(2==$argc){
$fp=fopen("/tmp/notify_wallet","a");
$out=date("Ymd His")." - ".$argv[1]."\n";
fwrite($fp,$out);
}
?>
And two tested and working walletnotify lines: walletnotify=/usr/local/bin/walletnotify.php %s
walletnotify=/bin/php /usr/local/bin/walletnotify.php %s
Note that there are no quotes in either line. For the first option, the php file must be executable, and the path to your php binary must be set in the first line. In the second option, you need to set your php path correctly in the walletnotify line. Try these two first. If you can get one of them working, you have a working baseline for making your own changes. If you can't get it working, let me know and we'll figure it out. Is ? a valid means of passing arguments to PHP on the command line? I've never tried it. I always use argc/argv, but my quick google search suggests that you can also use CGI style arguments:
/path/to/php /path/to/script.php trxhash=%s
and trxhash will be populated in $_GET, etc.
The following works with ? as a means of passing arguments to PHP: walletnotify=curl http://localhost:8888/script.php/?trxhash=%scurl is talking to your webserver, so HTTP syntax rules applies there (but not here, unless you want to run it that way). How do I use argc/argv?
See above. Basically, argc is the number of arguments on the command line, including the name of the script. argv is an array of the command line elements, starting with argv[0] set to the name of the script. I tried the following by entering it in my Mac terminal and it works:
/usr/bin/php /path/to/script.php
I tried the following by entering them in my Mac terminal, but they do not work:
/usr/bin/php /path/to/script.php/?wallethash=testing
You have no file named "/path/to/script.php/?wallethash=testing" on your system. ?, = and even / are perfectly valid characters to have in a filename. (really!) The above returns this error:
Could not open input file: /usr/bin/php /path/to/script.php/?wallethash=testing
/usr/bin/php /path/to/script.php?wallethash=testing
The above returns this error:
Could not open input file: /usr/bin/php /path/to/script.php?wallethash=testing
Ditto. I put in the following into my PHP program:
print_r($_GET['blockhash']);
print_r($_SERVER['QUERY_STRING']);
I tried the following in my Mac terminal:
/usr/bin/php /path/to/script.php wallethash=testing
The above returns this error:
PHP Notice: Undefined index: wallethash in /path/to/script.php on line 17
PHP Notice: Undefined index: QUERY_STRING in /path/to/script.php on line 18
I welcome any other suggestions.
Double check your names. You seem to be switching between wallethash and blockhash. Also, try print_r($_GET); |
|
|
|
|
Start by blocking traffic to well known sensor nodes.
No, even better, start by checking blockchain.info for your node's IP, and then check it for your transactions. Odds are good that your IP has relayed tons of transactions that are not yours, and that tons of your transactions were first seen through other nodes.
Once you've got a decent idea of the reliability of the data being collected, decide if you still care enough to try hiding. If you still do, then block connections to the sensor nodes.
|
|
|
|
|
Show Posts
