Why would the NSA ever release a 'secure' algorithm? It's like shooting yourself in the foot, it would make their job so much harder. They would only ever release something that they could control. It's just the way the world works.
Because you can never definitively prove a cryptographic system is secure. The only way to "know" a cipher is secure is to make it publicly available and let the best in the world take a crack at it. It is very easy to write a cryptographic system that you yourself can't break but that is next to useless. Secret cryptography usually is weak cryptography. History is littered with examples of failed "strong" systems. One classic one is WEP which is so unbelievably broken it is hard to believe cryptographers came up with it. Security through obscurity doesn't work. Had the specs for WEP been made publicly available in the design phase people would have found the flaws in a matter of weeks and saved everyone a ton of problems down the road. For every good cipher there are dozens and dozens of flawed ones. No matter how smart a single developer is the combined intellect of the planet is better, that is the entire rationale for open source. The NSA is not only responsible for finding the secrets of others they are responsible for ensuring others don't find the secrets of the United States. The US government uses SHA-2 in secure cryptographic systems including SIPERNet. I know this from personal experience. Hmmm, you are sounding more and more like a spook or ex-spook ... doth protest too much? |
|
|
|
Are you really that naive?
Do you underestimate the brightest minds in the world? Do you believe that the minds in the NSA are somehow brighter than those outside of it? It is not who is brighter or has the most talent ... it is about an asymmetry of knowledge (as it has always been, the designer of the lock is the guy who knows where it is vulnerable.) NSA designed the SHA256 algorithm, you don't think they had an eye on what their hardware is capable of whilst doing so? |
|
|
|
Why can't you just tell us what the big picture is you that are seeing?  |
|
|
|
The algorithm is open ... however it was produced by a politically motivated rogue government branch that seems to harbouring a cynical bunch of criminal bastards ... do your own due diligence, if you don't have to deal with them why bother? Compare that to the EC RNG which was recommended by the NSA. A single cryptographer found the flaw in the span of a few months despite it being rather than rare algorithm with no widespread usage. However the entire world community can't find a backdoor/flaw in an one of the most widely used hashing algorithms in the world?
Edit: oops, forgot to point out that the NSA algos flaws/backdoors will be tailored towards cracking by hardware capabilities that they , and maybe only them, possess. So saying it is secure because no-one else has found a flaw is redundant since no-one else knows or can replicate what they are capable of in terms of mining the exploit ... |
|
|
|
I opened business checking accounts with a couple major banks just to use exclusively for bitcoin buying/selling because of the volume of transactions. I'm hoping I won't run into any problems. The account I got a call about has not been used for any third-party bitcoin sales. I've just been depositing dollars into it and buying bitcoins via Coinbase. They seemed to be satisfied when I told them it was personal use and not a business, but I was surprised that they are watching Coinbase so closely. "They" are not watching anything ... their systems that are running 24/7 are watching everything, all "they" need to do is ask the systems the right questions. |
|
|
|
It seems likely at this point, but there's no proof that they have.
I would say it seems unlikely at this point however you can never prove a flaw (intentional or otherwise) doesn't exist. They intentionally produce shit cryptography and go to great lengths to deceive (social attacks) ... why trust them in any regard, least of all in an "open science" forum format when there is no requirement to? It should be quite clear now to dump any crypto that the NSA has come anywhere near, and trust no-one that has had anything to do with them. That maybe a massive undertaking given how ubiquitous their grasping tentacles have become but it is the only right thing to do, probably safest also. |
|
|
|
Indeed. So, Edward Snowden already knew how effective NSA are at code-breaking and how pervasive their surveillance is, and yet he still managed to use e.snowden@lavabit.com to e-mail Glenn Greenwald for a Hong Kong meet, catch a plane to Hong Kong (the story goes that he only had a passport in his own name), and only once it was on every hourly newsreel did they start to try and apprehend him? You'd think that a highly paid contractor with high levels of access and clearance would have been getting watched as a matter of routine. Reality does not fit the story properly. I can assure you folks aren't monitored quite like you'd imagine, not everyone at least. Lots of discussion about broken crypto on here, some really good stuff with legitimacy too. Some of it is a little off the mark but close. Best advice I will give, which is what I've been taught and live by: Presume none of your encryption matters, with regard to what you store and transmit. What do you know that the rest of us don't? ... and after all your hidden wisdoms all you can come up with is, "don't expect privacy in your communications" ... huh, that's it? NSA has done to crypto-science the identical to what some weak minds and ethically challenged have done to climate science ... subverted it for political motivations. In the final analysis, the massive databases they are generating have zero difference to the system of dossiers that Stasi built up ... they manage to delude themselves it is because they have 'protections' about when the dossiers are allowed to be pulled. The problem is not when/who gets to pull the dossier on whomever, it is the fact that they even exist in the first place. Until the databases are destroyed or corrupted beyond usefulness we are living in a Stasi state ... |
|
|
|
I would trust Free Software / Open Source code written by the NSA or some other government agency long before trusting any propriety software particularly that written by Microsoft or Apple.
Ironically there is a far greater chance of an NSA backdoor in propriety software from Microsoft or Apple than in SE Linux or Security Enhancements for Android.
The latest revelations makes either choice unwise. The NSA cannot be trusted to be acting in good faith in ANYTHING it produces. Mathematicians/engineers who have done this kind of subterfuge should be deeply ashamed with themselves, producing error-ridden material and/or knowingly broken mathematics as your "best effort contribution to human progress" is about as low as you can go on the scientific ethics scale. |
|
|
|
This is like Goldman Sachs recommending stocks to their clients they know they are going to be selling short ... Basically any NSA recommendations have lost ALL credibility, and they are not going to get it back any time soon, if ever. They have not been dealing in good faith and ALL trust in any of their algos, methods, hardware, math, keys, certificates, etc ... everything NSA (inlc. google and other compromised commercial proxies) are now suspect. They should now be considered the the national INsecurity Agency. |
|
|
|
OP has serious problem with perspectives ... between "bitcoin will never extend more" ... "bitcoin replaces fiat" is a gulf of usage wider than the Pacific ocean. You seem to have little to zero concept of the sheer magnitude of fiat balances that are sloshing around the globe in databases looking for yield since central banks money began printing for the last 30 years. Think in the order of tens of trillions ... current bitcoin issued valued represents in range of ~ 0.01% of total fiat issued, then think of gold, silver, property and other liquid assets that monetised far beyond their yield by the fiat money bubbles. If bitcoin replaces even a small fraction of fiat used in commerce it will be a success (and probably valued in the thousands of US$ at that point).  http://www.runtogold.com/2013/07/bitcoinlandia-where-mythical-investment-grand-slams-are-reality/ |
|
|
|
Isn't the payment-protocol-enabled-bitcoin compatible with non-payment-protocol-enabled-bitcoin? I was never that worried about the payment protocol because (besides thinking that it was a good thing) it seems to not interfere with any of the core bitcoin functionality. You can still just send to bitcoin addresses and pretend the payment protocol doesn't exist, right? Yup, exactly. I suppose the concern is that it opens the door for legislators to rule that only payment-protocol payments are legal .... |
|
|
|
It feels like there never will be one individual "Bitcoin country", the propagation so far has been thin and disparate. The imbalance of having an economy (especially a small national economy) that all but forces all foreign inflows and outflows to convert into and out of BTC should act as a natural barrier to it. What I'd expect is the low-level prevalence to gently climb amongst many economies and "common business pathways", until BTC use and inter-use get to some significant minority status within these numerous nations. Then, it's make or break (before that stage happens, transaction rate scaling problems must be solved + economic crisis must be kicked further into the rough)
Right now, the Bitcoin safe haven is confined to bedrooms, basements, apartments and datacenters across the whole world. Better than a nation state IMO.
I think we should form a virtual state. I think we might already be doing it  These are actually really important ideas. I'm not sure if you have read Stephenson's "SnowCrash" but there is a theme running through it whereby virtual nations are formed around common virtual currencies, kind of like rewards point or etc issued by multi-nationals and other groups. So imagine if many local bitcoin groups formed their own bitcoin-friendly trading areas (e.g. Kreuzberg), gated communities, villages or similar all over the world. Then when any bitcoin user is travelling they can stay at the local bitcoin village and use his/her bitcoins there. These 'enclaves' form something of separate micro-economy in each of the countries they reside but are all connected by the common currency globally. Like a global 'virtual' state that exists inside every nation state they are allowed to ... |
|
|
|
It may be worth pointing out to you that a prudent person doesn't try doing this: What happens if you find a key with 1000 BTC and can't determine the owner? Your choice will be to rob them yourself or to leave it be and hope they move the coin before someone else robs them. If you don't want to potentially be in that situation you shouldn't be attempting to crack other people's ignorantly produced keys.
You probably have a duty to move the bitcoins somewhere safer for them before someone nefarious does and to serve as a warning to others  It is kind of like finding a stash of cash poorly hidden under a rock in a public park ... and then you could maybe donate them to a charity of your choice? Or if you can't find the owner you could use a finders keepers ethical reasoning to disburse them as you see fit .... |
|
|
|
|
Yeah, you seem pretty lost. The technology is not going to do what you want ... sorry. There was time when ISPs and banks weren't required to keep records (I don't think you would remember it), the world was definitely a better place then. These are requirements that were brought in by the police state surveillance grid that you recognise as malignant, but not their methods ....
|
|
|
|
thnx ... i guess i'll go with the foo version for now. |
|
|
|
I just downloaded 2 different SHASUMS.asc within an hour from from sourceforge ... what's going on? -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
03aba838418b302bf6b5f6b0803856d3ede449ad bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087 bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
iQIcBAEBAgAGBQJSJoDzAAoJECnZ7msfxzDBC8gQAINV3lBWrfH6GvFWj5f0SiBB
LWS4w6B7zc3VrzA2a+hNPDqlHjIMw270Vpsybd1m/6Hgx+SGaknPTAT6LKk9BPfW
7FwHqZqvrMQBSQbCM7ZJ052ldQiW/VKaVt0+7JwdDBTVy9Sa+80WLana8spTRkHC
L+fm7hqSIgF79PEso0FXr6lFjWLgg+xjrRwCEKD8YBuvs2PfeHCpZGLoD33UtKrt
C6txXW4WemP32f/d2gtVxO5EQtYo7u9oDPWU9FUpeMPSjOo6dcT0Tk/VfMttcZMQ
YlxiO/NpGRKdrbJbKjKZm+DKzNhpn8584QVQgkJc4xTev2J0pUEGVmiJWIVi2exC
mkyBFaqoKo68esfmIg5CFKSpuEf7ARnYLd3hjH/trBAb02btUPo/2v+T5O2MYO0v
CD4RU2VgBWCRGhxjwasHkYTESM1uEBaBFwZ/kTm7gcAZ8lnZx9SouDD/q7bj7u97
Mh9ahxWpvsv9lmGC/9rsoLwcV5QpWlyFFrwTrLqfu2HSDp26VdWFqbnSuM2pFGKN
IeUS6GP0dcfHEVffHIXTbfBEmxl/06claCoi+JG1g129ispay378xAWYBfSA7Mwj
ENoM3AK2xRKI1nieU0IDUCfxkwGxtEXA5bF4mqX3C0nQmPP+JM6u1CJV+gC/k0yM
7A9UZuGJux4QKHIFE6Cp
=l9+4
-----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
a86003bca1461e8d68c36fee75230899640d3613 bitcoin-0.8.4-linux.tar.gz
55e9dc295ad1264816ad65ff2e1853878984d6bd bitcoin-0.8.4-macosx.dmg
81b3199fc23bb5534caa498b9357abb741b5624c bitcoin-0.8.4-win32-setup.exe
8da931a960c65ce3ca9ad9bd02ab236fef960087 bitcoin-0.8.4-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
iQIcBAEBAgAGBQJSJq8rAAoJECnZ7msfxzDBJ4MQAM6eVKnb2hr/jIe3wFGmTzGL
lZtEVoxKI/pjErPl7iW2w4PHVv9tvML/+U0DmYcCKCpm2ufJxw1OQ04PwRGGOiE+
7dFwAchjZNlvt1EvHjDZ/sbWb8kXwV3qY6keXP++YUAP52GTaDUi4yN294YJr5fM
JFkyWYrn/OY9iR9sEBiuRNRrgtYM7tlB4i5ngizl6QBMvIvjOPTrp9DNpgASCn0Z
/QpMCf1s4z4EUDme06IxC1J1CxMXCuqY/oiKkxZIkwzZBXh0DClDuGVVSPbz9cjP
XitxKp1ix+agHcrNuD0j1zwhYaBWRXaCiR1fYtW4aFBarWjGoYvRzumxixW1dBkY
jhjFbNHnb3Dk4qfugBpnK7HbFNyV8apeD9U8Wx4dl60KhVyjeIaPdXUpHCTJFdAF
uiFWnx7QM9PdkxNwBpPvIiDUbZKw0e6E6aWVcRBj37JBWe835FSGkzabV9FWYkKG
vTAvGQnDBWJmTBOv40Mo4bjBwABrpyefFPOwlakcUnCKh7SEmIYLPt8sJJON/otM
y5f38AsDGVlB52/Q5elvqvGYNA17+nuz+LiHporkl7Io8+kOqfepU992tActMPsk
JSgcghDX22PZjRHpelZwL26NHN6nW4ZtFH/PsDyn18RcrI3+lHD9WzASfVNHZaVW
eoiJfwxUDNmPS3r6XlKQ
=+eE4
-----END PGP SIGNATURE----- Both signatures verify to gavin's key ... |
|
|
|
Luckybit: The solution I offer is to make detailed record keeping easy and simple. You're not offering any solutions at all as far as I can tell you're just blathering about philosophy of design, like too many of us here no doubt ..... at some point it comes down to "code it or it didn't happen". Also your approach of trying to dream up and cover every possible use case is futile. In the end, the coders get to decide what gets experimented with and the market gets to decide what gets adopted. My position is that strongly anonymous money is economically superior so the market will prefer to use it. I've seen zero evidence or research from the advocates for traceable (stasi) money that this is not the case. Ask yourself if you really want to know what that $100 bill in your wallet was used for before you owned it? Would you throw it away if you knew it had once been used to buy cocaine or pay for a hooker or a child slave? Money is money, an economic good, try not to confuse it with other technologies which it is not. |
|
|
|
|
juan is here pushing his compliance racket barrow incessantly now ...
... these posts are really not much better than those Ponzi ads pirate@40 was running in the "Projects" section, the racket is less transparent and definitely more sophisticated though I suppose.
|
|
|
|
|
1. Love one another.
2. Bitcoin Protocol
(not necessarily in that order).
|
|
|
|
stick 'em through a mixer
Basically, you are suggesting we use laundering services to avoid getting in trouble with the AML authority. The only way forward is to work with the government by educating them, turning influential individuals into Bitcoin stakeholders, and avoiding suggestions like the one above. It is perfectly clear that current FinCEN interpretations are anywhere from misguided to idiotic, but it is also perfectly clear that the bigger Bitoin grows, the less under the radar it remains. Regulation is here to stay, and we as stakeholders need to do all we can to ensure the rules are acceptable for those who generally follow rules. Even if you don't follow rules, this is still in your best interest. +1 And if you don't thing the US has reach beyond its boards, read this. http://www.nytimes.com/2013/09/01/business/in-treasurys-war-missiles-for-a-financial-battlefield.html?ref=books&_r=1&... and then move to a place where Libertarians are not scorned and Freedom is not a dirty word. |
|
|
|
|
Show Posts
