 Show Posts
|
|
Pages: [1] 2 »
|
Sorry, was just out for the weekend. I was actually at Kim Dotcom's mansion for the Internet Party picnic, it was an amazing weekend. Interestingly the first person I spoke to at the event use to be a developer at MtGox. Thanks for that, but I will probably put up a repository later this week and I will give you commit access.  just thought it would look good to have something like this on my CV. Awesome - cheers for that. I have already noted down the issue with returning a compressed key everytime, it's on my mental todo list. Nunit is awesome, my personal preference of a testing framework, what mocking framework do you usually use? I'm quite a fan of Telerik's JustMock. Yeah, my extensions class is a complete mess at the moment. What's your opinion on extension for strings like HexToBigInteger, HexToBytes and for byte[] ToBigIntegerUnsigned etc? I wasn't sure if those are better kept as static methods or extension methods. Also, your point about adding in a keypair class. I wasn't too sure about this, I know that the likes of Bitcoinj use this approach. But I was considering maybe separating things out a bit more, having classes like: PrivateKey - then PrivateKey would have a property called PublicKey PublicKey - then PublicKey will have a property called PubKeyHash PubKeyHash - which is essentially the bitcoin address which can be representing with different encoding methods. I haven't put much thought into the Address class. But I was thinking about maybe making the Address class abstract and having classes like PubKeyHashAddress and ScriptHashAddress inheriting from Address. What are your thoughts? |
|
|
|
|
Cool, let me know if you have questions.
That would be a great help, it can be quite hard squeezing in time to work on projects like these! I'll flick you a pm once it's on github.
|
|
|
|
I have been in the process of implementing ECDSA using Secp256k1 in C# the last few days. I haven't done much testing yet (still need to write some automated tests!), nor have I had the code reviewed by anyone, so I would strongly advice against using this in production code. Once I have refactored and tidied up a lot of my code, I plan on creating a github repository for it. I would also still like to make this code more separated with different layers of abstraction to allow for better code testability. PerformanceI haven't done much testing in the way of performance, but I have measured it to be about twice the speed of BouncyCastle.NET on a single thread for EC Multiplication and ECDSA Signing/Verifing. When using multithreading it was an even more significant performance increase in comparison to BouncyCastle.NET (I haven't the figures on me sorry). A lot of the performance is based on how fast the BigInteger class is. I have been using System.Numerics.BigInteger which is a lot slower than the likes of gmp. One thing to also keep in mind is that unlike BouncyCastle.NET's BigInteger, System.Numerics.BigInteger is Little Endian. IncludesECdsaSigner (signing/verification/recovery) ECELGamal (public/private key encryption - well key generation) ECEncryption (this is my non standard implementation of encryption with a public key, decryption with a private key. Using AES as the asymmetric cipher and ElGamal as the key generation) ECPoint (does all your ECPoint math) Downloadhttps://mega.co.nz/#!Ao1H1IYJ!JgCnLuWhMy0MYrldjV5A4H7pg9seICnJZYIj30Y-eXM I have also implemented BIP32 (Hierarchical Deterministic Wallets) in a separate project (this uses BouncyCastle), so let me know if you are also in need of that. If you're feeling a bit generous: 15Xi4QCp9wwbXhCniDB2DkgzLjSw49g619 |
|
|
|
|
No, that isn't necessary. If we were updating the DOM constantly then yes maybe 0 might make it crash. But mine doesn't update the DOM constantly. I've been running mine for 75685 combinations so far and it's still going smoothly.
For performance I also compare the PubKeyHash instead of the actual bitcoin address (won't make a hell of a lot of difference, but every little bit helps).
EDIT: Alright - thanks for the tip!
|
|
|
|
Sorry, this should fix the issue - http://privatepaste.com/42e170b0cbPlease note when I recoded it I made sure to make sure it performs fast. As you'll notice with large combinations (like 10,000,000 mine will perform around 5 times faster than moderate's solution on chrome on my computer). I tested it and it should take 41.67 hours to solve 8,000,000 combinations (on my computer). |
|
|
|
Hi Tubby, Your progress alert is working how I'd expect, however your code doesn't seem to be actually checking each address against the target. Once the target address is found, it should stop processing and show what phrase generated that address. I tried your code with the following phrase: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuv The real bitaddress.org says the address for that is 1KVGuANp3HyH4m6xQYhUV9EWhq6tUVypAG So, in your html, I input: a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u abcdefghijklmnopqrstuvwxyz 1KVGuANp3HyH4m6xQYhUV9EWhq6tUVypAG There are 26 combinations in the above, but your code tries all 26 of them with no 'success', whereas it should have found success on the 23rd 22nd attempt. My originally supplied code in the OP does properly check the target address and stop processing at that point, so this is functionality that you have broken or removed in your version. If you can put that functionality back in, the bounty would be yours. Thanks very much. Isn't this the unexpected result? Shouldn't it just check: abcdefghijklmnopqrstua abcdefghijklmnopqrstub abcdefghijklmnopqrstuc ,,, abcdefghijklmnopqrstuz so it will never check abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuv? |
|
|
|
Hi Cyberdyne I have made it so that it shows the progress - http://privatepaste.com/683603b43bThe core of this code is: // we want to find the passcode for this bitcoin address
var target = document.getElementById("targetaddress").value.toString().replace(/^\s+|\s+$/g, "");
//var target = "1Eq8Ucu2ugn4owQZ8RUybrA3Cm2Bo7Zzac";
// passphrase search data
var inputElements = document.getElementsByTagName("input");
var searchData = [];
for(var i = 0; i < inputElements.length; i++) {
if (inputElements[i].getAttribute("data-role") == "passPhraseChar") {
var value = inputElements[i].value.toString().replace(/^\s+|\s+$/g, "");
if (value != "") {
searchData.push(value);
}
}
}
//var searchData = ["a", "pP", "pP", "l", "e"];
// we will use a pubKeyHash for comparing when generating an address (this saves the step of base58 encoding when generating an address)
// decode address to base58 and extract just the pubKeyHash (so remove the first number and checksum at the end of the address)
var targetPubKeyHash = Bitcoin.Base58.decode(target);
targetPubKeyHash = targetPubKeyHash.splice(1, targetPubKeyHash.length - 5);
// calculate total combinations
var totalCombinations = 0;
var totalIterations = 0;
var divisors = new Array();
divisors[0] = 1;
for(var i = 0; i < searchData.length; i++) {
if (i === 0) {
totalCombinations = searchData[i].length;
totalIterations = totalCombinations;
} else {
totalCombinations = totalCombinations * searchData[i].length;
totalIterations += totalCombinations;
}
divisors[i + 1] = totalCombinations;
}
var amountOfTimesToUpdate = 1000;
var updateIncrements = totalCombinations / amountOfTimesToUpdate;
var nextUpdate = updateIncrements;
var i = 0;
(function asyncBitcoinAddressCheck() {
var checkphrase = "";
for(var n = 0; n < searchData.length; n++) {
var index = Math.floor(i / divisors[n]) % searchData[n].length;
checkphrase += searchData[n][index];
}
var bytes = Crypto.SHA256(checkphrase, { asBytes: true });
var btcKey = new Bitcoin.ECKey(bytes);
var pubKeyHash = btcKey.getPubKeyHash();
var found = true;
for(var j = 0; j < pubKeyHash.length; j++) {
if (pubKeyHash[j] != targetPubKeyHash[j]) {
found = false;
}
}
if (found) {
var privWif = btcKey.getBitcoinWalletImportFormat();
var bitcoinAddress = btcKey.getBitcoinAddress();
document.getElementById("brainbtcaddress").innerHTML = bitcoinAddress;
document.getElementById("brainbtcprivwif").innerHTML = privWif;
ninja.qrCode.showQrCode({
"brainqrcodepublic": bitcoinAddress,
"brainqrcodeprivate": privWif
});
document.getElementById("brainkeyarea").style.visibility = "visible";
alert("Password is " + checkphrase);
return;
}
if (i < totalCombinations) {
i++;
if (i > nextUpdate) {
nextUpdate += updateIncrements;
document.getElementById("bulktextarea2").value = "Checking combination " + (i + 1) + " out of " + totalCombinations + " (" + (Math.round( i / totalCombinations * 1000 ) / 10) + "%)";
setTimeout(asyncBitcoinAddressCheck, 0);
} else {
asyncBitcoinAddressCheck();
}
}
})();
document.getElementById("bulktextarea2").value = "Checking combination " + totalCombinations + " out of " + totalCombinations + " (100%)"; Regards Schalk |
|
|
|
http://pastebin.com/P2ghHZrg# full solution Please tip 18xavJxp7Wxs3vjQvLAsfpTyt9RDBin4RB if you are satisfied with the solution EDIT: Sorry just read your previous post about it needing to have the ability to do 16million combinations. I'm unsure if my solution is capable of that. I think you'd be better off with a desktop application solution as opposed to a javascript one if you're planning on generating upto 16 million bitcoin addresses.
|
|
|
|
|
Can you please leave this bounty for me. I'm closish to having a solution.
|
|
|
|
Here is some code that will allow you too check using recursion:
function test(target, current, characters, index)
{
if (index == characters.length)
{
if (current == target)
{
console.log("found");
}
return;
}
var currentLetters = characters[index];
for(var i = 0; i < currentLetters.length; i++)
{
test(target, current + currentLetters[i], characters, index + 1);
}
}
// get pass character elements
var characters = [];
var index = 1;
while ($("input[type=text][tabindex='" + index + "']") !== null) {
var value = $("input[type=text][tabindex='" + index + "']").value.toString().replace(/^\s+|\s+$/g, "");
if (value != "") {
characters.push(value);
}
index++;
}
console.log(characters);
var target = document.getElementById("targetaddress").value.toString().replace(/^\s+|\s+$/g, "");
var current = "";
console.log(target);
test(target, current, characters, 0);
|
|
|
|
|
I think the main issue is that you are using iteration instead of recursion. If I have time I'll post up a sample that'll help you fix it.
|
|
|
|
|
I am looking to purchase 0.006 bitcoins urgently. Will pay $5 via credit card and will go first. I can purchase a license or something if that works.
Bitcoin Address is 16cHxX6Kfyk6t7X5uavn7ogX6yBAgoK42f
EDIT: Nevermind, already got the bitcoins.
|
|
|
|
|
So if we lose the auction, we lose our bitcoins. What stops you from participating in the auction to ensure you always win, or at least so you sometimes prevent other people from winning?
|
|
|
|
In what world of business is taking the path of least resistance being lazy? Making informed decisions that will help minimize the foreceable issues in a project is quite "good" business sense. Selecting tools and services that are well tested and well maintained by the very same community that you are targeting falls into that category. I didn't mention RoR simply because I don't have any experience with it good or bad. I'm sure there are others that can make a valid case for its usage with Bitcoins.
Not to say that he couldn't, but WHY would Piuk would write his own bitcoin deamon in RoR, when the C++ and Java versions are so fully developed. Does that even make sense to you? Are you suggesting that the OP take a similar route with .NET?
Oh yes I do agree about not rewriting the whole bitcoin deamon in C# when making a website. When needing to use a bitcoin deamon, it make a lot of sense to use a C++ or Java version instead, or even to use the hosted blockchain.info one (which is what I am currently using). But when it comes to things like needing to generate some bitcoin address / private key pairs, there is nothing wrong with developing this in C# and than using it in an ASP.NET website. no worries. i've never used coinbase, but it looks like a very well developed website. i'll take some time to properly evaluate its services and the technologies behind it. EDIT: do you by any chance have a link to the mention of RoR? I did find this http://news.ycombinator.com/item?id=4839772&buffer_share=7ab7bBuiltwith.com is an awesome site for checking what frameworks etc a site uses. http://builtwith.com/coinbase.com shows it was built with Ruby on Rails. http://bitcoin.stackexchange.com/questions/5287/how-are-popular-bitcoin-wallets-implemented also backs it up. Also looks like strongcoin.com uses ruby on rails. |
|
|
|
There is no language of Bitcoin. Blockchain.info is the most well done bitcoin related website. And it is programmed in Ruby on Rails. Using your logic, I guess Piuk didn't make a good choice of language for blockchain.info
Your so wrong, What programming language is the site written in.
The site is written in Java using ClusterJ and JDBC to interact with the database. We use a patched version of the mainline bitcoin client to relay transactions and update our database with blockchain data. All SQL queries are written using prepared statements.
https://blockchain.info/wallet/technical-faqhttps://bitcointalk.org/index.php?topic=134461.msg1432440#msg1432440Dude stop making stuff up! I stand corrected. I was sure I read somewhere it was developed in Ruby on Rails. EDIT: Oops, it was http://coinbase.com/ which I was thinking about. |
|
|
|
actually I have been digging quite deep into the bitcoin protocol, I can tell you now that I have spent a lot more than 100 hours making sense of how the protocol works. Even though Bouncy Castle did make life easy. What makes a language "good" for bitcoin? .NET does a perfectly good job. I can make the same website in .NET as I can in PHP, in a less amount of time without having to pay for additional software. (I really don't see the need for requiring bitcoin specific help for .NET when I understand the protocol myself and can implement the code myself. Which I would much rather do anyway, that way I can ensure the code is loosely coupled and I can write unit tests for it) I was strickly speaking from my "personal" experience. Obvisously there are many devs who can make perfect sense of the Bitcoin protocol. My point was that having a good programmer (even the best programmer) does not guarantee that THEY will also be able to make sense of it (the cyptography stuff is far from what ~99% of programmers have ever been exposed to). And why would you want to lock yourself into using unmaintained libraries that are 18 months? If the OP was a .NET programmer, or had some preference towards that technology, then I would have encouraged him to "go with what you know best". However, that is not the case and it seems to make sense to go with the path of "least" resistance (I hope you would agree that .NET is NOT that path). PHP, Java, Python, C/C++ are the languages of Bitcoin. This is exactly the point I was trying to make with scaling up on the Microsoft stack. If you were to go to Dell and build your $8k DB server, you would still need a $3000 license for Server 2008 R2 Enterprise edition (arbitrary 32 GB RAM limit with Standard; note this is better if you use Server 2012 Standard, then its just $800), and a $10,500 MS SQL Server Standard license, and even that can only use 4 of your 32 cores!!! Want to mirror your DB for redundancy? Sorry, that's Enterprise edition, (4 cores or 1CPU only even!) = $29,339.95 for each server!!!And there's the catch! Programs like Bizspark may actually allow startups to get in with limited upfront costs, but then where to you go from there? Hopefully it up. And up comes with shit-loads of licensing costs. If the value added is acceptable to you then fine, but I'm arguing that you can get the same results with alternatives that WON'T lock you in to expensive licensing agreements. I am admittendly biased against MSFT technologies, but that doesn't make my points any less valid. The path of least resistance is a lazy way of looking at things. When I look at make a website, I don't look at how fast I can pump it out, I look at how good of a job can be done with it. And I believe that is where languages like C#, Java, Ruby on Rails excel. Test Driven Development works well in these languages. There is no language of Bitcoin. Blockchain.info is the most well done bitcoin related website. And it is programmed in Ruby on Rails. Using your logic, I guess Piuk didn't make a good choice of language for blockchain.info |
|
|
|
Bitcoinsharp and bitcoincs are more of librarys to be used on a desktop and functions as a wallet, and not a connection to bitcoind for web applications. You are wrong. I have found it quite handy being able to generate bitcoin addresses, as well as using https://blockchain.info/pushtx to push transactions to the network. No need to use a bitcoind. I bet you be that one that saves private keys in a database unencrypted and then when a sql injection is performed you are like OMG someone stole from me... Bitcoind does it job and does it well Actually no. I'm the kind of guy that uses a ORM (specifically http://www.mindscapehq.com/products/lightspeed) so I don't have to concentrate on making sure queries are escaped. I'm also the kind of guy that uses encryption / hashing when storing sensitive data. But thanks for sharing your concern. ORM are used by you cause you don't take the time to learn about real security. I would even escape when using an ORM especially lightspeed, it aint that great of a server. I could make apache or nginx more secure anyway. Also you wouldn't use hashing to store a bitcoin private key, you would need to do a two way function probably aes so where you storing them keys? Encryption / Hashing is decided on a case by case basis. Usually when dealing with passwords I would use hashing / salting of the password. However depending on what I want to do with a bitcoin private key would depend on how I would store it. And yup, you nailed the head on that, I use an ORM since I don't take time to learn about security. |
|
|
|
Bitcoinsharp and bitcoincs are more of librarys to be used on a desktop and functions as a wallet, and not a connection to bitcoind for web applications. You are wrong. I have found it quite handy being able to generate bitcoin addresses, as well as using https://blockchain.info/pushtx to push transactions to the network. No need to use a bitcoind. I bet you be that one that saves private keys in a database unencrypted and then when a sql injection is performed you are like OMG someone stole from me... Bitcoind does it job and does it well Actually no. I'm the kind of guy that uses a ORM (specifically http://www.mindscapehq.com/products/lightspeed) so I don't have to concentrate on making sure queries are escaped. I'm also the kind of guy that uses encryption / hashing when storing sensitive data. But thanks for sharing your concern. |
|
|
|
You are right in that it is NOT necessary, but it sure does help. I would guess that you've never dug that deep into the Bitcoin protocol. I have very much respect for anyone who can even understand it. I've dedicated 100+ hours in trying to comprehend all of the crypto-jargon and its been a slow, uphill battle. My point being that if and when you need to customize / tweak your code (for some specific use case), unless you've got some sort of crypto-analyst (is that a real word?) on your team, you may find it hard pressed to achieve your goals. BTW, the first link you sent is to a library that hasn't been updated since Oct '11 and the second was June '11. I'm sure at some point, someone thought it was a good idea to port that Java code, but it hasn't been touched since. And a .NET (dot net, ASP) search on SE came up quite skimpy (I count 2). I'm very sure there are ample and perfectly good uses for .NET, but Bitcoin is NOT one of them. actually I have been digging quite deep into the bitcoin protocol, I can tell you now that I have spent a lot more than 100 hours making sense of how the protocol works. Even though Bouncy Castle did make life easy. What makes a language "good" for bitcoin? .NET does a perfectly good job. I can make the same website in .NET as I can in PHP, in a less amount of time without having to pay for additional software. (I really don't see the need for requiring bitcoin specific help for .NET when I understand the protocol myself and can implement the code myself. Which I would much rather do anyway, that way I can ensure the code is loosely coupled and I can write unit tests for it) Bitcoinsharp and bitcoincs are more of librarys to be used on a desktop and functions as a wallet, and not a connection to bitcoind for web applications. You are wrong. I have found it quite handy being able to generate bitcoin addresses, as well as using https://blockchain.info/pushtx to push transactions to the network. No need to use a bitcoind. |
|
|
|
|
