 Show Posts
|
|
Pages: [1]
|
good wallet, good business. few moments.
1. when i view something on Delphi - on my eyes blink - ATTENTION, VUNNERABILITY.
2. primary question. what function you use for generation priv. keys. Exist VUNNERABILITY generation mechanisms when hacker may sweep all keys generated wallet.
1. Why? I wrote this wallet from a scratch, always focused on security. This code is native, do not use webview or other things which may be vulnerable. It's all native 2. Look at function priv256forHD in misc unit, private keys are created from concatenating master seed and given coin params, then hashed. It's not inversible, so hacker must own a masterseed. Masterseed is generated with ISecureRandom + data from move sensor + taps/clicks etc, then hashed. MasterSeed is then secured with TCA alghoritm for key streching and SPECK. In early version of HODLER every single private key were also secured with key strech algo but we left this feature because it takes too long for generate pool of addresses for receive/change feature. |
|
|
|
|
Hello there, I'm trying to make a spliting transcation for Bitcoin's fork BSV. As far I know, there are old satoshis opcodes unlocked.
I've tried to add something like this in output:
OP_DUP OP_HASH160 <somehash> OP_EQUALVERIFY OP_CHECKSIG OP_1 OP_1 OP_MUL OP_DROP
and other combinations, but it always fail without error message. On some tx-broadcast sites it returns just scriptpubkey fail, even with valid stack script with eg. OP_ADD
Is there any restrictions with arithmetic instructions in spending script?
PS. OP_MUL is unblocked in BSV fork
PSS. If this is not a good subforums please move it,
Thanks in advice
Here's some example transaction which I trying to make:
0100000001ebccd85638acbfa3233d572f1fb7d7ae663402692166b60030abe8babbe5d40a000000006b48SIG
ffffffff01
f3e84e00000000001d76a9144f13e62a31fa0f883ed0ab4b4cd61458794c62ff88ac51519375
a5840800
|
|
|
|
|
Well, your website looks like it was made on the knee, there is no HTTPS, no info about author, nothing on github. We got only price to pay and not working screenshoots.
For me it looks like scam. The only thing which making your bot more real is filled wiki.
Please do something with this, otherwise you won't let users to want to use PSB
|
|
|
|
THE PROBLEM WHEN I AM ENTERING THE BACKBUP PHRASE ITS SHOWING WRONG
Maybe have you wrote words with mistakes. I've remember a similar case. |
|
|
|
ok, i looked at some of the code. i see that you have basically written the elliptic curve calculates on your own. are you sure they are correct? is it tested? i didn't understand two things: 1. why are you doing this check? r + s doesn't have to be dividable by 2. and i can't find it anywhere that says this check is needed. do you know any reason i am missing? see 4.1.3 of SEC1 also i believe this mod is completely unnecessary as the numbers you are giving it are 256-bit and mod with that larger number will return the same thing. not to mention that where it is being called the numbers (r and s for instance) must be 32 byte otherwise the implementation would be broken. 2. the other thing i didn't get is why are you using the private key itself for generating a random number for signing. isn't there any better RNG provider to use? might i also suggest Separation of concerns. some files are too large (as in 1000+ lines) and it seems like they don't all need to be in one place. nitpicking but DER Format comment should really move to line 252 because that is where you are DER formatting  We are very pleased that someone from outside looks through our code. This unit, secp256k1.pas was written by me, so I will tell you about your remarks. This mod is required due to a flaw in BigInteger class which allows to generate n-bit integer number where n is all free bits in RAM. Sometimes it create an 257 bit number even with 256bit constraits in upper lines. So this module is security check to not allow damaged r,s pair appear in signature. About d number (priv) in k generating you got right, there should be a trngBuffer instead of d. It will be changed in next release. This comment about DER formatting has been missed out when code was moved down. Our signatures are correct and they have been tested few thousand times. Thank you for your contribution  |
|
|
|
Like Vod, I'm also really interested in seeing you implement an option to timelock cryptocurrency.
It would be a real shame if you didn't add it, while having a name like that for your wallet.
Plus, it would be great if timelocks become easy to perform from within a wallet.
Though you might want to disable the function by default, since it would be pretty bad if someone did it by accident.
We can achieve this in few ways, like contract script with OP_CHECKLOCKTIMEVERIFY, or with nLocktime or just with our software way like encrypted zip with password (where time to crack it calculated to be eg. 24 hours, 48 hours etc.) with showing the right pass when time will come. This feature will be available in near future |
|
|
|
Hodler suggestion
Make it more secure and
1 add options to use USB cable connection
2 add physical switches to disconnect mobile / wifi connection
3 add sdcard slot for backup
Others
HODLER Wallet is always offline by default but in case of broadcasting transaction where being online is a must, you can quickly disconnect connection by using button on the right side of device (This bottom will shutdown screen, and take device in something like "Airplane" mode). USB Connection is fully controlled by wallet and the port will remain only for charging batteries. Masterseed is stored in encrypted partition but at this moment using SD Card to make seed backup is not excluded in our dev's roadmap. |
|
|
|
Thanks for a good response, this explains quite a bit. What prevents you (the central server) from changing addresses before relaying the address to the wallet? Others might be unable to MITM, but you would be able to from what I gather, as well as anyone with access to your mailservers.
Data are digitally signed. It's unable to change content without resigning message. Tomorrow we'll update the Security Description of the HODLER Wallet. Digital signing takes way more than 255 characters of length. With your supposed set up, no one would be able to use the email setup, as the signature + email headers would already exceed the 255 max. You can't decrypt and verify on your mail server either, as the client would have to trust that your mail server hasn't tampered anything, which would ruin the encryption. Mind getting FL4RE to answer this? He seems more technically capable than you (no offense, I assume you're in marketing or something) Yes, signing takes more place but it won't be count as a content. It will be part of a connection protocol, so if there will be mismatch, connection will be closed and user will get info about potential compromission of connection. The hard limit of content is to prevent attempts to send large messages to overflow the buffer and other unpleasant ones. With a limit of 255 characters it will significantly hinder it |
|
|
|
|
@up No dokładnie, hash160 to surowy adres, w formie binarnej. Dla naszej wygody, podaniu kilka bajtów i przejechaniu całości algorytem Base58 otrzymujemy adres w formacie dobrze nam znanym.
Czyli innymi słowy, z klucza abc123 powstaje ten sam hash160 w sieci BTX i BTC, przez co mamy 2 takie same adresy tu i tu
|
|
|
|
Okay, HODLER_TECH, how do you plan on sandboxing the email client, and how will the emails work in a way that prevents you from tampering with them? I don't think it would be feasible to make each device a mail server, so the address would have to be on a central mailserver controlled by you (unless you have some way around it). The emails would not be encryped, so you could easily MITM the address. Also, what prevents code execution from an email?
You got right, we will put mail deamons in our infrastrcuture, not in a wallet itself. By using 7bit ASCII only e-mails (aka plain/text) with hardcoded 255 length limit, exploiting this feature is hard, because there won't by any plugins,images etc. support, so potential attack vector should be based on MITM as you said or exploiting text but without UNICODE support is quite very hard if not impossible. The only threat i know with plain/text is EICAR Test-file, I will post it here, maybe some AV will trigger alert X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* About Man in the Middle thread. Wallet cannot use standard protocols to handle e-mails like SMTP or IMAP, it won't be safe. To prevent attack, connection between mail application in wallet and "mail server" will be encrypted in safe way, unbreakable without quantum computers. tl;dr >RCE prevention due to spartan protocol for emails content and app sandboxing >MITM prevention with point-to-point safe encryption with signed data |
|
|
|
|
This trick was used by students to cheat the plagiarism system in master's theses.
@up, Browsers now showing cyrilic charactes as xn--(digit), but in the past it was able to make indentical copy of domain with these characters.
|
|
|
|
|
Niestety, też płaciłem 32% :/
Rozbój w biały dzień
|
|
|
|
BTXów nie ma, jest BTC tam, ponieważ transakcja została zawarta w łańcuchu BTC. Musisz po prostu uzyskać dostęp abc123 lub dać im te 50$ niech ci to ręcznie wrócą. I teraz, jeżeli dobrze rozumiem, czy giełda miałaby uzyskać dostęp do konta o takim samym numerze abc123 ale w sieci BTC ?
Wydaje mi się, że chyba nie ma czegoś takiego, że są dwa takie same numery kont ale w różnych krypto (czyli abc123 w BTC i abc123 w BTX?) 1. Tak 2. Niestety, ale to prawda, ten sam adres moze istniec w roznych krypto. |
|
|
|
The Bank is the place where people who have money want to lend it for poorest with profit. That's the book definition of it, but your idea is much wider. With 400 BTC you can do a lot of things, even make a decentralized bank |
|
|
|
Has anyone tried full disk encryption while running a node? Chuck in a little file compression and you can soon get back to the same performance at the cost of a bit of CPU-Power and memory. Disk-Drives are as slow as snails and are hardly any faster today then they were ten years ago but today Microsoft tries to lock everyone else out from writing that kind of software and we are now at the stage where anything they can steel, encrypt and upload they are doing. My skills today are so good that I cannot delete index.dat files (these get hidden) on a windows 10 machine because its no longer an OS but has become a remote terminal for Microsoft and the NSA I did, never get any issue with that, about performance on my highend stuff is barery feelable, or there is no difference at all. |
|
|
|
|
Sprawa wygląda tak, giełda posiada klucz prywatny do tego adresu, najpewniej w formie skrótu sha256 (co jest tożsame z klonami bitka). Zmierzam do tego że, z tego klucza można utworzyć ten sam hash160 w BTC i BTX, oczywiście jeśli format jest podobny, lecz skoro udało ci się przesłać btc na btx to walidatory musiały uznać że to adres btc.
Także jest to do odratowania, ale potrzebujesz pomocnej dłoni ze strony giełdy.
To musi być dokładnie ten sam adres, nie mogą ci przelać btxów na inny, żeby nie zdradzać klucza, gdyż taka transakcja nie będzie widoczna w łańcuchu BTC.
|
|
|
|
Well is not a lie, not every hardware is vulnerable but check this http://lmgtfy.com/?q=ledger+trezor+vulnerabilitySo you can agree with me that address can be hijacked with Trezor, otherwise why it would display adress again? Eg. Legder Nano S is displaying few letters from address, it can be tricked by vanity address in similar letters. My point here is that the connection with PC is the weakest link, we do not have this link. Addresses cannot be hijacked at all. Using competitors device connected with PC requiring user to take special attention. |
|
|
|
Hello I'm Daniel and I am an the man who stay behind a HODLER security model. Okay, to start, care to elaborate on "the computer being the weakest link?" As a Trezor owner, I'm genuinely curious on how my virus infected computer could steal my coins. Hardwarewallets that require computer connection are subjected to attacks that can take over clipboard of the infected computer. Our wallet in completely independent. Clipboard hijack attacks are happening more often than breaking of the double encrypted connections and archives. For readers not familar with this technique: http://whatis.techtarget.com/definition/clipboard-hijack-attackWhat's the point of a cloud backup, if the user has to remember a password anyway? Forget about the cloud storage, and use a 24 word recovery seed instead. Cloud is dedicated for storing encrypted blobs of IMPORTED wallets. These wallets can not be generated once again from seed while recovering backup, so we storing it safetly in cold storage. Blobs are generated in that way: generatedHashAsKey = sha256(seed).repeat(100000)
blob=aes256CBC_encrypt(generatedHashAsKey,importedPrivateKey) And this blob is sent to cloud with point-to-point encryption. With this storage, when you can recover imported wallets when eg. you lost your device. |
|
|
|
|
