Bitcoin Forum
July 13, 2024, 10:58:39 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 »
1  Other / Beginners & Help / Do not save logins and sensitive info inside the browser on: July 08, 2024, 07:32:04 AM
Me again, with another important cybersecurity update. Today I am going to be talking about why you shouldn't store things like passwords, credit card info, and addresses inside your browser.

Most browsers have some sort of built-in password manager that stores not only passwords, but things like your addresses, saved cards and so on.

Well I'm here to tell you that this is a treasure trove of data that is often targeted by malware, in order to use the data for mischievous things like abusing them, or selling them off to someone who will.

The problem here is that the built-in password managers often have no password protection and this means that your sensitive data is not encrypted and is in plain text. (Safari does not have this issue.)

Therefore you need to store all this data into a proper password manager like 1Password, Bitwarden, KeepassXC, or Proton Pass. These store your data in encrypted containers that are password protected by a master password. Make sure you choose a strong master password and you do not forget it. They are much better than storing your passwords in your browser's password manager.
2  Bitcoin / Bitcoin Discussion / Craig Wright ASSETS FROZEN WORLDWIDE on: July 07, 2024, 08:23:34 AM

Self-Proclaimed Bitcoin Creator Craig Wright Slapped With an Assets Freezing Order Over Libel Lawsuit
Daily Hodl Staff July 6, 2024 BITCOIN, REGULATORS

The High Court of the United Kingdom is freezing the assets of computer scientist and businessman Craig Wright, according to new legal documents.

The court issued a worldwide freezing order (WFO) upon the request of podcaster Peter McCormack with the aim of recouping his legal fees incurred when Wright sued him for defamation.

McCormack tells his 543,000 followers on the social media platform X that the order froze roughly 1.54 million British pounds ($1.9 million) worth of Wright’s assets, which could help him recoup his legal fees.

Says Justice James Mellor in his ruling,

“Wright was using the law of defamation … to silence anyone who dared to contend that Dr. Wright was not Satoshi or to question his claim… I was entirely satisfied that Mr. McCormack has a good arguable case (indeed a very strong case) for recovery of costs in the sum of £1.548 million.”

Wright proclaimed himself to be Satoshi Nakamoto for years. However, a judge ruled in March that there was overwhelming evidence that Wright is not actually Satoshi nor is he the author of the Bitcoin (BTC) white paper, the original thesis behind the digital asset.

Wright had sued McCormack, host of the What Bitcoin Did podcast, for libel after he called Wright a “fraud” when challenging the computer scientist’s claim that he was the pseudonymous Bitcoin creator Satoshi Nakamoto.

That's it guys, he's done. BSV is also finished.
3  Other / Beginners & Help / Prevent malware from infecting your Windows computer - some tips on: July 04, 2024, 01:45:47 PM
Some of us are cursed unfortunate to have to be using Windows when it has been long known to be the least secure operating system in the whole world, essentially.

There are a variety of ways that malware can infect your computer but we are not concerned about any of them right now, we are here to discuss one thing.

Most malware have a kill-switch that terminates if it is running inside a virtual machine, or is running with some other parameters, so in this post, I will tell you the common cases where a virus will exit and show you how to activate them.


  • Internet connection

The simplest case is when the malware is unable to talk to anything on the internet. In this case, based on samples that I have seen, they automatically exit and/or query in an infinite loop. An offline computer cannot be hacked. The way to detect this is to run monitoring with Wireshark or tcpcap, and have other software read the log files they generate and alert you if a program is repeatedly querying an IP address or website.

  • Hostname

Here in this case, the virus will quit if the hostname matches one from a specific list. You are able to open any reverse engineering tool like WinDbg and search for human-readable strings, to find them out. If you have MinGW installed you can also use the "strings" program in the terminal.

  • MAC Address

Similarly, the virus quits if the system's MAC address matches one on a hard-coded list. There are some MAC address spoofers you can find on Google which can spoof your MAC address to be one of those addresses, which will make you immune to that strain of malware.


  • Username

Similarly, the virus will sometimes refuse to execute if the username matches a hard-coded list. But since you can't easily change the username on a Windows account, this could pose a problem. The solution is to use a reverse engineering tool to "insert" your own username as a string (but it would be a lot safer to not run the program).

  • Display resolution

Generally speaking, malware will not run on any computer that it believes is a virtual machine. This includes all systems with resolution less than 800x600. You can't easily spoof your display resolution, however you can intercept API calls to Windows by downloading/building the Detours program by Microsoft and intercepting the calls. And also  you can use the Process Monitor program that is part of Sysinternals to detect this API call.


  • IP Addresses

If there's a hard-coded list of IP addresses, you can take advantage of that, but this usually does not work for two reasons. First, home connections use NAT by their ISP which means their IP address keeps changing. And second, it is next to impossible to spoof the IP address unless you have access to specialized software that is not available on Windows. But you can try anyway.

  • Registry Keys

Certain viruses detect the strings "VMware" and "VBox" insite the registry editor for the hardware ID, the disks, etc. But it is very dangerous to change these as you might break your computer by using the registry editor.

I have one more tip for you: If you use a VPN for the whole computer, you will bypass most malware which checks if you are using a residential (home) connection or a datacenter (VPN) connection. So you should have a VPN running at all times, even if it is a free one.

I hope this helps somebody and makes them avoid getting hacked.
4  Economy / Currency exchange / Source of funds question on: July 04, 2024, 08:05:56 AM
Have any of you guys been asked by your bank about the source of funds in a recent transaction where you sell your bitcoins (or other crypto) and receive a wire transfer? Especially since the other trader is basically a stranger to you for the bank's purposes?

If yes, then do you know of any thresholds that this will happen?

I'm just wondering since it seems to me that if you can't produce a SoF then they might freeze/close your account or something.

I don't have any problems myself in particular, but like I said, I'm just wondering about this possibility..
5  Bitcoin / Electrum / Electrum does not document how to install plugins on: July 04, 2024, 07:34:17 AM
While I understand that plugins make Electrum weaker and more susceptible to vulnerabilities, I believe people should still know how to install them.

Electrum comes with a list of pre-installed plugins, but in case you want to use other plugins, here is a short and simple guide:

*Note: This is first of all only possible when you are using the Python bundle - not with the installer, appimage, DMG, EXE or anything like that.

When you download the plugin in a compressed format like a zip file or a tarball, you basically need to extract it to the electrum/plugins folder in the Electrum installation. Then restart Electrum.

I wonder why Electrum devs did not document this.
6  Other / Off-topic / Why do watches keep getting stuck quickly? on: July 04, 2024, 07:12:51 AM
I'm probably on what is my fourth timepiece by now, and in each of them, the issues are very similar.

Either the minute and hour hands don't move by themselves, or all three hands are frozen.

Pretty sure it's a dead battery or something based on what I've read online? I do plan on taking them somewhere to see if they can get repaired.

They're on the cheap side too, so maybe that is part of the problem.
7  Economy / Services / Customized Avatar Service + Banner for bounties and signature campaigns on: June 25, 2024, 07:31:36 AM
I am offering the opportunity for signature campaign managers to use my star wars themed avatars in their campaigns, for their own users, with up to 50 participants supported.

In this thread I also offer signature campaign banners through an affiliate service - small, heading-only banners and full-width banners containing the entire post. This service is especially useful for bounty managers, to get a professional-looking bounty campaign banner while saving a lot of time.

You will be able to choose from a collection of these avatars with your own advertiser's branding:

Catalog of avatars you will receive:
(Disclaimer - You may see promotional text of websites here on these avatars. I would like to make it clear that I am not, and am not intending to, use this page to advertise or promote any services that are unrelated to the ones I am offering on this thread, and the images below are for catalog purposes only.)
#01    #02    #03    #04    #05    #06    #07    #08    #09    #10    #11    #12    #13    #14    #15    #16    #17    #18    #19    #20    #21    #22    #23    #24    #25    #26    #27    #28    #29    #30    #31    #32    #33    #34    #35    #36    #37    #38    #39    #40    #41    #42    #43    #44    #45    #46    #47    #48    #49    #50

Price: depending on how many users your campaign has. The characters can also be colorized, but that will cost you extra.

PM me for orders. Use this thread for any questions you might have.
8  Bitcoin / Bitcoin Technical Support / Will a 2GB RAM VPS run Bitcoin Core? on: June 11, 2024, 10:41:59 AM
I needed to get a spare VPS to run some tests with Bitcoin Core, and this was the only one that met the disk requirements.

The maxmempool and the dbcache are set to the bare minimum (5 and 6 MB respectively).

Currently, there is 1.2GiB free while I am running Core. There are no other programs running on the system:

              total        used        free      shared  buff/cache   available
Mem:           1.9Gi       775Mi       113Mi       1.0Mi       1.2Gi       1.2Gi
Swap:             0B          0B          0B

It is currently on around block 450,000 in the IBD.

Yes, I am aware that this setup will thrash the disk a lot. However, the disk and network are in excellent condition - NVMe SSD and 1Gbps network respectively. So how long should I expect the validation to take?

And will I run out of memory before it finishes?
9  Bitcoin / Development & Technical Discussion / Need help understanding this modular inverse implementation on: June 04, 2024, 01:28:24 PM
Taken straight from VanitySearch (different project but identical source file)

_ModInv is the modular inverse funciton that implements the extended euclidean algorithm, which is described at Wikipedia here:

It's using signed 320-bit integers, probably to catch overflow and underflow, which it deals with later. That's not the issue here.

There is the Euclidean (proper) division, which I already understand. And then there's this talk about the Bezout coefficients which I also understand. My issue here is understanding how this particular implementation implements this this using 63-bit bit shifts.

U and V (the two inputs) are loaded with the values of P and R respectively. (because R * (the return value) === 1 mod P.

And then my understanding goes downhill from there  Smiley

Can someone help me figure this out, or at least point me to a website where I can find people who might understand this sort of function?
10  Bitcoin / Bitcoin Discussion / The absolute insanity Congress is writing now... on: May 30, 2024, 07:30:18 AM
I recently learned that legislation has been drafted on Capitol Hill to classify *not re-using Bitcoin addresses* as "mixing"

There are also efforts to force "unhosted wallet providers" to collect user info for taxes

As well as to give power to Treasury to sanction any address (even Americans)

And a whole lot more bad stuff

IMO Coin Center does vital work to fight this and to protect privacy tech

They are a compact team and do a lot with the resources they have

They sue the OFAC and Treasury

They consider the Bank Secrecy Act unconstitutional and act accordingly

I just spent some time with their leadership team, asking questions, and came away impressed, I would strongly suggest a donation today

Now, I have seen stupid bills proposed by this house before, but this is the absolute most ridiculous piece of legislation I have ever seen.

To say that not reusing an address is mixing? Man, what happens when someone only receives a payment one time and doesn't move the funds?

Also what is stopping people from creating a new transaction that sends the UTXO from the address back to itself in a new UTXO?

They don't even know anything about how crypto works and they are already greedy and trying to extract taxes from Americans and apparently non-Americans too since there is no way you can differentiate between them or force an open-source software to give you an ID.
11  Bitcoin / Development & Technical Discussion / Comprehensive SHA256 implementer's guide on: May 29, 2024, 06:20:57 AM
A lot of processes inside Bitcoin are using SHA256 in various places, from creating an address to signing a transaction to mining a block. So in this post I hope to make it clear how most of the internal procedures around SHA256 works so that you can better understand exactly why it is so resistant to cryptanalysis attacks.

This thread is intended to be a resource for anybody whose trying to implement a custom SHA256 operation inside a CPU, GPU, FPGA, or whatever.

What is it useful for?

- Brainflayer
- Vanitysearch
- Recovering lost private keys
- Mining (were SHA256 is done twice)
- Any application where you need to do SHA256 really fast

Interactive demo (not mine):

Warning - don't try to make an implementation for a secure application. This is for speed only.

SHA256 variables

In SHA256, every variable is 32 bits long except for the message itself. Even the arrays have 32-bit elements.

We have 8 variables denoting state. Usually this would be in an array practically speaking, but theoretically you could call the variables a, b, c, d, e, f, g, and h. they are all 32 bits long. Initially, they are set to the first 32 bits of the square roots of the first 8 prime numbers.

When the SHA256 operation is finished then these variables are all concatenated together and it is returned as the final checksum.

How does that work, you might ask? Well, let's take the first prime for example: 2. The first digits of the square root of 2 are: 1.4142135... but we are not interested in these decimal digits. We want to convert this into binary first.

Also it is worth noting that we don't use the numbers before the decimal point. In this case it is 1, so we subtract the integer part from the number to get only the fractional part.

Well, how do we convert this fractional number into binary, and is it even possible?

The easiest way to do this is to multiply the number by 2**32 and truncate the result in order to get the first 32 bits on their own. You can adjust the exponent if you want to get a different number of bits. e.g. 2**64.

There are also 64 round constants K, although we almost always make this an array. Their initial values are the first 32 bits of the cube roots of the first 64 prime numbers. Calculated in a similar way to above.

Finally we have a list of words. As in, in binary nomenclature "words". And by the way, in the SHA256 algorithm, a word is defined as 32 bits, and not having its own meaning. We call these W and there are 64 of them.

Input preparation

SHA256 works on chunks of 512 bits i.e. 64 bytes. So, the input has to be padded by 64 bytes and this is done automatically by the operation.

SHA256 takes an arbitrary string as an input, even an empty string. However, we always add 0x80 to the end of the string (technically a single 1 bit is all the implementation needs), and then after that we keep adding 0x00 bytes to the end until the length is a multiple of 512 bits, or 64 bytes actually.

Then we are going to 56 more 0x00 bytes at the end, followed by 8 bytes containing the original length of the message. (SHA256 supports messages up to 2**64 bits large).

Operations on chunks

For each 512-bit chunk, we are going to run a particular algorithm on the chunk 64 times. In the process, it is going to update the variables a through h. The reason why these variables are also changed is because they are used in the algorithm as well in the processing of the next chunk. When you have the final result depending on the values of each 512-bit chunk to create a particular result, it becomes much harder to forge hashes.

The first thing that is done before the rounds begins is that we are going to set the values of W. As I have mentioned before, there are 64 W values. The 512-bit chunk is broken into parts of 32-bits each to set the first 16 W values. The other 48 W values are calculated by the following formula, assuming zero based index:

W[i]=σ1(W[i-2])+W[i-7]+σ0(W[i-15])+W[i-16]     16 <= i <= 63

We will get to the sigma functions in a minute. But first I would like to note that this equation can be unrolled out of a loop, can can be ran in batches of 16. Effectively this means that words 16-31 of W can be calculated after the first 16 rounds, words 32-47 of W can be calculated after the second 16 rounds, and words 48-63 after the third 16 rounds which is before the fourth and last 16 rounds.

This process is called expansion in SHA256.

Here is some code (that is not mine) which shows how this is done in practice:

// uint32_t * w; // Function parameter that contains the 512-bit message chunk i.e. the first 16 words of W

SHA256_RND(0); // This does 16 rounds on a chunk
WMIX(); // generate the next 16 words of W
SHA256_RND(16); // Do another 16 rounds
WMIX(); // etc...

#define WMIX() { \
w[0] += s1(w[14]) + w[9] + s0(w[1]);\
w[1] += s1(w[15]) + w[10] + s0(w[2]);\
w[2] += s1(w[0]) + w[11] + s0(w[3]);\
w[3] += s1(w[1]) + w[12] + s0(w[4]);\
w[4] += s1(w[2]) + w[13] + s0(w[5]);\
w[5] += s1(w[3]) + w[14] + s0(w[6]);\
w[6] += s1(w[4]) + w[15] + s0(w[7]);\
w[7] += s1(w[5]) + w[0] + s0(w[8]);\
w[8] += s1(w[6]) + w[1] + s0(w[9]);\
w[9] += s1(w[7]) + w[2] + s0(w[10]);\
w[10] += s1(w[8]) + w[3] + s0(w[11]);\
w[11] += s1(w[9]) + w[4] + s0(w[12]);\
w[12] += s1(w[10]) + w[5] + s0(w[13]);\
w[13] += s1(w[11]) + w[6] + s0(w[14]);\
w[14] += s1(w[12]) + w[7] + s0(w[15]);\
w[15] += s1(w[13]) + w[8] + s0(w[0]);\

As you can see, although the algorithm prescribes that the last 48 words are generated by the formula, it only uses numbers between 1..16 in the subtraction part. Technically that means you can get away with generating 16 words at a time and overwriting the previous words as you go. For example:

w[0] += s1(w[14]) + w[9] + s0(w[1]);

Here you can define i to be 16 so that W[i-2] is W[14], W[i-7] is W[9], W[i-15] is W[1] and the last one W[i-16] is just W[0] which we take care of by adding it and then overwriting its value via the += operator.

So effectively this means W[0] in the program now contains W[16] from the math.

Subsequent lines that reference W[0] are doing so because their value of t-2, t-7, t-15 or whatever evaluates to 16, which is what is inside W[0] right now.

The s0 and s1 are the lower sigma functions (named so because there are also upper sigma functions - I will explain in a minute) and they are defined like this:

#define s0(x) (ROR(x,7) ^ ROR(x,18) ^ (x >> 3))
#define s1(x) (ROR(x,17) ^ ROR(x,19) ^ (x >> 10))

ROR is just the Right Rotate function for 32 bits, i.e. ((x>>n)|(x<<(32-n))).

These lower sigma functions are designed in such a way that the expansion process creates words that are as non-linear (unpredictable) as possible.

Anatomy of a round

After initializing the values of a through h, which is done at the beginning of the function by the way,

not at the beginning of a chunk,

we apply another formula to update these eight variables.

#define S0(x) (ROR(x,2) ^ ROR(x,13) ^ ROR(x,22))
#define S1(x) (ROR(x,6) ^ ROR(x,11) ^ ROR(x,25))

#define Maj(x,y,z) ((x & y) | (z & (x | y))) // Majority function i.e. (x & y) ^ (x & z) ^ (y & z)
#define Ch(x,y,z) (z ^ (x & (y ^ z))) //  Choice function i.e. (x & y) ^ (~x & z)

// SHA-256 inner round
#define S2Round(a, b, c, d, e, f, g, h, k, w) \
    t1 = h + S1(e) + Ch(e,f,g) + k + (w); \
    t2 = S0(a) + Maj(a,b,c); \
    d += t1; \
    h = t1 + t2;

#define SHA256_RND(k) {\
S2Round(a, b, c, d, e, f, g, h, K[k], w[0]);\
S2Round(h, a, b, c, d, e, f, g, K[k + 1], w[1]);\
S2Round(g, h, a, b, c, d, e, f, K[k + 2], w[2]);\
S2Round(f, g, h, a, b, c, d, e, K[k + 3], w[3]);\
S2Round(e, f, g, h, a, b, c, d, K[k + 4], w[4]);\
S2Round(d, e, f, g, h, a, b, c, K[k + 5], w[5]);\
S2Round(c, d, e, f, g, h, a, b, K[k + 6], w[6]);\
S2Round(b, c, d, e, f, g, h, a, K[k + 7], w[7]);\
S2Round(a, b, c, d, e, f, g, h, K[k + 8], w[8]);\
S2Round(h, a, b, c, d, e, f, g, K[k + 9], w[9]);\
S2Round(g, h, a, b, c, d, e, f, K[k + 10], w[10]);\
S2Round(f, g, h, a, b, c, d, e, K[k + 11], w[11]);\
S2Round(e, f, g, h, a, b, c, d, K[k + 12], w[12]);\
S2Round(d, e, f, g, h, a, b, c, K[k + 13], w[13]);\
S2Round(c, d, e, f, g, h, a, b, K[k + 14], w[14]);\
S2Round(b, c, d, e, f, g, h, a, K[k + 15], w[15]);\

The capital S stands for upper sigma function, ignore these for now we will see them later. Ignore the majority and choice functions as well, we will look at  them later.

Each round (which is implemented in S2Round) switches around the variables. So the variables used in the current round will not be in the same order as the previous round. You can see that it wraps around to its starting order after every 8 rounds.

This particular implementation only shows 16 rounds, the reason which I have explained in the previous section (it only calculates 16 words at a time).

At any rate...

The upper sigma functions have a similar definition to the lower sigma functions, except they are not used in the word expansion process, but inside the rounds.
Their purpose is similar- to make it really hard for anyone to guess what the previous value of the input was.

The majority and choice functions are elementary logical functions. The majority function takes three variables, and in each bit position, takes the one which is most occurring in the three variables. For example, if two variables have a one in a bit position but the third has a zero, that bit is going to be a one. And vice versa. So if you have three variables like 0x0010010, 0x10001000, and 0x01010101, the majority function of all these variables is going to be just 0x0000000 because in each bit position more variables have a 0 bit there than a 1 bit.

The choice function also takes three variables, but uses the first one as a conditional, like an if statement or something. So basically for each bit position:

- If the first variable has a 1 bit there, the result has that bit position set to the second variable's bit
- Otherwise if the first variable has a 0 bit there, the result has the bit position set to the third variable's bit.

You don't actually have to understand how all these helper functions work in order to implement SHA256, as long as you have the function definitions you're good.

Going back to the variables themselves, you can see that before the variables are rotated, that d and h are updated as follows:

h = S1(e) + Ch(e, f, g) + k + w + S0(a) + Maj(a, b, c)
d = d + S1(e) + Ch(e, f, g) + k + w

This adds some additional obfuscation to the state variables before the rotation (i.e. b = a, c = b, etc). Changing the order of the variables like this brings about a major security advantage that makes it difficult to reverse-engineer the previous values of the variables from the final SHA256 hash - which, as you recall, are just the a through h variables stuck together.

Under no circumstances are the values of the round constants K changed to new values.

Wrapping up

After the 64 rounds are finished, you have the eight variables for the chunk. After you get these variables for all the chunks, you need to add them together to get the final eight variables.

What I mean is, You need to have another array of size 8 that is initialized to zero so that you can perform addition-assignment with the state variables.As you are not going to be storing the variables after you discard the chunk. Practically speaking, you do something like this:

output[0] += a;
output[1] += b;
output[2] += c;
output[3] += d;
output[4] += e;
output[5] += f;
output[6] += g;
output[7] += h;

A reminder that since these variables are all 32-bits or 4 bytes, you need to concatenate them together to get the final 256-bit digest.

12  Economy / Service Discussion / Can buy one domain for free. What is a good business idea? on: May 23, 2024, 01:12:18 PM
Apparently, I have some unused credit at my domain registrar and it is enough to buy some domain name that is less than $10 for one year.

I am not really sure what to do with it at all though, so I was thinking about asking you guys what kind of crypto business do you see everyone else doing on the internet.

I already have hosting to cover a new website. But I'm just trying to figure out a good website name and a plan.
13  Economy / Service Discussion / There is no crypto version of Cloudflare? on: May 13, 2024, 04:21:38 PM
So I'm sure you all are very familiar with the two services Cloudflare and DDoS-Guard. These two services protect your server from incoming DDoS traffic that will disrupt your operations. It is true that the service plans for these websites that actually provide this functionality are quite pricey, but they both only take card payments.

I know quite a few crypto websites that would benefit from this kind of service if only they could pay in cryptocurrency.
14  Economy / Trading Discussion / In order to reach your target, don't rush! on: May 02, 2024, 11:07:41 AM
Advice which is not just financial but applies to everything business related and even outside business, but we are going to be looking at this from a business standpoint as opposed to just financial.

Let's say that you're selling something online, and you have a supply chain to get the product ready and assembled for you, when all of a sudden, one of the supplies you use is in short stock. Restocking it will be very expensive because its price has gone up, but there is a bigger demand for your products. However, you do know that the price of the supply will go down if you just wait, but you may run out of inventory before then, but you don't know if you will.

Let's say you panic, and make a large order for the supply. Then all of a sudden, for unrelated reasons outside of your control, your sales tank. Now you are stuck with a giant amount of supplies that you can't offload, because product sales have slumped.

On the other hand, lets say you wait, and the prices either go down by themselves or you manage to find a special discount deal. So you turn out to be just fine.

It's the same no matter if you are trading crypto, doing a business with crypto, selling stuff for crypto, etc.

Anyway I just thought I might share this with you, because panicking and rushing to do something can be costly sometimes.
15  Bitcoin / Development & Technical Discussion / Help with creating P2PK transaction on: April 30, 2024, 11:28:02 AM
I am trying to test my code against the BIP143 reference transactions at: . I am stuck at the very first one (that says Native P2WPKH).

I was intending to test my segwit input signing, but since that works, I need to figure out why the P2PK input is not calculating the correct preimage for signing. (My DER signing code works correctly as well as adding the required varints and stuff to the final scriptsig).

This is my preimage for the P2PK input


After removing the sighash at the end, I have:


which decodes to:

  "txid": "66bd3593b9cc26ecf428b436a4e2e873fc9545a06e58bf519609ebaf58693831",
  "hash": "66bd3593b9cc26ecf428b436a4e2e873fc9545a06e58bf519609ebaf58693831",
  "version": 1,
  "size": 195,
  "vsize": 195,
  "weight": 780,
  "locktime": 17,
  "vin": [
      "txid": "9f96ade4b41d5433f4eda31e1738ec2b36f6e7d1420d94a6af99801a88f7f7ff",
      "vout": 0,
      "scriptSig": {
        "asm": "03c9f4836b9a4f77fc0d81f7bcb01b7f1b35916864b9476c241ce9fc198bd25432 OP_CHECKSIG",
        "hex": "2103c9f4836b9a4f77fc0d81f7bcb01b7f1b35916864b9476c241ce9fc198bd25432ac"
      "sequence": 4294967278
      "txid": "8ac60eb9575db5b2d987e29f301b5b819ea83a5c6579d282d189cc04b8e151ef",
      "vout": 1,
      "scriptSig": {
        "asm": "",
        "hex": ""
      "sequence": 4294967295
  "vout": [
      "value": 1.12340000,
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 8280b37df378db99f66f85c95a783a76ac7a6d59 OP_EQUALVERIFY OP_CHECKSIG",
        "desc": "addr(1Cu32FVupVCgHkMMRJdYJugxwo2Aprgk7H)#3p63gz2n",
        "hex": "76a9148280b37df378db99f66f85c95a783a76ac7a6d5988ac",
        "address": "1Cu32FVupVCgHkMMRJdYJugxwo2Aprgk7H",
        "type": "pubkeyhash"
      "value": 2.23450000,
      "n": 1,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 3bde42dbee7e4dbe6a21b2d50ce2f0167faa8159 OP_EQUALVERIFY OP_CHECKSIG",
        "desc": "addr(16TZ8J6Q5iZKBWizWzFAYnrsaox5Z5aBRV)#n0m4rux2",
        "hex": "76a9143bde42dbee7e4dbe6a21b2d50ce2f0167faa815988ac",
        "address": "16TZ8J6Q5iZKBWizWzFAYnrsaox5Z5aBRV",
        "type": "pubkeyhash"

The signature DER is supposed to be:


which is on the Bitcoin Wiki page I linked, where the 01 at the end is the sighash, but this is what I get instead after double hashing the preimage:


Since they do not provide the expected preimage value for P2PK, how am I supposed to figure out what is wrong with my transaction to sign?

Alternatively, if anyone has a another P2PK transaction that comes with the expected preimage for that transaction, I'd be happy to know about it.

Or is the signature valid, but just signed with openssl random nonce values instead of with libsecp256k1? That might be plausible, since this BIP is from 2017 and libsecp256k1 was made in 2019 I think.

here is another transaction, P2PKH this time:

Their preimage is:


Same as my preimage

But their signed transaction is


Mine is


Different DER signatures but otherwise everything is the same.

I know that the link is using pybtc to sign its transaction which is using a custom ECDSA signer: and it also seems to be using RFC6979 r-value.

But libsecp256k1 is also using RFC6979!

This explains the fact that my generated signatures are deterministic, but does this simply mean that two different valid signatures were generated? I don't think my DER itself is invalid....

TL;DR - if my preimage is identical and the rest of the transaction except for the DER is identical to a known valid transaction then can I be sure the transaction is valid? Since there is no balance I can't broadcast it.
16  Bitcoin / Wallet software / The airstrikes begin... (Phoenix Wallet) on: April 27, 2024, 04:52:00 AM

There's a giant institution with guns out there which wants to destroy every centralized, destroyable component they can find related to privacy. Every centralized privacy service is at risk of being nuked from orbit at any moment, and you want to be nowhere near the strike zone. I think that the legal argument against Samourai is fairly weak, but the law is only ink on a piece of paper: it has no magical powers to protect you. I wouldn't be surprised if the Samourai devs win their case in the end, but their lives are still going to be ruined for at least the next few years, and they'll probably be bankrupted. The fact is that the powers-that-be desperately want these things destroyed, and they're eventually going to find ways of destroying them, if there's any way to do so.

I'm certainly not saying that privacy is a lost cause, but this environment requires a much higher standard of robustness and decentralization. This isn't as free a world as it was when Bitcoin was first created.

Apparently, the strike zone is all US people, whether they actually live in the US or not.

For the record, I am one of those US people!

We can't let this go down without a fight.
17  Bitcoin / Bitcoin Discussion / The FBI does NOT want you to use KYC-free services. on: April 26, 2024, 05:40:55 AM

Anyway, I would like to place my own "alert" here:

Alert on Fiat Money Services Businesses

The Legion of Bitcointalkers warn all Bitcoiners against using fiat money transmitting services that are not registered as Money Services Businesses (MSB) according to United States federal law (31 U.S.C. § 5330; 31 CFR §§ 1010; 1022) and claim to adhere to anti-money laundering requirements. A few simple steps can prevent intentional withholding of your funds. For example, avoid financial money institutions that collect know your customer (KYC) information from customers when not required.


The FBI has scarcely conducted law enforcement operations against fiat money institutions which were insolvent in disccordance with federal law. People who use unlicensed fiat money institutions may encounter financial disruptions as a result of a lack of law enforcement actions, regardless of if their money is intermingled with funds obtained through illegal means.

Fiat money transmitting services that purposely break the law or knowingly facilitate illegal transactions will not be investigated by law enforcement. Using a service that does not comply with its legal obligations may put you at risk of losing access to funds since law enforcement operations don't target those businesses.

  • Before using a money transmitting service, check whether it is registered as an MSB with the US Treasury Department's Financial Crimes Enforcement Network (FinCEN). FinCEN provides a website where anyone can check whether a company is registered:
    • However, the inclusion of a business on the MSB Registrant Search web page is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency.
  • Beware of financial services that ask for KYC information including name, date of birth, address, and ID before allowing you to send or receive money or cryptocurrency.
  • Understand that just because an app can be found in an app store does not necessarily mean it is an illegal service and is not complying with federal requirements.
  • Avoid using services that advertise themselves for illegal purposes.
  • Be cautious when using cryptocurrency services known to be used by criminals to launder their funds.

The Legion of Bitcointalkers requests victims report fraudulent or suspicious activities to the Scam Accusations board at

Yes, I am taking the piss here, but do you really think these guys will let you use an exchange that is not an American public company like Coinbase and Kraken?
18  Economy / Currency exchange / WTB $30 in LN sats, have BTC on: April 12, 2024, 11:49:22 AM
Since the fees became high virtually overnight, I am trying to avoid spending so much money on fees for my transactions, so I would like to move my transactions to the lightning network where fees are negligible.

For now, $30 is good enough to start with. This is kind of a loan because I'm not going to send the BTC immediately, but I will wait for fees to become reasonable like 30-40 sats or something like that before I send you the BTC. Or in max 2 weeks if fees don't get lower by then.

This is NotATether on Friday 12 April 2024

And to prove that I do have money to repay you, this address has a lot more than $30.

000000000000000000008c007c4b1c7145715329ae56bc1be91955ba8191f7c3 latest block hash.

Use Electrum to verify the signature.
19  Bitcoin / Development & Technical Discussion / Bitcoin BIPs new reviewers nomination on: April 07, 2024, 08:48:27 AM
There is some discussion on the new bitcoin-dev mailing list, which has moved to Google Groups in case you haven't heard btw, for adding some new BIP repositoy maintainers:

Apparently, the load is too much for luke-jr to handle all by himself.

Hopefully this will mean more BIPs will be merged into Bitcoin Core as there seriously has been way too long a delay for getting anything reviewed these past few years.
20  Bitcoin / Wallet software / PSA: xz/liblzma critical vulnerability on: March 30, 2024, 03:34:00 AM
There is a very serious vulnerability in the xz compression program that was just found and has made its way to versions 5.6.0 and 5.6.1:

Basically it contains a backdoor to completely bypass your SSH authentication. All signs point to it being planted by a malicious actor running the project. It is undetectable by sanitizers and fuzz testing tools.

Fortunately the major distributions such as Ubuntu had not packaged it yet.

I am aware that most people reading this are not using SSH or have servers for this, but this particular actor has a large footprint in other open source projects so there is no guarantee that local services that you might actually use in your Waller's PC are not affected by a different vulnerability.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!