|
662
|
Bitcoin / Project Development / Re: [BOUNTY] 0.2 BTC bounty for figuring out entropy in this python app
|
on: June 12, 2013, 03:16:57 PM
|
Runeks - can you confirm I should send the 0.2 BTC bounty to 1runeksijzfVxyrpiyCY2LCBvYsSiFsCm? Jackjack - thanks for the additional input. It does indeed sound like OpenSSL has decent entropy sources: OpenSSL
OpenSSL implements such a hash-based entropy juicer. It provides a function RAND_add(buf, n, e) that adds a buffer of length n and entropy e to the entropy pool. Internally, the entry pool is just an MD5 or SHA1 hash state: RAND_add calls MD_update to add the bytes to a running hash computation. The parameter e is an assertion made by the caller about the entropy contained in buf. OpenSSL uses it to keep a running estimate of the total amount of entropy in the buffer. OpenSSL also provides a RAND_bytes(buf, n) that returns a high-entropy random byte sequence. If the running estimate indicates that there isn't enough entropy in the pool, RAND_bytes returns an error. This is entirely reasonable.
The Unix-specific code in OpenSSL seeds the entropy juicer with some dodgy code. The essence of RAND_poll in rand_unix.c is (my words):
char buf[100];
fd = open("/dev/random", O_RDONLY);
n = read(fd, buf, sizeof buf);
close(fd);
RAND_add(buf, sizeof buf, n);
Notice that the parameters to RAND_add say to use the entire buffer but only expect n bytes of entropy. RAND_load_file does a similar thing when reading from a file, and there the uninitialized reference is explicitly marked as intentional (actual code):
i=fread(buf,1,n,in);
if (i <= 0) break;
/* even if n != i, use the full array */
RAND_add(buf,n,i);
The rationale here is that including the uninitialized fragment at the end of the buffer might actually increase the actual amount of entropy, and in any event being honest about the amount of entropy being claimed won't break the entropy pool estimates.
Similarly, the function RAND_bytes(buf, n), whose main purpose is to fetch n high-entropy bytes from the juicer, adds the contents of buf to the entropy pool (it behaves like RAND_add(buf, n, 0)) before it fills in buf.
In at least three different places, then, the OpenSSL developers explicitly chose to use uninitialized buffers as possible entropy sources. While this is theoretically defensible (it can't hurt), it's mostly a combination of voodoo and wishful thinking, and it makes the code difficult to understand and analyze.
In particular, the RAND_bytes convention causes problems at every call site that looks like:
char buf[100];
n = RAND_bytes(buf, sizeof buf);
This idiom causes so many warnings with Valgrind (and its commercial cousin, Purify) that there is an #ifdef to turn the behavior off:
#ifndef PURIFY
MD_Update(&m,buf,j); /* purify complains */
#endif
The other two cases occur much more rarely: in RAND_poll, one would have to be reading from /dev/random when the kernel had very little randomness to spare, or calling RAND_load_file on a file that reported one size in stat but returned fewer bytes in read. When they do occur, a different instance of MD_update, the one in RAND_add, is on the stack trace reported by Valgrind. http://research.swtch.com/openssl |
|
|
|
|
663
|
Economy / Scam Accusations / Re: CanadianGuy - self admitted scammer
|
on: June 12, 2013, 03:07:24 PM
|
Scammer tag for those not honoring bets would be good for the forums. Let's not forget that a bet involves money, and if "CanadianGuy" would have won, he would have gladly taken the money. If he loses, he doesn't pay - win/win for him, and definitely a scam.
I would even go further and apply a scammer tag to the jokers that a) create auctions and then do not honor the winner because the final price is not high enough, without having established a minimum price; b) do not honour their bids in auctions; c) pump the price in public auctions with "bids received by PM" that nobody can verify.
I know that all the above is not technically a scam (well, probably C is), but some control to the auctions subforums would do good to everybody. Otherwise, half of the auctions are just an ugly way to lose time.
I completely agree. If you make a financial promise and fail to hold up that promise, and fail to make retribution for not holding up that promise, then you deserve the scammer tag. So, when is he getting the scammer tag? I wish not to be THE one to add it (first) but this is really interesting, and this "Canadian" is just not coming through to make everyone "happy"  I left scammer feedback for him. Did he scam you? Were you affected by his intended scam? Did you ever even have a transaction with him that went bad? (No I'm not defending his sleezy actions, I'm just questioning allowing non-connected parties to give feedback to others). This is what I'm not liking about the transaction independent ratings on this forum now. It's too easy to astroturf opinions. You could (as you do for all your advertisements) just pay 20 people to post a negative feedback on someone else and make it appear that they are in fact bad. This forum pretends to manage reputations by giving scammer tags to those who cheat and steal, but it fails to manage against the most fragile part of a reputation-- susceptibility to libel and slander. I'm not talking about CanadianGuy here whom I know nothing about, but in this cultist community it's very easy for 10 people who are in cahoots to cast doubt on otherwise respectable people to the point that people will hesitate to do business with them. The forum needs to either start managing reputations fiercely, or stop doing it at all. Reputation should not be based on the opinions of those that have nothing to do with them. Random sockpuppet: I don't like TradeFortress, so I'm going to create 10 accounts and call him a scammer on all of them. Newbie: That tradefortress has too many scammer accusations, I'm afraid to do business with them. Moderator: Free market herp derp This problem exists whether there is a reputation rating or not. People can sockpuppet threads and call a perfectly innocent person a liar and a thief just as easily as they can leave negative feedback ratings that point to such sockpuppet posts. It's not something that can be easily dealt with by any service providing reputations for their members. eBay, heatware, etc all have the same potential problem. |
|
|
|
|
664
|
Bitcoin / Project Development / [BOUNTY] 0.2 BTC bounty for figuring out entropy in this python app
|
on: June 12, 2013, 05:52:30 AM
|
A long while ago, when I was in to generating vanity addresses, I used this set of python scripts: https://mega.co.nz/#!DwQlmL4L!ISzPiTuA5Y0PUIQNv79cy0PhJ4VlFEbLXx7c4ouN7jI I didn't write the script, but I would like to know how safe Bitcoin addresses that were generated with this script are. So, a 0.2 BTC bounty to anyone who can find the source(s) of entropy in this code, and describe how easily those addresses could be regenerated. I've never learned python, so it's a bit difficult for me to follow what is happening in the code. EDIT: I suspect the randomness would be in the generate.py file, so I'll paste that code here for ease of looking at: from __future__ import print_function
import hashlib
import time
import binascii
import base64
import sys
import ahocorasick
ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
def base58encode(inp):
BASE = 58;
bi = int(binascii.hexlify(inp), 16)
s = ""
while bi > 0:
s = ALPHABET[bi%BASE] + s
bi = bi/BASE
nPad = 0
for c in inp:
if c == '\0': nPad += 1
else: break
return (ALPHABET[0]*nPad) + s
def public2address(publickey):
ripemd = hashlib.new('ripemd160')
version = '\x00'
ripemd.update(hashlib.sha256(publickey).digest())
keyhash = version+binascii.unhexlify(ripemd.hexdigest())
checksum = hashlib.sha256(hashlib.sha256(keyhash).digest()).digest()[0:4]
bitcoinaddress = base58encode(keyhash+checksum)
return bitcoinaddress
def main():
outfile = sys.argv[1]
target = sys.argv[2]
from M2Crypto import EC
curve = 'secp256k1'
ec_curve = eval('EC.NID_%s' % curve)
tree = ahocorasick.KeywordTree()
file = open(target)
print("Reading file...")
for line in file:
l = line.rstrip()
tree.add(l)
print("Generating tree...")
tree.make()
ec = EC.gen_params(ec_curve)
CONST1 = binascii.unhexlify("308201130201010420")
CONST2 = binascii.unhexlify("a081a53081a2020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f300604010004010704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141020101a144034200")
test = False
count = 0
t = time.time()
interval = 500
with open(outfile, 'a') as finds:
while True:
ec.gen_key()
#M2Crypto adds some stuff to the public key
pubkey = ec.pub().get_der()[23:]
address = public2address(pubkey)
where = tree.search(address.lower()[:10])
if test or where:
print("Address: "+address)
print("Public key: "+binascii.hexlify(pubkey))
#For some reason it can only save the private key to a file -.-
ec.save_key("key"+outfile, None)
with open("key"+outfile) as keyfile:
keyfile.readline()
priv = keyfile.readline().rstrip()
#M2Crypto adds some stuff to the private key.
#Removing it, and re-encoding to base58
shortpriv = base64.b64decode(priv)[7:-9]
print("Private key base58: "+base58encode('\x80'+shortpriv+hashlib.sha256(hashlib.sha256('\x80'+shortpriv).digest()).digest()[0:4]))
priv = CONST1 + shortpriv + CONST2 + pubkey
print("Private key full hex: "+binascii.hexlify(priv))
if not test:
word = address[where[0]:where[1]]
print(word)
finds.write(word+" "+address+" "+binascii.hexlify(pubkey)+" "+binascii.hexlify(priv)+"\n")
print("")
count += 1
if count%interval == 0:
dt = time.time() - t
print(str(int(interval/dt)) + " keys/sec ",end='\r')
t = time.time()
main() |
|
|
|
|
666
|
Economy / Scam Accusations / Re: CanadianGuy - self admitted scammer
|
on: June 11, 2013, 10:49:40 PM
|
|
I think the main difference is that BFL, as a company, can choose to do business or not do business with whomever they want. It doesn't bode well on their reputation that they did it, but they didn't scam anyone in my opinion - they gave the guy a full refund. It is certainly a gray area though.
With regards to the bet, there is no refund to give. He paid exactly $0, but is still owed 1 BTC, because those were the terms of the agreement.
Think of horse race betting.
- Five customer gives the betting counter, say, $500 each to put on horse #32.
- Horse #32 wins.
- The betting counter says to those 5 customers, "Sorry, you said bad things about our establishment, so you didn't win the bet. But we'll give you your $500 back."
Would you not call the betting counter a group of scamming liars? Because this (with exception of actually taking BTC from the bettors upfront) is exactly what CanadianGuy is doing to johnblaze.
|
|
|
|
|
667
|
Economy / Scam Accusations / Re: CanadianGuy - self admitted scammer
|
on: June 11, 2013, 10:11:07 PM
|
I agree with a scammer tag for him. He shouldn't be promising to pay out on bets, only to renig on that promise when someone calls him a bad name. You can dislike someone all you want, but you still have to hold up your end of any deals you make.
This is not true. Just look at BFL and that Xian fellow. All CG would need to do is refund the BTC and the contract is void because Bitcoin. Since no coins were given to CG, CG can void the contract at any time just by saying so. The only possible way for CG to scam would be to take OP's BTC, lose, and then keep his BTC instead of refunding. BFL owes customers either a mining machine or the money they paid for them. BFL promises to eventually deliver, and is refunding anyone who no longer wishes to wait. CG owes johnblaze 1 BTC, but says **** you, I'm not paying you anything. |
|
|
|
|
668
|
Economy / Scam Accusations / Re: CanadianGuy - self admitted scammer
|
on: June 11, 2013, 09:52:21 PM
|
|
I agree with a scammer tag for him. He shouldn't be promising to pay out on bets, only to renig on that promise when someone calls him a bad name. You can dislike someone all you want, but you still have to hold up your end of any deals you make.
|
|
|
|
|
669
|
Economy / Speculation / Re: price will pop back up to $120 monday morning
|
on: June 11, 2013, 09:45:42 PM
|
@CanadianGuy: Please pay johnblaze if you can.
No. He called me a scammer before I realized my mistake. I had full intention of paying everyone who won, but his comments changed that. The final answer is no. Then you're still a scammer. |
|
|
|
|
670
|
Economy / Speculation / Re: price will pop back up to $120 monday morning
|
on: June 11, 2013, 06:59:16 PM
|
4 people pointed out my mistake, and then i refused to payout? no. you mentioned it once, I didn't believe you, and then checked the thread and saw it. By then, there were new posts. I did not argue against anybody in this whole thread except you. Basically you're the runt of the litter who's still bitchin he didn't get in. You got left out, and now you're crying cause nobody wants to play with you  Quite honestly, if you make a promise (a bet is a promise), then renig on it, that deserves a scammer tag. I don't care the circumstances. I don't care how much you like or don't like a person. I don't care what names he has called you. You made a promise to pay him 1 BTC if certain conditions were met, those conditions were met, and you are refusing to pay him. Scammer in my book. |
|
|
|
|
671
|
Economy / Speculation / Re: What is the logical explaination for a single 5k buy causing 10 dollar slippage?
|
on: June 11, 2013, 06:54:55 PM
|
Manipulating the market medium-long term provides enough gains to allow for such losses, or, fat fingers.
What I want to know though, how these gains can be made by this 5k buy + 4k wall stunt? My assumption is that the person was hoping the 4k wall would stabilize the price. It didn't, and he lost money. Not everything works out perfectly for the big-money investors. So you think his stunt has failed? From the face of it, it appears so. I can't think of any valid strategy where a bid wall eaten through is a positive for the bid wall owner. |
|
|
|
|
672
|
Economy / Speculation / Re: What is the logical explaination for a single 5k buy causing 10 dollar slippage?
|
on: June 11, 2013, 05:15:22 PM
|
Manipulating the market medium-long term provides enough gains to allow for such losses, or, fat fingers.
What I want to know though, how these gains can be made by this 5k buy + 4k wall stunt? My assumption is that the person was hoping the 4k wall would stabilize the price. It didn't, and he lost money. Not everything works out perfectly for the big-money investors. |
|
|
|
|
676
|
Economy / Goods / Re: Thinking about creating my own physical Bitcoin...
|
on: June 11, 2013, 03:06:50 AM
|
My thoughts on the design: Having the Americas on the obverse might be too American-centric? (Although you would have the other countries on the back they are smaller.) The binary goes on the edge of the coins? And have it say something else? Maybe a different font that gives more of a feeling of "safety", "security", "trust"?
Would definitely be interested if you make it look good and be secure. Around B1.4 would be better because a Casascius coin is B1.6 retail now.
Ok, I'll change it from the americas to something else. Just hard to find other views of the earth with CC licensing in a format that can easily be changed to what I want. But it will be done! Mosty, I just want to be sure that it is easily recognizable as the earth, even when partially obscured by lettering, etc. Binary on the edge of the coin is an interesting idea, or maybe even something else on the coin edge. I was thinking of even just doing a basic rough edge like you would find on a US quarter. I didn't even change from the default font, not knowing what might look good. Any suggestions on a specific font I could try? This may sound cheap but have you tried fivver.com yet for ideas on design? Just $5.00 each. I know this may come off as sounding harsh but the design that I saw a few pages back is hideous, please reconsider it. Hey, I'll take criticism! Criticism is good. Certainly, the design on the prior page is not meant to be a final design - I will fully admit that I am no graphic design guru! From what I gather, most mints have graphic designers on-hand to help with designing a great-looking coin, so those will likely be the professionals I turn to. But, if you have any specific suggestions for improving my rough-draft design, I would love to hear them. Put me down for 10 of the first 150.
Thanks, I will! |
|
|
|
|
677
|
Economy / Goods / Re: Thinking about creating my own physical Bitcoin...
|
on: June 11, 2013, 02:02:15 AM
|
My thoughts on the design: Having the Americas on the obverse might be too American-centric? (Although you would have the other countries on the back they are smaller.) The binary goes on the edge of the coins? And have it say something else? Maybe a different font that gives more of a feeling of "safety", "security", "trust"?
Would definitely be interested if you make it look good and be secure. Around B1.4 would be better because a Casascius coin is B1.6 retail now.
Ok, I'll change it from the americas to something else. Just hard to find other views of the earth with CC licensing in a format that can easily be changed to what I want. But it will be done! Mosty, I just want to be sure that it is easily recognizable as the earth, even when partially obscured by lettering, etc. Binary on the edge of the coin is an interesting idea, or maybe even something else on the coin edge. I was thinking of even just doing a basic rough edge like you would find on a US quarter. I didn't even change from the default font, not knowing what might look good. Any suggestions on a specific font I could try? |
|
|
|
|
678
|
Economy / Goods / Re: Thinking about creating my own physical Bitcoin...
|
on: June 10, 2013, 11:27:11 PM
|
any chance of making small denominations?
0.01, 0.05, 0.10?
I was thinking about 1 BTC, 500 mBTC, and 100 mBTC. I could go smaller to 50 mBTC and 10 mBTC, but the cost would have to be much higher than the face value to make them viable. On the 10 mBTC piece, I'd have to charge around 45mBTC per coin just to cover variable costs, and the final price would likely be much higher than that. But, I am still looking at various coin minters - I may be able to find a lower cost minter. So, I think it is a definite possibility to go down to at least 100 mBTC, and possibly 50 mBTC. I don't know that 10 mBTC is practical at this point though. Thank you, I appreciate the feedback, having smaller denominations like this really helps to spread the word about these things. Sure I could buy 10 Casascious coins but that would cost me $1000+ USD. I would love to be able to buy $100.00 of .05 BTC coins to send to my friends, family, holiday gifts etc. Yep, that makes sense! I'll try to target a small denomination on a cheap coin (but still secured by the best security hologram I can buy) for those sorts of purposes. |
|
|
|
|
679
|
Economy / Goods / Re: Thinking about creating my own physical Bitcoin...
|
on: June 10, 2013, 11:26:18 PM
|
|
Thanks for the advice data_teks. As I said, it would take around 150 coins preordered at 1.4 BTC/ea to cover the fixed and variable costs (including funding the coins). I am not sure I could generate that much in pre-orders, but it is so hard to tell how much of a market is out there! I might just create a quick market survey to find out.
I really wish I had the funding to just bootstrap it myself. I mean, I could if I took out some debt, but I really don't have any room in my budget to support debt payments. We're a single-income family with college loans, a mortgage, and all of that, there's just not that much room there. Still looking around for whatever options present themselves. I've spoken with a few people interested in investing, but haven't had any satisfactory deals work out on that end either.
|
|
|
|
|
Show Posts
