|
1541
|
Bitcoin / Development & Technical Discussion / Re: Generate public key from 256 bit private key
|
on: April 11, 2014, 03:25:26 AM
|
OpenSSL is probably not the best tool. The issue is there is no parameter for "just give me the raw private key and compressed public key in hex format. Here is the closest I have found C:\OpenSSL-Win64\bin>openssl ecparam -name secp256k1 -genkey -noout -outform DER -out e:\priv.der
Loading 'screen' into random state - done
C:\OpenSSL-Win64\bin>openssl ec -conv_form compressed -inform DER -in e:\priv.der -text -noout
read EC key
Private-Key: (256 bit)
priv:
00:f3:30:10:43:d3:aa:3e:ba:c9:c3:3e:ba:74:7f:
be:6f:05:7e:2e:01:b0:1c:c8:c9:d3:ac:86:59:c4:
63:f1:3d
pub:
03:a0:3b:51:eb:dc:99:50:c6:76:7e:c9:5b:43:fd:
73:4b:50:ed:48:2e:98:4a:28:09:8f:c2:bc:17:c9:
4e:2b:fe
ASN1 OID: secp256k1
If you need it output to a file you can use a pipe output like C:\OpenSSL-Win64\bin>openssl ec -conv_form compressed -inform DER -in e:\priv.der -text -noout > e:\keypair.der
read EC key
The prior screen output will be redirected to the file. You are still going to need to do some parsing but it should be cleaner. One thing to watch for is there is a leading zero 0x00 before the private key (not it is 66 hex values not 64). Also I was having some issues verifying output using brainwallet. It wouldn't accept some keys despite being valid (might be a browser issue) and I don't like how it will replace outputs when you click in an attempt to refresh. I would recommend using bitaddresses.org instead (use the wallet detail tab). |
|
|
|
|
1542
|
Bitcoin / Project Development / Re: I am going to build a true random number generator ...
|
on: April 10, 2014, 05:50:27 AM
|
The source or the tube however isn't going to be the bottleneck (at least through 1 kbps). The hard part is going to be getting a timing circuit which can register events with sufficient accuracy. We are talking an average interval of 500 microseconds so a timer with microseconds scale accuracy (or at least tens of microseconds) is going to be necessary. This is beyond the capability of most micro controllers, and it probably going to mean a dedicated real time clock ( something like http://www.maximintegrated.com/datasheet/index.mvp/id/4627/ln/en ). As a proof of concept I am going to start out without a RTC but that means much lower timer accuracy and lower throughput first. Something in the order of <3,000 cpm which produce ~24 bps of entropy. Even that will depend on micro controller having true 1ms clock accuracy. For the early test I am going to use a gas lantern mantle (thorium & beta emitter) as the particle source. noticed this statement here.... not sure if its been mentioned already but i regularly use the latest 32-bit microcontrollers from Arduino (Due) and chipKit (Max32). they can both run an accurate microsecond counter with 10s of microsecond program loop-time. so it seems well within needed resolution. processing the timestamps using some logic statements will increase the loop-time but i think you can very likely keep it under 50us. edit: did some tests using a fairly reliable pulse generator (AMPI master-9, stated at <4us accuracy for up to a few days of running time) 1) loop-time of the max32 running only a microsec counter and a digitalWrite pin (TTL output) is about 5us loop-time 2) adding a serial connection (usb) and a printTimestamp routine to print the microsec timestamp is about 10us loop-time 3) adding a digitalRead routine with a 500hz square input on the pin takes us to about 45us - printed timestamps have about a 2us jitter over a 2 min recording 4) adding another digitalRead routine on a second pin with 60hz input has little to no effect ... after 20min of testing, seems <50us was a decent guess  Thanks for confirming that, I was going off of (flawed) memory. The clocks in modern microcontrollers are better than I remembered. I did a similar set of test last night (although I had no pluse generator so I used a second microcontroller as a poor man PG). I got similar results. I am confident now that if I can keep loop latency under 50 us that means shooting for an average interval period of 500 us is feasible. That would require a source & tube combination capable of ~120K cpm, and would give us ~900 bps of filtered entropy. At 240k cpm might be able to push that up to ~1600 bps. |
|
|
|
|
1544
|
Bitcoin / Bitcoin Discussion / Re: Can we talk about removing SSL from the payment protocol and put PGP?
|
on: April 09, 2014, 08:02:46 PM
|
Well my main focus is getting a decentralized key server, if it supports SSL first then pgp then fine. Thank you for clarifying I think a decentralized keyserver for those who wish to avoid the counterparty risk of CAs (not necessarily SSL) is a very good idea. SSL is very adaptable openssl ecparam -genkey -name secp256k1 -out e:\server.pem
openssl req -new -x509 -nodes -sha256 -key e:\server.pem > e:\server.cert
openssl x509 -in e:\server.cert -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
cd:a5:2d:4d:4c:b1:34:94
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=I am as secure as bitcoin itself
Validity
Not Before: Apr 9 19:51:02 2014 GMT
Not After : May 9 19:51:02 2014 GMT
Subject: CN=I am as secure as bitcoin itself
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:86:80:e3:3b:d6:0e:ab:13:bf:03:5e:ca:02:04:
4e:e1:82:7e:10:50:b1:9d:75:d9:4e:63:c6:75:9b:
7f:2b:06:c8:e1:11:9c:63:5c:25:29:6a:d3:8f:ee:
ae:b0:64:6d:36:80:29:6b:85:ce:73:98:fe:68:22:
cf:df:f6:62:53
ASN1 OID: secp256k1
X509v3 extensions:
X509v3 Subject Key Identifier:
14:ED:A5:89:CD:E8:AB:AA:BF:1D:6D:70:17:81:14:C1:B2:51:BC:3E
X509v3 Authority Key Identifier:
keyid:14:ED:A5:89:CD:E8:AB:AA:BF:1D:6D:70:17:81:14:C1:B2:51:BC:3E
X509v3 Basic Constraints:
CA:TRUE <-should probably be false but didn't feel like setting up config file
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:65:10:58:29:47:c8:3d:b7:aa:d0:ef:fc:80:47:
4e:72:77:e5:a5:58:48:0d:6c:37:8f:fc:3d:fc:e1:34:cd:b3:
02:20:4d:14:5e:8f:0d:31:35:84:20:2d:5a:be:6a:3a:ea:e0:
7a:69:6d:1e:45:66:4f:5b:e2:d8:57:59:2f:27:4d:ba Hell you could even put a backup of the private key in your wallet (or use it as an address too). I am also not a big fan of openssl, that also is playing into it. I rather they used http://nacl.cr.yp.to/. Ideally the calls would be encapsulated using an interface then support for other crypto libraries would be plug and play (well maybe not plug and play but far easier for developers once wrappers were written). For example I may want to use a smartcard for signing and currently that requires a whole host of ugly refactoring but if there was an interface I could write against I simply swap the openssl wrapper for the smartcard wrapper and compile. |
|
|
|
|
1545
|
Bitcoin / Bitcoin Discussion / Re: Can we talk about removing SSL from the payment protocol and put PGP?
|
on: April 09, 2014, 07:30:25 PM
|
Well technically you can use a X509 to relay pgp information. I think a PGP certificate would be stronger and better in this case. Also X509 is weak with the signature algorithms, you don't need a link to show that. Well the subtleties do matter. X509 CAN support weak signature algorithms but it can also use require only cryptographically strong algorithms as well. openssl req -new -x509 -sha512 ...
The support for older weaker algorithms is mostly for backwards legacy support, support which isn't needed for a greenfield implementation. No reason that a particular users (or any user) would need to support weak signature algorithms. You can also use MD5 to hash PGP messages as well. If both can be implemented without CAs, both can support key servers, both can use a node network for DHT storage of public keys and/or certs then ultimately the only advantage of using PGP over SSL would be that it is more secure. Sorry you haven't shown that PGP would be more secure than self signed SSL certs. This isn't an academic debate. It is almost certain that Bitcoin will support SSL in payment protocol so it doesn't come down to PGP vs SSL it comes down to SSL vs SSL + PGP. Adding another entire dependency just because weak SSL certs might be weak (and strong ones are cryptographically unbreakable) is well not a very strong argument. |
|
|
|
|
1546
|
Bitcoin / Legal / Re: Bitcoin being classified as property is far, far, far better than having it be c
|
on: April 09, 2014, 06:42:33 PM
|
But - if bitcoin is taxed as a currency it would be possible to make a multitude of small purchases to avoid paying tax on the appreciation. For example, if I bought a bitcoin in 2013 for $10, and by 2015 it's worth $10,000, I could make a lot of $200 purchases and avoid getting taxed on the gains. I could see why the IRS would not favor that result.
I am not a tax attorney or CPA I don't know all the limits and caveats of the foreign currency rules. I would imagine there probably are some annual caps to the exemption and if there isn't (because most currents are inflationary so you are just jumping from one sinking ship to another one) then I would imagine Congress would put some limits in quick if people are using it to exempt huge sums of wealth. On edit: Well you got me curious so I looked it up. At the current time there doesn't appear to be an annual cap only a limit of $200 gain per transaction. It is important to note this is an all or nothing exemption. If the gain is $200.00 (or less) no taxes are due. If it is $200.01 or more then taxes are due on the entire $200.01 (not just the portion over $200). Of course an annual cap or limit could be imposed in the future (Congress is good about doing stuff like that). This shouldn't be considered financial or legal advice, one should always consult with an attorney or accountant for professional advice.
26 U.S. Code § 988 - Treatment of certain foreign currency transactions ...
(e) Application to individuals
(1) In general
The preceding provisions of this section shall not apply to any section 988 transaction entered into by an individual which is a personal transaction.
(2) Exclusion for certain personal transactions
If—
(A) nonfunctional currency is disposed of by an individual in any transaction, and
(B) such transaction is a personal transaction,
no gain shall be recognized for purposes of this subtitle by reason of changes in exchange rates after such currency was acquired by such individual and before such disposition.
The preceding sentence shall not apply if the gain which would otherwise be recognized on the transaction exceeds $200.
(3) Personal transactions
For purposes of this subsection, the term “personal transaction” means any transaction entered into by an individual, except that such term shall not include any transaction to the extent that expenses properly allocable to such transaction meet the requirements of—
(A) section 162 (other than traveling expenses described in subsection (a)(2) thereof), or
(B) section 212 (other than that part of section 212 dealing with expenses incurred in connection with taxes). |
|
|
|
|
1547
|
Bitcoin / Bitcoin Discussion / Re: Can we talk about removing SSL from the payment protocol and put PGP?
|
on: April 09, 2014, 06:36:15 PM
|
Yes SSL protocol supports it but no browsers (Firefox does) really support that feature, no web server really makes use of that of feature. So what makes bitcoin going to support? How would Bitcoin support PGP client public keys? Whatever the solution replace PGP public key with SSL Client cert. Not saying SSL is better but not seeing how we gain anything by going to PGP. Well the X509 also isn't that strong. I mean if people think that SSL cert would work better in a decentralized environment I am open to it but I don't think SSL certificates aren't strong enough for this. Ok now we are talking or at least to the heart of the matter. Do you have a cite or link where X509 would fail that PGP wouldn't? |
|
|
|
|
1548
|
Bitcoin / Bitcoin Discussion / Re: Bitcoin Core (Bitcoin-Qt) 0.9.1 released - update required
|
on: April 09, 2014, 06:32:38 PM
|
I keep small amounts in my pc wallet for casual spending. I applied the 0.9.0->0.9.1 update and once done syncing, the client told me that my database was corrupt and wanted to reindex it. I allowed it to, and sometime during the sync, 1.3 BTC went from confirmed to unconfirmed and hasn't moved since (24 hours or so I'd guess). Any ideas/suggestions?
If you look in the transaction list do you see any tx which are unconfirmed? If so check another source (blockr.io or blockchain.info) to determine if the tx is indeed unconfirmed. |
|
|
|
|
1549
|
Bitcoin / Bitcoin Discussion / Re: If the real Satoshi came back and said...
|
on: April 09, 2014, 06:27:14 PM
|
He also made some mistakes, and some decisions of questionable value.
Examples? Here are a few that come to mind right away: Allowing the coinbase transaction to have the same hash in multiple blocks? Allowing the miner to create a block that doesn't pay out the full reward? Requiring the public key to be included along with the signature in the transaction inputs? I'm sure there are others, but I figure 3 is enough to prove the point. Allowing unconfirmed transactions to be malleable (one can say don't rely on tx id however the tx id could have been constructed to be immutable from day 0). Using the use of uncompressed public keys (no advantage over compressed keys and given how critical space in the blockchain is it bloats the resource requirements). Using 160 bit for PubKeyHash while PubKey only has 128 bit security (to benefit from 160 bit PubKeyHash would require 320 bit ECDA). Having early coinbase tx payout to pubkeyhash instead of address (just adds needless complexity and now is a legacy cost). All these vulnerabilities https://en.bitcoin.it/wiki/Weaknesses#Security_Vulnerabilities_and_bugsNone of this should be an attack against Satoshi, he was brilliant, did what many considered impossible, and solve/prevented entire categories of exploits but he wasn't omnipotent. |
|
|
|
|
1550
|
Bitcoin / Bitcoin Discussion / Re: Can we talk about removing SSL from the payment protocol and put PGP?
|
on: April 09, 2014, 06:13:53 PM
|
With PGP we could validate two way, that the company is talking to the right user and user could be talking to the right company. That is a valid point although SSL does support client certs. Bitcoin would be extended to expose that support making it identical to PGP in that respect. Also PKI are expensive so we can't really have any community involvement this yet. Where is we used a key server that was decentralized like using a DHT, we can then not have to worry about hacks on CA's or it being expensive to start your own. We also could use each full node be a key server and then you query everyone of them for the public key for the company you want to validate from. With majority rule on what is the correct public key. All of that can be done with SSL self signed SSL certs as well. I guess my point is you seem to be indicating that CA = bad therefore don't use SSL. SSL can be used in a self signed fashion. You could have SSL self signed key servers, you could load them into the network DHT style essentially replace public key in your example with SSL cert and the same thing applies. |
|
|
|
|
1552
|
Bitcoin / Bitcoin Discussion / Re: bitcoin core updated to 0.9.1
|
on: April 09, 2014, 06:09:18 PM
|
You know, I was looking at their 0.9.0 version of the Bitcoin client, it said FINAL in big capital letters and then I thought "What if they find a new bug or vulnerability in it, then it won't be the final version at all will it?" open source software will always be improved upon and always be updated because there are so many people looking at the code and finding things.
Final on any version of Bitcoin simply distinguished between that and the release candidate. i.e. 0.9.0 RC1, 0.9.0 RC2, <insert as many Release Candidates as necessary to resolve outstanding issues)>, 0.9.0 Final. Version 0.9 is final it will never be updated. Case in point the next release was v0.9.1 |
|
|
|
|
1553
|
Bitcoin / Legal / Re: Bitcoin being classified as property is far, far, far better than having it be c
|
on: April 09, 2014, 06:06:08 PM
|
It depends on how it is used. In the US currency gains of less than $200 on transactions involving the purchase of goods or service by an individual (sorry for profit businesses this doesn't apply) are exempt from any taxes. This is why if you go on vacation to Mexico for example and exchange $100 for pesos, and before you buy a beer the next day, it doesn't matter if the exchange rate rises slightly. If the pesos you now spend are worth $101.20 you don't have to keep a record of each transaction, amount, time, corresponding exchange rate, and then load all that into your tax software to compute a currency gain of $1.20. For exempt transactions, it is considered a de-minimis gain and you are not required to report it or pay taxes on it. As an example lets look at a consumer who buys 4 BTC from coinbase at $500 ea and later spending those to buy a $1,500 computer from tigerdirect for 2.9 BTC ($517 exchange rate). Today under IRS guidance there is a $49.30 gain and it would need to be reported as a capital gain tax. The problem isn't so much the tax but all the complex of the recording and computing of that tax. The time, exchange rate, and amount of each purchase and spend needs to be recorded and the capital gain schedule filed out, the gains have to be categorized as long vs short and the applicable rates applied. If it was treated as a currency then the transaction would simple be exempt. Not only does the taxpayer pay nothing they don't need to file anything. Of course right now Bitcoin is appreciating (or at least has the potential to appreciate) and the gains may be more than $200 so it may not make much difference, however in a decade or two if/when Bitcoin is much larger and the growth rate much slower it would be much simpler for most average user of the currency if it was treated as a currency. Regardless of it one wants it to be treated as property, there is no logical reason for it: * You exchange $100 for pesos and spend them. Treated as a currency (and in most cases is exempt). * You exchange $100 for euros and spend them. Treated as a currency (and in most cases is exempt). * You exchange $100 for pounds and spend them. Treated as a currency (and in most cases is exempt). * You exchange $100 for yuan and spend them. Treated as a currency (and in most cases is exempt). * You exchange $100 for yean and spend them. Treated as a currency (and in most cases is exempt). * You exchange $100 for Bitcoin and spend them. Magically it is "property" and capital gains need to be computed. WTF? Think about it for a second. Have you ever traveled overseas on vacation or business? If so did you exchange USD for foreign currency and use it to pay for goods or services? Did you then track the exchange rate at the time of the exchange and at the time of each purchase, record all that in a log, and compute the total gain if any ad at the end of the year take that log plus the logs for all other trips and add it to your tax return? I am guessing not. |
|
|
|
|
1556
|
Other / Beginners & Help / Re: Stop the "correct horse battery staple" debacle.
|
on: April 09, 2014, 05:51:12 PM
|
I see. Thanks for your help.
No problem. Entropy (and randomness in general) is a hard thing for most people to grasp so if you get it, you are already ahead of the pack. The entropy of truly random passwords is just a straightforward equation. For human chosen passwords it gets a lot fuzzier. Honestly humans are so bad at choosing strong passwords, most methods for estimating them are probably too optimistic. Most human passwords can be easily broken unless per record salt and key stretching is used. The bad news for users of a website for example is you have no idea how the site is storing passwords. MtGox for example stored passwords using MD5 hash and no per record salt. This site IIRC uses SHA-256 but doesn't employ any key stretching. If users had a strong assurance how the password was used they could actually use shorter random passwords with confidence. Also if the password is already compromised (and there are dictionaries of tens of millions of previously compromised passwords) the entropy is essentially zero. I now finally understand why Electrum seed is just 128 bits when it has 12 words, it is simply because log1626/log 2*12 = 128.005 A seed is encoded with 12 words from a 1626 words dictionary.
I am not sure why 12 words from 1,626 was chosen but I am sure there is a reason. At first glance it would seem a larger wordlist could have easily been used. Wordlist Words for 128bit Notes
1,626 12 "Special English" word lists for those learning English ~1,500 words (i.e. Voice of America word list)
3,184 11 The average vocbulary for a non-native speaker is ~4,500 words
7,132 10 A good subset of common vocabulary without too many overly complex words
19,113 9 The average adult US native speaker has a vocabulary of ~20,000 words (although a much smaller portion is used daily)
65,536 8 Oxford English Dictionary (full 20 volume set) has 171,476
319,558 7 Google books project has indexed ~1 million unique non-scientific words
2,642,246 6 Beyond the limit of any single dictionary list. Including all unique record English words the upper limit is closer to 5M+ words.
50,859,009 5 I am taking a guess here but this is probably beyond the limit of all unique combinations of latin letters ever used in all languages on the planet. So 12 words is probably using a shorter list than necessary but it only adds one or two words to the length of the key. 11 or 10 words is a good starting point if someone was developing a new system (could take out the ~600 least common words from diceware). 9 words might be possible but with 19,113 words needed you are looking at ~200KB in storage and probably going to need some less commonly known words. 8 or less is probably a poor design choice as to save one or two words you end up needing to use a dictionary with less common words like "jargogle" or "apricity".  The english language has grown significantly in the last century. |
|
|
|
|
1557
|
Other / Beginners & Help / Re: Stop the "correct horse battery staple" debacle.
|
on: April 09, 2014, 03:54:31 PM
|
It actually will as long as they are RANDOM words. The random is the hard part. Humans are actually very bad at coming up with random values. If you ask people to pick a random number between one and ten a significant portion (usually 20% to 50%) will randomly pick seven and very few will pick one or ten.
Apart from the "random" issue, there is one more problem. The site quoted is using a list of 7776 English words, but if you ask me to pick a few words myself, I would probably be picking the words from just a few hundred words (probably items in my house, people's name, brand name etc.). BTW, how is the entropy of the password calculated? Well since each word is random and there are 7776 possible outcomes that means each word has Log(7776) = 12.925 bits of entropy each. The entropy of the password would be # of words * entropy of each word. 5 words = ~64 bits <- sufficient for low security applications* 6 words = ~78 bits 7 words = ~90 bits <- sufficient for medium security applications* 8 words = ~102 bits <- sufficient for high security applications* which rely on an additional factor (i.e. bitcoin wallet requires passphrase AND the actual wallet.dat) 9 words = ~116 bits 10 words = ~130 bits <- beyond brute force of nation states both today and into the conceivable future * This assumes the passwords are stored securely using a key derivation function (strong hash, thousands of rounds, per record salt) DISCLAIMER: I strongly recommend against using a brain wallet for any reason but if someone is going to use them they should have a realistic understanding of what level of entropy is necessary to prevent compromise. Brain wallets require no second factor so the only security is a sequence which simply can't be brute forced by anything possible today (even by nation states) or for the foreseeable future. >128 bits of password strength is considered beyond brute force due to the sheer energy requirements necessary to search that keyspace. Remember with a brain wallet attacker(s) can simply precompute all probable keys (and that would include shorter diceware sequences). They can continue forever and slowly expand the database of know addresses. So the only real security would be a passphrase which is beyond brute force, anything else could have already been broken before you ever used it, or could be broken at any point in the future. So for RANDOM passphrases we are talking about: Dicewords (7,776 words) = 10 symbols (words) All keyboard symbols (95 unique printable symbols on standard US keyboard) = 20 symbols Case sensitive alphanumeric (a-z, A-Z, 0-9) = 22 symbols Case insensitive alphanumeric (a-z, 0–9) = 26 symbols Case insensitive Latin alphabet (a-z) = 28 symbols Arabic numerals (0–9) = 40 symbols So of these sequences I know which one is the easiest for me to memorizechive edt oat puffy crust kiss long omaha lucky bank 2q4$7hG33d$EAV$gsaR4 NSQPYAFSNTAKNPMVZDRRKWXXACVW TU9MQW97U99D42Y7TS4J6EGGKN 3363486927993949454245366885937555332592 Remember this only applies to truly random sequences. Human "random" passwords, ones based on symbol substitution (p@ssw0rd!), or taken from a book/move/song have significantly less entropy. For most of those it is only a matter of time until they are precomputed by attackers. |
|
|
|
|
1558
|
Other / Off-topic / Re: Only bears are true bitriots
|
on: April 09, 2014, 03:45:30 PM
|
|
There are no small stable markets anywhere in the world. They simply don't exist. The exchange rate between the USD and EUR isn't magically stable it is backed by $3T in annual trading. Bitcoin gets big (much much much bigger) or it never becomes stable. It is that simple.
|
|
|
|
|
1559
|
Other / Beginners & Help / Re: Stop the "correct horse battery staple" debacle.
|
on: April 09, 2014, 03:26:18 PM
|
To be honest, I don't think the idea illustrated is correct.
Combining a few common words won't give you a great password at all.
It actually will as long as they are RANDOM words. The random is the hard part. Humans are actually very bad at coming up with random values. If you ask people to pick a random number between one and ten a significant portion (usually 20% to 50%) will randomly pick seven and very few will pick one or ten. Using a true random source like rolling dice is a good method to generate a secure passphrase. Here is an example: http://world.std.com/~reinhold/diceware.htmlThese were rolled randomly chive eat oat puffy crust kiss = 63 bits of entropy (probably better than 99% of the non-random passwords used on this site right now) chive eat oat puffy crust kiss long = ~80 bits of entropy (strong enough for most applications, roughly the equivalent of 12 digit random alphanumeric (Y22N^56a%$98) chive edt oat puffy crust kiss long omaha lucky bank = ~128 bits of entropy (considered beyond brute force regardless of the computing power of the attacker) |
|
|
|
|
1560
|
Other / Beginners & Help / Re: Same Address generated by 2 Clients
|
on: April 09, 2014, 03:02:59 AM
|
Couldn't coins just implement a fix for this? Like maybe create a few servers that manage address generation?
Also, I imagine that if walmart or Amazon started accepting a cryptocurrency they would likely get insurance coverage to protect them against any kind of computer failure/error including this.
Amazon should get "asteroids capable of killing all life on the planet" insurance coverage as the odds of that happening are quadrillions of times more likely than a 160 bit random collision. I didn't say they should get insurance specifically for that issue I'm saying that I'm sure they would have some kind of insurance clause that covers a wide array of random computer glitch type issues. I don't think any insurance company is going to write a policy for "losing" coins which can never be definitively proven as lost. This isn't a "computer glitch" it is a fundamental characteristic of how ALL public key cryptographic systems work. SSL, TLS, PGP/GPG, DSA, etc they all work on the concept that creating a duplicate private key is infeasible (but not theoretically impossible). |
|
|
|
|
Show Posts
