Bitcoin Forum
May 19, 2019, 11:40:34 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 »
1  Bitcoin / Hardware wallets / Re: John Mcafee & Bitfi launch the first 'unhackable' hardware wallet on: August 31, 2018, 12:04:04 AM
Does anyone know how the private key is generated?

I'm really hoping (but really not, for the sake of their customers) that it's something stupid and obvious, like a single SHA256 of the passphrase.

I wrote up the algorithm here last month: https://rya.nc/bitfi-wallet.html
2  Bitcoin / Hardware wallets / Re: John Mcafee & Bitfi launch the first 'unhackable' hardware wallet on: August 18, 2018, 07:31:40 PM
McAfee and Bitfi are very confident about their crypto-wallet's security.

Highly overconfident, as the wallet is utter garbage security wise. It's like they *tried* to make it insecure.
3  Bitcoin / Hardware wallets / Re: John Mcafee & Bitfi launch the first 'unhackable' hardware wallet on: August 02, 2018, 10:50:57 PM

Well, the opinion of every single person in crypto worth listening to on this corroborates your conclusions. They can screech all they want. That's not going to convince anyone.



I think "screech" is a good description of their social media "strategy".
4  Bitcoin / Hardware wallets / Re: Hardware Wallet Survey - please support! on: July 31, 2018, 08:31:52 PM
Bitfi's hardware wallet was confirmed to be a brain wallet variant.

I reversed it and published the algorithm. These addresses can be cracked without any access to the device.

https://rya.nc/bitfi-wallet.html
5  Bitcoin / Hardware wallets / Re: John Mcafee & Bitfi launch the first 'unhackable' hardware wallet on: July 31, 2018, 08:18:12 PM
They're currently trying to throw shade on me, claiming I'm out to get them due to some perceived personal slight.

This is false - I engaged on a very similar crusade when the now defunct ether.camp site was offering brain wallets without explaining what they were.

The siren call of brain wallets is strong, but we must fight back.
6  Bitcoin / Development & Technical Discussion / Re: Dormant BITCOIN Mining in 2018 - How its Done - Scanning for Lost Nuggets&Dust on: May 10, 2018, 06:53:53 PM
I'm the author of Brainflayer. This dude is full of shit. It's true that GPU-based software would be faster, however not 100x faster. Also, cracking elliptic curve keys has nothing to do with prime factoring.

The baby-step giant-step attack described can only be used on specific public keys - it does not work on addresses and it does not work on multiple simultaneous keys.

At best this person is selling snake oil. At worst, it's malware that will drain your wallet.
7  Bitcoin / Development & Technical Discussion / Re: How to use brainflayer on each cpu core ? multithreaded ? on: May 10, 2018, 06:46:02 PM
I am also interested in using the sequential hash function of brainflayer to sequence ALL inputs;  not just sequencing from left to right.

For example:
./brainflayer -v -I 0A00E00F00000F000008000000000E0000000000F000000E000080000C000001

I would like the A, E, F, F, 8,E, F, E, 8,... to sequence simultaneous or is there a command to break down sequencing into 8 digit partitions, using all fields or characters other than zero to que into the sequence command. Is this even possible?

0A00E00F
00000F00
00080000
00000E00
00000000
F000000E
00008000
0C000001

I'm not entirely sure what you're asking here. If you'd like to do a masked search iterating though only specified bits, I would consider adding that feature if you are willing to pay for it. However, my consulting fees are substantial.
8  Bitcoin / Development & Technical Discussion / Re: How to use brainflayer on each cpu core ? multithreaded ? on: May 10, 2018, 06:43:05 PM

i am from 3rd world, so its not expensive once the box is built, its just cheap electricity that matters and it gives me hope.
edit: the main struggle is keeping electricity on 24x7 and keeping internet on. as the power outages are common.


Whatever money you're spending on electricity would be better spent on gambling.
9  Economy / Service Discussion / Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. on: March 16, 2018, 01:47:17 AM
I plan to release an update adding support for this "passphrase plus xor" brainwallet variant, so don't go using it.
10  Alternate cryptocurrencies / Bounties (Altcoins) / Re: [BOUNTY][ICO] Change - The First Decentralysed Crypto Bank [ICO September 16th] on: September 17, 2017, 02:38:15 PM
I'm also getting a bunch of spam with "?bounty=timr" - they've all bee to the email address I'm registered to btc-e with, which got leaked a while back.
11  Bitcoin / Bitcoin Technical Support / How to spend coins to a non-standard p2sh address on: May 23, 2017, 04:14:55 PM
I've been trying to experiment with P2SH addresses and non-standard scripts. I've sent some coins on testnet to 2NGDaDjuNuXz1wzHkusqUKCEtvwGr1q3JUc, but I'm having a hard time spending the output.

The redeemScript is
Code:
$ bitcoin-cli -testnet decodescript 210251ec22f0bd150d3ffd84f627b1e65b9b17921dd1676c5e90627ab21d18158df7043133333775ac
{
  "asm": "0251ec22f0bd150d3ffd84f627b1e65b9b17921dd1676c5e90627ab21d18158df7 926102321 OP_DROP OP_CHECKSIG",
  "type": "nonstandard",
  "p2sh": "2NGDaDjuNuXz1wzHkusqUKCEtvwGr1q3JUc"
}

I was able to add it to my wallet using importmulti, but when I do listunspent it is not shown as spendable, and I haven't been able to spend via signrawtransaction. Can anyone point me to a tool that I can use to build the spending transaction?

I tried following along with this example: https://github.com/petertodd/python-bitcoinlib/blob/master/examples/spend-p2sh-txout.py

but when i call VerifyScript(txin.scriptSig, txin_scriptPubKey, tx, 0, (SCRIPT_VERIFY_P2SH,))

I get "P2SH inner scriptPubKey returned false"

Edit: Got it working, needed to use python3
12  Bitcoin / Project Development / Re: Large Bitcoin Collider (Collision Finders Pool) on: April 18, 2017, 04:57:05 PM
Also in the News (or not):

https://www.debian.org/mirror/list   <= 0 SSL mirrors
https://wiki.archlinux.org/index.php/Mirrors  <= 4 SSL mirrors
http://mirrors.opensuse.org/  <= 0 SSL mirrors

etc.  Roll Eyes But hey - why not?

I don't know about arch and suse, but Debian signs their packages with gpg, and a number of the mirrors are https (e.g. mirrors.kernel.org).
13  Bitcoin / Bitcoin Discussion / Re: Rare address hall of fame on: April 17, 2017, 10:31:11 PM
Yea you posted a 2 instead of a 1. I can confirm that signature is legit!  Cheesy Cheesy

I still can't see where it was screwed up, lol.
14  Bitcoin / Bitcoin Discussion / Re: Rare address hall of fame on: April 17, 2017, 07:41:34 PM
Look here: http://www.coinig.com/?adr=144187999121393192DxViqQKPPrghj9M3&msg=2017-01-16+controlled+by+ryanc&sig=H1t3t0ZE%2B%2FQayD0S7%2F2RfMUvz9Qsh%2F9cFW8obuc4K3VDTkTJF%2B30ZRcW97TrdW3iNfEonx8BfqiSrfYAcYIIeDU%3D

That message was not signed with 144187999121393192DxViqQKPPrghj9M3. It was signed with a different address. It's fake.  Sad Sad

The link got screwed up somehow. I fixed my previous post.

See also http://coinig.com/?adr=144187999121393192DxViqQKPPrghj9M3&msg=2017-01-26+controlled+by+ryanc&sig=H1t3t0ZE%2B%2FQayD0S7%2F2RfMUvz9Qsh%2F9cFW8obuc4K3VDTkTJF%2B30ZRcW97TrdW3iNfEonx8BfqiSrfYAcYIIeDU%3D
15  Economy / Services / Re: no upper/no lower address giveaway on: April 17, 2017, 07:25:11 PM
I am not sure what the difficulty is for the addresses with numbers mixed in, but it generally takes me under a minute to create those.
How long did it take for you to generate the address with only lowercase letters and no numbers, and what kind of specs did the AWS instance have?

You're referring to 1woukheyeacxfpxtpkxjqxureevdkbywj? I spent about a day and a half on that address with several dozen instances of various sizes.
16  Bitcoin / Project Development / Re: Large Bitcoin Collider (Collision Finders Pool) on: April 17, 2017, 05:50:50 PM
Okay, I'll try harder:

https://www.reddit.com/r/btc/comments/65mjm3/bitcoin_wallets_under_siege_from_collider_attack/dgbudsk/?st=j1kfl6t1&amp;sh=53798e72

Quote
It's impossible to find the private keys of existing bitcoin wallets unless they're brain wallets, so this project is a false claim. As we say in cryptography, the probability of this event is negligible.
For comparison, it's more profitable to just use your computer for mining. It's actually also more profitable to physically use your computer as a hammer to physically mine in your garden in the hope of finding gold.

There are bad ways to create bitcoin private keys besides brainwallets. Broken PRNGs being one of them, and keys people have deliberately made weak being another.
17  Bitcoin / Project Development / Re: Large Bitcoin Collider (Collision Finders Pool) on: April 17, 2017, 05:44:24 PM
On that qx again:

Is it really a security issue if I do:
Code:
qx{./hook-start} if (-x './hook-start');

And similar with the other hooks?

I mean that are shell scripts the user writes himself as these should be executed on certain events. How is this supposed to create a shell injection?
That would be the case if the argument to qx would be (there are other places) in a variable - yes?

But not in these cases. Just asking...


Rico


If there's no arguments, or the command is hard coded, there's no security issue with backticks/qx to the best of my knowledge.
18  Bitcoin / Project Development / Re: Large Bitcoin Collider (Collision Finders Pool) on: April 17, 2017, 04:21:42 PM
Since I'm looking at the code anyway, I notice that there's a bunch of command execution using qx{} which IIRC is equivalent to backticks, and potentially vulnerable to shell injection. This should probably be replaced with `open` or `system`with arguments passed as an array.
19  Bitcoin / Project Development / Re: Large Bitcoin Collider (Collision Finders Pool) on: April 17, 2017, 04:14:06 PM
I read the posts. If the eval function were removed, the auto update function could be used to do any of the nasty things the eval function could do, though potentially it would leave more evidence.

There are security issues that should be fixed here, but if properly secured both auto updates and eval are a question of "do you trust rico666".
20  Bitcoin / Project Development / Re: Large Bitcoin Collider (Collision Finders Pool) on: April 17, 2017, 03:19:53 PM
You should either replace the FTP-based update code with something that uses HTTPS, or sign the files - preferably both. Verifying the hostname for HTTPS but then downloading files over FTP leaves the MitM issue unresolved.
Pages: [1] 2 3 4 5 6 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!