Epsylon3
Legendary
 Offline
Activity: 1484
Merit: 1082
ccminer/cpuminer developer
|
 |
August 02, 2015, 04:06:12 PM |
|
maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...
if somebody know a cheap way to do it... (a place to buy signatures for personal users)
|
|
|
|
go6ooo1212
Legendary
Offline
Activity: 1512
Merit: 1000
quarkchain.io
|
|
August 02, 2015, 04:12:20 PM |
|
maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...
if somebody know a cheap way to do it... (a place to buy signatures for personal users)
It were encrypted "ages ago" and the pass was strong , very strong. It was zipped and downloaded from my appdata folder.... EDIT: I know your releases are legit, following your work long time ago... |
|
|
|
|
jc12345
Legendary
Offline
Activity: 1638
Merit: 1013
|
|
August 02, 2015, 04:15:25 PM |
|
I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.
Ok, answer the following for me: 1) Can you tell me the key length of the private key of a wallet? 2) Can you tell me who "chooses" the private key - the "wallet" or the user? 3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing? 4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to? Sure I can: 1) The lenght is 256 bit or 32 bytes if you like 2) The input for the hash function that produces the private key can be from human input or from a (strong) random generator (that is built into the wallet) 3) If I understand this question right: In both situations 4) It is not about getting the users wallet password with a rainbow table. See answer 2 where it is possible to have human input (so called brain wallet) for the hash function that results in the private key. Also see the details of the sausage example. It is only in the case of where a private key of a public/private key pair is a function of a human input, that the redundancy of the user's language could potentially cause a reduction of the key space. If you do the maths it is not feasible to create a rainbow table for 256bits and in addition there is not enough computing power in existence today to attempt that. |
|
|
|
|
|
keesdewit
|
|
August 02, 2015, 04:18:47 PM |
|
I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.
Ok, answer the following for me: 1) Can you tell me the key length of the private key of a wallet? 2) Can you tell me who "chooses" the private key - the "wallet" or the user? 3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing? 4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to? Sure I can: 1) The lenght is 256 bit or 32 bytes if you like 2) The input for the hash function that produces the private key can be from human input or from a (strong) random generator (that is built into the wallet) 3) If I understand this question right: In both situations 4) It is not about getting the users wallet password with a rainbow table. See answer 2 where it is possible to have human input (so called brain wallet) for the hash function that results in the private key. Also see the details of the sausage example. It is only in the case of where a private key of a public/private key pair is a function of a human input, that the redundancy of the user's language could potentially cause a reduction of the key space. If you do the maths it is not feasible to create a rainbow table for 256bits and in addition there is not enough computing power in existence today to attempt that. Of course that is true, but I did not say that a rainbow table is good for brute forcing the complete 256bit space. In fact it is pretty worthless in that case. (Although it might be fun to do it) |
|
|
|
jc12345
Legendary
Offline
Activity: 1638
Merit: 1013
|
|
August 02, 2015, 04:18:56 PM |
|
maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...
if somebody know a cheap way to do it... (a place to buy signatures for personal users)
You can use a PGP/GPG key pair to sign the binary. Then you must just make sure that someone trustworthy has signed your key. Perhaps you have gone through a key party in the past? You can generate a key pair with several tools eg. Kleopatra. |
|
|
|
|
|
keesdewit
|
|
August 02, 2015, 04:21:55 PM |
|
maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...
if somebody know a cheap way to do it... (a place to buy signatures for personal users)
You can use a PGP/GPG key pair to sign the binary. Then you must just make sure that someone trustworthy has signed your key. Perhaps you have gone through a key party in the past? You can generate a key pair with several tools eg. Kleopatra. If you are willing to spend the money, you can buy a code signing certificate from one of the CSP's https://www.digicert.com/code-signing/ |
|
|
|
Epsylon3
Legendary
Offline
Activity: 1484
Merit: 1082
ccminer/cpuminer developer
|
|
August 02, 2015, 04:22:29 PM |
|
i never build linux binaries, source code is made for that... just built one for my shield tablet today ^^
for windows its another problem... i dont want to force users to install vstudio or mingw64
|
|
|
|
Epsylon3
Legendary
Offline
Activity: 1484
Merit: 1082
ccminer/cpuminer developer
|
|
August 02, 2015, 04:29:24 PM |
|
yep, not really cheap... 330$/yr to be "trusted" by smartscreen pfff and ... not by antiviruses :;p
|
|
|
|
|
keesdewit
|
|
August 02, 2015, 04:35:02 PM |
|
yep, not really cheap... 330$/yr to be "trusted" by smartscreen pfff and ... not by antiviruses :;p
The main thing is that users can determine if it is from the original source. The smartscreen trust is not really worth something and antivirus is not dependend of digital signatures. And yes, it is very expensive for personal use. |
|
|
|
|
keesdewit
|
|
August 02, 2015, 04:40:52 PM |
|
@Dev: Can you please tell what random generator you use for generating private keys? I can wrestle myself through code here, but it is more efficient to just ask.
|
|
|
|
Epsylon3
Legendary
Offline
Activity: 1484
Merit: 1082
ccminer/cpuminer developer
|
|
August 02, 2015, 04:45:53 PM |
|
even the apple store one is cheaper than that, paying 100$ is the max i can...
|
|
|
|
|
keesdewit
|
|
August 02, 2015, 04:53:23 PM |
|
even the apple store one is cheaper than that, paying 100$ is the max i can...
Maybe startssl is an option for 59 dollar per year: http://www.startssl.com/ check out "StartSSL™ Verified" |
|
|
|
Epsylon3
Legendary
Offline
Activity: 1484
Merit: 1082
ccminer/cpuminer developer
|
|
August 02, 2015, 04:58:40 PM |
|
better, and seems to allow https too... will try their free one first
|
|
|
|
chrysophylax
Legendary
Offline
Activity: 2828
Merit: 1091
--- ChainWorks Industries ---
|
|
August 02, 2015, 05:00:33 PM |
|
The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...
possibly a keylogger ... windows is riddled with stuff like that ... especially if you have punched the keyword / password in there recently ... #crysx |
|
|
|
chrysophylax
Legendary
Offline
Activity: 2828
Merit: 1091
--- ChainWorks Industries ---
|
|
August 02, 2015, 05:02:23 PM |
|
maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...
if somebody know a cheap way to do it... (a place to buy signatures for personal users)
yup - can trust his compiles AND the mans word implicitly ... not sure how you would do that epsylon3 ... #crysx |
|
|
|
|
keesdewit
|
|
August 02, 2015, 05:03:39 PM |
|
better, and seems to allow https too... will try their free one first
I already have the free one and it is a perfect solution for personal ssl websites. On the other hand, the free version can not do code signing. (Technicaly possible, but restricted by the key usage) |
|
|
|
Epsylon3
Legendary
Offline
Activity: 1484
Merit: 1082
ccminer/cpuminer developer
|
|
August 02, 2015, 05:14:57 PM |
|
The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...
possibly a keylogger ... windows is riddled with stuff like that ... especially if you have punched the keyword / password in there recently ... #crysx a keylogger is not enough... you need to send the stuff somewhere, or at least open a remote port... |
|
|
|
|
keesdewit
|
|
August 02, 2015, 05:19:49 PM |
|
The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...
possibly a keylogger ... windows is riddled with stuff like that ... especially if you have punched the keyword / password in there recently ... #crysx a keylogger is not enough... you need to send the stuff somewhere, or at least open a remote port... Still I think it is in the RPC interface somewhere. He had it open for the internet like me and with the same result. Does the wallet create logging of RPC commands? |
|
|
|
ocminer
Legendary
Offline
Activity: 2660
Merit: 1240
|
|
August 02, 2015, 05:31:12 PM |
|
The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...
possibly a keylogger ... windows is riddled with stuff like that ... especially if you have punched the keyword / password in there recently ... #crysx a keylogger is not enough... you need to send the stuff somewhere, or at least open a remote port... Still I think it is in the RPC interface somewhere. He had it open for the internet like me and with the same result. Does the wallet create logging of RPC commands? Yes, in debug.log |
suprnova pools - reliable mining pools - #suprnova on freenet https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools |
|
|
go6ooo1212
Legendary
Offline
Activity: 1512
Merit: 1000
quarkchain.io
|
|
August 02, 2015, 05:31:48 PM |
|
Apologies to Epsylon , it wasn't his miner , the Axiom's minerd.exe were copyed into Epsylon's directory - that confused me before. The hacker were archive all the wallets contented info the appdata folder.
2 wallets were drown , 1 of them were encrypted and unlocked only for staking. The other was never locked ( my mistake)...
|
|
|
|
|
|
