bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
December 26, 2012, 04:55:02 AM |
|
Merry Christmas!
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
December 26, 2012, 09:12:22 AM Last edit: December 26, 2012, 12:11:49 PM by molecular |
|
I looked at VanityAddress.jar: Random Key is generated in class VanityAddr using com.google.bitcoin.core.ECKey. import com.google.bitcoin.core.ECKey; ... key = new ECKey();
ECKey constructor is implemented as: import java.security.SecureRandom; ... private static final SecureRandom secureRandom = new [b]SecureRandom()[/b]; ... public ECKey() { ECKeyPairGenerator generator = new ECKeyPairGenerator(); ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters(ecParams, secureRandom); generator.init(keygenParams); AsymmetricCipherKeyPair keypair = generator.generateKeyPair(); ECPrivateKeyParameters privParams = (ECPrivateKeyParameters)keypair.getPrivate(); ECPublicKeyParameters pubParams = (ECPublicKeyParameters)keypair.getPublic(); this.priv = privParams.getD();
this.pub = pubParams.getQ().getEncoded(); this.creationTimeSeconds = (Utils.now().getTime() / 1000L); }
So the random number generator used was: java.security.SecureRandom. This class provides a cryptographically strong random number generator (RNG).
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.
The implementation of SecureRandom is probably platform-dependant. Do we know the jvm/platform used to generate 1BTZ 1TBZ? EDIT: TheButterZone pmed me his java runtime info. Nothing obscure, so it should use a "good" implementation of SecureRandom.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 26, 2012, 09:19:56 AM |
|
I looked at VanityAddress.jar: Random Key is generated in class VanityAddr using com.google.bitcoin.core.ECKey. import com.google.bitcoin.core.ECKey; ... key = new ECKey();
ECKey constructor is implemented as: import java.security.SecureRandom; ... private static final SecureRandom secureRandom = new [b]SecureRandom()[/b]; ... public ECKey() { ECKeyPairGenerator generator = new ECKeyPairGenerator(); ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters(ecParams, secureRandom); generator.init(keygenParams); AsymmetricCipherKeyPair keypair = generator.generateKeyPair(); ECPrivateKeyParameters privParams = (ECPrivateKeyParameters)keypair.getPrivate(); ECPublicKeyParameters pubParams = (ECPublicKeyParameters)keypair.getPublic(); this.priv = privParams.getD();
this.pub = pubParams.getQ().getEncoded(); this.creationTimeSeconds = (Utils.now().getTime() / 1000L); }
So the random number generator used was: java.security.SecureRandom. This class provides a cryptographically strong random number generator (RNG).
A cryptographically strong random number minimally complies with the statistical random number generator tests specified in FIPS 140-2, Security Requirements for Cryptographic Modules, section 4.9.1. Additionally, SecureRandom must produce non-deterministic output. Therefore any seed material passed to a SecureRandom object must be unpredictable, and all SecureRandom output sequences must be cryptographically strong, as described in RFC 1750: Randomness Recommendations for Security.
The implementation of SecureRandom is probably platform-dependant. Do we know the jvm/platform used to generate 1BTZ? if it was a collision, win for sure
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
December 26, 2012, 09:49:45 AM |
|
The implementation of SecureRandom is probably platform-dependant. Do we know the jvm/platform used to generate 1BTZ?
if it was a collision, win for sure Not for sure. It's still possible there are some java runtimes out there that have insecure implementations of SecureRandom.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 26, 2012, 10:57:41 AM |
|
The implementation of SecureRandom is probably platform-dependant. Do we know the jvm/platform used to generate 1BTZ?
if it was a collision, win for sure Not for sure. It's still possible there are some java runtimes out there that have insecure implementations of SecureRandom. maybe some old ass java.
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
December 26, 2012, 11:33:16 AM |
|
Or MAYBE someone really likes you for your posts!
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
December 26, 2012, 12:19:57 PM |
|
The file which controls the configuration of the SecureRandom API is located at: $JAVA_HOME/lib/security/java.security
TheButterZone, can you try to locate that file? In my installation it contains a line: securerandom.source=file:/dev/urandom
specifying the underlying system source of random. It'd be interesting to know how your source for SecureRandom is configured.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
December 26, 2012, 12:22:18 PM |
|
The implementation of SecureRandom is probably platform-dependant. Do we know the jvm/platform used to generate 1BTZ?
if it was a collision, win for sure Not for sure. It's still possible there are some java runtimes out there that have insecure implementations of SecureRandom. maybe some old ass java. nope, TheButterZone PMed me his version info. It's not "old ass". (edited my previous post accordingly). Also see my post before this one for more info on SecureRandom
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Otoh
Donator
Legendary
Offline
Activity: 3066
Merit: 1165
|
|
December 26, 2012, 02:28:20 PM |
|
Once who ever sent the funds to 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp realizes they messed up I expect that they would google the address, as it's in your profile it brings up some of your posts ie: https://bitcointalk.org/index.php?topic=129037.0 where they would be able to see who to PM, but this current thread doesn't show up or isn't prominent in search as yet but may become more so if you added the address to the thread title, eg: Re: Random sweeps into my public wallet 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp totaling 519.704 - Lost and Found? If they search the forum for 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp though then this thread is the first hit already here. We should make side bets on when they will find out what they've done & the total they'll have sent by then - I'll guess the 28th Dec after sending another 500 coins to it.
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
December 26, 2012, 03:24:53 PM |
|
If they search the forum for 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp though then this thread is the first hit already here. We should make side bets on when they will find out what they've done & the total they'll have sent by then - I'll guess the 28th Dec after sending another 500 coins to it.
my bet: Jan 2nd, no more coins will be sent.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Nyhm
|
|
December 26, 2012, 03:35:04 PM |
|
Thanks for the analysis molecular - that's exactly the path I was going down. I've worked on a project that specially seeded a SecureRandom (with other random input) to init the cryptographic functions, but bitcoinj does not appear to provide a direct way to provide the randomness, so it falls to the underlying library. Since that's the BouncyCastle/SpongyCastle crypto lib, I'm confident it is performed as well as reasonably possible.
|
|
|
|
Atruk
|
|
December 27, 2012, 02:25:40 PM |
|
Once who ever sent the funds to 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp realizes they messed up I expect that they would google the address, as it's in your profile it brings up some of your posts ie: https://bitcointalk.org/index.php?topic=129037.0 where they would be able to see who to PM, but this current thread doesn't show up or isn't prominent in search as yet but may become more so if you added the address to the thread title, eg: Re: Random sweeps into my public wallet 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp totaling 519.704 - Lost and Found? If they search the forum for 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp though then this thread is the first hit already here. We should make side bets on when they will find out what they've done & the total they'll have sent by then - I'll guess the 28th Dec after sending another 500 coins to it. Putting the address in the title probably ought to help with search. I imagine anyone moving that kind of btc with any regularity would at least know of this forum to search for it. The OP's concern about this being a portion of some ill-gotten sum might have some merit though. Given the way that Mt Gox has flagged some coins before that might have been connected to Bitcoinica, a party might attempt running the coins through a lossy mixing that sacrifices some coins to addresses known to be in use. I don't know how plausible spreading the taint could be as a serious laundering strategy, but it is something is probably only possible with bitcoin.
|
|
|
|
Bombolo
Newbie
Offline
Activity: 25
Merit: 0
|
|
December 31, 2012, 05:01:08 AM |
|
it was mine, lost it somehow, silly me
please send 500 BTC to 17ws1xeoufHkKJdBR71p6kfHiTz5qqPGbH
keep the rest as finders reward
thx!
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
December 31, 2012, 06:07:52 AM |
|
I'd like to offer a better option Send 400 BTC to 1JSTuR14XLBSDKzUxjiwkXguLPyW8mqkWQ and you can keep the rest as a reward.
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
December 31, 2012, 08:42:37 AM |
|
I'd like to offer a better option Send 400 BTC to 1JSTuR14XLBSDKzUxjiwkXguLPyW8mqkWQ and you can keep the rest as a reward.
Actually, if you send 450BTC to me, you can keep the rest. If the owner comes back, I'll pay for 50BTC out of my pocket.
|
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 31, 2012, 09:01:28 AM |
|
it was mine, lost it somehow, silly me
please send 500 BTC to 17ws1xeoufHkKJdBR71p6kfHiTz5qqPGbH
keep the rest as finders reward
thx!
sad part: this idiot was serious...
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
TheButterZone (OP)
Legendary
Offline
Activity: 3038
Merit: 1032
RIP Mommy
|
|
December 31, 2012, 09:09:44 AM |
|
Ok, I'm locking this topic until there is proof of ownership, significant news, or technical/legal questions or answers PMed or otherwise communicated to me (I'm not hard to get a hold of). The "it was mine" bit wasn't even funny the first time. You will still be able to delete your douchebaggery posts, through the thread lock.
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
TheButterZone (OP)
Legendary
Offline
Activity: 3038
Merit: 1032
RIP Mommy
|
|
March 24, 2013, 09:19:47 PM |
|
Well, I was bumping this every month. At the end of +3 months from receipt, now. This will probably be the my last bump ever, as I now have (also linked in the OP) the White Paper discussion here: https://bitcointalk.org/index.php?topic=155112.0
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
TheButterZone (OP)
Legendary
Offline
Activity: 3038
Merit: 1032
RIP Mommy
|
|
October 21, 2017, 09:31:19 PM |
|
-----BEGIN PGP MESSAGE-----
hQIMAxzkUCZ8qVvRAQ//b64IoYmSibyP7Sxf8fHoZx/Hk3raEb9VKaPrph5YGNgY EI7/khBOKp6LItRrYLtrnf9QxRehy6o289K1aA0MDJ/kAkZqIO3xu1bX6iwhaEMQ WCjfTCdiO555beJ5YFq/wwZ27jbn5wWraZfAboGEuBCgTCy8Z0Wt3tWIsX2c5g2c jMeoTsgbQyNSkV90AhcfOI9OF/NVLLwwwW+wDOSVkn3ygvGpo53dxtwymW2ozt5q wCS8UjS3mEUBz3JcAgrArVIrBwAUCxj4p8249yA3b73UWPtijdsd25aQHbVuItbb 0wvBoajYTnlf2Si7ZOZy6BAnOthBWav8Cp8izBraWKIwbbUeI12tnre8ri4xYDLY HAEah9Cpmd1VhkwvoNWD4ZU+IblsAdEmZNoO5/89N3mn7mVrNhM/PjEHwpjC9iZs Y4VbkcRcSa/1UnC7zNmV4EIm0MVKIOScGbnaqhjiO5IWm1XTUg22MNjZ/ecTzobg QaPsDChz/iv7jZwe/fWU8EmZyhgNp9lY4hMGMq6XQkeaCYobbjL1kVrPU8LGStM+ d+gRHNj66/jnOygLXu3evC7YDLIsQplqx7G/xLTkgBVvb2ZordqeqK8E5O2zqwYZ qING8lXmAXVSamPDhVK0MwZ1PGm6YOfpW3cXkG9i4dEBMKW3tQPNsxQ5k0C+lV6F AgwDNB8zavCIdVQBD/95qTUDeRwm5a7QzqfDL64EVcpMXne1V/OZaV8VCc0aDnv+ aEZwMjfC6ynLkVo6Tt5EeXerZRV7zT42G9LccYsuYtaUvNPzzk0zGfOzpWtX5uI8 YUb3q81mAlLIAS07M0WW/Sw14wqdaIs7lhkBatWqLhxEPWpxvZWOR7wFDISLNnss KISYSPhq5+crW26kHnYIoBcgc4PBbdUAld3V7jlVmaiJCcBVDg0bP3ME5oDmK8DJ 1eJYb25QOAeEh8ju+6yfaDK3bCzc3pCrdmbEdsKEMrU1lA/FtNFEGeXKVIvlFXT5 ak62wLfMtv6/7umDsdYgFMJnQcxVxkotoYUM6LUn2SMfS+TOZQBTdlJ8zMFZqtBD G2zbnOQDR79bZ94eFk8nTVV9qA7ULEYCM0I3A14Nc+hsJwXBzpFAjVs8PxCQ2aVu 8jjBeRThYK20m01jEdBcEI79v/63aAIw578smZPASiU0KyhMeI2hIQ7IVYDOAHMu yJVf4LXSFJOfCr6M2ibKtgPone6at6fQcKgsBgBCL6Aqhhl21N/sT/iUIbGOtzZQ 8ORkBkmQ/qTYQUPmlFVtsGapevVgfYkSLDMM/jv+oRZX+eJUzo3FN7BDQxUBL4RR r03mqnms6SxNql51yX37TdsUEwllbcZdQX1LQi8EoDTqrnkQmdkbU49AcGCFKtJQ AcuuHs/qzrI7E0nEyyxmljjRcMxy65aWvpIKHu+r9j+JoCg/g8SEeH0CHTD+y/FQ YiHBF0pQH3WkqH0krSCU5ccHjwUg02l9NemzSUSOle0= =YC3B -----END PGP MESSAGE-----
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
|