|
xDan
|
 |
April 10, 2016, 08:52:27 PM |
|
Can anyone describe exactly how a cloned VM might cause problems? I was thinking of isolating some dubious altcoin wallets in cloned VMs.
|
HODLing for the longest time. Skippin fast right around the moon. On a rocketship straight to mars.
Up, up and away with my beautiful, my beautiful Bitcoin~
|
|
|
AgentofCoin
Legendary
 Offline
Activity: 1092
Merit: 1001
|
|
April 10, 2016, 09:35:18 PM |
|
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?
If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine. No as i said i am not using a virtual machine. I am using a completely different PC that's running linux and my online watch online wallet is on different PC running windows so would i be at risk of this attack mentioned by the OP in this thread? or any other attack? The fact that you are signing on a offline wallet/computer, and then pushing that sighed tx on an online wallet/computer is irrelevant to the issue johoe is addressing. What you have done with your setup is attempt to prevent your offline wallet/computer from being compromised from malware and other malicious programs. Your setup it best for cold storage and etc. Very simply, the r-value issue talked about in this thread is related to when, in the tx signing process, there is a fundamental error within the wallet's code (usually random number generators not being random), which causes the potential of patterns to be seen when looking at all of that address's output txs. A hacker or etc can potentially backwards engineer the private key for that address, thus stealing the btc. As a rule to prevent this: (1) use a wallet program that is known to be reliable, tested, and etc. (2) never send more than 30 txs out of a specific address, since a pattern could develop over time. (2) always, as habit, try to always use a new address after each tx (changes addresses, etc). The above "rules" are steps to help prevent this from happening. |
I support a decentralized & unregulatable ledger first, with safe scaling over time.
Request a signed message if you are associating with anyone claiming to be me.
|
|
|
Answerme2
Member
Offline
Activity: 108
Merit: 10
|
|
April 10, 2016, 09:39:53 PM |
|
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?
If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine. No as i said i am not using a virtual machine. I am using a completely different PC that's running linux and my online watch online wallet is on different PC running windows so would i be at risk of this attack mentioned by the OP in this thread? or any other attack? The fact that you are signing on a offline wallet/computer, and then pushing that sighed tx on an online wallet/computer is irrelevant to the issue johoe is addressing. What you have done with your setup is attempt to prevent your offline wallet/computer from being compromised from malware and other malicious programs. Your setup it best for cold storage and etc. Very simply, the r-value issue talked about in this thread is related to when, in the tx signing process, there is a fundamental error within the wallet's code (usually random number generators not being random), which causes the potential of patterns to be seen when looking at all of that addresses output txs. A hacker or etc can potentially backwards engineer the private key for that address, thus stealing your btc. As a rule to prevent this: (1) use a wallet program that is known to be reliable, tested, and etc. (2) never send more than 30 txs out of a specific address, since a pattern could develop over time. (2) always, as habit, try to always use a new address after each tx (changes addresses, etc). The above "rules" are steps to help prevent this from happening. But i am using 1 address from years having transactions more then 100 on the same address. It's blockchain.info anddress.I never faced such issue that someone steals my bitcoin by backtracking the private key.Anyways,if I use electrum the RNG of electrum is reliable? |
|
|
|
AgentofCoin
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
April 10, 2016, 10:26:21 PM |
|
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?
If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine. No as i said i am not using a virtual machine. I am using a completely different PC that's running linux and my online watch online wallet is on different PC running windows so would i be at risk of this attack mentioned by the OP in this thread? or any other attack? The fact that you are signing on a offline wallet/computer, and then pushing that sighed tx on an online wallet/computer is irrelevant to the issue johoe is addressing. What you have done with your setup is attempt to prevent your offline wallet/computer from being compromised from malware and other malicious programs. Your setup it best for cold storage and etc. Very simply, the r-value issue talked about in this thread is related to when, in the tx signing process, there is a fundamental error within the wallet's code (usually random number generators not being random), which causes the potential of patterns to be seen when looking at all of that addresses output txs. A hacker or etc can potentially backwards engineer the private key for that address, thus stealing your btc. As a rule to prevent this: (1) use a wallet program that is known to be reliable, tested, and etc. (2) never send more than 30 txs out of a specific address, since a pattern could develop over time. (2) always, as habit, try to always use a new address after each tx (changes addresses, etc). The above "rules" are steps to help prevent this from happening. But i am using 1 address from years having transactions more then 100 on the same address. It's blockchain.info anddress.I never faced such issue that someone steals my bitcoin by backtracking the private key.Anyways,if I use electrum the RNG of electrum is reliable? The r issue from to multiple output txs (30 or more) is related to how many txs you sent out
from your address, not coming into it. As the number of txs (above 30) that leave your wallet increase, potentially it is easier for someone to find a pattern, and ultimately figure out your private key. This is a known issue with address reuse and that is why it is advised to use a new address after each tx. I do not personally know Electrum and its RNG, but it is widely used and respected. Others could chime in on this, but I believe it will be fine for you. And do yourself a favor and get a new address. |
I support a decentralized & unregulatable ledger first, with safe scaling over time.
Request a signed message if you are associating with anyone claiming to be me.
|
|
|
|
|
|
johoe (OP)
|
|
April 10, 2016, 11:08:05 PM |
|
Anyways,if I use electrum the RNG of electrum is reliable?
Electrum uses deterministic signature (RFC 6979) since version 1.9. So it is not affected. |
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
Answerme2
Member
Offline
Activity: 108
Merit: 10
|
|
April 11, 2016, 02:08:38 AM |
|
Anyways,if I use electrum the RNG of electrum is reliable?
Electrum uses deterministic signature (RFC 6979) since version 1.9. So it is not affected. Ok but how to know if any particular transaction is safe? i mean how to know on blockchain if particular transaction can be used to find its private key? If the two inputs in tx are slightly equal at the start and end does that mean they have identical r value? And if i use paper wallet that has one address and only receive bitcoins and never send then it's safe right to reuse that address for receiving purposes? |
|
|
|
achow101
Staff
Legendary
Offline
Activity: 3430
Merit: 6707
Just writing some code
|
|
April 11, 2016, 02:45:22 AM |
|
Ok but how to know if any particular transaction is safe?
Because the software that produced it is known to produce safe r values because of the way that it generates those values. i mean how to know on blockchain if particular transaction can be used to find its private key? If the two inputs in tx are slightly equal at the start and end does that mean they have identical r value?
Not slightly equal, but the r values in the signature have be exactly equal. If you look on a block explorer and look at the inputs, the first several bytes (probably 30 something bytes, which is 60 something characters) have to be exactly equal for the r values to be equal (because those bytes are the r values) And if i use paper wallet that has one address and only receive bitcoins and never send then it's safe right to reuse that address for receiving purposes?
yes. |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
April 11, 2016, 05:15:07 AM |
|
Why speculate when you can ask this question directly? |
|
|
|
|
AgentofCoin
Legendary
Offline
Activity: 1092
Merit: 1001
|
|
April 11, 2016, 05:44:43 AM |
|
Why speculate when you can ask this question directly?  |
I support a decentralized & unregulatable ledger first, with safe scaling over time.
Request a signed message if you are associating with anyone claiming to be me.
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
April 11, 2016, 05:53:46 AM |
|
|
|
|
|
|
TheButterZone
Legendary
Offline
Activity: 3010
Merit: 1031
RIP Mommy
|
|
April 11, 2016, 05:55:29 AM |
|
Why speculate when you can ask this question directly? HAHAHAHAHAHA |
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
Answerme2
Member
Offline
Activity: 108
Merit: 10
|
|
April 11, 2016, 11:28:27 AM |
|
Why the hell someone don't explain in details how to avoid such problems? Can't i even spend in small amounts using my cold storage wallet?  It's my wallet i do whatever i want with it . It's upto me if i want to use a single address or multiple addresses . What's the problem with a single address? I use a single address for sending and receiving funds.How can my wallet be hacked? It's been 7 years since bitcoin developed and still problems like this occurs now and then? why? and people like OP just setup bots to steal people's bitcoin :/ Tell me anyone i want to use electrum and only 1 address.Can the OP hack my address and private key? |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
April 11, 2016, 11:31:57 AM |
|
Why the hell someone don't explain in details how to avoid such problems? Why someone should do it for you? OK. To avoid such problems do not use bitcoins. Point. This is free advice. Wanna more? Ready to pay? |
|
|
|
|
achow101
Staff
Legendary
Offline
Activity: 3430
Merit: 6707
Just writing some code
|
|
April 11, 2016, 11:36:26 AM |
|
Why the hell someone don't explain in details how to avoid such problems? Can't i even spend in small amounts using my cold storage wallet? It's my wallet i do whatever i want with it . It's upto me if i want to use a single address or multiple addresses . What's the problem with a single address? I use a single address for sending and receiving funds.How can my wallet be hacked? It's been 7 years since bitcoin developed and still problems like this occurs now and then? why? and people like OP just setup bots to steal people's bitcoin :/ Tell me anyone i want to use electrum and only 1 address.Can the OP hack my address and private key? This is what you do. Don't use wallets that no one has ever heard of. Use the wallets listed here https://bitcoin.org/en/choose-your-wallet and you will be safe because to get listed there, those wallets had to meet very specific criteria which includes safety against this attack. That is all you need to do. |
|
|
|
Answerme2
Member
Offline
Activity: 108
Merit: 10
|
|
April 11, 2016, 11:47:24 AM |
|
Why the hell someone don't explain in details how to avoid such problems? Why someone should do it for you? OK. To avoid such problems do not use bitcoins. Point. This is free advice. Wanna more? Ready to pay? Lol i won't pay you a shit? You think you are smart because you have knowledge lol. You can't hack my account if you do consider yourself a hacker :/ Why the hell someone don't explain in details how to avoid such problems? Can't i even spend in small amounts using my cold storage wallet? It's my wallet i do whatever i want with it . It's upto me if i want to use a single address or multiple addresses . What's the problem with a single address? I use a single address for sending and receiving funds.How can my wallet be hacked? It's been 7 years since bitcoin developed and still problems like this occurs now and then? why? and people like OP just setup bots to steal people's bitcoin :/ Tell me anyone i want to use electrum and only 1 address.Can the OP hack my address and private key? This is what you do. Don't use wallets that no one has ever heard of. Use the wallets listed here https://bitcoin.org/en/choose-your-wallet and you will be safe because to get listed there, those wallets had to meet very specific criteria which includes safety against this attack. That is all you need to do. Please Just tell me if electrum is safe? If i just use 2 electrum wallets one for signing transactions on offline PC and one for broadcasting it on online PC and i will only use 1 address not multiple address.Will i be safe in this case?No one can access my private key unless it gets stolen.Right? |
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
April 11, 2016, 11:53:34 AM |
|
Lol i won't pay you a shit? You think you are smart because you have knowledge lol.
You can't hack my account if you do consider yourself a hacker :/ miser pays twice stupid pays always |
|
|
|
|
achow101
Staff
Legendary
Offline
Activity: 3430
Merit: 6707
Just writing some code
|
|
April 11, 2016, 02:10:40 PM |
|
Please Just tell me if electrum is safe? If i just use 2 electrum wallets one for signing transactions on offline PC and one for broadcasting it on online PC and i will only use 1 address not multiple address.Will i be safe in this case?No one can access my private key unless it gets stolen.Right?
Yes that is safe. |
|
|
|
Answerme2
Member
Offline
Activity: 108
Merit: 10
|
|
April 11, 2016, 03:13:04 PM |
|
I am still looking for some technical explanation regarding this. 1.If Deterministic wallets solves this bad RNG r value problems then how's its happening again? 2.Can this same r value be generated twice by deterministic or HD wallets? Now MOST IMPORTANT Question 3.Say i send a tx worth 2 Bitcoins from my wallet and it's get confirmed.Now how can i be sure that this tx does not repeated R value that can later leak my private key or not? 4.Now even if someone recovers the private key from the address i send 2 bitcoins from then only the address that send 2 bitcoins is affected right? not the one which recieved the 2 BTC right? P.S I am newbee in technical understanding of bitcoins.So i would like to someone please explain me and give the answers to my questions if you got time  |
|
|
|
|
johoe (OP)
|
|
April 11, 2016, 06:07:03 PM |
|
I am still looking for some technical explanation regarding this.
1.If Deterministic wallets solves this bad RNG r value problems then how's its happening again?
"Deterministic signatures" (RFC 6979) solve it (HD wallet is orthogonal; you can have both, only one of them, or none). However, not every wallet uses rfc 6979 (but most do). 2.Can this same r value be generated twice by deterministic or HD wallets?
I assume you mean deterministic signatures. In theory, yes. In practice, no. If you created a few quadrillion yottabytes (is there an SI-prefix for this?) of transactions you should start worrying about that  Now MOST IMPORTANT Question
3.Say i send a tx worth 2 Bitcoins from my wallet and it's get confirmed.Now how can i be sure that this tx does not repeated R value that can later leak my private key or not?
4.Now even if someone recovers the private key from the address i send 2 bitcoins from then only the address that send 2 bitcoins is affected right? not the one which recieved the 2 BTC right?
Only the address sending is affected. If another address uses the same r value again it is also affected even it uses this r value only once. The receiving address is safe. However, for HD wallet if one of the keys is broken and the xpub key is leaked, then all keys are broken. HD wallets used with repeated r values are also breakable (if the xpub key is leaked) even if every address is used only once. So use deterministic signatures! From both security and privacy standpoint a HD wallet with a leaked xpub key has the same properties as a single address that is reused. |
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
|
