ChartBuddy
Legendary
 Offline
Activity: 2156
Merit: 1745
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
 |
March 07, 2023, 10:01:16 AM |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Whoever mines the block which ends up containing your transaction will get its fee.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
bullrun2024bro
Legendary
Offline
Activity: 1582
Merit: 4328
|
 |
March 07, 2023, 10:27:49 AM |
|
Time flies. LOL.  Source |
|
|
|
|
vroom
Legendary
Offline
Activity: 1302
Merit: 1681
a Cray can run an endless loop in under 4 hours
|
|
March 07, 2023, 10:35:01 AM Merited by BobLawblaw (25), El duderino_ (4), vapourminer (1), Hueristic (1), JayJuanGee (1), Lucius (1), jojo69 (1), d_eddie (1), AlcoHoDL (1), DdmrDdmr (1), dragonvslinux (1), Gachapin (1), hisslyness (1) |
|
|
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2156
Merit: 1745
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
March 07, 2023, 11:01:18 AM |
|
|
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2156
Merit: 1745
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
March 07, 2023, 12:01:22 PM |
|
|
|
|
|
|
vapourminer
Legendary
Offline
Activity: 4312
Merit: 3513
what is this "brake pedal" you speak of?
|
doesnt that say what we already know? reusing addresses Bad because public key exposed etc. so what? always use new address. isnt that basically considered best practice already? |
|
|
|
|
vroom
Legendary
Offline
Activity: 1302
Merit: 1681
a Cray can run an endless loop in under 4 hours
|
doesnt that say what we already know? reusing addresses Bad because public key exposed etc. so what? always use new address. isnt that basically considered best practice already? I knew, that quantum computers can crack the private key, if the public key is known. With this attack they don't need quantum computers anymore. |
|
|
|
|
vapourminer
Legendary
Offline
Activity: 4312
Merit: 3513
what is this "brake pedal" you speak of?
|
doesnt that say what we already know? reusing addresses Bad because public key exposed etc. so what? always use new address. isnt that basically considered best practice already? I knew, that quantum computers can crack the private key, if the public key is known. With this attack they don't need quantum computers anymore. i know that as long as no public key is exposed nothing, not even quantum stuff, can get it. but once the public key is known (watch for them in the mempool) its a race as to whether the attacker can crack your private key and take over that tx (rbf), before it gets mined into the blockchain. thats my basic understanding. feel free to correct me. |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2156
Merit: 1745
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
March 07, 2023, 01:01:18 PM |
|
|
|
|
|
|
dragonvslinux
Legendary
Offline
Activity: 1666
Merit: 2204
Crypto Swap Exchange
|
doesnt that say what we already know? reusing addresses Bad because public key exposed etc. so what? always use new address. isnt that basically considered best practice already? I knew, that quantum computers can crack the private key, if the public key is known. With this attack they don't need quantum computers anymore. i know that as long as no public key is exposed nothing, not even quantum stuff, can get it. but once the public key is known (watch for them in the mempool) its a race as to whether the attacker can crack your private key and take over that tx (rbf), before it gets mined into the blockchain. thats my basic understanding. feel free to correct me. Interesting read. I'd say vroom is not correct here, exposing your public key does not mean quantum computers can crack private key. At least that's not what the article is about. (Please provide source if this is the case). vapourminer is closer to the truth here, but it's not just about exposing your public key. Exposing pub key with 1 signature isn't the risk described, based on trying to find a common demoninator to private key. The risk is about exposing pub key is related to nonces, in this case, nonce reuse. Because then determining the private key, based on two different signatures with same nonce, becomes a lot more straight forward. Interestingly enough, we could break all these wallets, not because of a linear or quadratic recurrence but because there was at least one repeated nonce in the signatures. So, it looks like the common mishap of ECDSA implementations using a repeated nonce was the cause of trouble. Notably, they weren't able to hack any wallets with different nonces, or addresses that used a single nonce (they didn't even try) but this is somewhat besides the point based on the "mishap" of ECDSA implementations which creates this vulnerability of repeated nonce use. Somebody can no doubt explain it better and more accurately than me, but after reading the article in full, I get the jist of it. Ultimately, this isn't really information that we didn't already know - hence it's always been recommended to use different addresses due to possibility of "reverse engineering" signatures (ie those with the common variable of nonces, when those variables become a constant due to implementation error). Even the first implementation of Bitcoin in 2019 protected against this with the use of change addresses it's worth noting. It's only newer implementations that have encouraged (or forced) address reuse that becomes the problem here, combined with nonce reuse. |
|
|
|
|
|
hisslyness
|
It definitely is scary when you read the heading... But dive a little deeper and you realize it is an issue that has been discussed before. Hence, most, and i hope most, bitcoin wallets are programmed to use different/random nonces with each signing, therefore eliminating the novel attack. I've been studying/readying and trying to understand ECDSA (still learning, especially the mathematics) and Public/Private Key and how it all works... then you would really appreciate, that with proper implementation, ECDSA is secure. I recommend everyone to at least understand the difference between Symmetric Encryption vs Asymmetric Encryption, if you don't already know it... |
|
|
|
|
|
|
psycodad
Legendary
Offline
Activity: 1604
Merit: 1564
精神分析的爸
|
|
March 07, 2023, 01:49:17 PM |
|
It definitely is scary when you read the heading... But dive a little deeper and you realize it is an issue that has been discussed before. Hence, most, and i hope most, bitcoin wallets are programmed to use different/random nonces with each signing, therefore eliminating the novel attack. I've been studying/readying and trying to understand ECDSA (still learning, especially the mathematics) and Public/Private Key and how it all works... then you would really appreciate, that with proper implementation, ECDSA is secure. I recommend everyone to at least understand the difference between Symmetric Encryption vs Asymmetric Encryption, if you don't already know it... For a total layman like me it seems to boil down to the old "Every cryptographic algo is only as good as the RNG feeding random numbers into it". One of the of (very few) takeaways I learned from Bruce's Applied Cryptography is: 1. Good randomness is key <- pardon the pun! (I think that's one of the ways the NSA subverted Crypto AGs cipher machines by making the RNG less random than customers expected and later they just went with broadcasting the private key along the ciphertext) 2. If you have a true random key that is equally long or longer than the data to encrypt, XOR is perfectly safe encryption (I am still astonished by that fact) In the past the TLAs (and FLAs for the britons) employed brigades of ladies that ran bingo drums the whole day to create one time pads. It is said they only employed women because men were generally unable to follow the procedure correctly all day long and started to make up numbers from their head or whatever, while the ladies produced high quality OTPs. So, when our ladies for once behave totally random and unexpected, that's a feature in them, not a bug. ^Couldn't resist, sorry gals. It is depressing and embarassing enough that men are apparently unable to operate a bingo drum reliably for more than a few minutes. Edited to add: Apologies for the repeated use of the banned c-word, I was assuming it might be safe in this context (*ducks to evade the mandatory incoming batslap*) |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2156
Merit: 1745
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
March 07, 2023, 02:01:17 PM |
|
|
|
|
|
|
|
hisslyness
|
|
March 07, 2023, 02:06:24 PM |
|
It definitely is scary when you read the heading... But dive a little deeper and you realize it is an issue that has been discussed before. Hence, most, and i hope most, bitcoin wallets are programmed to use different/random nonces with each signing, therefore eliminating the novel attack. I've been studying/readying and trying to understand ECDSA (still learning, especially the mathematics) and Public/Private Key and how it all works... then you would really appreciate, that with proper implementation, ECDSA is secure. I recommend everyone to at least understand the difference between Symmetric Encryption vs Asymmetric Encryption, if you don't already know it... For a total layman like me it seems to boil down to the old "Every cryptographic algo is only as good as the RNG feeding random numbers into it". One of the of (very few) takeaways I learned from Bruce's Applied Cryptography is: 1. Good randomness is key <- pardon the pun! (I think that's one of the ways the NSA subverted Crypto AGs cipher machines by making the RNG less random than customers expected and later they just went with broadcasting the private key along the ciphertext) 2. If you have a true random key that is equally long or longer than the data to encrypt, XOR is perfectly safe encryption (I am still astonished by that fact) In the past the TLAs (and FLAs for the britons) employed brigades of ladies that ran bingo drums the whole day to create one time pads. It is said they only employed women because men were generally unable to follow the procedure correctly all day long and started to make up numbers from their head or whatever, while the ladies produced high quality OTPs. So, when our ladies for once behave totally random and unexpected, that's a feature in them, not a bug. ^Couldn't resist, sorry gals. It is depressing and embarassing enough that men are apparently unable to operate a bingo drum reliably for more than a few minutes. Edited to add: Apologies for the repeated use of the banned c-word, I was assuming it might be safe in this context (*ducks to evade the mandatory incoming batslap*)Cryptography = OK! Crypto = batslap for Jay! Randomness generated from a computer... something so simple to us humans, remains such a complex task for computers. That was a rabbit hole I went down for a few hours as well. |
|
|
|
|
xhomerx10
Legendary
Offline
Activity: 3822
Merit: 7969
|
|
March 07, 2023, 02:09:18 PM |
|
Would someone be able to explain this to me like I'm Alice or Bob? ELIAB for short. |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2156
Merit: 1745
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
March 07, 2023, 03:01:21 PM |
|
|
|
|
|
|
BitcoinBunny
Legendary
Offline
Activity: 1442
Merit: 2493
|
|
March 07, 2023, 03:13:52 PM Merited by JayJuanGee (1) |
|
Another day, another drop. Still below 2017 high when we consider inflation. All is hunky dory with the economy apparently. Nothing to worry about. House prices are in fact up according to the lamestream UK media. (Thought there was 10% inflation? No mention of that, why would there be) But sure, I'm the one being negative. ThInGs ArE aBsOlUtElY fInE.  |
|
|
|
|
|
|
d_eddie
Legendary
Offline
Activity: 2478
Merit: 2895
|
|
March 07, 2023, 03:30:43 PM |
|
Ouch.
|
|
|
|
|
|
Poll
