SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 10, 2013, 04:52:13 PM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 10, 2013, 07:05:17 PM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
I don't think this is true. I got a payment and need to confirm that the user in forum that claims that its her payment is the real person. She added her username in the transaction. So now im wondering if that is proof enough. Can only the owner of the address set this note?
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3472
Merit: 4801
|
|
May 10, 2013, 07:12:51 PM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
I don't think this is true. I got a payment and need to confirm that the user in forum that claims that its her payment is the real person. She added her username in the transaction. So now im wondering if that is proof enough. Can only the owner of the address set this note? Ah, I misunderstood what you were asking. I wouldn't call it "equivalent of verifying an address with a signature", but it is might be sufficient for the purposes you are trying to use it. Are you willing to post (or PM) the transactionID here, or would you prefer to keep that information private? In the future, to avoid this confusion, you should really give each sender a different bitcoin address to send their bitcoins to you. That way you know immediately who sent the bitcoins since you know who you gave the address to.
|
|
|
|
yxt
Legendary
Offline
Activity: 3528
Merit: 1116
|
|
May 10, 2013, 07:28:31 PM |
|
No! people should read and pay only from addresses they control
|
BTC | Kano Pool | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ | | ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ |
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 10, 2013, 08:23:29 PM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
I don't think this is true. I got a payment and need to confirm that the user in forum that claims that its her payment is the real person. She added her username in the transaction. So now im wondering if that is proof enough. Can only the owner of the address set this note? Ah, I misunderstood what you were asking. I wouldn't call it "equivalent of verifying an address with a signature", but it is might be sufficient for the purposes you are trying to use it. Are you willing to post (or PM) the transactionID here, or would you prefer to keep that information private? In the future, to avoid this confusion, you should really give each sender a different bitcoin address to send their bitcoins to you. That way you know immediately who sent the bitcoins since you know who you gave the address to. Its the address for a groupbuy. So it wouldnt work out to create unique addresses for each payment. Thats why i let them verify the sending address. But this special payment is coming from the username that its signed with because no other person could fake this. No! people should read and pay only from addresses they control I think its possible to sign a message with a blockchain.info wallet. The buyer thought that the message she sent with the transaction was the verification i think. But when its a similar proof...
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
piuk (OP)
|
|
May 10, 2013, 11:51:41 PM Last edit: May 12, 2013, 03:30:30 PM by piuk |
|
Are you going to add the P2P Fallback mode also on the Chrome app?
I suspect it could be done with a native client plugin but if it needs to be dependant on a native plugin then it might as well just be a standalone desktop lite client. May be some time in the future but for the moment my priority is to revise the iphone app and then get multisig working and/or support for a hardware wallet. If some key is a "compressed" one, and you pass that "04..." string to someone else, who then creates a multisig-address based on the "04..." key you gave him, then you will NOT be able to sign it later!
I think this is just a limitation of Bitcoin-Qt though? if the client tests both the compressed and compressed version of the key signing should be possible. The correct pub key will now been shown now. Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
Usernames were spidered from signatures on this forum and since you can put anything in your own signature it isn't good verification. Notes also be added when a transaction is submitted to blockchain.info which is slightly better proof because because the person that submitted it is likely to be the signer, however it still not 100% verification. You can sign and verify a message in the web interface. ------ Changes: - The mnemonic phrase now encodes both the wallet identifier and password and can be used to restore a wallet at https://blockchain.info/wallet/recover-wallet- Blockchain.info will not be enforcing the new 54uBTC minimum output size. However the transaction creation routine has been altered to avoid creating any change outputs less than 0.01 BTC, using more outputs if necessary. This will avoid none standard transactions being created accidentally as defined by the new Bitcoin-Qt rule. The apps will also need adjusting. - mBTC display can be enabled in account settings - You can no longer add an alias without first verifying an email address.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3472
Merit: 4801
|
|
May 11, 2013, 03:31:34 AM |
|
- snip - In the future, to avoid this confusion, you should really give each sender a different bitcoin address to send their bitcoins to you. That way you know immediately who sent the bitcoins since you know who you gave the address to.
Its the address for a groupbuy. So it wouldnt work out to create unique addresses for each payment. I disagree.
|
|
|
|
rme
|
|
May 11, 2013, 06:55:36 AM |
|
The Chrome App needs translations. Please add them
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 11, 2013, 09:23:46 AM |
|
- snip - In the future, to avoid this confusion, you should really give each sender a different bitcoin address to send their bitcoins to you. That way you know immediately who sent the bitcoins since you know who you gave the address to.
Its the address for a groupbuy. So it wouldnt work out to create unique addresses for each payment. I disagree. Till now its 69 orders. So creating a new address for everyone and then having to collect all bitcoins again to order sounds like a bit of work for me. Edit: And not to forget the mails asking for an address, creating this, sending back and so on. It looks easier to me to receive the payment, get the claim and a signature i can check here for example: http://brainwallet.org/?vrMsg=sf#verify
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
May 11, 2013, 10:33:32 AM |
|
No! people should read and pay only from addresses they control Yes, and the world should be a better place
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
piuk (OP)
|
|
May 11, 2013, 12:12:03 PM |
|
The Chrome App needs translations. Please add them Added in the latest version (Needs to be set in Account Settings).
|
|
|
|
techwtf
|
|
May 12, 2013, 08:36:34 AM Last edit: May 12, 2013, 08:49:44 AM by techwtf |
|
Which client signed the tx? I found something like this in log: ERROR: Non-canonical signature: S value negative ERROR: CScriptCheck() : d1b6f78247cfb448a7e9b00964d801fc02abb5f2c80423053634e01be26d6125 VerifySignature failed ERROR: CTxMemPool::accept() : ConnectInputs failed d1b6f78247cfb448a7e9b00964d801fc02abb5f2c80423053634e01be26d6125 check it out: http://blockchain.info/tx/d1b6f78247cfb448a7e9b00964d801fc02abb5f2c80423053634e01be26d6125?show_adv=truesometimes other wrong type of signature appeared, all comes from blockchain.info Edit: Add another one: ERROR: Non-canonical signature: R value negative ERROR: CScriptCheck() : e65f7625cc2f2f280e5af5b6c320c9e8a978000a70d61e399210890e435177c4 VerifySignature failed ERROR: CTxMemPool::accept() : ConnectInputs failed e65f7625cc2f2f280e5af5b6c320c9e8a978000a70d61e399210890e435177c4 http://blockchain.info/tx/e65f7625cc2f2f280e5af5b6c320c9e8a978000a70d61e399210890e435177c4?show_adv=trueand a5ab5a894ac936771f716357c92660acedc5c35b915b9b5e599380c0a1252800 ...
|
|
|
|
b!z
Legendary
Offline
Activity: 1582
Merit: 1010
|
|
May 12, 2013, 10:23:45 AM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
I don't think this is true. I got a payment and need to confirm that the user in forum that claims that its her payment is the real person. She added her username in the transaction. So now im wondering if that is proof enough. Can only the owner of the address set this note? Ask her to sign a message with the priv key
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 12, 2013, 01:58:45 PM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
I don't think this is true. I got a payment and need to confirm that the user in forum that claims that its her payment is the real person. She added her username in the transaction. So now im wondering if that is proof enough. Can only the owner of the address set this note? Ask her to sign a message with the priv key She wrote her username into the transaction, so that i could see it in blockchain.info. As long as she have no donor it should be proof that its her address, so this forumuser paid this. At least i understand it now this way that only the real sender can put in a message. So it should be a proof as good as signing a message. Correct me if im wrong...
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
May 12, 2013, 02:19:40 PM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
I don't think this is true. I got a payment and need to confirm that the user in forum that claims that its her payment is the real person. She added her username in the transaction. So now im wondering if that is proof enough. Can only the owner of the address set this note? Ask her to sign a message with the priv key She wrote her username into the transaction, so that i could see it in blockchain.info. As long as she have no donor it should be proof that its her address, so this forumuser paid this. At least i understand it now this way that only the real sender can put in a message. So it should be a proof as good as signing a message. Correct me if im wrong... Just ask her to sign a message using the key. It's common practice. Why rely on something you don't know much about if you have something secure?
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 12, 2013, 02:27:46 PM |
|
Only a question about the messages that sometimes are above a transaction. public note. When such transaction shows the username of a user here in the forum then thats a proof when this forum user claims the btc are coming from him. I mean that can only be edited or set by the real owner of the sending address right? Its an equivalent of verifying an address with a signature?
I don't think this is true. I got a payment and need to confirm that the user in forum that claims that its her payment is the real person. She added her username in the transaction. So now im wondering if that is proof enough. Can only the owner of the address set this note? Ask her to sign a message with the priv key She wrote her username into the transaction, so that i could see it in blockchain.info. As long as she have no donor it should be proof that its her address, so this forumuser paid this. At least i understand it now this way that only the real sender can put in a message. So it should be a proof as good as signing a message. Correct me if im wrong... Just ask her to sign a message using the key. It's common practice. Why rely on something you don't know much about if you have something secure? So you say it is unsecure? I asked in this thread and i was told its not possible to put your username to another users transaction. At least as long as you dont have access to his wallet. But if its this far a signed message cant help too anymore. So for now it looks like a proof to me. If you see a risk please explain where it lies.
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
piuk (OP)
|
|
May 12, 2013, 03:34:54 PM |
|
Which client signed the tx? I found something like this in log:
Those non-standard signatures should have been fixed a while back. I don't think it is the web interface producing those, possibly another client using /pushtx or an old iphone app. I've added IsCanonicalSignature() checks to the javascript signer and /pushtx which will be deployed in the next update all the signatures I tested produced with the web interface and android app passed but will have to wait and see if anyone starts complaining, regardless those transactions should not be broadcast anymore since the majority of nodes will rejected them.
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 12, 2013, 04:36:56 PM |
|
Which client signed the tx? I found something like this in log:
Those non-standard signatures should have been fixed a while back. I don't think it is the web interface producing those, possibly another client using /pushtx or an old iphone app. I've added IsCanonicalSignature() checks to the javascript signer and /pushtx which will be deployed in the next update all the signatures I tested produced with the web interface and android app passed but will have to wait and see if anyone starts complaining, regardless those transactions should not be broadcast anymore since the majority of nodes will rejected them. Are you the owner of blockchain.info? If so can you say word about the description of transactions that can be done. I think, judging from what i was told, that the message can only be made from someone who has access to the sending address. So it delivers the same security like signing a message to an address. Because you have to have access to that address to be able to send money and to be able to sing messages/make a notice on a transaction. Thats right?
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
piuk (OP)
|
|
May 12, 2013, 04:46:33 PM |
|
I think, judging from what i was told, that the message can only be made from someone who has access to the sending address.
A note can be added by the person who submits a transaction to blockchain.info which hasn't been seen on the network previously. Signature verification using a signed message is better because a) you are trusting that blockchain.info is not lying to you b) a transaction could be intercepted very quickly from its true originator before it reaches our node and manually submitted to us including a note. But it does serve a reasonable proof if you are ok with the above.
|
|
|
|
SebastianJu
Legendary
Offline
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
|
|
May 12, 2013, 05:15:06 PM |
|
I think, judging from what i was told, that the message can only be made from someone who has access to the sending address.
A note can be added by the person who submits a transaction to blockchain.info which hasn't been seen on the network previously. Signature verification using a signed message is better because a) you are trusting that blockchain.info is not lying to you b) a transaction could be intercepted very quickly from its true originator before it reaches our node and manually submitted to us including a note. But it does serve a reasonable proof if you are ok with the above. Hm... then i will demand a real proof. If there are possibilities to interfere its not good. Thanks for clearing this up...
|
Please ALWAYS contact me through bitcointalk pm before sending someone coins.
|
|
|
|