amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
December 14, 2014, 05:29:54 PM |
|
the answer is in the post directly above yours (by bcearl). I only can say for myself: it was too hard for me to reproduce this RNG. I found sources http://code.google.com/p/srp-js/source/browse/trunk/javascript/prng4.js?r=12But I do not know how Math.random works in java-script By the way. The implementation for Math.random can be different in browsers
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
johoe (OP)
|
|
December 14, 2014, 05:51:32 PM |
|
I may give more details on the rng later. At the moment there is still too much money lying around. Does anyone know how to check if there is an unconfirmed transaction trying to spend an output? Do I have to use bitcoin-cli listtransactions and then dump each transaction to check which output was spent? The wallet operations on bitcoind are so slow when you have 1400 private keys imported. I hate that signtransaction or sendtransaction don't tell me which input it is that I shouldn't spend .
|
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3514
Merit: 9476
#1 VIP Crypto Casino
|
|
December 14, 2014, 05:54:15 PM |
|
Is it safe to send BTC from a blockchain.info wallet to another wallet or cold storage yet?
I'm hesitant to make any transactions on there now.
Am I safer just leaving what I have left there where it is for the moment?
|
|
|
|
guitarplinker
Legendary
Offline
Activity: 1694
Merit: 1024
|
|
December 14, 2014, 05:58:16 PM |
|
Were R values re-used again today? I see that johoe has ~250 BTC more in his wallet today with messages saying "Contact Blockchain support".
|
|
|
|
yakuza699
|
|
December 14, 2014, 06:08:23 PM |
|
Were R values re-used again today? I see that johoe has ~250 BTC more in his wallet today with messages saying "Contact Blockchain support".
As far as I understand they are from a previous bug of blockchain.info but this time johoe uses all possible values of k.
|
|
|
|
yakuza699
|
|
December 14, 2014, 06:09:50 PM |
|
Is it safe to send BTC from a blockchain.info wallet to another wallet or cold storage yet?
I'm hesitant to make any transactions on there now.
Am I safer just leaving what I have left there where it is for the moment?
Yes it is safe to transfer all of the funds from your blockchain.info account to a newly created wallet with bitcoin core and never use that blockchain.info wallet again.
|
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3514
Merit: 9476
#1 VIP Crypto Casino
|
|
December 14, 2014, 06:12:29 PM |
|
Is it safe to send BTC from a blockchain.info wallet to another wallet or cold storage yet?
I'm hesitant to make any transactions on there now.
Am I safer just leaving what I have left there where it is for the moment?
Yes it is safe to transfer all of the funds from your blockchain.info account to a newly created wallet with bitcoin core and never use that blockchain.info wallet again. Can I send my entire blockchain wallet to a paper wallet without it being compromised, at least on the blockchain.info end?
|
|
|
|
yakuza699
|
|
December 14, 2014, 06:33:08 PM |
|
Is it safe to send BTC from a blockchain.info wallet to another wallet or cold storage yet?
I'm hesitant to make any transactions on there now.
Am I safer just leaving what I have left there where it is for the moment?
Yes it is safe to transfer all of the funds from your blockchain.info account to a newly created wallet with bitcoin core and never use that blockchain.info wallet again. Can I send my entire blockchain wallet to a paper wallet without it being compromised, at least on the blockchain.info end? If you mean "Can I send my whole balance from blockchain.info to a paper wallet that is not created by blockchain.info" Than yes it is pretty safe if you generated that paper wallet in an offline mode.But after that never use that blockchain.info wallet.
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
December 14, 2014, 06:35:41 PM |
|
Does anyone know how to check if there is an unconfirmed transaction trying to spend an output? No such tool exists. Even your node has not unconfirmed output you can not be sure that all your peers do not have such txs in their mempools. Note: you also can not spend coinbase outputs from Eligius before 100 confirmations
|
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3514
Merit: 9476
#1 VIP Crypto Casino
|
|
December 14, 2014, 06:48:07 PM |
|
Is it safe to send BTC from a blockchain.info wallet to another wallet or cold storage yet?
I'm hesitant to make any transactions on there now.
Am I safer just leaving what I have left there where it is for the moment?
Yes it is safe to transfer all of the funds from your blockchain.info account to a newly created wallet with bitcoin core and never use that blockchain.info wallet again. Can I send my entire blockchain wallet to a paper wallet without it being compromised, at least on the blockchain.info end? If you mean "Can I send my whole balance from blockchain.info to a paper wallet that is not created by blockchain.info" Than yes it is pretty safe if you generated that paper wallet in an offline mode.But after that never use that blockchain.info wallet. Thanks boss
|
|
|
|
defaced
Legendary
Offline
Activity: 2184
Merit: 1011
Franko is Freedom
|
|
December 14, 2014, 06:53:42 PM |
|
this is wild man
|
|
|
|
johoe (OP)
|
|
December 14, 2014, 06:57:58 PM |
|
Okay, most is swept, I think less than a 1 BTC remaining I can assure you that there were no massive new weak signatures appearing. Instead I managed to analyze the broken RNG and produced the same "random" numbers again. This enabled me to break most of the keys that were exposed last week. I can break a key, even if the corresponding R value appeared only once in a signature, because my simulated RNG provides the k value. As always I plan to return it to bc.i and you can contact their support to get your refund. Thus far I generated 51200 random numbers. I should check if I find more keys when generating more random numbers.
|
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
bcearl
|
|
December 14, 2014, 06:58:30 PM Last edit: December 14, 2014, 07:08:50 PM by bcearl |
|
Just write a program with Javascript that prints out some k (and corresponding points R) and save them. I was just too lazy to do all that, I hope that my posting did not inspire some thief. I thought that if I post it maybe another good guy will do it before. Anyways everybody who used the wallet in the time it was broken should have known and sent their coins to new addresses already. If you know k, you can compute the private key. Known k is even simpler than with two unknown reused values of k. (If I saved your BTC, you're welcome. 1PMh3K3QrKwaKhmjH46ZqniHwHJvwW3xA)
|
Misspelling protects against dictionary attacks NOT
|
|
|
gabridome
|
|
December 14, 2014, 07:16:17 PM |
|
Okay, most is swept, I think less than a 1 BTC remaining I can assure you that there were no massive new weak signatures appearing. Instead I managed to analyze the broken RNG and produced the same "random" numbers again. This enabled me to break most of the keys that were exposed last week. I can break a key, even if the corresponding R value appeared only once in a signature, because my simulated RNG provides the k value. As always I plan to return it to bc.i and you can contact their support to get your refund. Thus far I generated 51200 random numbers. I should check if I find more keys when generating more random numbers. You are really someone in my personal hall of fame man. Even if I don't keep a penny on b.I. I feel bad for them and for their customers and I know that many horrible things may happen in the future also to others and it is very good to know someone like you is around.
|
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1115
|
|
December 14, 2014, 07:27:54 PM |
|
could you tell me the price of BTC 2016.1.1? I can. Less than $10. Wanna bet?But discussing price / loses / investing / risk / insurance / obligations is offtopic here. UPD: sorry, i do not understand chinese. This bet open to anyone?
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
|
bcearl
|
|
December 14, 2014, 08:05:29 PM |
|
Maybe they don't have weak k?
|
Misspelling protects against dictionary attacks NOT
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1075
^ Will code for Bitcoins
|
|
December 14, 2014, 08:20:16 PM |
|
Do I have to use bitcoin-cli listtransactions and then dump each transaction to check which output was spent?
The wallet operations on bitcoind are so slow when you have 1400 private keys imported.
As I understand there's a new feature which will be introduced into bitcoind 0.10.0 to work with addresses without importing private keys (watch-only): https://github.com/bitcoin/bitcoin/pull/4045It should give you what you want with 'listtransactions', and should be working already in 0.10 branch in github, if you feel like working with it.
|
|
|
|
bcearl
|
|
December 14, 2014, 08:25:51 PM |
|
Okay, most is swept, I think less than a 1 BTC remaining I can assure you that there were no massive new weak signatures appearing. Instead I managed to analyze the broken RNG and produced the same "random" numbers again. This enabled me to break most of the keys that were exposed last week. I can break a key, even if the corresponding R value appeared only once in a signature, because my simulated RNG provides the k value. As always I plan to return it to bc.i and you can contact their support to get your refund. Thus far I generated 51200 random numbers. I should check if I find more keys when generating more random numbers. I am glad that you could rescue them. I was too lazy to do all the coding, and I haven't started at all yet.
|
Misspelling protects against dictionary attacks NOT
|
|
|
yakuza699
|
|
December 14, 2014, 08:38:57 PM |
|
Maybe they don't have weak k?
Well he already swiped from those addresses once but he left some so he will probably swipe the remeaning ones I am glad that you could rescue them. I was too lazy to do all the coding, and I haven't started at all yet. I still don't really understand how to do it by hand not taking about the coding.
|
|
|
|
|