Bitcoin Forum
September 26, 2018, 03:43:03 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 »  All
  Print  
Author Topic: Reused R values again  (Read 119154 times)
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1750
Merit: 1001

Reverse engineer from time to time


View Profile
December 03, 2014, 07:16:57 AM
 #21

I have a standalone machine with Pentium II processor which I do not use for long. It is infected with some virus/malware too. But I dont plan to connect it to the internet in some coming years

As said, don't use it. You don't know if the random numbers generated are truly random, they could be predictable or plausibly brute-forceable for the attacker.
You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer. Nevertheless caution is needed.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
1537976583
Hero Member
*
Offline Offline

Posts: 1537976583

View Profile Personal Message (Offline)

Ignore
1537976583
Reply with quote  #2

1537976583
Report to moderator
1537976583
Hero Member
*
Offline Offline

Posts: 1537976583

View Profile Personal Message (Offline)

Ignore
1537976583
Reply with quote  #2

1537976583
Report to moderator
Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537976583
Hero Member
*
Offline Offline

Posts: 1537976583

View Profile Personal Message (Offline)

Ignore
1537976583
Reply with quote  #2

1537976583
Report to moderator
1537976583
Hero Member
*
Offline Offline

Posts: 1537976583

View Profile Personal Message (Offline)

Ignore
1537976583
Reply with quote  #2

1537976583
Report to moderator
1537976583
Hero Member
*
Offline Offline

Posts: 1537976583

View Profile Personal Message (Offline)

Ignore
1537976583
Reply with quote  #2

1537976583
Report to moderator
dserrano5
Legendary
*
Offline Offline

Activity: 1848
Merit: 1000



View Profile
December 03, 2014, 07:23:42 AM
 #22

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 118


View Profile
December 03, 2014, 05:53:19 PM
 #23

I just noticed that amaclin tries to double spend the broken transaction in real-time:

https://blockchain.info/tx/df02f56b230c397cb67bb5334209f7e45d58f1f9d6eb1df1bc17e6ecb107e206

This is a double spend of the transaction that revealed the private keys.  In this case the double spend was not successful (despite the fact that he used twice the fee).

Since my lists are generated using only the transactions in the block chain, the list won't contain the addresses where the broken transactions were successfully double spent.



Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
newIndia
Legendary
*
Offline Offline

Activity: 1484
Merit: 1006


View Profile
December 06, 2014, 03:19:41 PM
 #24

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

A Pentium II machine, which is not connected online for long is supposed to be safe from new viruses. Is not it ?
altcoinex
Sr. Member
****
Offline Offline

Activity: 293
Merit: 250


Director - www.cubeform.io


View Profile WWW
December 06, 2014, 04:14:01 PM
 #25

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

A Pentium II machine, which is not connected online for long is supposed to be safe from new viruses. Is not it ?

Nothing is safe. You have to ASSUME compromise and act under that assumption. Nothing wrong with using this machine, but only after a full whipe and clean and you verify no root kits, and not running and old software or some decades old OS etc.. Beyond that, there is NO REASON to connect the system to the internet for ANY time as opposed to 'not long'. If your going the route of an isolated machine for generating keys, I would recommend a livecd version of a linux distro, with a python or shell based tool for address/key generation included on it. No exposure to the internet for the system....


                                     ╓╢╬╣╣╖
                                   ┌║██████║∩
                                   ]█████████
                                    ╜██████╝`
                                      ╙╜╜╜`
                                   ╓╥@@@@@@╥╓
         ╓╖@@╖,                 ,@║██████████╢@,                 ,╓@@╖╓
       ╓╢██████╢.              ╓╢███████████████╖               ║╢█████║╓
       ║█████████    ,,╓╓,,   ┌║█████████████████┐   ,,╓╓,,    ]█████████
       └╢██████║` ╓╢║██████╢║∩``╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙╙`»╢╢██████╢║╖  ║███████╜
         "╜╜╜╜` ╖╢█████████╣╜                      └╢██████████@ `╜╜╜╜╜
               ║██████████╜                          ╙╢██████████
              ┌█████████╜                              ╙╢█████████
              └███████╨`                                 ╜████████
               ║████╨╜                                    `╢█████
                ╙╢╣╜                                        └╢█╜
                ,,                                            ,,
             ╓@║██┐                                          ┌██║@╓
            ╢██████                                          ]█████H
           ╢███████∩                                        ┌████████
  ╓@@@@╓   █████████                                        ║████████`  ╓@@@@╖
╓╢██████║. █████████∩                                      ┌█████████ ,║███████╖
██████████ └█████████                                      ██████████ ]█████████
`║██████╜`  └╢████████                                    ┌███████╣╜   ╙██████╨`
  `╙╜╜╙`      `╙╨╢████                                    █████╝╜`       `╙╜╜`
                      ]@╓                              ╓╖H
                      ███╢║@╓,                    ,╓@╢╢███`
                      ████████╢@╖╓.           ╓╖@║████████`
                      ]███████████╢║@╓,  ,╓@╢╢████████████
                       ╙╢█████████████╨` ╜██████████████╜
                         ╙╝╢███████║╜`    `╜║████████╝╜`
                     ,╓@@@╓  `²╙``             `╙²`  ╓@@@╖,
                    ║╢█████╢H                      ╓╢██████H
                    █████████                      █████████`
                    ╙╢██████╜                      ╙╢██████╜
                      └╨╩╝┘                          └╨╩╝╜
WINFLOW.
██
██
██
██
██
██
██
██
██
██
██
██
██
..
██
██
██
██
██
██
██
██
██
██
██
██
██
.
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


View Profile
December 07, 2014, 12:43:26 PM
 #26

Quote
Since this thread was bumped, I think I should update it.
There seems to be a new buggy program that reuses the same R value for all signatures in a transaction.  It started around September 2014.
[...]
Does anyone know what the buggy program is?
I know.
yakuza699
Hero Member
*****
Offline Offline

Activity: 935
Merit: 1000


View Profile
December 07, 2014, 12:54:20 PM
 #27

Quote
Since this thread was bumped, I think I should update it.
There seems to be a new buggy program that reuses the same R value for all signatures in a transaction.  It started around September 2014.
[...]
Does anyone know what the buggy program is?
I know.
Would you mind charing it?

▄▄▄▄▄▄▄▄
▄▄▄▄▄▄
▄▄▄▄
BTC BitDice.me 
.
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


View Profile
December 07, 2014, 02:51:43 PM
 #28

Quote
Would you mind charing it?
Do you mean "share info"? I do now want to do it right now.
Everything is visible enough in the blockchain. Just open your eyes and use your brain.
arnuschky
Hero Member
*****
Offline Offline

Activity: 516
Merit: 500


View Profile
December 07, 2014, 03:07:03 PM
 #29

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

A Pentium II machine, which is not connected online for long is supposed to be safe from new viruses. Is not it ?

Why take the risk if you can just start a bootable live cd of some linux distro?
arnuschky
Hero Member
*****
Offline Offline

Activity: 516
Merit: 500


View Profile
December 07, 2014, 03:08:42 PM
 #30

Quote
Would you mind charing it?
Do you mean "share info"? I do now want to do it right now.
Everything is visible enough in the blockchain. Just open your eyes and use your brain.

Well, either you keep that information because you have informed the developers of the buggy program that they have to fix it (which would be laudable) or you have other, possible sinister reasons to keep the program's name for yourself.

Which one is it?
cr1776
Legendary
*
Offline Offline

Activity: 2002
Merit: 1007


View Profile
December 07, 2014, 03:10:05 PM
 #31

Quote
Would you mind charing it?
Do you mean "share info"? I do now want to do it right now.
Everything is visible enough in the blockchain. Just open your eyes and use your brain.

Well, either you keep that information because you have informed the developers of the buggy program that they have to fix it (which would be laudable) or you have other, possible sinister reasons to keep the program's name for yourself.

Which one is it?

He sweeps those addresses for the coins.
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


View Profile
December 07, 2014, 03:19:40 PM
 #32

Quote
you have informed the developers of the buggy program that they have to fix it
I haven't said that I have developers contacts. How can I inform them?

Quote
He sweeps those addresses for the coins.
Are you ready to prove it?
cr1776
Legendary
*
Offline Offline

Activity: 2002
Merit: 1007


View Profile
December 07, 2014, 04:54:37 PM
 #33

Quote
you have informed the developers of the buggy program that they have to fix it
I haven't said that I have developers contacts. How can I inform them?

Quote
He sweeps those addresses for the coins.
Are you ready to prove it?

I was just reporting what you said here:



Quote
What wallet?  It is old given the bug you encountered.
Fix the issue and amaclin may return it. He is usually helpful - many people will just sweep it and do not help people who have an issue.

Do not import compromised private keys to your wallet
Do not give your private keys to anybody
Do not use untrusted services

How else can I help you?
I think this advises cost more than 0.02

PS. No. I do not return btc. I can give you knowledge and experience - they cost more.

See:
https://bitcointalk.org/index.php?topic=879419.20

And other threads where you say you scan for the addresses (like many other people do).



amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


View Profile
December 07, 2014, 05:18:18 PM
 #34

These are only words. This is not a proof.
Let me say here that I am a president of United States.
Do you trust me and my words now?
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 118


View Profile
December 08, 2014, 11:18:08 AM
 #35

Hello,

there were a large bunch of new broken addresses today (several 100s in one day).  I took the liberty of saving some funds before they got swiped by others.  If you can convince me that they belong to you (signing a message with the address is obviously not enough; the private key is already known),  I will send the funds back.

Look into the file http://johoe.mooo.com/bitcoin/broken.txt, to see whether your address was broken.







Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


View Profile
December 08, 2014, 12:30:23 PM
 #36

Quote
I took the liberty of saving some funds before they got swiped by others.

Is it your address 1HuqM18GMVaLxTRGdmSgytzVYnhRzu7U68 ?
And is it your service: http://sharedcoin.com/Grin
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 118


View Profile
December 08, 2014, 01:07:14 PM
 #37

Quote
I took the liberty of saving some funds before they got swiped by others.

Is it your address 1HuqM18GMVaLxTRGdmSgytzVYnhRzu7U68 ?
yes
Quote
And is it your service: http://sharedcoin.com/Grin
no.  Just plain old bitcoind using rawtransaction interface

I think this is not related to the other bug that started in September.  There are a lot of reused R-values sometimes not even in the same transaction.  The scale is also much bigger (500 addresses in one day, >200 BTC).  I still count almost 300 unspent outputs (but I'm too lazy to swipe them all).


Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000


View Profile
December 08, 2014, 01:19:58 PM
 #38

Quote
no.  Just plain old bitcoind using rawtransaction interface
I mean that this service belongs to bc.i
And you are also from bc.i (may be I am wrong of course)

Quote
I think this is not related to the other bug that started in September.

Man-in-the-middle on tor exit node?
or may be http://www.reddit.com/r/Bitcoin/comments/2oltp9/warning_blockchaininfos_javascript_verifier_is/
btcdrak
Legendary
*
Offline Offline

Activity: 1064
Merit: 1000


View Profile
December 08, 2014, 04:57:19 PM
 #39

Quote
no.  Just plain old bitcoind using rawtransaction interface
I mean that this service belongs to bc.i
And you are also from bc.i (may be I am wrong of course)

Quote
I think this is not related to the other bug that started in September.

Man-in-the-middle on tor exit node?
or may be http://www.reddit.com/r/Bitcoin/comments/2oltp9/warning_blockchaininfos_javascript_verifier_is/

No, this: http://www.reddit.com/r/Bitcoin/comments/2onm5r/blockchaininfo_security_disclosure/
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 118


View Profile
December 08, 2014, 05:38:41 PM
 #40


Thanks, for the link.  Although, if they already fixed this problem this morning, why are there still repeated R values generated? 
I still find reused R values in new transactions.   Is this just a browser cache issue or is the problem still not solved completely?

E.g.:

https://blockchain.info/tx/f10d5c469c634de25276aae9c4e14add80ad9c66000182fac1b30e72a99298fb

uses the same R values as:

https://blockchain.info/tx/cf0b65ec6a2f9b5e003358d7b9bb6e04b30138c4dba30724f600bf753bfc3f4a


Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!