gmaxwell
Moderator
Legendary
Offline
Activity: 4270
Merit: 8803
|
|
December 13, 2014, 08:30:51 AM |
|
I lost 23800 safecoin linked to my btc address , who would take the responsibility? XCP or blockchain.info?
How about you? No one but you chose to use counterparty or blockchain.info. I'm sorry to hear about your loss, but this is what happens when you use unreviewed cryptographic software-- especially things which have already been publicly criticized and have even suffered similar failures in their past.
|
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1116
|
|
December 13, 2014, 08:39:07 AM |
|
I lost 23800 safecoin linked to my btc address , who would take the responsibility? XCP or blockchain.info?
How many places are you planning to post this? https://bitcointalk.org/index.php?topic=879419.msg9825935#msg9825935
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
December 13, 2014, 08:44:18 AM |
|
How about you? No one but you chose to use counterparty or blockchain.info. Great. A have to add: No one but you chose to use crypto-currency instead of national money. You pay nothing to community - you have nothing back from it. Point. This is law of conservation. Even Satoshi Nakamoto can not break it.
|
|
|
|
LifeisGreat88088
|
|
December 13, 2014, 08:47:17 AM |
|
Just two threads. I think the two threads are relatively.
|
|
|
|
|
LifeisGreat88088
|
|
December 13, 2014, 09:14:26 AM |
|
How about you? No one but you chose to use counterparty or blockchain.info. Great. A have to add: No one but you chose to use crypto-currency instead of national money. You pay nothing to community - you have nothing back from it. Point. This is law of conservation. Even Satoshi Nakamoto can not break it. 天网恢恢 疏而不漏
善有善报 恶有恶报
不是不报 时候未到
时候一到 一切报销
|
|
|
|
amaclin
Legendary
Offline
Activity: 1260
Merit: 1019
|
|
December 13, 2014, 09:16:10 AM |
|
could you tell me the price of BTC 2016.1.1? I can. Less than $10. Wanna bet? But discussing price / loses / investing / risk / insurance / obligations is offtopic here. UPD: sorry, i do not understand chinese.
|
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1116
|
|
December 13, 2014, 09:17:21 AM |
|
could you tell me the price of BTC 2016.1.1? I can. Less than $10. Wanna bet? But discussing price / loses / investing / risk / insurance / obligations is offtopic here. zing
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
johoe (OP)
|
|
December 13, 2014, 10:37:47 AM |
|
@bcearl: I used my own tools. Basically finds repeated R values as I have written before.
@lifeisgreat88088: Definitely not bc.i. Your address 1CAsR... was exposed in April by the counterparty bug. They refunded the users back then. You probably can still claim the 0.0017228 BTC you lost in April (doesn't help you much I fear), but I doubt it extends to the new money you put on the address afterwards. @dexX7: I received it, thanks. Weak R values = values produced by the broken RNG. I never looked into the RNG. I only looked at the random numbers random people produced when signing transactions. Assuming there were about 2000 signature affected by that bug, I only see a weak R value if it was produced twice in these 2000 signatures (otherwise I see it only once and assume that it is not special). Note that not only the k/R values (k is the private key for the public R) are generated by the RNG but also new private/public keys. I only did a very basic search for them but there are 83 public keys that match an R value.
My estimate on how many weak R values I don't see is based on the distribution of R values I see 2, 3, 4 or more times. This should give a geometric series from which the number of weak R values seen only once can be estimated. The data basis is too small to give precise results. I would say from 300-700 such transactions should exists.
|
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
dunchy
|
|
December 13, 2014, 11:30:06 AM |
|
We want to see Johoe as the chairmain of bitcoin foundation !
|
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
December 13, 2014, 12:45:20 PM |
|
We want to see Johoe as the chairmain of bitcoin foundation !
but there is already that smart guy: (PS: nice job johoe)
|
|
|
|
goosoodude
|
|
December 13, 2014, 12:45:55 PM |
|
We want to see Johoe as the chairmain of bitcoin foundation !
At least a consultant. I assume any address which was not created nor did any transaction during that window should be fine?
|
|
|
|
johoe (OP)
|
|
December 14, 2014, 12:28:17 AM Last edit: December 14, 2014, 12:41:47 AM by johoe |
|
This is a typical example. It was broken in several steps: 1LT8zYr6WW5zcnWiYr5gbLT621rPhPGyP2 has two signatures with R-value 2a6f8c926... This gives us the corresponding k value. Using this k value, we can now break 1NaMT8A9FysDGRXEL1YdY6VCJUwvXEUedz that uses the same R value. This key has another signature with R value 460ba0d.... so we can compute the k value for this. Using this k value, we can break 1Ep4E6WF6jZRhnLCBrFF96fQ8ocvNX728C, Similarly we get the k value for R value f3b5c9...., that is used with the 1Ep4 key. This gives us the private key for 1FRDgmxVrUUNiiB7GN3NNcJDEEXtFB22rm. Finally this has a signature with the R value 6bcc247f1... that was also used to sign with 19owWJc. Many keys require this multi-step reasoning. This is probably why the bots couldn't break the keys. My tool follows these chains. I think this is why I was the first who could swipe the keys despite doing it manually. This is the chain my program chooses now. I'm not sure if all these signatures were present when I broke the key the first time. But there are other chains leading to this key. I shouldn't say may program chooses chains. It just computes K values and private keys until it cannot compute any new K value or private key.
|
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
|
|
December 14, 2014, 12:45:39 AM |
|
This is a typical example. It was broken in several steps: 1LT8zYr6WW5zcnWiYr5gbLT621rPhPGyP2 has two signatures with R-value 2a6f8c926... This gives us the corresponding k value. Using this k value, we can now break 1NaMT8A9FysDGRXEL1YdY6VCJUwvXEUedz that uses the same R value. This key has another signature with R value 460ba0d.... so we can compute the k value for this. Using this k value, we can break 1Ep4E6WF6jZRhnLCBrFF96fQ8ocvNX728C, Similarly we get the k value for R value f3b5c9...., that is used with the 1Ep4 key. This gives us the private key for 1FRDgmxVrUUNiiB7GN3NNcJDEEXtFB22rm. Finally this has a signature with the R value 6bcc247f1... that was also used to sign with 19owWJc. Many keys require this multi-step reasoning. This is probably why the bots couldn't break the keys. My tool follows these chains. I think this is why I was the first who could swipe the keys despite doing it manually. This is the chain my program chooses now. I'm not sure if all these signatures were present when I broke the key the first time. But there are other chains leading to this key. I shouldn't say may program chooses chains. It just computes K values and private keys until it cannot compute any new K value or private key. Well, I bet it won't take long for bots to adjust to this tactic.
|
|
|
|
freedomno1
Legendary
Offline
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
|
|
December 14, 2014, 02:15:51 AM |
|
Johoe is now a crypto superhero. I must to bump
Was reading through some articles and came upon this Good job Johoe you have my respect I tip my hat to you
|
Believing in Bitcoins and it's ability to change the world
|
|
|
bcearl
|
|
December 14, 2014, 08:18:21 AM |
|
@johoe: I bet you could swipe even more addresses, if you analyze the weak random generator and try all possible values of k. This way you would even swipe those who used k only once.
|
Misspelling protects against dictionary attacks NOT
|
|
|
|
johoe (OP)
|
|
December 14, 2014, 05:22:25 PM |
|
the answer is in the post directly above yours (by bcearl).
|
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
yakuza699
|
|
December 14, 2014, 05:29:15 PM |
|
the answer is in the post directly above yours (by bcearl). I am looking at the addresses from which the coins were swept and I am trying to get the priv key of those addresses but I fail over and over again.
|
|
|
|
|