280 BTC total bets between Micon and mrb (are BFL ASICs real?) - page 24.

Micon

legendary

Activity: 1232

Merit: 1014

FPV Drone Pilot

Quote from: SgtSpike on January 23, 2013, 01:28:03 PM

And we have a bet!

https://blockchain.info/address/1B3EAGAgXoALFd6o9762hitoCyH61JxF4Y

Quote from: MPOE-PR on January 23, 2013, 03:40:01 AM

No, actually, sounds like a major hole. This needs to be addressed somehow (not necessarily for the case at hand, but in general for the system).

Also the idea of relying on MtGox breaking their customer's confidentiality is bad. I know MtGox used to do this in the past, but since MPEx introduced standards for such that sort of shit doesn't seem to fly so well anymore in the public eye either. Frankly, I doubt they'd tell you, and if they did tell you they'd just be stupidly allowing you to rehash the ver-blockchain.info experiment.

You taking "as long as necessary" is yet another hole. The average person using escrow for any purpose is not interested in adding unspecified delays to their process.

Doesn't sound like a big deal to me. I'm not worried about it.

indeed! very cool to be apart of the escrow use win or lose IMO

SgtSpike

legendary

Activity: 1400

Merit: 1005

And we have a bet!

https://blockchain.info/address/1B3EAGAgXoALFd6o9762hitoCyH61JxF4Y

Quote from: MPOE-PR on January 23, 2013, 03:40:01 AM

No, actually, sounds like a major hole. This needs to be addressed somehow (not necessarily for the case at hand, but in general for the system).

Also the idea of relying on MtGox breaking their customer's confidentiality is bad. I know MtGox used to do this in the past, but since MPEx introduced standards for such that sort of shit doesn't seem to fly so well anymore in the public eye either. Frankly, I doubt they'd tell you, and if they did tell you they'd just be stupidly allowing you to rehash the ver-blockchain.info experiment.

You taking "as long as necessary" is yet another hole. The average person using escrow for any purpose is not interested in adding unspecified delays to their process.

Doesn't sound like a big deal to me. I'm not worried about it.

mrb

legendary

Activity: 1512

Merit: 1028

Micon: then create the payment invitation, and send it to me.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: MPOE-PR on January 23, 2013, 03:40:01 AM

No, actually, sounds like a major hole. This needs to be addressed somehow (not necessarily for the case at hand, but in general for the system).

Also the idea of relying on MtGox breaking their customer's confidentiality is bad. I know MtGox used to do this in the past, but since MPEx introduced standards for such that sort of shit doesn't seem to fly so well anymore in the public eye either. Frankly, I doubt they'd tell you, and if they did tell you they'd just be stupidly allowing you to rehash the ver-blockchain.info experiment.

You taking "as long as necessary" is yet another hole. The average person using escrow for any purpose is not interested in adding unspecified delays to their process.

MtGox wouldn't be breaking anyone's confidentiality, the person who made the payment would be begging them to confirm the payment was theirs and would be cramming permission down their throats. Not sure how this would be a problem at all.

If there is a fear I will act too slowly... The program is free. Anyone can be an escrow agent. You can be a superfast escrow agent and even charge a fee for your service. For everyone else don't forget there's PayPal... They are fast, it's easy to be when you bias toward the buyer! (Reality check: they are biased and still aren't fast.)

Micon

legendary

Activity: 1232

Merit: 1014

FPV Drone Pilot

Quote from: casascius on January 23, 2013, 12:06:31 AM

Quote from: SgtSpike on January 23, 2013, 12:05:19 AM

Ok, I get Bitcoin address 1B3EAGAgXoALFd6o9762hitoCyH61JxF4Y.

What do I do with the payment invitation I generate?

Send it to Micon with the address and make sure he confirms he gets the same bitcoin address.

If you both agree you're seeing the same address, proceed to fund it.

1) getting the same address as SgtSpike and about to fire 20 coins at it

2) the .001 btc test-coin-flip with mrb I keep getting "not a valid payment invitation code" and I did see the space that copy/paste from btctalk makes.

Micon

legendary

Activity: 1232

Merit: 1014

FPV Drone Pilot

Quote from: SgtSpike on January 23, 2013, 12:05:19 AM

Quote from: casascius on January 22, 2013, 11:46:43 PM

I have gone ahead and emailed SgtSpike and Micon a set of codes.

One feature I feel worth pointing out: besides the codes starting with "einva", "einvb", or "einvp", I have made it so the following 5 characters are random but identical for a matched set.

I sent SgtSpike a code starting with einvaPoHB4
I sent Micon a code starting with einvbPoHB4
When they generate a payment invitation, it will start with einvbPoHB4
Notice PoHB4 is in all of them...this is deliberate, just so you have a quick visual way to see whether codes are part of a matched set.
Each time the Escrow Agent generates a new pair of invitation codes, these 5 characters are shuffled to something random.
In Dooglus's example above, they were T9CMj.

Ok, I get Bitcoin address 1B3EAGAgXoALFd6o9762hitoCyH61JxF4Y.

What do I do with the payment invitation I generate?

1B3EAGAgXoALFd6o9762hitoCyH61JxF4Y

got that with your payment invite. copied that shit in a secure location.

I'll hit it with 20 coins right now and hope that everything works out. Seems like the most logical plan.

MPOE-PR

hero member

Activity: 756

Merit: 522

Quote from: mrb on January 23, 2013, 04:05:16 AM

One way to work around the flaw is via a slight change of process: before a person sends to the bitcoin address, he or she privately announces to the escrow the exact amount to be transferred (eg. 10.00001234 BTC when 10 BTC were supposed to be sent). Because the less significant digits have been predicted, the escrow can trust that this person originated this transfer.

That method is logically sound (and what MPEx, the ROTA etc use), but it does run into the problem of people being people.

mrb

legendary

Activity: 1512

Merit: 1028

One way to work around the flaw is via a slight change of process: before a person sends to the bitcoin address, he or she privately announces to the escrow the exact amount to be transferred (eg. 10.00001234 BTC when 10 BTC were supposed to be sent). Because the less significant digits have been predicted, the escrow can trust that this person originated this transfer.

Or, the proper way to solve the flaw IMHO is to have the escrow program generate not 1, but 2 bitcoin addresses: person A is supposed to send to address A, and person B is supposed to send to address B.

MPOE-PR

hero member

Activity: 756

Merit: 522

Quote from: casascius on January 23, 2013, 01:40:31 AM

Quote from: dooglus on January 23, 2013, 01:24:43 AM

Quote from: casascius on January 23, 2013, 12:06:31 AM

If you both agree you're seeing the same address, proceed to fund it.

What happens if player 1 makes a deposit to the address they both agree upon from his MtGox account, posts here saying "I sent my payment" and player 2 replies "no, I sent my payment". Only one payment was sent, but we can't tell who sent it, and since it was sent from an MtGox address which neither of them controls, neither can sign a message with the sending address to prove it was them.

I guess they could use screenshots of their MtGox account, but that's easy enough to fake. Maybe the answer is not to use a web wallet when making your payment.

Seems like an unlikely enough scenario that I could just ask someone at MtGox to tell us who made the payment in the rare event it were ever to come up. As the escrow agent I could take as long as I needed to be satisfied that I know who paid. It's a lame attack with a poor chance of success so I can't imagine anyone bothering to try it.

No, actually, sounds like a major hole. This needs to be addressed somehow (not necessarily for the case at hand, but in general for the system).

Also the idea of relying on MtGox breaking their customer's confidentiality is bad. I know MtGox used to do this in the past, but since MPEx introduced standards for such that sort of shit doesn't seem to fly so well anymore in the public eye either. Frankly, I doubt they'd tell you, and if they did tell you they'd just be stupidly allowing you to rehash the ver-blockchain.info experiment.

You taking "as long as necessary" is yet another hole. The average person using escrow for any purpose is not interested in adding unspecified delays to their process.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: dooglus on January 23, 2013, 01:24:43 AM

Quote from: casascius on January 23, 2013, 12:06:31 AM

If you both agree you're seeing the same address, proceed to fund it.

What happens if player 1 makes a deposit to the address they both agree upon from his MtGox account, posts here saying "I sent my payment" and player 2 replies "no, I sent my payment". Only one payment was sent, but we can't tell who sent it, and since it was sent from an MtGox address which neither of them controls, neither can sign a message with the sending address to prove it was them.

I guess they could use screenshots of their MtGox account, but that's easy enough to fake. Maybe the answer is not to use a web wallet when making your payment.

Seems like an unlikely enough scenario that I could just ask someone at MtGox to tell us who made the payment in the rare event it were ever to come up. As the escrow agent I could take as long as I needed to be satisfied that I know who paid. It's a lame attack with a poor chance of success so I can't imagine anyone bothering to try it.

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: casascius on January 23, 2013, 12:06:31 AM

If you both agree you're seeing the same address, proceed to fund it.

What happens if player 1 makes a deposit to the address they both agree upon from his MtGox account, posts here saying "I sent my payment" and player 2 replies "no, I sent my payment". Only one payment was sent, but we can't tell who sent it, and since it was sent from an MtGox address which neither of them controls, neither can sign a message with the sending address to prove it was them.

I guess they could use screenshots of their MtGox account, but that's easy enough to fake. Maybe the answer is not to use a web wallet when making your payment.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: SgtSpike on January 23, 2013, 12:05:19 AM

Ok, I get Bitcoin address 1B3EAGAgXoALFd6o9762hitoCyH61JxF4Y.

What do I do with the payment invitation I generate?

Send it to Micon with the address and make sure he confirms he gets the same bitcoin address.

If you both agree you're seeing the same address, proceed to fund it.

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: casascius on January 22, 2013, 11:46:43 PM

I have gone ahead and emailed SgtSpike and Micon a set of codes.

One feature I feel worth pointing out: besides the codes starting with "einva", "einvb", or "einvp", I have made it so the following 5 characters are random but identical for a matched set.

I sent SgtSpike a code starting with einvaPoHB4
I sent Micon a code starting with einvbPoHB4
When they generate a payment invitation, it will start with einvbPoHB4
Notice PoHB4 is in all of them...this is deliberate, just so you have a quick visual way to see whether codes are part of a matched set.
Each time the Escrow Agent generates a new pair of invitation codes, these 5 characters are shuffled to something random.
In Dooglus's example above, they were T9CMj.

Ok, I get Bitcoin address 1B3EAGAgXoALFd6o9762hitoCyH61JxF4Y.

What do I do with the payment invitation I generate?

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

I have gone ahead and emailed SgtSpike and Micon a set of codes.

One feature I feel worth pointing out: besides the codes starting with "einva", "einvb", or "einvp", I have made it so the following 5 characters are random but identical for a matched set.

I sent SgtSpike a code starting with einvaPoHB4
I sent Micon a code starting with einvbPoHB4
When they generate a payment invitation, it will start with einvpPoHB4
Notice PoHB4 is in all of them...this is deliberate, just so you have a quick visual way to see whether codes are part of a matched set.
Each time the Escrow Agent generates a new pair of invitation codes, these 5 characters are shuffled to something random.
In Dooglus's example above, they were T9CMj.

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: casascius on January 22, 2013, 06:14:45 PM

I should come up with a scheme for a chunked multiline encoding for larger objects. Sort of like base64 but without + and / and = signs, and with self hashing capability. Something that resembles PGP.

Having the .net app ignore spaces and other invalid characters in the input fields would be a quick and easy workaround wouldn't it?

mrb

legendary

Activity: 1512

Merit: 1028

Micon, everything is fine. I copied and pasted the invitation out of the PM I sent you, and with my code A I am able to regenerate the same Bitcoin address. As you said, it seems that the pb is your code B.

PS: The space that casascius is talking about is inserted by the forum software (it's a space in a with a negative margin!) to allow long words to wrap. This is really crappy... It should instead use which doesn't break copy/paste (optional line break, finally standardized in html5).

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

I think the length of the line entices things to break them up and that is causing transcription problems. Check to make sure there isn't a space or something at about 2/3 of the way through the code.

I should come up with a scheme for a chunked multiline encoding for larger objects. Sort of like base64 but without + and / and = signs, and with self hashing capability. Something that resembles PGP.

Micon

legendary

Activity: 1232

Merit: 1014

FPV Drone Pilot

Quote from: mrb on January 22, 2013, 05:19:13 PM

I must have miscopied smthg. Will check things in 3h when I get home.

1) seems like it was C's invite code that was wrong, not the 1 you generated

2) It's cool, I have errands to run and will be back on in a few hrs too. no rush, but I'm excited to test it too

mrb

legendary

Activity: 1512

Merit: 1028

I must have miscopied smthg. Will check things in 3h when I get home.

Micon

legendary

Activity: 1232

Merit: 1014

FPV Drone Pilot

Quote from: mrb on January 22, 2013, 04:53:15 PM

Quote from: casascius on January 22, 2013, 03:35:25 PM

I sent a PM with an escrow invitation code to both Micon and mrb for a coin flip.

Micon, I PM'd you a payment invitation for this test -- the address is below and I already sent 0.001 BTC to it:
http://blockchain.info/address/1JUsk88BGbZbRs3R3JoKxeR4Mc9sxf74kQ

kk checking / will fire .001 at it if it comes up same

edit: not a valid escrow invitation code. C was off by 1 extra character in that long string the 1st time, maybe it happened again. I tried it 3x.

Topic: 280 BTC total bets between Micon and mrb (are BFL ASICs real?) - page 24. (Read 46415 times)