[ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 54.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Quote from: netherfikk on July 04, 2020, 11:16:19 AM

Got "502 Bad Gateway" error. Is it an error on my side or yours?

I've got through to step 0 too, did the main site and captchha load fine and did you fill in the captchha first time? I think I've had a 502 before.

(as a tip for the Internet, my general rule is less than 400 is a you error, 400+ is a server error (around the 500 mark is a script error or access error due to some sort of "dos"/service error ).

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: ChipMixer on July 03, 2020, 09:26:39 PM

Quote from: BitcoinFX on June 18, 2020, 10:13:12 AM

Notification - Kindly fix up your Lets Encrypt SSL Certificate ... it is currently capped to a grade B ...

- https://www.ssllabs.com/ssltest/analyze.html?d=chipmixer.com&hideResults=on

SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols ...
- https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols

Has insecure cypher suites ...
- https://en.wikipedia.org/wiki/Cipher_suite

Is therefore vulnerable to the BEAST attack ...
- https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat

Please don't jump into conclusions too quickly. We were never vulnerable to BEAST attack. We always had implemented server-side mitigations. Otherwise our rating on SSL Labs would be at least "F". It's really old attack and it's hard to find website that doesn't mitigate it.

SSL Labs graded our SSL as "B" because we supported TLS 1.1 version, not insecure cypher suites. Various browsers have provided approximate deadlines for disabling TLS 1.0/1.1 protocols to first half of 2020. It was better to wait until then. Currently TLS 1.1 have been disabled and SSL Labs grade is "A". Thank you for reminder.

Quote from: BitcoinFX on June 18, 2020, 10:13:12 AM

Your also using an RSA 2048 bits publickey certificate despite Lets Encrypt supporting RSA 4096 bits publickey certificates, out-of-the box ...

You should be aware that RSA-4096 looks cool but it's not really much better than RSA-2048. It gives almost nothing while costing us a lot. RSA being asymettric don't double in strength when you add a single bit. RSA-4096 improvement over 2048 is around 28 bits which is marginal. Using 4096 bit certificate would make our site slower (around 3 times slower SSL handshake) and more CPU intensive (we mitigate a lot of attacks) with no benefit for our users.

Props for fixing this up.

However, the BEAST attack was a vulnerability 'server-side' as TLS 1.0 presented ... i.e. "Not mitigated server-side (more info) TLS 1.0: 0xc013"

...

RSA-3072 then ? Cheesy

...

Interesting to note that forum MERITS are given to the service operator, not to the messenger ...

Onward.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: netherfikk on July 04, 2020, 11:16:19 AM

Got "502 Bad Gateway" error. Is it an error on my side or yours?
https://talkimg.com/images/2023/05/14/blobd931aac00c945895.png

It's working fine for me.

I went through Step 1 without any issues. Try again?

netherfikk

jr. member

Activity: 186

Merit: 2

Got "502 Bad Gateway" error. Is it an error on my side or yours?

ChipMixer

sr. member

Activity: 456

Merit: 956

https://bitcointalk.org/index.php?topic=1935098

Quote from: BitcoinFX on June 18, 2020, 10:13:12 AM

Notification - Kindly fix up your Lets Encrypt SSL Certificate ... it is currently capped to a grade B ...

- https://www.ssllabs.com/ssltest/analyze.html?d=chipmixer.com&hideResults=on

SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols ...
- https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols

Has insecure cypher suites ...
- https://en.wikipedia.org/wiki/Cipher_suite

Is therefore vulnerable to the BEAST attack ...
- https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat

Please don't jump into conclusions too quickly. We were never vulnerable to BEAST attack. We always had implemented server-side mitigations. Otherwise our rating on SSL Labs would be at least "F". It's really old attack and it's hard to find website that doesn't mitigate it.

SSL Labs graded our SSL as "B" because we supported TLS 1.1 version, not insecure cypher suites. Various browsers have provided approximate deadlines for disabling TLS 1.0/1.1 protocols to first half of 2020. It was better to wait until then. Currently TLS 1.1 have been disabled and SSL Labs grade is "A". Thank you for reminder.

Quote from: BitcoinFX on June 18, 2020, 10:13:12 AM

Your also using an RSA 2048 bits publickey certificate despite Lets Encrypt supporting RSA 4096 bits publickey certificates, out-of-the box ...

You should be aware that RSA-4096 looks cool but it's not really much better than RSA-2048. It gives almost nothing while costing us a lot. RSA being asymettric don't double in strength when you add a single bit. RSA-4096 improvement over 2048 is around 28 bits which is marginal. Using 4096 bit certificate would make our site slower (around 3 times slower SSL handshake) and more CPU intensive (we mitigate a lot of attacks) with no benefit for our users.

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

Quote from: LeGaulois on June 18, 2020, 11:34:25 AM

...snip...

Sorry if I didn't get correctly but the change from SSL Lab was 6 months ago about. And you say to have informed a year ago.
Do you live in the future like Marty McFly? Cheesy

The grade change was only done to motivate people to migrate to protocol TLS 1.2+. My question is how is that important if you still support TLS 1.0 and TLS 1.1 protocols? While the server supports TLS 1.2 as well

Well it was approximately a year or so ago, perhaps it was less.

EDIT: https://bitcointalksearch.org/topic/m.52764188
So, around October 15, 2019 ...

I think the documentation is extensive enough to answer your questions, instead of myself writing a lengthy response here.

Be well!

LeGaulois

copper member

Activity: 2940

Merit: 4101

Top Crypto Casino

Quote from: BitcoinFX on June 18, 2020, 10:16:24 AM

I tried to inform chip mixer about this stuff around a year ago or so ...

Notification - Kindly fix up your Lets Encrypt SSL Certificate ... it is currently capped to a grade B ...

- https://www.ssllabs.com/ssltest/analyze.html?d=chipmixer.com&hideResults=on

Sorry if I didn't get correctly but the change from SSL Lab was 6 months ago about. And you say to have informed a year ago.
Do you live in the future like Marty McFly? Cheesy

The grade change was only done to motivate people to migrate to protocol TLS 1.2+. My question is how is that important if you still support TLS 1.0 and TLS 1.1 protocols? While the server supports TLS 1.2 as well

BitcoinFX

legendary

Activity: 2646

Merit: 1722

https://youtu.be/DsAVx0u9Cw4 ... Dr. WHO < KLF

@ChipMixer

"Re: Anonymous Bitcoins"
- https://bitcointalksearch.org/topic/m.54641364

Notification - Kindly fix up your Lets Encrypt SSL Certificate ... it is currently capped to a grade B ...

- https://www.ssllabs.com/ssltest/analyze.html?d=chipmixer.com&hideResults=on

SSL Labs Grade Change for TLS 1.0 and TLS 1.1 Protocols ...
- https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols

Has insecure cypher suites ...
- https://en.wikipedia.org/wiki/Cipher_suite

Is therefore vulnerable to the BEAST attack ...
- https://blog.qualys.com/ssllabs/2013/09/10/is-beast-still-a-threat

Your also using an RSA 2048 bits publickey certificate despite Lets Encrypt supporting RSA 4096 bits publickey certificates, out-of-the box ...

...

How to Guide ...

See: https://ssl-config.mozilla.org/#server=nginx&version=1.14.0&config=intermediate&openssl=1.1.1d&hsts=false&ocsp=false&guideline=5.4

Example;

Code:

# generated 2020-06-18, Mozilla Guideline v5.4, nginx 1.14.0, OpenSSL 1.1.1d, intermediate configuration, no HSTS, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.14.0&config=intermediate&openssl=1.1.1d&hsts=false&ocsp=false&guideline=5.4
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
    ssl_dhparam /path/to/dhparam;

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
}

You need to update the # intermediate configuration ssl_protocols and ssl_ciphers .

Then use certbot to upgrade your certificate publickey to RSA 4096 bit

Code:

sudo certbot --nginx -d chipmixer.com --rsa-key-size 4096

Cheers!

Also review your torrc for 'compliance' here (donations welcome!) ...
- https://bitcointalksearch.org/topic/m.52455267

Cool

bump

ShellyF

jr. member

Activity: 51

Merit: 41

Quote from: blatchcorn on May 18, 2020, 01:31:26 AM

Quote from: ShellyF on May 16, 2020, 10:31:17 PM

I used chipmixer to successfully mix my coins. However, I used the same session to mix my coin in another transaction which is not showing in my chipmixer session page. I tried with a lower amount and sent 2 deposits during same session. My first deposit was recognized but the second one is disappeared not shown anywhere in the chipmixer session.

Hoping to see my disappeared coins once again. Sent email and PM. Waiting for a meaningful resolution.

Can you please write what response you got from chipmixer for our further reference. It's a reputable site and I m sure there support will help you in finding your coins. Just let us know there response. Thanks.

I am writing this to share an update of my conversation with chipmixer. They sent me a voucher code to redeem my missing coins 7 hours ago which I successfully used to retrieve my chips on their website.

Support was very helpful to resolve my query in their first email response. Indeed, a great service in to add some more anonymity to my coins.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: blatchcorn on May 18, 2020, 01:31:26 AM

Can you please write what response you got from chipmixer for our further reference. It's a reputable site and I m sure there support will help you in finding your coins. Just let us know there response. Thanks.

The transactions probably already got confirmed since the mempool cleaned out a bit to the 3 sat/byte range. Edit: Or that would have been the case if it wasn't for CM's fast support (OP's post bellow). Great to see that.

Last time something like this happened, ChipMixer bumped the fees of their unconfirmed transactions:

Quote from: ChipMixer on April 17, 2019, 11:35:45 AM

Today upon creation of chips, one transaction got delayed because mempool grew up quickly. It left our transaction with much lower fees than others and all new transactions had higher and higher fees.

We have bumped the fee for it and it is confirmed now. Please check your wallet. Private keys are already imported so Electrum should notice confirmation. If that's not a case, try to recover session using session token and reimport keys.

If you still have a problem, please contact us by email and provide deposit address and/or session token, we will help.

blatchcorn

sr. member

Activity: 952

Merit: 281

Quote from: ShellyF on May 16, 2020, 10:31:17 PM

I used chipmixer to successfully mix my coins. However, I used the same session to mix my coin in another transaction which is not showing in my chipmixer session page. I tried with a lower amount and sent 2 deposits during same session. My first deposit was recognized but the second one is disappeared not shown anywhere in the chipmixer session.

Hoping to see my disappeared coins once again. Sent email and PM. Waiting for a meaningful resolution.

Can you please write what response you got from chipmixer for our further reference. It's a reputable site and I m sure there support will help you in finding your coins. Just let us know there response. Thanks.

ShellyF

jr. member

Activity: 51

Merit: 41

I used chipmixer to successfully mix my coins. However, I used the same session to mix my coin in another transaction which is not showing in my chipmixer session page. I tried with a lower amount and sent 2 deposits during same session. My first deposit was recognized but the second one is disappeared not shown anywhere in the chipmixer session.

Hoping to see my disappeared coins once again. Sent email and PM. Waiting for a meaningful resolution.

[email protected]

newbie

Activity: 28

Merit: 3

I will add the list of mixers in 2020 to the Chinese version, and I look forward to your comments Grin

https://bitcointalksearch.org/topic/2020-5247254

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: orcun on May 08, 2020, 03:33:35 AM

Quote from: figmentofmyass on May 08, 2020, 02:03:25 AM

the point was that common output sizes are just that---common on the network.

By "common chip sizes", I mean they're common to CM (ChipMixer). For Non-CM transactions, chip sizes are not common at all.

without a larger verifiable study on that matter, that's arguable.

Quote from: orcun on May 08, 2020, 03:33:35 AM

I'm not aware of CM-specific examples, but it's common for many mixers and exchanges,

BTW, I agree Wasabi creates a more obvious TX, but what I've been trying to prove is CM usage is also clear, even though less obvious at first glance.

i am eagerly awaiting your upcoming research paper where you show how you broke chipmixer. please keep us all apprised.

Quote from: orcun on May 08, 2020, 03:33:35 AM

I wanted to remind users that they should treat CM coins dirty by default (like all mixers, not CM's fault)

that is not a given, especially considering the low volume of bitcoin usage for illicit purposes. despite what you may think, blockchain analysis heuristics are far from foolproof, and distant degrees of taint do not break bitcoin fungibility.

malevolent

legendary

Activity: 3472

Merit: 1722

Quote from: gentlemand on May 07, 2020, 06:20:35 AM

Wasabi is a fine idea in principle but refer to that binance Singapore event.

Though they obviously couldn't tell where the original coins came from they could instantly tell they had come from a wasabi mix so gave them the boot.

Mixing with a flashing sign that you've just mixed is not a useful look going forward.

It was the other way around, Binance temporarily blocked a withdrawal to a Wasabi wallet. That's even worse. Only after several withdrawals it became a problem.

https://twitter.com/bittlecat/status/1207621591820951552/photo/2

The only 'solution' to this problem that comes to mind is to have enough hops before mixing/coinjoining. The same applies to deposits.

orcun

newbie

Activity: 21

Merit: 1

Quote from: figmentofmyass on May 08, 2020, 02:03:25 AM

the point was that common output sizes are just that---common on the network.

By "common chip sizes", I mean they're common to CM (ChipMixer). For Non-CM transactions, chip sizes are not common at all. That's why what they say in their FAQ won't work. CM actually realizes this in their FAQ too by saying "After a while [chip sizes] will get more common", but it's unlikely to get common because the chip sizes are not round numbers.

For non-CM transactions with CM chip sizes to become common (the scenerio in their FAQ), other services/people need to use CM-sized chips without using CM. So CM maybe assumes people themselves split coins in their own wallets to CM chip sizes (That's how I understan what they mean in FAQ)

Quote from: figmentofmyass on May 08, 2020, 02:03:25 AM

any examples of that actually happening?

I'm not aware of CM-specific examples, but it's common for many mixers and exchanges,

BTW, I agree Wasabi creates a more obvious TX, but what I've been trying to prove is CM usage is also clear, even though less obvious at first glance. I wanted to remind users that they should treat CM coins dirty by default (like all mixers, not CM's fault)

Thanks for replying. Wink

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: orcun on May 08, 2020, 12:44:22 AM

Quote from: figmentofmyass on May 08, 2020, 12:08:56 AM

the on-chain footprint of coinjoins is much more obvious. blockchain analysis heuristics based purely on common output sizes are unlikely to be very useful.

Not only the output amount. How ChipMixer creates the chips follows certain patterns, you need to emulate the patterns too. Just splitting your coins into ChipMixer's chip sizes in your own wallet won't help against analysis like the FAQ claims. It can only fool stupid analysis tools.

you said "it's also easy to tell if you used chipmixer, because of the common chip sizes" so i was speaking to that, not about trying to split coins in your own wallet. the point was that common output sizes are just that---common on the network.

Quote from: orcun on May 08, 2020, 12:44:22 AM

There are more problems. Many users sweep different chip sizes in single TX making it even more obvious. Even if none of these worked, then chips will lead to someone's tainted coins and will raise alarms at the exchange etc.

any examples of that actually happening?

i agree that many users sacrifice privacy by sweeping outputs together, and/or immediately, after mixing. ideally they would hold onto chips until they need them (throwing off time attacks) and spend them one at a time.

orcun

newbie

Activity: 21

Merit: 1

Quote from: figmentofmyass on May 08, 2020, 12:08:56 AM

the on-chain footprint of coinjoins is much more obvious. blockchain analysis heuristics based purely on common output sizes are unlikely to be very useful.

Not only the output amount. How ChipMixer creates the chips follows certain patterns, you need to emulate the patterns too. Just splitting your coins into ChipMixer's chip sizes in your own wallet won't help against analysis like the FAQ claims. It can only fool stupid analysis tools.

There are more problems. Many users sweep different chip sizes in single TX making it even more obvious. Even if none of these worked, then chips will lead to someone's tainted coins and will raise alarms at the exchange etc.

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: ?? on ??

Yes, Wasabi transactions is obvious, but it's also easy to tell if you used ChipMixer, because of the common chip sizes. Correct me if I'm wrong.

the on-chain footprint of coinjoins is much more obvious. blockchain analysis heuristics based purely on common output sizes are unlikely to be very useful.

chipmixer touches on the chip size stuff in their FAQ. https://chipmixer.com/faq

Quote

Why chip values are so weird? 1.024 BTC? Why not 1 BTC?

We wanted to have a lot of chip sizes and to easily split/merge them. if you start with 1 BTC and you split it, your minimal chip is 0.015625 BTC which seems even weirder.

But 1.024 BTC is so uncommon that everyone will know I've used this mixer!

After a while it will get more common, because you won't even need to use mixer to anonymize your coins. Just split them into tokens and they look exactly like chips.

I really, really want 1 BTC chip!

You are in luck! We have introduced commonize function which will swap your weird looking 1.024 BTC chip into 1 BTC chip and weird looking 0.512 BTC into 0.5 BTC.

tomahawk9

hero member

Activity: 2086

Merit: 994

Cats on Mars

Quote from: kufarrr on May 07, 2020, 03:59:52 PM

Can please somebody tell me how I need to use Chipmixer to receive the highest privacy ? Thanks !

You can download the 'TOR browser' (a privacy-focused web browser) and use Chipmixer through this browser.

By using Chipmixer, you're already guaranteed a certain level of pivacy and anonymity (for more info, you can read the first post of this thread as well as Chipmixer faq section on their website), but using Chipmixer through the Tor network highly increases your privacy and anonymity levels thanks to Tor features.

You'll find Chipmixer's Tor link in the first page of this thread.

Topic: [ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 54. (Read 92708 times)