[ANNOUNCE] Electrum - Lightweight Bitcoin Client - page 88.

grondilu

legendary

Activity: 1288

Merit: 1080

Damn, developping a client in Perl is much more difficult than I thought, but I really want to do it as I am not comfortable with python code.

I had made a mistake creating the repo (I wrote Perlelectrum for the name instead of Perlectrum).

It's now corrected (I guess): http://github.com/grondilu/Perlectrum

Any other Perl adepts here? If so, please help.

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: BTCurious on December 09, 2011, 06:21:49 PM

Nice

This may be a stupid question but… where are the release notes? Don't know if you are keeping an official changelog somewhere or something…

No, there's no real changelog at this point, except this thread.

There is a file named RELEASE-NOTES, but it is intended to explain how to upgrade your wallet when changes are made that break backward compatibility (as was the case with 0.31). For the moment I still consider that this software is in an alpha stage, because there are other changes that need to be made and that will similarly break backward compatibility. Whenever such a change is made, it will be explained in the RELEASE-NOTES.

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Nice

This may be a stupid question but… where are the release notes? Don't know if you are keeping an official changelog somewhere or something…

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: BTCurious on December 09, 2011, 03:21:45 PM

Actually, you didn't include the client code either…

oh sorry. it is there now.

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Actually, you didn't include the client code either…

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: ThomasV on December 08, 2011, 08:31:53 PM

molecular reported a bug that occurs when several transactions are unconfirmed at the same time.
If the unconfirmed transactions use the same inputs, it will confuse the client; it will display incorrect
history and balance, and it might create transactions that will be rejected by the network (double spends).

I cannot fix this right now, I hope that I will have time this week-end
In the mean time, if you encounter this problem, the workaround is to wait until your unconfirmed transactions are confirmed.

ok, this was easier to fix than expected, so I released version 0.33 that fixes it.
the distributed version contains only the client code now; the server code should be retrieved via git.

ThomasV

legendary

Activity: 1896

Merit: 1353

molecular reported a bug that occurs when several transactions are unconfirmed at the same time.
If the unconfirmed transactions use the same inputs, it will confuse the client; it will display incorrect
history and balance, and it might create transactions that will be rejected by the network (double spends).

I cannot fix this right now, I hope that I will have time this week-end
In the mean time, if you encounter this problem, the workaround is to wait until your unconfirmed transactions are confirmed.

Red Emerald

hero member

Activity: 742

Merit: 500

Quote from: ThomasV on December 08, 2011, 09:46:20 AM

Note:
I noticed that someone created a direct link from facebook to the tar.gz of version 0.22.
In order to prevent users from downloading older versions, I removed the old tarballs from the website.

If you want to link to Electrum, please link to the page http://ecdsa.org/electrum, so that users will download the most recent version.

Or perhaps provide a tarball that always links to the current stable?

ThomasV

legendary

Activity: 1896

Merit: 1353

Note:
I noticed that someone created a direct link from facebook to the tar.gz of version 0.22.
In order to prevent users from downloading older versions, I removed the old tarballs from the website.

If you want to link to Electrum, please link to the page http://ecdsa.org/electrum, so that users will download the most recent version.

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: BTCurious on December 08, 2011, 02:10:21 AM

True, I think ThomasV means it should be this:

Code:

oldseed = seed
for i in range(100000):
seed = hashlib.sha512(seed + oldseed).digest()

Indeed, this is the change I made in 0.31.
Perhaps I should emphasize that this bug caused a vulnerability, and that the new version is a security update.
I strongly advise you to update your client if you have not done so.
You will need to move your coins to a new address (see my comment above and the release notes)

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Quote from: molecular on December 07, 2011, 11:53:21 PM

huh? grondilu is right. oldseed = seed, therefore oldseed + seed = seed * 2. His proposed change doesn't change the semantics.

This code-snippet explains why generating a new address takes so long Wink

True, I think ThomasV means it should be this:

Code:

# strenghtening
oldseed = seed
for i in range(100000):
seed = hashlib.sha512(seed + oldseed).digest()

Then it will still take long, but that's supposed to be the case. It makes bruteforce attacks very costly, even with weak passphrases.

molecular

donator

Activity: 2772

Merit: 1019

Quote from: ThomasV on December 06, 2011, 08:27:30 AM

Quote from: grondilu on December 06, 2011, 08:15:31 AM

There is something weird in the create_new_address function:

Code:

# strenghtening
for i in range(100000):
oldseed = seed
seed = hashlib.sha512(seed + oldseed).digest()

Is it me or this code is just the same as:

Code:

# strenghtening
for i in range(100000):
seed = hashlib.sha512(seed * 2).digest()

?

Also, I'm not sure I see what is the point of this :-|

PS. I set up a github repo to work on my Perl client:
http://github.com/grondilu/Perlectrum

oh you are right, the oldseed line should not be in the loop.
the point of this loop is to make brute force attacks more difficult.
I am afraid we need to fix this; it means that users will need to move their coins to new addresses.

huh? grondilu is right. oldseed = seed, therefore oldseed + seed = seed * 2. His proposed change doesn't change the semantics.

This code-snippet explains why generating a new address takes so long Wink

ThomasV

legendary

Activity: 1896

Merit: 1353

I just released version 0.32
new features:
* compute transaction fees that depend on the size of the transaction
* fix precision issues caused by float

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: BTCurious on December 06, 2011, 11:55:28 AM

Electrum 0.31 Build 1
MD5: a99cfe2461eb0af389df7fb07652340a

thanks. perhaps you should start a new thread, and put the link in the first message of the thread;
that way, you can update the link on each release, and I can directly link to that thread.

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Electrum 0.31 Build 1
MD5: a99cfe2461eb0af389df7fb07652340a

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: grondilu on December 06, 2011, 08:38:21 AM

Well, I must say I feel quite enthusiast about this project, so I put an ad about it in my signature.

thanks for the ad. there are now multiple developers who contribute to Electrum, so you do not want to put my name on it :-)

I just released 0.31, that fixes the key stretching problem you spotted.
Unfortunately, this means that the new version is incompatible with existing wallets; if you have an old wallet, the software will display a message asking you to move your coins to a new wallet.
I am sorry about the inconvenience.

Please note that another incompatible change is planned in the future, when we switch to "type 2" wallets

grondilu

legendary

Activity: 1288

Merit: 1080

Well, I must say I feel quite enthusiast about this project, so I put an ad about it in my signature.

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: grondilu on December 06, 2011, 08:15:31 AM

There is something weird in the create_new_address function:

Code:

# strenghtening
for i in range(100000):
oldseed = seed
seed = hashlib.sha512(seed + oldseed).digest()

Is it me or this code is just the same as:

Code:

# strenghtening
for i in range(100000):
seed = hashlib.sha512(seed * 2).digest()

?

Also, I'm not sure I see what is the point of this :-|

PS. I set up a github repo to work on my Perl client:
http://github.com/grondilu/Perlectrum

oh you are right, the oldseed line should not be in the loop.
the point of this loop is to make brute force attacks more difficult.
I am afraid we need to fix this; it means that users will need to move their coins to new addresses.

grondilu

legendary

Activity: 1288

Merit: 1080

There is something weird in the create_new_address function:

Code:

# strenghtening
for i in range(100000):
oldseed = seed
seed = hashlib.sha512(seed + oldseed).digest()

Is it me or this code is just the same as:

Code:

# strenghtening
for i in range(100000):
seed = hashlib.sha512(seed * 2).digest()

?

Also, I'm not sure I see what is the point of this :-|

PS. I set up a github repo to work on my Perl client:
http://github.com/grondilu/Perlectrum

ThomasV

legendary

Activity: 1896

Merit: 1353

version 0.30 just released.
there is no new feature in this version of the client, but various bugs have been fixed and the gui has had small improvements.
the server now uses a memory cache.

Topic: [ANNOUNCE] Electrum - Lightweight Bitcoin Client - page 88. (Read 274537 times)