Pages:
Author

Topic: [ANNOUNCE] Electrum - Lightweight Bitcoin Client - page 88. (Read 274562 times)

legendary
Activity: 1288
Merit: 1080

Damn, developping a client in Perl is much more difficult than I thought, but I really want to do it as I am not comfortable with python code.

I had made a mistake creating the repo (I wrote Perlelectrum for the name instead of Perlectrum).

It's now corrected (I guess):      http://github.com/grondilu/Perlectrum

Any other Perl adepts here?  If so, please help.
legendary
Activity: 1896
Merit: 1353
Nice Smiley
This may be a stupid question but… where are the release notes? Don't know if you are keeping an official changelog somewhere or something…

No, there's no real changelog at this point, except this thread.

There is a file named RELEASE-NOTES, but it is intended to explain how to upgrade your wallet when changes are made that break backward compatibility (as was the case with 0.31). For the moment I still consider that this software is in an alpha stage, because there are other changes that need to be made and that will similarly break backward compatibility. Whenever such a change is made, it will be explained in the RELEASE-NOTES.

hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
Nice Smiley
This may be a stupid question but… where are the release notes? Don't know if you are keeping an official changelog somewhere or something…
legendary
Activity: 1896
Merit: 1353
Actually, you didn't include the client code either…
oh sorry. it is there now.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
Actually, you didn't include the client code either…
legendary
Activity: 1896
Merit: 1353
molecular reported a bug that occurs when several transactions are unconfirmed at the same time.
If the unconfirmed transactions use the same inputs, it will confuse the client; it will display incorrect
history and balance, and it might create transactions that will be rejected by the network (double spends).

I cannot fix this right now, I hope that I will have time this week-end
In the mean time, if you encounter this problem, the workaround is to wait until your unconfirmed transactions are confirmed.

ok, this was easier to fix than expected, so I released version 0.33 that fixes it.
the distributed version contains only the client code now; the server code should be retrieved via git.
legendary
Activity: 1896
Merit: 1353
molecular reported a bug that occurs when several transactions are unconfirmed at the same time.
If the unconfirmed transactions use the same inputs, it will confuse the client; it will display incorrect
history and balance, and it might create transactions that will be rejected by the network (double spends).

I cannot fix this right now, I hope that I will have time this week-end
In the mean time, if you encounter this problem, the workaround is to wait until your unconfirmed transactions are confirmed.
hero member
Activity: 742
Merit: 500
Note:
I noticed that someone created a direct link from facebook to the tar.gz of version 0.22.
In order to prevent users from downloading older versions, I removed the old tarballs from the website.

If you want to link to Electrum, please link to the page http://ecdsa.org/electrum, so that users will download the most recent version.


Or perhaps provide a tarball that always links to the current stable?
legendary
Activity: 1896
Merit: 1353
Note:
I noticed that someone created a direct link from facebook to the tar.gz of version 0.22.
In order to prevent users from downloading older versions, I removed the old tarballs from the website.

If you want to link to Electrum, please link to the page http://ecdsa.org/electrum, so that users will download the most recent version.
legendary
Activity: 1896
Merit: 1353
True, I think ThomasV means it should be this:
Code:
oldseed = seed
for i in range(100000):
    seed = hashlib.sha512(seed + oldseed).digest()

Indeed, this is the change I made in 0.31.
Perhaps I should emphasize that this bug caused a vulnerability, and that the new version is a security update.
I strongly advise you to update your client if you have not done so.
You will need to move your coins to a new address (see my comment above and the release notes)

hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
huh? grondilu is right. oldseed = seed, therefore oldseed + seed = seed * 2. His proposed change doesn't change the semantics.

This code-snippet explains why generating a new address takes so long Wink
True, I think ThomasV means it should be this:

Code:
# strenghtening
oldseed = seed
for i in range(100000):
  seed = hashlib.sha512(seed + oldseed).digest()
Then it will still take long, but that's supposed to be the case. It makes bruteforce attacks very costly, even with weak passphrases.
donator
Activity: 2772
Merit: 1019
There is something weird in the create_new_address function:

Code:
# strenghtening
for i in range(100000):
  oldseed = seed
  seed = hashlib.sha512(seed + oldseed).digest()

Is it me or this code is just the same as:

Code:
# strenghtening
for i in range(100000):
  seed = hashlib.sha512(seed * 2).digest()

?

Also, I'm not sure I see what is the point of this :-|


PS.  I set up a github repo to work on my Perl client:
http://github.com/grondilu/Perlectrum

oh you are right, the oldseed line should not be in the loop.
the point of this loop is to make brute force attacks more difficult.
I am afraid we need to fix this; it means that users will need to move their coins to new addresses.

huh? grondilu is right. oldseed = seed, therefore oldseed + seed = seed * 2. His proposed change doesn't change the semantics.

This code-snippet explains why generating a new address takes so long Wink
legendary
Activity: 1896
Merit: 1353
I just released version 0.32
new features:
* compute transaction fees that depend on the size of the transaction
* fix precision issues caused by float
legendary
Activity: 1896
Merit: 1353
Electrum 0.31 Build 1
MD5: a99cfe2461eb0af389df7fb07652340a

thanks. perhaps you should start a new thread, and put the link in the first message of the thread;
that way, you can update the link on each release, and I can directly link to that thread.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
Electrum 0.31 Build 1
MD5: a99cfe2461eb0af389df7fb07652340a
legendary
Activity: 1896
Merit: 1353

Well, I must say I feel quite enthusiast about this project, so I put an ad about it in my signature.
thanks for the ad. there are now multiple developers who contribute to Electrum, so you do not want to put my name on it :-)

I just released 0.31, that fixes the key stretching problem you spotted.
Unfortunately, this means that the new version is incompatible with existing wallets; if you have an old wallet, the software will display a message asking you to move your coins to a new wallet.
I am sorry about the inconvenience.

Please note that another incompatible change is planned in the future, when we switch to "type 2" wallets
legendary
Activity: 1288
Merit: 1080

Well, I must say I feel quite enthusiast about this project, so I put an ad about it in my signature.
legendary
Activity: 1896
Merit: 1353
There is something weird in the create_new_address function:

Code:
# strenghtening
for i in range(100000):
  oldseed = seed
  seed = hashlib.sha512(seed + oldseed).digest()

Is it me or this code is just the same as:

Code:
# strenghtening
for i in range(100000):
  seed = hashlib.sha512(seed * 2).digest()

?

Also, I'm not sure I see what is the point of this :-|


PS.  I set up a github repo to work on my Perl client:
http://github.com/grondilu/Perlectrum

oh you are right, the oldseed line should not be in the loop.
the point of this loop is to make brute force attacks more difficult.
I am afraid we need to fix this; it means that users will need to move their coins to new addresses.
legendary
Activity: 1288
Merit: 1080
There is something weird in the create_new_address function:

Code:
# strenghtening
for i in range(100000):
  oldseed = seed
  seed = hashlib.sha512(seed + oldseed).digest()

Is it me or this code is just the same as:

Code:
# strenghtening
for i in range(100000):
  seed = hashlib.sha512(seed * 2).digest()

?

Also, I'm not sure I see what is the point of this :-|


PS.  I set up a github repo to work on my Perl client:
http://github.com/grondilu/Perlectrum

legendary
Activity: 1896
Merit: 1353
version 0.30 just released.
there is no new feature in this version of the client, but various bugs have been fixed and the gui has had small improvements.
the server now uses a memory cache.
Pages:
Jump to: