Pages:
Author

Topic: How can this be done? (Read 537 times)

legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
November 01, 2022, 08:11:37 AM
#32
I think I will do it next week, as I see that there is an envious person who wants to compete with me and has gone ahead of me.  Wink
I know who you are talking about. It's done 🤣
You are too late, screw you 😘

But to be honest I did not have your topic in mind. I think some users are too interested with reporting stats. It's like they want a recognition when they are doing every little bits LOL
The idea of the game was instant just to tell them from years in the community many members never cared about such stats and shout out even if they are constantly reporting. Everyday we long in, have fun, logout and go to sleep. Almost a decade. Sometimes we get bared and give it a break.

After I have the post, I was thinking how would I prove, then I stole the idea we were discussion here 😉
legendary
Activity: 1372
Merit: 2017
October 31, 2022, 03:57:46 AM
#31
I will start with the fact the signature of this last message doesn't match the first signature posted (28 oct), but it does match the second (30 oct).

I guess you missed that I didn't save the first message.

Quoting the signature. Is it final?

I think I will do it next week, as I see that there is an envious person who wants to compete with me and has gone ahead of me.  Wink

Will publish the partial message here and when quoted I will create the thread in Games and Rounds.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
October 31, 2022, 03:26:58 AM
#30
-----BEGIN SIGNATURE-----
IIVa9HxfBRnnOFfks0sRBqlK5vd9tOzh6zgA6L6OFLfjCedQocGY6jxeg7tJLAnPKJrAk0RCf1rV6A6 ZSALY9tA=
-----END BITCOIN SIGNED MESSAGE-----

-----BEGIN SIGNATURE-----
IGlOAJdkJZLnuvsdNNWaM8I7Jt1VzWHzTAGu4we41EkJf6t1RdZzUJ+ALSqSGFreEVmd3Px3HByo+siBKqez6A8=
-----END BITCOIN SIGNED MESSAGE-----

I will start with the fact the signature of this last message doesn't match the first signature posted (28 oct), but it does match the second (30 oct). And also verifies it.
So while you should be careful to have the same signature all along, you seem to have understood the things and done it good.
legendary
Activity: 2268
Merit: 18711
October 31, 2022, 03:26:27 AM
#29
Quoting the signature. Is it final?
That signature verified the message provided (Blah, blah, blah), so won't be the final signature for the prize thread.

Let's see if this works, if it does, the only thing I'll have to do in the prize thread will be to include the address, as o_e_l_e_o comments, and that someone quotes me as soon as I publish it.
Pretty much. The addition of both Loyce's and TryNinja's archive sites provides additional redundancy and proof that things haven't been edited. And obviously remember to keep an exact copy of the message, since even a single character being changed will result in an invalid signature.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 31, 2022, 03:15:31 AM
#28
Let's see if this works
It works Smiley

I verified the signature with Electrum and confirmed the archived address.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
October 31, 2022, 02:38:16 AM
#27
-----BEGIN BITCOIN SIGNED MESSAGE-----
For the prize to the best analysis of a poker hand, the criteria will be:

A) Blah, blah, blah.
B) Blah, blah, blah.
C) Blah. Blah.
-----BEGIN SIGNATURE-----
bc1q2z248q6kaasd549pjunjd6740hlf50wkvcu9s0
IGlOAJdkJZLnuvsdNNWaM8I7Jt1VzWHzTAGu4we41EkJf6t1RdZzUJ+ALSqSGFreEVmd3Px3HByo+siBKqez6A8=
-----END BITCOIN SIGNED MESSAGE-----
Quoting the signature. Is it final?
legendary
Activity: 1372
Merit: 2017
October 31, 2022, 01:07:25 AM
#26
This could work for you too. It's the easiest I think 😂

I thank you for the suggestion, but if with something as simple as posting a signed message without fully revealing it I have made mistakes like this one, and this one, and considering that I had previously signed and verified messages, I think it is better that this time I focus on option 2 that NeuroticFish commented.

Let's see if this works, if it does, the only thing I'll have to do in the prize thread will be to include the address, as o_e_l_e_o comments, and that someone quotes me as soon as I publish it.

-----BEGIN BITCOIN SIGNED MESSAGE-----
For the prize to the best analysis of a poker hand, the criteria will be:

A) Blah, blah, blah.
B) Blah, blah, blah.
C) Blah. Blah.
-----BEGIN SIGNATURE-----
bc1q2z248q6kaasd549pjunjd6740hlf50wkvcu9s0
IGlOAJdkJZLnuvsdNNWaM8I7Jt1VzWHzTAGu4we41EkJf6t1RdZzUJ+ALSqSGFreEVmd3Px3HByo+siBKqez6A8=
-----END BITCOIN SIGNED MESSAGE-----

legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
October 30, 2022, 06:33:53 AM
#25
[...]
Check what I did for this game.
I sent a self message with the number of reports I made so far. In case it requires to prove then the PM will be reported to the staff.
This could work for you too. It's the easiest I think 😂
legendary
Activity: 2268
Merit: 18711
October 30, 2022, 06:11:21 AM
#24
Signed message will be revealed on 10/31/2022

-----BEGIN BITCOIN SIGNED MESSAGE-----

-----BEGIN SIGNATURE-----
IGlOAJdkJZLnuvsdNNWaM8I7Jt1VzWHzTAGu4we41EkJf6t1RdZzUJ+ALSqSGFreEVmd3Px3HByo+siBKqez6A8=
-----END BITCOIN SIGNED MESSAGE-----
Address staked here.
The usual format of what you have quoted includes the address as part of the signature, like so:

Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----

-----BEGIN SIGNATURE-----
bc1q2z248q6kaasd549pjunjd6740hlf50wkvcu9s0
IIVa9HxfBRnnOFfks0sRBqlK5vd9tOzh6zgA6L6OFLfjCedQocGY6jxeg7tJLAnPKJrAk0RCf1rV6A6ZSALY9tA=
-----END BITCOIN SIGNED MESSAGE-----

This is important because the same signature can be used to verify any message, if the address is not specified. I know you've included a link to a post containing the address, but better to include it directly in the signature and allow another user to quote it so it is easy to prove it has not been edited.

That is true. That's why I said that you should make the block nonce public along with the digital signature of the message. There is no way to know the nonce of future blocks.
But doing this only sets a lower limit of when the message was signed. It could not be signed before the block in question was found, but it could easily have been signed any time after the block in question was found. To set an upper limit he either posts it publicly here on the forum, or for absolute proof includes a hash of his message in an OP_RETURN output and commits it to the blockchain.
legendary
Activity: 1526
Merit: 1359
October 30, 2022, 05:54:30 AM
#23
Poker Player, if you want to add a timestamp to your message, I suggest that you incorporate the block number and the nonce from the last mined block into the message. When you publish the signature/hash of the message, you also publish the block number and nonce that will be in the message. That way, you will have another provable way of confirming when the message was created.

I understand that would confirm that the message was signed at least when that block was mined or after, and not before, but it could have been created after.

That is true. That's why I said that you should make the block nonce public along with the digital signature of the message. There is no way to know the nonce of future blocks.
But I agree that it's not really necessary, unless you want to add a timestamp to the message.


I was away yesterday but I was reading your response and Googled some articles about email security for different email services. I had a wrong idea that Google do PGP encryption but knowing they don't, just broke my trust. You are right most regular email system don't. Protonmail has it as an additional feature, which needs additional setting to enable it in your end. And if the receiver do not have the same setting then they will not be able to read your email. It become complicated when the email is sent to another service instead of proton to proton.

That's right. Most regular email providers use only transport-level encryption, or TLS (SSL) layer over the plaintext communication, which means that the message is protected from eavesdropping only during transit between individual SMTP relays, but not all the way between the sender and the recipient.
legendary
Activity: 1372
Merit: 2017
October 30, 2022, 05:18:34 AM
#22
Technically dummie Poker Player goes again:

Grin

Signed message will be revealed on 10/31/2022

-----BEGIN BITCOIN SIGNED MESSAGE-----

-----BEGIN SIGNATURE-----
IGlOAJdkJZLnuvsdNNWaM8I7Jt1VzWHzTAGu4we41EkJf6t1RdZzUJ+ALSqSGFreEVmd3Px3HByo+siBKqez6A8=
-----END BITCOIN SIGNED MESSAGE-----
Address staked here.

Correct me if I'm wrong both of you:

Poker Player, if you want to add a timestamp to your message, I suggest that you incorporate the block number and the nonce from the last mined block into the message. When you publish the signature/hash of the message, you also publish the block number and nonce that will be in the message. That way, you will have another provable way of confirming when the message was created.

I understand that would confirm that the message was signed at least when that block was mined or after, and not before, but it could have been created after.

Do make sure that the post is / won't be edited; that's just one thing I'd try to make sure of. Or someone archive the page just in case there will be doubts in the future.

That can be seen in https://loyce.club/archive/posts/ and some other page. Messages are automatically archived when they are created.

Note: I had posted this message earlier but forgot to put "Signed message will be revealed on 10/31/2022" outside the message. I thought it was better to delete it and post it again rather than edit it.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
October 30, 2022, 05:08:42 AM
#21
I do not want to go off-topic, but that is wrong. The majority of "regular" email systems do not use encryption in the backend and all messages are still stored in cleartext form on the servers. Trust me, I was a sysadmin for years.  Wink
I was away yesterday but I was reading your response and Googled some articles about email security for different email services. I had a wrong idea that Google do PGP encryption but knowing they don't, just broke my trust. You are right most regular email system don't. Protonmail has it as an additional feature, which needs additional setting to enable it in your end. And if the receiver do not have the same setting then they will not be able to read your email. It become complicated when the email is sent to another service instead of proton to proton.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
October 29, 2022, 06:16:32 AM
#20
Option 3: Use your PGP key! It's more secure than any of the options above. Here is how I will do it.
~
This is overcomplicated and unnecessary for the case described by Poker Player.

I was going to ask, what is the difference in terms of security? Like 0,001% of being hacked if I use a signed message and 0,00000001% if I use PGP? Because in that case I would use the signed message, which seems to me more simple, although I find it quite interesting the different options. (I just used random numbers)
No difference at all. If it was possible to 'hack' your Bitcoin message signature, it would also be possible to steal coins from the blockchain.

-----BEGIN BITCOIN SIGNED MESSAGE-----
Signed message will be revealed on 10/29/2022
-----BEGIN SIGNATURE-----
IIVa9HxfBRnnOFfks0sRBqlK5vd9tOzh6zgA6L6OFLfjCedQocGY6jxeg7tJLAnPKJrAk0RCf1rV6A6 ZSALY9tA=
-----END BITCOIN SIGNED MESSAGE-----
Address staked here.

Would that be OK?
Something like that works perfectly, yes. Do make sure that the post is / won't be edited; that's just one thing I'd try to make sure of. Or someone archive the page just in case there will be doubts in the future.
legendary
Activity: 1526
Merit: 1359
October 29, 2022, 04:50:39 AM
#19
The regular email system also use PGP in the back to encrypt the message. From the font we can not see it though.

I do not want to go off-topic, but that is wrong. The majority of "regular" email systems do not use encryption in the backend and all messages are still stored in cleartext form on the servers. Trust me, I was a sysadmin for years.  Wink
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 29, 2022, 01:21:00 AM
#18
I guess I should have saved the full signed message somehow, right?
Yes Cheesy Unless you can type the exact same message again.

So I can answer yesterday's question now:
Let's do an experiment:
~
Would that be OK?
I'll tell you on October 29 Wink
Nope

I just opened Electrum to post the full message, but I don't see like a signed message history or anything.  Huh
I've never seen a wallet that keeps a history of signed or verified messages.
legendary
Activity: 1372
Merit: 2017
October 28, 2022, 11:02:41 PM
#17
Lol.

I guess I should have saved the full signed message somehow, right?

I just opened Electrum to post the full message, but I don't see like a signed message history or anything.  Huh

 Grin
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
October 28, 2022, 10:31:49 AM
#16
Quote
It's as simple as sending an email.
If that would be true, everyone would use PGP by default for all their emails.

Actually I've been using PGP in my mails long ago. I've found back then some nice software that worked as a plugin to Outlook. Nice and smooth. I've recommended it to all my friends.
And.. I've stopped at the point the sysadmin of the company I've been working at back then started to be suspicious what I have to hide (and of course, this went to my boss, pretty soon). Yeah, back then I've been using the company email for personal stuff too (too young, too stupid, shhhh, but the company was not that professional/strict either).

PGP is more complicated to verify than either of the other 2 options.

PGP is not bad, just.. we're on a bitcoin forum Wink

Wrong topic, orgies happen here.

Although I should have been expecting this, it deserves 1 sM for the laugh.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 28, 2022, 10:14:10 AM
#15
Alternatively, it can be done by providing the criteria's hash beforehand.
The hash can prove that you have not changed the criteria since everyone can compute the its hash once it's revealed.
I'd recommend SHA256 for this.
I picked a Bitcoin signed message over SHA256, because I assumed more users here would be able to verify it on their own.

Option 3: Use your PGP key! It's more secure than any of the options above.
PGP is more complicated to verify than either of the other 2 options.

Let's do an experiment:

-----BEGIN BITCOIN SIGNED MESSAGE-----
Signed message will be revealed on 10/29/2022
-----BEGIN SIGNATURE-----
IIVa9HxfBRnnOFfks0sRBqlK5vd9tOzh6zgA6L6OFLfjCedQocGY6jxeg7tJLAnPKJrAk0RCf1rV6A6 ZSALY9tA=
-----END BITCOIN SIGNED MESSAGE-----
Address staked here.

Would that be OK?
I'll tell you on October 29 Wink

Fuck you all 😘
Wrong topic, orgies happen here.

Quote
Maybe you thinks it's complicated hearing those complicated words encrypt/decrypt 😂
It's meant to be easy but not sure why you think it's complected LOL
Load precipitants public key and sign the message. You need only recipients public key.
I tried it a few times, and it was annoyingly complicated. What's worse, is that it didn't give me any confidence that I know what I'm doing.

Quote
It's as simple as sending an email.
If that would be true, everyone would use PGP by default for all their emails.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
October 28, 2022, 06:23:57 AM
#14
Even so, the non-recipient participants/users will have to trust the recipient of the message to show the correct message, since they wont be able to decrypt it by themselves.
Sounds reasonable enough if used together with the forum's trust system but involving trust is kind of a drawback.
That's the reason I suggested to use more than two members. So authenticity of the revealed message can be validated without error from one member. It's just information and I don't think anyone who are on the forum for long time will even try to alter the message.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
October 28, 2022, 06:18:07 AM
#13
You can't post the encrypted messages before the "reveal date" because the recipients will be able to decrypt it right away.
The idea is not to let the recipients to know about using their public key until OP wants to call them to check it was signed for them.
Okay, so it's not about your second reply.

Even so, the non-recipient participants/users will have to trust the recipient of the message to show the correct message, since they wont be able to decrypt it by themselves.
Sounds reasonable enough if used together with the forum's trust system but involving trust is kind of a drawback.
Pages:
Jump to: