Pages:
Author

Topic: More Signatures with Repeated Nonces. - page 2. (Read 8083 times)

staff
Activity: 3374
Merit: 6530
Just writing some code
April 11, 2016, 10:10:40 AM
#38

Please Just tell me if electrum is safe? If i just use 2 electrum wallets one for signing transactions on offline PC and one for broadcasting it on online PC and i will only use 1 address not multiple address.Will i be safe in this case?No one can access my private key unless it gets stolen.Right?

Yes that is safe.
legendary
Activity: 1260
Merit: 1019
April 11, 2016, 07:53:34 AM
#37
Lol i won't pay you a shit? You think you are smart because you have knowledge lol.
You can't hack my account if you do consider yourself a hacker :/
miser pays twice
stupid pays always
member
Activity: 108
Merit: 10
April 11, 2016, 07:47:24 AM
#36
Why the hell someone don't explain in details how to avoid such problems?
Why someone should do it for you?
OK. To avoid such problems do not use bitcoins. Point.
This is free advice. Wanna more? Ready to pay?
Lol i won't pay you a shit? You think you are smart because you have knowledge lol.
You can't hack my account if you do consider yourself a hacker :/

Why the hell someone don't explain in details how to avoid such problems?
Can't i even spend in small amounts using my cold storage wallet? Angry
It's my wallet i do whatever i want with it . It's upto me if i want to use a single address or multiple addresses . What's the problem with a single address? I use a single address for sending and receiving funds.How can my wallet be hacked? It's been 7 years since bitcoin developed and still problems like this occurs now and then? why? and people like OP just setup bots to steal people's bitcoin :/
Tell me anyone i want to use electrum and only 1 address.Can the OP hack my address and private key?
This is what you do. Don't use wallets that no one has ever heard of. Use the wallets listed here https://bitcoin.org/en/choose-your-wallet and you will be safe because to get listed there, those wallets had to meet very specific criteria which includes safety against this attack. That is all you need to do.
Please Just tell me if electrum is safe? If i just use 2 electrum wallets one for signing transactions on offline PC and one for broadcasting it on online PC and i will only use 1 address not multiple address.Will i be safe in this case?No one can access my private key unless it gets stolen.Right?
staff
Activity: 3374
Merit: 6530
Just writing some code
April 11, 2016, 07:36:26 AM
#35
Why the hell someone don't explain in details how to avoid such problems?
Can't i even spend in small amounts using my cold storage wallet? Angry
It's my wallet i do whatever i want with it . It's upto me if i want to use a single address or multiple addresses . What's the problem with a single address? I use a single address for sending and receiving funds.How can my wallet be hacked? It's been 7 years since bitcoin developed and still problems like this occurs now and then? why? and people like OP just setup bots to steal people's bitcoin :/
Tell me anyone i want to use electrum and only 1 address.Can the OP hack my address and private key?
This is what you do. Don't use wallets that no one has ever heard of. Use the wallets listed here https://bitcoin.org/en/choose-your-wallet and you will be safe because to get listed there, those wallets had to meet very specific criteria which includes safety against this attack. That is all you need to do.
legendary
Activity: 1260
Merit: 1019
April 11, 2016, 07:31:57 AM
#34
Why the hell someone don't explain in details how to avoid such problems?
Why someone should do it for you?
OK. To avoid such problems do not use bitcoins. Point.
This is free advice. Wanna more? Ready to pay?
member
Activity: 108
Merit: 10
April 11, 2016, 07:28:27 AM
#33
Why the hell someone don't explain in details how to avoid such problems?
Can't i even spend in small amounts using my cold storage wallet? Angry
It's my wallet i do whatever i want with it . It's upto me if i want to use a single address or multiple addresses . What's the problem with a single address? I use a single address for sending and receiving funds.How can my wallet be hacked? It's been 7 years since bitcoin developed and still problems like this occurs now and then? why? and people like OP just setup bots to steal people's bitcoin :/
Tell me anyone i want to use electrum and only 1 address.Can the OP hack my address and private key?
legendary
Activity: 3010
Merit: 1031
RIP Mommy
April 11, 2016, 01:55:29 AM
#32
Okay, others have setup their bots.  Looks like amaclin's bot is the best (he likes 1aa addresses):
https://blockchain.info/tx/a4bd89209d53585ed0b5ef8980873c7b112358dca7bbb008acb711573ccdc782
Why speculate when you can ask this question directly?



HAHAHAHAHAHA
legendary
Activity: 1260
Merit: 1019
April 11, 2016, 01:53:46 AM
#31
 Grin
legendary
Activity: 1092
Merit: 1001
April 11, 2016, 01:44:43 AM
#30
Okay, others have setup their bots.  Looks like amaclin's bot is the best (he likes 1aa addresses):
https://blockchain.info/tx/a4bd89209d53585ed0b5ef8980873c7b112358dca7bbb008acb711573ccdc782
Why speculate when you can ask this question directly?

legendary
Activity: 1260
Merit: 1019
April 11, 2016, 01:15:07 AM
#29
Okay, others have setup their bots.  Looks like amaclin's bot is the best (he likes 1aa addresses):
https://blockchain.info/tx/a4bd89209d53585ed0b5ef8980873c7b112358dca7bbb008acb711573ccdc782
Why speculate when you can ask this question directly?
staff
Activity: 3374
Merit: 6530
Just writing some code
April 10, 2016, 10:45:22 PM
#28
Ok but how to know if any particular transaction is safe?
Because the software that produced it is known to produce safe r values because of the way that it generates those values.

i mean how to know on blockchain if particular transaction can be used to find its private key? If the two inputs in tx are slightly equal at the start and end does that mean they have identical r value?
Not slightly equal, but the r values in the signature have be exactly equal. If you look on a block explorer and look at the inputs, the first several bytes (probably 30 something bytes, which is 60 something characters) have to be exactly equal for the r values to be equal (because those bytes are the r values)

And if i use paper wallet that has one address and only receive bitcoins and never send then it's safe right to reuse that address for receiving purposes?
yes.
member
Activity: 108
Merit: 10
April 10, 2016, 10:08:38 PM
#27
Anyways,if I use electrum the RNG of electrum is reliable?

Electrum uses deterministic signature (RFC 6979) since version 1.9.  So it is not affected.
Ok but how to know if any particular transaction is safe? i mean how to know on blockchain if particular transaction can be used to find its private key? If the two inputs in tx are slightly equal at the start and end does that mean they have identical r value?
And if i use paper wallet that has one address and only receive bitcoins and never send then it's safe right to reuse that address for receiving purposes?
full member
Activity: 217
Merit: 241
April 10, 2016, 07:08:05 PM
#26
Anyways,if I use electrum the RNG of electrum is reliable?

Electrum uses deterministic signature (RFC 6979) since version 1.9.  So it is not affected.
full member
Activity: 217
Merit: 241
April 10, 2016, 06:58:38 PM
#25
Okay, others have setup their bots.  Looks like amaclin's bot is the best (he likes 1aa addresses):

https://blockchain.info/tx/a4bd89209d53585ed0b5ef8980873c7b112358dca7bbb008acb711573ccdc782

legendary
Activity: 1092
Merit: 1001
April 10, 2016, 06:26:21 PM
#24
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?

If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine.
No as i said i am not using a virtual machine.
I am using a completely different PC that's running linux and my online watch online wallet is on different PC running windows so would i be at risk of this attack mentioned by the OP in this thread?  or any other attack?

The fact that you are signing on a offline wallet/computer, and then pushing that sighed tx on
an online wallet/computer is irrelevant to the issue johoe is addressing.
What you have done with your setup is attempt to prevent your offline wallet/computer from being
compromised from malware and other malicious programs. Your setup it best for cold storage and etc.

Very simply, the r-value issue talked about in this thread is related to when, in the tx signing process,
there is a fundamental error within the wallet's code (usually random number generators not being random),
which causes the potential of patterns to be seen when looking at all of that addresses output txs.
A hacker or etc can potentially backwards engineer the private key for that address, thus stealing your btc.

As a rule to prevent this:
(1) use a wallet program that is known to be reliable, tested, and etc.
(2) never send more than 30 txs out of a specific address, since a pattern could develop over time.
(2) always, as habit, try to always use a new address after each tx (changes addresses, etc).

The above "rules" are steps to help prevent this from happening.
But i am using 1 address from years having transactions more then 100 on the same address.
It's blockchain.info anddress.I never faced such issue that someone steals my bitcoin by backtracking the private key.Anyways,if I use electrum the RNG of electrum is reliable?

The r issue from to multiple output txs (30 or more) is related to how many txs you sent out
 from your address
, not coming into it. As the number of txs (above 30) that leave your wallet increase,
potentially it is easier for someone to find a pattern, and ultimately figure out your private key.

This is a known issue with address reuse and that is why it is advised to use a new address after each tx.

I do not personally know Electrum and its RNG, but it is widely used and respected.
Others could chime in on this, but I believe it will be fine for you.

And do yourself a favor and get a new address.

member
Activity: 108
Merit: 10
April 10, 2016, 05:39:53 PM
#23
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?

If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine.
No as i said i am not using a virtual machine.
I am using a completely different PC that's running linux and my online watch online wallet is on different PC running windows so would i be at risk of this attack mentioned by the OP in this thread?  or any other attack?

The fact that you are signing on a offline wallet/computer, and then pushing that sighed tx on
an online wallet/computer is irrelevant to the issue johoe is addressing.
What you have done with your setup is attempt to prevent your offline wallet/computer from being
compromised from malware and other malicious programs. Your setup it best for cold storage and etc.

Very simply, the r-value issue talked about in this thread is related to when, in the tx signing process,
there is a fundamental error within the wallet's code (usually random number generators not being random),
which causes the potential of patterns to be seen when looking at all of that addresses output txs.
A hacker or etc can potentially backwards engineer the private key for that address, thus stealing your btc.

As a rule to prevent this:
(1) use a wallet program that is known to be reliable, tested, and etc.
(2) never send more than 30 txs out of a specific address, since a pattern could develop over time.
(2) always, as habit, try to always use a new address after each tx (changes addresses, etc).

The above "rules" are steps to help prevent this from happening.
But i am using 1 address from years having transactions more then 100 on the same address.
It's blockchain.info anddress.I never faced such issue that someone steals my bitcoin by backtracking the private key.Anyways,if I use electrum the RNG of electrum is reliable?
legendary
Activity: 1092
Merit: 1001
April 10, 2016, 05:35:18 PM
#22
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?

If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine.
No as i said i am not using a virtual machine.
I am using a completely different PC that's running linux and my online watch online wallet is on different PC running windows so would i be at risk of this attack mentioned by the OP in this thread?  or any other attack?

The fact that you are signing on a offline wallet/computer, and then pushing that sighed tx on
an online wallet/computer is irrelevant to the issue johoe is addressing.
What you have done with your setup is attempt to prevent your offline wallet/computer from being
compromised from malware and other malicious programs. Your setup it best for cold storage and etc.

Very simply, the r-value issue talked about in this thread is related to when, in the tx signing process,
there is a fundamental error within the wallet's code (usually random number generators not being random),
which causes the potential of patterns to be seen when looking at all of that address's output txs.
A hacker or etc can potentially backwards engineer the private key for that address, thus stealing the btc.

As a rule to prevent this:
(1) use a wallet program that is known to be reliable, tested, and etc.
(2) never send more than 30 txs out of a specific address, since a pattern could develop over time.
(2) always, as habit, try to always use a new address after each tx (changes addresses, etc).

The above "rules" are steps to help prevent this from happening.
hero member
Activity: 688
Merit: 500
ヽ( ㅇㅅㅇ)ノ ~!!
April 10, 2016, 04:52:27 PM
#21
Can anyone describe exactly how a cloned VM might cause problems? I was thinking of isolating some dubious altcoin wallets in cloned VMs.
member
Activity: 108
Merit: 10
April 10, 2016, 04:43:51 PM
#20
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?

If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine.
No as i said i am not using a virtual machine.
I am using a completely different PC that's running linux and my online watch online wallet is on different PC running windows so would i be at risk of this attack mentioned by the OP in this thread?  or any other attack?
copper member
Activity: 1498
Merit: 1499
No I dont escrow anymore.
April 10, 2016, 03:57:26 PM
#19
Hello
i have 1 question.
Suppose i use two electrum wallets on two different machines one offline and one online.If i use offline machine to just sign transactions via electrum and then transfer the signed transaction to the online electr wallet on another PC for broadcasting.Am i safe?
Do i risk getting my bitcoins stolen?Can my private keys leak? and if so how's that possible?

If the wallet on the online machine is watch only, if you are not using a virtual machine and electrum the keys will not leak. There is always the risk that someone will break in and take the offline machine. A virus will most likely not reach the offline machine.
Pages:
Jump to: