Re: [AXIOM] AxiomMemHash, Schnorr Sigs Implemented, APOS 3.0, AXH 2.0 Proposed - page 81.

ocminer

legendary

Activity: 2688

Merit: 1240

Quote from: keesdewit on August 02, 2015, 01:19:49 PM

Quote from: Epsylon3 on August 02, 2015, 01:14:57 PM

Quote from: chrysophylax on August 02, 2015, 01:00:33 PM

Quote from: go6ooo1212 on August 02, 2015, 12:02:39 PM

The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...

possibly a keylogger ...

windows is riddled with stuff like that ...

especially if you have punched the keyword / password in there recently ...

#crysx

a keylogger is not enough... you need to send the stuff somewhere, or at least open a remote port...

Still I think it is in the RPC interface somewhere. He had it open for the internet like me and with the same result. Does the wallet create logging of RPC commands?

Yes, in debug.log

keesdewit

copper member

Activity: 1024

Merit: 513

txbit.io - cryptocurrency exchange

Quote from: Epsylon3 on August 02, 2015, 01:14:57 PM

Quote from: chrysophylax on August 02, 2015, 01:00:33 PM

Quote from: go6ooo1212 on August 02, 2015, 12:02:39 PM

The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...

possibly a keylogger ...

windows is riddled with stuff like that ...

especially if you have punched the keyword / password in there recently ...

#crysx

a keylogger is not enough... you need to send the stuff somewhere, or at least open a remote port...

Still I think it is in the RPC interface somewhere. He had it open for the internet like me and with the same result. Does the wallet create logging of RPC commands?

Epsylon3

legendary

Activity: 1484

Merit: 1082

ccminer/cpuminer developer

Quote from: chrysophylax on August 02, 2015, 01:00:33 PM

Quote from: go6ooo1212 on August 02, 2015, 12:02:39 PM

The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...

possibly a keylogger ...

windows is riddled with stuff like that ...

especially if you have punched the keyword / password in there recently ...

#crysx

a keylogger is not enough... you need to send the stuff somewhere, or at least open a remote port...

keesdewit

copper member

Activity: 1024

Merit: 513

txbit.io - cryptocurrency exchange

Quote from: Epsylon3 on August 02, 2015, 12:58:40 PM

better, and seems to allow https too... will try their free one first

I already have the free one and it is a perfect solution for personal ssl websites. On the other hand, the free version can not do code signing. (Technicaly possible, but restricted by the key usage)

chrysophylax

legendary

Activity: 2870

Merit: 1091

--- ChainWorks Industries ---

Quote from: Epsylon3 on August 02, 2015, 12:06:12 PM

maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...

if somebody know a cheap way to do it... (a place to buy signatures for personal users)

yup - can trust his compiles AND the mans word implicitly ...

not sure how you would do that epsylon3 ...

#crysx

chrysophylax

legendary

Activity: 2870

Merit: 1091

--- ChainWorks Industries ---

Quote from: go6ooo1212 on August 02, 2015, 12:02:39 PM

The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...

possibly a keylogger ...

windows is riddled with stuff like that ...

especially if you have punched the keyword / password in there recently ...

#crysx

Epsylon3

legendary

Activity: 1484

Merit: 1082

ccminer/cpuminer developer

better, and seems to allow https too... will try their free one first

keesdewit

copper member

Activity: 1024

Merit: 513

txbit.io - cryptocurrency exchange

Quote from: Epsylon3 on August 02, 2015, 12:45:53 PM

even the apple store one is cheaper than that, paying 100$ is the max i can...

Maybe startssl is an option for 59 dollar per year: http://www.startssl.com/ check out "StartSSL™ Verified"

Epsylon3

legendary

Activity: 1484

Merit: 1082

ccminer/cpuminer developer

even the apple store one is cheaper than that, paying 100$ is the max i can...

keesdewit

copper member

Activity: 1024

Merit: 513

txbit.io - cryptocurrency exchange

@Dev: Can you please tell what random generator you use for generating private keys? I can wrestle myself through code here, but it is more efficient to just ask.

keesdewit

copper member

Activity: 1024

Merit: 513

txbit.io - cryptocurrency exchange

Quote from: Epsylon3 on August 02, 2015, 12:29:24 PM

yep, not really cheap... 330$/yr to be "trusted" by smartscreen pfff and ... not by antiviruses :;p

The main thing is that users can determine if it is from the original source. The smartscreen trust is not really worth something and antivirus is not dependend of digital signatures. And yes, it is very expensive for personal use.

Epsylon3

legendary

Activity: 1484

Merit: 1082

ccminer/cpuminer developer

yep, not really cheap... 330$/yr to be "trusted" by smartscreen pfff and ... not by antiviruses :;p

Epsylon3

legendary

Activity: 1484

Merit: 1082

ccminer/cpuminer developer

i never build linux binaries, source code is made for that... just built one for my shield tablet today ^^

for windows its another problem... i dont want to force users to install vstudio or mingw64

keesdewit

copper member

Activity: 1024

Merit: 513

txbit.io - cryptocurrency exchange

Quote from: jc12345 on August 02, 2015, 12:18:56 PM

Quote from: Epsylon3 on August 02, 2015, 12:06:12 PM

maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...

if somebody know a cheap way to do it... (a place to buy signatures for personal users)

You can use a PGP/GPG key pair to sign the binary. Then you must just make sure that someone trustworthy has signed your key. Perhaps you have gone through a key party in the past? You can generate a key pair with several tools eg. Kleopatra.

If you are willing to spend the money, you can buy a code signing certificate from one of the CSP's

https://www.digicert.com/code-signing/

jc12345

legendary

Activity: 1638

Merit: 1013

Quote from: Epsylon3 on August 02, 2015, 12:06:12 PM

maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...

if somebody know a cheap way to do it... (a place to buy signatures for personal users)

You can use a PGP/GPG key pair to sign the binary. Then you must just make sure that someone trustworthy has signed your key. Perhaps you have gone through a key party in the past? You can generate a key pair with several tools eg. Kleopatra.

keesdewit

copper member

Activity: 1024

Merit: 513

txbit.io - cryptocurrency exchange

Quote from: jc12345 on August 02, 2015, 12:15:25 PM

Quote from: keesdewit on August 02, 2015, 11:56:55 AM

Quote from: jc12345 on August 02, 2015, 11:44:27 AM

Quote from: keesdewit on August 02, 2015, 11:30:29 AM

I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.

Ok, answer the following for me:

1) Can you tell me the key length of the private key of a wallet?
2) Can you tell me who "chooses" the private key - the "wallet" or the user?
3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing?
4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to?

Sure I can:

1) The lenght is 256 bit or 32 bytes if you like
2) The input for the hash function that produces the private key can be from human input or from a (strong) random generator (that is built into the wallet)
3) If I understand this question right: In both situations
4) It is not about getting the users wallet password with a rainbow table. See answer 2 where it is possible to have human input (so called brain wallet) for the hash function that results in the private key. Also see the details of the sausage example.

It is only in the case of where a private key of a public/private key pair is a function of a human input, that the redundancy of the user's language could potentially cause a reduction of the key space. If you do the maths it is not feasible to create a rainbow table for 256bits and in addition there is not enough computing power in existence today to attempt that.

Of course that is true, but I did not say that a rainbow table is good for brute forcing the complete 256bit space. In fact it is pretty worthless in that case. (Although it might be fun to do it)

jc12345

legendary

Activity: 1638

Merit: 1013

Quote from: keesdewit on August 02, 2015, 11:56:55 AM

Quote from: jc12345 on August 02, 2015, 11:44:27 AM

Quote from: keesdewit on August 02, 2015, 11:30:29 AM

I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.

Ok, answer the following for me:

1) Can you tell me the key length of the private key of a wallet?
2) Can you tell me who "chooses" the private key - the "wallet" or the user?
3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing?
4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to?

Sure I can:

1) The lenght is 256 bit or 32 bytes if you like
2) The input for the hash function that produces the private key can be from human input or from a (strong) random generator (that is built into the wallet)
3) If I understand this question right: In both situations
4) It is not about getting the users wallet password with a rainbow table. See answer 2 where it is possible to have human input (so called brain wallet) for the hash function that results in the private key. Also see the details of the sausage example.

It is only in the case of where a private key of a public/private key pair is a function of a human input, that the redundancy of the user's language could potentially cause a reduction of the key space. If you do the maths it is not feasible to create a rainbow table for 256bits and in addition there is not enough computing power in existence today to attempt that.

go6ooo1212

legendary

Activity: 1512

Merit: 1000

quarkchain.io

Quote from: Epsylon3 on August 02, 2015, 12:06:12 PM

maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...

if somebody know a cheap way to do it... (a place to buy signatures for personal users)

It were encrypted "ages ago" and the pass was strong , very strong. It was zipped and downloaded from my appdata folder....
EDIT: I know your releases are legit, following your work long time ago...

Epsylon3

legendary

Activity: 1484

Merit: 1082

ccminer/cpuminer developer

maybe he got it before you encrypted it... else you can trust my personal windows builds (they are on github)... i might code sign them in the future...

if somebody know a cheap way to do it... (a place to buy signatures for personal users)

MemberCount+1

hero member

Activity: 798

Merit: 1000

which miner?
from the first page https://mega.co.nz/#!MQ8nkA7C!geDKX8ROONKzQrDYL96KLfJTwPNI3AK5SdtPxjz5E-8 ?

Topic: Re: [AXIOM] AxiomMemHash, Schnorr Sigs Implemented, APOS 3.0, AXH 2.0 Proposed - page 81. (Read 204903 times)