Pages:
Author

Topic: Reused R values again - page 12. (Read 121295 times)

legendary
Activity: 1050
Merit: 1000
December 14, 2014, 06:34:15 PM
Another 500 keys cracked  Grin

I have computed more random values, but still have not captured all.
Unfortunately my ssh session timed out and took my script with it  Angry
Have to run it again, it will probably find some more keys.


This is going on and on with no end in sight Shocked

Keep up the good work, johoe.
newbie
Activity: 7
Merit: 0
December 14, 2014, 06:23:54 PM
Ok this for help us continue  Kiss
we be wait more your details and informations   Roll Eyes


P.S

You very popular in tv show
guy robin hod
make 200.000$ victms you big boy in bitcoins scene

also thanx for any your donations we accept in our scene litle more
i am very love you!
hero member
Activity: 584
Merit: 500
December 14, 2014, 06:20:02 PM
Seems to me that johoe can do that nobody else can on this planet.
https://blockchain.info/address/1HuqM18GMVaLxTRGdmSgytzVYnhRzu7U68
awesome!
(he just saved/swept more ~300 btc)

  Grin

the answer is in the post directly above yours (by bcearl).


You, sir, are a true hero! Thanks for saving the day again.

What surprises me is that no hacker tried to use this in the meantime to steal.
full member
Activity: 217
Merit: 259
December 14, 2014, 06:06:02 PM
Another 500 keys cracked  Grin

I have computed more random values, but still have not captured all.
Unfortunately my ssh session timed out and took my script with it  Angry
Have to run it again, it will probably find some more keys.


legendary
Activity: 1260
Merit: 1116
December 14, 2014, 04:13:05 PM

I feel like Sisyphos.  You think you swiped everything but in the mean time someone else sends you new money...




Keep rollin' that big Bitcoin up that hill, brother. We have need of you up there Wink
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
December 14, 2014, 04:11:55 PM

I feel like Sisyphos.  You think you swiped everything but in the mean time someone else sends you new money...

You need Bitcoin forwarder service, upload private keys and it forwards funds the moment it sees them on the blockchain. Since it doesn't exist, you'll have to write your own Wink
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
full member
Activity: 217
Merit: 259
December 14, 2014, 03:48:46 PM

I feel like Sisyphos.  You think you swiped everything but in the mean time someone else sends you new money...


hero member
Activity: 935
Merit: 1002
December 14, 2014, 03:38:57 PM
Maybe they don't have weak k?
Well he already swiped from those addresses once but he left some so he will probably swipe the remeaning ones
I am glad that you could rescue them. I was too lazy to do all the coding, and I haven't started at all yet. Smiley
I still don't really understand how to do it by hand not taking about the coding.
full member
Activity: 168
Merit: 103
December 14, 2014, 03:25:51 PM
Okay, most is swept, I think less than a 1 BTC remaining Smiley

I can assure you that there were no massive new weak signatures appearing.   Instead I managed to analyze the broken RNG and produced the same "random" numbers again.  This enabled me to break most of the keys that were exposed last week.  I can break a key, even if the corresponding R value appeared only once in a signature, because my simulated RNG provides the k value.

As always I plan to return it to bc.i and you can contact their support to get your refund.

Thus far I generated 51200 random numbers.  I should check if I find more keys when generating more random numbers.

I am glad that you could rescue them. I was too lazy to do all the coding, and I haven't started at all yet. Smiley
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
December 14, 2014, 03:20:16 PM
Do I have to use bitcoin-cli listtransactions and then dump each transaction to check which output was spent?

The wallet operations on bitcoind are so slow when you have 1400 private keys imported.

As I understand there's a new feature which will be introduced into bitcoind 0.10.0 to work with addresses without importing private keys (watch-only):
https://github.com/bitcoin/bitcoin/pull/4045
It should give you what you want with 'listtransactions', and should be working already in 0.10 branch in github, if you feel like working with it.
legendary
Activity: 1260
Merit: 1116
December 14, 2014, 02:27:54 PM
Quote
could you tell me the price of BTC 2016.1.1?
I can. Less than $10. Wanna bet?
But discussing price / loses / investing / risk / insurance / obligations is offtopic here.

UPD: sorry, i do not understand chinese.

This bet open to anyone?
full member
Activity: 162
Merit: 100
December 14, 2014, 02:16:17 PM
Okay, most is swept, I think less than a 1 BTC remaining Smiley

I can assure you that there were no massive new weak signatures appearing.   Instead I managed to analyze the broken RNG and produced the same "random" numbers again.  This enabled me to break most of the keys that were exposed last week.  I can break a key, even if the corresponding R value appeared only once in a signature, because my simulated RNG provides the k value.

As always I plan to return it to bc.i and you can contact their support to get your refund.

Thus far I generated 51200 random numbers.  I should check if I find more keys when generating more random numbers.



You are really someone in my personal hall of fame man.
Even if I don't keep a penny on b.I. I feel bad for them and for their customers and I know that many horrible things may happen in the future also to others and it is very good to know someone like you is around.
full member
Activity: 168
Merit: 103
December 14, 2014, 01:58:30 PM
Quote
the answer is in the post directly above yours (by bcearl).

I only can say for myself: it was too hard for me to reproduce this RNG.
I found sources http://code.google.com/p/srp-js/source/browse/trunk/javascript/prng4.js?r=12
But I do not know how Math.random works in java-script
By the way. The implementation for Math.random can be different in browsers




Just write a program with Javascript that prints out some k (and corresponding points R) and save them. I was just too lazy to do all that, I hope that my posting did not inspire some thief. I thought that if I post it maybe another good guy will do it before. Anyways everybody who used the wallet in the time it was broken should have known and sent their coins to new addresses already.

If you know k, you can compute the private key. Known k is even simpler than with two unknown reused values of k.



(If I saved your BTC, you're welcome. 1PMh3K3QrKwaKhmjH46ZqniHwHJvwW3xA)
full member
Activity: 217
Merit: 259
December 14, 2014, 01:57:58 PM
Okay, most is swept, I think less than a 1 BTC remaining Smiley

I can assure you that there were no massive new weak signatures appearing.   Instead I managed to analyze the broken RNG and produced the same "random" numbers again.  This enabled me to break most of the keys that were exposed last week.  I can break a key, even if the corresponding R value appeared only once in a signature, because my simulated RNG provides the k value.

As always I plan to return it to bc.i and you can contact their support to get your refund.

Thus far I generated 51200 random numbers.  I should check if I find more keys when generating more random numbers.

legendary
Activity: 2198
Merit: 1014
Franko is Freedom
December 14, 2014, 01:53:42 PM
this is wild man
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
December 14, 2014, 01:48:07 PM
Is it safe to send BTC from a blockchain.info wallet to another wallet or cold storage yet?

I'm hesitant to make any transactions on there now.

Am I safer just leaving what I have left there where it is for the moment?
Yes it is safe to transfer all of the funds from your blockchain.info account to a newly created wallet with bitcoin core and never use that blockchain.info wallet again.

Can I send my entire blockchain wallet to a paper wallet without it being compromised, at least on the blockchain.info end?


If you mean "Can I send my whole balance from blockchain.info to a paper wallet that is not created by blockchain.info" Than yes it is pretty safe if you generated that paper wallet in an offline mode.But after that never use that blockchain.info wallet.

Thanks boss
legendary
Activity: 1260
Merit: 1019
December 14, 2014, 01:35:41 PM
Quote
Does anyone know how to check if there is an unconfirmed transaction trying to spend an output?

No such tool exists.
Even your node has not unconfirmed output you can not be sure that all your peers do not have such txs in their mempools.
Note: you also can not spend coinbase outputs from Eligius before 100 confirmations
Pages:
Jump to: