Reused R values again - page 21. | Bitcointalksearch.org

arnuschky

hero member

Activity: 518

Merit: 502

Quote from: newIndia on December 06, 2014, 10:19:41 AM

Quote from: dserrano5 on December 03, 2014, 02:23:42 AM

Quote from: Remember remember the 5th of November on December 03, 2014, 02:16:57 AM

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

A Pentium II machine, which is not connected online for long is supposed to be safe from new viruses. Is not it ?

Why take the risk if you can just start a bootable live cd of some linux distro?

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

Would you mind charing it?

Do you mean "share info"? I do now want to do it right now.
Everything is visible enough in the blockchain. Just open your eyes and use your brain.

yakuza699

hero member

Activity: 935

Merit: 1002

Quote from: amaclin on December 07, 2014, 07:43:26 AM

Quote

Since this thread was bumped, I think I should update it.
There seems to be a new buggy program that reuses the same R value for all signatures in a transaction. It started around September 2014.
[...]
Does anyone know what the buggy program is?

I know.

Would you mind charing it?

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

Since this thread was bumped, I think I should update it.
There seems to be a new buggy program that reuses the same R value for all signatures in a transaction. It started around September 2014.
[...]
Does anyone know what the buggy program is?

I know.

altcoinex

sr. member

Activity: 293

Merit: 251

Director - www.cubeform.io

Quote from: newIndia on December 06, 2014, 10:19:41 AM

Quote from: dserrano5 on December 03, 2014, 02:23:42 AM

Quote from: Remember remember the 5th of November on December 03, 2014, 02:16:57 AM

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

A Pentium II machine, which is not connected online for long is supposed to be safe from new viruses. Is not it ?

Nothing is safe. You have to ASSUME compromise and act under that assumption. Nothing wrong with using this machine, but only after a full whipe and clean and you verify no root kits, and not running and old software or some decades old OS etc.. Beyond that, there is NO REASON to connect the system to the internet for ANY time as opposed to 'not long'. If your going the route of an isolated machine for generating keys, I would recommend a livecd version of a linux distro, with a python or shell based tool for address/key generation included on it. No exposure to the internet for the system....

newIndia

legendary

Activity: 2226

Merit: 1052

Quote from: dserrano5 on December 03, 2014, 02:23:42 AM

Quote from: Remember remember the 5th of November on December 03, 2014, 02:16:57 AM

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

A Pentium II machine, which is not connected online for long is supposed to be safe from new viruses. Is not it ?

johoe

full member

Activity: 217

Merit: 259

I just noticed that amaclin tries to double spend the broken transaction in real-time:

https://blockchain.info/tx/df02f56b230c397cb67bb5334209f7e45d58f1f9d6eb1df1bc17e6ecb107e206

This is a double spend of the transaction that revealed the private keys. In this case the double spend was not successful (despite the fact that he used twice the fee).

Since my lists are generated using only the transactions in the block chain, the list won't contain the addresses where the broken transactions were successfully double spent.

dserrano5

legendary

Activity: 1974

Merit: 1030

Quote from: Remember remember the 5th of November on December 03, 2014, 02:16:57 AM

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer.

You implying that it's impossible for it to have gotten a new virus in the last month?

souspeed

full member

Activity: 154

Merit: 1000

Fica Tranquilo

Quote from: RocketSingh on December 02, 2014, 06:43:46 AM

I'm a little confused with all the tech junks that is being talked about here. Can u plz tell me in simple terms that if I use blockchain.info to create an address, download the paper wallet containing the private key and keep it and the password safe, then am I secured ?

I can see gmaxwell was talking about some try-catch which may kill the entropy in the seed. Is that present in blockchain.info as well ?

You better use an offline copy of bitaddress to generate your paper wallet.

https://bitcoinpaperwallet.com
https://www.bitaddress.org

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: dserrano5 on December 03, 2014, 02:00:17 AM

Quote from: RocketSingh on December 02, 2014, 04:30:03 PM

I have a standalone machine with Pentium II processor which I do not use for long. It is infected with some virus/malware too. But I dont plan to connect it to the internet in some coming years

As said, don't use it. You don't know if the random numbers generated are truly random, they could be predictable or plausibly brute-forceable for the attacker.

You must be joking right? Considering his machine, the virus was probably written 15 years ago or longer. Nevertheless caution is needed.

dserrano5

legendary

Activity: 1974

Merit: 1030

Quote from: RocketSingh on December 02, 2014, 04:30:03 PM

I have a standalone machine with Pentium II processor which I do not use for long. It is infected with some virus/malware too. But I dont plan to connect it to the internet in some coming years

As said, don't use it. You don't know if the random numbers generated are truly random, they could be predictable or plausibly brute-forceable for the attacker.

itod

legendary

Activity: 1988

Merit: 1077

Honey badger just does not care

Quote from: RocketSingh on December 02, 2014, 04:30:03 PM

I have a standalone machine with Pentium II processor which I do not use for long. It is infected with some virus/malware too. But I dont plan to connect it to the internet in some coming years too unless I get time to re-install fresh OS on it. So, if I download bitaddress.org in my current machine and copy it to the old machine using an USB and then generate an address over there, just to note down the address/private key pair on a piece of paper, then will that address be safe for use as a cold storage ?

Do not use infected machine for this. Just don't, no matter if you don't plan to connect it to the internet, you may connect it accidentally by mistake. It's much better to boot fresh OS from the CD, for instance many people recommend Puppy Linux for this purpose since it works well with many printers and runs almost on any PC including old Pentium II like yours. Why risk something when you can do it safely and don't waist time on OS re-installation?

RocketSingh

legendary

Activity: 1662

Merit: 1050

Quote from: johoe on December 02, 2014, 02:51:35 PM

Quote from: RocketSingh on December 02, 2014, 06:43:46 AM

I'm a little confused with all the tech junks that is being talked about here. Can u plz tell me in simple terms that if I use blockchain.info to create an address, download the paper wallet containing the private key and keep it and the password safe, then am I secured ?

I can see gmaxwell was talking about some try-catch which may kill the entropy in the seed. Is that present in blockchain.info as well ?

It is hard to test javascript code in every browser and if the entropy generator fails under some systems, usually nobody will notice (until two people create the same private key by accident). That said, I haven't audited the blockchain code, so I cannot say whether it has this problem or not.

But if you want to generate a paper wallet, because this is the most secure storage, it is a bad idea to do it on a service that stores your private keys in the cloud (even if it stores them encrypted). If someone guesses your password or phishes it, he will get access to your keys. If you generate a paper wallet, do this on an offline computer. The private key should never leave this computer at all (except to the printer). If you are paranoid, install a fresh system on the computer before and after you generate the paper wallet, to avoid trojans on your computer.

I have a standalone machine with Pentium II processor which I do not use for long. It is infected with some virus/malware too. But I dont plan to connect it to the internet in some coming years too unless I get time to re-install fresh OS on it. So, if I download bitaddress.org in my current machine and copy it to the old machine using an USB and then generate an address over there, just to note down the address/private key pair on a piece of paper, then will that address be safe for use as a cold storage ?

johoe

full member

Activity: 217

Merit: 259

Quote from: RocketSingh on December 02, 2014, 06:43:46 AM

I'm a little confused with all the tech junks that is being talked about here. Can u plz tell me in simple terms that if I use blockchain.info to create an address, download the paper wallet containing the private key and keep it and the password safe, then am I secured ?

I can see gmaxwell was talking about some try-catch which may kill the entropy in the seed. Is that present in blockchain.info as well ?

It is hard to test javascript code in every browser and if the entropy generator fails under some systems, usually nobody will notice (until two people create the same private key by accident). That said, I haven't audited the blockchain code, so I cannot say whether it has this problem or not.

But if you want to generate a paper wallet, because this is the most secure storage, it is a bad idea to do it on a service that stores your private keys in the cloud (even if it stores them encrypted). If someone guesses your password or phishes it, he will get access to your keys. If you generate a paper wallet, do this on an offline computer. The private key should never leave this computer at all (except to the printer). If you are paranoid, install a fresh system on the computer before and after you generate the paper wallet, to avoid trojans on your computer.

johoe

full member

Activity: 217

Merit: 259

Quote from: yakuza699 on December 02, 2014, 08:43:11 AM

Quote from: cr1776 on December 01, 2014, 04:37:43 PM

Quote from: LifeisGreat88088 on December 01, 2014, 09:14:27 AM

So sad , my address is on the list .

But thanks for the post!

I asked in your other thread (https://bitcointalksearch.org/topic/my-btc-has-been-robbed-879419), but which program did you use to create this address and where did you get the program?

So as far as I understood it he used omniwallet.org

He said "I imported the private key of B" but he might meant that he created it there. And then he said "The address is mine, I create it from the wallet!!" which probably meant that he used bitcoin core. I think that either one of them.

Edit: he generated those private keys using the blockchain.info web wallet.

The private key leaked due to the counterparty bug. The transaction that revealed the private key was
https://blockchain.info/tx/86510ddeded6486b73fe08ab4ce6320ab1aa1d5d006d699e37aeb1b1e9df3e50
The wallet was already sweeped in April, e.g.,
https://blockchain.info/tx/737326ba838fb6b887480f9be2924141000d5e11e8bc450655ab4743da508754
Probably the amount of 0.0017 was to few to be noticed.

So the moral is, don't reuse your old addresses, especially with different clients. Otherwise, you will get bitten if one of the client you tried is buggy. If possible, use a fresh address for every transaction.

yakuza699

hero member

Activity: 935

Merit: 1002

Quote from: cr1776 on December 01, 2014, 04:37:43 PM

Quote from: LifeisGreat88088 on December 01, 2014, 09:14:27 AM

So sad , my address is on the list .

But thanks for the post!

I asked in your other thread (https://bitcointalksearch.org/topic/my-btc-has-been-robbed-879419), but which program did you use to create this address and where did you get the program?

So as far as I understood it he used omniwallet.org

He said "I imported the private key of B" but he might meant that he created it there. And then he said "The address is mine, I create it from the wallet!!" which probably meant that he used bitcoin core. I think that either one of them.

Edit: he generated those private keys using the blockchain.info web wallet.

amaclin

legendary

Activity: 1260

Merit: 1019

Quote

I'm a little confused with all the tech junks that is being talked about here. Can u plz tell me in simple terms that if I use blockchain.info to create an address, download the paper wallet containing the private key and keep it and the password safe, then am I secured ?

If you are asking this question - it means that you are not secured.

RocketSingh

legendary

Activity: 1662

Merit: 1050

Quote from: johoe on December 01, 2014, 04:25:30 PM

Since this thread was bumped, I think I should update it.

There seems to be a new buggy program that reuses the same R value for all signatures in a transaction. It started around September 2014. Because the program uses mostly unique addresses, the bug is not always exploitable. But reuse happened often enough to break over 400 new keys. The list is getting too long to post it here so here are the links:

http://johoe.mooo.com/bitcoin/broken.txt
http://johoe.mooo.com/bitcoin/endangered.txt

The first list contains the addresses whose private key can be computed from the block chain. The second list additionally contains addresses that were used by the faulty client but only in a context where it cannot be broken (unless I'm missing something).

Does anyone know what the buggy program is? Or does anyone recognize any of the more recent addresses?

Note that the addresses that appear only in the second list still may be in danger, e.g., if they stem from a BIP32 wallet and one knows the "xpub" public key.

It looks like there are some bots sweeping all funds that go to such a broken wallet.

I'm a little confused with all the tech junks that is being talked about here. Can u plz tell me in simple terms that if I use blockchain.info to create an address, download the paper wallet containing the private key and keep it and the password safe, then am I secured ?

I can see gmaxwell was talking about some try-catch which may kill the entropy in the seed. Is that present in blockchain.info as well ?

cr1776

legendary

Activity: 4270

Merit: 1313

Quote from: LifeisGreat88088 on December 01, 2014, 09:14:27 AM

So sad , my address is on the list .

But thanks for the post!

I asked in your other thread (https://bitcointalksearch.org/topic/my-btc-has-been-robbed-879419), but which program did you use to create this address and where did you get the program?

johoe

full member

Activity: 217

Merit: 259

Since this thread was bumped, I think I should update it.

There seems to be a new buggy program that reuses the same R value for all signatures in a transaction. It started around September 2014. Because the program uses mostly unique addresses, the bug is not always exploitable. But reuse happened often enough to break over 400 new keys. The list is getting too long to post it here so here are the links:

http://johoe.mooo.com/bitcoin/broken.txt
http://johoe.mooo.com/bitcoin/endangered.txt

The first list contains the addresses whose private key can be computed from the block chain. The second list additionally contains addresses that were used by the faulty client but only in a context where it cannot be broken (unless I'm missing something).

Does anyone know what the buggy program is? Or does anyone recognize any of the more recent addresses?

Note that the addresses that appear only in the second list still may be in danger, e.g., if they stem from a BIP32 wallet and one knows the "xpub" public key.

It looks like there are some bots sweeping all funds that go to such a broken wallet.

Topic: Reused R values again - page 21. (Read 121336 times)