This message was too old and has been purged - page 11.

Sonny

hero member

Activity: 868

Merit: 1000

Quote from: FiatKiller on January 28, 2014, 06:06:13 PM

Quote from: Yogafan00000 on January 28, 2014, 04:56:15 PM

All horseshit aside, to clarify all of this:

It seems that any reused Bitcoin address is potentially vulnerable to attack because right now there is no way to know if it's close to a rendezvous point?

But addresses that haven't been reused are safe, but only because the public key for that address has not been broadcast yet? As soon as the public key is broadcast by spending from an address it becomes vulnerable?

I've been noticing rumblings of this before from a privacy point of view, but it seems now we have even more reason to stop reusing addresses.

Since this is very important, can you define "reused"? Do you mean accept incoming funds, but don't transmit any funds out except to drain the address?? thanks

When bitcoin is sent out of an address, the public key of that address will be known to the world.

FiatKiller

sr. member

Activity: 378

Merit: 250

Quote from: Yogafan00000 on January 28, 2014, 04:56:15 PM

All horseshit aside, to clarify all of this:

It seems that any reused Bitcoin address is potentially vulnerable to attack because right now there is no way to know if it's close to a rendezvous point?

But addresses that haven't been reused are safe, but only because the public key for that address has not been broadcast yet? As soon as the public key is broadcast by spending from an address it becomes vulnerable?

I've been noticing rumblings of this before from a privacy point of view, but it seems now we have even more reason to stop reusing addresses.

Since this is very important, can you define "reused"? Do you mean accept incoming funds, but don't transmit any funds out except to drain the address?? thanks

noob2001

jr. member

Activity: 51

Merit: 502

Quote from: Evil-Knievel on January 28, 2014, 05:25:09 PM

Quote from: noob2001 on January 28, 2014, 05:23:15 PM

Quote from: Evil-Knievel on January 28, 2014, 05:19:09 PM

Quote from: noob2001 on January 28, 2014, 05:17:51 PM

what a load of shit!

his voice sounds familar???

Your voice reminds me of alesso restani

https://www.youtube.com/watch?v=aC19fEqR5bA

Thanks

I take it as a compliment because I always felt my english was a lot worse than his. But this gives me some confidence again Cheesy

hmmm.......

fwiw alesso restani hates bitcoin

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

This message was too old and has been purged

noob2001

jr. member

Activity: 51

Merit: 502

Quote from: Evil-Knievel on January 28, 2014, 05:19:09 PM

Quote from: noob2001 on January 28, 2014, 05:17:51 PM

what a load of shit!

his voice sounds familar???

Your voice reminds me of alesso restani

https://www.youtube.com/watch?v=aC19fEqR5bA

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

This message was too old and has been purged

noob2001

jr. member

Activity: 51

Merit: 502

what a load of shit!

his voice sounds familar???

itod

legendary

Activity: 1974

Merit: 1077

^ Will code for Bitcoins

Quote from: ny2cafuse on January 28, 2014, 03:12:54 PM

Quote

Disclaimer:
This project is for research purpose only, or to recover lost private keys. It may not be used for any illegal activities and I cannot be held responsible for anything you do with it.

You say it's for research only, but at the end of your video you say the bitcoins in the address are "stolen". You little comic shows your true intention of just stealing people's coins. If you were going to do this, why would you announce it? Wouldn't you just quietly steal all the bitcoins you could find? It makes no sense.

And then to top it off, if it really is for research, why wouldn't you just donate the knowledge to the development team to help fix the security hole that you're claiming exists? You have the possibility of earning more money in donations from the community by providing a fix for what you're trying to prove is a security flaw. Hell, I'd donate bitcoin to you if you were doing this for the good of the community. But 2BTC for a copy... it makes no sense. If it did what you say it does, and it could have very well be proven in the profanity-laced and almost tourettes-like video, why wouldn't you be charging more for it. 2BTC is chump change if this is legit.

Something doesn't add up. Just my $0.02.

-Fuse

He is writing the paper, so the research will be published eventually. There is no security hole, and nothing can be fixed by the development team at this moment until more research is done to investigate these phenomenons. The good of the community and the good of the collective knowledge are not the same things, and at this moment Evil-Knievel is doing this for the knowledge that can be gained, if the community will benefit or not is another matter.

Yogafan00000

sr. member

Activity: 314

Merit: 251

Quote from: Evil-Knievel on January 28, 2014, 04:58:17 PM

To be absolutely safe, you are absolutely correct. You should not reuse addresses, because as you do your public key gets broadcasted.
However, if you only store a few thousand bucks in your wallet, you are not likely to because a target of the "bruteforcers" as they will probably aim for higher accounts.

However, yes: Not reusing the address will make you safe.

I believe the first time a brute-forcer breaks a large bitcoin wallet he will inadvertently or by intent, also break Bitcoin and by extension crypto-currencies. Confidence in this budding technology is already precarious. Any notion that one's coins are insecure will not be met well by the masses.

These findings of weakness in the blockchain should be brought to the developers attention and we should be calling for some solution to this issue as soon as possible.

prezbo

sr. member

Activity: 430

Merit: 250

Quote from: Evil-Knievel on January 28, 2014, 04:38:18 PM

Quote from: prezbo on January 28, 2014, 03:42:40 PM

Quote from: ?? on ??

Quote from: b!z on January 20, 2014, 02:37:51 AM

This is actually for cracking public addresses and finding the private key? lol

Theoretically yes,
I am offering it for "scientific purpose" only. The buyer must agree not to use it for any illegal activity whatsoever.

For clarification: Collisions mean that there is a private key found, of which the public key matches in 32bits (out of 256) the public key you provided as an input. This (at the current speed) happens several times a minute.

If wanted, I can prove that weak private keys are found within a manner of seconds. Weak private keys are all those, who are significantly close (like several million units apart on the x axis) to one of the 768 rendezvous points on the elliptic curve.

Just want to clarify, this is cracking public keys not addresses. There is currently no known way of getting the public key from the address unless sha256 and ripemd-160 are broken.

However, a very interesting project, Evil-Knievel - but I wouldn't put my money on it actually cracking any public key with actual bitcoins on it (unless it's set up, of course).

I have to correct you here. All public keys are publicly available on blockchain.info.

They are once you sign an input, but any half capable wallet won't reuse addresses, making it so once the public key is known the funds will be gone.

edit: I see you already addressed this.

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

This message was too old and has been purged

Yogafan00000

sr. member

Activity: 314

Merit: 251

All horseshit aside, to clarify all of this:

It seems that any reused Bitcoin address is potentially vulnerable to attack because right now there is no way to know if it's close to a rendezvous point?

But addresses that haven't been reused are safe, but only because the public key for that address has not been broadcast yet? As soon as the public key is broadcast by spending from an address it becomes vulnerable?

I've been noticing rumblings of this before from a privacy point of view, but it seems now we have even more reason to stop reusing addresses.

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

So what exactly is a rendezvous point? I can't find anything on Google about rendezvous points about ECDSA or curves

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

This message was too old and has been purged

prezbo

sr. member

Activity: 430

Merit: 250

Quote from: ?? on ??

Quote from: b!z on January 20, 2014, 02:37:51 AM

This is actually for cracking public addresses and finding the private key? lol

Theoretically yes,
I am offering it for "scientific purpose" only. The buyer must agree not to use it for any illegal activity whatsoever.

For clarification: Collisions mean that there is a private key found, of which the public key matches in 32bits (out of 256) the public key you provided as an input. This (at the current speed) happens several times a minute.

If wanted, I can prove that weak private keys are found within a manner of seconds. Weak private keys are all those, who are significantly close (like several million units apart on the x axis) to one of the 768 rendezvous points on the elliptic curve.

Just want to clarify, this is cracking public keys not addresses. There is currently no known way of getting the public key from the address unless sha256 and ripemd-160 are broken.

However, a very interesting project, Evil-Knievel - but I wouldn't put my money on it actually cracking any public key with actual bitcoins on it (unless it's set up, of course).

ny2cafuse

legendary

Activity: 1582

Merit: 1002

HODL for life.

Quote

Disclaimer:
This project is for research purpose only, or to recover lost private keys. It may not be used for any illegal activities and I cannot be held responsible for anything you do with it.

You say it's for research only, but at the end of your video you say the bitcoins in the address are "stolen". You little comic shows your true intention of just stealing people's coins. If you were going to do this, why would you announce it? Wouldn't you just quietly steal all the bitcoins you could find? It makes no sense.

And then to top it off, if it really is for research, why wouldn't you just donate the knowledge to the development team to help fix the security hole that you're claiming exists? You have the possibility of earning more money in donations from the community by providing a fix for what you're trying to prove is a security flaw. Hell, I'd donate bitcoin to you if you were doing this for the good of the community. But 2BTC for a copy... it makes no sense. If it did what you say it does, and it could have very well be proven in the profanity-laced and almost tourettes-like video, why wouldn't you be charging more for it. 2BTC is chump change if this is legit.

Something doesn't add up. Just my $0.02.

-Fuse

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

This message was too old and has been purged

weedoge

member

Activity: 98

Merit: 10

Pretty awesome....

but it's a very specific way of generating addresses.

And you have no method of checking which addresses are weak?

Can you attempt to crack multiple addresses at the same time with little performance loss?

tsoPANos

hero member

Activity: 602

Merit: 500

In math we trust.

Quote from: Ritual on January 28, 2014, 12:10:31 PM

hahah I liked that one Grin

Ritual

member

Activity: 84

Merit: 10

Topic: This message was too old and has been purged - page 11. (Read 50756 times)