Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 712. (Read 4670673 times)
January 05, 2016, 01:53:13 PM
Haven't been in this forum since a loong time, but while I am here, I had to bow deeply to the Monero devs. Kudos, guys, very impressive what you did with 0.9
Thank you.
January 05, 2016, 01:44:56 PM
Hydrogen Helix is great! Very good work guys. Blockchain synchronized rather fast and everything worked smooth for my laptop 
Now since monero needs businesses accepting it, well, i created a rather noob jewelry eshop for some time now. I was waiting to perfect it but since this is going to take like forever with my lack of time i decided to post it and see what happens. It really is in "beta" stage if not "alpha" and after all it was intended to simply be my family business catalogue. So here it is:
http://monero.gr/eshop/
The products are handmade and are being sold in Greek islands for more than 30 years now.
Much work needs to be done, like more products, better photos, better design, gold items, more info, better way of accepting the coins, better security, etc. But anyway i dont expect to have huge volume for now...
I also pledge to donate 1% of the volume towards monero development.
For any questions please contact me either through the shop or send me a pm here. Even better is to contact me via both ways.
Now since monero needs businesses accepting it, well, i created a rather noob jewelry eshop for some time now. I was waiting to perfect it but since this is going to take like forever with my lack of time i decided to post it and see what happens. It really is in "beta" stage if not "alpha" and after all it was intended to simply be my family business catalogue. So here it is:
http://monero.gr/eshop/
The products are handmade and are being sold in Greek islands for more than 30 years now.
Much work needs to be done, like more products, better photos, better design, gold items, more info, better way of accepting the coins, better security, etc. But anyway i dont expect to have huge volume for now...
I also pledge to donate 1% of the volume towards monero development.
For any questions please contact me either through the shop or send me a pm here. Even better is to contact me via both ways.
Very nice, needs button to switch to XMR and whatever other currency you will accept.
January 05, 2016, 12:57:27 PM
Hydrogen Helix is great! Very good work guys. Blockchain synchronized rather fast and everything worked smooth for my laptop
Now since monero needs businesses accepting it, well, i created a rather noob jewelry eshop for some time now. I was waiting to perfect it but since this is going to take like forever with my lack of time i decided to post it and see what happens. It really is in "beta" stage if not "alpha" and after all it was intended to simply be my family business catalogue. So here it is:
http://monero.gr/eshop/
The products are handmade and are being sold in Greek islands for more than 30 years now.
Much work needs to be done, like more products, better photos, better design, gold items, more info, better way of accepting the coins, better security, etc. But anyway i dont expect to have huge volume for now...
I also pledge to donate 1% of the volume towards monero development.
For any questions please contact me either through the shop or send me a pm here. Even better is to contact me via both ways.
Now since monero needs businesses accepting it, well, i created a rather noob jewelry eshop for some time now. I was waiting to perfect it but since this is going to take like forever with my lack of time i decided to post it and see what happens. It really is in "beta" stage if not "alpha" and after all it was intended to simply be my family business catalogue. So here it is:
http://monero.gr/eshop/
The products are handmade and are being sold in Greek islands for more than 30 years now.
Much work needs to be done, like more products, better photos, better design, gold items, more info, better way of accepting the coins, better security, etc. But anyway i dont expect to have huge volume for now...
I also pledge to donate 1% of the volume towards monero development.
For any questions please contact me either through the shop or send me a pm here. Even better is to contact me via both ways.
January 05, 2016, 12:09:07 PM
How do I know they won't? A squiggly red line appears underneath them when I type them.
Can you quantify the entropy held in that squiggle?
January 05, 2016, 11:56:13 AM
Parmiggiano just might do as it's spelled Parmigiano 
January 05, 2016, 10:10:35 AM
Salt for a brain wallet passphrase is essentialy different from from the salt you would use, for example, to salt the password of a customer logging in to a website.
In the latter case, a common word like parmiggiano is more than acceptable. In fact, website administrators can keep salt stored in plain text or even publish it without compromising its effectiveness.
But for a brainwallet, parmiggiano is just like any other word: vulnerable to rainbow tables.
You should salt your brainwallet passphrase with your driver license number, phone number, or some other piece of data familiar to you but which will look like random characters to a rainbow table, because the people who compile rainbow tables don't, they can't generate all possible telephone numbers and then simply fold such a huge amount of utterly arbitrary data into the table. The whole point of a rainbow table is that it looks for patterns, and does so as efficiently as possible. Brute-forcing every telephone number in the world is out of the question.
Thus your telephone number or driver license number won't appear in the rainbow table, but "parmiggiano" will.
In the latter case, a common word like parmiggiano is more than acceptable. In fact, website administrators can keep salt stored in plain text or even publish it without compromising its effectiveness.
But for a brainwallet, parmiggiano is just like any other word: vulnerable to rainbow tables.
You should salt your brainwallet passphrase with your driver license number, phone number, or some other piece of data familiar to you but which will look like random characters to a rainbow table, because the people who compile rainbow tables don't, they can't generate all possible telephone numbers and then simply fold such a huge amount of utterly arbitrary data into the table. The whole point of a rainbow table is that it looks for patterns, and does so as efficiently as possible. Brute-forcing every telephone number in the world is out of the question.
Thus your telephone number or driver license number won't appear in the rainbow table, but "parmiggiano" will.
Everybody knows some words that won't. Here are some of mine, from memory:
prollum
aks
happeners
basghetti
skanking
bitz
frones
groinacologist
How do I know they won't? A squiggly red line appears underneath them when I type them.
January 05, 2016, 07:44:17 AM
Salt for a brain wallet passphrase is essentialy different from from the salt you would use, for example, to salt the password of a customer logging in to a website.
In the latter case, a common word like parmiggiano is more than acceptable. In fact, website administrators can keep salt stored in plain text or even publish it without compromising its effectiveness.
But for a brainwallet, parmiggiano is just like any other word: vulnerable to rainbow tables.
You should salt your brainwallet passphrase with your driver license number, phone number, or some other piece of data familiar to you but which will look like random characters to a rainbow table, because the people who compile rainbow tables don't, they can't generate all possible telephone numbers and then simply fold such a huge amount of utterly arbitrary data into the table. The whole point of a rainbow table is that it looks for patterns, and does so as efficiently as possible. Brute-forcing every telephone number in the world is out of the question.
Thus your telephone number or driver license number won't appear in the rainbow table, but "parmiggiano" will.
In the latter case, a common word like parmiggiano is more than acceptable. In fact, website administrators can keep salt stored in plain text or even publish it without compromising its effectiveness.
But for a brainwallet, parmiggiano is just like any other word: vulnerable to rainbow tables.
You should salt your brainwallet passphrase with your driver license number, phone number, or some other piece of data familiar to you but which will look like random characters to a rainbow table, because the people who compile rainbow tables don't, they can't generate all possible telephone numbers and then simply fold such a huge amount of utterly arbitrary data into the table. The whole point of a rainbow table is that it looks for patterns, and does so as efficiently as possible. Brute-forcing every telephone number in the world is out of the question.
Thus your telephone number or driver license number won't appear in the rainbow table, but "parmiggiano" will.
January 05, 2016, 06:27:45 AM
Simple example, assuming my brain wallet is 12MD516SHAparmiggianoIsMySalt.
Wuts "Parmigiano-Reggiano"
but overall, solid method 
we are definitely entering the age of culinary cryptography, yummy!Adding semantics definitely helps a lot. And never be afraid to store data outside of your brain "somewhere". The world is full of data, so many places.
January 05, 2016, 02:44:21 AM
it looks like the vanillacoin developer is not impressed with the 0.9.0.0 Hydrogen Helix release 
Maybe "the vanillacoin developer" should focus more on not ripping off Bitcoin code and lying about having written it from scratch and less on ridiculous and dishonest FUD about HDD failure from using a database engine (which naturally engage in disk activity to maintain indexes, etc.)
EDIT: BTW, I just checked my laptop and it has 369.98 GB written since the last reboot (not running an XMR node nor anything else outside of a normal end-user workload). It is something like 4 years old and hasn't failed yet.
There are many places where Vanillacoin copied Bitcoin code. I have pointed out a good example previously, it won't be hard to find dozens more.
There's nothing wrong with copying and modifying the Bitcoin code, the MIT license allows you to do with it what you like, it just ask you not to be a scumbag and remove attribution and pretend you wrote the code in the first instance.
There's nothing wrong with copying and modifying the Bitcoin code, the MIT license allows you to do with it what you like, it just ask you not to be a scumbag and remove attribution and pretend you wrote the code in the first instance.
Don't make replies like this - it's not worth your time and only will be used for a counterattack. Dude has a God complex and is narcissistic - tries to bully other people all the time. Just ignore it.
Maybe, but I just replied to Spoetnik too. I'm not really sure which was more of a waste of time. Toss up, I guess.
January 05, 2016, 01:34:34 AM
it looks like the vanillacoin developer is not impressed with the 0.9.0.0 Hydrogen Helix release
Maybe "the vanillacoin developer" should focus more on not ripping off Bitcoin code and lying about having written it from scratch and less on ridiculous and dishonest FUD about HDD failure from using a database engine (which naturally engage in disk activity to maintain indexes, etc.)
EDIT: BTW, I just checked my laptop and it has 369.98 GB written since the last reboot (not running an XMR node nor anything else outside of a normal end-user workload). It is something like 4 years old and hasn't failed yet.
There are many places where Vanillacoin copied Bitcoin code. I have pointed out a good example previously, it won't be hard to find dozens more.
There's nothing wrong with copying and modifying the Bitcoin code, the MIT license allows you to do with it what you like, it just ask you not to be a scumbag and remove attribution and pretend you wrote the code in the first instance.
There's nothing wrong with copying and modifying the Bitcoin code, the MIT license allows you to do with it what you like, it just ask you not to be a scumbag and remove attribution and pretend you wrote the code in the first instance.
January 05, 2016, 01:20:01 AM
it looks like the vanillacoin developer is not impressed with the 0.9.0.0 Hydrogen Helix release
https://twitter.com/john_a_connor/status/684152084141314048
https://twitter.com/john_a_connor/status/684183295983136768
https://twitter.com/john_a_connor/status/684152084141314048
https://twitter.com/john_a_connor/status/684183295983136768
January 05, 2016, 01:19:03 AM
Can someone explain how to decrypt the .keys file?
Specifically, the load_keys function within the wallet2.cpp in the source. Can explain the logic behind it and the procedure. (Not that fluent in C)
void wallet2::load_keys(const std::string& keys_file_name, const std::string& password)
{
wallet2::keys_file_data keys_file_data;
std::string buf;
1 bool r = epee::file_io_utils::load_file_to_string(keys_file_name, buf);
THROW_WALLET_EXCEPTION_IF(!r, error::file_read_error, keys_file_name);
// Decrypt the contents
2 r = ::serialization::parse_binary(buf, keys_file_data);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"');
crypto::chacha8_key key;
3 crypto::generate_chacha8_key(password, key);
std::string account_data;
account_data.resize(keys_file_data.account_data.size());
4 crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]);
.....
Specifically, the load_keys function within the wallet2.cpp in the source. Can explain the logic behind it and the procedure. (Not that fluent in C)
void wallet2::load_keys(const std::string& keys_file_name, const std::string& password)
{
wallet2::keys_file_data keys_file_data;
std::string buf;
1 bool r = epee::file_io_utils::load_file_to_string(keys_file_name, buf);
THROW_WALLET_EXCEPTION_IF(!r, error::file_read_error, keys_file_name);
// Decrypt the contents
2 r = ::serialization::parse_binary(buf, keys_file_data);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"');
crypto::chacha8_key key;
3 crypto::generate_chacha8_key(password, key);
std::string account_data;
account_data.resize(keys_file_data.account_data.size());
4 crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]);
.....
I labeled some lines of the code above:
1. Loads the data file into a memory buffer
2. Parses the memory buffer into a data object
3. Derives a chacha8 decryption key from the password (this uses the CryptoNight slow hash for key stretching, which greatly limits the possibility of brute forcing).
4. Decrypts the data using the decryption key
The unlabeled lines in the code are error checking, memory management, etc.
January 05, 2016, 01:12:01 AM
Can someone explain how to decrypt the .keys file?
Specifically, the load_keys function within the wallet2.cpp in the source. Can explain the logic behind it and the procedure. (Not that fluent in C)
void wallet2::load_keys(const std::string& keys_file_name, const std::string& password)
{
wallet2::keys_file_data keys_file_data;
std::string buf;
bool r = epee::file_io_utils::load_file_to_string(keys_file_name, buf);
THROW_WALLET_EXCEPTION_IF(!r, error::file_read_error, keys_file_name);
// Decrypt the contents
r = ::serialization::parse_binary(buf, keys_file_data);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"');
crypto::chacha8_key key;
crypto::generate_chacha8_key(password, key);
std::string account_data;
account_data.resize(keys_file_data.account_data.size());
crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]);
.....
Specifically, the load_keys function within the wallet2.cpp in the source. Can explain the logic behind it and the procedure. (Not that fluent in C)
void wallet2::load_keys(const std::string& keys_file_name, const std::string& password)
{
wallet2::keys_file_data keys_file_data;
std::string buf;
bool r = epee::file_io_utils::load_file_to_string(keys_file_name, buf);
THROW_WALLET_EXCEPTION_IF(!r, error::file_read_error, keys_file_name);
// Decrypt the contents
r = ::serialization::parse_binary(buf, keys_file_data);
THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "internal error: failed to deserialize \"" + keys_file_name + '\"');
crypto::chacha8_key key;
crypto::generate_chacha8_key(password, key);
std::string account_data;
account_data.resize(keys_file_data.account_data.size());
crypto::chacha8(keys_file_data.account_data.data(), keys_file_data.account_data.size(), key, keys_file_data.iv, &account_data[0]);
.....
January 04, 2016, 11:47:00 AM
i do not know which trxid the transaction had that causes the problem, so i can not look if one of my trx is inside the pool.
yes i allready deleted .bin and synced from scratch. also used rescan_spent.
since i did this, the amount shown in simplewallet is right (it was wrong before too, think its due to the same transaction that causes problems now)
anyway yeah, i will come to irc if i have time (not today i guess)
much easier i agree.
yes i allready deleted .bin and synced from scratch. also used rescan_spent.
since i did this, the amount shown in simplewallet is right (it was wrong before too, think its due to the same transaction that causes problems now)
anyway yeah, i will come to irc if i have time (not today i guess)
much easier i agree.
January 04, 2016, 11:42:24 AM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
If you don't use it at the very beginning or end, a compromised coin ID is still useful to salt/stretch something human-memorable, especially if you tweak it a bit.
http://rumkin.com/tools/password/passchk.php
Thanks a lot, everybody! We have updated the F.A.Q section at cryptonic.net.
January 04, 2016, 11:11:06 AM
@medusa13, have you tried this already? (Doing both steps!)
It may well be that your wallet's idea of what outputs are spent got out of sync with the blockchain. I believe there is a bug there. One thing you can try that's pretty fast (assuming you're running your own daemon):
- run simplewallet with --trusted-daemon
- in simplewallet, run: rescan_spent
You can also run this in the daemon:
print_pool_sh
If you see your tx, it means it's not being mined. In this case, the likely reason is that it's a double spend caused by the sync problem above.
- run simplewallet with --trusted-daemon
- in simplewallet, run: rescan_spent
You can also run this in the daemon:
print_pool_sh
If you see your tx, it means it's not being mined. In this case, the likely reason is that it's a double spend caused by the sync problem above.
January 04, 2016, 11:00:58 AM
hi guys, still haveing some troubles with 0.9.
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
dont know what it is..is a trx of mine stuck in mempool?
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
Code:
2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id=used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed:
dont know what it is..is a trx of mine stuck in mempool?
Doesn't appear to be in a block yet:
http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd
the trxid is just an example..
the problem is it says that its allready used..but its not. i want to empty this wallet but i can not make any transactions.
sometimes i have success making small trx, but the big part is not moveable because of this.
any ideas?
I suggest contacting MoneroMooo or one of the other core-team members on IRC (#monero at freenode), they will probably be able to help you faster.
January 04, 2016, 10:54:55 AM
hi guys, still haveing some troubles with 0.9.
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
dont know what it is..is a trx of mine stuck in mempool?
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
Code:
2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id=used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed:
dont know what it is..is a trx of mine stuck in mempool?
Doesn't appear to be in a block yet:
http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd
the trxid is just an example..
the problem is it says that its allready used..but its not. i want to empty this wallet but i can not make any transactions.
sometimes i have success making small trx, but the big part is not moveable because of this.
any ideas?
January 04, 2016, 03:06:07 AM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
If you don't use it at the very beginning or end, a compromised coin ID is still useful to salt/stretch something human-memorable, especially if you tweak it a bit.
http://rumkin.com/tools/password/passchk.php
Apparently generating strong pass-phrases is within my skill set.
But (IIRC) brainwallet.org did something silly, which reduced the entropy of even the strongest phrases to a weak maximum?
Oh bother, I really should move those coins to the Trezor....if they are still there.
in the example scheme of having N repetitions of hashing functions, it also has the additional personal advantage that I can choose roughly how much time I'll need to get my secret key. (Assuming I don't put my hand on ASICS for all hashing functions involved). So for an important brain wallet I can make it roughly 24h on a typical computer, and be sure I wouldn't spend it drunk.
Out-of-band OP_HODL. Now that is sweet!
January 03, 2016, 11:13:07 PM
Everybody's different, but I don't trust myself to remember 100 bits or more of information. Recording a mnemonic effects a massive reduction in the information I need to retain.
Jump to: