[XMR] Monero - A secure, private, untraceable cryptocurrency - page 916.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: Biodom on May 19, 2015, 06:07:54 PM

I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

In short, no.

1. The position of each word matters. The same word in a different position has a different value.

2. You're seeing the birthday problem (higher than expected likelihood of some match in the set), and no it does not affect security.

3. The last word doesn't count. It is a checksum.

GingerAle

legendary

Activity: 1260

Merit: 1008

Quote from: Biodom on May 19, 2015, 06:35:55 PM

Quote from: cAPSLOCK on May 19, 2015, 06:32:26 PM

Quote from: Biodom on May 19, 2015, 06:07:54 PM

I am not sure that wallets that mymonero.com currently creates are safe against hacking.
Example: I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

My question to developers-why is this happening?

Checksum.

please explain how two words (or even three) out of 13 could be the same, hopefully with a bit more detail.

If you want to figure out how the mymonero word seed thing works, go back to the bitcoin Electrum wallet, which is what mymonero is based on (I'm 87% sure this is right)

https://bitcointalksearch.org/topic/why-you-cannot-enter-an-arbitrary-seed-in-electrum-153990

https://www.reddit.com/r/Bitcoin/comments/1retxr/psa_using_electrum_with_a_12_word_seed_is_so_much/

http://bitcoin.stackexchange.com/questions/22611/is-electrum-cryptographically-secure

that was me googling.

Biodom

legendary

Activity: 3892

Merit: 4331

Quote from: kazuki49 on May 19, 2015, 06:48:05 PM

Quote from: Biodom on May 19, 2015, 06:35:55 PM

Quote from: cAPSLOCK on May 19, 2015, 06:32:26 PM

Quote from: Biodom on May 19, 2015, 06:07:54 PM

I am not sure that wallets that mymonero.com currently creates are safe against hacking.
Example: I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

My question to developers-why is this happening?

Checksum.

please explain how two words (or even three) out of 13 could be the same, hopefully with a bit more detail.

there is always 2 repeated words, I never got a seed with 3. maybe you are lucky, ever tried to crack satoshi's addresses?

too bad I did not write that seed with three identical words down-just for memories
seeing two identical words makes it a bit spooky, but IF it is what it supposed to be, fine.

Johnny Mnemonic

hero member

Activity: 795

Merit: 514

Quote from: luigi1111 on April 30, 2015, 02:42:51 PM

Adding the payment ID with checksum seems fairly simple. I went and created a test address just now:

Code:

Standard Address: 44sKiMHpNjRivdd2NQUyViGYZy4wbJ9L9KhFUaqSSE6JQP9LLbxL9tSikwrhYTRu3x2zKR28txuEc3zSGPduQ9byMUKoz6m
Payment ID: feedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeed

Code:

Integrated Address: 44sKiMHpNjRivdd2NQUyViGYZy4wbJ9L9KhFUaqSSE6JQP9LLbxL9tSikwrhYTRu3x2zKR28txuEc3zSGPduQ9byXSb563RKvyBgorjsFGwyx9gorjsFGwyx9gorjsFGwyx9TpPbbCy

What I did:

Instead of the standard hex format - ('12' network byte) + (public spend key 64 digits) + (public view key 64 digits) + (checksum 8 digits) - I stripped the checksum and appended the payment ID, then recalculated and appended the new checksum. This creates a 101 byte address instead of the standard 69 byte, and 139 "Public Address" characters vs 95 standard.

cnBase58 --> hex the above "Integrated Address" and you get (separated for clarity):

Code:

12 55a1e49673f5a8faa6ba4f942585695ceee5c7522496be6fc38d3f09905e3f8b ca6313deac11aff9a7241e7095863b0be3099d50d7a0cd11e0adbcf4990e64b5 feedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeed b1d0950e

The code just needs to check for length to determine the type. Alternatively, (I don't know what all the other cryptonotes are using) the network byte could be changed to 0x13 or something for the "Integrated Address".

I am going to increase my portion of the bounty to 200 XMR to whoever wants to implement this in the next 4 weeks.

That brings the total bounty to ~450 XMR. Any takers?

kazuki49

sr. member

Activity: 350

Merit: 250

Quote from: Biodom on May 19, 2015, 06:35:55 PM

Quote from: cAPSLOCK on May 19, 2015, 06:32:26 PM

Quote from: Biodom on May 19, 2015, 06:07:54 PM

I am not sure that wallets that mymonero.com currently creates are safe against hacking.
Example: I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

My question to developers-why is this happening?

Checksum.

please explain how two words (or even three) out of 13 could be the same, hopefully with a bit more detail.

there is always 2 repeated words, I never got a seed with 3. maybe you are lucky, ever tried to crack satoshi's addresses?

Biodom

legendary

Activity: 3892

Merit: 4331

Quote from: cAPSLOCK on May 19, 2015, 06:32:26 PM

Quote from: Biodom on May 19, 2015, 06:07:54 PM

I am not sure that wallets that mymonero.com currently creates are safe against hacking.
Example: I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

My question to developers-why is this happening?

Checksum.

please explain how two words (or even three) out of 13 could be the same, hopefully with a bit more detail.

cAPSLOCK

legendary

Activity: 3766

Merit: 5146

Whimsical Pants

Quote from: Biodom on May 19, 2015, 06:07:54 PM

I am not sure that wallets that mymonero.com currently creates are safe against hacking.
Example: I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

My question to developers-why is this happening?

Checksum.

GingerAle

legendary

Activity: 1260

Merit: 1008

Did you guys here? I'm a DEV NOW! I've been anointed the title of Monero Dev by the community:

Quote from: BagHolder010 on May 19, 2015, 04:54:09 PM

Monero's dev to do list this year ~ FluffyPony, GingerAle and Smooth

1. Changing our copied GUI wallet color from RED to BLUE.
2. Create once or twice a week a thread about EVAN even though we have starting problems just like every other coin did.
3. We Cry"p"to about it in forums.
4. Wait for another coin like Byte to coin from or actually for Byte to do something new and we change colors maybe?
5. THIS IS IMPORTANT let's all pray that monero investors don't get mad at us and ask for a newer team to actually do some work.
6. Hope their investors don't do what OTOH did and moving on with DASH.

BOW BEFORE MY AWESOME DEVNESS.

It doesn't take much to move up in this cryptoworld, does it?

GingerAle

legendary

Activity: 1260

Merit: 1008

Quote from: Biodom on May 19, 2015, 06:07:54 PM

I am not sure that wallets that mymonero.com currently creates are safe against hacking.
Example: I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

My question to developers-why is this happening?

were they in the same order? i.e., were the words in the same exact location in the seed?

13^13 = 302875106592253

Biodom

legendary

Activity: 3892

Merit: 4331

I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words.
If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible.
In my opinion, it means that wallet creation does not work properly (at least at this moment).

My question to developers-why is this happening?

whap

member

Activity: 106

Merit: 10

Five times i drove through Belgium, five times it rained. It's raining there... go fluffy, bring 'em poor greylanders some Light! Cool

Siexpert

newbie

Activity: 42

Merit: 0

Quote from: fluffypony on May 19, 2015, 01:57:28 PM

Quote from: Siexpert on May 19, 2015, 01:28:47 PM

I have a question: if I make a donation for the development of Monero, how do you know who sent it? (I'd like my name to appear in the Community hall of fame.)

You can send it with a payment ID you make up, and then let cAPSLOCK know what the payment ID was. Or just tell him before you send the donation, and then let him know the transaction ID (which we will confirm for him).

Thanks fluffypony, I will send a message to cAPSLOCK with the payment ID. Hopefully I will soon join the Supporters with a Bale of High Quality Hygiene Paper Cheesy

.

kazuki49

sr. member

Activity: 350

Merit: 250

Quote from: primer- on May 19, 2015, 08:29:53 AM

Quote from: fluffypony on May 19, 2015, 08:07:58 AM

Quote from: primer- on May 19, 2015, 07:20:34 AM

You're correct. Only retards take stupid-looking selfies and post them on the official thread hours before a conference. Who's going to take him seriously ?!

I'm having fun and enjoying myself, you should try it sometime:)

PS. Wrote you a limerick:

There once was a troll known as Primer
Whose insults were simply to-die-fer
It's a snap being mean
When you're behind a screen
And in mom's basement you're a resider

A view from mom's basement : http://imgur.com/i2Vy6LU

Monero is not going anywhere with you at the helm... I can tell a loser from afar.

you are not interested in helping Monero anyway whatever, posing like you could do better than the current team when anyone can contribute, you just want fame, and you got one.

5w00p

hero member

Activity: 644

Merit: 502

Knock 'em dead, fluffy!

(it's an expression, don't actually render anyone lifeless, unless primmer is there... & we know he is brain dead already anyway)

((kindergarten primmer, if you read this, whatever youse do, don't jump out a window, that would break our hearts))

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: aerbax on May 19, 2015, 01:52:31 PM

For clarification, if we're suggesting to users what files are critical for backups, it's these, correct?

wallet.bin
wallet.bin.address.txt
wallet.bin.keys

All of the others files can be reconstructed, but the wallet* files are the most important?

You only need the .keys file, everything else can be discarded.

Also the .keys file doesn't change with ongoing use, and is encrypted with your wallet password, so you only need to back it up when you create the wallet:)

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: Siexpert on May 19, 2015, 01:28:47 PM

I have a question: if I make a donation for the development of Monero, how do you know who sent it? (I'd like my name to appear in the Community hall of fame.)

You can send it with a payment ID you make up, and then let cAPSLOCK know what the payment ID was. Or just tell him before you send the donation, and then let him know the transaction ID (which we will confirm for him).

aerbax

full member

Activity: 201

Merit: 100

For clarification, if we're suggesting to users what files are critical for backups, it's these, correct?

wallet.bin
wallet.bin.address.txt
wallet.bin.keys

All of the others files can be reconstructed, but the wallet* files are the most important?

Siexpert

newbie

Activity: 42

Merit: 0

I have a question: if I make a donation for the development of Monero, how do you know who sent it? (I'd like my name to appear in the Community hall of fame.)

aminorex

legendary

Activity: 1596

Merit: 1030

Sine secretum non libertas

Quote from: primer- on May 19, 2015, 08:29:53 AM

http://imgur.com/i2Vy6LU

At last! Drone coordinates!

GTO911

hero member

Activity: 672

Merit: 500

Quote from: mrkavasaki on May 19, 2015, 08:17:47 AM

Indeed, the selfis looking very unpofessional

but your comments are so very professional Cheesy

Fluffy is a cool chap working on an open source project. He is not a business man CEO trying to sell you a product. He can look like whatever he wants. Primer has done nothing for the project sitting in his office in a high rise building, other than showing of his mental capability

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 916. (Read 4670673 times)