Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 979. (Read 4671924 times)
Yep, that's definately a cylon....
Hardware wallets are a growing trend right now.
h/w with LEDs are a glowing trend, made in China.
CYLON! I KNEW you did too much coding to be human!
Hardware wallets are a growing trend right now.
h/w with LEDs are a glowing trend, made in China.
Hardware wallets are a growing trend right now.
h/w with LEDs are a glowing trend, made in China.
Quote
9 months later!!! �
Jack decided to go skiing with his buddy, Bob. So they loaded up Jack's minivan and headed north.
After driving for a few hours, they got caught in a terrible blizzard. So they pulled into a nearby farm and asked the attractive lady who answered the door if they could spend the night.
'I realize it's terrible weather out there and I have this huge house all to myself, but I'm recently widowed,' she explained. 'I'm afraid the neighbors will talk if I let you stay in my house.'
'Don't worry,' Jack said.. 'We'll be happy to sleep in the barn. And if the weather breaks, we'll be gone at first light.' The lady agreed, and the two men found their way to the barn and settled in for the night.
Come morning, the weather had cleared, and they got on their way. They enjoyed a great weekend of skiing.
But about nine months later, Jack got an unexpected letter from an attorney. It took him a few minutes to figure it out, but he finally determined that it was from the attorney of that attractive widow he had met on the ski weekend...
He dropped in on his friend Bob and asked, "Bob, do you remember that good-looking widow from the farm we stayed at on our ski holiday up north about 9 months ago?"
"Yes, I do." Said Bob.
"Did you, er, happen to get up in the middle of the night, go up to the house and pay her a visit?"
"Well, um, yes!," Bob said, a little embarrassed about being found out, I have to admit that I did.."
"And did you happen to give her my name instead of telling her your name?"
Bob's face turned beet red and he said, "Yeah, look, I'm sorry,buddy.. I'm afraid I did.' 'Why do you ask?"
"She just died and left me everything."
Jack decided to go skiing with his buddy, Bob. So they loaded up Jack's minivan and headed north.
After driving for a few hours, they got caught in a terrible blizzard. So they pulled into a nearby farm and asked the attractive lady who answered the door if they could spend the night.
'I realize it's terrible weather out there and I have this huge house all to myself, but I'm recently widowed,' she explained. 'I'm afraid the neighbors will talk if I let you stay in my house.'
'Don't worry,' Jack said.. 'We'll be happy to sleep in the barn. And if the weather breaks, we'll be gone at first light.' The lady agreed, and the two men found their way to the barn and settled in for the night.
Come morning, the weather had cleared, and they got on their way. They enjoyed a great weekend of skiing.
But about nine months later, Jack got an unexpected letter from an attorney. It took him a few minutes to figure it out, but he finally determined that it was from the attorney of that attractive widow he had met on the ski weekend...
He dropped in on his friend Bob and asked, "Bob, do you remember that good-looking widow from the farm we stayed at on our ski holiday up north about 9 months ago?"
"Yes, I do." Said Bob.
"Did you, er, happen to get up in the middle of the night, go up to the house and pay her a visit?"
"Well, um, yes!," Bob said, a little embarrassed about being found out, I have to admit that I did.."
"And did you happen to give her my name instead of telling her your name?"
Bob's face turned beet red and he said, "Yeah, look, I'm sorry,buddy.. I'm afraid I did.' 'Why do you ask?"
"She just died and left me everything."
A reminder if you would like to see Trezor supporting Monero: http://forum.getmonero.org/8/funding-required/261/monero-support-for-trezor?page=&noscroll=1#post-1010
I think this is a great idea.
Hardware wallets are a growing trend right now.
Hi!
Looks like my message will be a bit offtopic here. But this is all about Monero
I've setup a new Monero pool here: http://XMR.CryptoNight.net with
1. low fees: 0.8% (0.3% - donations + 0.5% - pool fee).
2. bonus offer for 1st round participants:
All 1st round payments in XMR will be doubled (additional payment will be issued manually within 24h).
As soon as the 1st block will be found 1st round will be finished and pool will continue it's normal operations.
Pool OP: https://bitcointalksearch.org/topic/poolcryptonightnet-cryptonote-pool-bytecoin-monero-darknote-1013306
Join us, follow us on twitter (https://twitter.com/cryptonight_net) and have a nice mining!
Who owns the address monero.org, someone is developing it
We're not sure - at this stage it appears that they are linking to the binaries on getmonero.org, but as it is somebody who is unknown it should be treated with caution. The fact that they link to MinerGate (a pool most likely operated by the BCN scammers) is also quite concerning.
Community sites are always welcome, but this is not obviously a community site. To anyone coming across it they would think it is the official site, which makes it especially dangerous. Perhaps they are trying to build up some SEO, after which they can just change links to whatever they want.
It looks like they are setting up a shop too.
Quote
Their About page is the best: "Monero.org is one of the earliest websites about Monero cryptocurrency. It was created by a group of enthusiasts in order to spread all needed information about Monero"
Except nobody knows the "group of enthusiasts" here or on IRC or on the Monero Forum...
Who owns the address monero.org, someone is developing it
We're not sure - at this stage it appears that they are linking to the binaries on getmonero.org, but as it is somebody who is unknown it should be treated with caution. The fact that they link to MinerGate (a pool most likely operated by the BCN scammers) is also quite concerning.
Community sites are always welcome, but this is not obviously a community site. To anyone coming across it they would think it is the official site, which makes it especially dangerous. Perhaps they are trying to build up some SEO, after which they can just change links to whatever they want.
It looks like they are setting up a shop too.
Quote
if you have 2 addresses, one is a real address (with private key) and one burn address, then you can publish the viewkey of the first one and see all the transactions made from this address to the burn address.
Are you sure? I think what you would see as destination would be a stealth destination (maybe corresponding to the burn address, without any way to prove it).
This.
To prove/show a transaction you must have a view key, which you can't obtain without a private key, so I guess you can't burn coins without a third party trust provider (a notary?).
In Bitcoin you can just create a valid address (vanity like) for which is almost impossible to have obtained the private key, I don't know if this can be true for cryptonote addresses, I guess you can, but again you end up without a way to see transactions.
Can't you just set the mix-in so high that the coins are redistributed back to the miners?
Heh.. That's good out of the box thinking. But will that not rape the blockchain?
No need to set mixin really high, you can just pay the whole thing in fees if that's what you want.
Though I don't think that's what he wants...
I'm quite certain this address isn't that difficult to create; I just haven't had any luck finding what exactly the public keys are massaged with to create the "address".
BTC is like this:
1. = RIPEMD160(SHA256(public ECDSA key))
2. = networkbytes(00) + 1.
3. = SHA256(SHA256(2.))
4. = 2. + 1st four bytes of 3.
5. = Base58(4.)
Now what is done to XMR?
The issue is that with ring sigs coupled with stealth addresses, without having the viewkey (derived from the spend key), you can't really see the ending balance. Having a burn address where one can't prove the existing balance does no good.
That's true, not perfect, but it's the closest thing I currently have to burning. If ppl can see confirmed outgoing transactions to this address it can be used as a good enough proof for the burning process. one can assume that if an outgoing tx. appears in the ledger so it means a corresponding incoming tx. exist. and because it's highly improbable that anyone will have the private key to this address, it means those fund are unspendable.
If someone here can answer luigi1111's question he might be able to create the address
It also means that a third party i.e. your service acts as escrow, which adds a layer of concern. One could have a large chunk of the funds on the address with the view-key... and then just not transfer it to the burn address, but another xmr address. And it's gone.
There is a difference though if we're talking big ipo-style burn, or small minor amounts burn that continuously gets burned.
if you have 2 addresses, one is a real address (with private key) and one burn address, then you can publish the viewkey of the first one and see all the transactions made from this address to the burn address.
Are you sure? I think what you would see as destination would be a stealth destination (maybe corresponding to the burn address, without any way to prove it).
This.
To prove/show a transaction you must have a view key, which you can't obtain without a private key, so I guess you can't burn coins without a third party trust provider (a notary?).
In Bitcoin you can just create a valid address (vanity like) for which is almost impossible to have obtained the private key, I don't know if this can be true for cryptonote addresses, I guess you can, but again you end up without a way to see transactions.
Can't you just set the mix-in so high that the coins are redistributed back to the miners?
Heh.. That's good out of the box thinking. But will that not rape the block chain?
I'm not convinced of that idea. If one were to know of such burn-events happening, one could opportunistically mine for it. (At the same time. No guarantee you get the block of course, but pointing hardware to several pools would make likely.)
Hope this is useful to someone
Disclaimer: I am one of XMR.TO's admins.
thank you!
btw: have you thought about letting users put a bitpay invoice id or url directly? i use your service sometimes, but atm it involves a lot of strg+c
imho the paying page is a LITTLE cluttered. i'd prefer two lines for entering the btc details and copying my xmr detals - without scrolling
but: loving your service! good work!
Thanks a lot, especially for the nice suggestions! Like the idea for bitpay. We're not sure what we'll do, either a browser plugin or a bitpay invoice importer as you suggested. The browser plugin is certainly more general.
Yeah, the payment page is a little cluttered. We'll try to reduce the amount of information on it.
Hope this is useful to someone
Disclaimer: I am one of XMR.TO's admins.
thank you!
btw: have you thought about letting users put a bitpay invoice id or url directly? i use your service sometimes, but atm it involves a lot of strg+c
imho the paying page is a LITTLE cluttered. i'd prefer two lines for entering the btc details and copying my xmr detals - without scrolling
but: loving your service! good work!
This might interest some of you:
I started playing with XMR.TO's new API (https://bitcointalksearch.org/topic/m.11075530).
I wanted to come up with a simple example to demonstrate how to make an XMR.TO payment via that API.
Below, you can find a python script that was basically collateral damage: it compares prices on poloniex, XMR.TO and shapeshift.io.
(so it's a lot simpler than making a payment
)
Here you go:
Code as gist: https://gist.github.com/arnuschky/55553910393b516f7d02
Output:
Note that it's for buying XMR from you, so the higher the better.
Also, Poloniex involves slippage (that is, the given price is only available for a arbitrarily small amount and might rise quickly for larger ones).
Neither xmr.to nor shapeshift.io are affected by that.
Hope this is useful to someone
Disclaimer: I am one of XMR.TO's admins.
I started playing with XMR.TO's new API (https://bitcointalksearch.org/topic/m.11075530).
I wanted to come up with a simple example to demonstrate how to make an XMR.TO payment via that API.
Below, you can find a python script that was basically collateral damage: it compares prices on poloniex, XMR.TO and shapeshift.io.
(so it's a lot simpler than making a payment
)Here you go:
Code:
import sys
import json
import urllib2
def jsonApiCall(url):
try:
req = urllib2.Request(url, headers={'User-Agent' : "Magic Browser"})
con = urllib2.urlopen(req)
data = json.load(con)
except Exception as e:
sys.stderr.write("Failed in API call " + url + "\n")
sys.stderr.write(str(e))
sys.exit(1)
return data
poloniex = float(jsonApiCall('https://poloniex.com/public?command=returnTicker')['BTC_XMR']['highestBid'])
poloniex *= 1.002 # 0.2% fee
xmrto = float(jsonApiCall('https://xmr.to/api/v1/xmr2btc/order_parameter_query')['price'])
shapeshift = float(jsonApiCall('https://shapeshift.io/rate/xmr_btc')['rate'])
# shapeshift applies a 0.0001 btc fee per transaction, which we won't factor in here
print "-----------------------------------"
print " Price for buying 1 XMR"
print "-----------------------------------"
print " Poloniex %10.8f BTC" % poloniex
print " XMR.TO %10.8f BTC" % xmrto
print " shapeshift %10.8f BTC" % shapeshift
Output:
Code:
-----------------------------------
Price for buying 1 XMR
-----------------------------------
Poloniex 0.00308108 BTC
XMR.TO 0.00304400 BTC
shapeshift 0.00302045 BTC
Note that it's for buying XMR from you, so the higher the better.
Also, Poloniex involves slippage (that is, the given price is only available for a arbitrarily small amount and might rise quickly for larger ones).
Neither xmr.to nor shapeshift.io are affected by that.
Hope this is useful to someone
Disclaimer: I am one of XMR.TO's admins.
Can you please add my pool to the list?
http://monerominers.net (US)
It's still small with 6-10 kHash/s but some of the listed pools have 0 Hash/s.
0.5% Fee
http://monerominers.net (US)
It's still small with 6-10 kHash/s but some of the listed pools have 0 Hash/s.
0.5% Fee
Where did you go? I was mining there on and off for the last month. It's been about a week now.
I'm not sure if this has been discussed before?
OpenAlias is easy and user-friendly (once employed) but isn't there an inherent risk in abuse?
It would be trivial for a cracker to exploit it by changing the xmr recipient_address to one under his control. Another easy exploit is that pretty much any employee at the company which hosts your domain or subdomain can easily change the xmr recipient_address. That is especially handy if the nefarious part (for some reason) knows of large or recurring payments.
OpenAlias is easy and user-friendly (once employed) but isn't there an inherent risk in abuse?
It would be trivial for a cracker to exploit it by changing the xmr recipient_address to one under his control. Another easy exploit is that pretty much any employee at the company which hosts your domain or subdomain can easily change the xmr recipient_address. That is especially handy if the nefarious part (for some reason) knows of large or recurring payments.
It's always a matter of tradeoff between convenience and security. If you're worried about large payments, just enter/check the address by hand instead of using open alias.
I just thought there should be an "oh, by the way" disclaimer attached to it.
if you have 2 addresses, one is a real address (with private key) and one burn address, then you can publish the viewkey of the first one and see all the transactions made from this address to the burn address.
Are you sure? I think what you would see as destination would be a stealth destination (maybe corresponding to the burn address, without any way to prove it).
This.
To prove/show a transaction you must have a view key, which you can't obtain without a private key, so I guess you can't burn coins without a third party trust provider (a notary?).
In Bitcoin you can just create a valid address (vanity like) for which is almost impossible to have obtained the private key, I don't know if this can be true for cryptonote addresses, I guess you can, but again you end up without a way to see transactions.
Can't you just set the mix-in so high that the coins are redistributed back to the miners?
Heh.. That's good out of the box thinking. But will that not rape the blockchain?
No need to set mixin really high, you can just pay the whole thing in fees if that's what you want.
Though I don't think that's what he wants...
I'm quite certain this address isn't that difficult to create; I just haven't had any luck finding what exactly the public keys are massaged with to create the "address".
BTC is like this:
1. = RIPEMD160(SHA256(public ECDSA key))
2. = networkbytes(00) + 1.
3. = SHA256(SHA256(2.))
4. = 2. + 1st four bytes of 3.
5. = Base58(4.)
Now what is done to XMR?
The issue is that with ring sigs coupled with stealth addresses, without having the viewkey (derived from the spend key), you can't really see the ending balance. Having a burn address where one can't prove the existing balance does no good.
That's true, not perfect, but it's the closest thing I currently have to burning. If ppl can see confirmed outgoing transactions to this address it can be used as a good enough proof for the burning process. one can assume that if an outgoing tx. appears in the ledger so it means a corresponding incoming tx. exist. and because it's highly improbable that anyone will have the private key to this address, it means those fund are unspendable.
If someone here can answer luigi1111's question he might be able to create the address
AFAIK, the following is true:
Viewkey at present is derived from spend key via SHA256. (Edit: I think this is via Keccak, not SHA.) However, there is no protocol requirement for this. View and spend keys are not related to one another; this derivation is simply for ease of generating accounts (remembering only one seed, etc).
With that assumption, it should be possible to generate a "proper" burn account (i.e., one where the viewkey is known but spend key is not).
All we need to know is how the "standard address" is generated (from the whitepaper: "standard address is a representation of a public user key given into human friendly string with error correction"). Then we can generate an obviously fake spend public key (e.g., 0x777...7), generate a proper EdDSA public/private view keypair, and turn the pair of public keys into a standard address.
There is also this gem from the whitepaper (I'm told it's unimplemented, though I don't know exactly what that means):
Quote
• If Bob wants to have an audit compatible address where all incoming transaction are linkable, he can either publish his tracking key or use a truncated address. That address represent only one public ec-key B, and the remaining part required by the protocol is derived from it as follows: a = Hs(B) and A = Hs(B)G. In both cases every person is able to “recognize” all of Bob’s incoming transaction, but, of course, none can spend the funds enclosed within them without the secret key b.
@Vandalay23: what's your project? why do you need all those burn adress? (xmr,nxt,hz,burst +every other one that i did not see)
Can confirm this, noticed it as well...
Couldn't someone build a monero client but remove the seed generation, setup the password prompt to auto hash a password (sha256 w/ random salt perhaps) for what would be a user prompt on load and to not generate the spend key file. That should, in theory, give you the stealth address and viewkey but no access to the spend key, seed words for wallet generation, or even wallet file? Probably off here but if you could somehow remove the user element to inputs, you should be left with a valid wallet (stealth address only) with paired viewkey but no access to regen the needed spend key to access funds. Granted, you won't get a long string of xxxx's for the stealth address but at least you have a burn address. Could something like this work?
What use would that be?
Again, if you're trying to have a burn address with no access to spend funds.
Couldn't someone build a monero client but remove the seed generation, setup the password prompt to auto hash a password (sha256 w/ random salt perhaps) for what would be a user prompt on load and to not generate the spend key file. That should, in theory, give you the stealth address and viewkey but no access to the spend key, seed words for wallet generation, or even wallet file? Probably off here but if you could somehow remove the user element to inputs, you should be left with a valid wallet (stealth address only) with paired viewkey but no access to regen the needed spend key to access funds. Granted, you won't get a long string of xxxx's for the stealth address but at least you have a burn address. Could something like this work?
What use would that be?
Jump to: