Topic: XMR vs DRK - page 55. (Read 69755 times)
Basically, you want to be spoon-fed, despite the fact that you keep spitting out everything that is fed to you.
You want an exact technical analysis of the weaknesses in a system whose blatant and glaring weaknesses have already been pointed out many times, despite the fact that each time these weaknesses are pointed out, you go: "Look over there, a birdy!"
I might as well explain it to my pet fish, as at least he eats what is fed to him and doesn't argue with sound reasoning.
You want an exact technical analysis of the weaknesses in a system whose blatant and glaring weaknesses have already been pointed out many times, despite the fact that each time these weaknesses are pointed out, you go: "Look over there, a birdy!"
I might as well explain it to my pet fish, as at least he eats what is fed to him and doesn't argue with sound reasoning.
Hi, you seem to be confused and slightly angry...
there is a specific question here, throwing insults does not answer this question
Fluffy is being asked if he even knows how many MN need to be compromised, to backup his wacky idea that every node in a P2P network needs a failover for the P2P network to be secure.
This proposition came from Fluffy himself. All people are asking is to prove what he is saying which for whatever reason is proving to be a bit difficult for him (and you apparently?).
You guys refuse to comprehend. That doesn't mean what is stated isn't sound and fact-based.
No matter what is stated, you just keep saying "Explain it more."
No matter what is stated, you just keep saying "Explain it more."
Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.
So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses ...
So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses ...
I understand that, but you will get change the minute you pay for something with a decimal place.
Unless you're saying merchants have to price things in multiples of $5.18 (at this moment) and can't deviate from that?
Basically, you want to be spoon-fed, despite the fact that you keep spitting out everything that is fed to you.
You want an exact technical analysis of the weaknesses in a system whose blatant and glaring weaknesses have already been pointed out many times, despite the fact that each time these weaknesses are pointed out, you go: "Look over there, a birdy!"
I might as well explain it to my pet fish, as at least he eats what is fed to him and doesn't argue with sound reasoning.
You want an exact technical analysis of the weaknesses in a system whose blatant and glaring weaknesses have already been pointed out many times, despite the fact that each time these weaknesses are pointed out, you go: "Look over there, a birdy!"
I might as well explain it to my pet fish, as at least he eats what is fed to him and doesn't argue with sound reasoning.
Quote
you admit xmr team is building rock solid stuff. I am suggesting for you now as drk prise has risen significiantly to cash some (not all) of your drk and diversifying into xmr. After all the crypto is like a raffle and it is good to have some variety in portfolio in case some coin rises significiantly.
I do have an XMR position, but only like 10% of my DRK holdings so barely a hedge.
What I'm questioning about XMR is time-to-market and the real-world necessity of the ultra-robust tech. If DRK is fit-for-purpose in the majority of real-world use cases and gets over the line first in terms of adoption and scalability, where does that leave XMR?
For which real world cases is Darksend not secure enough?
Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.
Thus there is a dependency on the user exercising sufficient opsec, else they will compromise themselves as they are lulled into a false sense of privacy.
Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.
So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses ...
And therefore everything Fluffy said here is wrong:
meaning he has no idea what he is talking about
Quote
you admit xmr team is building rock solid stuff. I am suggesting for you now as drk prise has risen significiantly to cash some (not all) of your drk and diversifying into xmr. After all the crypto is like a raffle and it is good to have some variety in portfolio in case some coin rises significiantly.
I do have an XMR position, but only like 10% of my DRK holdings so barely a hedge.
What I'm questioning about XMR is time-to-market and the real-world necessity of the ultra-robust tech. If DRK is fit-for-purpose in the majority of real-world use cases and gets over the line first in terms of adoption and scalability, where does that leave XMR?
For which real world cases is Darksend not secure enough?
Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.
Thus there is a dependency on the user exercising sufficient opsec, else they will compromise themselves as they are lulled into a false sense of privacy.
Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.
So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses (dominated for 1 drk each) ...
your approach sounds more like the coinjoin method, but thats not how darksend uses, it uses a portion from coinjoin with various additions, like denomination, to get around that problem what you are talking about
The Masternodes are a part of your fucking consensus system if u still don't see how you should secure them the best way possible is beyond anyone with a brain and basic knowledge of it security.
which conversation are you talking about?
Fluffy is now saying that every MN owner needs a failover or it's easier to compromise the MN Network
majamina then asked ergo how many MN need to be compromised to backup that proposition?
it's a fair question but instead of getting an answer he is being called 'mentally challenged' for asking someone to prove what they are saying?
so you are saying that if someone is stupid enough to send more coins than they need to a dark market, spend some of them on something illegal, then send unmixed change from the dark market back to their own wallet they compromise their privacy.
fair point I suppose, but I don't see a huge 'opsec' challenge to avoid this
fair point I suppose, but I don't see a huge 'opsec' challenge to avoid this
No, you're misunderstanding how cryptocurrency works. Let me use a simplified example.
Your wallet balance doesn't actually exist. It's instead a representation of all of the unspent transaction outputs (utxos) in your wallet. Let's say you have the following UTXOs:
| Amount | | | Address |
| 100 DRK | | | AAAA |
| 100 DRK | | | BBBB |
| 100 DRK | | | CCCC |
Now you send those off for pre-mixing. Your wallet's UTXOs now look like this:
| Amount | | | Address |
| 50 DRK | | | ABAB |
| 25 DRK | | | CDCD |
| 25 DRK | | | EFEF |
| 180 DRK | | | GHGH |
| 20 DRK | | | IJIJ |
You now buy something on SuperDodgyMarket for 10 DRK, the address you've got to send it to is XXZZ. As you can see, you don't have a 10 DRK output in your utxoset. So you HAVE to use an output > 10 DRK. Thus the resulting transaction looks like this:
Inputs:
| Amount | | | From Address |
| 50 DRK | | | ABAB |
Outputs:
| Amount | | | From Address |
| 10 DRK | | | XXZZ |
| 40 DRK | | | KLKL |
As a result, your wallet's utxoset now looks like this:
| Amount | | | Address |
| 25 DRK | | | CDCD |
| 25 DRK | | | EFEF |
| 180 DRK | | | GHGH |
| 20 DRK | | | IJIJ |
| 40 DRK | | | KLKL |
This is not anything "stupid" you've done, this is through the normal course of things. It doesn't matter what you do next, your entire set of "anonymised" outputs is now at risk because of the 40 DRK in KLKL that you will use in the normal course of things (eg. if you need to send 200 DRK to an exchange your wallet may pick the 180 DRK output and the tainted 40 DRK output, and now you're screwed).
This has nothing to do with MasterNode opsec, that's a different matter. This has to do with Darksend's anonymity not being "good enough" (remember I was replying to Macno, so different conversation to the MN threat model) because users can and will be deanonymised after the fact. Thus for users to actually take advantage of Darkcoin's privacy they are required to practice strict opsec of their own, remixing their entire wallet after every transaction. The slightest mistake or relaxation on their part can mean they are instantly compromised (from a privacy perspective). And if you've got to exercise such strict opsec as a user, why not just use Bitcoin?
fluffypony fucking told you how it relates to masternodes in the fucking original dissection that you said "Naw man, that ain't needed cuz I said it ain't needed."
Are you mentally challenged?
Are you mentally challenged?
he told me that it's needed in case people compromise sections of the network by whatever means....he didn't say how much of the network needs to be compromise, so how can we assess if the measures are required?
failover capacity and opsec measures should be based on operational risk...we haven't quantified the operational risk, i.e. number of masternodes that need to be compromised, so how can we define these measures?
The Masternodes are a part of your fucking consensus system if u still don't see how you should secure them the best way possible is beyond anyone with a brain and basic knowledge of it security.
fluffypony fucking told you how it relates to masternodes in the fucking original dissection that you said "Naw man, that ain't needed cuz I said it ain't needed."
Are you mentally challenged?
Are you mentally challenged?
where did he?
Quote
Are you that narrow minded that you think the only possible way to deanonymize darkcoin is owning all masternodes?
Not at all, but that's not what we're talking about. Do you want me to talk about something we're not talking about, in response to something that we are?
^ you made the mistake of asking a Monero dev for a straight answer. YOU MUST BE NEW HERE
fluffypony fucking told you how it relates to masternodes in the fucking original dissection that you said "Naw man, that ain't needed cuz I said it ain't needed."
Are you mentally challenged?
Are you mentally challenged?
Quote
Are you that narrow minded that you think the only possible way to deanonymize darkcoin is owning all masternodes?
Not at all, but that's not what we're talking about. Do you want me to talk about something we're not talking about, in response to something that we are?
So, now you are saying "It's ok, because lots of people are lazy and untechnical."
no i'm not saying that. fluffypony said 'the level of rigour that is generally accepted as necessary when every line of code can mean the wiping out of someone's saving or the end of a person's means of income' - i'm just making a comment that this perceived level as rigour is perhaps not as pervasive in financial software development as you might imagine. I'm not saying it's OK, you made that bit up
Quote
Explain how you are wrong. Where should I start.
I think a decent place to begin is with the revelations of a little-known former NSA contractor of the name Ed Snowden. Have you possibly heard of him? Watched a documentary called "Citizen Four" yet?
All this stuff is NOT a fairytale. It is NOT a tinfoil hat thing. The very simple fact of it all is that every single bit (and I do mean bit, as in 0 or 1, bit) that traverses any portion of the telecommunications infrastructure of virtually any NATO or similarly-allied nation on this planet is sniffed and inspected by hordes of incredibly powerful computers, and stored for posterity on unbelievably large data farms for possible later investigation by teams of real human beings.
Please wake up and smell the feces.
how does this relate to opsec requirements for masternodes?
Why is it all-or-nothing?
Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...
Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...
Because the more honest MasterNodes there are the harder it is for a sophisticated attacker to gain a foothold. If MN operators don't have a failover it gives our sophisticated attacker an easy in - break into the colo cage, and since the operator can't just abandon the infrastructure and failover to a new (and unknown to the attacker) location, he either opens himself up by going to the DC (and getting arrested / strong-armed into assisting LEA) or he abandons the infrastructure and then spends days / weeks setting up anew, during which time there's 1 less MasterNode. Perform this against multiple operators simultaneously and they'll strike gold (especially since there will be many MNs clustered at datacenters like Ecatel).
Remember: literally every key differentiating factor for Darkcoin (Darksend, InstantX) requires the MasterNode network. For it to be safe, successful, and robust, you have to have all MasterNodes acting like ultra-paranoid DNM operators. Anything less than absolute operational perfection for the entire MN network puts people at risk and degrades functionality, to a greater or lesser degree.
so the scenario is a co-ordinated attack on lots of masternodes, but you won't say how many masternodes need to be compromised....i think you need to for this argument to stand up.
Are you that narrow minded that you think the only possible way to deanonymize darkcoin is owning all masternodes?
Why is it all-or-nothing?
Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...
Why does a masternode need to failover? If my masternode fails today, nothing happens to the network other than masternode count is reduced by 1. Please explain this point before we move on...
Because the more honest MasterNodes there are the harder it is for a sophisticated attacker to gain a foothold. If MN operators don't have a failover it gives our sophisticated attacker an easy in - break into the colo cage, and since the operator can't just abandon the infrastructure and failover to a new (and unknown to the attacker) location, he either opens himself up by going to the DC (and getting arrested / strong-armed into assisting LEA) or he abandons the infrastructure and then spends days / weeks setting up anew, during which time there's 1 less MasterNode. Perform this against multiple operators simultaneously and they'll strike gold (especially since there will be many MNs clustered at datacenters like Ecatel).
Remember: literally every key differentiating factor for Darkcoin (Darksend, InstantX) requires the MasterNode network. For it to be safe, successful, and robust, you have to have all MasterNodes acting like ultra-paranoid DNM operators. Anything less than absolute operational perfection for the entire MN network puts people at risk and degrades functionality, to a greater or lesser degree.
so the scenario is a co-ordinated attack on lots of masternodes, but you won't say how many masternodes need to be compromised....i think you need to for this argument to stand up.
So, now you are saying "It's ok, because lots of people are lazy and untechnical."
Explain how you are wrong. Where should I start.
I think a decent place to begin is with the revelations of a little-known former NSA contractor of the name Ed Snowden. Have you possibly heard of him? Watched a documentary called "Citizen Four" yet?
All this stuff is NOT a fairytale. It is NOT a tinfoil hat thing. The very simple fact of it all is that every single bit (and I do mean bit, as in 0 or 1, bit) that traverses any portion of the telecommunications infrastructure of virtually any NATO or similarly-allied nation on this planet is sniffed and inspected by hordes of incredibly powerful computers, and stored for posterity on unbelievably large data farms for possible later investigation by teams of real human beings.
Please wake up and smell the feces.
Explain how you are wrong. Where should I start.
I think a decent place to begin is with the revelations of a little-known former NSA contractor of the name Ed Snowden. Have you possibly heard of him? Watched a documentary called "Citizen Four" yet?
All this stuff is NOT a fairytale. It is NOT a tinfoil hat thing. The very simple fact of it all is that every single bit (and I do mean bit, as in 0 or 1, bit) that traverses any portion of the telecommunications infrastructure of virtually any NATO or similarly-allied nation on this planet is sniffed and inspected by hordes of incredibly powerful computers, and stored for posterity on unbelievably large data farms for possible later investigation by teams of real human beings.
Please wake up and smell the feces.
Quote
Unless a person is mixing after every transaction they perform I'd say it's no more private than Bitcoin. If the level of privacy is solely dependent on the user acting in a sane and self-serving manner then they may as well use Bitcoin. For example: Bob has 100 DRK. He uses Darksend to pre-mix these. Now he takes these 100 DRK that are in address drkaaaa0001 and goes and buys something on SilkEvolutionReloaded3 for 20 DRK. The remaining 80 DRK come back into his wallet to address drkbbbb0002. A few days later he goes and buys a coffee at StarBucks for 1 DRK. Because LEA receive feeds from our proverbial StarBucks in this thought experiment they are immediately able to see that change from an illicit transaction has been used at StarBucks, and now they have video footage and the guy's car registration number.
Thus there is a dependency on the user exercising sufficient opsec, else they will compromise themselves as they are lulled into a false sense of privacy.
hmm, interesting and worth some consideration.
so you are saying that if someone is stupid enough to send more coins than they need to a dark market, spend some of them on something illegal, then send unmixed change from the dark market back to their own wallet they compromise their privacy.
fair point I suppose, but I don't see a huge 'opsec' challenge to avoid this
Jump to: