|
FCKGW posted:is that when i get random $2k+ checks from a company account in the mail with a letter to cash it and send half to some dude in nigeria no, it's when you get a check and copy the numbers from it, then use that to buy stuff off the Internet or do something more sophisticated like kiting. when your power company sets up automatic bill pay from the void cheque you send, it's doing the same sort of thing, but scout's honor you approved it. it's not like your bank asks to see the paperwork of the customer application every time.
|
# ? Jan 10, 2015 05:51 |
|
|
# ? Apr 26, 2024 16:12 |
|
AlbieQuirky posted:I was excited that Bitstamp had done something stupid but it was all checkque chat and now my crest is fallen, Same but pirahna was on syfy so at least there was that. Now it's mega pirahna.
|
# ? Jan 10, 2015 06:01 |
|
Dessert Rose posted:how i understand it is that they think that timing attacks are somehow relevant to bitcoin (they aren't) so they want to use a constant-time signing (verification? is the only way this remotely makes sense) algorithm What about if you sit a few feet away from someone and analyze the electromagnetic interference generated by their PC while it is signing a transaction or something, isn't it possible you could get some information about their key that way? * I know enough about cryptography to only ask questions, not make statements or decisions.
|
# ? Jan 10, 2015 07:06 |
|
Dessert Rose posted:how i understand it is that they think that timing attacks are somehow relevant to bitcoin (they aren't) so they want to use a constant-time signing (verification? is the only way this remotely makes sense) algorithm why wouldn't timing attacks be relevant? there are definitely attacks where you can pull key material off of another VM on the same host
|
# ? Jan 10, 2015 07:16 |
|
idk if posted already and idc
|
# ? Jan 10, 2015 07:39 |
|
It's true. You get less and less dollars for a bitcoin. Obviously the dollar is decreasing in value!
|
# ? Jan 10, 2015 07:43 |
|
as a long time dollar holder i have to say my world looks now a lot different than in 2010 before this huge collapse
|
# ? Jan 10, 2015 07:47 |
|
four years ago I used to buy a cup of coffee for $5. today that cup costs me $50,000.
|
# ? Jan 10, 2015 07:59 |
|
you've only actually lost money if you've sold the dollars for bitcoins, you should hodl your current dollars and snap up these cheap dollars with any bitcoin you can get ahold of dollars are about to go to the moon, this is probably your last chance to get on board
|
# ? Jan 10, 2015 08:02 |
|
Chocobo posted:you've only actually lost money if you've sold the dollars for bitcoins, you should hodl your current dollars and snap up these cheap dollars with any bitcoin you can get ahold of this makes perfect sense where can i buy no hassles bitcoin
|
# ? Jan 10, 2015 08:05 |
|
under obamas regime the dollar has lost 100000% of its value i think ill be voting republican next time
|
# ? Jan 10, 2015 08:09 |
|
my credit card i will tell it to you just give me a bitcoin
|
# ? Jan 10, 2015 08:20 |
|
Snapchat A Titty posted:ty at least get the year right jesus christ
|
# ? Jan 10, 2015 08:26 |
|
http://sourceforge.net/p/bitcoin/mailman/message/33221963/ [Bitcoin-development] OpenSSL 1.0.0p / 1.0.1k incompatible, causes blockchain rejection. openssl fixed a vuln which caused it to become incompatible with bitcoin
|
# ? Jan 10, 2015 08:27 |
|
Aleksei Vasiliev posted:http://sourceforge.net/p/bitcoin/mailman/message/33221963/ reject some signatures, Bitcoin is a consensus system where all participants must generally agree on the exact validity or invalidity of the input data. In a sense, consistency is more important than "correctness". As a result, an uncontrolled 'fix' can constitute a security vulnerability for the Bitcoin system. The Bitcoin Core developers have been aware of this class of risk for a long time and have taken measures to mitigate it generally; e.g., shipping static binaries, internalizing the Leveldb library... etc. It was somewhat surprising, however, to see this kind of change show up as a "low" priority fix in a security update and pushed out live onto large numbers of systems within hours. We were specifically aware of potential hard-forks due to signature encoding handling and had been hoping to close them via BIP62 in 0.10. BIP62's purpose is to improve transaction malleability handling and as a side effect rigidly defines the encoding for signatures, but the overall scope of BIP62 has made it take longer than we'd like to deploy. (Coincidentally, I wrote about this concern and our unique demands on cryptographic software as part of a comment on Reddit shortly before discovering that part of this OpenSSL update was actually incompatible with Bitcoin: https://www.reddit.com/r/Bitcoin/comments/2rrxq7/on_why_010s_release_notes_say_we_have_reason_to/cnitbz3 ) The patches above, however, only fix one symptom of the general problem: relying on software not designed or distributed for consensus use (in particular OpenSSL) for consensus-normative behavior. Therefore, as an incremental improvement, I propose a targeted soft-fork to enforce strict DER compliance soon, utilizing a subset of BIP62. Adding a blockchain rule for strict DER will reduce the risk of consensus inconsistencies from alternative implementations of signature parsing or signature verification, simplify BIP62, and better isolate the cryptographic validation code from the consensus algorithm. A failure to do so will likely leave us in this situation, or possibly worse, again in the future. The relevant incompatible transactions are already non-standard on the network since 0.8.0's release in February 2013, although there was seemingly a single miner still mining incompatible transactions. That miner has been contacted and has fixed their software, so a soft-fork with no chain forking should be possible.
|
# ? Jan 10, 2015 09:16 |
|
anthonypants posted:We were specifically aware of potential hard-forks due to signature
|
# ? Jan 10, 2015 09:24 |
|
Same Great Paste posted:at least get the year right jesus christ welp
|
# ? Jan 10, 2015 09:32 |
|
Aleksei Vasiliev posted:lol thousands of bitcoins stolen through this and they're just now fixing it years later
|
# ? Jan 10, 2015 10:24 |
|
we're going to look back on that as the mortal wound, aren't we? stick to legacy OpenSSL and trudge on forever accepting whatever holes are found or have already been found, oh well or homebrew their own and get their rectum pulled out their ear within weeks
|
# ? Jan 10, 2015 10:57 |
|
Wulfolme posted:we're going to look back on that as the mortal wound, aren't we? i have no idea what will happen if (when) an absolute dealbreaker exploit is found in the code, i just know it's gonna be spectacular.
|
# ? Jan 10, 2015 11:12 |
|
Aleksei Vasiliev posted:lol thousands of bitcoins stolen through this and they're just now fixing it years later the bitcoins werent actually stolen from that. mtgox were just "uhh yeah we didn't run off with all the butts, it was, ummm, *checks wiki* transaction malleability and evil hackers" someone analysed the bitcoin network and discovered that only 300 bitcoins at most (probably much less) had even been stolen with transaction malleability and 90% of that was after the mtgox meltdown
|
# ? Jan 10, 2015 12:08 |
|
goddamnedtwisto posted:i have no idea what will happen if (when) an absolute dealbreaker exploit is found in the code, i just know it's gonna be spectacular. the problem will be added to the wiki, and thus everyone will agree it is solved
|
# ? Jan 10, 2015 12:08 |
|
welp i think it's fair to say we've lost the war, bitstamp is back online and bitcoin has already climbed back over $300
|
# ? Jan 10, 2015 14:03 |
|
j/k it's crashing again
|
# ? Jan 10, 2015 14:03 |
|
|
# ? Jan 10, 2015 14:32 |
|
quote:So, did that give $100 of btc to MIT kids go anywhere? (self.Bitcoin)
|
# ? Jan 10, 2015 14:56 |
|
Herman Merman posted:Down to $65 I think
|
# ? Jan 10, 2015 14:58 |
|
lol
|
# ? Jan 10, 2015 14:59 |
|
So if someone had warehouses of bitcoin miners, why wouldn't they just be trying 24/7 to guess the private key for satoshi's wallet? (BTW, I still don't have a firm grasp on what miners do, besides guess numbers. the answer is probably "because they're single purpose machines and aren't built that way")
|
# ? Jan 10, 2015 15:01 |
|
RZA Encryption posted:So if someone had warehouses of bitcoin miners, why wouldn't they just be trying 24/7 to guess the private key for satoshi's wallet? e: also mined coins on the original client go to their own address, so you'd actually have to break thousands of private keys to get at all of satoshi's coins
|
# ? Jan 10, 2015 15:04 |
|
RZA Encryption posted:So if someone had warehouses of bitcoin miners, why wouldn't they just be trying 24/7 to guess the private key for satoshi's wallet? because that would take longer than the life of the universe and their resources are better used in getting the block rewards iirc, I calculated it would take on the order of 10^43 years to have a 50% chance of finding a private key by brute force at 20Mkeys/sec. the big miners are operating a few orders of magnitude faster but that doesn't help much at this scale. sleepy gary fucked around with this message at 15:06 on Jan 10, 2015 |
# ? Jan 10, 2015 15:04 |
|
Aleksei Vasiliev posted:breaking a bitcoin private key by bruteforce is "heat death of the universe" type ETA as far as I know Then they need more miners, obv.
|
# ? Jan 10, 2015 15:06 |
|
quote:Down to $65 I think
|
# ? Jan 10, 2015 15:08 |
|
RZA Encryption posted:Then they need more miners, obv. Schneier posted:Longer key lengths are better, but only up to a point. AES will have 128-bit, 192-bit, and 256-bit key lengths. This is far longer than needed for the foreseeable future. In fact, we cannot even imagine a world where 256-bit brute force searches are possible. It requires some fundamental breakthroughs in physics and our understanding of the universe.
|
# ? Jan 10, 2015 15:11 |
RZA Encryption posted:So if someone had warehouses of bitcoin miners, why wouldn't they just be trying 24/7 to guess the private key for satoshi's wallet? basically that's 2^256 keys. he may have 512-bit key, so 2^512 is limit. if he's dumb, he may have 128-bit - 2^128 for example, let's take gtx 980 (doesnt make great sense but w/e) card - something like 2^26 (roughly) keys/second 128-bit = 2^(128-26) seconds = 2^102 seconds = 2^77 years 256-bit = 2^(256-26) seconds = 2^230 seconds = 2^205 years 256-bit = 2^(512-26) seconds = 2^486 seconds = 2^463 years thats alot while this is time needed to checke every single possible thing, even like 10% of it is crazy long
|
|
# ? Jan 10, 2015 15:15 |
|
2^26 (roughly) keys/second really?
|
# ? Jan 10, 2015 15:16 |
DNova posted:2^26 (roughly) keys/second point is that miner will die before that happens either way it was also more like 2^(25,6), but i felt lazy
|
|
# ? Jan 10, 2015 15:19 |
|
oh my bad I'm thinking base ten and you're writing base two
|
# ? Jan 10, 2015 15:20 |
DNova posted:oh my bad I'm thinking base ten and you're writing base two e: for base 10 it's about 4.5*10^7 (423362566 k/s is what i've got, so i pluged it in to 2^x and then rounded x up to closest integer) cinci zoo sniper fucked around with this message at 15:23 on Jan 10, 2015 |
|
# ? Jan 10, 2015 15:20 |
|
|
# ? Apr 26, 2024 16:12 |
|
Users of Bitcoin Core on Linux must not upgrade to the latest version of OpenSSL (self.Bitcoin) submitted 9 hours ago * by theymos[M] Greg Maxwell's announcement: http://sourceforge.net/p/bitcoin/mailman/message/33221963/ Summary: There is a problem with the most recent release of OpenSSL which will cause issues for some users of Bitcoin Core on Linux. This is not a critical security issue, but everyone using Bitcoin Core on Linux should read the following information, especially if you're automatically processing Bitcoin payments. The worst-case scenario is that you might accept transactions as confirmed which are later reversed. You are likely to be affected only if: You use Linux. You installed Bitcoin Core using your distro's package manager or you compiled Bitcoin Core yourself without using gitian. You are not affected if you use the binaries on bitcoin.org. You upgrade your system's OpenSSL to 1.0.0p or 1.0.1k. These were security-fix releases, so your package manager might have updated them automatically. If you are affected, then your client might become stuck at a particular block, and you'll have to reindex the block chain to fix it. In some conceivable but unlikely scenarios, you might see incoming transactions as having 6+ confirmations when the transactions are actually invalid. If you are a pool operator, then you could conceivably start mining on a false chain, which would cause you to lose all of your future blocks until you fix this. If you are using an affected version of Bitcoin Core, you should either make sure that your system OpenSSL does not get updated or shut down Bitcoin Core until an update fixing this is released in a day or two. If Bitcoin Core is already stuck and showing the "We do not appear to fully agree with our peers!" message, shut it down until an update fixing this is released; when you run that version, you'll have to run it with the -reindex switch.
|
# ? Jan 10, 2015 15:30 |