1 2011-06-20 00:00:09 hamush1 has joined
   2 2011-06-20 00:00:11 <BTCTrader> Welcome to the AK Bitcoin Exchange, you bring your bitcoins, we guard them with AK's
   3 2011-06-20 00:00:27 <KuDeTa> phantomcircuit:  i think community needs to step up now. Framework for exchanges, minimum security, how to handle hacks etc
   4 2011-06-20 00:00:36 DontMindMe has joined
   5 2011-06-20 00:00:37 joepie91 has joined
   6 2011-06-20 00:00:58 <phantomcircuit> KuDeTa, yeah im currently the unmasked exchange crusader stay tuned for updates...
   7 2011-06-20 00:00:59 kratosk has joined
   8 2011-06-20 00:01:02 <ThomasV> BTCTrader: AK47 ?
   9 2011-06-20 00:01:08 <lfm> KuDeTa: I think you are wasting your breath.
  10 2011-06-20 00:01:11 <OVerLoRDI> BTCTrader, I'd put my coins there
  11 2011-06-20 00:01:20 <BTCTrader> sure, what better way to secure bitcoins? :D
  12 2011-06-20 00:01:23 <OVerLoRDI> or are we exchanging coins for guns now?
  13 2011-06-20 00:01:28 <OVerLoRDI> cause I'll do that too
  14 2011-06-20 00:01:35 <jrmithdobbs> KuDeTa: exactly why i did f-d on gavin earlier
  15 2011-06-20 00:01:35 <lfm> OVerLoRDI: you want a gun?
  16 2011-06-20 00:01:49 <jrmithdobbs> KuDeTa: people shuffling this shit under the rug is not acceptable any more
  17 2011-06-20 00:01:52 <OVerLoRDI> lfm sure, what kind
  18 2011-06-20 00:01:53 <BTCTrader> there is already 1 firearms dealer in the us accepting bitcoins
  19 2011-06-20 00:01:59 <KuDeTa> lfm: it works everywhere else, go to any linux distro (eg. ubuntu), any open source project
  20 2011-06-20 00:02:05 Neocryptek_ has joined
  21 2011-06-20 00:02:27 <lfm> KuDeTa: I dont know of any widley enforced security standards
  22 2011-06-20 00:02:42 storrgie has quit (Remote host closed the connection)
  23 2011-06-20 00:03:03 hahuang65 has quit ()
  24 2011-06-20 00:03:05 <luke-jr> ;;bc,blocks
  25 2011-06-20 00:03:37 <lfm> KuDeTa: and it seems the security pros and the black hats would always be way ahead of any standard written and enforced by a commitee
  26 2011-06-20 00:04:06 theorb has joined
  27 2011-06-20 00:04:13 <ThomasV> I read there are rumors about a possible 400k btc theft ; have they been confirmed by MagicalTux ?
  28 2011-06-20 00:04:26 Raulo has quit (Ping timeout: 252 seconds)
  29 2011-06-20 00:04:28 <phantomcircuit> KuDeTa, community guidelines for security practices would be a very good place to start though
  30 2011-06-20 00:04:36 <lfm> ThomasV: go to mtgox.com and read before you speak
  31 2011-06-20 00:04:42 <KuDeTa> i think community guidelines would be a good place
  32 2011-06-20 00:04:47 theorbtwo has quit (Ping timeout: 240 seconds)
  33 2011-06-20 00:04:47 <phantomcircuit> lfm, the shit that's going wrong right now is like, amateur hour
  34 2011-06-20 00:04:54 theorb is now known as theorbtwo
  35 2011-06-20 00:05:16 <lfm> phantomcircuit: oh? you know how they got the account file outa mtgox?
  36 2011-06-20 00:05:31 <ThomasV> lfm: I see nothing there about that
  37 2011-06-20 00:05:46 <KuDeTa> if the community asks for a minimum level and agree it amongst itself, it would be hard for the exchanges not to follow
  38 2011-06-20 00:05:54 <lfm> ThomasV: refresh
  39 2011-06-20 00:06:12 <BTCTrader> https://rapidshare.com/#!download|359tg2|1969319443|accounts.csv|4023|R~0
  40 2011-06-20 00:06:23 StephenFalken has left ()
  41 2011-06-20 00:06:52 inktri has left ()
  42 2011-06-20 00:07:09 <lfm> BTCTrader: you want a copy? You might as well, everyone else has
  43 2011-06-20 00:07:24 unspecified has quit (Quit: Page closed)
  44 2011-06-20 00:07:26 <ThomasV> lfm: huh ?
  45 2011-06-20 00:07:29 <BTCTrader> i had a copy for 2 hours now :D
  46 2011-06-20 00:07:36 <lfm> hehe ok
  47 2011-06-20 00:07:42 <phantomcircuit> lfm, no but that csrf i found is seriously amateur hour here
  48 2011-06-20 00:07:46 <jrmithdobbs> lfm: tux is saying it's not sqli but if it's something else it's something way worse
  49 2011-06-20 00:07:52 <ThomasV> lfm: I am not talking about the hack
  50 2011-06-20 00:08:16 <lfm> ThomasV: they are the same thing
  51 2011-06-20 00:08:22 <ThomasV> lfm: no
  52 2011-06-20 00:08:29 <lfm> sigh
  53 2011-06-20 00:08:45 <ThomasV> according to mt, damages are limited to $1000
  54 2011-06-20 00:08:53 <jrmithdobbs> ;;bc,blocks
  55 2011-06-20 00:08:57 <ThomasV> $1000 is not the same thing as 400k btc
  56 2011-06-20 00:09:04 aoeui has quit (Ping timeout: 250 seconds)
  57 2011-06-20 00:09:14 <jarly> it's the same as 100k btc if they're all 1 cent
  58 2011-06-20 00:09:20 <copumpkin> they aren't though
  59 2011-06-20 00:09:25 <jarly> well, they were :)
  60 2011-06-20 00:09:27 <copumpkin> according to MagicalTux at least
  61 2011-06-20 00:09:29 Obehsh has joined
  62 2011-06-20 00:09:40 <lfm> thomas one is the facts, the other is the facts blow out of proportion
  63 2011-06-20 00:09:42 <jrmithdobbs> he better talk to his lawyers before he rolls back all that market movement
  64 2011-06-20 00:10:04 <jtaylor> is there news if there was a protection against this workaround the 1000$ limit?
  65 2011-06-20 00:10:13 GarrettB has joined
  66 2011-06-20 00:10:21 GarrettB has quit (Changing host)
  67 2011-06-20 00:10:21 GarrettB has joined
  68 2011-06-20 00:10:38 kv39 has quit (Quit: Page closed)
  69 2011-06-20 00:10:58 darnold has quit (Ping timeout: 258 seconds)
  70 2011-06-20 00:11:05 dosman711 has joined
  71 2011-06-20 00:11:15 <assassindrake> copumpkin how much was 1000 worth of bitcoins?
  72 2011-06-20 00:11:50 <copumpkin> assassindrake: MagicalTux said they only got around 100 btc out iirc
  73 2011-06-20 00:12:30 aristidesfl has quit (Max SendQ exceeded)
  74 2011-06-20 00:12:42 Obehsh has quit (Client Quit)
  75 2011-06-20 00:13:08 hahuang65 has joined
  76 2011-06-20 00:13:27 lessPlastic has joined
  77 2011-06-20 00:14:13 <ssalxs> At least one user with no reason to lie claims 1000BTC bought at 0.01 and 600 BTC transferred out. Not malicious, just lucky.
  78 2011-06-20 00:14:27 <copumpkin> ah
  79 2011-06-20 00:15:49 aristidesfl has joined
  80 2011-06-20 00:15:54 <genewitch> _;;bc,stats
  81 2011-06-20 00:16:00 BCBot has quit (Ping timeout: 244 seconds)
  82 2011-06-20 00:16:14 <genewitch> bot broken? I can't get mine to retrieve market data
  83 2011-06-20 00:16:20 <Kiba> hmm
  84 2011-06-20 00:16:22 <KuDeTa> there is no market
  85 2011-06-20 00:16:23 <Kiba> lot of angry people today
  86 2011-06-20 00:16:24 <KuDeTa> :(
  87 2011-06-20 00:16:27 <lfm> dont put the "_" in front
  88 2011-06-20 00:16:39 <Kiba> gald I am not the guy who runs a million dollars a day exchange market
  89 2011-06-20 00:17:04 dosman711 has quit (Quit: Leaving)
  90 2011-06-20 00:17:10 <briareus> there is a market
  91 2011-06-20 00:17:10 <lfm> genewitch: mtgox is down, see mtgox.com for info
  92 2011-06-20 00:17:38 <genewitch> cuddlefish mentioned that there was a cross site scripting issue
  93 2011-06-20 00:17:41 <briareus> virwox is trading, bitomat is trading, individual trading
  94 2011-06-20 00:17:59 richardus has joined
  95 2011-06-20 00:18:05 <lfm> ThomasV: well I did read the forum threads regarding that old txn too and I think they explained it to my satisfaction but obviously you have higher standards
  96 2011-06-20 00:18:08 <Kiba> hmm
  97 2011-06-20 00:18:17 <Kiba> I don't like bad people. bad people are evil and mean.
  98 2011-06-20 00:18:54 <ThomasV> Kiba: lol
  99 2011-06-20 00:19:10 <Cryo> back up
 100 2011-06-20 00:19:22 <Cryo> or at least looks like it might be coming out of a coma
 101 2011-06-20 00:19:30 <jrmithdobbs> genewitch: csrf not xss
 102 2011-06-20 00:19:37 <jrmithdobbs> genewitch: much different and much worse
 103 2011-06-20 00:20:18 Obehsh has joined
 104 2011-06-20 00:20:50 <ne0futur> virwox still going up
 105 2011-06-20 00:21:03 <sanchaz> i aint using mtgox for a while
 106 2011-06-20 00:21:28 <Kiba> I stop using mtgox when I stop trading
 107 2011-06-20 00:21:43 <Kiba> now I just hold bitcoin and build a bitcoin business
 108 2011-06-20 00:21:55 <devon_hillard> so with BTC down, what is the current going rate?
 109 2011-06-20 00:22:03 <devon_hillard> s/BTC/mtgox/ sorry
 110 2011-06-20 00:22:03 <Kiba> Mtgox down ya mean
 111 2011-06-20 00:22:14 <Xunie> Lol, BTC ain't never down1
 112 2011-06-20 00:22:24 marc0polo has quit (Ping timeout: 252 seconds)
 113 2011-06-20 00:22:26 GarrettB has quit (Read error: Connection reset by peer)
 114 2011-06-20 00:23:02 BCBot has joined
 115 2011-06-20 00:23:27 <Xunie> Man, this whole Mt.Gox situation? People need to calm down mang.
 116 2011-06-20 00:23:44 <Kiba> when ya got money in mtgox, you ARE NOT going to be calm
 117 2011-06-20 00:23:44 <D0han> devon_hillard: http://bitcoincharts.com/markets/
 118 2011-06-20 00:23:56 <devon_hillard> Xunie, haha, no, they need to panic :p
 119 2011-06-20 00:24:31 <Xunie> Man, this scenario was inevitable!
 120 2011-06-20 00:24:54 apsoa has joined
 121 2011-06-20 00:25:09 <sanchaz> yeah but i fail to see how that makes it all better this should never have happened
 122 2011-06-20 00:25:10 bulletbill has joined
 123 2011-06-20 00:25:36 <D0han> so bitomat.pl is now biggest BTC market
 124 2011-06-20 00:25:36 RobboNZ has quit (Ping timeout: 246 seconds)
 125 2011-06-20 00:25:40 <D0han> lulz
 126 2011-06-20 00:25:50 <Kiba> that's because the original owner sucks at security and the current owner didn't make security a bigger prority
 127 2011-06-20 00:26:14 <Xunie> *.pl, I laughed.
 128 2011-06-20 00:26:19 <Kiba> that's "hobby" level site for ya
 129 2011-06-20 00:26:35 doofus2 has joined
 130 2011-06-20 00:27:11 m00p has quit (Ping timeout: 260 seconds)
 131 2011-06-20 00:27:27 <Kiba> my site sucks too but it was not important and doesn't have money stored on it
 132 2011-06-20 00:27:31 <D0han> bitomat dont have fees ;>
 133 2011-06-20 00:27:46 <Kiba> and I should be securing it anyway though
 134 2011-06-20 00:27:49 <Xunie> D0han, really?! My god, I don't have any bitcoins now! DAMN IT Mt.Gox! I need mah money!
 135 2011-06-20 00:28:11 <D0han> ..it never had
 136 2011-06-20 00:28:36 musp3r_ has quit (Ping timeout: 258 seconds)
 137 2011-06-20 00:29:32 <Kiba> anyway
 138 2011-06-20 00:29:56 <Kiba> http://bitcoinweekly.com will have a dedicated comic section
 139 2011-06-20 00:30:04 <Wuked> bc,prob
 140 2011-06-20 00:30:09 <Wuked> ;;bc,probd
 141 2011-06-20 00:30:10 <genewitch> bot's down
 142 2011-06-20 00:30:13 <Wuked> ah
 143 2011-06-20 00:30:13 <Wuked> :D
 144 2011-06-20 00:31:04 gim has quit (Quit: Leaving)
 145 2011-06-20 00:31:11 <KuDeTa> thats just rubbing salts into the wound
 146 2011-06-20 00:31:17 <genewitch> world's coming to an end because of a centralized trading hub
 147 2011-06-20 00:31:21 <jarly> lolololo "salts"
 148 2011-06-20 00:31:23 <KuDeTa> :)
 149 2011-06-20 00:31:29 <Xunie> genewitch, pretty much...
 150 2011-06-20 00:31:44 <genewitch> Xunie: want to buy 1 BTC? i want a steam game :-D
 151 2011-06-20 00:31:56 <genewitch> anyhow i am off to change every password
 152 2011-06-20 00:31:59 <Xunie> genewitch, can't.
 153 2011-06-20 00:32:05 <ericmock> bitpizza.com still up?
 154 2011-06-20 00:32:07 <genewitch> makemeapassword.com seems like a useful strategy
 155 2011-06-20 00:32:16 <KuDeTa> get your favourite book
 156 2011-06-20 00:32:19 <KuDeTa> random page
 157 2011-06-20 00:32:24 <KuDeTa> first letter of every line
 158 2011-06-20 00:32:45 knightrage has joined
 159 2011-06-20 00:32:52 jrabbit has joined
 160 2011-06-20 00:33:06 <jrabbit> Dear god google scared me saying my account was suspicious
 161 2011-06-20 00:33:08 <jarly> genewith: that's pretty cool
 162 2011-06-20 00:33:17 Rolz73 has quit (Quit: AndroIRC)
 163 2011-06-20 00:33:19 <jrabbit> Atleast I only had to change my password
 164 2011-06-20 00:33:23 erek has joined
 165 2011-06-20 00:33:24 <lfm> KuDeTa: the last letter of the lines might be better, then you could get some puncuation maybe
 166 2011-06-20 00:33:32 <Xunie> jrabbit, me too mang!
 167 2011-06-20 00:33:44 <MagicalTux> anyone working at google in there ?
 168 2011-06-20 00:33:47 <jrabbit> Xunie: Maybe someone attemtped to brute force it
 169 2011-06-20 00:33:53 <ericmock> there?
 170 2011-06-20 00:33:57 <ericmock> here?
 171 2011-06-20 00:33:59 <ericmock> yes
 172 2011-06-20 00:34:01 <KuDeTa> yea, i think once you get the book you'll figure it out from there :)
 173 2011-06-20 00:34:08 <jrabbit> Xunie: or tried basic passwords on all of the accounts.
 174 2011-06-20 00:34:15 <Xunie> jrabbit, bruteforce with google? No. Most likely a bitcoin fan @ google said "Hey, Mt.Gox got hacked, let's force these users to change their passwords!"
 175 2011-06-20 00:34:21 <jarly> MagicalTux: TD is a google employee, i talked to him about the passwords
 176 2011-06-20 00:34:29 <Xunie> ^ See?! :P
 177 2011-06-20 00:34:35 <jrabbit> Xunie: Oddly google didn't say what trigged it, the gmail log was clean
 178 2011-06-20 00:34:44 <jarly> it wouldn't, td said
 179 2011-06-20 00:34:44 <jrabbit> Xunie: I coudlnt' change my pw on the phone!
 180 2011-06-20 00:34:50 <jrabbit> it just locked me out :(
 181 2011-06-20 00:35:00 <jrabbit> man android sucks
 182 2011-06-20 00:35:05 <jarly> jrabbit: was your password salted?
 183 2011-06-20 00:35:07 <MagicalTux> TD is not here anymore
 184 2011-06-20 00:35:11 <jrabbit> also fuck that guy who emailed me
 185 2011-06-20 00:35:12 <sanchaz> jrabbit: i got that too
 186 2011-06-20 00:35:13 <jrabbit> spammy whore
 187 2011-06-20 00:35:35 <Xunie> jrabbit, thank *GOD* I am sane enough to use different passwords for everything.
 188 2011-06-20 00:35:38 nevezen has joined
 189 2011-06-20 00:35:41 <Xunie> DIY password solution with GPG FTW!
 190 2011-06-20 00:35:50 <Xunie> (inb4 harddrive crash btw.)
 191 2011-06-20 00:36:10 <jrabbit> Xunie: I'm not happy to hear Md5 in relatino to my security
 192 2011-06-20 00:36:10 <Kiba> the world needs to switch to public key cryptography
 193 2011-06-20 00:36:13 <jrabbit> whats pissing me off is
 194 2011-06-20 00:36:14 <lfm> Xunie: that sounds like a good way to go
 195 2011-06-20 00:36:15 commonlisp has joined
 196 2011-06-20 00:36:19 <ius> Xunie: TD works at abuse @ Google even, he swiftly locked/whatnot all accounts
 197 2011-06-20 00:36:23 <jrabbit> I don't have the password I used written down for mtgox
 198 2011-06-20 00:36:30 <Xunie> jrabbit, yeah, SHA256-HMAC ftw.
 199 2011-06-20 00:36:30 <jrabbit> I don't know which I used
 200 2011-06-20 00:36:40 <jrabbit> is the salt stuff out there?
 201 2011-06-20 00:36:45 <Xunie> jrabbit, brute force it! xD
 202 2011-06-20 00:36:56 <genewitch> Xunie: i was thinking of putting a private key on a thumb drive and using that to unlock an encrypted document with all my passwords
 203 2011-06-20 00:37:19 <jrabbit> so I could check which of my passwords it was
 204 2011-06-20 00:37:23 <genewitch> but there is software that does something similar, you have to remember 1 password and it stores the rest
 205 2011-06-20 00:37:29 <Xunie> genewitch, I will defiantly do that, however if the drive gets stolen... D:
 206 2011-06-20 00:37:31 <jrabbit> genewitch: most "password solutiuon" apps do that
 207 2011-06-20 00:37:33 <BTCTrader> genewitch: google openpgp card
 208 2011-06-20 00:37:38 <jrmithdobbs> genewitch: i keep the key on my laptop in an encrypted disk image (using passphrase) that gets backed up
 209 2011-06-20 00:37:39 <jrabbit> or can
 210 2011-06-20 00:37:45 <lfm> genewitch: you'd want some backups, thumbdrives fail and get lost
 211 2011-06-20 00:37:46 <genewitch> Xunie: i have cloud servers i can use to back up the private key
 212 2011-06-20 00:37:47 <pettr1> this is my truecrypt encryption: http://dl.dropbox.com/u/12590040/nimet%C3%B6n.jpg no idea if it's good :D
 213 2011-06-20 00:37:48 <jrabbit> jrmithdobbs: rubber hose.
 214 2011-06-20 00:37:50 <random_cat> genewitch: that works pretty well
 215 2011-06-20 00:37:50 <sanchaz> keepass
 216 2011-06-20 00:38:07 <Xunie> genewitch, and have your key in the cloud? Oh man, don't get me started on that!
 217 2011-06-20 00:38:15 <jrabbit> ... lol
 218 2011-06-20 00:38:28 <genewitch> Xunie: hey i'm a cloud admin, you don't get ME started on that
 219 2011-06-20 00:38:35 <random_cat> haha.. yeah.. don't put the private key on the cloud
 220 2011-06-20 00:38:38 * genewitch points at my hostname
 221 2011-06-20 00:38:38 <jrabbit> wheres the leaked info?
 222 2011-06-20 00:38:45 <lfm> genewitch: ya, if its on the cloud you need to encrypt THAT with another key
 223 2011-06-20 00:38:51 <random_cat> put the private key close to you
 224 2011-06-20 00:38:55 <genewitch> lfm it is encrypted
 225 2011-06-20 00:38:56 xert has quit (Read error: Connection reset by peer)
 226 2011-06-20 00:38:57 <jrmithdobbs> jrabbit: why?
 227 2011-06-20 00:39:14 <lfm> genewitch: ya but who has those keys?
 228 2011-06-20 00:39:15 <jrmithdobbs> jrabbit: it's a 30char+ passphrase on both the disk image and the key?!
 229 2011-06-20 00:39:27 kreal- has quit (Ping timeout: 240 seconds)
 230 2011-06-20 00:40:19 <jrabbit> jrmithdobbs: they'll just beat you with a rubber hose :P
 231 2011-06-20 00:40:25 <jrabbit> jrmithdobbs: or your loved ones
 232 2011-06-20 00:40:36 <jrmithdobbs> jrabbit: who's they
 233 2011-06-20 00:40:49 <jrabbit> Whoever you're hiding stuff from
 234 2011-06-20 00:40:58 <lfm> they is who wants to own all your bases
 235 2011-06-20 00:41:02 <ius> Rubber hose cryptanalysis \p/
 236 2011-06-20 00:41:10 <jrmithdobbs> it's just my auth data / signing stuff and some financial info tbqh
 237 2011-06-20 00:41:19 <jrabbit> Is the salt out yet?
 238 2011-06-20 00:41:29 <jrabbit> I need to verify which pw I used
 239 2011-06-20 00:41:35 <lfm> jrabbit: what salt do you mean?
 240 2011-06-20 00:41:38 <jrmithdobbs> jrabbit: nobody wants it anyways ;p
 241 2011-06-20 00:41:38 <jrabbit> so I can check my important accounts
 242 2011-06-20 00:41:39 xert has joined
 243 2011-06-20 00:41:45 <jrabbit> lfm: the passwords are salted
 244 2011-06-20 00:41:53 <gmaxwell> jrabbit is just demonstrating that they don't understand salted passwords.
 245 2011-06-20 00:41:59 <jrmithdobbs> lol
 246 2011-06-20 00:42:02 <jrabbit> you do an operation of the passcode + salt then do the hash
 247 2011-06-20 00:42:16 <gmaxwell> jrabbit: yes, and the salt is stored with the password.
 248 2011-06-20 00:42:17 <jrabbit> md5(funct(pass,salt)) in this case
 249 2011-06-20 00:42:22 <jrabbit> gmaxwell: no I know
 250 2011-06-20 00:42:24 <ius> jrabbit: unix crypt(md5), per-password salt
 251 2011-06-20 00:42:26 <jrabbit> gmaxwell: wait
 252 2011-06-20 00:42:38 <jrabbit> ius: oh.
 253 2011-06-20 00:42:42 commonlisp has quit (Quit: This computer has gone to sleep)
 254 2011-06-20 00:42:43 <jrmithdobbs> jrabbit: um, the salt just gets prepended to the password before the function
 255 2011-06-20 00:42:49 <jrmithdobbs> s/function/hash function/
 256 2011-06-20 00:42:55 <genewitch> https://lastpass.com
 257 2011-06-20 00:42:55 <jrabbit> jrmithdobbs: ... duh?
 258 2011-06-20 00:43:10 <jrabbit> its psuedo-code don't get your panties in a bunch
 259 2011-06-20 00:43:13 <jrmithdobbs> so the 'is the salt out yet?' is a stupid question?
 260 2011-06-20 00:43:14 quiznor has joined
 261 2011-06-20 00:43:17 <jrabbit> I jsut want to verify which pw I used >_<
 262 2011-06-20 00:43:17 <quiznor> crazy shit goin down
 263 2011-06-20 00:43:24 <gmaxwell> jrabbit: then verify it
 264 2011-06-20 00:43:25 <jrabbit> jrmithdobbs: I didn't know how dumb the security was
 265 2011-06-20 00:43:35 <gmaxwell> jrabbit: thats how it works _everywhere_
 266 2011-06-20 00:43:35 <lfm> and those salt are right there for you to see. and its not dumb
 267 2011-06-20 00:43:43 <jrabbit> lfm: ah
 268 2011-06-20 00:44:04 <alystair> lmao who's the asshat whom tried to get into my gmail account :D
 269 2011-06-20 00:44:18 <alystair> I use different passwords everywhere, good luck with that.
 270 2011-06-20 00:44:22 <gmaxwell> alystair: no one, all gmail accounts listed in the file were locked down because google rocks.
 271 2011-06-20 00:44:29 <ericmock> can't salt be prepended, appended, sprinkled throughout, etc?
 272 2011-06-20 00:44:35 <jrabbit> alystair: I generally do but I have some "untrusted" passwords I share
 273 2011-06-20 00:44:41 <gmaxwell> ericmock: it doesn't matter.
 274 2011-06-20 00:44:43 <cut> http://oi53.tinypic.com/2mhzq6u.jpg
 275 2011-06-20 00:44:46 <quiznor> alystair: google locked all the accounts down after they discovered the breach
 276 2011-06-20 00:44:48 <alystair> they forced me to change my account password even tho' it was different.
 277 2011-06-20 00:44:55 * alystair shrugs
 278 2011-06-20 00:44:56 <jrabbit> cut: ^5
 279 2011-06-20 00:44:58 <lfm> ericmock: it could but it doesnt really matter
 280 2011-06-20 00:45:05 <ericmock> gmaxwell: from a security perspective, yea, I get that
 281 2011-06-20 00:45:15 <alystair> TD left the room tho' eh?
 282 2011-06-20 00:45:24 <gmaxwell> alystair: they couldn't tell if it was different without cracking the mtgox passwords. :)
 283 2011-06-20 00:45:24 datguy has quit (Quit: datguy)
 284 2011-06-20 00:45:34 <ericmock> but if you just wanted to quickly MD5 a few p-words you might have used to see which one it was in the mtgox db
 285 2011-06-20 00:45:52 <quiznor> mining hashrates went down as miners switched their GPUs to password cracking
 286 2011-06-20 00:46:05 <lfm> quiznor: lol
 287 2011-06-20 00:46:11 <quiznor> the world's largest supercomputer is picking apart the 60,000 or so passwords in that list as we speak
 288 2011-06-20 00:46:17 <gmaxwell> ericmock: perl -le 'print crypt("$yourpass", "$salt")
 289 2011-06-20 00:46:19 <quiznor> (largest supercomputer = bitcoin hash network)
 290 2011-06-20 00:46:31 <gmaxwell> where $salt is the part before the second $
 291 2011-06-20 00:46:39 McMini has quit ()
 292 2011-06-20 00:46:50 bk128_ has joined
 293 2011-06-20 00:46:51 <ericmock> ah, okay, then it was overly simple
 294 2011-06-20 00:47:08 <bk128_> did other people on gox get the email promoting tradehill?  Guess they got the email database
 295 2011-06-20 00:47:11 <ericmock> I mean, sheesh, be a little clever with the salt at least
 296 2011-06-20 00:47:14 <gmaxwell> ericmock: er sorry. Third $. And escape the $ with \
 297 2011-06-20 00:47:31 <gmaxwell> ericmock: er? huh?
 298 2011-06-20 00:47:33 <lfm> ericmock: ya, if your password in in a dictionary or too short then you could have lost it all
 299 2011-06-20 00:47:34 <quiznor> yeah the gov now has the email address of every bitcoin user.. they will be stepping up surveillance of those accounts looking for suspicious keywords etc
 300 2011-06-20 00:47:51 <gmaxwell> ericmock: this is the standard way that salted hashed passwords are stored.
 301 2011-06-20 00:48:02 <ericmock> gmaxwell: yea 'standard' is the problem
 302 2011-06-20 00:48:14 <gmaxwell> ericmock: well what would you expect?
 303 2011-06-20 00:48:16 <ericmock> that's why I said it would have been good to be clever
 304 2011-06-20 00:48:21 <lfm> ericmock: standard means it is well tested for weaknesses
 305 2011-06-20 00:48:50 <ericmock> and I'm not talking about me...  just sticking up for the guy asking above.
 306 2011-06-20 00:48:55 intlkleinblue has joined
 307 2011-06-20 00:49:19 <lfm> ericmock: odds are anyone who comes up with something "clever" will miss some weaknees that makes it worse than the standard
 308 2011-06-20 00:49:25 <quiznor> looks like a good chunk of the bitcoins in circulation are stolen goods.. interesting
 309 2011-06-20 00:49:29 <gmaxwell> ericmock: There really isn't any point to being "clever".
 310 2011-06-20 00:49:47 aristidesfl has quit (Ping timeout: 240 seconds)
 311 2011-06-20 00:49:51 <gmaxwell> quiznor: huh? AFAIK none of the big wad of coins stolen today left the exchange.
 312 2011-06-20 00:50:07 <ericmock> well, I'm just saying if you're storing the salt with the password and the cracker knows how the salt is used...
 313 2011-06-20 00:50:11 <quiznor> lol gmaxwell.. what about allinvain? what about the reports of gox accounts being hacked for the past week? you think hackers were just in there today?
 314 2011-06-20 00:50:16 <jrabbit> gmaxwell: the perl crypt() is limited in length...
 315 2011-06-20 00:50:21 Technomage is now known as Guest16052
 316 2011-06-20 00:50:35 <ius> ericmock: if you're writing crypto code yourself you're doing it wrong, a wise man once said
 317 2011-06-20 00:50:36 <quiznor> there were major thefts months ago as well
 318 2011-06-20 00:50:37 <ericmock> lfm: and I'm not talking about re-inventing the wheel here...
 319 2011-06-20 00:50:42 <gmaxwell> ericmock: if you don't know the salt you can't check the password.
 320 2011-06-20 00:50:53 apsoa has quit (Quit: Leaving.)
 321 2011-06-20 00:50:54 <lfm> quiznor: those are prolly gonna be reversed back to them
 322 2011-06-20 00:50:55 <quiznor> if you count up all the reported thefts, it probably comes out to around 1.5 mil btc at this point
 323 2011-06-20 00:51:06 <ericmock> but the salt is in with the hashed password, no?
 324 2011-06-20 00:51:11 <jrabbit> ericmock: it is
 325 2011-06-20 00:51:21 asynkritus has joined
 326 2011-06-20 00:51:27 <copumpkin> I think it's pretty impressive that roconnor implemented a reasonably functional bitcoin implementation from scratch (including ECDSA and hashing implementations) in so little time
 327 2011-06-20 00:51:33 <jrabbit> http://forum.bitcoin.org/index.php?topic=19566.msg245054#msg245054 suoposedly?
 328 2011-06-20 00:51:36 <gmaxwell> quiznor: no.. it comes up to about 26k at most.
 329 2011-06-20 00:51:39 <lfm> ericmock: and you are just saying stuff that has no relevance to real security
 330 2011-06-20 00:51:41 <ericmock> so, then it's essentially just helping in one way
 331 2011-06-20 00:51:43 <KuDeTa> the charcs between $1$SALT$HASH
 332 2011-06-20 00:51:45 <luke-jr> copumpkin: who?
 333 2011-06-20 00:51:50 <phantomcircuit> copumpkin, it is very impressive actually
 334 2011-06-20 00:51:50 <roconnor> :)
 335 2011-06-20 00:51:54 <ericmock> lfm: 'real' security?
 336 2011-06-20 00:52:04 <copumpkin> luke-jr: the guy who just smiled
 337 2011-06-20 00:52:12 <ius> copumpkin: in a functional language evil? black magic, i tell you! ;)
 338 2011-06-20 00:52:18 <copumpkin> indeed!
 339 2011-06-20 00:52:19 Gaming4JC has quit (Quit: Are you a good person? http://needgod.com)
 340 2011-06-20 00:52:20 caedes has joined
 341 2011-06-20 00:52:20 caedes has quit (Changing host)
 342 2011-06-20 00:52:20 caedes has joined
 343 2011-06-20 00:52:23 <copumpkin> the horror
 344 2011-06-20 00:52:25 <quiznor> gmaxwell: lol you haven't been reading the reports then
 345 2011-06-20 00:52:28 <ericmock> you store the salt in plain text and use a known algorithm to hash it...  that's slightly better than no salt
 346 2011-06-20 00:52:35 caedes is now known as _caedes
 347 2011-06-20 00:52:41 <lfm> ericmock: knowing the salt does not help you find the password and it does slow down the so called rainbow table attacks and such
 348 2011-06-20 00:52:42 <roconnor> bitcoin isn't that complicated ... granted it was more complicated than I thought when I started ^_^
 349 2011-06-20 00:52:45 _caedes is now known as caedes
 350 2011-06-20 00:52:50 <gmaxwell> quiznor: You know that the mtgox activity doay is being reversed, right?
 351 2011-06-20 00:52:53 <ius> ericmock: http://en.wikipedia.org/wiki/Kerckhoffs%27s_Principle
 352 2011-06-20 00:52:56 <ius> Go read it, then return
 353 2011-06-20 00:52:56 <quiznor> you should assume most of the gox accounts were hacked (for how long we have no idea really, but it was more than a few weeks)
 354 2011-06-20 00:52:57 <roconnor> and the real bitcoin client does way way more than what I have.
 355 2011-06-20 00:53:00 <phantomcircuit> ericmock, actually it's a lot better than no salt
 356 2011-06-20 00:53:01 <ericmock> lfm: yea, that's why I said 'slightly'
 357 2011-06-20 00:53:04 <quiznor> gmaxwell: so what? gox has been comrpomised for much longer than that
 358 2011-06-20 00:53:14 <gmaxwell> quiznor: and the prior claims about 260k and 400k being stolen were just speculation and those accounts were just mtgox's normal business, right.
 359 2011-06-20 00:53:17 <ericmock> it just slows things down some...
 360 2011-06-20 00:53:42 <phantomcircuit> ericmock, for md5 it's orders of magnitude since there are publicaly available extensive rainbow tables
 361 2011-06-20 00:53:46 <lfm> ericmock: fine, you can use "eric's wonderfull password encryption" and sensible people will stick to the standards
 362 2011-06-20 00:53:49 <quiznor> gmaxwell: gox hasn't said one way or the other
 363 2011-06-20 00:53:49 lessPlastic has quit (Quit: lessPlastic)
 364 2011-06-20 00:54:01 Hal____ has joined
 365 2011-06-20 00:54:06 <gmaxwell> quiznor: Hasn't said what?
 366 2011-06-20 00:54:15 theymos has joined
 367 2011-06-20 00:54:19 theymos has left ()
 368 2011-06-20 00:54:24 <ericmock> lfm: wtf?  I'm not talking about reinvent cryptography here
 369 2011-06-20 00:54:28 <quiznor> he didn't say if those were authorized transfers or not
 370 2011-06-20 00:54:32 Raccoon is now known as ifyouwantmeinsid
 371 2011-06-20 00:54:36 ifyouwantmeinsid is now known as Raccoon
 372 2011-06-20 00:54:43 <gmaxwell> quiznor: yes he did, a aweek or so ago.
 373 2011-06-20 00:54:44 <quiznor> http://forum.bitcoin.org/index.php?topic=18050.0 <-- tons of ppl reporting their gox account hacked into, before the latest meltdown
 374 2011-06-20 00:54:54 elly has joined
 375 2011-06-20 00:54:58 <gmaxwell> quiznor: yes, thats probably legit. but go add up the reports.
 376 2011-06-20 00:55:02 <gmaxwell> quiznor: its not much in total.
 377 2011-06-20 00:55:20 <lfm> ericmock: well you are questioning what most accept so it sounds like you want to reinvent something
 378 2011-06-20 00:55:30 <jrmithdobbs> http://oi53.tinypic.com/2mhzq6u.jpg
 379 2011-06-20 00:55:31 <jrmithdobbs> rofl
 380 2011-06-20 00:55:34 <gmaxwell> ericmock: what exactly are you proposing?
 381 2011-06-20 00:55:45 <quiznor> gmaxwell: mtgox's statements arent credible. for instance, on their home page now they say "Apart from this no account was compromised, and nothing was lost."
 382 2011-06-20 00:55:47 Tim-7967 has quit (Ping timeout: 244 seconds)
 383 2011-06-20 00:55:54 <quiznor> which is a steaming pile of bs heh
 384 2011-06-20 00:55:56 <ericmock> why do you /need/ to use crypt()?  and not go back to whatever crypt uses to hash?
 385 2011-06-20 00:56:08 <quiznor> "Apart from this no account was compromised, and nothing was lost."  and then in the next paragraph, btw the whole database was leaked!
 386 2011-06-20 00:56:17 <gmaxwell> ericmock: because people who do that get compromised, because they end up using raw md5.
 387 2011-06-20 00:56:33 <ericmock> well, not using crypt does /not/ mean using raw md5
 388 2011-06-20 00:56:40 <copumpkin> use pbkdf2
 389 2011-06-20 00:56:48 bk128_ has quit (Quit: bk128_)
 390 2011-06-20 00:56:51 <jrmithdobbs> ericmock: because they don't understand the unix md5 password hashing algorithm
 391 2011-06-20 00:56:53 theymos has joined
 392 2011-06-20 00:57:12 aristidesfl has joined
 393 2011-06-20 00:57:13 <gmaxwell> ericmock: so, What exactly are you proposing which would have been better?
 394 2011-06-20 00:57:14 <ericmock> being 'clever' does not mean reinventing the wheel...
 395 2011-06-20 00:57:15 <quiznor> pbkdf2 is nice
 396 2011-06-20 00:57:22 netsky has quit (Read error: Connection reset by peer)
 397 2011-06-20 00:57:24 <lfm> ericmock: well, crypt has had years of analysis and no attacks are really much better than brute force
 398 2011-06-20 00:58:04 <gmaxwell> quiznor: the wallet encryption uses pbkdf2 and yet is vulnerable to precomputation/rainbow table attacks.
 399 2011-06-20 00:58:09 hallowworld has joined
 400 2011-06-20 00:58:33 a_meteorite has quit (Quit: a_meteorite)
 401 2011-06-20 00:58:52 * ericmock proposes rot58!!!
 402 2011-06-20 00:59:20 <quiznor> gmaxwell: dude you have to use a sufficient hash and enough iterations
 403 2011-06-20 00:59:22 <JFK911> why rot58?  rot52 would be much more secure
 404 2011-06-20 00:59:26 <quiznor> salt rather
 405 2011-06-20 00:59:35 <gmaxwell> quiznor: yep.
 406 2011-06-20 00:59:40 <lfm> ericmock: in cryptography, being clever is generally regarded as counter productive
 407 2011-06-20 00:59:57 <gmaxwell> quiznor: I'm sure matt thought he was being uber secure with this:
 408 2011-06-20 01:00:03 <gmaxwell> +    int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), (unsigned char *)"bitcoin is fun! and I prefer much longer salts, though I don't think they offer any real advantage",
 409 2011-06-20 01:00:07 <gmaxwell> +                           (unsigned char *)&vchKeyData[0], vchKeyData.size(), 1000, chKey, chNotIV);
 410 2011-06-20 01:00:07 <copumpkin> depends what kind of clever
 411 2011-06-20 01:00:37 <lfm> copumpkin: amateure clever
 412 2011-06-20 01:00:52 * copumpkin is only professionally clever
 413 2011-06-20 01:00:55 <copumpkin> phew
 414 2011-06-20 01:01:14 <quiznor> well.. a static salt isn't really a salt heh
 415 2011-06-20 01:01:15 <ericmock> look, just take salt, mix it with some (1-1) algorithm of your choosing, use that as that with crypt
 416 2011-06-20 01:01:33 <ericmock> s/that/input
 417 2011-06-20 01:02:06 <s13013> why
 418 2011-06-20 01:02:13 aoeui has joined
 419 2011-06-20 01:02:23 <gmaxwell> ericmock: if the person can get the password file he can usually get the code for your "(1-1) algorithm of your choosing". And chances are you screwed up and managed to break the salt entirely, because people make mistakes.
 420 2011-06-20 01:02:52 <ericmock> well, that's another step to cracking it isn't it?
 421 2011-06-20 01:03:00 <quiznor> http://pastebin.com/hN7PxRhc
 422 2011-06-20 01:03:02 <ericmock> and like five lines of code...
 423 2011-06-20 01:03:14 <gmaxwell> ericmock: like five lines of code for the cracker too.
 424 2011-06-20 01:03:14 MenderV has quit (Ping timeout: 250 seconds)
 425 2011-06-20 01:03:28 <gmaxwell> Who probably knows a lot more about password security than the site operator.
 426 2011-06-20 01:03:38 lessPlastic has joined
 427 2011-06-20 01:03:56 <ericmock> well, it's a little hard to reverse how you're mixing the salt with the original password, no?
 428 2011-06-20 01:03:57 <lfm> ericmock: it doesnt really slow anything down and it might acually speed up cracking efforts if you made any of the mistakes which have been researched for regular salts for many years
 429 2011-06-20 01:04:02 <gmaxwell> quiznor: kinda crappy, it would have been just as good with the hashes stripped.
 430 2011-06-20 01:04:15 <Zeiris_> Security by obscurity only works when the attackers have a short attention span before they give up. Like if you're protecting a little-used program of little value.
 431 2011-06-20 01:04:20 markio has joined
 432 2011-06-20 01:04:24 xert has quit (Read error: Connection reset by peer)
 433 2011-06-20 01:04:24 <Zeiris_> The moment you involve money, people will figure it out.
 434 2011-06-20 01:04:26 kika_ has joined
 435 2011-06-20 01:04:32 <gmaxwell> ericmock: the site has to be able to decode it for it to be useful. If the site can decode it the attacker can too.
 436 2011-06-20 01:04:32 <dD0T> gmaxwell: Hm. Skimmed the paper. Can't say I'm now any wiser about scrypt then I was before. Seems like it is very young and not exactly widespread. Also I lack the math to know whether it is safe to assume all those rounds can not simply be collapsed like for some of the other hashes out there. Is this hash worth using?
 437 2011-06-20 01:04:47 kgo has quit (Read error: Connection reset by peer)
 438 2011-06-20 01:04:48 <ericmock> you can be obscure and use well-tested methods too
 439 2011-06-20 01:04:57 <kika_> on which IRC channel is MagicalTux mtgox owner?
 440 2011-06-20 01:05:10 <Optimo> should we go to #bitcoin-exchange ?
 441 2011-06-20 01:05:12 <ericmock> gmaxwell: that would mean the hacker got the php (presumably) code with the db
 442 2011-06-20 01:05:13 <gmaxwell> dD0T: Thats the whole point of it. And its based on a proof that it can't be collapsed (given varrious assumptions) as well as a well tested hash function.
 443 2011-06-20 01:05:14 kgo has joined
 444 2011-06-20 01:05:27 <briareus> http://onlyonetv.com/ #bitcoin-onlyonetv  (interview in 2 hours with mtgox guys and tradehill guys)
 445 2011-06-20 01:05:47 <Optimo> #bitcoin-security ;p
 446 2011-06-20 01:05:47 <gmaxwell> ericmock: And why couldn't he? moreover, if you were able to keep your code secure do the same with the hashed passwords.
 447 2011-06-20 01:05:48 <quiznor> gmaxwell: yes it would be better without disclosing the hashes
 448 2011-06-20 01:05:53 <lfm> about the only resonable proposal I have heard is to replace md5 with sha-2 hash
 449 2011-06-20 01:06:02 <quiznor> i dunno why they posted that
 450 2011-06-20 01:06:08 <gmaxwell> lfm: that wouldn't matter much.
 451 2011-06-20 01:06:10 OtaconEmmerich has joined
 452 2011-06-20 01:06:13 <ericmock> can sql injection get you access to the entire server?
 453 2011-06-20 01:06:14 <eianpsego> there is a scrypt paper?
 454 2011-06-20 01:06:21 <quiznor> ericmock: yes potentially
 455 2011-06-20 01:06:38 <gmaxwell> Scrypt paper: http://www.tarsnap.com/scrypt/scrypt.pdf
 456 2011-06-20 01:06:43 <eianpsego> gmaxwell, thanks
 457 2011-06-20 01:06:45 <ericmock> sure...  it could also potentially cause the server to explode...
 458 2011-06-20 01:06:58 hachque has joined
 459 2011-06-20 01:07:00 <dude65535> One way to make password hashes more secures is to hash the password many many times instead of just once.
 460 2011-06-20 01:07:03 xert has joined
 461 2011-06-20 01:07:06 <quiznor> exploding servers?
 462 2011-06-20 01:07:08 <jrmithdobbs> ericmock: considering that if there's sqli your sql server is probably a) on the same host and b) not configured properly
 463 2011-06-20 01:07:16 <lfm> gmaxwell: ya I know since the breaches have been afaik all from too simple passwords
 464 2011-06-20 01:07:22 <copumpkin> dude65535: that's what that pbkdf2 does
 465 2011-06-20 01:07:25 <copumpkin> among other things
 466 2011-06-20 01:07:29 <kika_> dude65535: why just not use sha512 to hash the password? that would be secure i think!
 467 2011-06-20 01:07:35 <gmaxwell> copumpkin: thats what the system in use does too.
 468 2011-06-20 01:07:48 <copumpkin> kika_: no
 469 2011-06-20 01:07:51 <copumpkin> that's not how it works
 470 2011-06-20 01:07:52 <gmaxwell> copumpkin: the system used for most of those passwords was 1000x MD5.
 471 2011-06-20 01:08:02 <copumpkin> gmaxwell: ah, okay
 472 2011-06-20 01:08:02 <kika_> copumpkin: why it woulndt be secure?
 473 2011-06-20 01:08:03 <jrmithdobbs> lfm: no, they haven't
 474 2011-06-20 01:08:05 Tim-7967 has joined
 475 2011-06-20 01:08:14 <jrmithdobbs> lfm: there is at least one previously known sqli in mtgox
 476 2011-06-20 01:08:14 <copumpkin> kika_: you're kind of scaling it along the wrong axis :P
 477 2011-06-20 01:08:14 <ericmock> wow, you guys are just assuming everything is broken now
 478 2011-06-20 01:08:21 <quiznor> there are lots of ways
 479 2011-06-20 01:08:26 <gmaxwell> sha2-256 would have been just as broken.
 480 2011-06-20 01:08:30 <copumpkin> yeah
 481 2011-06-20 01:08:31 <lfm> the fact is the crypt() is not the problem, the problem is passwords which are too simple
 482 2011-06-20 01:08:34 <gmaxwell> (actually far more broken if they didn't run it many times)
 483 2011-06-20 01:08:36 <ericmock> and I suppose you can assume he left the root password as alpine as was running on a jailbroken iphone
 484 2011-06-20 01:08:42 <quiznor> you could have mysql import one of the include files into a table and then you have the database password
 485 2011-06-20 01:08:43 <jrmithdobbs> lfm: and two csrfs that tux claims "weren't used" but considering a properly taken-advantage-of csrf isn't really tracable that claim is a fuckin joke
 486 2011-06-20 01:08:52 <Cryo> heh, alpine ftw
 487 2011-06-20 01:09:00 <jrmithdobbs> lfm: at the *least*
 488 2011-06-20 01:09:08 <kika_> copumpkin: if you want to protect a password just sha512 it i think
 489 2011-06-20 01:09:16 <copumpkin> kika_: no!
 490 2011-06-20 01:09:23 <kika_> copumpkin: why not'
 491 2011-06-20 01:09:23 <copumpkin> that is no better than md5 :P
 492 2011-06-20 01:09:23 aristidesfl has quit (Quit: Leaving.)
 493 2011-06-20 01:09:23 <jrmithdobbs> lfm: those are the ones i know of, and considering tux discloses nothing and responds to nothing who knows how many more issues have been corrected
 494 2011-06-20 01:09:28 <gmaxwell> kika_: that would be less secure than the system mtgox used!
 495 2011-06-20 01:09:39 <kika_> gmaxwell: why?
 496 2011-06-20 01:09:42 <copumpkin> kika_: well, think about how an attacker attacks this stuff
 497 2011-06-20 01:09:46 <gmaxwell> 1000x md5 is much slower to execute than 1000x sha-512.
 498 2011-06-20 01:09:47 kish_ is now known as kish
 499 2011-06-20 01:09:50 <gmaxwell> er than 1x sha-512
 500 2011-06-20 01:09:51 <dD0T> kika_: It's not about the hash itself but the "stretching" of the underlying passwords entropy. The hash is important to but 1000x md5 still is more expensive than 1x sha512
 501 2011-06-20 01:09:53 <quiznor> gox is swiss cheese
 502 2011-06-20 01:09:57 <copumpkin> kika_: what properties does sha512 have that md5 does not?
 503 2011-06-20 01:10:09 StephenFalken has joined
 504 2011-06-20 01:10:13 <jlgaddis> ponies
 505 2011-06-20 01:10:14 <gmaxwell> copumpkin: or more importantly that 1000x md5 does not. :)
 506 2011-06-20 01:10:16 <jlgaddis> sha512 has ponies
 507 2011-06-20 01:10:18 <kika_> copumpkin: i see so they just bruteforce i see
 508 2011-06-20 01:10:26 <gmaxwell> kika_: yes!
 509 2011-06-20 01:10:26 Neocryptek_ has quit (Ping timeout: 252 seconds)
 510 2011-06-20 01:10:28 <dude65535> what matters is how long it takes to do the hash. The longer it takes to test one possiblities the longer it will take to brute force the password.
 511 2011-06-20 01:10:32 <copumpkin> kika_: yeah, so having a longer, more collision-resistant hash won't fix anything
 512 2011-06-20 01:10:36 <kika_> copumpkin: im talking about very long passwords
 513 2011-06-20 01:10:41 <copumpkin> you want to make bruteforcing expensive for them
 514 2011-06-20 01:10:46 <eianpsego> jlgaddis, I'm going to go with you on this one. Ponies it is.
 515 2011-06-20 01:10:48 <gmaxwell> very long passwords are secure (if they're also random)
 516 2011-06-20 01:10:53 <kika_> MD5 has collisions
 517 2011-06-20 01:10:54 <jrmithdobbs> dude65535: and properly salting so that you can't parallelize against multiple hashes
 518 2011-06-20 01:10:59 <quiznor> if they bring the site up using the same server its probably completely hacked
 519 2011-06-20 01:11:00 <copumpkin> kika_: they don't help the attacker at all here
 520 2011-06-20 01:11:06 <copumpkin> kika_: and they're not fully general collisions
 521 2011-06-20 01:11:11 <copumpkin> which it's still secure from
 522 2011-06-20 01:11:17 Nachtwind is now known as N8{afk}
 523 2011-06-20 01:11:18 <gmaxwell> kika_: the md5 collisions are special forumations not applicable here. (especially not to 1000x md5)
 524 2011-06-20 01:11:25 <kika_> so i hope the salts for the passwords be secure
 525 2011-06-20 01:11:31 <dD0T> kika_: Every hash has collisions. They don't help if you are searching the actual plaintexts
 526 2011-06-20 01:11:33 <kika_> and long and random enough
 527 2011-06-20 01:11:40 <gmaxwell> kika_: no, you're misunderstanding salt.
 528 2011-06-20 01:11:51 <lfm> quiznor: huh? no one has ever claimed the server was rooted or anything of the sort
 529 2011-06-20 01:11:51 <gmaxwell> Why is it that many people misunderstand salt this way?
 530 2011-06-20 01:12:06 <copumpkin> salt means you need to run md5 in google native client, right? ;)
 531 2011-06-20 01:12:07 <kika_> encrypted_password = md5 ( salt + password )
 532 2011-06-20 01:12:09 <gmaxwell> lfm: MagicalTux said it wasn't sql injection. Server rooted is a reasonable guess!
 533 2011-06-20 01:12:12 <quiznor> lfm: do you really expect the hackers to announce theyve rooted it?
 534 2011-06-20 01:12:26 <gmaxwell> kika_: and yes, the salt is a unique string stored with the password.
 535 2011-06-20 01:12:33 <copumpkin> kika_: I wouldn't say "encrypted"
 536 2011-06-20 01:12:35 <copumpkin> kika_: it's a one-way function
 537 2011-06-20 01:12:42 <dD0T> gmaxwell: Most ppl. don't know what salt (beyond table salt) is
 538 2011-06-20 01:12:49 <kika_> gmaxwell: wondering where mtgox was storing the salt for each password...
 539 2011-06-20 01:12:51 <amiller> pepper... i put it on my plate
 540 2011-06-20 01:12:53 <KuDeTa> NaCL
 541 2011-06-20 01:12:54 <lfm> quiznor: depends who they are. they wanted to sell the password file. they might announce other stuff of value too
 542 2011-06-20 01:13:03 <jrmithdobbs> kika_: and no, the unix md5 password algorithm is MUCH more complicated than that.
 543 2011-06-20 01:13:09 <gmaxwell> kika_: with the password, it's the text before the third $.  Just like _everyone_ else does.
 544 2011-06-20 01:13:13 <quiznor> assume the entire system has been copromised. if they don't reload the OS and start from scratch they are allowing the very likely possibility that the hackers installed a backdoor
 545 2011-06-20 01:13:17 <DaQatz> Salt is a rather old concept for hashing
 546 2011-06-20 01:13:24 <dD0T> gmaxwell: Well no need to root the box. Access at the level of the webserver would've sufficed
 547 2011-06-20 01:13:25 <jrmithdobbs> kika_: but thank you for proving gmaxwell's point about re-implementing it without crypt() being error prone due to misunderstanding
 548 2011-06-20 01:13:29 <dude65535> The salt was store with the password and was unique for each password
 549 2011-06-20 01:13:29 <DaQatz> surpised he was still suing md5 though
 550 2011-06-20 01:13:43 <lfm> quiznor: so the same vulnerability would still be there
 551 2011-06-20 01:13:46 * copumpkin screams
 552 2011-06-20 01:13:51 OtaconEmmerich has left ()
 553 2011-06-20 01:13:56 <quiznor> what vuln?
 554 2011-06-20 01:13:58 <copumpkin> I wonder how many more times this will be repeated
 555 2011-06-20 01:14:03 <gmaxwell> yea... "I made it more secure, I used 1xsha-512 and a (single) 100 byte salt for all accounts"
 556 2011-06-20 01:14:13 <quiznor> the application needs to be fixed
 557 2011-06-20 01:14:15 <lfm> quiznor: whatever one let someone root them the first time
 558 2011-06-20 01:14:16 <gmaxwell> DaQatz: he was using 1000x md5.
 559 2011-06-20 01:14:22 <gmaxwell> DaQatz: with salting.
 560 2011-06-20 01:14:32 <lfm> if in fact thats what happened
 561 2011-06-20 01:14:40 <dD0T> DaQatz: There's nothing wrong with crypt-md5 afaik
 562 2011-06-20 01:14:48 <gmaxwell> If he has just switched to home grown using sha-512 it would have been _less_ secure.
 563 2011-06-20 01:14:55 <kika_> dude65535: but then to check if the password is valid, you need to get the salt from somewhere
 564 2011-06-20 01:15:22 <KuDeTa> kika_ if we know password and md5 can we compute salt??
 565 2011-06-20 01:15:31 <jrmithdobbs> gmaxwell: except on uids <~3050 who haven't changed their password
 566 2011-06-20 01:15:32 xert has quit (Read error: Connection reset by peer)
 567 2011-06-20 01:15:37 <jrmithdobbs> where he was in fact just using a single md5
 568 2011-06-20 01:15:38 <jrmithdobbs> lol
 569 2011-06-20 01:15:48 <dD0T> gmaxwell: Optimized attack tools would've been less readily available but for a knowledgeable attacker... No spinning your own in crypto doesn't pay off for mere mortals...
 570 2011-06-20 01:15:53 <kika_> KuDeTa: i dont know, can you ?
 571 2011-06-20 01:16:01 nuthin has joined
 572 2011-06-20 01:16:03 <kika_> KuDeTa: i dont think so
 573 2011-06-20 01:16:09 <quiznor> once they have the web user account and mysql passwd, they can setup shells and have free reign over the db / scripts
 574 2011-06-20 01:16:27 <MagicalTux> gmaxwell: not a rooted server either, too bad
 575 2011-06-20 01:16:28 <dD0T> jrmithdobbs: Usually those get converted on login. I guess they've been unused for quite a while
 576 2011-06-20 01:16:31 <KuDeTa> i don't know, just thought it was interesting
 577 2011-06-20 01:16:35 <lfm> KuDeTa: no, the salt is not encrypted, the salt is right there in front of your face. no one needs to guess it. it is right there!
 578 2011-06-20 01:16:41 <gmaxwell> dD0T: well optimized sha-512 is available (and hell, all bitcoin miners have awesome sha256 code. ;))
 579 2011-06-20 01:16:46 <KuDeTa> lol i can see the salt
 580 2011-06-20 01:16:51 <KuDeTa> you know what i meant
 581 2011-06-20 01:16:57 <gmaxwell> MagicalTux: do you know how the passwords data was obtained?
 582 2011-06-20 01:17:04 Hal____ has quit (Ping timeout: 246 seconds)
 583 2011-06-20 01:17:07 <gmaxwell> MagicalTux: sorry for spreading fud. :-/
 584 2011-06-20 01:17:11 <Blitzboom> MagicalTux: i hope a rollback is legal?
 585 2011-06-20 01:17:15 <Blitzboom> just wondering
 586 2011-06-20 01:17:16 <eianpsego> KuDeTa, with the md5 digest and the password, you can brute force and find a small salt value - that's no problem
 587 2011-06-20 01:17:23 <lfm> KuDeTa: the salt is taken originally from /dev/random usually
 588 2011-06-20 01:17:34 <kika_> gmaxwell: so mtgox is storing the salt in plaintext???
 589 2011-06-20 01:17:41 <dD0T> gmaxwell: Well add a 'gmaxwell' after each string you hash and you'll have to do modifications that would be above what script kiddies can do.
 590 2011-06-20 01:17:45 <jrmithdobbs> kika_: that's fine?!
 591 2011-06-20 01:17:47 <lfm> kika_: yes that is hwo salts work!
 592 2011-06-20 01:17:51 <gmaxwell> kika_: Yes. That is what _everyone_ does. It's the proper thing to do.
 593 2011-06-20 01:17:54 <iz> kika_: the salt is always stored in plaintext
 594 2011-06-20 01:17:57 davro has quit (Read error: Connection reset by peer)
 595 2011-06-20 01:17:58 <kika_> lfm: yes i know how salts work!
 596 2011-06-20 01:18:01 <MagicalTux> gmaxwell: someone who had read only access for the database to perform audits got compromised in some way, investigation is still in progress
 597 2011-06-20 01:18:05 <jrmithdobbs> apparently you don't
 598 2011-06-20 01:18:12 <iz> ah..
 599 2011-06-20 01:18:21 <lfm> kika_: look at your own /etc/passwd on your linux systems, it is the same thing
 600 2011-06-20 01:18:39 <kika_> lfm: i know
 601 2011-06-20 01:18:39 xert has joined
 602 2011-06-20 01:18:45 <MagicalTux> anyway I'm updating the system now to use a separate system to perform authentications and store password in a custom way
 603 2011-06-20 01:18:46 <kika_> lfm: the salt should be on the php scripts
 604 2011-06-20 01:18:50 <ericmock> ah, so, some clever pre-salting /would/ have helped...
 605 2011-06-20 01:18:58 <eianpsego> custom way?
 606 2011-06-20 01:19:00 <gmaxwell> kika_: ! then you'd have the same sale for all passwords?
 607 2011-06-20 01:19:02 <quiznor> britcoin says gox had an sql injection
 608 2011-06-20 01:19:05 <lfm> kika_: so why are you incredulous that mtgox is doing it?
 609 2011-06-20 01:19:08 <jrmithdobbs> MagicalTux: don't fuckin store it in a custom way
 610 2011-06-20 01:19:09 <kika_> MagicalTux: do you need a programmer and system administrator to help ?
 611 2011-06-20 01:19:09 <jlgaddis> MagicalTux: still expect to be back up by 0200 utc?
 612 2011-06-20 01:19:13 <gmaxwell> dD0T: I promise you that lots of people can do that modification
 613 2011-06-20 01:19:15 <jrmithdobbs> MagicalTux: read the last 30 minutes of this discussion
 614 2011-06-20 01:19:16 <jrmithdobbs> jesus fuck
 615 2011-06-20 01:19:22 <kika_> MagicalTux: i can perform security audits on the code too
 616 2011-06-20 01:19:23 <eianpsego> magictux, custom way sounds super dangerous
 617 2011-06-20 01:19:27 <nuthin> mmm ... custom ... what does that entail ...
 618 2011-06-20 01:19:33 <nuthin> yeah, I agree
 619 2011-06-20 01:19:52 <goobrnaut> http://complainr.syx.sk/
 620 2011-06-20 01:19:52 <KuDeTa> i dont think he means custom as in pulled form his butt
 621 2011-06-20 01:19:58 <MagicalTux> that entails that only access to the db will not allow even bruteforce of pass
 622 2011-06-20 01:20:00 <lfm> kika_: no one has broken the passwords unless they were silly simple
 623 2011-06-20 01:20:02 <ThomasV> heh, someone want to perform security audit on my code ?
 624 2011-06-20 01:20:08 wolfspraul has joined
 625 2011-06-20 01:20:12 <gmaxwell> MagicalTux: no offense, but the last 30 minutes of this channel has been cryptonewbs suggesting custom things which are less secure than the freebsd md5s most of your accounts had.
 626 2011-06-20 01:20:13 <doofus2> introducing MagicalTux-256, a new hash algorithm
 627 2011-06-20 01:20:14 <dD0T> gmaxwell: Oh I don't doubt that. It would've prevented me from simply throwing the list into JTR for the lulz though.
 628 2011-06-20 01:20:16 <jrmithdobbs> MagicalTux: if you want to use a well-vetted password hashing algorithm and store the salt in a separate place from the hash, fine, but don't try and write your own
 629 2011-06-20 01:20:19 <lizthegrey> magicaltux: I would gladly switch to SSL client cert-based authentication were it offered. and locking down IPs that could be used to only one or two
 630 2011-06-20 01:20:26 <kika_> lfm: usually the salt is a secret string stored on the php code
 631 2011-06-20 01:20:37 <s13013> no
 632 2011-06-20 01:20:43 <jrmithdobbs> kika_: NO
 633 2011-06-20 01:20:45 <nuthin> I just learned about bcrypt today, but from what I read, that sounds like the way to go
 634 2011-06-20 01:20:46 <kika_> lfm: or you can randomly generate a salt for each account and store it somewhere in plaintext
 635 2011-06-20 01:20:54 <gmaxwell> nuthin: bcrypt << scrypt
 636 2011-06-20 01:20:54 neurochasm has joined
 637 2011-06-20 01:20:55 <lfm> kika_: well not the way the standard crypt does it
 638 2011-06-20 01:21:05 <ketsa> you cant lock IP, ppl have dynamic IPs
 639 2011-06-20 01:21:15 <lfm> kika yes, each account had its own salt
 640 2011-06-20 01:21:15 <nuthin> gmaxwell: thanks :)
 641 2011-06-20 01:21:15 <lizthegrey> ketsa: as an option.
 642 2011-06-20 01:21:16 <ericmock> why does everyone seem to think 'custom' and/or 'clever' means rolling your own crypto?
 643 2011-06-20 01:21:23 <gmaxwell> kika_: if you have a secure place to put the salt, put the whole hash there. :)
 644 2011-06-20 01:21:27 <eianpsego> eric, because it usually does :(
 645 2011-06-20 01:21:34 <quiznor> the big question is why on earth did the intruder sell of 500k bitcoins in one shot.. he would've known that would cause an immediate shutdown
 646 2011-06-20 01:21:45 <gmaxwell> ericmock: the proposals here that didn't like just using sha-512 were also bad.
 647 2011-06-20 01:21:46 <ericmock> okay, but I'd hope we can assume the people here aren't idiots
 648 2011-06-20 01:21:51 <kika_> lfm: im talking about md5 salt
 649 2011-06-20 01:21:53 <nuthin> ericmock: what else would it mean?
 650 2011-06-20 01:21:53 <MagicalTux> [10:19:27] <gmaxwell> MagicalTux: no offense, but the last 30 minutes of this channel has been cryptonewbs suggesting custom things which are less secure than the freebsd md5s most of your accounts had. <- I'm suggesting something similar, using SHA512, and a double salt (part will be per user in clear text, part will be computed by the system for each account based on sepcific parameters)
 651 2011-06-20 01:21:54 <kika_> lfm: not crypt
 652 2011-06-20 01:22:01 <lizthegrey> ketsa: I *know* I only access mtgox from two IP addresses. it would be good to make it clear that access from any other IP is an intrusion
 653 2011-06-20 01:22:07 <MagicalTux> ie. adding some salt in the salt cannot make ths thing weaker, only stronger
 654 2011-06-20 01:22:10 <roconnor> quiznor: Wasn't the idea to get the price of bitcoins down low enough to move lots of them out under the daily limit?
 655 2011-06-20 01:22:10 <nuthin> ericmock: custom kinda sounds like security through obscurity
 656 2011-06-20 01:22:22 <gmaxwell> MagicalTux: sha-512 alone would be less secure than the freebsd md5, because it does 1000 iterations of md5.
 657 2011-06-20 01:22:23 <lfm> kika yes cyrpt() uses md5 nowadays. every account has its own random salt
 658 2011-06-20 01:22:27 intlkleinblue has quit (Ping timeout: 276 seconds)
 659 2011-06-20 01:22:28 <s13013> trying to hide the salt is a fools errand. if you want to incresae the complexity of hte ciphertext use some other method, don't start trying to be sneaky with the salt.
 660 2011-06-20 01:22:33 <gmaxwell> MagicalTux: but sure, adding additional site-salt should be okay.
 661 2011-06-20 01:22:39 <quiznor> roconnor: afaik, theres a 50 (or 80?) btc withdrawal limit anyway... mayhe he thought the limit was calculated based on the spot price or something
 662 2011-06-20 01:22:41 <kika_> i think it would be better to use public private key crypt to login to mtgox
 663 2011-06-20 01:22:50 <ericmock> nuthin: what else would it mean?  could mean all kinds of things...  like crypt(crypt()), crypt(exp(crypt())
 664 2011-06-20 01:23:01 <ericmock> with the appropriate type conversions
 665 2011-06-20 01:23:03 <MagicalTux> gmaxwell: I'm pretty sure bruteforcing sha512 is more expensive than bruteforcing md5
 666 2011-06-20 01:23:03 <nuthin> right
 667 2011-06-20 01:23:09 <nuthin> security through obscurity
 668 2011-06-20 01:23:10 csshih has joined
 669 2011-06-20 01:23:29 <gmaxwell> MagicalTux: okay, you're not listening. The freebsd md5 hash isn't just md5. It's _1000_ iterations of it. It's much slower than sha512.
 670 2011-06-20 01:23:30 <kika_> MagicalTux: can i help you with something?
 671 2011-06-20 01:23:36 <lfm> kika_: public key logins would be a lot of extra overhead on the servers and crypt() has not been borken
 672 2011-06-20 01:23:38 <nuthin> not that it's less secure, but there are much better methods
 673 2011-06-20 01:23:43 <ericmock> obscurity + well-tested > well-tested
 674 2011-06-20 01:23:45 <gmaxwell> MagicalTux: this is why you have no business designing this.
 675 2011-06-20 01:23:52 <quiznor> roconnor: i dont know how the limit is calculated.. maybe its $1000 worth of btc at that moment..
 676 2011-06-20 01:23:55 <jrmithdobbs> kika_: no please don't you've demonstrated you don't understand the subject at hand
 677 2011-06-20 01:23:58 devon_hillard has quit (Read error: Connection reset by peer)
 678 2011-06-20 01:24:00 red_dawn_ has joined
 679 2011-06-20 01:24:08 <roconnor> quiznor: that was my understanding; though I'm not sure.
 680 2011-06-20 01:24:11 <lizthegrey> lfm: ssl client certs are not that much extra overhead.
 681 2011-06-20 01:24:14 <lizthegrey> the only overhead is *user* comprehension overhead
 682 2011-06-20 01:24:37 <eianpsego> magicaltux, are you proposing to do a single iteration of sha256?
 683 2011-06-20 01:24:38 <gmaxwell> MagicalTux: PBKDF2 with SHA512 + additional site-salt would be fine, I think. But to be honest, _I_ don't have any business designing this either, at least not by the seat of my pants.
 684 2011-06-20 01:24:45 <doofus2> rot13(xor(str[i])) sounds like a good idea 2 me
 685 2011-06-20 01:24:53 <kgo> lizthegrey, it'd be extra-awesome to have those certs on smartcards.
 686 2011-06-20 01:24:57 <lfm> ericmock: well its quite often the custom "obscurity" that gets broken while the standard well tested security stands up
 687 2011-06-20 01:25:06 <jrmithdobbs> gmaxwell: isn't there a well vetted sha256 password hash already available?
 688 2011-06-20 01:25:19 <MagicalTux> [10:23:52] <eianpsego> magicaltux, are you proposing to do a single iteration of sha256? <- someone pointed out many people around here have systems optimized for sha256
 689 2011-06-20 01:25:24 agricocb has quit (Ping timeout: 255 seconds)
 690 2011-06-20 01:25:26 <gmaxwell> jrmithdobbs: PBKDF2 is a general construction that works with any hash function.
 691 2011-06-20 01:25:30 <ericmock> like if he'd have maybe even used the user id mixed with the password, it would take a hacker with just the database a possibly very long time to figure out how the user id was mixed in
 692 2011-06-20 01:25:38 ThomasV has quit (Read error: Operation timed out)
 693 2011-06-20 01:25:39 <ericmock>  /that/ is extending entropy
 694 2011-06-20 01:25:46 <MagicalTux> [10:22:43] <gmaxwell> MagicalTux: okay, you're not listening. The freebsd md5 hash isn't just md5. It's _1000_ iterations of it. It's much slower than sha512. <- then let's do 1000 iterations of sha512 :)
 695 2011-06-20 01:25:54 <Cryo> MagicalTux, are you participating in the onlyonetv chat?
 696 2011-06-20 01:26:06 <jrmithdobbs> gmaxwell: then ya pbkdf2 with sha512 + per user salt + site salt should be fairly safe
 697 2011-06-20 01:26:08 <MagicalTux> Cryo: I guess I'll be once I solve this
 698 2011-06-20 01:26:14 <csshih> hahhaha sha256
 699 2011-06-20 01:26:15 <csshih> >_>
 700 2011-06-20 01:26:22 <gmaxwell> jrmithdobbs: it's what the EVP_BytesToKey in openssl does.
 701 2011-06-20 01:26:25 <jrmithdobbs> gmaxwell: but i also do not have the credentials to design something like this
 702 2011-06-20 01:26:33 <Kiba> guys
 703 2011-06-20 01:26:33 <lizthegrey> magicaltux: crypt() is known secure *if used properly*.
 704 2011-06-20 01:26:41 <jrmithdobbs> and anyone in this channel claiming they do is overestimating their capabilities.
 705 2011-06-20 01:26:43 <Kiba> I would like to post a comic from my publication before I goes
 706 2011-06-20 01:26:45 <Kiba> http://www.bitcoinweekly.com/comics/bitcoin-rate
 707 2011-06-20 01:26:49 <MagicalTux> lizthegrey: until now we've been using crypt()
 708 2011-06-20 01:26:51 <s13013> md5_crypt didn't fail. fix the shit the failed instead?
 709 2011-06-20 01:27:07 <lfm> and crypt() isnt broken
 710 2011-06-20 01:27:08 <jrmithdobbs> MagicalTux: not "until now" you also used straight md5 for uids < 3050
 711 2011-06-20 01:27:11 <dD0T> MagicalTux: Nothing wrong with crypt
 712 2011-06-20 01:27:11 MrSambal has quit (Ping timeout: 276 seconds)
 713 2011-06-20 01:27:12 <MagicalTux> (long time before it was a simple md5() )
 714 2011-06-20 01:27:17 <lizthegrey> magicaltux: you were using crypt with MD5 rather than crypt with SHA256 or otherwise
 715 2011-06-20 01:27:17 <quiznor> the next step up would be client certificates.... each user downloads a cert and stuffs it into his browser. the trading server rejects clients who's cert/username doesn't match up
 716 2011-06-20 01:27:19 <kgo> Did I hear right?  Is the site PGP?  If so, http://stackoverflow.com/questions/1581610/help-me-make-my-password-storage-safe
 717 2011-06-20 01:27:22 Diablo-D3 has quit (Read error: Operation timed out)
 718 2011-06-20 01:27:28 <kgo> s/PGP/PHP
 719 2011-06-20 01:27:29 <MagicalTux> jrmithdobbs: any user who logged in with a md5 pass got their pass upgraded to crypt() automatically
 720 2011-06-20 01:27:31 <gmaxwell> MagicalTux: there is pbkdf2 implemented in here http://php.net/manual/en/function.hash-hmac.php and it supports sha256.
 721 2011-06-20 01:27:48 <dude65535> Well all my security knowlege comes from listening to every episode of the security now podcast so I know i'm not qualified
 722 2011-06-20 01:27:53 <jrmithdobbs> sha256 is a bad idea for a bitcoin-related password hash
 723 2011-06-20 01:27:53 <MagicalTux> gmaxwell: great, I have the hash php ext loaded too
 724 2011-06-20 01:28:13 <nuthin> sounds like sha256 is a bad hash for passwords in any case
 725 2011-06-20 01:28:22 <hallowworld> Account withdrawal locks options would be nice too (hardcoded delay for withdrawals and lock accounts to be withdrawn to only one address)
 726 2011-06-20 01:28:25 <jrmithdobbs> seeing as bitcoin has caused the best/fastest sha256 implementations ever
 727 2011-06-20 01:28:31 <gmaxwell> nuthin: the code there does pbkdf2 based on whatever hash you use.
 728 2011-06-20 01:28:42 <gmaxwell> jrmithdobbs: yea... but I'm going with whats callable from php...
 729 2011-06-20 01:28:43 <fiverawr> jrmithdobbs: Any hash is going to be pretty bad. The bitcoin community is like the worst place to lose a database to. Anyway, isn't sha512 computation faster than sha256?
 730 2011-06-20 01:29:00 <jrmithdobbs> fiverawr: i don't recall
 731 2011-06-20 01:29:04 <nuthin> gmaxwell: you mean in the first comment?
 732 2011-06-20 01:29:15 <lfm> hallowworld: huh? and if your on a dyn ip?
 733 2011-06-20 01:29:20 <jrmithdobbs> fiverawr: like I said, I'm not qualified to design something like this and realise that
 734 2011-06-20 01:29:36 <jrmithdobbs> fiverawr: especially to be used in a "community" with this many gpus at their disposal
 735 2011-06-20 01:29:39 <gmaxwell> fiverawr: no, sha-512 is slower.
 736 2011-06-20 01:29:45 <Yahovah> fiverawr: SHA-256 and SHA-512 are both SHA-2 - they just have different block sizes.
 737 2011-06-20 01:30:05 <gmaxwell> nuthin: I guess so. I just googled PBKDF2 php.
 738 2011-06-20 01:30:05 red_dawn_ has quit (Changing host)
 739 2011-06-20 01:30:05 red_dawn_ has joined
 740 2011-06-20 01:30:09 <copumpkin> roconnor: do you have anything you want done that you don't want to do yourself in that implementation?
 741 2011-06-20 01:30:14 <ius> Also, scrypt/bcrypt should be considered.
 742 2011-06-20 01:30:17 bit_monger has joined
 743 2011-06-20 01:30:20 <ericmock> is anyone able to get new connections with the client?
 744 2011-06-20 01:30:39 <ericmock> I've been sitting here with zero connections for like an hour
 745 2011-06-20 01:30:48 <roconnor> copumpkin: hmm
 746 2011-06-20 01:30:57 <gmaxwell> ius: lack of php implementations would be a problem I assume. I personally always advocate scrypt but for something where the attacker won't have the hash, it matters less.
 747 2011-06-20 01:31:03 <gmaxwell> (hopefully won't have the hash!)
 748 2011-06-20 01:31:07 <roconnor> copumpkin: do you know anything about ACIDState?
 749 2011-06-20 01:31:07 <copumpkin> roconnor: also, are you attached to darcs or git?
 750 2011-06-20 01:31:10 <roconnor> darcs
 751 2011-06-20 01:31:10 <jrmithdobbs> gmaxwell: could you use pbkdf2 in combination with sha2? (in the sha512 form of sha2)
 752 2011-06-20 01:31:12 <roconnor> heh
 753 2011-06-20 01:31:12 <kgo> Actually sha-512 is faster than 256 on 64 bit architectures.  That's why nist came up with SHA-512/256 and SHA-512/224
 754 2011-06-20 01:31:14 <copumpkin> roconnor: nope :/
 755 2011-06-20 01:31:21 agricocb has joined
 756 2011-06-20 01:31:22 <fiverawr> Yahovah: http://news.slashdot.org/story/11/02/18/2217206/New-SHA-Functions-Boost-Crypto-On-64-bit-Chips
 757 2011-06-20 01:31:34 <fiverawr> I think that's why I thought it was faster
 758 2011-06-20 01:31:37 <gmaxwell> jrmithdobbs: yes. you can, you can use it with any hash function.
 759 2011-06-20 01:31:37 <roconnor> copumpkin: I bashed git on my blog recently :P
 760 2011-06-20 01:31:40 <gmaxwell> fiverawr: neat!
 761 2011-06-20 01:31:42 wetBang has quit (Ping timeout: 252 seconds)
 762 2011-06-20 01:31:52 <nuthin> I can't find much info on scrypt gmaxwell ...
 763 2011-06-20 01:32:04 <gmaxwell> nuthin: (see http://www.tarsnap.com/scrypt/scrypt.pdf and the implementation at http://www.tarsnap.com/scrypt.html)
 764 2011-06-20 01:32:07 <kika_> MagicalTux: i would suggest to add a feature to mtgox so that users can login using a 15360 bits RSA key and use a secure key exchange
 765 2011-06-20 01:32:09 <kgo> Here's bcrypt for php http://www.openwall.com/phpass/
 766 2011-06-20 01:32:11 eao has quit (Quit: Leaving)
 767 2011-06-20 01:32:17 <gmaxwell> nuthin: unfortunately scrypt is hard to google.
 768 2011-06-20 01:32:21 <jrmithdobbs> then i think pbkdf2 + sha2 (sha256/384 form) is probably the best you can do right now with something that is *well vetted*
 769 2011-06-20 01:32:22 <kika_> MagicalTux: i can help you with that if you want
 770 2011-06-20 01:32:25 <fiverawr> But, that's taking advantage of 64-bit processors. This community is already taking advantage of GPU which is much faster
 771 2011-06-20 01:32:29 <gmaxwell> nuthin: but it's the only thing that really resists FPGA/asic attack.
 772 2011-06-20 01:32:34 Kiba has quit (Remote host closed the connection)
 773 2011-06-20 01:32:41 kW_ has quit (Ping timeout: 260 seconds)
 774 2011-06-20 01:32:48 <MagicalTux> kika_: I already implemented something similar, it works with IE and firefox, but not opera/chrome/etc
 775 2011-06-20 01:32:53 <Astounding> I'ts been said that all of the wallets may be compromised?
 776 2011-06-20 01:32:57 <copumpkin> roconnor: oh yeah :)
 777 2011-06-20 01:33:00 <MagicalTux> so I didn't implement it on mtgox, because we mostly have chrome/safari
 778 2011-06-20 01:33:00 <jrmithdobbs> assuming wikipedia's performance numbers are semi-close anyways
 779 2011-06-20 01:33:03 Leo_II has quit (Ping timeout: 255 seconds)
 780 2011-06-20 01:33:06 <gmaxwell> Astounding: what? no. No one has said that.
 781 2011-06-20 01:33:07 <kika_> MagicalTux: so each user just generates its own private key and sends you their public key and thats all
 782 2011-06-20 01:33:08 lorph has quit (Ping timeout: 250 seconds)
 783 2011-06-20 01:33:10 <ius> gmaxwell: http://www.openwall.com/phpass/
 784 2011-06-20 01:33:20 TheZimm has quit (Quit: When will we learn?)
 785 2011-06-20 01:33:25 <Optimo> britcoin's message was sending mixed signals
 786 2011-06-20 01:33:29 <kika_> MagicalTux: if the public keys get compromissed you dont mind, its not your responsability
 787 2011-06-20 01:33:37 <ius> kika_: Welcome to SSL client certs
 788 2011-06-20 01:33:38 <MagicalTux> kika_: I'm thinking about adding login through GPG
 789 2011-06-20 01:33:39 TheZimm has joined
 790 2011-06-20 01:33:41 <MagicalTux> too
 791 2011-06-20 01:33:45 <jrmithdobbs> MagicalTux: i'd be happy if you'd allow me upload a ssl cert fingerprint or rsa key to use for auth
 792 2011-06-20 01:33:50 <lizthegrey> magicaltux: *applause* - yay gpg login
 793 2011-06-20 01:33:50 <jrmithdobbs> MagicalTux: that's the *real* solution.
 794 2011-06-20 01:33:52 <kika_> MagicalTux: yes thats what i mean GPG logins
 795 2011-06-20 01:34:07 Lachesis has joined
 796 2011-06-20 01:34:27 gavinandresen has quit (Quit: gavinandresen)
 797 2011-06-20 01:34:32 <MagicalTux> still waiting also for quotes for hardware tokens, that would make it possible to use OTP to login on mtgox
 798 2011-06-20 01:34:34 <jrmithdobbs> MagicalTux: as in i upload a ssl cert fingerprint AND you verify it's cert path
 799 2011-06-20 01:34:41 <ericmock> just take a look at the crap you need to go through to submit an app to Apple
 800 2011-06-20 01:34:48 <Optimo> I was hoping for your sake it was a sexy hot secret agent that 'rooted' you
 801 2011-06-20 01:34:49 red_dawn_ has quit (Quit: leaving)
 802 2011-06-20 01:34:57 <jrmithdobbs> (comodo issues FREE FOR PERSONAL USE sign/crypt ssl certs with email as CN)
 803 2011-06-20 01:34:58 lorph has joined
 804 2011-06-20 01:35:07 <fiverawr> were they rooted?
 805 2011-06-20 01:35:19 <Optimo> a hot asian chick (in my mind)
 806 2011-06-20 01:35:19 <gmaxwell> fiverawr: comodo?
 807 2011-06-20 01:35:22 <cut> jrmithdobbs: nobody trusts comodo anymore though
 808 2011-06-20 01:35:25 <jlgaddis> fuck comodo
 809 2011-06-20 01:35:29 <ius> Also, your password storage mechanism means (...) if all your code is still full of potential holes to phish a specific password or grab other sensitive data
 810 2011-06-20 01:35:30 <roconnor> copumpkin: what were your goals for making a Haskell client?
 811 2011-06-20 01:35:35 <jrmithdobbs> cut: true but for user auth it's fine
 812 2011-06-20 01:35:41 <nuthin> thanks gmaxwell :)
 813 2011-06-20 01:35:43 red_dawn_ has joined
 814 2011-06-20 01:35:44 <jrmithdobbs> cut: in situations where the user provides the fingerprint to begin with
 815 2011-06-20 01:35:54 <ericmock> yea, at least MagicalTux could have gotten laid for his trouble...
 816 2011-06-20 01:36:13 <kika_> MagicalTux: i think you should audit the whole mtgox php code and then make it open source
 817 2011-06-20 01:36:18 <copumpkin> roconnor: learning more about it, seeing how elegantly it could be done in haskell, and experimenting with automated trading strategies on top of a generic library
 818 2011-06-20 01:36:23 <ius> MagicalTux: Forget about the rest, get an audit done, and hire some developers
 819 2011-06-20 01:36:41 <fiverawr> I'm kinda hoping that authentication with via bitcoin addresses will eventually be a possibility. But for that to happen, wallets need to be secured pretty well first. Hopefully in the future
 820 2011-06-20 01:36:45 <kika_> MagicalTux: im 14 years experienced developer and system administrator, i can help for some bitcoins
 821 2011-06-20 01:36:47 <fiverawr> -with
 822 2011-06-20 01:37:05 <gmaxwell> ius: well upgrading the password system now matters a little because people will change passwords.
 823 2011-06-20 01:37:08 <ius> Also, dongles, Yubikeys are quite cheap and provide a second factor (OTP-based)
 824 2011-06-20 01:37:13 <Zeiris_> MagicalTux, good work on getting as far as you have :D Haters gonna hate, but you did good.
 825 2011-06-20 01:37:14 <StephenFalken> I wonder...isn't it possible to transfer all the functionality of the web BTC exchanges to the client and do it all in a p2p way ?
 826 2011-06-20 01:37:18 <gmaxwell> yubikeys are goodness.
 827 2011-06-20 01:37:25 <jrmithdobbs> Zeiris_: no he did not
 828 2011-06-20 01:37:31 <dD0T> Generate passwords for users and don't allow them to change them ---> No need for salting ;-)
 829 2011-06-20 01:37:31 <ericmock> kika_: I could make the same claim...  technically.
 830 2011-06-20 01:37:37 <Optimo> haters gonna hash
 831 2011-06-20 01:37:45 <roconnor> copumpkin: one thing I have not so much interest in working on is doing proper peering; how many peers to connect to; switching between them; etc.
 832 2011-06-20 01:37:50 <gmaxwell> StephenFalken: no, because there needs to be someway to validate that the counterparty has and will pay the non-btc side.
 833 2011-06-20 01:38:01 <kika_> ericmock: which claim? 14 years experience?
 834 2011-06-20 01:38:03 <Zeiris_> jrmithdobbs, that's the thing I love about early adopters - they don't need to do it right to succeed XD
 835 2011-06-20 01:38:04 <copumpkin> roconnor: ah, I see
 836 2011-06-20 01:38:04 DukeOfURL has joined
 837 2011-06-20 01:38:07 <ius> gmaxwell: True that, and yes, yubikey is nice imo :)
 838 2011-06-20 01:38:13 <ericmock> kika_: all
 839 2011-06-20 01:38:13 <kika_> ericmock: or open source mtgox code?
 840 2011-06-20 01:38:13 <copumpkin> I could play with that, although I can't say it's the most interesting part to me either
 841 2011-06-20 01:38:19 <jrmithdobbs> Zeiris_: he still hasn't disclosed what was compromised.
 842 2011-06-20 01:38:27 <ericmock> and there's no way I'd feel comfortable helping ;-)
 843 2011-06-20 01:38:38 <copumpkin> details of networking (although we could play with stm and threads) aren't my favorite aspect of this :P
 844 2011-06-20 01:38:41 <Zeiris_> His competition is being interviewed right now, and don't sound threatening :)
 845 2011-06-20 01:38:55 <ericmock> kikia_:  14 years experience
 846 2011-06-20 01:38:56 <roconnor> copumpkin: ya; I'm not sure it is really necessary to do anyways.
 847 2011-06-20 01:38:56 <jrmithdobbs> Zeiris_: tradehill is just another set of amateurs
 848 2011-06-20 01:38:56 <gmaxwell> kika_: 14 years expirence, but apparently not with password security code! :)
 849 2011-06-20 01:39:04 <jrmithdobbs> Zeiris_: give it a month before their db gets leaked too
 850 2011-06-20 01:39:04 <Zeiris_> I know! Isn't it beautiful!
 851 2011-06-20 01:39:13 <Zeiris_> I love this community so much <333
 852 2011-06-20 01:39:18 <Optimo> tradehill is indeed amatuer to some extent
 853 2011-06-20 01:39:19 <copumpkin> roconnor: isn't it necessary to perform transactions?
 854 2011-06-20 01:39:24 <MagicalTux> [10:35:28] <kika_> MagicalTux: i think you should audit the whole mtgox php code and then make it open source <- we will /change/ the whole php code
 855 2011-06-20 01:39:25 <gmaxwell> is anyone capturing the stream?
 856 2011-06-20 01:39:27 <MagicalTux> current one is not auditable
 857 2011-06-20 01:39:28 <quiznor> theres been no tradehill vulns anounced...
 858 2011-06-20 01:39:32 <kika_> gmaxwell: its just a matter of read the crypt man page
 859 2011-06-20 01:39:33 <Lachesis> MagicalTux, why not?
 860 2011-06-20 01:39:42 <Lachesis> MagicalTux, have you written anything about security plans going forward?
 861 2011-06-20 01:39:46 <roconnor> copumpkin: I don't know; I think you should just directly connect to the major miners
 862 2011-06-20 01:39:50 <jrmithdobbs> Optimo: amateur and hiring outsourced chilaen devs to write financials code
 863 2011-06-20 01:39:55 <MagicalTux> Lachesis: yes
 864 2011-06-20 01:39:57 <jrmithdobbs> Optimo: it is going to end horribley.
 865 2011-06-20 01:39:58 <gmaxwell> kika_: apparently not, because you were advocating less secure alternatives and misunderstanding how salt works. The devil is in the details.
 866 2011-06-20 01:40:06 <Lachesis> MagicalTux, link/
 867 2011-06-20 01:40:07 <quiznor> hmm
 868 2011-06-20 01:40:08 <Optimo> I like horribley
 869 2011-06-20 01:40:17 <quiznor> well they have so much money they can hire a ton of ppl to develop the site
 870 2011-06-20 01:40:28 <quiznor> bitcoin exchange = license to print $
 871 2011-06-20 01:40:34 <Optimo> ?
 872 2011-06-20 01:40:36 <kika_> gmaxwell: my alternative is GPG logins
 873 2011-06-20 01:40:37 <roconnor> copumpkin: anyhow; I'm off to bed
 874 2011-06-20 01:40:41 <jrmithdobbs> more people does not == better development
 875 2011-06-20 01:40:44 <jrmithdobbs> or more secure code
 876 2011-06-20 01:40:45 <jrmithdobbs> in fact
 877 2011-06-20 01:40:45 <copumpkin> roconnor: alright, night! thanks for sending me the code
 878 2011-06-20 01:40:48 <dD0T> kika_: GPG? How would that work. No browser supports that
 879 2011-06-20 01:40:50 <jrmithdobbs> it usually means the EXACT OPPOSITE
 880 2011-06-20 01:40:55 <gmaxwell> dD0T: manutally!
 881 2011-06-20 01:40:59 <Optimo> copumpkin ooh what did you get?
 882 2011-06-20 01:41:01 <kika_> dD0T: no need for the browser to support it!
 883 2011-06-20 01:41:04 backwardation25 has joined
 884 2011-06-20 01:41:04 <StephenFalken> gmaxwell: but in a pure BTC world, what would these exchanges be useful for ? People can trade directly between each other. You just have to extend the BTC client to allow it.
 885 2011-06-20 01:41:05 <Lachesis> gpg logins, ssl client certificates, OTPs, email verification... the list goes on and on
 886 2011-06-20 01:41:11 <dD0T> kika_: Oh yes there is...
 887 2011-06-20 01:41:17 <kika_> dD0T: no
 888 2011-06-20 01:41:18 <ericmock> Optimo: he got some Haskell
 889 2011-06-20 01:41:21 <gmaxwell> StephenFalken: what do you think the client already does?! 0_o
 890 2011-06-20 01:41:22 takezo420 has quit (Quit: takezo420)
 891 2011-06-20 01:41:24 <Optimo> of course lol
 892 2011-06-20 01:41:31 <ericmock> yea
 893 2011-06-20 01:41:32 <gmaxwell> StephenFalken: you can send btc to whomever you want!
 894 2011-06-20 01:41:37 <kgo> What's the status on SCuTe?  Could you use gpgsm with an openpgp smartcard?
 895 2011-06-20 01:41:45 <copumpkin> Optimo: roconnor has been working on a pure haskell implementation of bitcoin :)
 896 2011-06-20 01:41:46 <quiznor> jrmithdobbs: ermm.. more ppl doesnt guarantee better product, but its certainly necessary to have enough ppl.
 897 2011-06-20 01:41:49 <ericmock> damn it, I can't get a connection
 898 2011-06-20 01:41:52 <Optimo> brilliant
 899 2011-06-20 01:41:52 <dD0T> gmaxwell: That would be interesting: Here you have a randoom string. Please sign this with gpg and paste it back ;-)
 900 2011-06-20 01:41:55 <ericmock> and I need one for code testing
 901 2011-06-20 01:41:57 <gmaxwell> StephenFalken: watcha gonna do, create a order to buy 10 btc for 10 btc? :)
 902 2011-06-20 01:42:00 <Lachesis> what was the actual vulnerability?
 903 2011-06-20 01:42:00 Obehsh has quit (Remote host closed the connection)
 904 2011-06-20 01:42:20 <ius> Lachesis: All of that is only useful if the code is fixed/rewritten. Going back online means there's a chance to get compromised /again/
 905 2011-06-20 01:42:22 <jrmithdobbs> quiznor: studies show that teams of more than ~5-10 working on the same project actually slow it down and cause confusion/problems
 906 2011-06-20 01:42:26 <gmaxwell> dD0T: yep, and then you get owned when the attacker passes back a message with a \0 in it and the rest gets taken as arguments to gpg. :)
 907 2011-06-20 01:42:33 <dD0T> kika_: You do realise that ppk in the form of tls with client/server certs is already built into all modern browsers?
 908 2011-06-20 01:42:36 <Optimo> ericmock: launch with -dnsseed addnode=173.242.112.53
 909 2011-06-20 01:42:44 <Optimo> -addnode..
 910 2011-06-20 01:42:49 <mrb_> I wrote a quick time-line of events: http://blog.zorinaq.com/?e=55
 911 2011-06-20 01:42:49 <dD0T> kika_: You can even tell the browser to generate a cert so it never has to touch your server
 912 2011-06-20 01:42:54 * ericmock will hardcode that in
 913 2011-06-20 01:42:55 <jrmithdobbs> dD0T: no, kika_ has repeatedly shown he knows nothing about secure auth mechanisms
 914 2011-06-20 01:43:04 <jrmithdobbs> dD0T: like, what salt in password hashes is for
 915 2011-06-20 01:43:15 <quiznor> jrmithdobbs: depends. what is the scope of the project? what defines a project. how many ppl are working on the google search engine? probably 10k developers
 916 2011-06-20 01:43:16 <Optimo> maybe not hardcoded. .23 connects rather well for me
 917 2011-06-20 01:43:19 <kika_> dD0T: yes but browsers only trust CA's that sign keys up to 1024 bits lenght thats not secure
 918 2011-06-20 01:43:20 <dD0T> jrmithdobbs: He has a lot of self-confidence though...'which is irritating...
 919 2011-06-20 01:43:22 <gmaxwell> jrmithdobbs: yea, misunderstanding salt = gpg auth vulnerable to replay attack! :)
 920 2011-06-20 01:43:32 <dD0T> kika_: No they don't. Stop talking bs
 921 2011-06-20 01:43:34 <Lachesis> i've gotten so much freaking spam because of this...
 922 2011-06-20 01:43:34 <kika_> dD0T: 1024 bits is not enough
 923 2011-06-20 01:43:39 <Lachesis> 3 different people alredy
 924 2011-06-20 01:43:44 <Lachesis> and a scam, claiming to be from MtGox
 925 2011-06-20 01:43:50 <gmaxwell> kika_: 1024 bits isn't ideal, but it's not actually a problem right now.
 926 2011-06-20 01:43:51 <dD0T> ok...got me. kika_  must be a troll...
 927 2011-06-20 01:43:56 <quiznor> google has 10,000 ppl developing their search engine...
 928 2011-06-20 01:44:03 <jrmithdobbs> kika_: doesn't matter if the browser supports the CA in the cert path
 929 2011-06-20 01:44:19 <copumpkin> there used to be a root cert with a 16384-bit key
 930 2011-06-20 01:44:29 <jrmithdobbs> kika_: if you're providing the fingerprint to be used as your ID the server side doesn't even need to verify teh cert path
 931 2011-06-20 01:44:41 <jrmithdobbs> kika_: just that you can sign valid data with the cert.
 932 2011-06-20 01:44:42 <lfm> kika_: ya and browsers work fine with longer keys
 933 2011-06-20 01:44:43 <gmaxwell> copumpkin: 16384 bit... generated with debian openssl rng? ;)
 934 2011-06-20 01:44:50 <copumpkin> gmaxwell: hah no
 935 2011-06-20 01:44:51 <dD0T> jrmithdobbs: Doesn't seem to know the difference between client/server certs either...
 936 2011-06-20 01:44:54 <copumpkin> but it was ages ago
 937 2011-06-20 01:44:56 <copumpkin> must've taken a while to generate
 938 2011-06-20 01:44:57 <jlgaddis> cacert!
 939 2011-06-20 01:45:01 <gmaxwell> The old RSA code only supported up to 8192 AFAIK, but that stuff was shit.
 940 2011-06-20 01:45:02 <Cryo> MagicalTux, could you participate in this chat, they're getting... braindead.
 941 2011-06-20 01:45:22 <lfm> kika and tell us, how many 1024 bit keys have been factored in the world so far?
 942 2011-06-20 01:45:40 <gmaxwell> lfm: how many 768 bit RSA keys, in fact.
 943 2011-06-20 01:45:52 <kika_> lfm: yes browsers work fine but no CA trusted by default for browsers supports keys longer than 1024 bits i think
 944 2011-06-20 01:46:12 <Cryo> no, 2048
 945 2011-06-20 01:46:16 <dD0T> kika_: Stop thinking and read up pls
 946 2011-06-20 01:46:20 <quiznor> chrome doesn't support client certs well yet
 947 2011-06-20 01:46:29 <kika_> dD0T: ok
 948 2011-06-20 01:46:30 Leo_II has joined
 949 2011-06-20 01:46:31 <kgo> In this case, you'd probably have a mtgox CA issue a certificate for it's users.  You wouldn't buy a InstantSSL ca and set it up with MtGox.
 950 2011-06-20 01:46:32 <dD0T> quiznor: Works for me ;-)
 951 2011-06-20 01:46:41 <quiznor> yeah it works. but not all sites for some reason
 952 2011-06-20 01:46:43 <quiznor> a bit buggy
 953 2011-06-20 01:46:53 <dD0T> quiznor: Dunno. Not many sites with ppk out there in any case
 954 2011-06-20 01:47:11 <dD0T> quiznor: ehm. client certs
 955 2011-06-20 01:47:18 <nuthin> gmaxwell: you a security guru or something?
 956 2011-06-20 01:47:34 <ius> StartSSL was able to dump a client cert in my browser without it asking me. Kind of surprised me..
 957 2011-06-20 01:47:35 <dD0T> nuthin: He's more like a everything guru.......
 958 2011-06-20 01:47:43 <gmaxwell> nuthin: No, I'm an idiot. Please don't make any security decisions based on my noisemaking alone.
 959 2011-06-20 01:47:44 <nuthin> cool
 960 2011-06-20 01:47:50 <nuthin> hehe
 961 2011-06-20 01:48:11 <nuthin> of course not
 962 2011-06-20 01:48:24 <quiznor> cyberthieves on the loose
 963 2011-06-20 01:48:37 alfakini has quit (Quit: alfakini)
 964 2011-06-20 01:48:54 <quiznor> who wants to bet on when/if the first remotely exploitable buffer overflow in the bitcoin client will happen
 965 2011-06-20 01:49:07 <quiznor> seems like it would be pretty hard
 966 2011-06-20 01:49:14 <doublec> Hmm, spam email with possible trojan claiming to be from mtgox
 967 2011-06-20 01:49:16 <doublec> http://pastebin.com/8DUi2rTf
 968 2011-06-20 01:49:28 <doublec> From address is noreply@mtgox.com
 969 2011-06-20 01:49:29 <quiznor> exactly doublec.. ppl are getting hacked on the rebound by phishing now
 970 2011-06-20 01:49:39 <gmaxwell> hahahah
 971 2011-06-20 01:49:51 SomeoneWeird has joined
 972 2011-06-20 01:50:05 <elnato> mtgox hosts their tutorials on fileden!
 973 2011-06-20 01:50:05 <gmaxwell> thats that thing that edits your wallet to lie about you balance, while also stealing it.
 974 2011-06-20 01:50:19 <dD0T> lol^^
 975 2011-06-20 01:50:35 <gmaxwell> there were videos of it on youtube full of comments doing "omg it works! my balance is a zillion now!"
 976 2011-06-20 01:50:45 <gmaxwell> :-/
 977 2011-06-20 01:50:53 <ius> gmaxwell: What, someone already came up with something more sophisticated than a grab-and-email attack?
 978 2011-06-20 01:50:54 <dD0T> gmaxwell: Does it just edit the wallet?
 979 2011-06-20 01:51:15 <quiznor> it would be hard to do a buffer overflow in the bitcoin client.. they avoid unsafe C memory manipulation, sticking to c++ streams for the most part
 980 2011-06-20 01:51:18 <gmaxwell> dD0T: yea, I assume it just puts in some crap input transactions that wouldn't validate.
 981 2011-06-20 01:51:37 <dD0T> gmaxwell: I see. And for performance reason they aren't validated on loading I take it
 982 2011-06-20 01:51:46 <dD0T> arent't / can't be
 983 2011-06-20 01:51:53 <gmaxwell> dD0T: right, you can ask the client to revalidate them. -rescan
 984 2011-06-20 01:52:06 <dD0T> Poor greedy ppl....
 985 2011-06-20 01:52:08 <IncitatusOnWater> so the attacker drove the price of BTC down so he could cash out as many as he wanted
 986 2011-06-20 01:52:14 <IncitatusOnWater> because of the 1k Cashout limit
 987 2011-06-20 01:52:17 <IncitatusOnWater> on MTGox
 988 2011-06-20 01:52:30 <dD0T> gmaxwell: Excellent peace of work from the attacker though. I bet it spread like wildfire
 989 2011-06-20 01:52:37 <dD0T> s/peace/pice
 990 2011-06-20 01:52:39 <dD0T> +e
 991 2011-06-20 01:52:42 <brocktice> did anyone get a copy of that file?
 992 2011-06-20 01:52:47 <brocktice> I"d like to have a look
 993 2011-06-20 01:52:49 <BTCTrader> incitatusonwater: that is assuming he wasnt just an idiot and in the thrill of the moment did not fuck up
 994 2011-06-20 01:52:51 <brocktice> but it's off fileden already
 995 2011-06-20 01:52:55 <gmaxwell> dD0T: probably mostly run against empty wallets.
 996 2011-06-20 01:52:57 <BTCTrader> fucked up*
 997 2011-06-20 01:52:59 <quiznor> IncitatusOnWater, if true he'd be able to withdraw 100K btc
 998 2011-06-20 01:53:09 <quiznor> but is a big withdrawal in the block chain?
 999 2011-06-20 01:53:16 <IncitatusOnWater> he's had the list for 2 to 3 days
1000 2011-06-20 01:53:17 <KuDeTa> IncitatusOnWater: i thing so
1001 2011-06-20 01:53:17 xinx has joined
1002 2011-06-20 01:53:19 <IncitatusOnWater> he planned it well
1003 2011-06-20 01:53:22 <KuDeTa> i think so*
1004 2011-06-20 01:53:23 <dD0T> gmaxwell: Possibly. But spread enough and chances are you hit a jackpot
1005 2011-06-20 01:53:32 <IncitatusOnWater> a 400K transfer is in the block chain
1006 2011-06-20 01:53:34 <KuDeTa> he though he could take out as many BTC as he liked if they were $0.01
1007 2011-06-20 01:53:39 <KuDeTa> but somehow didn't
1008 2011-06-20 01:53:41 <IncitatusOnWater> http://blockexplorer.com/tx/a09ac44c71a314316431f53dcf51d5c0ffdf85b738a6b07f622012ee41b38c16
1009 2011-06-20 01:53:48 <gmaxwell> dD0T: oh sure, for all we know thats how allinvain lost his 25k.
1010 2011-06-20 01:53:57 <knightrage> wooows
1011 2011-06-20 01:54:02 <KuDeTa> gmax: no his were transferred to a new account
1012 2011-06-20 01:54:09 <KuDeTa> on the BTC network
1013 2011-06-20 01:54:20 <gmaxwell> IncitatusOnWater: that was just normal wallet grooming.
1014 2011-06-20 01:54:27 <denisx> is the database out?
1015 2011-06-20 01:54:30 <IncitatusOnWater> i hope so
1016 2011-06-20 01:54:37 <IncitatusOnWater> the database has been out for a while
1017 2011-06-20 01:54:38 <gmaxwell> IncitatusOnWater: some wallet had grown to an enormous size and got transfered to clean it out.
1018 2011-06-20 01:54:40 <IncitatusOnWater> 2 days
1019 2011-06-20 01:54:45 <ius> brocktice: Works for me?
1020 2011-06-20 01:54:57 <denisx> ok, because a friend of me showed me my data ;)
1021 2011-06-20 01:54:57 <jrmithdobbs> gmaxwell: see /msg btw
1022 2011-06-20 01:55:01 <IncitatusOnWater> gmaxwell, you are sure he still has the wallet?
1023 2011-06-20 01:55:12 <jrmithdobbs> IncitatusOnWater: he still has not proven that, no
1024 2011-06-20 01:55:16 <quiznor> so the 5000k attack happened when? look for transactions after that
1025 2011-06-20 01:55:19 <SomeoneWeird> tradehill are implementing 2 factor authentication :D
1026 2011-06-20 01:55:36 <quiznor> 3am japan time was 8 hours ago
1027 2011-06-20 01:55:39 <xinx> Hey guys is there anyway that I can get some help setting up my miner please? I'm running ubuntu 11.04 server x64 but I'm a little bit confused
1028 2011-06-20 01:55:55 <kgo> xinx, #bitcoin-mining is probably better
1029 2011-06-20 01:56:06 <xinx> Thank you kgo
1030 2011-06-20 01:56:12 SomeoneWeird has quit (Quit: Leaving)
1031 2011-06-20 01:56:14 <brocktice> ius: maybe I just don't know how to use fileden?
1032 2011-06-20 01:56:16 <denisx> what will be the next target?
1033 2011-06-20 01:56:24 <denisx> btcguild, deepbit?
1034 2011-06-20 01:56:27 <brocktice> ius: but I get redirected to the main page
1035 2011-06-20 01:56:47 <nuthin> 2 factor authenciation and scrypt and I'll be happy
1036 2011-06-20 01:56:50 <gmaxwell> denisx: they've both been attacked before.
1037 2011-06-20 01:57:27 <ius> brocktice: Oh, I directly got the file
1038 2011-06-20 01:57:27 <eianpsego> is the consensus that an sql injection was used to grab the password digests?
1039 2011-06-20 01:57:29 <gmaxwell> luke-jr|otg: you probably feel like an innovator with your accountless pool right now. You may soon be the only bitcoin sevice to never have been exploited.
1040 2011-06-20 01:57:31 <quiznor> http://blockexplorer.com/tx/84f96975ea88d317676771a482c71f39ff53beda790c89c07ae82e427b4d090f  432K btc moved at 3:17 AM japan time
1041 2011-06-20 01:57:36 <gmaxwell> eianpsego: no
1042 2011-06-20 01:57:47 <quiznor> does anyone know whose tx that was
1043 2011-06-20 01:57:52 <brocktice> ius: I tried wget, I got nothing
1044 2011-06-20 01:57:53 <gmaxwell> 18:17 < MagicalTux> gmaxwell: someone who had read only access for the database to perform audits got compromised in some way,  investigation is still in  progress
1045 2011-06-20 01:57:57 <luke-jr> gmaxwell: I copied that idea.
1046 2011-06-20 01:58:03 <eianpsego> ah, I see
1047 2011-06-20 01:58:07 <gmaxwell> luke-jr: who from?
1048 2011-06-20 01:58:10 <brocktice> ooh interesting
1049 2011-06-20 01:58:18 <luke-jr> gmaxwell: OneFixt aka BitPenny
1050 2011-06-20 01:58:28 <brocktice> inside job?
1051 2011-06-20 01:58:35 <brocktice> that would actually make me feel better
1052 2011-06-20 01:58:40 <brocktice> a little
1053 2011-06-20 01:59:18 <luke-jr> gmaxwell: though, BitPenny was obivously compromised in a different way :P
1054 2011-06-20 01:59:22 <quiznor> who moved 432K BTC at 2PM EST today
1055 2011-06-20 01:59:26 <Kireji> has anyone got a tool that will count unique bitcoins transactions over a time interval, and not count conis that are chained through multiple transactions?
1056 2011-06-20 01:59:33 <MagicalTux> quiznor: me
1057 2011-06-20 01:59:34 minixking has joined
1058 2011-06-20 01:59:50 gsathya has joined
1059 2011-06-20 01:59:54 <quiznor> oh makes sense MagicalTux.. i didn't know you were up at 3 AM JP time :)
1060 2011-06-20 02:00:02 <MagicalTux> quiznor: wasn't planning to
1061 2011-06-20 02:00:05 <Kireji> MagicalTux: good to know, is that the investment base on mtgox?
1062 2011-06-20 02:00:06 <brocktice> MT's had a lot of early mornings lately :(
1063 2011-06-20 02:00:08 <dD0T> luke-jr: Oh. Sweet. I loved you didn't have to register with BitPenny. What's the name/addr of your pool?
1064 2011-06-20 02:00:21 <MagicalTux> Kireji: it's the mtgox funds, which I moved to a secure area until things are cleared
1065 2011-06-20 02:00:24 <doublec> I also learned the idea from bitpenny. I thought it was an awesome approach.
1066 2011-06-20 02:00:27 <MagicalTux> in fact there's more than that
1067 2011-06-20 02:00:33 <MagicalTux> but it's hard to see from the blochain
1068 2011-06-20 02:00:35 <Kireji> k, thanks
1069 2011-06-20 02:00:43 <ketsa> if the 432k btc reached the block chain, how are they going to rollback ? i dont get it.
1070 2011-06-20 02:00:53 sacarlson has quit (Ping timeout: 244 seconds)
1071 2011-06-20 02:01:08 Astounding has left ()
1072 2011-06-20 02:01:15 fimp has joined
1073 2011-06-20 02:01:16 <minixking> can someone give me a straight foreward answer as to what the hashs are?
1074 2011-06-20 02:01:17 <yebyen> what a bunch of winers are on this mtgox hack thread
1075 2011-06-20 02:01:23 elly has left ()
1076 2011-06-20 02:01:28 <yebyen> *whiners
1077 2011-06-20 02:01:50 <kgo> ketsa, internal to mtgox, I don't think they actually send transactions to the blockchain.  Only when you deposit/withdraw.
1078 2011-06-20 02:01:50 <ne0futur> minixking: probably wikipedia can help you
1079 2011-06-20 02:01:55 <MagicalTux> minixking: they are FreeBSD MD5 salted hashes for most, and any account that never logged in for 2 months have simple MD5 hashes
1080 2011-06-20 02:01:58 chaord has joined
1081 2011-06-20 02:02:24 common_ has joined
1082 2011-06-20 02:02:35 <ketsa> someone linked the blockexplorer transaction so it did no ?
1083 2011-06-20 02:02:52 exstntlstfrtn_ has quit (Ping timeout: 252 seconds)
1084 2011-06-20 02:02:59 <Lachesis> MagicalTux, why can't the code be audited?
1085 2011-06-20 02:03:00 <gmaxwell> ketsa: 18:59 < MagicalTux> Kireji: it's the mtgox funds, which I moved to a secure area until things are cleared
1086 2011-06-20 02:03:02 <amiller> ketsa, could you send me the link
1087 2011-06-20 02:03:30 <MagicalTux> [11:02:13] <Lachesis> MagicalTux, why can't the code be audited? <- because it's too messy, the current code was written by previous owner which has no background in terms of security
1088 2011-06-20 02:03:36 <eianpsego> The attack vector used (inside comprimise) sounds like a separate problem from the hash mechanism used (eg., crypt() on freebsd) - why isn't this the focus?
1089 2011-06-20 02:03:56 <ketsa> gmaxwell: ah thanks
1090 2011-06-20 02:03:57 <dD0T> eianpsego: ++
1091 2011-06-20 02:04:12 <gmaxwell> eianpsego: because it's not something that gets public discussion.
1092 2011-06-20 02:04:15 <erek> MagicalTux: they mentiond you mark, saying you're in tokyo
1093 2011-06-20 02:04:17 <jlgaddis> MagicalTux: please hurry so these tradehill clowns get the fuck off this interview shit
1094 2011-06-20 02:04:17 <MagicalTux> been spending half my time fixing it, half my time answering email, half my time fighting DDoS and FUD, and remaining time coding a new, more secure system
1095 2011-06-20 02:04:33 <NxTitle> hell yeah 200%
1096 2011-06-20 02:04:41 backwardation25 has quit (Remote host closed the connection)
1097 2011-06-20 02:04:58 <OVerLoRDI> MagicalTux, when you get things sorted out will you make an announcement stating when the exchange will be back online?  I think it would be good if as many people as possible knew when the exchange would come online
1098 2011-06-20 02:04:58 <eianpsego> gmaxwell, I wonder if the best mitigation to this attack is a human resources background check... :P
1099 2011-06-20 02:05:01 <gmaxwell> eianpsego: though I'm hoping for it being an account used for auditing by law enforcement. :)
1100 2011-06-20 02:05:10 <MagicalTux> OVerLoRDI: we are updating the announcement right now
1101 2011-06-20 02:05:31 <bulletbill> MagicalTux: was there a large withdrawal of BTC that happened?
1102 2011-06-20 02:05:35 <MagicalTux> we'll make available a minimal interface first that will allow people to restore their account if they have enough background to prove its theirs
1103 2011-06-20 02:05:38 <Lachesis> MagicalTux, legacy code is always killer... i'm glad you're not taking this lying down, but i'm still a bit irritated at the bug. sure, security is hard, but that's no excuse for not making it a priority.
1104 2011-06-20 02:05:47 <fiverawr> MagicalTux: When do you imagine the new website, that your team have written, will go live?
1105 2011-06-20 02:05:51 <minixking> magical: you working on mtgox?
1106 2011-06-20 02:06:02 <lianj> MagicalTux: and that no funds are gone would relief people in the announcement :)
1107 2011-06-20 02:06:05 <Optimo> hey leave him alone geez
1108 2011-06-20 02:06:13 <Optimo> highlihgting him doesn't help
1109 2011-06-20 02:06:14 <quiznor> it looks like the funds have been split up into a bunch of separate wallets with 50K each
1110 2011-06-20 02:06:17 <quiznor> seems like a good idea
1111 2011-06-20 02:06:23 fimp has quit (Quit: This computer has gone to sleep)
1112 2011-06-20 02:06:30 KingMartin has quit (Ping timeout: 250 seconds)
1113 2011-06-20 02:06:35 evolute has joined
1114 2011-06-20 02:06:41 <ius> gmaxwell: re: trojan (Bitcoin_Exploit.rar): "This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support."
1115 2011-06-20 02:06:45 <fiverawr> Optimo: Yeah. Because usually when talking to somebody, you'd face the other way.
1116 2011-06-20 02:06:56 kcsrnd has quit ()
1117 2011-06-20 02:06:58 rusty has joined
1118 2011-06-20 02:07:02 kcsrnd has joined
1119 2011-06-20 02:07:03 kcsrnd has quit (Changing host)
1120 2011-06-20 02:07:03 kcsrnd has joined
1121 2011-06-20 02:08:04 <minixking> i have a copy of the hashed password file
1122 2011-06-20 02:08:07 darnold has joined
1123 2011-06-20 02:08:18 <elnato> minixking congratulations
1124 2011-06-20 02:08:18 darnold has quit (Client Quit)
1125 2011-06-20 02:08:24 <BTCTrader> minixking: you and half the internet ;)
1126 2011-06-20 02:08:51 <minixking> from what im coming to understand is these damn dummies used same password on multiple sites
1127 2011-06-20 02:09:02 <Optimo> fools
1128 2011-06-20 02:09:15 <minixking> so its spreading exponentially
1129 2011-06-20 02:09:17 <dD0T> minixking: Nothing new there either
1130 2011-06-20 02:09:19 <Optimo> but then most people see passwords as a mere formality
1131 2011-06-20 02:09:20 \LoveBeads\ has joined
1132 2011-06-20 02:09:20 <rusty> http://bit.ly/cdmwSu in title is wrong: says "The requested URL /bitcoin/irc/logs/ was not found on this server."  Should be http://bit.ly/iPFi3X ?
1133 2011-06-20 02:09:39 jburkle has joined
1134 2011-06-20 02:10:03 eps has quit (Disconnected by services)
1135 2011-06-20 02:10:11 LoveBeads has quit (Ping timeout: 244 seconds)
1136 2011-06-20 02:10:19 <erek> they're calling MagicalTux
1137 2011-06-20 02:10:21 <erek> hehe
1138 2011-06-20 02:10:22 <dD0T> minixking: Depends. gmail makes all its users on that list reset their passwords.
1139 2011-06-20 02:10:37 epscy has joined
1140 2011-06-20 02:10:43 <quiznor> there must be another wallet the site uses to pay out btc withdrawals.. if anyone knows that wallet, they can check if the hacker made out with any significant amount
1141 2011-06-20 02:10:58 <dD0T> minixking: Also exponentially is the wrong word here.
1142 2011-06-20 02:11:01 <nuthin> erek: where?
1143 2011-06-20 02:11:07 Sloth has joined
1144 2011-06-20 02:11:07 <minixking> i didnt make it out with much
1145 2011-06-20 02:11:11 <erek> http://onlyonetv.com/?page_id=178
1146 2011-06-20 02:11:13 <erek> they live stream
1147 2011-06-20 02:11:22 <machine1> Alert: Bitcoin CIA Operation - MTGOX "Hacked" Trades Rolled Back? http://members.beforeitsnews.com/story/730/098/Alert:_Bitcoin_CIA_Operation_-_MTGOX_Hacked_Trades_Rolled_Back.html
1148 2011-06-20 02:11:39 <quiznor> exponentially is the right word probably
1149 2011-06-20 02:11:39 <JFK911> ddos beforeitsnews.com
1150 2011-06-20 02:11:43 <luke-jr> dD0T: #Eligius
1151 2011-06-20 02:11:43 sabalabas has quit (Ping timeout: 240 seconds)
1152 2011-06-20 02:11:49 <quiznor> since each person tells N people, etc
1153 2011-06-20 02:11:51 <minixking> erek: i get a 503
1154 2011-06-20 02:12:01 <erek> try again
1155 2011-06-20 02:12:06 <Optimo> machine1, I'm thoroughly convinced that link is trash
1156 2011-06-20 02:12:17 <dD0T> luke-jr: https://en.bitcoin.it/wiki/Eligius I take it?
1157 2011-06-20 02:13:17 <TheSeven> MagicalTux: do you know at which point in time the dump was taken? i can tell that it must have been fairly recently as it already included my new password
1158 2011-06-20 02:13:55 Turix has quit (Quit: Leaving)
1159 2011-06-20 02:14:04 <quiznor> can anyone give me a recent transaction where they withdrew btc from mtgox
1160 2011-06-20 02:14:13 <vrs> enough time to allow somebody to crack the password of an account with a lot of BTC
1161 2011-06-20 02:14:41 <vrs> several hours at least? (assuming a not-too-weak password)
1162 2011-06-20 02:14:44 spm_Draget has joined
1163 2011-06-20 02:14:48 <NxTitle> MagicalTux: how much in the way of BTC did they get out? what price?
1164 2011-06-20 02:14:49 <luke-jr> dD0T: yes
1165 2011-06-20 02:14:51 <quiznor> vrs: a few hundred were cracked and then posted
1166 2011-06-20 02:14:55 <TheSeven> MagicalTux: must have been after 2011-06-16 12:00 UTC
1167 2011-06-20 02:14:56 Taveren93HGK has quit (Ping timeout: 260 seconds)
1168 2011-06-20 02:14:59 <vrs> quiznor: yes, the easy ones
1169 2011-06-20 02:15:18 <vrs> but i doubt somebody with >100kbtc has such an easy pw
1170 2011-06-20 02:15:34 <vrs> if they have, well...
1171 2011-06-20 02:15:44 <bulletbill> MT still didn't answer whether large amounts of coins were withdrawn
1172 2011-06-20 02:15:46 <upb> oh so mytgox wasnt hacked, their SECURITY CONSULTANT got rooted ?!
1173 2011-06-20 02:15:51 <vrs> yes
1174 2011-06-20 02:15:57 sacarlson has joined
1175 2011-06-20 02:16:12 <min0r> Does anyone know what happens if you send bitcoins to an address that DOESNT EXIST?  (i.e. a typo in an address i sent to?)
1176 2011-06-20 02:16:23 <Lachesis> min0r, if it passed the checksum validation
1177 2011-06-20 02:16:24 <Keefe> bulletbill: he did say earlier: 100 btc
1178 2011-06-20 02:16:25 <Lachesis> they're gone
1179 2011-06-20 02:16:25 <vrs> they sit there until the day comes
1180 2011-06-20 02:16:28 <MagicalTux> NxTitle: they didn't get much BTC out, which is great
1181 2011-06-20 02:16:32 <NxTitle> min0r: they're checksummed so it's tough to accidentally typo
1182 2011-06-20 02:16:38 <NxTitle> MagicalTux: ah, kk
1183 2011-06-20 02:16:39 <vrs> or some lucky bastard gets a key that matches the address
1184 2011-06-20 02:16:44 <min0r> i see...
1185 2011-06-20 02:16:47 <quiznor> is 100 btc the withdrawal limit?
1186 2011-06-20 02:16:59 <luke-jr> jgarzik: do you have e-wallet services yet? I've had a number of people on Eligius looking for one that works properly
1187 2011-06-20 02:17:06 <min0r> but if you typo it... can you create that address somewhere before someone else does ?
1188 2011-06-20 02:17:08 <vrs> MagicalTux: is there a btc withdrawal limit too?
1189 2011-06-20 02:17:09 <NxTitle> yeah, people were questioning whether they got out $1000 @ 17 or $1000 @ 0.01
1190 2011-06-20 02:17:14 <luke-jr> min0r: it's not possible
1191 2011-06-20 02:17:16 <NxTitle> vrs: yes
1192 2011-06-20 02:17:21 <NxTitle> $1000 worth of BTC is max
1193 2011-06-20 02:17:29 <MagicalTux> vrs: the btc withdrawal limit saved us
1194 2011-06-20 02:17:30 <slush> anybody else noticed sudden withdrawals from mybitcoin.com ?
1195 2011-06-20 02:17:31 <quiznor> yeah but thats dollar denominated
1196 2011-06-20 02:17:40 <luke-jr> MagicalTux: saved whom?
1197 2011-06-20 02:17:41 <min0r> luke-jr: whats not possible? the odds of typing a valid address?
1198 2011-06-20 02:17:43 <slush> I received email that my balance was sent to some unkown address...
1199 2011-06-20 02:17:43 <quiznor> so you can only withdraw 100 btc per day
1200 2011-06-20 02:17:47 <Keefe> there should be another limit, denominated in btc
1201 2011-06-20 02:17:47 <MagicalTux> luke-jr: mtgox, and everyone else I guess
1202 2011-06-20 02:17:48 <luke-jr> min0r: pretty much
1203 2011-06-20 02:17:52 <min0r> ok np
1204 2011-06-20 02:17:55 <slush> ...and I didn't used same login/password as on mtgox ;)
1205 2011-06-20 02:18:02 <jrabbit> Waht ever happened to collective invalidation of the chain?
1206 2011-06-20 02:18:09 <vrs> MagicalTux: is it a per-account limit? could you circumvent it by intra-mtgox-transactions and withdrawing from sockpuppet accounts?
1207 2011-06-20 02:18:12 <luke-jr> MagicalTux: just saying, a revert means I lose ~$1000; so didn't save me :P
1208 2011-06-20 02:18:17 <jrabbit> i.e. restoring that guy's stolen wallet or similar hijinks?
1209 2011-06-20 02:18:18 <quiznor> didnt the hacker check how much he can withdraw first
1210 2011-06-20 02:18:19 neurochasm has quit (Quit: Leaving)
1211 2011-06-20 02:18:22 <min0r> anyone worried that someone has over 50% of the mining hash power??
1212 2011-06-20 02:18:27 <ius> gmaxwell: btw, that autoit stealer is more than just bitcoin
1213 2011-06-20 02:18:28 <MagicalTux> vrs: they tried to did it, but I shut down mtgox before anything major happened
1214 2011-06-20 02:18:29 <luke-jr> min0r: yep
1215 2011-06-20 02:18:32 <min0r> we jumped from 6Ghash to 8Ghash in a few days
1216 2011-06-20 02:18:45 <vrs> MagicalTux: ah, they weren't stupid then
1217 2011-06-20 02:18:46 <MagicalTux> min0r: and back to 6Gh since miners are busy cracking passwords ?
1218 2011-06-20 02:18:47 <ius> gmaxwell: Also steals chrome. ff and filezilla password caches
1219 2011-06-20 02:18:48 <nuthin> gmaxwell: it seems scrypt doesn't return a fixed output size, like bcrypt
1220 2011-06-20 02:18:57 <vrs> but they probably didn't plan it
1221 2011-06-20 02:19:00 RenaKunisaki has quit (Ping timeout: 276 seconds)
1222 2011-06-20 02:19:03 <jburkle> Newbie question on testnet-in-a-box. After doing everything in the README, the bitcoin daemon in datadir=2 does not appear to have an account. How do I give it a new account?
1223 2011-06-20 02:19:06 TheSeven has quit (Disconnected by services)
1224 2011-06-20 02:19:08 <MagicalTux> vrs: they started moving funds to randomly created accounts, but I stop mtgox before they actually withdraw anything
1225 2011-06-20 02:19:14 [7] has joined
1226 2011-06-20 02:19:22 <vrs> after they ran into the withdrawal limit?
1227 2011-06-20 02:19:25 <Keefe> so they weren't stupid, just slow :/
1228 2011-06-20 02:19:31 RenaKunisaki has joined
1229 2011-06-20 02:19:43 <vrs> that would imply they never moved large sums via mtgox
1230 2011-06-20 02:19:56 <vrs> or they would have known
1231 2011-06-20 02:19:57 <gmaxwell> nuthin: iirc it can return any size you want, so you can use it as a stream cipher source.
1232 2011-06-20 02:19:57 <Keefe> they won't make the same mistakes next time
1233 2011-06-20 02:20:20 <Lachesis> Keefe, *a moment of reflective silence*
1234 2011-06-20 02:20:28 <nuthin> hmm, k
1235 2011-06-20 02:20:31 <Lachesis> let's try to be ready for next time
1236 2011-06-20 02:20:37 <common_> MagicalTux: so the latest official message means, that mtgox won't be back before 8am GMT, which is in about 5h40min?
1237 2011-06-20 02:20:40 lessPlastic has quit (Quit: lessPlastic)
1238 2011-06-20 02:20:56 <quiznor> so the hacker probably made out with around 5,000 btc and probably still has access to a good # of accounts (after resetting the email to something they control)
1239 2011-06-20 02:20:58 <nuthin> I just tried out the demo utility they made and doesn't have many options
1240 2011-06-20 02:21:00 <vrs> MagicalTux: did the audit person have read access to the transaction database? why did they have access to the production database anyway?
1241 2011-06-20 02:21:24 <Optimo> it's an opportunity to tell part of your story, Mark. most people don't even know you took this over from a previous entity
1242 2011-06-20 02:21:34 Lenovo01 has joined
1243 2011-06-20 02:21:40 <vrs> so, is there a possibility that somebody can link bank transactions (names etc) to accounts?
1244 2011-06-20 02:21:42 <Optimo> not an excuse, but at least it lowers some of the mystery
1245 2011-06-20 02:21:43 <briareus> LOL "Bitcoin is for ordinary people, it's not just for criminals!"  <--- Hahahaha
1246 2011-06-20 02:21:51 <nuthin> :D
1247 2011-06-20 02:21:56 <upb> MagicalTux: why did you send your helpdesk guy to the interview ?:P
1248 2011-06-20 02:22:02 <erek> MagicalTux: thank you for your help
1249 2011-06-20 02:22:08 <MagicalTux> upb: because I'm busy fixing stuff
1250 2011-06-20 02:22:13 <upb> aha
1251 2011-06-20 02:22:25 <jlgaddis> ...and answering questions from every idjit on irc
1252 2011-06-20 02:22:32 <nuthin> \o/
1253 2011-06-20 02:22:32 <evolute> upb: they said it's because MagicalTux's 1st language isn't english
1254 2011-06-20 02:22:39 <MagicalTux> evolute: that too
1255 2011-06-20 02:22:44 <erek> MagicalTux: ありがとう
1256 2011-06-20 02:22:48 <fiverawr> I think his first language is PHP
1257 2011-06-20 02:22:53 <nuthin> hhaha
1258 2011-06-20 02:22:54 <upb> lol
1259 2011-06-20 02:23:11 Lenovo01 has quit (Client Quit)
1260 2011-06-20 02:23:16 <Keefe> slush: i don't use mybitcoin. i got a bad feeling about them long ago
1261 2011-06-20 02:23:24 Taveren93HGK has joined
1262 2011-06-20 02:23:48 <slush> Keefe: same here, actually I lost 0.5BTC, which is not _so_ bad
1263 2011-06-20 02:24:11 <slush> but I'm just curious if someone cracked my account or it is some wide major attack
1264 2011-06-20 02:24:18 <quiznor> hackstack
1265 2011-06-20 02:24:39 inktri has joined
1266 2011-06-20 02:24:48 Teslah has quit (Ping timeout: 255 seconds)
1267 2011-06-20 02:25:35 <kika_> MagicalTux: when mtgox will be back how many more hours?
1268 2011-06-20 02:25:35 <dehuman> slush: you use same password on mybitcoin as mtgox?
1269 2011-06-20 02:25:41 <slush> no
1270 2011-06-20 02:25:51 <Optimo> gmail really needs sort my attachment size
1271 2011-06-20 02:26:12 <midnightmagic> slush: What's this now? You're seeing problems elsewhere?
1272 2011-06-20 02:26:14 <slush> actually I used pretty strong password on mtgox and I'm not affraid of cracking them from his hashed representation
1273 2011-06-20 02:26:24 <common_> kika_: according to latest info on page ~5h35mins
1274 2011-06-20 02:26:32 <spm_Draget> Some financial markets shut down automatically if there is too much movement. Anyhow, thumbsup for Mark. Can imagine it must be an awful night. Feeling with you =)
1275 2011-06-20 02:26:55 <slush> midnightmagic: bitcoins from my account at mybitcoin.com disappeared before hour or two, I received an email that they were withdrawed :)
1276 2011-06-20 02:27:15 <quiznor> you were my bitcoin hacked?
1277 2011-06-20 02:27:20 <midnightmagic> slush: Jesus brutal..
1278 2011-06-20 02:27:21 <slush> looks like
1279 2011-06-20 02:29:23 <spm_Draget> Cool, bitcoins in der Tagesschau
1280 2011-06-20 02:29:34 <vrs> spm_Draget: eins weiter :)
1281 2011-06-20 02:29:35 <slush> hmm, strange. Thanks to account history, coins were sent to 1Ne8UvHx1CK3zUmUBMmZK2pZFHb2iNqZHi, but blockexplorer does not show anything
1282 2011-06-20 02:29:38 <quiznor> why did the thiefer steal 0.5 btc hmm
1283 2011-06-20 02:29:46 plutonic has joined
1284 2011-06-20 02:29:53 <BaltarNZ> so mybitcoin is cracked as well?
1285 2011-06-20 02:30:07 <vrs> perhaps mybitcoin's bitcoind is offline?
1286 2011-06-20 02:30:20 <Blitzboom> audit mtgox security – compromise it yourself
1287 2011-06-20 02:30:21 <Blitzboom> brilliant
1288 2011-06-20 02:30:34 <NxTitle> people watching onlyonetv right now - who is the guy currently talking to?
1289 2011-06-20 02:30:36 <NxTitle> online
1290 2011-06-20 02:30:42 <Blitzboom> i hope the auditer will kill himself for the darwin award
1291 2011-06-20 02:30:44 <ZOP> slush: i don't see any pending transactions....blockexplorer...doesnt' say completely unknown for that address though?
1292 2011-06-20 02:30:48 <NxTitle> Adam or Mike?
1293 2011-06-20 02:30:51 <NxTitle> erm
1294 2011-06-20 02:30:52 <NxTitle> Mark
1295 2011-06-20 02:31:02 <quiznor> hmm the whole financial auditor story is a little weak
1296 2011-06-20 02:31:03 <nuthin> NxTitle: seems the help desk guy
1297 2011-06-20 02:31:04 <NxTitle> ah, nvm
1298 2011-06-20 02:31:06 <ZOP> slush: maybe it went into a later-invalidated block?
1299 2011-06-20 02:31:09 <slush> ZOP: me too, which looks strange. but my balance dropped to 0
1300 2011-06-20 02:31:20 <quiznor> why would the auditor need access to to mysql? just give them csv dumps like a normal audit
1301 2011-06-20 02:31:33 <vrs> Blitzboom: the shame should be enough, i guess they learned from it
1302 2011-06-20 02:31:33 <ZOP> slush: and just hasn't been resubmitted to the p2p network by mybitcoin?  odd.
1303 2011-06-20 02:31:46 <slush> i have no idea
1304 2011-06-20 02:31:49 <quiznor> what accounting company does an audit using a live mysql server thats changing? doesn't happen..
1305 2011-06-20 02:31:55 <phunction> whats the purpose of finanicial audits?
1306 2011-06-20 02:31:59 <ZOP> quiznor: even if the dude got mysql dumps, why were the passwords or email addresses part of it, hell, why were teh account NAMES part of it.
1307 2011-06-20 02:31:59 <slush> I'm curious if I'm alone or more people noticed this
1308 2011-06-20 02:32:07 <jgarzik> luke-jr: unfortunately not.  looked into USA regulations, and got scared away from both e-wallet and pool providing
1309 2011-06-20 02:32:07 <markio> mybitcoin is compromised?
1310 2011-06-20 02:32:11 <quiznor> if youve ever done an audit you now they take all teh data in CSV format or something for the period youre auditing. they dont go rooting around your production database
1311 2011-06-20 02:32:25 <luke-jr> jgarzik: whoa, not even pool?
1312 2011-06-20 02:32:39 <luke-jr> jgarzik: what regulations can possibly be applied to pools? :/
1313 2011-06-20 02:32:41 <slush> jgarzik: where is a problem with pools?
1314 2011-06-20 02:32:42 <jlgaddis> quiznor: what makes you think they had access to the production database?
1315 2011-06-20 02:32:44 <jgarzik> luke-jr: it's money transmitting...
1316 2011-06-20 02:32:46 smokemasta2 has quit ()
1317 2011-06-20 02:32:51 <quiznor> a financial auditor doesn't poke around your sql.. they load up your CSV files into cruddy EXCEL and dink around with it :)
1318 2011-06-20 02:32:53 <jrmithdobbs> MagicalTux: after that discussion you're still going to try and implement your own sha512-based password hash format?
1319 2011-06-20 02:32:53 <jgarzik> slush: you are OK.  This is only for pools hosted inside USA.
1320 2011-06-20 02:32:56 <luke-jr> jgarzik: stored value = money?
1321 2011-06-20 02:32:57 <jrmithdobbs> MagicalTux: PLEASE SAY IT AINT SO
1322 2011-06-20 02:33:00 <jgarzik> luke-jr: correct
1323 2011-06-20 02:33:11 <quiznor> jlgaddis: because they had the user table
1324 2011-06-20 02:33:23 <phunction> is this for tax compliance in japan?
1325 2011-06-20 02:33:23 <luke-jr> jgarzik: so mining  = money transmitting?
1326 2011-06-20 02:33:29 <luke-jr> USA mining is highly regulated?
1327 2011-06-20 02:33:33 <jlgaddis> quiznor: perhaps they had csv files of each table
1328 2011-06-20 02:33:47 <kgo> mining != mining-pool
1329 2011-06-20 02:33:57 digitalirony has quit (Ping timeout: 276 seconds)
1330 2011-06-20 02:34:16 <quiznor> jlgaddis: the story so far is that the auditor had access to the db
1331 2011-06-20 02:34:24 <quiznor> why would you give your accountant the user table?
1332 2011-06-20 02:34:31 <ZOP> i think anonymous is done with sony now....heh....
1333 2011-06-20 02:34:40 <Blitzboom> it was financial auditors?
1334 2011-06-20 02:34:43 <quiznor> yes
1335 2011-06-20 02:34:55 <Blitzboom> so the traditional financial retards managed to fuck it up again
1336 2011-06-20 02:34:59 <jlgaddis> "someone who performs audits"
1337 2011-06-20 02:35:00 <vrs> jburkle: getnewaddress, then setaccount (it will just be created)
1338 2011-06-20 02:35:00 <ZOP> Blitzboom: https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
1339 2011-06-20 02:35:01 <kgo> quiznor, where was that said?  People also get code audits.
1340 2011-06-20 02:35:05 <vrs> MagicalTux: (again, sorry) did the audit person have read access to the transaction database / could they see banking details (IBANs, names, addresses, etc)?
1341 2011-06-20 02:35:06 <jlgaddis> not necessarily a financial auditor
1342 2011-06-20 02:35:07 <ZOP> Blitzboom: update @ 2:06 GMT
1343 2011-06-20 02:35:07 <quiznor> kgo - yes it was
1344 2011-06-20 02:35:19 darbsllim_1 has joined
1345 2011-06-20 02:35:20 <Herodes> I for one is ignoring jrmithdobbs. Had enough of his crappy attitude.
1346 2011-06-20 02:35:23 <Blitzboom> goddamn SUITS
1347 2011-06-20 02:35:26 vonnieda has joined
1348 2011-06-20 02:35:31 KedP has joined
1349 2011-06-20 02:35:38 digitalirony has joined
1350 2011-06-20 02:35:40 <KedP> hi
1351 2011-06-20 02:35:55 <quiznor> an accountant would want all the transactions, payins, and payouts.. then they reconcile it
1352 2011-06-20 02:36:06 <quiznor> they dont want email addresses or ppl's bank details etc
1353 2011-06-20 02:36:15 <kgo> quiznor, not trying to force the point, but I never saw anything that indicated it was a finincal auditor vs a security auditor vs code auditor.  If you have a link or snipped, I'd apprecaite it.
1354 2011-06-20 02:36:25 <nuthin> quiznor: they probably want peoples bank details
1355 2011-06-20 02:36:28 digitalirony has quit (Client Quit)
1356 2011-06-20 02:36:31 darbsllim has quit (Ping timeout: 260 seconds)
1357 2011-06-20 02:36:34 <quiznor> kgo - it was stated in the chat somewhere.. i had to log back in tho
1358 2011-06-20 02:36:35 <nuthin> they need to know where the money is coming from
1359 2011-06-20 02:36:40 <phunction> they said it one live stream right now
1360 2011-06-20 02:36:42 <jrmithdobbs> nuthin: no they specifically *don't* want it in most cases actually
1361 2011-06-20 02:36:49 <phunction> said it finanical auditor
1362 2011-06-20 02:36:50 <quiznor> but the thing is, no accountant is going to futz around on mysql :)  they are excel monkeys
1363 2011-06-20 02:36:53 <nuthin> that's why you even need audits
1364 2011-06-20 02:36:58 darbsllim_1 has quit (Client Quit)
1365 2011-06-20 02:37:05 <Blitzboom> i blame the damn auditor
1366 2011-06-20 02:37:16 <fiverawr> I still blame Blitzboom
1367 2011-06-20 02:37:21 Saab- has joined
1368 2011-06-20 02:37:25 <quiznor> have you ever seen an accountant digging around a live mysql database and figuring shit out... no..
1369 2011-06-20 02:37:29 devserial has joined
1370 2011-06-20 02:37:31 <Blitzboom> those finincial types managed to ruin it for everyone else again
1371 2011-06-20 02:37:40 stamit has joined
1372 2011-06-20 02:37:43 <nuthin> the point in audits is making sure people are not trying to launder money and that you're actually getting in what you claim
1373 2011-06-20 02:37:48 <Blitzboom> i hope they won’t be asking for taxpayer bailouts now
1374 2011-06-20 02:37:53 <quiznor> an audit situation would be:  From: accountant@llc.com  Hey send me a zip with the transactions in CSV format
1375 2011-06-20 02:38:06 <nuthin> I think
1376 2011-06-20 02:38:07 Castor_ has quit (Ping timeout: 240 seconds)
1377 2011-06-20 02:38:11 <jgarzik> luke-jr: mining == money receiving
1378 2011-06-20 02:38:14 <nuthin> maybe not the launder money part ...
1379 2011-06-20 02:38:16 <jgarzik> luke-jr: pool operating == money transmitting
1380 2011-06-20 02:38:19 <ZOP> kgo: my link is where they've mentioned the auditor, nothing said about what type.
1381 2011-06-20 02:38:25 <jgarzik> big diff
1382 2011-06-20 02:38:33 Castor_ has joined
1383 2011-06-20 02:38:33 <min0r> all bitcoin addresses are 34 characters alphanuemeric?
1384 2011-06-20 02:38:39 <jrmithdobbs> min0r: nope
1385 2011-06-20 02:38:40 <luke-jr> jgarzik: pool is just mining
1386 2011-06-20 02:38:47 Teslah has joined
1387 2011-06-20 02:38:58 <jrmithdobbs> min0r: alphanumeric yes but length varies
1388 2011-06-20 02:39:00 jsnyder has joined
1389 2011-06-20 02:39:01 <luke-jr> jgarzik: unless you mean I simply need to avoid ever using 'send*'
1390 2011-06-20 02:39:04 Teslah has quit (Read error: Connection reset by peer)
1391 2011-06-20 02:39:05 <kika_> jgarzik: pool and mining would be the same
1392 2011-06-20 02:39:06 caedes has quit (Remote host closed the connection)
1393 2011-06-20 02:39:08 <jrmithdobbs> min0r: and case matters
1394 2011-06-20 02:39:10 <kunnis> quiznor   I have one tinkering in a mssql database
1395 2011-06-20 02:39:16 <jrmithdobbs> kika_: no it wouldn't
1396 2011-06-20 02:39:18 <min0r> jrmithdobs: whats the minimum length?
1397 2011-06-20 02:39:22 Teslah has joined
1398 2011-06-20 02:39:26 <luke-jr> but then, wouldn't that mean *anyone who ever spends bitcoins* is regulated the same?
1399 2011-06-20 02:39:33 <kika_> jrmithdobbs: whats the difference between mining in a pool and mining in a client?
1400 2011-06-20 02:39:36 Crypticfortune has joined
1401 2011-06-20 02:39:37 <ZOP> min0r: the'yre a base58 representation of the...now i can't remember... http://en.bitcoin.it/wiki/Address  probably remembers
1402 2011-06-20 02:39:44 <kgo> A pool has a centralized place where money is collected and distributed by an agent.
1403 2011-06-20 02:39:46 <jrmithdobbs> kika_: it's not the people doing the mining he's talknig about.
1404 2011-06-20 02:39:46 plutonic has quit (Quit: plutonic)
1405 2011-06-20 02:39:48 <kika_> jrmithdobbs: in both cases you are solving a block
1406 2011-06-20 02:39:53 <jrmithdobbs> kika_: he's talking about the *pool operator*
1407 2011-06-20 02:39:58 <ZOP> min0r: basically the hash of the public key.
1408 2011-06-20 02:40:01 <jrmithdobbs> which transmits the resulting money to others
1409 2011-06-20 02:40:02 <kgo> mining doesn't have that agent.  Spending money doesn't have that agent.
1410 2011-06-20 02:40:14 <BaltarNZ> I would guess in the US a pool operator would be required to 1099 other US persons and get an exception statement from non US parties.
1411 2011-06-20 02:40:15 <kika_> jrmithdobbs: i think the pool operator is just a miner, a big miner
1412 2011-06-20 02:40:20 <jrmithdobbs> you're wrong
1413 2011-06-20 02:40:21 <luke-jr> kgo: Eligius doesn't collect/distribute money
1414 2011-06-20 02:40:30 <kunnis> kika_   Mining in a pool it distributes the odds of getting a payout across everyone.   Much like an office lotto pool.   Everyone chips in hoping to get the big payout.
1415 2011-06-20 02:40:35 <jgarzik> kika_: wrong
1416 2011-06-20 02:40:43 <kika_> jrmithdobbs: so to run a pool you need to have a money transmitting licence?
1417 2011-06-20 02:40:46 hallowworld has quit (Ping timeout: 260 seconds)
1418 2011-06-20 02:40:47 <jgarzik> luke-jr: you can continue to tell yourself that.  lawyers disagree...
1419 2011-06-20 02:40:59 <jgarzik> kika_: if you are USA'ian, running a USA-based pool, yes
1420 2011-06-20 02:41:07 <jrmithdobbs> kika_: jgarzik says that's the results of his resaurch
1421 2011-06-20 02:41:10 <BaltarNZ> kunnis right, and in the US you need to pay taxes on your winnings.
1422 2011-06-20 02:41:12 <luke-jr> jgarzik: it works exactly the same as any other miner
1423 2011-06-20 02:41:13 <jrmithdobbs> and it sounds plausible to me
1424 2011-06-20 02:41:20 <kgo> luke-jr, asking cuz I really don't know, but where does that 50BTC bounty go?  Straight to the miners?
1425 2011-06-20 02:41:25 <luke-jr> kgo: yes
1426 2011-06-20 02:41:30 <jrmithdobbs> luke-jr: actually, you're not doing any transmitting with eligius
1427 2011-06-20 02:41:38 <jrmithdobbs> luke-jr: i don't know it's kind of fuzzy
1428 2011-06-20 02:41:50 <BaltarNZ> the IRS likes fuzzy
1429 2011-06-20 02:41:54 <jburkle> tell vrs thank you very much
1430 2011-06-20 02:41:58 <ZOP> eligius pays out to the addresses during the generation that it occurs....
1431 2011-06-20 02:42:05 <ZOP> which is different.
1432 2011-06-20 02:42:05 <jrmithdobbs> luke-jr: but because you're splitting the coinbase directly i could see making an argument in court at the least
1433 2011-06-20 02:42:11 <jrmithdobbs> luke-jr: just depends if you're willing to do that
1434 2011-06-20 02:42:11 <ZOP> it never actually collects any.
1435 2011-06-20 02:42:13 <jrmithdobbs> and take that chance
1436 2011-06-20 02:42:36 Castor_ is now known as Castor
1437 2011-06-20 02:42:42 <Cryo> MagicalTux, thanks for participating in that chat and adding sanity.
1438 2011-06-20 02:42:45 <ZOP> the others all certainly do collect it together.
1439 2011-06-20 02:42:46 Castor is now known as Castor_
1440 2011-06-20 02:42:57 <kgo> Okay.  That's a little more grey than the other pools though.  All I know is the IRS took down Capone...
1441 2011-06-20 02:43:15 sacarlson has quit (Quit: Leaving.)
1442 2011-06-20 02:43:17 <luke-jr> jgarzik: so theoretically, isn't there some $N,000 per month per person minimum before the regulations apply?
1443 2011-06-20 02:43:26 <jgarzik> luke-jr: at the federal level, yes
1444 2011-06-20 02:43:27 <ZOP> luke-jr: dude, are you shooting people?
1445 2011-06-20 02:43:28 backwardation25 has joined
1446 2011-06-20 02:43:30 <jgarzik> luke-jr: at the state level, no
1447 2011-06-20 02:43:36 sacarlson has joined
1448 2011-06-20 02:43:40 OVerLoRDI_ has joined
1449 2011-06-20 02:43:41 <ZOP> luke-jr: coz i heard someone say you were shooting people...yanno, like that Capone guy....
1450 2011-06-20 02:43:45 <ZOP> :)
1451 2011-06-20 02:43:55 <joecool> for a capital gain?
1452 2011-06-20 02:43:57 <jgarzik> luke-jr: some fscking states require MT license for -any- money transmitting.  Yes, it is completely stupid and ignores reality.
1453 2011-06-20 02:44:00 <joecool> yeah state level shit applies
1454 2011-06-20 02:44:04 <joecool> at least here it does
1455 2011-06-20 02:44:07 <luke-jr> :/
1456 2011-06-20 02:44:23 <luke-jr> jgarzik: so every human needs a MT license to spend money?
1457 2011-06-20 02:44:24 <BaltarNZ> going up against the IRS is no fun.
1458 2011-06-20 02:44:28 <joecool> i'm not subject to taxes on capital gains under x-amount
1459 2011-06-20 02:44:37 <jgarzik> luke-jr: mailing you $20 bill in the mail is money transmitting.  that is how insane it is.
1460 2011-06-20 02:45:07 <nuthin> I think Norway is more insane
1461 2011-06-20 02:45:25 <joecool> ofc they are
1462 2011-06-20 02:45:26 <BaltarNZ> is norway still publishing tax records?
1463 2011-06-20 02:45:30 <nuthin> yup
1464 2011-06-20 02:45:31 <joecool> they have polar bears and shit running around
1465 2011-06-20 02:45:33 Hal____ has joined
1466 2011-06-20 02:45:37 <BaltarNZ> fun stuff
1467 2011-06-20 02:45:40 <appamatto> Umm, what's the news with mtgox?
1468 2011-06-20 02:45:41 jarly has quit (Quit: Leaving)
1469 2011-06-20 02:45:43 Sloth has quit ()
1470 2011-06-20 02:45:50 <appamatto> Did unencryted passwords get leaked?
1471 2011-06-20 02:45:53 <luke-jr> appamatto: try reading it
1472 2011-06-20 02:45:54 <nuthin> well, next year you'll have to log in to a government site to gain access
1473 2011-06-20 02:46:01 pyro__ has quit (Ping timeout: 260 seconds)
1474 2011-06-20 02:46:32 <nuthin> but up until now they gave the records to all newspapers etc. and you could search up anyone anonymously
1475 2011-06-20 02:46:38 OVerLoRDI has quit (Ping timeout: 246 seconds)
1476 2011-06-20 02:46:54 <kika_> how do you determine if a pool is USA based or not? by the location of the servers?
1477 2011-06-20 02:47:01 <luke-jr> kika_: good question
1478 2011-06-20 02:47:06 <nuthin> but I guess the idea behind it is the same as the official bitcoin transaction log
1479 2011-06-20 02:47:25 <BaltarNZ> if you are a non-US person you really don't have anything to worry about, it's the pool operator who will get in trouble.
1480 2011-06-20 02:47:25 <kika_> luke-jr: by the location of the miners?
1481 2011-06-20 02:47:38 ^1bitc0inplz has joined
1482 2011-06-20 02:47:41 <luke-jr> kika_: I suspect by the operator's jurisdiction
1483 2011-06-20 02:47:43 Taveren93HGK has quit ()
1484 2011-06-20 02:48:00 gsathya has quit (Ping timeout: 252 seconds)
1485 2011-06-20 02:48:14 sloberi has quit ()
1486 2011-06-20 02:48:17 Cablesaurus has joined
1487 2011-06-20 02:48:17 Cablesaurus has quit (Changing host)
1488 2011-06-20 02:48:17 Cablesaurus has joined
1489 2011-06-20 02:48:21 <kika_> luke-jr: so basically if a Brazilian guy runs a pool with servers hosted on USA it would be a Brazilian based pool and not USA baseD?
1490 2011-06-20 02:48:41 <luke-jr> dunno
1491 2011-06-20 02:48:42 bulletbill has quit (Read error: No route to host)
1492 2011-06-20 02:48:59 <joecool> kika_: it would be subject under both laws
1493 2011-06-20 02:49:08 bulletbill has joined
1494 2011-06-20 02:49:08 <quiznor> mtgox operates out of canada or the US
1495 2011-06-20 02:49:11 <quiznor> they are definitely not in japan
1496 2011-06-20 02:49:12 <^1bitc0inplz> joecool: that would be my understanding as well
1497 2011-06-20 02:49:22 Titanium123 has joined
1498 2011-06-20 02:49:26 <joecool> it's like if you're in the US and you live in one state, but work in another
1499 2011-06-20 02:49:30 <Cablesaurus> Anyone know how I can get ahold of someone with Google Apps? Whatever MTGox did with Google has blocked SMTP sending via my google apps account through ShipWorks, for shipping emails. I can login fine to the account but SMTP is not taking my password.
1500 2011-06-20 02:49:34 <BaltarNZ> they are in japan and some of the servers are in germany it looks like.
1501 2011-06-20 02:49:34 <NxTitle> omg, people in the onlyonetv chatroom are retarded
1502 2011-06-20 02:49:35 <kika_> quiznor: where is mtgox?
1503 2011-06-20 02:49:39 <jgarzik> kika_: if the servers doing the transmitting are in the US, it seems like you would be subject to US MT regulations.  But standard disclaimer applies: I Am Not A Lawyer
1504 2011-06-20 02:49:45 <NxTitle> "sha512 isn't secure enough" are you an idiot?
1505 2011-06-20 02:49:54 <Titanium123> lol
1506 2011-06-20 02:49:55 <csshih> lols
1507 2011-06-20 02:50:02 <Blitzboom> lololo
1508 2011-06-20 02:50:06 <csshih> the onlyonetv channel is retarded
1509 2011-06-20 02:50:15 <BaltarNZ> bcrypt is nice for password encryption.
1510 2011-06-20 02:50:16 <KuDeTa> csshih: yup
1511 2011-06-20 02:50:16 <Titanium123> salted sha1000000 isnt secure enough if a dictionary attack will get ur pass
1512 2011-06-20 02:50:21 <NxTitle> sha512 with 1000 iterations isn't that good of an idea - if mtgox gets bogged down it will become even worse
1513 2011-06-20 02:50:29 <joecool> NxTitle: it's not secure enough for the future, have you been to the future?
1514 2011-06-20 02:50:32 common_ has quit (Ping timeout: 252 seconds)
1515 2011-06-20 02:50:44 <nuthin> hmm, bcrypt is not that great?
1516 2011-06-20 02:50:45 <Titanium123> md5 is plenty fine
1517 2011-06-20 02:50:45 <spm_Draget> NxTitle: Are you a cryptographer?
1518 2011-06-20 02:50:48 <KuDeTa> can one of you answer me something? Should/can salts be hidden?
1519 2011-06-20 02:50:51 <nuthin> I want a source
1520 2011-06-20 02:50:56 <Titanium123> its your problem for using crappy passwords that can be brute forced
1521 2011-06-20 02:50:56 <quiznor> kika_: im guessing seattle area
1522 2011-06-20 02:50:58 <Blitzboom> one questions remains …
1523 2011-06-20 02:51:03 <kgo> KuDeTa, not really.
1524 2011-06-20 02:51:04 <NxTitle> spm_Draget: I know enough about cryptography to tell you sha512 isn't weak
1525 2011-06-20 02:51:05 <Blitzboom> WHO THE FUCK STORES 400K BTC ON MTGOX?!
1526 2011-06-20 02:51:07 enquire has quit (Read error: Operation timed out)
1527 2011-06-20 02:51:11 <quiznor> kika_: 2 american guys and a canadian
1528 2011-06-20 02:51:12 <lianj> not leaking those hashes is a good start
1529 2011-06-20 02:51:12 <NxTitle> however personally I use whirlpool when I can
1530 2011-06-20 02:51:13 MRD_ has quit (Ping timeout: 246 seconds)
1531 2011-06-20 02:51:23 <midnightmagic> Blitzboom: someone who wants to make a lot of money?
1532 2011-06-20 02:51:29 <nuthin> it's not that sha512 is weak
1533 2011-06-20 02:51:33 <midnightmagic> Blitzboom: oh, no, sorry. Got that wrong. An idiot.
1534 2011-06-20 02:51:43 pyro_ has joined
1535 2011-06-20 02:51:44 <Blitzboom> an idiot with 400k?!
1536 2011-06-20 02:51:48 <nuthin> it's just that sha512 can easily be computed
1537 2011-06-20 02:51:50 <Titanium123> no hashing algorigtm will help in this case, its either waaaaay too slow to use onthe site, or wayyyy to fast so it casn be brute forced
1538 2011-06-20 02:51:50 <NxTitle> Blitzboom: uhm, someone who stole btc from many others :P
1539 2011-06-20 02:51:51 <midnightmagic> Blitzboom: apparently.
1540 2011-06-20 02:51:52 <Blitzboom> how can you get 400k of bitcoins with being an idiot?
1541 2011-06-20 02:52:01 <BaltarNZ> quiznor MtGox is in Japan.
1542 2011-06-20 02:52:04 <markio> is mtgox going to survive this class-action suit?
1543 2011-06-20 02:52:05 <spm_Draget> And salts need to be saved in plaintext with the password. Anyone now familar with this concept of key stretching, please check wikipedia.
1544 2011-06-20 02:52:05 <NxTitle> open orders will be flushed
1545 2011-06-20 02:52:12 <NxTitle> all orders will be cancelled
1546 2011-06-20 02:52:12 <Titanium123> i got 1200 for my $.01 orders :)
1547 2011-06-20 02:52:13 <midnightmagic> Blitzboom: mine it from day 1?
1548 2011-06-20 02:52:18 <Blitzboom> for fucks sake, i thought that with bitcoin, the elite would at least be CLEVER
1549 2011-06-20 02:52:28 <luke-jr> markio: how do cross-nation class action lawsuits work?
1550 2011-06-20 02:52:29 <nuthin> Titanium123: it doesn't have to be slow
1551 2011-06-20 02:52:29 <NxTitle> yeah
1552 2011-06-20 02:52:31 <midnightmagic> Blitzboom: since when are people with money clever?
1553 2011-06-20 02:52:44 <Blitzboom> midnightmagic: does money damage your brain?
1554 2011-06-20 02:52:48 <csshih> dude
1555 2011-06-20 02:52:50 <NxTitle> honestly they probably could have gotten all that money out of mtgox without being caught
1556 2011-06-20 02:52:58 <csshih> just hand out in bitcoin-mining
1557 2011-06-20 02:53:00 <nuthin> Titanium123: if you instead of having to "log on" every time you use the trade api, you log on once and use a session id
1558 2011-06-20 02:53:03 <csshih> so many people popping in and asking
1559 2011-06-20 02:53:03 jrabbit has left ()
1560 2011-06-20 02:53:03 <midnightmagic> Blitzboom: I've seen it happen.
1561 2011-06-20 02:53:08 <Titanium123> nuthin, lets say it takes 1 second to calculate, thats already getting too long to be useful on a website, but guessing 1M dictionary words is easy ona  cluster
1562 2011-06-20 02:53:09 <nuthin> possibly with a personal key
1563 2011-06-20 02:53:10 <kgo> In theory, you could try to do something 'smart' like use the 2nd and 3rd chars of a email address as the salt, but an attacker could just create a dummy acount with a known password to figure out the salting algo.
1564 2011-06-20 02:53:12 <NxTitle> kinda glad they didn't, but they made a big mistake by pushing the price down like that
1565 2011-06-20 02:53:14 <csshih> I have a 6 CORE CPU WHAT DO YOU MEAN I CAN'T MINE WITH IT
1566 2011-06-20 02:53:16 <joecool> luke-jr: if your company is big enough you locate parts in both :P
1567 2011-06-20 02:53:20 samlander has joined
1568 2011-06-20 02:53:33 <nuthin> Titanium123: it would be if you have 1000 people logging in at once
1569 2011-06-20 02:53:39 <quiznor> i dont understand the 420K MTGOX wallet.. it had no transactions between the 12th and the 19th. so it must not be the same wallet people withdraw from. it must be mtgox's personal profits
1570 2011-06-20 02:53:39 <samlander> MagicalTux: are you flushing the order book too? aka do i have to re enter my bids?
1571 2011-06-20 02:53:48 <markio> luke-jr I think skype
1572 2011-06-20 02:53:52 <nuthin> but once people are logged in, you don't need to check their password
1573 2011-06-20 02:53:52 <csshih> flush the order book please
1574 2011-06-20 02:53:53 <csshih> lol
1575 2011-06-20 02:53:59 <csshih> it's a bit messy
1576 2011-06-20 02:54:13 <MagicalTux> samlander: we'll flush any order that would be outstanding based on other market's bitcoin value
1577 2011-06-20 02:54:15 <kgo> samlander, long long ago mt said there would be no way to recover the old bids.  Not sure if it's still true.
1578 2011-06-20 02:54:18 <samlander> csshih: i think given the circumstances, the projected bids and asks are no longer valid
1579 2011-06-20 02:54:22 <Titanium123> lets say you get 1000 computers and are wilign to spend 1 hour per password to crack it
1580 2011-06-20 02:54:23 <samlander> the market is upset by todays events
1581 2011-06-20 02:54:34 <NxTitle> MagicalTux: sha512 with 1000 iterations isn't the best of ideas. I agree with sha512, but the iterations will lag mtgox and open a possible DoS hole
1582 2011-06-20 02:54:39 <Titanium123> you only need to try 1M passwords to get most common ones
1583 2011-06-20 02:54:40 <erek> MagicalTux: did you see the people on the forum saying the MtGox story is wrong?
1584 2011-06-20 02:54:52 <samlander> MagicalTux: does that include by buy order at 15.30 ?
1585 2011-06-20 02:54:53 <erek> MagicalTux: http://forum.bitcoin.org/index.php?topic=19646.0
1586 2011-06-20 02:54:54 <NxTitle> MagicalTux: by registering a bunch of accounts and using them to log in all at the same time
1587 2011-06-20 02:55:01 <BaltarNZ> http://code.google.com/p/py-bcrypt/ is a nice password hashing system
1588 2011-06-20 02:55:18 <markio> john the ripper
1589 2011-06-20 02:55:18 <samlander> MagicalTux: because i certainly would be revising that myself if i had access to the system right now
1590 2011-06-20 02:55:20 <NxTitle> I've seen 3 or 4 people say the story is wrong, and they've all been rightfully called out as idiots
1591 2011-06-20 02:55:27 <MagicalTux> NxTitle: I said 10000 iterations
1592 2011-06-20 02:55:37 <NxTitle> oh, Adam said 1000 :P
1593 2011-06-20 02:55:39 <MagicalTux> I made the computation and my 24 core servers can handle a lot of those
1594 2011-06-20 02:55:39 <Titanium123> it woudl need to take 3 seconds on the website to calculate the hash if youy want any chance of protecting against brute force (even a lazy brute force)
1595 2011-06-20 02:55:42 <erek> "Mtgox's official story is wrong. The BTC of many accounts was sold: proof inside" = http://forum.bitcoin.org/index.php?topic=19646.0
1596 2011-06-20 02:55:43 <NxTitle> nonetheless, I still think it's a bad idea
1597 2011-06-20 02:56:01 <NxTitle> it's not about the server being able to handle them, it's about opening a possible DoS hole
1598 2011-06-20 02:56:10 <samlander> MagicalTux: i appologize with bothering you with something so trivial, i know you have your hands full ith much more important things
1599 2011-06-20 02:56:15 <NxTitle> MagicalTux: canada ;)
1600 2011-06-20 02:56:39 <nuthin> NxTitle: isn't a DoS hole a matter of the available resources?
1601 2011-06-20 02:56:54 NOTAL has joined
1602 2011-06-20 02:57:04 <Speeder> MagicalTux if you ever need help, call me :D
1603 2011-06-20 02:57:09 <Titanium123> protecting against peopel that use dictionary words as passwords is impossible
1604 2011-06-20 02:57:17 <Titanium123> its not mtgox's fault
1605 2011-06-20 02:57:23 <NxTitle> nuthin: well, if it takes 10k iterations of sha512 and, say, it takes 0.1 seconds to login, imagine if someone executes 100 or 1000 logins at once
1606 2011-06-20 02:57:33 <NxTitle> much less bandy intensive than just throwing traffic at a server
1607 2011-06-20 02:57:33 <jrmithdobbs> MagicalTux: can you please disclose your new password hashing algorithm for vetting?
1608 2011-06-20 02:57:44 <Titanium123> the algorithm does nto matter
1609 2011-06-20 02:57:44 <MagicalTux> NxTitle: it takes 0.007 seconds to make the 10000 iterations
1610 2011-06-20 02:57:52 <jrmithdobbs> MagicalTux: with any site-salts stripped, of course
1611 2011-06-20 02:58:04 <MagicalTux> NxTitle: and I got 24 cores ready to take the load, with HT (new i7 HT, so it should work fine=
1612 2011-06-20 02:58:06 <NxTitle> jrmithdobbs: sha512 works with the current system, i.e. crypt
1613 2011-06-20 02:58:17 <nuthin> NxTitle: I guess you'd need some sort of queue system
1614 2011-06-20 02:58:19 <MagicalTux> jrmithdobbs: I will
1615 2011-06-20 02:58:27 <nuthin> NxTitle: I'd rather have that though
1616 2011-06-20 02:58:30 <jrmithdobbs> MagicalTux: thanks
1617 2011-06-20 02:58:36 <NxTitle> ah, alright
1618 2011-06-20 02:58:39 subigo has quit (Quit: Leaving)
1619 2011-06-20 02:59:01 <vrs> erek: I believe we would see those transactions as a peak on blockexplorer/etc
1620 2011-06-20 02:59:10 <Titanium123> MagicalTux My solution would to provide an option at account creation to only accept transactions signed by a program on the user's computer, then make the TOS say you are 100% responsible if you signed the transaction
1621 2011-06-20 02:59:14 <vrs> (concerning http://forum.bitcoin.org/index.php?topic=19646.0)
1622 2011-06-20 02:59:41 <NxTitle> "signed by a program on the user's computer"
1623 2011-06-20 02:59:46 <Titanium123> yes
1624 2011-06-20 02:59:47 <lianj> lol
1625 2011-06-20 02:59:48 <NxTitle> not a good idea, it's a roadblock for people wanting to join in
1626 2011-06-20 02:59:51 kratosk has quit (Ping timeout: 260 seconds)
1627 2011-06-20 03:00:01 <Titanium123> its an option for extra secutity, not required at all
1628 2011-06-20 03:00:02 <kunnis> he said it would be optional...
1629 2011-06-20 03:00:12 <NxTitle> oh, missed that
1630 2011-06-20 03:00:13 gsathya has joined
1631 2011-06-20 03:00:14 <Titanium123> but cannot ever be removed from one account
1632 2011-06-20 03:00:17 <kgo> Anther hack to prevent DoS... The iterations double for each attempt from the same IP with only one attempt at a time per IP.
1633 2011-06-20 03:00:25 <erek> vrs: so you think only about 1000 usd was lost?
1634 2011-06-20 03:00:28 <jgarzik> IP whitelisting.  IP whitelisting.  IP whitelisting!!
1635 2011-06-20 03:00:30 * jgarzik says it for the cheap seats
1636 2011-06-20 03:00:31 commonlisp has joined
1637 2011-06-20 03:00:32 <NxTitle> well, there's other ways too, such as 2 factor authentication
1638 2011-06-20 03:00:33 <vrs> NxTitle: more like, hey there's a handy tool named "bitcoin client" that signs transactions, would you use that?
1639 2011-06-20 03:00:35 <Titanium123> much more than $1000 was lost
1640 2011-06-20 03:00:44 <erek> Titanium123: http://forum.bitcoin.org/index.php?topic=19646.0
1641 2011-06-20 03:00:45 <NxTitle> Titanium123: $1000 valued at $5/BTC
1642 2011-06-20 03:00:50 <NxTitle> or less
1643 2011-06-20 03:00:51 <jgarzik> nobody should be accessing my mtgox account from anywhere other than specified IPs
1644 2011-06-20 03:00:56 <Titanium123> i got 600 coins :)
1645 2011-06-20 03:01:01 <samlander> MagicalTux: it will be interesting my first login.. i hope i dont get banned right away
1646 2011-06-20 03:01:07 <jgarzik> other money sites (liberty reserve, pecunix, etc.) offer IP whitelisting
1647 2011-06-20 03:01:09 <jgarzik> just basic security
1648 2011-06-20 03:01:10 <samlander> MagicalTux: but I do access your site from 4 seperate ips
1649 2011-06-20 03:01:11 <NxTitle> *banned for being samlander*
1650 2011-06-20 03:01:14 <kgo> jgarzik, sucks when I have to reboot my comcast modem.
1651 2011-06-20 03:01:23 <NxTitle> samlander: when that happens apparently you just login again
1652 2011-06-20 03:01:23 <jrmithdobbs> jgarzik: fuck that, rsa or ssl cert auth plz ;P
1653 2011-06-20 03:01:24 <vrs> erek: I don't know, I'd say $1000 + BTC<whatever the BTC limit is> + whatever the hackers got out after they noticed there was a transaction limit
1654 2011-06-20 03:01:31 Hal____ has quit (Ping timeout: 240 seconds)
1655 2011-06-20 03:01:53 <erek> vrs: but nothing like all the BTC from everyone is lost such as reported in that thread?
1656 2011-06-20 03:02:02 <jgarzik> jrmithdobbs: I don't want a stolen cert accessed from an IP other than my own.....
1657 2011-06-20 03:02:16 <vrs> how was that bitcoingraph called again?
1658 2011-06-20 03:02:18 <Titanium123> if I withdrew bitcoins, can I withdraw them again once accts are reverted?
1659 2011-06-20 03:02:23 <jrmithdobbs> jgarzik: ok you're right combination of the two
1660 2011-06-20 03:02:44 <jrmithdobbs> jgarzik: but cert/key auth by itself is a huge step up
1661 2011-06-20 03:02:44 <Titanium123> and the hackers were STUPID
1662 2011-06-20 03:02:54 <erek> vrs: http://forum.bitcoin.org/index.php?topic=19646.20
1663 2011-06-20 03:03:06 <jgarzik> frankly, we are fortunate that our hackers have been stupid and lazy so far
1664 2011-06-20 03:03:07 BTCTrader_ has joined
1665 2011-06-20 03:03:10 <vrs> ah, bitcoinmonitor
1666 2011-06-20 03:03:21 <markio> I dont think we're giving them enough credit
1667 2011-06-20 03:03:22 BTCTrader has quit (Read error: Connection reset by peer)
1668 2011-06-20 03:03:24 BTCTrader_ is now known as BTCTrader
1669 2011-06-20 03:03:35 <Titanium123> smart hackers would setup 100 new accounts and place buy orders at like 10 cents on each, then as the main sell went thru they coudl each withdraw 600 coins and bypass the limits and 'hide' the source
1670 2011-06-20 03:03:42 <jlgaddis> i don't think they were stupid at all
1671 2011-06-20 03:03:45 <vrs> erek: we would see those transactions on bitcoinmonitor
1672 2011-06-20 03:03:56 <Titanium123> most hackers are stupid
1673 2011-06-20 03:03:57 <jlgaddis> mark told earlier how they were trying to transfer to different accounts so they could do multiple withdrawals
1674 2011-06-20 03:03:57 <CIA-103> bitcoin: Jeff Garzik master * r2207f5e / (18 files in 9 dirs):
1675 2011-06-20 03:03:57 <CIA-103> bitcoin: Merge pull request #331 from TheBlueMatt/translatefix
1676 2011-06-20 03:03:57 <CIA-103> bitcoin: Update translations and remove obsolete translations. - http://bit.ly/mBssyT
1677 2011-06-20 03:03:57 <midnightmagic> Whoah, security auditor was the data release vector?!
1678 2011-06-20 03:04:02 <Titanium123> like deer in the headlights
1679 2011-06-20 03:04:06 freeminer has quit (Ping timeout: 252 seconds)
1680 2011-06-20 03:04:09 plutonic has joined
1681 2011-06-20 03:04:11 <samlander> i think the whole point of that was to force the market to crash so they could buy up using 'legitimate'accounts
1682 2011-06-20 03:04:13 <midnightmagic> Titanium123: crackers, you mean.
1683 2011-06-20 03:04:16 <erek> midnightmagic: apparently
1684 2011-06-20 03:04:17 <vrs> erek: blockexplorer link?
1685 2011-06-20 03:04:19 <nuthin> I agree, I think they could get away with this easily if they spent a bit more time on it
1686 2011-06-20 03:04:19 <Titanium123> yes
1687 2011-06-20 03:04:22 <Titanium123> sorry
1688 2011-06-20 03:04:23 <samlander> if anything i dont think they considered the possability of a rollback
1689 2011-06-20 03:04:27 <erek> vrs: all i have is that thread
1690 2011-06-20 03:04:27 <Blitzboom> jgarzik: next time we won’t be so lucky
1691 2011-06-20 03:04:29 <erek> vrs: heh
1692 2011-06-20 03:04:30 <Blitzboom> you can bet on that
1693 2011-06-20 03:04:33 <jgarzik> Blitzboom: agreed
1694 2011-06-20 03:04:44 <midnightmagic> If it's from a company (like, say McAfee) then THAT company is now responsible.
1695 2011-06-20 03:04:51 <Optimo> bitcoincharts removed the ones that were stuck eh
1696 2011-06-20 03:04:52 <bulletbill> who is the other interview he has to do?
1697 2011-06-20 03:04:54 hallowworld has joined
1698 2011-06-20 03:04:57 <nuthin> samlander: ahh, yeah .. that makes sense
1699 2011-06-20 03:05:02 <Herodes> hm. if that holder of the 500K account is a genuine individual, guess his shock when he learned what happened.
1700 2011-06-20 03:05:09 <Titanium123> also they woudl start at near midnight so they can get a second withdraw done after the clock ticks over
1701 2011-06-20 03:05:13 <CIA-103> bitcoin: Jeff Garzik master * r04e4420 / (5 files):
1702 2011-06-20 03:05:13 <CIA-103> bitcoin: Merge pull request #332 from shanew/master
1703 2011-06-20 03:05:13 <CIA-103> bitcoin: Include missing Boost header - http://bit.ly/lLoAfI
1704 2011-06-20 03:05:17 <midnightmagic> Titanium123: doesn't work like that.
1705 2011-06-20 03:05:18 <lianj> samlander: {"date"=>1308505876, "price"=>0.01, "amount"=>261383.763, "tid"=>"221858"} nope
1706 2011-06-20 03:05:23 <Titanium123> aww
1707 2011-06-20 03:05:27 <Titanium123> its a 24 hr timer?
1708 2011-06-20 03:05:29 <midnightmagic> yeah
1709 2011-06-20 03:05:44 cgmc_ has left ()
1710 2011-06-20 03:05:45 <Titanium123> i was gona wait 6 hrs and withdraw the rest of mine :)
1711 2011-06-20 03:05:47 <vrs> erek: currenty trades we see, but no big "real" bitcoin transactions
1712 2011-06-20 03:05:50 <Herodes> the interesting thing is to know how much and if any of that btc traded at 0.01 was immediately transferred OUT of mtgox?
1713 2011-06-20 03:05:51 <Titanium123> i woudl ahve been dissapointed
1714 2011-06-20 03:05:54 <midnightmagic> Are you able to log in, Titanium123 ?
1715 2011-06-20 03:05:57 <samlander> herodes: i dont think there was a legitimate owner of the 500k
1716 2011-06-20 03:06:02 <Titanium123> is it up?
1717 2011-06-20 03:06:14 <Herodes> samlander: what do you think?
1718 2011-06-20 03:06:15 airfox has quit (Remote host closed the connection)
1719 2011-06-20 03:06:22 <Titanium123> herodes at least 600 btc from personal experience :)
1720 2011-06-20 03:06:23 <samlander> Herodes: my theory is that the database got leaked to whoever was responsible a few days ago, they cracked the passwords and forward a shit ton of coins into the one account
1721 2011-06-20 03:06:23 <lianj> Herodes: most of the btc under 1.0$ got to the above trade
1722 2011-06-20 03:06:31 <midnightmagic> Titanium123: You stated a specific number of hours you were going to wait, but as far as I can tell there is no set comeback time for MtGox
1723 2011-06-20 03:06:44 <Titanium123> the thing happened at liek 18:00
1724 2011-06-20 03:06:54 mmoya has joined
1725 2011-06-20 03:06:55 <samlander> midnightmagic: the site says 8:00 am gmt
1726 2011-06-20 03:06:57 <Titanium123> i was going to withdraw the rest of my coins at 24:01
1727 2011-06-20 03:07:20 <Titanium123> hmmm
1728 2011-06-20 03:07:25 <midnightmagic> "Service will not be back before June 20th 11:00am (JST, 02:00am GMT). This may be delayed depending on what is found during the investigation."
1729 2011-06-20 03:07:39 <samlander> •Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.
1730 2011-06-20 03:07:44 <Titanium123> so how do I sell the coins I made?
1731 2011-06-20 03:07:51 <Titanium123> do I do it by mail?
1732 2011-06-20 03:07:54 <samlander> as sof : [Update - 2:06 GMT]
1733 2011-06-20 03:08:03 <midnightmagic> bah, stupid cached copy.
1734 2011-06-20 03:08:17 <samlander> Titanium123: you can sell them in otc
1735 2011-06-20 03:08:18 <midnightmagic> oh, no, I see. it's in the update I was reading.
1736 2011-06-20 03:08:20 <ZOP> Titanium123: botcoin-otc ... direct paypal, or one of the other exchanges perhaps.
1737 2011-06-20 03:08:21 <samlander> Titanium123: pit
1738 2011-06-20 03:08:28 <Herodes> Titanium123: if you made bitcoins from this, you are no better than a thief really.
1739 2011-06-20 03:08:32 <Titanium123> i cant get in otc :(
1740 2011-06-20 03:08:35 <Herodes> You should contact mtGox and return those coins.
1741 2011-06-20 03:08:39 <samlander> Herodes: i dont agree with you there
1742 2011-06-20 03:08:43 <dehuman> Herodes: i dont see why
1743 2011-06-20 03:08:47 <samlander> Herodes: after tux puts in the new security method
1744 2011-06-20 03:08:48 <dehuman> he had the foresight to buy them
1745 2011-06-20 03:08:50 <dehuman> and then move them
1746 2011-06-20 03:08:55 <Herodes> It's the only right thing to do.
1747 2011-06-20 03:08:55 <samlander> Herodes: it's up the users to secure their acct
1748 2011-06-20 03:08:58 <luke-jr> Herodes: nonsense
1749 2011-06-20 03:09:02 <Titanium123> its just a game guys
1750 2011-06-20 03:09:08 <midnightmagic> hey, douchebag who's sending me tradehill spam. fuck you.
1751 2011-06-20 03:09:08 <samlander> Titanium123: to you
1752 2011-06-20 03:09:09 <Titanium123> i did the same all the time in EvE
1753 2011-06-20 03:09:11 <dehuman> Herodes: Titanium123 didn't do anything
1754 2011-06-20 03:09:16 <dehuman> except what you are supposed to do
1755 2011-06-20 03:09:20 <dehuman> buy low
1756 2011-06-20 03:09:22 <dehuman> sell high
1757 2011-06-20 03:09:22 <luke-jr> midnightmagic: I motion that their referral code sohuld be voided
1758 2011-06-20 03:09:22 <OneFixt> midnightmagic: just report them all for spam
1759 2011-06-20 03:09:30 <Titanium123> i put up orders at all kinds of values to catch someone selling a lot
1760 2011-06-20 03:09:37 <Titanium123> referral is already gone
1761 2011-06-20 03:09:40 <Herodes> well he did, absolutely. Perhaps he tought the trade was legit immediately, but know he know that those coins are not supposed to be his.
1762 2011-06-20 03:09:43 commonlisp has quit (Quit: This computer has gone to sleep)
1763 2011-06-20 03:09:47 <luke-jr> Titanium123: you're TradeHill?
1764 2011-06-20 03:09:50 <Titanium123> no
1765 2011-06-20 03:09:54 <dehuman> Herodes: why arent they supposed to be his?
1766 2011-06-20 03:09:56 <samlander> Herodes: the whole point is this:
1767 2011-06-20 03:10:06 <luke-jr> Herodes: I bought coins fair and square.
1768 2011-06-20 03:10:13 <dehuman> Herodes: whats different from a legit selloff or a compromised selloff?
1769 2011-06-20 03:10:16 <dehuman> the market doesnt care
1770 2011-06-20 03:10:20 <samlander> Herodes: if i leave my bank card with my pin number scratched on it on a bench somewhere, should i expect the bank to pay me back when my account is inevitably ripped off?
1771 2011-06-20 03:10:29 <dehuman> personally the right thing to do
1772 2011-06-20 03:10:35 <dehuman> is MagicalTux eat all the losses
1773 2011-06-20 03:10:35 plutonic has quit (Quit: plutonic)
1774 2011-06-20 03:10:36 <luke-jr> samlander: yes
1775 2011-06-20 03:10:40 <midnightmagic> luke-jr: seconded. all in favour? motion carried.
1776 2011-06-20 03:10:42 <samlander> Herodes: should i expect them to undo a fuckton of transactions to save me from my own stupidity? NO
1777 2011-06-20 03:10:46 gsathya has quit (Quit: gsathya)
1778 2011-06-20 03:10:54 <Herodes> because a hacker sold coins that were not his. So that selloff is done with malicious intent and was never approved by the account owner afaik.
1779 2011-06-20 03:10:58 <samlander> Herodes: i think it is mighty fine that tux is doing it THIS ONCE. but he should NEVER have to do it again
1780 2011-06-20 03:11:02 <luke-jr> samlander: also, nobody left their password out there
1781 2011-06-20 03:11:10 Nachtwind has joined
1782 2011-06-20 03:11:12 Titanium123_ has joined
1783 2011-06-20 03:11:17 <luke-jr> Herodes: that's not my problem
1784 2011-06-20 03:11:18 <Optimo> hashrate up tonight..
1785 2011-06-20 03:11:19 <samlander> Herodes: if people want to be fucking retards and use password123 or their OWN GOD DAMN USERNAME as their password they deserve whatever they get.
1786 2011-06-20 03:11:22 <Titanium123_> this is better than EvE online :)
1787 2011-06-20 03:11:24 <jrmithdobbs> Herodes: but the resulting trades are still all binding contracts
1788 2011-06-20 03:11:27 <dehuman> i mean if mtgox feels like someone was wronged by their breach of security, the onus is completely on mtgox to make up the difference
1789 2011-06-20 03:11:32 <dehuman> its not on Titanium123_ to fix it
1790 2011-06-20 03:11:34 <luke-jr> samlander: MtGox's password database was leaked
1791 2011-06-20 03:11:35 <dehuman> he didnt do anything wrong
1792 2011-06-20 03:11:37 <dehuman> mtgox did
1793 2011-06-20 03:11:42 <jrmithdobbs> Herodes: just because the market moved due to fraud does not invalidate the sale contracts that occurred after
1794 2011-06-20 03:11:44 <samlander> luke: no shit
1795 2011-06-20 03:11:47 <hmmmm> i don't get it
1796 2011-06-20 03:11:52 <jrmithdobbs> he better have consulted his lawyers about this revert
1797 2011-06-20 03:11:53 <hmmmm> what's this talk about "10000 iterations"?
1798 2011-06-20 03:11:57 <samlander> luke: and if people used proper protocol for their passwords they never would have been cracked
1799 2011-06-20 03:11:57 <jrmithdobbs> or he's in for a world of pain
1800 2011-06-20 03:12:00 <Herodes> samlander: apparently what happened was that the password hash was oringally retrieved off mtGox, and then cracked with brute force or  rainbow table. So mtGox did not have good enough security.
1801 2011-06-20 03:12:01 <midnightmagic> dehuman: actually it's on the security auditor's company. If that's McAfee or something similar, then full reparations should come from them. Usually they're bonded.
1802 2011-06-20 03:12:04 <Titanium123_> the point of bitcoin was to get away from super regulated and big brothered markets
1803 2011-06-20 03:12:09 <jrmithdobbs> (specifically, pain in is rectum over the next 25-life)
1804 2011-06-20 03:12:12 <hmmmm> also, how could any of this have real-world consequences?
1805 2011-06-20 03:12:16 <Herodes> it still is no excuse to behave unethical by anyone else.
1806 2011-06-20 03:12:19 <jgarzik> https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
1807 2011-06-20 03:12:20 <samlander> Herodes: hm
1808 2011-06-20 03:12:20 <dehuman> i mean technically the transaction history should stand, and those wronged should take their claim up with mtgox
1809 2011-06-20 03:12:21 <hmmmm> none of it is protected by law
1810 2011-06-20 03:12:30 <hmmmm> none of it is recognized as currency by governments
1811 2011-06-20 03:12:32 <samlander> Herodes: you're saying that all the passwords were salted with the same salt and the salt was cracked?
1812 2011-06-20 03:12:39 <Titanium123_> it does nto matter
1813 2011-06-20 03:12:42 <luke-jr> Titanium123_: maybe that's *your* reason for using Bitcoin…
1814 2011-06-20 03:12:45 <Herodes> samlander: no
1815 2011-06-20 03:13:06 <vrs> samlander: "hey i would've profited from that crash don't you dare take away my profits"
1816 2011-06-20 03:13:10 <jrmithdobbs> luke-jr: seriously, he better have talked to lawyers
1817 2011-06-20 03:13:10 <Titanium123_> I like the idea of being able to transfer money without letting all kinds of companies and governments (including foreign) know
1818 2011-06-20 03:13:13 gentz has joined
1819 2011-06-20 03:13:15 Juggie has joined
1820 2011-06-20 03:13:18 <jrmithdobbs> luke-jr: i don't think he understands the consequences of his actions
1821 2011-06-20 03:13:25 <jrmithdobbs> luke-jr: and he shrugs it off every time it's brought up
1822 2011-06-20 03:13:26 <samlander> vrs: im arguing for no more rollbacks after this one
1823 2011-06-20 03:13:29 <Herodes> What I am saying is that whoever bought bitcoins at a low price, and holding onto them after this incident are nothing better than tiefes.
1824 2011-06-20 03:13:44 <dehuman> jrmithdobbs: eh its pretty risky position to be in
1825 2011-06-20 03:13:46 <Titanium123_> THey will all go into mining :)
1826 2011-06-20 03:13:49 <dehuman> i'm not envious
1827 2011-06-20 03:13:50 <vrs> samlander: i'm arguing for no more hacks after this one
1828 2011-06-20 03:13:50 filmhtedue has joined
1829 2011-06-20 03:13:52 airfox has joined
1830 2011-06-20 03:13:53 <jrmithdobbs> dehuman: hence: lawyers
1831 2011-06-20 03:13:54 <luke-jr> Herodes: and that's why you're an idiot ☺
1832 2011-06-20 03:13:56 <samlander> Herodes: wrong
1833 2011-06-20 03:14:01 <samlander> Herodes: if i see a low price im going to buy
1834 2011-06-20 03:14:03 <dehuman> jrmithdobbs: for certain
1835 2011-06-20 03:14:07 <samlander> Herodes: how that price got there is not of my concern
1836 2011-06-20 03:14:17 <samlander> Herodes: unless i actively participated.. in which case you're right
1837 2011-06-20 03:14:18 <jrmithdobbs> dehuman: but i'm pretty sure that he has no authority to negate contracts of sale
1838 2011-06-20 03:14:22 Titanium123 has quit (Ping timeout: 252 seconds)
1839 2011-06-20 03:14:22 <Herodes> luke-jr: In fact I just graduated as a computer engineer with top grades in programming. Not an idiot at all. But I have a strong sense of ethics and I care about other people.
1840 2011-06-20 03:14:29 <dehuman> jrmithdobbs: not even courts have that authority generally
1841 2011-06-20 03:14:30 <samlander> Herodes: but since i would never participate in a fraud, not my problem.
1842 2011-06-20 03:14:31 <Titanium123_> i bet the guy that sold them made a typo and claimed it was hacked
1843 2011-06-20 03:14:33 <Optimo> edward yang has good timing
1844 2011-06-20 03:14:35 <jrmithdobbs> dehuman: unless japanese law works completely different than all of us/eu/etc
1845 2011-06-20 03:14:37 <dehuman> jrmithdobbs: not if the contract is valid
1846 2011-06-20 03:14:37 enquire has joined
1847 2011-06-20 03:14:42 <luke-jr> Herodes: I've had my buy order in at 0.40 USD for months.
1848 2011-06-20 03:14:47 <luke-jr> Herodes: and someone was willing to sell.
1849 2011-06-20 03:14:50 <jrmithdobbs> dehuman: right and all those contracts except the initial fraudulant sale were valid
1850 2011-06-20 03:14:52 <dehuman> a valid contract is literally the law, even government cant change them, at least in US
1851 2011-06-20 03:14:55 <luke-jr> Herodes: those bitcoins are now my property
1852 2011-06-20 03:15:02 <fiverawr> Herodes: Top grades? Did you get a C++?
1853 2011-06-20 03:15:05 <Titanium123_> i had like $50 tied up in low price orders
1854 2011-06-20 03:15:09 <jrmithdobbs> dehuman: imho the safe thing to do is revert the fraudulant sales and leave the rest
1855 2011-06-20 03:15:10 <samlander> luke-jr: damn right
1856 2011-06-20 03:15:11 <Herodes> luke-jr: I don't doubt you had it in there for months hoping to get lucky.
1857 2011-06-20 03:15:12 <jrmithdobbs> tbqh
1858 2011-06-20 03:15:14 <samlander> luke-jr: HOWEVER
1859 2011-06-20 03:15:17 bobd0bb has quit (Quit: life's a bitch and then ya' die..)
1860 2011-06-20 03:15:18 N8{afk} has quit (Ping timeout: 244 seconds)
1861 2011-06-20 03:15:18 <Titanium123_> i barely graduated myself :)
1862 2011-06-20 03:15:20 <dehuman> jrmithdobbs: i agree
1863 2011-06-20 03:15:22 <Herodes> fiverawr: Straight A in C++ QT GUI programming for ince.
1864 2011-06-20 03:15:25 <Herodes> for once yes.
1865 2011-06-20 03:15:25 <dehuman> jrmithdobbs: and eat the claims as they come
1866 2011-06-20 03:15:27 <luke-jr> Herodes: actually, it was a very common price at the time I added it
1867 2011-06-20 03:15:27 <samlander> luke-jr: given everything that went on, i agree a rollback is appropriate JUST THIS ONCE
1868 2011-06-20 03:15:28 <jrmithdobbs> dehuman: and I wasn't anywhere near a computer when this was going on, so I'm not going to gain anything
1869 2011-06-20 03:15:32 <dehuman> if someone wants to sue for the orders they placed jrmithdobbs
1870 2011-06-20 03:15:33 <dehuman> let them
1871 2011-06-20 03:15:34 <fiverawr> Herodes: QT GUI? That's like VB programming.
1872 2011-06-20 03:15:37 <Herodes> but that's of no concern for what we're discussing at the moment.
1873 2011-06-20 03:15:37 <Titanium123_> my c class was awesome tho, i wasent comp-sci
1874 2011-06-20 03:15:44 <dehuman> they entered into the contract on their own accord jrmithdobbs
1875 2011-06-20 03:15:45 <samlander> luke-jr: but after the new password policy is in effect... game on
1876 2011-06-20 03:15:46 <gmaxwell> reverting exchanges is not at all unheard of.
1877 2011-06-20 03:15:50 <samlander> luke-jr: if it happens again.. fucke me
1878 2011-06-20 03:15:52 <jrmithdobbs> dehuman: yup
1879 2011-06-20 03:15:52 <samlander> fuck em
1880 2011-06-20 03:15:58 <Herodes> fiverawr: in other subjects too if it would be of any concern to you, but that's unrelated to this.
1881 2011-06-20 03:16:01 <dehuman> it'd be trivial to prove in court that they had no knowledge of fraud
1882 2011-06-20 03:16:05 <luke-jr> Herodes: also, jumping through the hoops of college makes you more likely an idiot, not less likely
1883 2011-06-20 03:16:07 <dehuman> and as such it didn't contribute to their order
1884 2011-06-20 03:16:12 <jrmithdobbs> gmaxwell: by exchanges that have specific licensing/authority to allow them to do so
1885 2011-06-20 03:16:13 <dehuman> and further mtgox isn't liable
1886 2011-06-20 03:16:16 <dehuman> QED
1887 2011-06-20 03:16:17 <jrmithdobbs> gmaxwell: p sure he does not.
1888 2011-06-20 03:16:18 <fiverawr> Herodes: I just be trollin'
1889 2011-06-20 03:16:20 <Titanium123_> in my C class I had to 'compile' into assembly a page long program, by hand
1890 2011-06-20 03:16:22 <samlander> luke-jr: that depends on whether or not it is tempered with experience
1891 2011-06-20 03:16:24 <luke-jr> fiverawr: all GUIs should be Qt
1892 2011-06-20 03:16:26 <dehuman> jrmithdobbs: that about jive?
1893 2011-06-20 03:16:30 <Titanium123_> it was 4 pages of code
1894 2011-06-20 03:16:31 <samlander> luke-jr: im a huge supporter of university in your 30's
1895 2011-06-20 03:16:34 <NxTitle> dehuman: they're suing their auditors
1896 2011-06-20 03:16:34 <Herodes> luke-jr: What's up with you. You run a pool. Behave like a man. Not like a cry baby.
1897 2011-06-20 03:16:35 <jrmithdobbs> dehuman: ?
1898 2011-06-20 03:16:36 <Titanium123_> *assembly
1899 2011-06-20 03:16:38 <fiverawr> luke-jr: I don't think GUIs should exist :P
1900 2011-06-20 03:16:40 <dehuman> thats what i would say if i was a lawyer, i just play one on the internet
1901 2011-06-20 03:16:55 <NxTitle> fiverawr: only the elite should use computars
1902 2011-06-20 03:17:06 <nuthin> so anyone know of any good papers on bcrypt?
1903 2011-06-20 03:17:07 <Titanium123_> I play Bitcoin like I play EvE
1904 2011-06-20 03:17:10 <samlander> luke: what software do you use as the backend on your pool?
1905 2011-06-20 03:17:13 <Herodes> Seems like I hit the nail perfectly on its head with all these angry people around.
1906 2011-06-20 03:17:14 <hmmmm> how is anybody liable for this...?
1907 2011-06-20 03:17:16 <NxTitle> too bad the internet is for porn
1908 2011-06-20 03:17:18 <nuthin> the ones that says bcrypt is not that great ...
1909 2011-06-20 03:17:22 <BaltarNZ> the roll back of these transactions is the only option.
1910 2011-06-20 03:17:24 <luke-jr> Herodes: I made $1000 on the market today fairly. Yet the revert would punish me for somethign I had nothing to do with.
1911 2011-06-20 03:17:24 <Titanium123_> I made 10s of B of isk in EvE with no cheats
1912 2011-06-20 03:17:25 <dehuman> jrmithdobbs: i'd say 'look i'm not reverting any but the hacked account. the rest of you had no idea it was a hack, you acted on the market, for all practical purposes it could have been organic movement and it wouldnt have mattered. you placed the orders'
1913 2011-06-20 03:17:35 <luke-jr> samlander: custom
1914 2011-06-20 03:17:35 <BaltarNZ> the other option is to close the door and everyone loses.
1915 2011-06-20 03:17:42 <samlander> Titanium123_: eve?
1916 2011-06-20 03:17:43 <Titanium123_> I made 1200 bitcoins, but only got to withdraw 600
1917 2011-06-20 03:17:44 <dehuman> nah why roll back transactions?
1918 2011-06-20 03:17:45 <Herodes> luke-jr: I never accused you of anything, and I do not know the details of your trades.
1919 2011-06-20 03:17:46 <dehuman> those are legit
1920 2011-06-20 03:17:46 rrix has joined
1921 2011-06-20 03:17:46 <Titanium123_> EvE
1922 2011-06-20 03:17:48 <jrmithdobbs> dehuman: except the whole "it was just one hacked account thing" was a lie, but ya basically
1923 2011-06-20 03:17:52 <FarmerGreene> How do you feel this will affect the Bitcoin currency, Long term?
1924 2011-06-20 03:17:54 <samlander> what is eve
1925 2011-06-20 03:17:56 <dehuman> when people made those transactions they wanted to buy or wanted to sell
1926 2011-06-20 03:17:59 Zarutian has quit (Quit: Zarutian)
1927 2011-06-20 03:18:02 <Titanium123_> EvE is like the flyign spaceship game with no rules
1928 2011-06-20 03:18:05 <FarmerGreene> It comes on the heels of the $500k wallet theft and the bitcoin trojan..
1929 2011-06-20 03:18:05 <jrmithdobbs> dehuman: but they better keep towing that line now or they're going to create further legal troubles
1930 2011-06-20 03:18:14 <Titanium123_> and 30,000 people usually in one workd at once
1931 2011-06-20 03:18:21 <Titanium123_> of 400k subscribers
1932 2011-06-20 03:18:25 <NxTitle> dehuman: he'd have to reverse all transactions or none. reversing only part of them means mtgox would have to pay out of their own pockets
1933 2011-06-20 03:18:26 <Titanium123_> fun times
1934 2011-06-20 03:18:34 <dehuman> NxTitle: thats the right thing to do
1935 2011-06-20 03:18:35 <samlander> how do you make btc in eve?
1936 2011-06-20 03:18:36 <jgarzik> <shrug>
1937 2011-06-20 03:18:38 <Herodes> even some trades on NYSE have been reversed.
1938 2011-06-20 03:18:40 <dehuman> pay out of your own pocket for your own fuck up
1939 2011-06-20 03:18:41 <jrmithdobbs> NxTitle: that's the risk he takes running an exchange
1940 2011-06-20 03:18:41 <Herodes> This is nothing new.
1941 2011-06-20 03:18:43 <jgarzik> people are relearning old security lessons
1942 2011-06-20 03:18:44 <jgarzik> sad
1943 2011-06-20 03:18:45 <dehuman> seems fitting doesn't it NxTitle ?
1944 2011-06-20 03:18:46 <lfm> samlander: its a game with electronic currency you can freely trade for real money
1945 2011-06-20 03:18:49 <dehuman> you fuck up you pay for it?
1946 2011-06-20 03:18:57 <NxTitle> dehuman: you obviously don't realize just how much money that is, then
1947 2011-06-20 03:18:58 <Titanium123_> yep
1948 2011-06-20 03:19:03 <BaltarNZ> dehuman you can only get what he has
1949 2011-06-20 03:19:08 <jrmithdobbs> NxTitle: he should have insurance
1950 2011-06-20 03:19:09 bulletbill has quit (Quit: Leaving.)
1951 2011-06-20 03:19:09 Cyde has joined
1952 2011-06-20 03:19:13 <samlander> oh, so no different then trading lindens
1953 2011-06-20 03:19:14 <samlander> got it
1954 2011-06-20 03:19:14 <jrmithdobbs> NxTitle: if he doesn't that's his own fault.
1955 2011-06-20 03:19:17 <luke-jr> jgarzik: my security wasn't compromised, but if the last 24 hours are reverted, I lose $1k
1956 2011-06-20 03:19:18 <BaltarNZ> and likely it would close the doors and a trustee would come in.
1957 2011-06-20 03:19:27 <andyfletcher> MagicalTux, Sorry to disturb you now, but I've been receiving all sorts of crap including a mail claiming to be from mtgox containing a .exe as a supposed site certificate. It may be worth adding a warning to the website about opening these files
1958 2011-06-20 03:19:27 <dehuman> NxTitle: but thats the right thing
1959 2011-06-20 03:19:28 <Herodes> dehuman: if you had your account compromized without it being your fault, i think you might have been feeling differently about it.
1960 2011-06-20 03:19:31 sgornick has quit (Quit: Leaving.)
1961 2011-06-20 03:19:33 <Blitzboom> luke-jr: have you managed to withdraw coins?
1962 2011-06-20 03:19:38 <Blitzboom> before mtgox went down
1963 2011-06-20 03:19:39 <dehuman> Herodes: dude i'
1964 2011-06-20 03:19:40 <luke-jr> Blitzboom: no
1965 2011-06-20 03:19:40 <samlander> oh for fucks sake
1966 2011-06-20 03:19:41 <dehuman> d sue
1967 2011-06-20 03:19:43 <Blitzboom> i have read that some people did
1968 2011-06-20 03:19:45 <luke-jr> Blitzboom: I didn't think it was necessary.
1969 2011-06-20 03:19:48 <Blitzboom> how can you revert that?
1970 2011-06-20 03:19:48 <samlander> andyfletcher: scammers are having a fucking hayday
1971 2011-06-20 03:19:50 <dehuman> Herodes: i'd fucking hold mtgox accountable, not other traders
1972 2011-06-20 03:19:50 <MagicalTux> andyfletcher: we will never send any rar or anything
1973 2011-06-20 03:19:52 <MagicalTux> never open those
1974 2011-06-20 03:19:56 <NxTitle> oh well, I wasn't in mtgox, sucks to be you
1975 2011-06-20 03:19:59 <samlander> andyfletcher: how much you want to be that .exe steals wallets
1976 2011-06-20 03:20:00 <Titanium123_> i withdrew the max lol,
1977 2011-06-20 03:20:01 <Herodes> andyfletcher: who's stupid enough to run an .exe they recieve through e-mail. Oh, I guess it would be a few..
1978 2011-06-20 03:20:02 <Blitzboom> MagicalTux: did people withdraw coins they bought during the selloff?
1979 2011-06-20 03:20:04 <dehuman> Herodes: you want to hold everyone accountable that just did what they were supposed to do - trade
1980 2011-06-20 03:20:08 <jrmithdobbs> so who's up for starting the canspam class action?
1981 2011-06-20 03:20:11 <dehuman> i dont see how thats far at all
1982 2011-06-20 03:20:16 <Titanium123_> yes I bought 1200 and withdrew 600
1983 2011-06-20 03:20:16 <jrmithdobbs> seeing as he disclosed contact info without optin
1984 2011-06-20 03:20:19 <MagicalTux> Blitzboom: they tried to, but didn't manage to withdraw before I stopped apache
1985 2011-06-20 03:20:23 <andyfletcher> Herodes, exactly.
1986 2011-06-20 03:20:24 <jrmithdobbs> to a trusted 3rd party
1987 2011-06-20 03:20:26 <jrmithdobbs> who then leaked it
1988 2011-06-20 03:20:27 <samlander> Titanium123_: sounds like you're coming out ahead
1989 2011-06-20 03:20:28 <hmmmm> you can't sue people for this you derp
1990 2011-06-20 03:20:31 <Blitzboom> so Titanium123_ is lying?
1991 2011-06-20 03:20:32 <Herodes> dehuman: Yes, mtGox should be held accountable.
1992 2011-06-20 03:20:33 <Titanium123_> a bit
1993 2011-06-20 03:20:35 <Titanium123_> no
1994 2011-06-20 03:20:46 <Blitzboom> well, either Titanium123_ or MagicalTux is
1995 2011-06-20 03:20:47 <quiznor> so.. "auditor" story is quite a whopper
1996 2011-06-20 03:20:48 <luke-jr> jrmithdobbs: what law does that violate?
1997 2011-06-20 03:20:49 <Titanium123_> they ar ein my wallet right now
1998 2011-06-20 03:20:53 <jrmithdobbs> luke-jr: CANSPAM
1999 2011-06-20 03:20:53 <quiznor> seriously guys
2000 2011-06-20 03:20:54 <Titanium123_> want proof
2001 2011-06-20 03:20:55 <dehuman> hmmmm: on the $$$ side you can
2002 2011-06-20 03:20:55 <Blitzboom> and i trust MagicalTux more atm :P
2003 2011-06-20 03:20:56 * andyfletcher didn't open the file but bets loads of people will
2004 2011-06-20 03:20:56 <Titanium123_> ???
2005 2011-06-20 03:20:57 <NxTitle> "In order to keep yourself secure, we recommend downloading this shiny exe file that is most definitely not a trojan. Love, Mt.Gox"
2006 2011-06-20 03:21:01 <quiznor> no one believes this auditor stuff
2007 2011-06-20 03:21:03 <dehuman> hmmm: only half of mtgox is funny money
2008 2011-06-20 03:21:04 <hmmmm> dehuman, i really find that hard to believe
2009 2011-06-20 03:21:06 <Titanium123_> someone pick a 6 digit number
2010 2011-06-20 03:21:06 <samlander> Titanium123_: as i said, sounds like you came out ahead
2011 2011-06-20 03:21:07 <jrmithdobbs> luke-jr: requires double opt-in to release contact info to *any* 3rd party
2012 2011-06-20 03:21:11 <dehuman> hmmm: the other half is USD thats actionable
2013 2011-06-20 03:21:13 <dehuman> fraud is fraud y0
2014 2011-06-20 03:21:21 <NxTitle> wait, we got spam with an exe in it? o.O
2015 2011-06-20 03:21:21 <hmmmm> then bitcoin itself is fraud
2016 2011-06-20 03:21:25 <jrmithdobbs> luke-jr: that results in marketing/etc use
2017 2011-06-20 03:21:31 <hmmmm> you get nothing for real USD
2018 2011-06-20 03:21:32 <jrmithdobbs> luke-jr: which it has due to their release to a third party
2019 2011-06-20 03:21:33 <luke-jr> jrmithdobbs: and you're sure MtGox doesn't have that in their privacy policy?
2020 2011-06-20 03:21:35 <samlander> hmmmm: go away
2021 2011-06-20 03:21:40 <lfm> Herodes: it mtgox fault people use stupid passwords?
2022 2011-06-20 03:21:46 <MagicalTux> NxTitle: some yep, the exe will steal your wallet.dat and other data (saved passwords, etc) and mail them
2023 2011-06-20 03:21:47 <jrmithdobbs> luke-jr: can't check right now obviously, but pretty sure, yes
2024 2011-06-20 03:21:49 <hmmmm> as long as it's not recognized by the government as currency, it's 'nothing'
2025 2011-06-20 03:21:51 <Titanium123_> someone pick a 6 digit number
2026 2011-06-20 03:21:52 <hmmmm> you can't sue over it
2027 2011-06-20 03:21:56 <hmmmm> nobody is liable
2028 2011-06-20 03:21:58 <samlander> hmmmm: if you want to rant about something pick up a sign and go to the street corner derpa derpa
2029 2011-06-20 03:22:02 <dehuman> lfm: yes
2030 2011-06-20 03:22:06 <hmmmm> ...
2031 2011-06-20 03:22:07 <jrmithdobbs> luke-jr: anyways, being in the privacy policy isn't enough, hence the "double" part of "double opt-in"
2032 2011-06-20 03:22:07 KuDeTa has quit (Quit: KuDeTa)
2033 2011-06-20 03:22:10 <Titanium123_> il prove I got money :)
2034 2011-06-20 03:22:18 <jrmithdobbs> luke-jr: at least one of the opt-ins must be *explicit*
2035 2011-06-20 03:22:21 <hmmmm> samlander, o.k., go waste your time and effort trying to sue mtgox then
2036 2011-06-20 03:22:22 <lfm> dehuman: I hope you're being sarcastic
2037 2011-06-20 03:22:39 <dehuman> lfm: its only your fault for usign a stupid password if someone just happens along your account and logs in without triggering max fail login attempts
2038 2011-06-20 03:22:40 <NxTitle> damn, my friend loves reverse engineering malware
2039 2011-06-20 03:22:50 <jrmithdobbs> luke-jr: he's publically stated they were released through a 3rd party he provided them to
2040 2011-06-20 03:22:52 <hmmmm> i seriously get the idea that these people are trolling
2041 2011-06-20 03:22:55 <luke-jr> jrmithdobbs: is nitpicking a Bitcoin exchange really something you want to encourage?
2042 2011-06-20 03:22:55 <jrmithdobbs> luke-jr: it's an open and shut case
2043 2011-06-20 03:22:56 <dehuman> its most certainly not your fault for using a stupid password if they got it from the site's database with hashes
2044 2011-06-20 03:22:58 <Titanium123_> most maleware is boring cookie utter stuff
2045 2011-06-20 03:23:08 <jrmithdobbs> luke-jr: for this type of security breach? yes.
2046 2011-06-20 03:23:15 <dehuman> lfm: big difference
2047 2011-06-20 03:23:15 <Herodes> lfm: no
2048 2011-06-20 03:23:19 <Titanium123_> dehuman, that is exactly the case wher eit is the user's fault and the user's fault alone
2049 2011-06-20 03:23:23 <Blitzboom> MagicalTux: if people managed to withdraw any coins they bought, the revert will bring major issues. i hope you’re right
2050 2011-06-20 03:23:31 <NxTitle> MagicalTux: so what was this whole auditing fiasco? was it a group you hired, or was it forced by a government or other entity?
2051 2011-06-20 03:23:34 <luke-jr> Blitzboom: even if they didn't.
2052 2011-06-20 03:23:45 <luke-jr> jrmithdobbs: also, MtGox is Japan, not US
2053 2011-06-20 03:23:46 <dehuman> if i guess some moron's gmail password cause its 'god' thats a big difference from me getting supposed to be secure password hashes from site in question and cracking them
2054 2011-06-20 03:23:49 <dehuman> get it right
2055 2011-06-20 03:23:58 <hmmmm> anyway, just something i'd like to point out, iterated hashing 30000000000000000000000 times won't help matters much
2056 2011-06-20 03:23:59 <jrmithdobbs> luke-jr: doesn't matter, the contact info was provided to parties in the us
2057 2011-06-20 03:23:59 <dehuman> the hash is insecure primarily, the password secondarily in that case
2058 2011-06-20 03:24:04 <jrmithdobbs> luke-jr: making him liable
2059 2011-06-20 03:24:05 <luke-jr> jrmithdobbs: irrelevant
2060 2011-06-20 03:24:10 <hmmmm> if it's a word in the dictionary, it's going to be cracked rather quickly
2061 2011-06-20 03:24:13 <hmmmm> there's no way around that
2062 2011-06-20 03:24:14 <Herodes> NxTitle: wonder who needed access to a live system with a lot of sensitive information, unless they were hired to work with stuff like that.
2063 2011-06-20 03:24:16 <jrmithdobbs> luke-jr: it is relevant. japanese gov just wont cooperate
2064 2011-06-20 03:24:22 <lfm> dehuman: sorry, I dont see it. you're saying it ok to ignore all the advice in the world about not using simple passwords and if you do you can sue someone else about it.
2065 2011-06-20 03:24:24 <jrmithdobbs> because they're bitches about this type of thing
2066 2011-06-20 03:24:37 <jrmithdobbs> luke-jr: it's relevant for the same reason he's following KYC/etc
2067 2011-06-20 03:24:46 <luke-jr> jrmithdobbs: Japan has KYC
2068 2011-06-20 03:24:55 <dehuman> lfm: you dont see the distinction of a security compromise leading to confidential password hashes being different than someone just guessing someone's weak password?
2069 2011-06-20 03:24:58 <jrmithdobbs> luke-jr: doing business with parties in the US makes you accountable to US laws
2070 2011-06-20 03:25:02 <MagicalTux> hmmmm: we won't allow users to set weak passwords anymore
2071 2011-06-20 03:25:05 <jrmithdobbs> in relation to the business transactions
2072 2011-06-20 03:25:08 <dehuman> you dont see an obvious negligence on the part of the site lfm?
2073 2011-06-20 03:25:09 <hmmmm> jrmithdobbs, how much did you lose exactly?
2074 2011-06-20 03:25:13 <jrmithdobbs> hmmmm: 0
2075 2011-06-20 03:25:14 <NxTitle> dehuman: I hope you understand how hashes work, and that making them "secure" against being usable kinda makes them useless
2076 2011-06-20 03:25:19 <hmmmm> then wtf are you so bitter for?
2077 2011-06-20 03:25:21 <dehuman> lfm: with hashes in hand it really doesnt matter what your password is
2078 2011-06-20 03:25:24 <dehuman> its just a matter of time
2079 2011-06-20 03:25:24 <hmmmm> shut up already
2080 2011-06-20 03:25:25 <jrmithdobbs> hmmmm: principle.
2081 2011-06-20 03:25:31 <lfm> dehuman: if you have a decent password it doesnt matter what hases are exposed
2082 2011-06-20 03:25:35 <luke-jr> I only lose if it's reverted. :/
2083 2011-06-20 03:25:37 <lfm> hashes
2084 2011-06-20 03:25:43 <upb> heh great day today
2085 2011-06-20 03:25:53 <Titanium123_> i win if its reverted, or if it isnt :)
2086 2011-06-20 03:25:54 <gmaxwell> dehuman: it does, e.g. if your password is 16 totally random characters you're fine for eons.
2087 2011-06-20 03:25:55 <dehuman> lfm: sure it is, md5 for instance
2088 2011-06-20 03:26:02 <NxTitle> eh, when you tell a person to set a capital letter, number and symbol, they will set "Password1!"
2089 2011-06-20 03:26:03 <dehuman> say what? 12 character salt? 12 character password?
2090 2011-06-20 03:26:07 <dehuman> how long does that really take?
2091 2011-06-20 03:26:08 <Optimo> the hashes aren't to protect from brute force it's to protect your secure password from prying eyes
2092 2011-06-20 03:26:12 FarmerGreene has quit (Quit: Page closed)
2093 2011-06-20 03:26:13 Teslah has quit (Quit: Leaving)
2094 2011-06-20 03:26:17 <Titanium123_> hashing method really really does nto matter
2095 2011-06-20 03:26:18 <Cyde> Optimo: ???
2096 2011-06-20 03:26:22 <nuthin> Optimo: wut?
2097 2011-06-20 03:26:25 <lfm> dehuman: in fact you SHOULD expect the hases to be leaked sooner or later, it always happens
2098 2011-06-20 03:26:27 <dehuman> Titanium123_: with regard to speed of cracking it does
2099 2011-06-20 03:26:33 <Cyde> I think he's talking about echo characters on password entry text boxes?
2100 2011-06-20 03:26:34 <dehuman> lfm: are you listening to yourself?
2101 2011-06-20 03:26:41 <Titanium123_> as long as its MD5 or better there is no problem
2102 2011-06-20 03:26:44 <gmaxwell> dehuman: mtgox was using 1000x md5. It's plenty slow, and perfectly fine.
2103 2011-06-20 03:26:44 <luke-jr> MtGox could always tell you your password and not allow changing it ;p
2104 2011-06-20 03:26:47 <dehuman> you should expect your confidential login credentials to be leaked lfm?
2105 2011-06-20 03:27:00 <lfm> dehuman: no one broke any 12 char passwords
2106 2011-06-20 03:27:03 <Titanium123_> yes you should expect hashes to be leaked
2107 2011-06-20 03:27:05 <nuthin> dehuman: you should prepare for it
2108 2011-06-20 03:27:09 <lfm> unless they were in a dictionary
2109 2011-06-20 03:27:13 <dehuman> lfm: yet
2110 2011-06-20 03:27:19 <dehuman> that you know of
2111 2011-06-20 03:27:22 <NxTitle> dehuman: i agree with lfm. it's better to keep security within your own hands rather than trusting someone else with it, no matter how trustworthy
2112 2011-06-20 03:27:24 <Herodes> well, anyone who got cheap bitcoins from this incident and swiftly withdrew their bitcoins (this action alone could indicate that you somehow anticipated something could be wrong with the trade) and then not contactingt mtGox and returning them after knowing the truth about the incident are plainly nothing but egoistical greedy bastards, and needs to be exposed as such creatures.
2113 2011-06-20 03:27:32 <dehuman> NxTitle: i'm not saying it isn't
2114 2011-06-20 03:27:32 <Blitzboom> what does this thing mean @gmail? http://i.imgur.com/eENNI.png
2115 2011-06-20 03:27:33 <jrmithdobbs> dehuman: noone has broken any *good* 12 char passwords from this dump yet
2116 2011-06-20 03:27:33 <lfm> dehuman: no one broke any 9 char passwords if they were decent
2117 2011-06-20 03:27:36 <gmaxwell> E.g. a few years ago ameritrade was compromised all over. As in the case, no one managed to make off with a ton of money.
2118 2011-06-20 03:27:38 <Blitzboom> is that downloading anything?
2119 2011-06-20 03:27:39 <jrmithdobbs> dehuman: it is impossible to have done so
2120 2011-06-20 03:27:39 <dehuman> i'm saying in the specific case of a site intrusion
2121 2011-06-20 03:27:50 <Blitzboom> it’s in the corner right bottom
2122 2011-06-20 03:27:58 <dehuman> where the site is compromised and credentials are used to nefarious ends, it kind of absolves you of cupability
2123 2011-06-20 03:27:58 <Blitzboom> anyone got an explanation?
2124 2011-06-20 03:28:04 RobboNZ has joined
2125 2011-06-20 03:28:06 <NxTitle> ever heard of "hope for the best but prepare for the worst"?
2126 2011-06-20 03:28:07 <nuthin> where can you check if your password has been broken jrmithdobbs ?
2127 2011-06-20 03:28:12 <dehuman> NxTitle: i do
2128 2011-06-20 03:28:13 <luke-jr> Herodes: admittedly, my trade involved no work on my part, so I'm not *too* upset by losing it
2129 2011-06-20 03:28:17 scott` has joined
2130 2011-06-20 03:28:18 <Cyde> I don't always hash my passwords, but when I do, I expect them to be compromised.
2131 2011-06-20 03:28:23 <Titanium123_> herodes, I withdrew 600 and left 300 in mtgox and sold 200 in case the value of bitcoins tanked, or soared or the site just plain died and lost my transactions, I woudl be okay
2132 2011-06-20 03:28:25 <dehuman> but i dont expect that the sites i use will lose there hashes
2133 2011-06-20 03:28:25 <luke-jr> Herodes: but what about the daytraders who skillfully made a nice profit?
2134 2011-06-20 03:28:26 <quiznor> MagicalTux is cool
2135 2011-06-20 03:28:31 <jlgaddis> Blitzboom: it means scrolls down, you have more mail in that thread
2136 2011-06-20 03:28:31 <dehuman> i use strong passwords cause its the right thing to do
2137 2011-06-20 03:28:34 <luke-jr> Herodes: they wasted their time?
2138 2011-06-20 03:28:41 <jrmithdobbs> luke-jr: completely agreed
2139 2011-06-20 03:28:43 <Titanium123_> dehuman you better start expecting that
2140 2011-06-20 03:28:43 <dehuman> its just a sad state if you expect all your sites to get hacked
2141 2011-06-20 03:28:47 Lachesis has quit (Ping timeout: 260 seconds)
2142 2011-06-20 03:28:50 <dehuman> i dont need to expect that
2143 2011-06-20 03:28:52 karnac_ has joined
2144 2011-06-20 03:28:58 <Blitzboom> jlgaddis: ok, so i don’t have to be worried as long as i don’t open any exes
2145 2011-06-20 03:28:59 <Titanium123_> then you wil get hacked a lot
2146 2011-06-20 03:28:59 <NxTitle> I don't always hash my passwords, but when I do, I save 15 percent or more on my car insurance by switching to Geico
2147 2011-06-20 03:29:03 <dehuman> Titanium123_: never once
2148 2011-06-20 03:29:06 <jrmithdobbs> luke-jr: and like I said, i made 0 money positive or negative off this
2149 2011-06-20 03:29:11 <lfm> dehuman:  so if you use a stupid password from a dictionary and just wait for the hashes to be leaked, PAYDAY! then you can sue?
2150 2011-06-20 03:29:13 <jrmithdobbs> luke-jr: this whole situation is just completely unacceptable
2151 2011-06-20 03:29:15 <Titanium123_> personally I have had my hash posted on the internet 3 times
2152 2011-06-20 03:29:18 <Herodes> It's just my opinion. And I asume not everyone agree.
2153 2011-06-20 03:29:20 <Herodes> :)
2154 2011-06-20 03:29:23 <Titanium123_> thsi is the 3rd
2155 2011-06-20 03:29:26 karnac_ has quit (Read error: Connection reset by peer)
2156 2011-06-20 03:29:32 <dehuman> lfm: sure
2157 2011-06-20 03:29:41 karnac_ has joined
2158 2011-06-20 03:29:43 <dehuman> lfm: if the site password policy didnt prevent you from using stupid password
2159 2011-06-20 03:29:46 <dehuman> its still there fault
2160 2011-06-20 03:29:46 <Titanium123_> a torrent site I was on got hacked once, and a cool forum too
2161 2011-06-20 03:29:58 <Titanium123_> its you fault for pickign a password that cah be brute forced
2162 2011-06-20 03:30:03 <Cyde> Titanium123_: Let me put it this way, I'm glad that I followed the advice to use a different password for every site and to have it be alphanumeric and punctuation and over a dozen characters.
2163 2011-06-20 03:30:10 <nuthin> dehuman: if you don't expect it, then why not store the passwords in plain text
2164 2011-06-20 03:30:15 karnac has quit (Read error: Connection reset by peer)
2165 2011-06-20 03:30:27 <Herodes> but for sure there should be safeguards in place. If one users frequently logs in from say London, and then 30mins later he logs in from Hong Kong, there should at least be some trigger in the system that alerts the account owner, perhaps through an sms.
2166 2011-06-20 03:30:29 <Titanium123_> just put it in a text file on ur decktop, thats 1,000,000 (1 000 000) times more secure than using a dictionary word
2167 2011-06-20 03:30:37 <dehuman> nuthin: cause as a site operator i dont want to know your password
2168 2011-06-20 03:30:38 <lfm> dehuman: well you have a different veiw of responsibility than most, you must be from usa where stupidity is rewarded
2169 2011-06-20 03:30:40 <hmmmm> how was the 500,000 bitcoin account targeted exactly?
2170 2011-06-20 03:30:42 <dehuman> or my employers nuthin
2171 2011-06-20 03:30:44 <hmmmm> just curious
2172 2011-06-20 03:30:58 <dehuman> lfm: from a business pov, i would be remiss if i didnt consider my responsibilities to my users
2173 2011-06-20 03:31:07 <dehuman> all these are simple solutions
2174 2011-06-20 03:31:11 <quiznor> bonjour!!
2175 2011-06-20 03:31:16 <nuthin> dehuman: yes, so what's stopping you or your employers from trying to figure out the hash?
2176 2011-06-20 03:31:17 <dehuman> as a site operator force password complexity and aging
2177 2011-06-20 03:31:24 <dehuman> the user only does waht the user is allowed to do
2178 2011-06-20 03:31:25 <dehuman> remember that
2179 2011-06-20 03:31:25 <luke-jr> dehuman: nobody has a responsibility for you to choose a sane password, other than you
2180 2011-06-20 03:31:31 <dehuman> sure they do luke-jr
2181 2011-06-20 03:31:32 jivvz has quit (Quit: Lämnar)
2182 2011-06-20 03:31:35 <hmmmm> let me get the timeline of events straight: auditor gets compromised, exports CSV of logins, cracks the password on the 500k bitcoin guy, then wash trades everything to lower the value, then withdrawls everything out
2183 2011-06-20 03:31:35 <dehuman> if i want to conduct a reputable business
2184 2011-06-20 03:31:38 <hmmmm> right?
2185 2011-06-20 03:31:39 <dehuman> say a currency exchange
2186 2011-06-20 03:31:41 <Titanium123_> your hash is probably stolen from most sites by at least an employee
2187 2011-06-20 03:31:44 <dehuman> i have a responsibility to secure passwords
2188 2011-06-20 03:31:44 <lfm> dehuman you cant make stupid people smart
2189 2011-06-20 03:31:51 <dehuman> else i put my business and everyone elses' business at risk
2190 2011-06-20 03:31:55 <dehuman> because i didnt want to protect my users
2191 2011-06-20 03:31:56 <Titanium123_> hmmm correct
2192 2011-06-20 03:31:57 <Herodes> lfm: true
2193 2011-06-20 03:32:01 <dehuman> you guys need to think out of the box
2194 2011-06-20 03:32:11 <luke-jr> dehuman: no, you need to take responsibiltiy for your own actiomns
2195 2011-06-20 03:32:17 <dehuman> it most certainly is a business or site owners responsibility to enforce a minimum security policy
2196 2011-06-20 03:32:18 <lfm> dehuman and you cant save stupid people from reaping the rewards of their stupidity
2197 2011-06-20 03:32:19 <gmaxwell> Well, I think it should have enforced less sucky passwords.
2198 2011-06-20 03:32:22 <luke-jr> if YOU set the password, it's YOUR responsibility
2199 2011-06-20 03:32:23 <dehuman> i say this as a businessman and site operator
2200 2011-06-20 03:32:27 <dehuman> jeez
2201 2011-06-20 03:32:31 manifold_ has joined
2202 2011-06-20 03:32:37 <nuthin> dehuman: right, so what we're saying is you secure them as best you can
2203 2011-06-20 03:32:41 <Cryo> you can't nerf the world because some idiot needs a helmet.
2204 2011-06-20 03:32:41 <Titanium123_> dehuman some people really could nt care less if someone steals the $1 in their account so thye use a crappy password
2205 2011-06-20 03:32:45 <dehuman> i wouldnt want some idiot users to set easily cracked passwords to destabilize the market my busienss depends on
2206 2011-06-20 03:32:46 <Optimo> it can be debated. some are more security concerned than others
2207 2011-06-20 03:32:48 <gmaxwell> I mean... 26 people with the password ..password... er.
2208 2011-06-20 03:32:55 <dehuman> its on my to ensure the security of my business, not the idiot users
2209 2011-06-20 03:33:06 <dehuman> i ahve the power as the site administrator to enforce a minimum level of security
2210 2011-06-20 03:33:11 <luke-jr> dehuman: sure, you *can* enforce strict rules for passwords
2211 2011-06-20 03:33:16 <luke-jr> but that doesn't make it your duty
2212 2011-06-20 03:33:26 <Titanium123_> the users are causing your password hash table in ur db to be a valueable target
2213 2011-06-20 03:33:26 <dehuman> i can deny the users' own stupidity a say in fucking up my business, my community, my bitcoin exchange
2214 2011-06-20 03:33:29 <minixking> and havent been accessed in over 2 months?
2215 2011-06-20 03:33:29 <dehuman> jeez
2216 2011-06-20 03:33:35 <minixking> what a load of shit
2217 2011-06-20 03:33:35 <dehuman> im all for repsonsible users
2218 2011-06-20 03:33:39 <Titanium123_> without those users noone woudl care to steal the file cuase its useless
2219 2011-06-20 03:33:41 <dehuman> but not for letting site operators off the hook
2220 2011-06-20 03:33:43 <dehuman> it takes 2
2221 2011-06-20 03:33:47 <Optimo> shame on us all for trusting a website and database with a securit you know nothing about
2222 2011-06-20 03:33:58 <dehuman> and i'm sorry as a creator of security policies in the work place it absolutely is your fault
2223 2011-06-20 03:34:03 <Cryo> put a condom on your btc
2224 2011-06-20 03:34:14 <Titanium123_> you create those stupid policies I have to follow
2225 2011-06-20 03:34:17 <bk128> luke-jr: I was using your pool for a while but was getting tons of rejected blocks and timeouts.  is that common?
2226 2011-06-20 03:34:19 <Titanium123_> I loathe you
2227 2011-06-20 03:34:26 kika_ has quit (Quit: Page closed)
2228 2011-06-20 03:34:27 <dehuman> they arent stupid Titanium123_
2229 2011-06-20 03:34:37 <dehuman> they prevent massive fuckups like you just witnessed
2230 2011-06-20 03:34:39 <Cryo> they're annoying, but necessary.
2231 2011-06-20 03:34:40 <midnightmagic> lol stupid 32-bit opencl implementation in john the ripper anyway. :)
2232 2011-06-20 03:34:41 Blitzboom_ has joined
2233 2011-06-20 03:34:44 <luke-jr> bk128: Eligius enables newer advanced features, and some miners don't implement them correctly.
2234 2011-06-20 03:34:46 <dehuman> personally i like fips 181
2235 2011-06-20 03:34:47 <Titanium123_> let me frigging have my wireless on when connected to the DMZ so I cna ge tto corporate sites
2236 2011-06-20 03:34:51 <luke-jr> bk128: #Eligius to discuss it further tho ☺
2237 2011-06-20 03:34:53 <dehuman> automated password generator
2238 2011-06-20 03:34:55 <minixking> it says on mtgox
2239 2011-06-20 03:34:56 <Titanium123_> i knwo how to secure my pc
2240 2011-06-20 03:34:58 <Optimo> dehuman: competition will be good
2241 2011-06-20 03:35:05 magn3ts has left ("Leaving")
2242 2011-06-20 03:35:07 <dehuman> apg (1)              - generates several random passwords
2243 2011-06-20 03:35:08 <minixking> that its only users that are "idle and havent been active for 2 months"
2244 2011-06-20 03:35:14 <minixking> which is going to damage their word
2245 2011-06-20 03:35:17 <luke-jr> anyhow, the scammer stole money. and there are 3 possibly parties to take the hit for it:
2246 2011-06-20 03:35:18 <Titanium123_> and I want to watch tv in the datacenter, let me use the plugs that are sitting there
2247 2011-06-20 03:35:19 <luke-jr> 1. MtGox
2248 2011-06-20 03:35:21 <dehuman> Squemdys9 (Squem-dys-NINE)
2249 2011-06-20 03:35:23 <luke-jr> 2. the victims
2250 2011-06-20 03:35:25 <Optimo> now we might pick an exchanged based on their security
2251 2011-06-20 03:35:28 <dehuman> random pronouncable passwords
2252 2011-06-20 03:35:33 <dehuman> thats weak tho
2253 2011-06-20 03:35:34 <luke-jr> 3. the legitimate traders
2254 2011-06-20 03:35:43 Blitzboom has quit (Ping timeout: 263 seconds)
2255 2011-06-20 03:35:43 <luke-jr> IMO, #3 is the worst possible chocie
2256 2011-06-20 03:35:48 <dehuman> luke-jr: i agree
2257 2011-06-20 03:35:51 <upb> yep
2258 2011-06-20 03:35:52 <dehuman> since its a trading market
2259 2011-06-20 03:35:53 <minixking> its not true in the least that entire post they have on thier site right now
2260 2011-06-20 03:35:53 <midnightmagic> luke-jr: 4: the-security-auditor -who-leaked-it's company.
2261 2011-06-20 03:35:58 <luke-jr> midnightmagic: true
2262 2011-06-20 03:36:00 <Cryo>  how do you tell a legitimate trader?
2263 2011-06-20 03:36:01 <dehuman> its pretty clearly anti its own busineess model luke-jr
2264 2011-06-20 03:36:07 <midnightmagic> My vote is #4.
2265 2011-06-20 03:36:08 <Cryo> versus a legitimate traitor?
2266 2011-06-20 03:36:14 <dehuman> to make the traders take the hit is basically sabatoging your own business
2267 2011-06-20 03:36:18 <jrmithdobbs> luke-jr: especially seeing as this compromise resulted from actions taken directly by mtgox
2268 2011-06-20 03:36:19 <dehuman> cause they will leave
2269 2011-06-20 03:36:20 <Titanium123_> those are not ramdom!!!!!!!!!!!!
2270 2011-06-20 03:36:21 <Titanium123_> https://www.fourmilab.ch/hotbits/secure_generate.html
2271 2011-06-20 03:36:24 <Titanium123_> these are random
2272 2011-06-20 03:36:25 <dehuman> and you will not ever see .65%
2273 2011-06-20 03:36:27 <Titanium123_> srsly
2274 2011-06-20 03:36:30 backwardation25 has quit (Remote host closed the connection)
2275 2011-06-20 03:36:34 <Gekz> I'd have to asy
2276 2011-06-20 03:36:34 <jrmithdobbs> luke-jr: namely, giving a "financial auditor" access to the user tables in the first place
2277 2011-06-20 03:36:37 <Gekz> what shits me the most about this dump
2278 2011-06-20 03:36:38 dbasch has quit (Quit: dbasch)
2279 2011-06-20 03:36:44 <Gekz> is that my fucking email address is getting hammered with bitcoin spam
2280 2011-06-20 03:36:51 <Titanium123_> well, I hash the random data with a salt just to be sure
2281 2011-06-20 03:36:53 <Gekz> I don't give a shit about hashed password loss
2282 2011-06-20 03:36:59 <Gekz> why is my email address plaintext.
2283 2011-06-20 03:36:59 <dehuman> anyway i'm so sick to death of the 'choose a better password arguement'
2284 2011-06-20 03:37:01 <nuthin> giving the financial auditor access to the database at all
2285 2011-06-20 03:37:02 <Titanium123_> i never gave them an email so im safe
2286 2011-06-20 03:37:04 <jrmithdobbs> luke-jr: and if it wasn't a financial auditor but another kind of auditor that he's trying to prevent having to name (read: law enforcement) he's publically lieing
2287 2011-06-20 03:37:07 <luke-jr> jrmithdobbs: IMO, whether MtGox, the auditor, or the victims take the hit, depends on details we don't know yet
2288 2011-06-20 03:37:08 <B0g4r7> mine too
2289 2011-06-20 03:37:08 <B0g4r7> o
2290 2011-06-20 03:37:10 <jrmithdobbs> luke-jr: either way, mtgox should take the hit
2291 2011-06-20 03:37:16 <luke-jr> jrmithdobbs: I'm just rather sure it *shouldn't* be the legit traders
2292 2011-06-20 03:37:31 <luke-jr> Titanium123_: the people without emails are the MOST at risk
2293 2011-06-20 03:37:38 <Titanium123_> why?
2294 2011-06-20 03:37:39 <dehuman> its about time we get onto the 'enforce a better passsword' arguement cause its already proven time and time again users wont 'choose a better password'
2295 2011-06-20 03:37:51 <jrmithdobbs> luke-jr: if it resulted from a 3rd party legitimately authorized by mtgox to have the access they had it falls on mtgox to cover it
2296 2011-06-20 03:37:54 <jrmithdobbs> imho
2297 2011-06-20 03:38:01 <gmaxwell> dehuman: well, they'll write down whatever they end up with
2298 2011-06-20 03:38:05 <gmaxwell> which would actually be okay.
2299 2011-06-20 03:38:16 <dehuman> yah its fine
2300 2011-06-20 03:38:22 <minixking> how could they post such a blatant lie to try and cover their fuckup
2301 2011-06-20 03:38:24 <minixking> seriously
2302 2011-06-20 03:38:30 <dehuman> very few people like me willing to steal passwords with shirtmasks and maglights
2303 2011-06-20 03:38:32 <Titanium123_> luke-jr, I already withdrew my money so my account is useless to me now
2304 2011-06-20 03:38:33 <Cryo> this argument has been... hashed... over since 1993.
2305 2011-06-20 03:38:33 <midnightmagic> no, many outside auditors are bonded specifically for this reason.
2306 2011-06-20 03:38:37 <jrmithdobbs> luke-jr: and that is what they're claiming
2307 2011-06-20 03:38:40 random_cat has quit (Remote host closed the connection)
2308 2011-06-20 03:38:45 <gmaxwell> minixking: what lie?
2309 2011-06-20 03:38:47 <jrmithdobbs> luke-jr: so I don't see how they can justify the revert
2310 2011-06-20 03:38:48 <dehuman> midnightmagic: yah i'd just make them eat it
2311 2011-06-20 03:38:49 <B0g4r7> How much was stolen?
2312 2011-06-20 03:38:49 <luke-jr> Titanium123_: because there's no way to confirm the account is yours
2313 2011-06-20 03:38:59 <jrmithdobbs> luke-jr: theey need to be contacting their insurance not penalizing everyone else.
2314 2011-06-20 03:39:03 <nuthin> minixking: how do you know they're lying?
2315 2011-06-20 03:39:04 <midnightmagic> B0g4r7: $1000 worth of bitcoins.
2316 2011-06-20 03:39:11 <Titanium123_> my acct will have no money
2317 2011-06-20 03:39:15 <B0g4r7> $1000 USD?
2318 2011-06-20 03:39:16 <luke-jr> jrmithdobbs: good point, actually-- something like MtGox *should* have insurance for this kind of thing
2319 2011-06-20 03:39:17 * Gekz starts changing passwords all over the place
2320 2011-06-20 03:39:17 <Titanium123_> I have it all in my bitcoin wallet
2321 2011-06-20 03:39:19 <B0g4r7> That's nothing.
2322 2011-06-20 03:39:20 <Titanium123_> http://xkcd.com/386/
2323 2011-06-20 03:39:22 <johnlockwood> 100-200 BTC
2324 2011-06-20 03:39:25 <johnlockwood> was stolen
2325 2011-06-20 03:39:26 <minixking> nuthin: i am in the hashed password list released
2326 2011-06-20 03:39:34 <jrmithdobbs> luke-jr: in the us they are required by law to, not sure about japan
2327 2011-06-20 03:39:37 <minixking> nuthin: and i was on yesterday, the day before, etc etc
2328 2011-06-20 03:39:39 <dD0T> Gekz: Your email is in there because you entered it there. There are quite a few entries in there without email.
2329 2011-06-20 03:39:40 <Titanium123_> lol I withdrew 600 myself, didnt others?
2330 2011-06-20 03:39:44 <nuthin> minixking: and?
2331 2011-06-20 03:39:47 Cablesaurus has quit (Quit: Make it idiot proof and someone will make a better idiot.)
2332 2011-06-20 03:39:49 <gmaxwell> minixking: you're misreading it.
2333 2011-06-20 03:39:54 <Gekz> dD0T: this is true, but I thought it was a required field at the time.
2334 2011-06-20 03:39:56 <midnightmagic> holy crap, lookit all the "mtgox" passwords..
2335 2011-06-20 03:39:57 <Herodes> if someone makes an error when trading, pushing the wrong button, or inputting wrong numbers. That is the account holders fault. However if someone has a password like say  "Jim_771980" and that password gets cracked because some hacker gets access to the password hash from the site in question, I can't see how that is the Users fault. He did not tell his password to anyone and as far as we know it was not stolen from his computer.
2336 2011-06-20 03:39:57 <Herodes> Then the only left to blame in this case is mtGox for not having good enough security.
2337 2011-06-20 03:39:58 <gmaxwell> minixking: it's saying the only the old accounts were unsalted.
2338 2011-06-20 03:40:21 <dehuman> Herodes: either way regardless of the password security in question
2339 2011-06-20 03:40:24 hallowworld has quit (Quit: asdf)
2340 2011-06-20 03:40:26 <dehuman> said site controls its own security policy
2341 2011-06-20 03:40:31 <dehuman> and allowed weak password
2342 2011-06-20 03:40:32 <Titanium123_> do people still type in passwords? srsly?
2343 2011-06-20 03:40:34 <Titanium123_> copy paste
2344 2011-06-20 03:40:35 <B0g4r7> gox would be a fool not to cover the loss(es).
2345 2011-06-20 03:40:40 <gmaxwell> Titanium123_++
2346 2011-06-20 03:40:41 <dD0T> Gekz: Be glad to have an event that makes you change them. Having the same password in multiple places is a bad idea anyway and you'll be safer thereafter
2347 2011-06-20 03:40:42 <Titanium123_> its 2010 for heavens sake
2348 2011-06-20 03:40:43 <johnlockwood> It looks like the plan was to crash the price, buy back a bunch and withdrawal the accounts $ limit at the lower price/BTC,
2349 2011-06-20 03:40:44 <Herodes> So what do you people suggest other than a rollbakc. If this was a mistake by the account holder, mt could check if it was from the usual ip. But if it was from another ip in another country, the likelyhood of it being a hacker is much larger.
2350 2011-06-20 03:40:49 <Cryo> the answer always ends up that users will always be stupid and use poor passwords and safety measures to protect their data.  That companies will always use young, cheap, inexperienced "hackers" to write their now exploited software in the hopes of making money to hire someone with a good clue later on to fix it before the walls come down or a breach occurs.
2351 2011-06-20 03:40:57 <midnightmagic> B0g4r7: you mean "The auditor, if he was a security auditor, would be a fool not to cover the losses."
2352 2011-06-20 03:41:03 <Titanium123_> at least save ut passwords in a passwords.txt file on desktop,
2353 2011-06-20 03:41:06 <minixking> nothin: my password was released on a site.
2354 2011-06-20 03:41:10 <minixking> nothin: unhashed
2355 2011-06-20 03:41:11 paxos has joined
2356 2011-06-20 03:41:24 <dehuman> minixking: was mine?
2357 2011-06-20 03:41:30 <dehuman> er what site i mean ;)
2358 2011-06-20 03:41:30 <erek> http://buttcoin.org/lionhat-security-taking-claim-for-mt-gox-hack-and-database-dump-taunts-owners-and-promises-next-black-friday
2359 2011-06-20 03:41:31 <johnlockwood> Or maybe they used another account as a buyer
2360 2011-06-20 03:41:32 <dehuman> mine was easy
2361 2011-06-20 03:41:33 <B0g4r7> Was it a good password?
2362 2011-06-20 03:41:40 <dehuman> no
2363 2011-06-20 03:41:46 <Gekz> dD0T: oh, no, I mean it finally spurned me to change my password in other places
2364 2011-06-20 03:41:48 <dehuman> but i didnt have anything in bitcoin
2365 2011-06-20 03:41:55 <minixking> B0g4r7: it was faily decent
2366 2011-06-20 03:41:57 <erek> hey apparently lionhat has comprimised something else, but are waiting to take action for a crash that won't be reversible this time
2367 2011-06-20 03:41:58 <dehuman> and i purposefully changed it to a bad password
2368 2011-06-20 03:42:04 <dehuman> my password was 'bitcrack'
2369 2011-06-20 03:42:17 <Herodes> i don't touch that buttcoin site with a 10 feet long pole.
2370 2011-06-20 03:42:22 <jgarzik> I would avoid buttcoin
2371 2011-06-20 03:42:27 <jgarzik> they were stealing shit through CSRF
2372 2011-06-20 03:42:28 <Herodes> for all we know he can have 0-day exploits running from his web server.
2373 2011-06-20 03:42:41 <jgarzik> erek: ^^
2374 2011-06-20 03:42:44 <erek> hey guys.. a team called lionhat is taking responsibility for the mtgox hack, and say they actually have access to something even bigger that won't be able to be reversed
2375 2011-06-20 03:42:46 <lianj> jgarzik: curl it
2376 2011-06-20 03:42:46 <Cryo> Herodes, not necessarily... the point of BitCoin was to be anonymous... which smart people would use TOR or onion or some other proxy method to avoid being fingerprinted.
2377 2011-06-20 03:42:53 <Herodes> He must be mentally disturbed (if run by an individual alone). What's up with all that hate towards bitcoin?
2378 2011-06-20 03:43:01 <gmaxwell> jgarzik: er, why the hell is the site still up then?
2379 2011-06-20 03:43:08 <vrs> http://buttcoin.org/lionhat-security-taking-claim-for-mt-gox-hack-and-database-dump-taunts-owners-and-promises-next-black-friday hah why didn't I have this idea
2380 2011-06-20 03:43:15 <minixking> erek: where are you getting this info?
2381 2011-06-20 03:43:17 <midnightmagic> Cryo: that's not necessary for a large-enough network. You don't know where a message originated.
2382 2011-06-20 03:43:19 <Herodes> Cryo: yes.
2383 2011-06-20 03:43:24 <vrs> >take claim >acquire bitcoins
2384 2011-06-20 03:43:28 <erek> minixking: the link by vrs
2385 2011-06-20 03:43:28 <Eremes> its so gay that company like MTGOX got hacked
2386 2011-06-20 03:43:30 <Eremes> lol
2387 2011-06-20 03:43:36 <jrmithdobbs> gmaxwell: because i'm the only one that bothers to contact abuse departments instead of whine
2388 2011-06-20 03:43:37 <Eremes> they must be stingy on security
2389 2011-06-20 03:43:39 <jgarzik> gmaxwell: because I don't have takedown powers for random sites on the internet?
2390 2011-06-20 03:43:45 <midnightmagic> Eremes: They didn't. An outside auditor leaked the database.
2391 2011-06-20 03:43:46 <vrs> Eremes: anybody could've written that
2392 2011-06-20 03:43:47 <jrmithdobbs> gmaxwell: and i haven't contacted their provider yet.
2393 2011-06-20 03:43:56 <vrs> err, erek
2394 2011-06-20 03:43:58 <gmaxwell> erek: tell them they are full of shit and if not tell them to forward it to a blackhole address.
2395 2011-06-20 03:43:59 <Titanium123_> use noscript and addblock at a MINIMUM
2396 2011-06-20 03:44:00 <midnightmagic> Eremes: thanks for your helpful contribution.
2397 2011-06-20 03:44:04 <Herodes> right. Only mt knows the truth, and we can only know what he says.
2398 2011-06-20 03:44:11 <Titanium123_> then u dotn get viruses 99.999%
2399 2011-06-20 03:44:15 <Herodes> What was the name of this auditor for instance, can he be reached?
2400 2011-06-20 03:44:15 <Titanium123_> I havent gotten a virus in 3 years
2401 2011-06-20 03:44:19 <Titanium123_> at least
2402 2011-06-20 03:44:22 <B0g4r7> "An outside auditor leaked the database." -- What is the source of this info?
2403 2011-06-20 03:44:23 <Titanium123_> and before that 4 years
2404 2011-06-20 03:44:24 <gmaxwell> Whats that 111111 blackhole address with the valid checksum?
2405 2011-06-20 03:44:25 <B0g4r7> 3
2406 2011-06-20 03:44:28 <gmaxwell> B0g4r7: MagicalTux
2407 2011-06-20 03:44:29 <vrs> so sure about that Titanium123_?
2408 2011-06-20 03:44:32 <Herodes> I am sure a lot of news papers would be interested in calling this auditor.
2409 2011-06-20 03:44:32 <Eremes> I never heard google got hacked
2410 2011-06-20 03:44:32 <Cryo> midnightmagic, that doesn't account for locally fingerprinting, or ISP
2411 2011-06-20 03:44:33 <jrmithdobbs> jgarzik: i do. i got walletinspector.info converted to a static png. twice. with a threat from his provider that if he changes it to anything else again while it's on their service they will pull it.
2412 2011-06-20 03:44:35 <midnightmagic> B0g4r7: uh.. go read the support site dude.
2413 2011-06-20 03:44:37 <vrs> B0g4r7: MT
2414 2011-06-20 03:44:49 <jrmithdobbs> jgarzik: and terminate all of his service.
2415 2011-06-20 03:44:57 <B0g4r7> supporters site?
2416 2011-06-20 03:45:10 <Herodes> just go to mtgox.com
2417 2011-06-20 03:45:13 <Eremes> our maybe this case just to make bitcoin more popular and sky-rocketing the price =)
2418 2011-06-20 03:45:20 <B0g4r7> :loading:
2419 2011-06-20 03:45:24 <vrs> Eremes: hardly
2420 2011-06-20 03:45:31 <midnightmagic> Herodes: Why would MtGox damage the rep of the auditor unless he was specifically aiming to do damage?
2421 2011-06-20 03:45:35 <hmmmm> who wants to bet that some members of this "lionhat security" are lurking right here, right now
2422 2011-06-20 03:45:38 <hmmmm> --
2423 2011-06-20 03:45:45 <jrmithdobbs> midnightmagic: cover up sql injection exploit?
2424 2011-06-20 03:45:49 <B0g4r7> asshat sec
2425 2011-06-20 03:45:58 Joric has quit ()
2426 2011-06-20 03:46:01 edmonds has joined
2427 2011-06-20 03:46:16 <jrmithdobbs> midnightmagic: who's to say they're even doing it on purpose? could just be *assuming* the auditor was the attack vector
2428 2011-06-20 03:46:30 <Cryo> that's a big assumption
2429 2011-06-20 03:46:31 <midnightmagic> jrmithdobbs: Why would MtGox lie about SQL injection?
2430 2011-06-20 03:46:32 <minixking> you know what
2431 2011-06-20 03:46:40 <jrmithdobbs> midnightmagic: market faith
2432 2011-06-20 03:46:41 blishchrot has joined
2433 2011-06-20 03:46:44 <upb> to cover up the lousy security :)
2434 2011-06-20 03:46:44 <erek> minixking: you've had enough, haven't you?
2435 2011-06-20 03:46:46 <minixking> that lie on the mtgox site cannot be left there
2436 2011-06-20 03:46:50 <midnightmagic> jrmithdobbs: Also, anything beyond the MtGox statement is conspiracy theory.
2437 2011-06-20 03:46:55 <erek> minixking: what lie
2438 2011-06-20 03:46:56 dfc_ has joined
2439 2011-06-20 03:47:04 karnac_ has quit (Quit: karnac_)
2440 2011-06-20 03:47:14 <jrmithdobbs> midnightmagic: just like the statement they made saying they ensured the csrf exploit wasn't ever used by verifying server logs
2441 2011-06-20 03:47:26 <Herodes> here is a writeup on the events.
2442 2011-06-20 03:47:28 <Herodes> worth a read
2443 2011-06-20 03:47:29 <Herodes> http://blog.zorinaq.com/?e=55
2444 2011-06-20 03:47:30 <minixking> that the unsalted passwords in the wild are from non current users
2445 2011-06-20 03:47:32 <jrmithdobbs> midnightmagic: which is *impossible to have done with a well executed csrf* that's why csrf is so bad in the first place.
2446 2011-06-20 03:47:35 <B0g4r7> mtgox assumed there was not a compromise at first, aside from one account.
2447 2011-06-20 03:47:37 <grndzero> everything is a conspircy these days, including the real truth
2448 2011-06-20 03:47:39 <B0g4r7> A false assumption.
2449 2011-06-20 03:47:41 <midnightmagic> jrmithdobbs: Do you have specific evidence that disproves that?
2450 2011-06-20 03:47:48 <jrmithdobbs> midnightmagic: which is *impossible to have done with a well executed csrf* that's why csrf is so bad in the first place.
2451 2011-06-20 03:47:54 <midnightmagic> jrmithdobbs: And what kind of logs do you think they keep?
2452 2011-06-20 03:47:56 <BTCTrader> jgarzik: they were stealing shit through CSRF source?
2453 2011-06-20 03:48:03 <midnightmagic> what, simple apache logs?
2454 2011-06-20 03:48:13 <Herodes> http://forum.bitcoin.org/index.php?topic=19619.0
2455 2011-06-20 03:48:16 <jrmithdobbs> midnightmagic: http, probably with referrer, which doesn't prove ANYTHING since csrf gets executed through the victim's browser
2456 2011-06-20 03:48:18 <midnightmagic> they keep enough logs to roll back the entire exchange to a prior date.
2457 2011-06-20 03:48:27 <gmaxwell> erek: give the lionhat this address: 1111111111111111111114oLvT2
2458 2011-06-20 03:48:31 <B0g4r7> db logs
2459 2011-06-20 03:48:34 <jrmithdobbs> midnightmagic: hence, it is *not povable* that it never occurred
2460 2011-06-20 03:48:37 <gmaxwell> erek: they can send their billion stolen bitcoin there
2461 2011-06-20 03:48:37 <quiznor> so lionhat hacked bitcoin? interesting
2462 2011-06-20 03:48:38 <midnightmagic> jrmithdobbs: Dude. You're assuming they keep fewer logs than necessary to make that statement without any evidence.
2463 2011-06-20 03:48:44 <gmaxwell> erek: and then no one can ever spend it again.
2464 2011-06-20 03:48:48 <Herodes> "He understands the rollback won't be popular with people who were able to pick up coins for .10 or whatever but none of those trades were legitimate so mtgox has a legal obligation to reverse the trades."
2465 2011-06-20 03:48:55 <jrmithdobbs> midnightmagic: no, I'm saying there are no logs they could have kept to make that statement with confidence
2466 2011-06-20 03:49:22 <jrmithdobbs> midnightmagic: big difference
2467 2011-06-20 03:49:29 <midnightmagic> jrmithdobbs: Unless they were talking about a specific CSRF found in the wild.
2468 2011-06-20 03:49:33 <Herodes> anyone can claim they hacked mtGox. And only a fucking fool would take credit for it. A real hacker would tell nobody.
2469 2011-06-20 03:49:33 <upb> i was wondering about that the other day aswell
2470 2011-06-20 03:49:37 <gmaxwell> jrmithdobbs: auditor logging in from HK at 3am and select * from users; ?
2471 2011-06-20 03:49:42 <midnightmagic> jrmithdobbs: Which I seem to recal was a GET.
2472 2011-06-20 03:49:48 manifold_ has quit (Remote host closed the connection)
2473 2011-06-20 03:50:04 karnac has joined
2474 2011-06-20 03:50:20 <jrmithdobbs> gmaxwell: i'm talking about the csrf denial
2475 2011-06-20 03:50:23 <alystair> http://www.youtube.com/watch?v=4YyEdny5rh8
2476 2011-06-20 03:50:25 Tim-7967 has quit (Read error: Operation timed out)
2477 2011-06-20 03:50:50 <jrmithdobbs> midnightmagic: they were talking about the two that were posted about on the forum on friday
2478 2011-06-20 03:51:02 <B0g4r7> I think a rollback is the right thing to do.
2479 2011-06-20 03:51:10 <Herodes> i agree with that one.
2480 2011-06-20 03:51:19 <samlander> aly: no shit
2481 2011-06-20 03:51:19 <Herodes> I have seen it on other markets before.
2482 2011-06-20 03:51:24 <Herodes> It is never popular though.
2483 2011-06-20 03:51:33 <gmaxwell> BlueMattBot: Tell bluemat that the wallet encryption code is insecure and to read the forum thread.
2484 2011-06-20 03:51:36 <Herodes> Esp. not among those who "got a good deal".
2485 2011-06-20 03:51:49 <B0g4r7> indeed.
2486 2011-06-20 03:52:06 <jrmithdobbs> midnightmagic: there is no way to "prove" that it was not exploited in the wild via "server logs" as he claimed in his response after fixing the issue
2487 2011-06-20 03:52:16 <BlueMattBot> gmaxwell did you mean me? Unknown command 'Tell'
2488 2011-06-20 03:52:17 <BlueMattBot> Use 'BlueMattBot: help' to get help!
2489 2011-06-20 03:52:22 arima has joined
2490 2011-06-20 03:52:24 <jrmithdobbs> midnightmagic: because the requests would have lookd like any other request from that same user.
2491 2011-06-20 03:52:29 <jrmithdobbs> midnightmagic: this is why csrf is so bady.
2492 2011-06-20 03:52:33 nanotube is now known as ninja-
2493 2011-06-20 03:52:33 <jrmithdobbs> s/bady/bad/
2494 2011-06-20 03:52:38 <midnightmagic> jrmithdobbs: unless the nature of the specific CSRF in question had specific characteristics.
2495 2011-06-20 03:52:52 sabalabas has joined
2496 2011-06-20 03:52:54 <jrmithdobbs> midnightmagic: what would these characterizations be?
2497 2011-06-20 03:52:59 ninja- is now known as nanotube
2498 2011-06-20 03:53:05 <jrmithdobbs> midnightmagic: the exploit let you reset their email (one of them)
2499 2011-06-20 03:53:33 <lfm> jrmithdobbs: unless he did figure out how it was done
2500 2011-06-20 03:53:49 <midnightmagic> jrmithdobbs: beats me. I'm just saying you're doing the same thing you claim mtgox is doing, which is making blanket statements about something you have no actual information about.
2501 2011-06-20 03:53:54 <BlueMattBot> Project Bitcoin build #59: STILL FAILING in 46 min: http://www.bluematt.me/jenkins/job/Bitcoin/59/
2502 2011-06-20 03:53:54 \LoveBeads\ has quit (Remote host closed the connection)
2503 2011-06-20 03:53:55 <BlueMattBot> * matt: Update translations and remove obsolete translations.
2504 2011-06-20 03:53:56 <BlueMattBot> * shane-github: Fix missing includes needed for Boost 1.46.
2505 2011-06-20 03:54:05 paxos has quit (Ping timeout: 258 seconds)
2506 2011-06-20 03:54:20 <jrmithdobbs> midnightmagic: no, my statements are based in experience based on ~10 years experience fixing/diagnosing this shit for clients
2507 2011-06-20 03:54:42 <jrmithdobbs> midnightmagic: there is no way to confirm a well-executed csrf was not taken advantage of based on server logs
2508 2011-06-20 03:54:54 <midnightmagic> jrmithdobbs: Do you have access to MtGox servers?
2509 2011-06-20 03:54:57 <jrmithdobbs> there are ways to confirm *it was* but not that *it was not*
2510 2011-06-20 03:55:12 <lfm> jrmithdobbs: so do you tell your clients "it must have been csrf because we have absolutly no evidence"?
2511 2011-06-20 03:55:28 <Herodes> jrmithdobbs is a man who is full of it. He talks just shit about mtGox and MagicalTux. Never trust a single word that comes from this irc-user.
2512 2011-06-20 03:55:33 <jrmithdobbs> brick wall
2513 2011-06-20 03:55:35 <jrmithdobbs> i swear
2514 2011-06-20 03:55:42 <jrmithdobbs> lfm: obviously not
2515 2011-06-20 03:55:42 * midnightmagic sighs.
2516 2011-06-20 03:55:58 <midnightmagic> dammit Herodes you're not helping.
2517 2011-06-20 03:56:04 <jrmithdobbs> Herodes: says the man who's been in the channel a whole 4 hours
2518 2011-06-20 03:56:08 <Herodes> so is not jrmithdobbs
2519 2011-06-20 03:56:21 <lfm> jrmithdobbs: it seems like you are trying to tell us tjust that
2520 2011-06-20 03:56:39 edmonds has quit (Quit: leaving)
2521 2011-06-20 03:56:42 <midnightmagic> jrmithdobbs: The point is, there is a reality in which MT's statements are true and internally consistent.
2522 2011-06-20 03:56:47 <jrmithdobbs> lfm: i'm saying that when a *confirmed csrf problem* existed there is no way to prove that it *was never used*
2523 2011-06-20 03:56:49 paxos has joined
2524 2011-06-20 03:56:54 <jrmithdobbs> lfm: the exploit was confirmed by multiple sources
2525 2011-06-20 03:57:01 <midnightmagic> jrmithdobbs: What was the nature of the second CSRF?
2526 2011-06-20 03:57:05 <jrmithdobbs> lfm: we *know* the attack vector existed.
2527 2011-06-20 03:57:23 <jrmithdobbs> lfm: with that criteria, based on server logs, there is *no way* to prove it was never used
2528 2011-06-20 03:57:30 <gentz> If bitcoi transactions are rolled back then doesn't that mean bitcoin is being regulated by a  central authority?
2529 2011-06-20 03:57:31 <jrmithdobbs> which is exactly what he claimed to do
2530 2011-06-20 03:57:38 <midnightmagic> jrmithdobbs: Only if the nature of the CSRF is non-deterministic.
2531 2011-06-20 03:57:44 <lfm> jrmithdobbs: so one of those "confirmers" finally released the fruits of their "test"?
2532 2011-06-20 03:57:58 <quiznor> gentz: bitcoin isn't being rolled back
2533 2011-06-20 03:58:05 <Herodes> gentz: only mtGox bitcoin transactions can be rolled back. bitcoin transactions on the live network cannot be rolled back.
2534 2011-06-20 03:58:12 <Gekz> what does CSRF stand for
2535 2011-06-20 03:58:14 <jrmithdobbs> midnightmagic: no
2536 2011-06-20 03:58:14 <Gekz> I have forgotten
2537 2011-06-20 03:58:17 <quiznor> cross site request forgery
2538 2011-06-20 03:58:20 <Herodes> the "bitcoin transactions" on mtgox are just numbers being shuffled in a database.
2539 2011-06-20 03:58:23 <Gekz> that's it
2540 2011-06-20 03:58:35 <gentz> Then will the price return to normal after the roll back?
2541 2011-06-20 03:58:46 <jrmithdobbs> midnightmagic: if the csrf is exploited properly there is no way to tell it was done THATS WHY CSRF IS SUCH A BAD THING
2542 2011-06-20 03:58:47 <minixking> gentz: the price is fine
2543 2011-06-20 03:58:51 <midnightmagic> jrmithdobbs: If the CSRF retrieves, specifically, 20.00001 ฿ and that never happened, then you've just chown that a specific CSRF as found in the wild DID NOT happen. And you can correlate logs for that.
2544 2011-06-20 03:59:00 <jrmithdobbs> midnightmagic: that's not what it did.
2545 2011-06-20 03:59:03 <midnightmagic> jrmithdobbs: See, that's your caveat: "exploited properly"
2546 2011-06-20 03:59:07 <minixking> gentz: the price should still be at 17.25ish a coin
2547 2011-06-20 03:59:08 <quiznor> MagicalTux: how many chix did you bukkake in japan
2548 2011-06-20 03:59:08 <lfm> gentz: mtgox sez the price will return to $17 or so, no telling what will happen after that
2549 2011-06-20 03:59:16 <Herodes> MagicalTux stated that the CSRF issues is fixed, and if you want to protect yourself from it, install for instance another browser and use only that for mtgox.com and for nothing else (low tech fix).
2550 2011-06-20 03:59:18 <jrmithdobbs> midnightmagic: yes, as in, resets or blanks the referrer
2551 2011-06-20 03:59:32 <midnightmagic> jrmithdobbs: What, specifically, did it do?
2552 2011-06-20 03:59:34 UberCookies has joined
2553 2011-06-20 03:59:42 <MagicalTux> Herodes: anyway you shouldn't browse to other sites while being logged in on a site with thousands of $ on your account
2554 2011-06-20 03:59:43 FellowTraveler has left ()
2555 2011-06-20 03:59:43 <midnightmagic> dammit, where's the thread now..
2556 2011-06-20 03:59:48 <jrmithdobbs> midnightmagic: reset the user's email was one
2557 2011-06-20 03:59:52 <Herodes> MagicalTux: I agree.
2558 2011-06-20 04:00:01 Taveren93HGK has joined
2559 2011-06-20 04:00:02 Beccara_ has joined
2560 2011-06-20 04:00:05 <MagicalTux> we set a logout delay quite short, which people have been complaining about
2561 2011-06-20 04:00:07 <minixking> magical: incogneto in chrome
2562 2011-06-20 04:00:14 <MagicalTux> minixking: yep, CtrlShiftN
2563 2011-06-20 04:00:17 <quiznor> MagicalTux is a cool guy
2564 2011-06-20 04:00:26 Beccara has quit (Quit: Leaving)
2565 2011-06-20 04:00:30 <quiznor> yes.. definitely use a separate browser session for your banking
2566 2011-06-20 04:00:31 <upb> he doesnt afraid of anything )
2567 2011-06-20 04:00:33 <jrmithdobbs> midnightmagic: it would literally look just like the user legitimately resetting their password on the server side
2568 2011-06-20 04:00:42 <jrmithdobbs> err s/password/email/
2569 2011-06-20 04:00:43 <minixking> and for all those idiots that used the same pass on all thier sites shame on you
2570 2011-06-20 04:00:44 <minixking> SHAME
2571 2011-06-20 04:01:05 <lfm> minixking: or worse
2572 2011-06-20 04:01:11 <minixking> you deserve to be marked as a crack smoker on your facebook
2573 2011-06-20 04:01:13 <Cryo> that's 99.999996% of the Intardweb
2574 2011-06-20 04:01:14 <bk128> same username :(
2575 2011-06-20 04:01:20 slux has quit (Ping timeout: 252 seconds)
2576 2011-06-20 04:01:21 <bk128> different pass though
2577 2011-06-20 04:01:27 <minixking> and the fake msg's to your parents saying you like to fuck animal is all on you
2578 2011-06-20 04:01:27 <quiznor> blaming the victim minixking?
2579 2011-06-20 04:01:31 <quiznor> why not say shame on the hacker?
2580 2011-06-20 04:01:43 <Cryo> yeh, the login/password being the same on other sites is gonna suck for a lot.
2581 2011-06-20 04:01:52 <midnightmagic> jrmithdobbs: minus the fact that it's all happening within a fraction of a second, or it's resetting to a specific email, or resetting within a period of inactivity, or, or or..
2582 2011-06-20 04:01:53 <minixking> he isnt doing something that is mentally retarded
2583 2011-06-20 04:01:58 <Herodes> minixking: It is a problem that never will be solved, honestly. Most people prefer convenience over security. Most of the general public is not concerned about security at all. So for the masses, the web site operators must enforce rules to avoid theft.
2584 2011-06-20 04:02:02 <Herodes> There is no other way.
2585 2011-06-20 04:02:11 <jrmithdobbs> midnightmagic: once again
2586 2011-06-20 04:02:17 <Herodes> You can make as many guidelines and advice as much as you want, people will be lazy and stupid anyway.
2587 2011-06-20 04:02:18 <upb> minixking: fraction of a second of what ?
2588 2011-06-20 04:02:23 Maged has quit (Remote host closed the connection)
2589 2011-06-20 04:02:24 <upb> erm midnightmagic
2590 2011-06-20 04:02:25 <jrmithdobbs> midnightmagic: there are ways to tell that *it was* eploited
2591 2011-06-20 04:02:26 <quiznor> oh pls minixking... anyone can get hacked / mugged regardless of their security protocol.  even the highest security systems like RSA were hacked
2592 2011-06-20 04:02:28 <dfc_> nits not convienence over security. its usability  over security
2593 2011-06-20 04:02:32 <lfm> midnightmagic: does it work with ht5tps too?
2594 2011-06-20 04:02:34 <jrmithdobbs> midnightmagic: there is no way to confirm that *it was not*
2595 2011-06-20 04:02:34 <Cryo> people go out of their way to be stupid... not just lazy.
2596 2011-06-20 04:02:39 <lfm> midnightmagic: does it work with https too?
2597 2011-06-20 04:03:01 dbasch has joined
2598 2011-06-20 04:03:06 <dfc_> the neat question is if you had that many bitcoins how would you launder it?
2599 2011-06-20 04:03:09 <Herodes> quiznor: right, even pentagon have been hacked, and other high profile insitutions.
2600 2011-06-20 04:03:09 kratosk has joined
2601 2011-06-20 04:03:10 <bitsnbytes> 4h19
2602 2011-06-20 04:03:13 Lenovo01 has joined
2603 2011-06-20 04:03:13 <bitsnbytes> <MagicalTux> vrs: they started moving funds to randomly created accounts, but I stop mtgox before they actually withdraw anything
2604 2011-06-20 04:03:20 <midnightmagic> lfm: beats me.
2605 2011-06-20 04:03:21 <minixking> quiz: true, but if you use seperate passwords for your seperate interests, you are not owned
2606 2011-06-20 04:03:25 Speeder has quit (Read error: Connection reset by peer)
2607 2011-06-20 04:03:45 erek has quit (Remote host closed the connection)
2608 2011-06-20 04:04:05 <luke-jr> minixking: until MtGox owns you
2609 2011-06-20 04:04:05 <dfc_> bitsnbytes: was that in response to me?
2610 2011-06-20 04:04:09 <paxos> a virus hacked my immune system last week ~ really sucked
2611 2011-06-20 04:04:23 <bitsnbytes> no, wrong channel
2612 2011-06-20 04:04:29 <midnightmagic> jrmithdobbs: Dude, look. I comprehend what you're saying. It's the spaghetti monster, no evidence thing. That's not what I'm arguing; stop and think a moment, and if you really want to verify this, we go back to the CSRF details themselves, or if we don't have them, then you're doing EXACTLY the same thing by claiming MT couldn't have legit' made that statement.
2613 2011-06-20 04:04:29 <idnar> paxos: yours too, eh
2614 2011-06-20 04:04:35 <grndzero> did they actually get cash out? I saw somewhere that they withdrew the $1000 limit, or was that a possible loss?
2615 2011-06-20 04:04:38 <idnar> paxos: we obviously need better antivirus hardware
2616 2011-06-20 04:04:45 <quiznor> midnightmagic: ?
2617 2011-06-20 04:04:59 min0r has quit (Ping timeout: 252 seconds)
2618 2011-06-20 04:04:59 Maged has joined
2619 2011-06-20 04:05:13 <jrmithdobbs> midnightmagic: i was one of th people who confirmed the exploit in the thread about it. it existed. it was exploitable in an undetectable way.
2620 2011-06-20 04:05:23 <quiznor> the thief stole a bunch of coin.. the heist will probably net him around $80K
2621 2011-06-20 04:05:26 <jrmithdobbs> midnightmagic: go ask the others in the thread that confirmed.
2622 2011-06-20 04:05:31 <quiznor> not bad for a hack...
2623 2011-06-20 04:05:38 <bk128> antivirus hardware what?
2624 2011-06-20 04:05:42 <midnightmagic> jrmithdobbs: Link the thread, lemme see those details, specifically.
2625 2011-06-20 04:05:43 <minixking> has this hit main stream media yet?
2626 2011-06-20 04:05:44 marc0polo has joined
2627 2011-06-20 04:05:57 karnac_ has joined
2628 2011-06-20 04:06:01 f33x has quit (Ping timeout: 250 seconds)
2629 2011-06-20 04:06:08 <jrmithdobbs> midnightmagic: what details do you want? it's a classic csrf, there were no special steps to execute. just simple lack of a magic token
2630 2011-06-20 04:06:12 f33x has joined
2631 2011-06-20 04:06:17 <minixking> wtf is that ipv6?
2632 2011-06-20 04:06:17 <Cryo> main stream doesn't even understand bitcoin :)
2633 2011-06-20 04:06:20 <quiznor> http://pastebin.com/4NPemHfz
2634 2011-06-20 04:06:23 karnac has quit (Read error: Connection reset by peer)
2635 2011-06-20 04:06:26 <quiznor> that was from the 14th
2636 2011-06-20 04:06:31 <luke-jr> minixking: what? you're still using IPv4?
2637 2011-06-20 04:06:31 <quiznor> "buttsec" claimed to have hacked gox
2638 2011-06-20 04:06:32 <midnightmagic> jrmithdobbs: Where? Which site? Was it a link? Javascript? What, specifically, were the details.
2639 2011-06-20 04:06:34 <jrmithdobbs> midnightmagic: reset referrer autosubmit form with javascript
2640 2011-06-20 04:06:40 <lfm> mainstream == slashdot??
2641 2011-06-20 04:06:41 <quiznor> lets face it.. the site has been compromised for weeks, possibly months
2642 2011-06-20 04:06:45 <jrmithdobbs> midnightmagic: end of exploit
2643 2011-06-20 04:06:50 <gentz>  Will bitcoin recover or is it done with afte rhits mtgov?
2644 2011-06-20 04:06:50 <quiznor> lots of ppl said their accounts were broken into prior to today
2645 2011-06-20 04:07:05 <midnightmagic> jrmithdobbs: Details. What email address, where, any delays, what interface did it use?
2646 2011-06-20 04:07:18 BTCTrader has quit (Read error: Connection reset by peer)
2647 2011-06-20 04:07:22 <phantomcircuit> http://forum.insidepro.com/viewtopic.php?p=65092&sid=d23fbc6d37e592c825f5126e201747e7
2648 2011-06-20 04:07:23 <phantomcircuit> the hash for superbitcoin uid 13 is on that forum
2649 2011-06-20 04:07:24 <jrmithdobbs> midnightmagic: i did not confirm a website in the wild was using it, I confirmed that the exploit was possible.
2650 2011-06-20 04:07:27 <kratosk> why did people keep using mtgox if they saw this coming?
2651 2011-06-20 04:07:27 <phantomcircuit> dated may 9th
2652 2011-06-20 04:07:50 <jrmithdobbs> phantomcircuit: nice.
2653 2011-06-20 04:08:00 <midnightmagic> jrmithdobbs: Ah..  THAT is different. Entirely. Now what, specifically, was MT commenting on in the thread?
2654 2011-06-20 04:08:01 <quiznor> phantomcircuit: smoking gun
2655 2011-06-20 04:08:06 <minixking> http://t.co/RYlObuM
2656 2011-06-20 04:08:12 <minixking> thats the whole list
2657 2011-06-20 04:08:17 <minixking> why do people only post half lists
2658 2011-06-20 04:08:22 <jrmithdobbs> midnightmagic: he specifically said "i have reviewed the server logs and this was never exploited"
2659 2011-06-20 04:08:26 <Herodes> hm.. so that insidepro.com is basically a place where people give password hashes and ask people to crack them ?
2660 2011-06-20 04:08:34 <gentz> where can i buy bitcoins besides mtgox?
2661 2011-06-20 04:08:35 <Herodes> and stuff likeit?
2662 2011-06-20 04:08:39 <jrmithdobbs> midnightmagic: which cannot possibly be a truthful statement since such confirmation is impossible
2663 2011-06-20 04:08:41 <phantomcircuit> Herodes, yes
2664 2011-06-20 04:08:43 <jrmithdobbs> phantomcircuit: where's your damned thread from friday
2665 2011-06-20 04:08:52 <midnightmagic> jrmithdobbs: Dude, at this point you're asking me to take your word on it. You understand why I'm interested in the thread itself?
2666 2011-06-20 04:08:54 <phantomcircuit> jrmithdobbs, he edited his comments
2667 2011-06-20 04:08:55 <upb> wow 9th
2668 2011-06-20 04:09:02 <jrmithdobbs> phantomcircuit: lol
2669 2011-06-20 04:09:14 <midnightmagic> bah
2670 2011-06-20 04:09:17 <jrmithdobbs> midnightmagic: sounds like you'll have to get theymos to pull forum backups to get the proof
2671 2011-06-20 04:09:28 <midnightmagic> I'm really not that interested.
2672 2011-06-20 04:09:28 <jrmithdobbs> midnightmagic: hence: mtgox not trustworthy.
2673 2011-06-20 04:09:32 <quiznor> yeah like i said.. the site has been compromised for weeks if not months in the latest round of hacks.. all those reports of ppl's accounts being hacked were true
2674 2011-06-20 04:09:45 <Herodes> Would there be any legitimate use for such a site? I guess it would be impossible to control anyway.. There would always be markets or forums dealing with stuff like that, and there probably are lots of them, I am not just into that "scene".
2675 2011-06-20 04:09:53 <midnightmagic> Are you certain he wasn't talking about the CSRF on the buttcoins site?
2676 2011-06-20 04:09:58 <upb> phantomcircuit: now would have been interesting to know since what time did this claimed 'auditor' have access to mtgox production db
2677 2011-06-20 04:10:09 <gmaxwell> phantomcircuit: are hashes for other users on that forum?
2678 2011-06-20 04:10:19 <quiznor> accountants dont log into mysql... they work on csvs
2679 2011-06-20 04:10:21 <quiznor> or excel
2680 2011-06-20 04:10:22 <jrmithdobbs> midnightmagic: he was specifically replying to a thread reporting a csrf that had not been located on any specific website
2681 2011-06-20 04:10:28 <quiznor> the auditor is false
2682 2011-06-20 04:10:38 <phantomcircuit> upb, he said yesterday...
2683 2011-06-20 04:10:39 <Herodes> so, then most hacks are most likely not CSRF, but rahter the leaked user info file having a password being cracked one by one.
2684 2011-06-20 04:10:39 <midnightmagic> jrmithdobbs: If I were truly that interested, I'd be bugging MT. But your statement is also incorrect if he were being earnest at the time.
2685 2011-06-20 04:10:45 <upb> phantomcircuit: so there we go ;)
2686 2011-06-20 04:10:54 <upb> bs
2687 2011-06-20 04:11:00 <jrmithdobbs> midnightmagic: if he were being earnest then he doesn't understand how csrfs work
2688 2011-06-20 04:11:07 <phantomcircuit> gmaxwell, i didn't check, and afaik that particular hash hasn't been cracked yet, so it's probably not a common password
2689 2011-06-20 04:11:09 <jrmithdobbs> midnightmagic: which is a *bigger* problem
2690 2011-06-20 04:11:10 <gmaxwell> phantomcircuit: yes.
2691 2011-06-20 04:11:15 <gmaxwell> uid 7 is there too
2692 2011-06-20 04:11:17 <Herodes> and how on earth did this not get noticed earlier?
2693 2011-06-20 04:11:17 <midnightmagic> jrmithdobbs: Or there was a miscommunication. Why are you blaming him for it?
2694 2011-06-20 04:11:28 <gmaxwell> phantomcircuit: and uid 9
2695 2011-06-20 04:11:32 <quiznor> hacksack
2696 2011-06-20 04:11:34 <phantomcircuit> gmaxwell, yeah
2697 2011-06-20 04:11:49 <dfc_> what is the csrf argument all about? it was obviously a sql injection. grep hehehe from the db
2698 2011-06-20 04:11:50 <jrmithdobbs> midnightmagic: blaming? I'm just saying i can't trust him without specific proof on anything he says in relation to issues with his site
2699 2011-06-20 04:11:53 <Herodes> that auditor should now be in severe trouble. If I was the owner of mtGox I wouldn't got lightly on him.
2700 2011-06-20 04:12:01 <quiznor> dfc_ hehehe ?
2701 2011-06-20 04:12:21 <midnightmagic> jrmithdobbs: You're saying that x is a *bigger* problem as though he misunderstands the concept itself rather than simply misunderstanding your words.
2702 2011-06-20 04:12:22 BTCTrader has joined
2703 2011-06-20 04:12:26 <upb> 783,imanikin,im@anikin.us,3a56c5b25c8c35312a645be82587f5b9
2704 2011-06-20 04:12:27 <upb> this
2705 2011-06-20 04:12:30 <quiznor> dfc_: ermm those look like ppl attempting to sql inject... but i agree it was probably an inject
2706 2011-06-20 04:12:32 <jrmithdobbs> midnightmagic: they weren't my words
2707 2011-06-20 04:12:40 <dfc_> quiznor: hehehe is the answer
2708 2011-06-20 04:12:41 <midnightmagic> jrmithdobbs: whosever words.
2709 2011-06-20 04:12:48 <Herodes> dfc_: it is claimed by mt that is was a direct read only access to the database because an auditors password to the db was compromised.
2710 2011-06-20 04:12:53 <dfc_> yeah that data should not have made it into a sql table
2711 2011-06-20 04:12:59 <upb> 2699,Scarecrow,the.scarecrow@tiscali.co.uk,32b226ea72fecea16405acd29a7a36e1
2712 2011-06-20 04:13:00 <upb> this
2713 2011-06-20 04:13:05 <midnightmagic> what's the thread? I still want to read it.
2714 2011-06-20 04:13:08 <jrmithdobbs> midnightmagic: his words were "I have reviewed the server logs and confirmed that this was never exploited"
2715 2011-06-20 04:13:13 <upb> 638,auto385916@hushmail.com,auto385916@hushmail.com,b1d875a482b179f03ba280862b63fa0e
2716 2011-06-20 04:13:13 <gmaxwell> phantomcircuit: http://www.webcitation.org/5zZdNvd65  < snapshotted.
2717 2011-06-20 04:13:16 <upb> this
2718 2011-06-20 04:13:20 <jrmithdobbs> midnightmagic: or therabouts, so, he's either lieing or doesn't understand csrf
2719 2011-06-20 04:13:22 <minixking> upb: what are you doing?
2720 2011-06-20 04:13:25 <jrmithdobbs> midnightmagic: take your choice
2721 2011-06-20 04:13:26 <Herodes> upb, yes that pwd hash right there is at http://forum.insidepro.com/viewtopic.php?p=65092&sid=d23fbc6d37e592c825f5126e201747e7
2722 2011-06-20 04:13:33 <upb> yes all those
2723 2011-06-20 04:13:35 <gmaxwell> So this is smoking proof that the passwords were compromised by May 9th!
2724 2011-06-20 04:13:36 <midnightmagic> jrmithdobbs: Dude, you're asking me to take your word on it. Why would I do that?
2725 2011-06-20 04:13:40 <Herodes> posted fri jun 17
2726 2011-06-20 04:13:43 <Herodes> that's 3 days ago.
2727 2011-06-20 04:13:56 <jrmithdobbs> midnightmagic: i can't help that smf doesn't keep change history on posts and doesn't show that a user edited their post
2728 2011-06-20 04:13:57 <phantomcircuit> midnightmagic, which thread?
2729 2011-06-20 04:14:01 <minixking> it also isnt just "idle" accounts
2730 2011-06-20 04:14:03 <dfc_> hashes are hashes they dont prove a timeline
2731 2011-06-20 04:14:03 <Herodes> gmaxwell: at least by that date.
2732 2011-06-20 04:14:11 <gmaxwell> Herodes: I said by!
2733 2011-06-20 04:14:15 <midnightmagic> phantomcircuit: the one where the csrf was discussed, even though there was a comment edit.
2734 2011-06-20 04:14:17 <minixking> a trade site has to be able to be trusted
2735 2011-06-20 04:14:21 <Herodes> gmaxwell: unless it is an elaborate framing scheme, but I don't find that so likely.
2736 2011-06-20 04:14:34 <phantomcircuit> midnightmagic, http://forum.bitcoin.org/index.php?topic=18709.0;topicseen
2737 2011-06-20 04:14:40 <minixking> A) no security B) false comforting statements
2738 2011-06-20 04:14:41 <gmaxwell> Herodes: but the framer had to have the passwords!
2739 2011-06-20 04:14:57 <midnightmagic> phantomcircuit: thank you for giving me in an instant what I've been asking for for the entire time buddy's been arguing with me about nothing.
2740 2011-06-20 04:15:18 <genewitch> anyone else get an email from 1CWSjov2N7ix41bZ8bJfHXkdLLbkUsG9Y7
2741 2011-06-20 04:15:22 <BTCTrader> http://pastebin.com/ui0nusuZ
2742 2011-06-20 04:15:24 <Herodes> gmaxwell: have you checked the corresponding entries in the leaked user info if those accounts are new or old?
2743 2011-06-20 04:15:29 <Herodes> i will check it.
2744 2011-06-20 04:15:53 <genewitch> fromA Bitcoin Supporter Bitcoin@unknown.com <--- emails i am getting with referral codes to tradehill
2745 2011-06-20 04:16:00 <minixking> https://uloadr.com/u/CF.txt
2746 2011-06-20 04:16:07 <minixking> thats a series of unhashed passes
2747 2011-06-20 04:16:20 marc0polo has quit (Quit: Page closed)
2748 2011-06-20 04:16:57 <Herodes> "gmaxwell> Herodes: but the framer had to have the passwords!"  3a56c5b25c8c35312a645be82587f5b9 belongs to user 783. So it is a very old user.
2749 2011-06-20 04:17:04 <Herodes> So it seems like a genuine hack yes.
2750 2011-06-20 04:17:10 bwr has joined
2751 2011-06-20 04:17:41 <Herodes> only other way somebody could have it was it they created all those accounts themselves. but i think it is very unlikely.
2752 2011-06-20 04:17:46 <jrmithdobbs> midnightmagic: if you scroll up you'll see i asked him for the link to his thread, i could not find it again, i was not withholding it from you
2753 2011-06-20 04:17:56 <midnightmagic> jrmithdobbs: I know you weren't.
2754 2011-06-20 04:18:02 <gmaxwell> Can someone contact forum.insidepro.com and tell them to retain logs connected to that user for use in a criminal investigaiton?
2755 2011-06-20 04:18:06 <Cryo> what would be interesting is if the auditor's machine was windows-based, and http://forum.insidepro.com/search.php?search_author=georgeclooney  the NTLM one is the initial attack vector
2756 2011-06-20 04:18:10 <bk128> yeah, anyone from tradehill here?
2757 2011-06-20 04:18:19 RazielZ has joined
2758 2011-06-20 04:18:23 <quiznor> yeah the auditor doesn't exist
2759 2011-06-20 04:18:34 <genewitch> bk128: why, cause the hackers are trying to get referrals to tradehill?
2760 2011-06-20 04:18:36 <quiznor> someone hacked the database via an sql injection / host attack
2761 2011-06-20 04:18:36 <Herodes> gmaxwell:  i will fire them an e-mail and cc mtgox
2762 2011-06-20 04:18:45 <bk128> if tradehill ever wants at least a chance at getting my business, they'll ban the fuck who is spamming everyone that referrer code
2763 2011-06-20 04:18:47 <bk128> genewitch: yeah
2764 2011-06-20 04:19:02 <minixking> http://pastebin.com/1at49uLy
2765 2011-06-20 04:19:06 <minixking> that is a much cooler list
2766 2011-06-20 04:19:16 <BTCTrader> quiznor, evidence?
2767 2011-06-20 04:19:25 <gmaxwell> minixking: whats that?
2768 2011-06-20 04:19:29 <iz> could it also just be that those happen to be common passwords.. and since it's not salted.. it's just matching a few?
2769 2011-06-20 04:19:55 <jrmithdobbs> midnightmagic: i think he opened his own thread to respond as im not seeing any response from him in that thread
2770 2011-06-20 04:19:58 <BTCTrader> holy shit minixking
2771 2011-06-20 04:20:00 <Cryo> these from the login/passwords?
2772 2011-06-20 04:20:03 <genewitch> it pisses me off that the database got jacked
2773 2011-06-20 04:20:07 <bk128> minixking: is that from the gox attack?
2774 2011-06-20 04:20:13 <genewitch> how hard is it to secure a database?
2775 2011-06-20 04:20:14 <quiznor> according to the hackers who took credit: "maybe you shouldn’t have trusted an 18 year old whose credentials include an iphone soundboard app with your offsite servers"
2776 2011-06-20 04:20:15 <johnlockwood> bk128:  I saw a post of an email response saying they at least removed all referals for that account
2777 2011-06-20 04:20:15 <minixking> yes
2778 2011-06-20 04:20:17 <quiznor> who's this 18 year old?
2779 2011-06-20 04:20:24 <minixking> that is people getting owned as a result of gox
2780 2011-06-20 04:20:24 <bk128> johnlockwood: ok thanks
2781 2011-06-20 04:20:24 <gentz> Where can I sell my bitcoins
2782 2011-06-20 04:20:37 <wasabi1> Am I right that 'target' returned by getwork is simply backwards?
2783 2011-06-20 04:20:38 <gmaxwell> minixking: ah
2784 2011-06-20 04:20:38 <jrmithdobbs> midnightmagic: anyways, to prove my point look for cuddlefish's thread about general CSRF warnings, he called out bitoption.com (iirc) and they responded professionally and appropriately and fixed the issue and notified users
2785 2011-06-20 04:20:44 <midnightmagic> jrmithdobbs: looks like he was quoted in an email (unverifiable) and the IRC quote was a paraphrase or an actual quote on #bitcoin-otc..  upb paraphrased it and the paraphrase was quoted in the thread.
2786 2011-06-20 04:20:45 <bk128> minixking: I'm not in that list :)
2787 2011-06-20 04:20:46 <wasabi1> Or are the hashes reversed?
2788 2011-06-20 04:21:00 <genewitch> jrmithdobbs: he found a lot more than just bitoption
2789 2011-06-20 04:21:03 <minixking> bk128: guessing you didnt use the same pass on every site
2790 2011-06-20 04:21:09 <quiznor> csrf's are low hanging fruit
2791 2011-06-20 04:21:11 <jrmithdobbs> midnightmagic: also refer to my post about clearcoin, gavin's response was appropriate and professional
2792 2011-06-20 04:21:11 <johnlockwood> ooh another idiot spammer with th referals
2793 2011-06-20 04:21:30 <enquire> learning about password managers, keepass for example - i should install it on every computer i login?
2794 2011-06-20 04:21:36 <jrmithdobbs> midnightmagic: no he posted another thread, let me keep looking for it
2795 2011-06-20 04:21:40 <gmaxwell> johnlockwood: fucking trade hill. I've had a dozen of those messages. I will not do business with those losers.
2796 2011-06-20 04:21:43 <midnightmagic> jrmithdobbs: I thought we were arguing about whether MT was knowingly claiming a negative proof?
2797 2011-06-20 04:21:45 erik__ has quit (Quit: Page closed)
2798 2011-06-20 04:21:47 <enquire> not convenient and not secure :(
2799 2011-06-20 04:22:05 <jrmithdobbs> midnightmagic: what I'm saying is, I have no reason to be lieing about his response or i'd lie about gavin's earlier as well for instance
2800 2011-06-20 04:22:20 <midnightmagic> jrmithdobbs: No, I know you aren't lying either.
2801 2011-06-20 04:22:41 <Cryo> http://192.168.10.1:admin:5409551991
2802 2011-06-20 04:22:43 <jrmithdobbs> midnightmagic: tux on the other hand, has every reason to be obtuse and obscure the facts and has been doing so
2803 2011-06-20 04:22:44 <Cryo> lol
2804 2011-06-20 04:22:48 <bk128> minixking: will they eventually get all the passwords?  even if mine is 9 char upper case, lower case, numbers and symbols mixed?
2805 2011-06-20 04:22:55 <genewitch> gmaxwell: tradehill isn't spamming they wouldn't need referral codes
2806 2011-06-20 04:22:56 <bk128> or just common passes
2807 2011-06-20 04:23:01 kgo has left ("Leaving")
2808 2011-06-20 04:23:04 <midnightmagic> jrmithdobbs: But I'm kind of wittgensteinian about communication and miscommunication. I am 100% certain that a huge and unknown percentage of all communication is miscommunication.
2809 2011-06-20 04:23:11 <genewitch> bk128: https://www.grc.com/haystack.htm
2810 2011-06-20 04:23:14 <gmaxwell> genewitch: I know it's not tradehill, they're only _paying_ for the spamming.
2811 2011-06-20 04:23:17 <genewitch> bk128: that'll tell you
2812 2011-06-20 04:23:20 <nuthin> bk128: will probably get everyone in time
2813 2011-06-20 04:23:26 <nuthin> at least if it's only 9 chars
2814 2011-06-20 04:23:27 <midnightmagic> jrmithdobbs: I personally think, at the moment, that's being a little harsh on him.
2815 2011-06-20 04:23:28 <gmaxwell> nuthin: nah..
2816 2011-06-20 04:23:30 <genewitch> gmaxwell: well that can only hurt tradehill, so what's the problem
2817 2011-06-20 04:23:32 <wasabi1> I finally have a sha algo that works. gosh.
2818 2011-06-20 04:23:42 <gmaxwell> 9 is somewhat bad if they target you specifically
2819 2011-06-20 04:23:58 <gmaxwell> but even then not really.
2820 2011-06-20 04:24:12 <minixking> bk128: whats you name in the file, i will target you specifically, unhash it and post it.
2821 2011-06-20 04:24:12 <genewitch> a password like The/Black/Baron/$ is nearly impossible to crack
2822 2011-06-20 04:24:13 <quiznor> i am from france
2823 2011-06-20 04:24:13 <jrmithdobbs> midnightmagic: considering user password hashes are being found from the dump posted as far back as may 9th on public forums, I think taking everything he says about these issue with a grain of salt is advisable
2824 2011-06-20 04:24:22 <gmaxwell> We were assuming you needed 10 to be safe but we were also assuming 35 billion hps and thats actually not a good number.
2825 2011-06-20 04:24:25 <Cryo> business is ruthless... why would it surprise anyone that tradehill would spam mtgox users?
2826 2011-06-20 04:24:31 <genewitch> even the-big-dog. is nearly impossible to crack
2827 2011-06-20 04:24:36 <quiznor> tradehill is loving this
2828 2011-06-20 04:24:42 <quiznor> they have a strong financial incentive to take out gox
2829 2011-06-20 04:24:45 <bk128> minixking: bk128
2830 2011-06-20 04:24:46 <genewitch> Cryo: THEY'RE NOT
2831 2011-06-20 04:24:48 <gmaxwell> because whitepixel does 1x md5 cracking, not 1000x and it gets a lot of speedup by being able to undo the last ~20x rounds of md5.
2832 2011-06-20 04:24:55 <quiznor> "blame the affiliates?" lol
2833 2011-06-20 04:24:57 <midnightmagic> jrmithdobbs: he hasn't said any dates that are incorrect, has he?
2834 2011-06-20 04:24:59 <quiznor> thats like "blame the auditor!"
2835 2011-06-20 04:25:01 <quiznor> BS!
2836 2011-06-20 04:25:01 <genewitch> Cryo: they wouldn't use referral codes. if anything it's the second link in the email that is the real culprit
2837 2011-06-20 04:25:09 <bk128> minixking: can you not post it publicly :)
2838 2011-06-20 04:25:12 <midnightmagic> jrmithdobbs: are you perhaps implying that he knew about it much earlier?
2839 2011-06-20 04:25:17 <gmaxwell> genewitch: they're just paying the spammers by having the referal system in the first place.
2840 2011-06-20 04:25:33 <genewitch> gmaxwell: that only hurts them, and that's if they pay out to spammers, which i doubt
2841 2011-06-20 04:25:41 <gmaxwell> jrmithdobbs: not may 9th.
2842 2011-06-20 04:25:45 * midnightmagic votes to kick quiznor for his bukkake statement earlier.
2843 2011-06-20 04:25:56 <gmaxwell> jrmithdobbs: thats when the account was created. first it asked about NTLM hashes.
2844 2011-06-20 04:25:56 nocreativenick1 has quit (Read error: Connection reset by peer)
2845 2011-06-20 04:25:58 * Gekz votes for more bukkake
2846 2011-06-20 04:26:01 <phantomcircuit> jrmithdobbs, i was wrong about the date, it was posted may 17th
2847 2011-06-20 04:26:06 <jrmithdobbs> gmaxwell: ah
2848 2011-06-20 04:26:09 <phantomcircuit> jrmithdobbs, i mistakenly looked at his join date
2849 2011-06-20 04:26:09 <gmaxwell> jrmithdobbs: PostPosted: Fri Jun 17, 2011 5:21 am    Post subject:
2850 2011-06-20 04:26:10 <jrmithdobbs> phantomcircuit: close enough
2851 2011-06-20 04:26:15 Blitzboom_ is now known as Blitzboom
2852 2011-06-20 04:26:22 Blitzboom has quit (Changing host)
2853 2011-06-20 04:26:22 Blitzboom has joined
2854 2011-06-20 04:26:26 nocreativenick1 has joined
2855 2011-06-20 04:26:28 <gmaxwell> phantomcircuit: June.
2856 2011-06-20 04:26:30 <minixking> http://pastebin.com/1at49uLy
2857 2011-06-20 04:26:31 <bk128> minixking: says 2.5 months offline fast attack scenario
2858 2011-06-20 04:26:35 <minixking> damn paste
2859 2011-06-20 04:26:38 <phantomcircuit> gmaxwell, er yeah
2860 2011-06-20 04:26:39 <jrmithdobbs> midnightmagic: i'm saying, not implying, that his analysis of the situation is incomplete/incompetant at best and dishonest at worst.
2861 2011-06-20 04:26:49 <phantomcircuit> gmaxwell, <-- needs to sleep but cant
2862 2011-06-20 04:26:51 <iz> gmaxwell: how many of the unsalted password hashes matched?  it could just be those are common passwords, right?
2863 2011-06-20 04:26:59 <RobboNZ> this bitcoin market is completely mad
2864 2011-06-20 04:27:03 <phantomcircuit> iz, definitely not
2865 2011-06-20 04:27:08 <gmaxwell> iz: I checked 6.
2866 2011-06-20 04:27:10 <midnightmagic> jrmithdobbs: But you don't know his analysis; all you see is what I can see, and what I can see is incomplete.
2867 2011-06-20 04:27:13 paupau has joined
2868 2011-06-20 04:27:17 <iz> hmm.. 6 is a lot
2869 2011-06-20 04:27:20 <gmaxwell> iz: seems really unlikely.
2870 2011-06-20 04:27:31 <iz> well.. if they are unsalted and common passwords
2871 2011-06-20 04:27:40 <gmaxwell> iz: and they aren't common or they would have been reversed.
2872 2011-06-20 04:27:41 Cusipzzz has quit (Quit: KVIrc 4.0.2 Insomnia http://www.kvirc.net/)
2873 2011-06-20 04:27:44 <quiznor> what about vaginacoin.. who's mining them
2874 2011-06-20 04:27:46 <gmaxwell> iz: and see the replies.
2875 2011-06-20 04:27:49 <quiznor> and when will hookers start accepting it
2876 2011-06-20 04:27:50 <iz> ah, yeah
2877 2011-06-20 04:27:53 * midnightmagic sighs.
2878 2011-06-20 04:27:53 <gmaxwell> can we +b quiznor ?
2879 2011-06-20 04:28:00 <midnightmagic> jgarzik? can you op me or something?
2880 2011-06-20 04:28:01 <quiznor> ban gmaxwell for being a pussy
2881 2011-06-20 04:28:18 <minixking> i have been told that more than half has been reversed
2882 2011-06-20 04:28:26 <minixking> i trust the source
2883 2011-06-20 04:28:30 <gmaxwell> minixking: of the mtgox passwords? very very unlikely.
2884 2011-06-20 04:28:33 * midnightmagic points jgarzik at quiznor.
2885 2011-06-20 04:28:37 <gmaxwell> minixking: maybe of the unhashed ones
2886 2011-06-20 04:28:47 B0g4r7_ has joined
2887 2011-06-20 04:28:50 <genewitch> quiznor: no one in here
2888 2011-06-20 04:28:53 <gmaxwell> minixking: but the hashed ones. Not a chance.
2889 2011-06-20 04:29:01 <bk128> minixking: get mine yet? :p
2890 2011-06-20 04:29:15 <minixking> bk: bongz come first
2891 2011-06-20 04:29:16 lessPlastic has joined
2892 2011-06-20 04:29:20 <bk128> okay
2893 2011-06-20 04:29:24 <minixking> im just enjoying the chaos
2894 2011-06-20 04:29:33 <minixking> throwing in a few logs when the fire dies down
2895 2011-06-20 04:29:43 <quiznor> midnightmagic - go blow gmaxwell you pussy!
2896 2011-06-20 04:29:44 <bk128> haha
2897 2011-06-20 04:30:40 <midnightmagic> brutal.. where's an op when you need him.
2898 2011-06-20 04:30:49 B0g4r7 has quit (Ping timeout: 250 seconds)
2899 2011-06-20 04:30:49 B0g4r7_ is now known as B0g4r7
2900 2011-06-20 04:30:55 <quiznor> yes. i demand an op to kick this flaming piece of shit known as midnightmagic
2901 2011-06-20 04:31:15 <elnato> just in time! http://techland.time.com/2011/06/17/japan-criminalizes-cybercrime-make-a-virus-get-three-years-in-jail/
2902 2011-06-20 04:31:16 <elnato> lol
2903 2011-06-20 04:31:24 <jrmithdobbs> midnightmagic: FOUND IT
2904 2011-06-20 04:31:28 <jrmithdobbs> fuck smf's search capabilities
2905 2011-06-20 04:31:29 <jrmithdobbs> ugh
2906 2011-06-20 04:31:30 <jrmithdobbs> midnightmagic: http://forum.bitcoin.org/index.php?topic=18858.msg236952#msg236952
2907 2011-06-20 04:31:31 bk128 has left ()
2908 2011-06-20 04:31:32 <ne0futur>  /msn chanserv access #bitcoin-dev list
2909 2011-06-20 04:31:37 <ne0futur> to find an op
2910 2011-06-20 04:31:37 <midnightmagic> yeah, smf seach bites.
2911 2011-06-20 04:31:38 paxos has quit (Quit: Leaving.)
2912 2011-06-20 04:31:40 <genewitch> so if i am on that mtgox list, and i know my password, can i figure out the salt and get everyone else's password?
2913 2011-06-20 04:31:46 <midnightmagic> thanks for link
2914 2011-06-20 04:31:46 <Herodes> I hope these idiotic hacker teenagers or whoever they are get to serve som real jail time.
2915 2011-06-20 04:31:47 <jrmithdobbs> "There was indeed a CSRF vulnerability in the "change email" and "send funds" features, however we verified the logs of the webserver and could confirm neither were ever exploited, except by the people who discovered it."
2916 2011-06-20 04:31:54 <csshih> nope genewitch
2917 2011-06-20 04:32:06 <jrmithdobbs> midnightmagic: :)
2918 2011-06-20 04:32:51 <midnightmagic> ne0futur: none of them are reading at the moment, or it would've been corrected by now
2919 2011-06-20 04:33:39 <upb> yeah the more correct wording would have been 'and could not confirm that either were exploited' ;)
2920 2011-06-20 04:33:45 hahuang65 has quit ()
2921 2011-06-20 04:33:49 <genewitch> Herodes: doubtful, no one's caught the PSN hackers and that alledgedly caused 51 million in damages
2922 2011-06-20 04:34:03 trocko has joined
2923 2011-06-20 04:34:05 <ne0futur> midnightmagic: tell them to recruit more ops . . . we have like 30 ops on -otc
2924 2011-06-20 04:34:06 <genewitch> what's a bunch of fake money to a DA
2925 2011-06-20 04:34:16 <quiznor> yeah seriously
2926 2011-06-20 04:34:23 <quiznor> when is midnightmagic gonna be banned for being a pussy?
2927 2011-06-20 04:34:25 <ne0futur> with big channels, 700 users  . . .
2928 2011-06-20 04:34:32 <genewitch> most are bots
2929 2011-06-20 04:34:35 <ne0futur> you need ops in every timezone
2930 2011-06-20 04:34:35 <quiznor> this is absurd. everyone /ignore midnightmagic
2931 2011-06-20 04:34:38 <jrmithdobbs> midnightmagic: that post indicates a misunderstanding of how csrfs work to me, combined with the fact that it took phantomcircuit almost a week to get ahold of him to report it and ended up having to *post it on the forums* to get a response smells fishy to me.
2932 2011-06-20 04:34:39 <quiznor> this guy's a punk
2933 2011-06-20 04:34:50 <trocko> ./ignore midnightmagic
2934 2011-06-20 04:35:38 <genewitch> XX01XX: did you get in trouble :-(
2935 2011-06-20 04:35:54 <upb> 'As a reminder we assume no responsibility should your funds be stolen by someone using your own password.'
2936 2011-06-20 04:35:55 Hachima has joined
2937 2011-06-20 04:35:58 <upb> :D
2938 2011-06-20 04:36:01 blaupunk has joined
2939 2011-06-20 04:36:27 ^1bitc0inplz has left ()
2940 2011-06-20 04:36:29 <jrmithdobbs> midnightmagic: i'm not screaming "6/19 WAS AN INSIDE JOB" froom the rooftops or anything, but right this moment it is my belief that tux is either actively spreading misinformation or honestly does not understand these issues he is faced with.
2941 2011-06-20 04:36:51 <jrmithdobbs> midnightmagic: neither of which is acceptable in someone running a service such as this.
2942 2011-06-20 04:36:52 xinx has quit (Remote host closed the connection)
2943 2011-06-20 04:36:54 <midnightmagic> jrmithdobbs: the other possibility is that English is not dude's first language, or it was a mis-speak. I don't think there's enough evidence to ascribe it to conspiracy just yet.
2944 2011-06-20 04:36:54 <quiznor> gox never responded to all the claims of accounts being hacked over the past few weeks on the forums. what more direct evidence do you need that the site has been compromised for a long time?
2945 2011-06-20 04:37:04 bmwiedemann has joined
2946 2011-06-20 04:37:15 <quiznor> a conspiracy of one? lol
2947 2011-06-20 04:37:32 <Cryo> jrmithdobbs, what I found odd about that thread was the MD5 part, with the assumption that in the other thread it was mentioned (it wasn't). so how did man from the future know it was md5?
2948 2011-06-20 04:37:40 <paupau> Also he never deined beating his wife.
2949 2011-06-20 04:37:43 <paupau> denied*
2950 2011-06-20 04:37:45 <midnightmagic> jrmithdobbs: I know you're not doing that. I just think he's being vague and incomplete, and honestly, it's more than we'd get from any other company, including places like Google or Sony.
2951 2011-06-20 04:37:58 Netto has quit (Ping timeout: 246 seconds)
2952 2011-06-20 04:38:11 <Taveren93HGK> guys i'm curious - how is it that when i logged into deepbit it warned me that i should change my password because i had used the same one at mtgox; i thought the mtgox passwords were hashed?
2953 2011-06-20 04:38:13 gribble has joined
2954 2011-06-20 04:38:14 <jrmithdobbs> midnightmagic: combined with his claim earlier today on the support page that claimed "it was only one compromised account" after people have been reporting possibly compromised accounts for over a week ....
2955 2011-06-20 04:38:14 <enquire> genewitch: you don't need this, salt is in plain text - all characters before the second $
2956 2011-06-20 04:38:20 <quiznor> paupau: someone accused him of beating his wife? lol
2957 2011-06-20 04:38:20 <jrmithdobbs> midnightmagic: the whole thing smells fishy to me
2958 2011-06-20 04:38:25 <Yahovah> Taveren93HGK: They are being reversed.
2959 2011-06-20 04:38:27 <nanotube> ;;op midnightmagic
2960 2011-06-20 04:38:27 <minixking> atleast some people are changing their passwords
2961 2011-06-20 04:38:29 <genewitch> enquire: so you have the password already?
2962 2011-06-20 04:38:38 <jrmithdobbs> midnightmagic: ESPECIALLY since he didn't respond AT ALL publically until after phantomcircuit posted the previously mentioned thread.
2963 2011-06-20 04:38:38 <minixking> cant login to everyones facebook listed still
2964 2011-06-20 04:38:46 <Taveren93HGK> Yahovah - i'm not sure what you're saying
2965 2011-06-20 04:38:52 <Cryo> you used teh same password on different exchanges?
2966 2011-06-20 04:38:56 JakeMates has left ()
2967 2011-06-20 04:38:59 <jrmithdobbs> midnightmagic: when doing so would have been in his best interest.
2968 2011-06-20 04:39:02 <enquire> genewitch: i cracked some passwords ... mine is strong enough i guess )
2969 2011-06-20 04:39:07 <Taveren93HGK> no, i used the same password on a mining pool as an exchange that had no money in it
2970 2011-06-20 04:39:08 lessPlastic has quit (Quit: lessPlastic)
2971 2011-06-20 04:39:11 <paupau> Screw you guys. I'm going to start my own exchange. Blackjack only.
2972 2011-06-20 04:39:14 <Yahovah> Taveren93HGK: You can reverse a one-way-hash by brute forcing input into the hash function.
2973 2011-06-20 04:39:17 Pinion has joined
2974 2011-06-20 04:39:34 <Cryo> they might be trying to be proactive.
2975 2011-06-20 04:39:40 <Cryo> (but failing)
2976 2011-06-20 04:39:47 <genewitch> enquire: i went through and put in 12 char passwords on everything important
2977 2011-06-20 04:39:53 <samlander> Yahovah: the salt is problematical
2978 2011-06-20 04:39:59 <samlander> Yahovah: but not impossible
2979 2011-06-20 04:40:07 TheZimm has quit (Quit: When will we learn?)
2980 2011-06-20 04:40:08 <bmwiedemann> rainbow tables can reverse unsalted MD5 rather quickly. and mtgox wrote that old accounts still had that.
2981 2011-06-20 04:40:09 <Taveren93HGK> i assumed as much
2982 2011-06-20 04:40:12 <genewitch> lol pretty awesome midnightmagic
2983 2011-06-20 04:40:26 <StephenFalken> human nature at its worse
2984 2011-06-20 04:40:27 StephenFalken has left ()
2985 2011-06-20 04:40:49 <dude65535>   All accounts with an unsalted hash were idle for over 2 months
2986 2011-06-20 04:40:50 lessPlastic has joined
2987 2011-06-20 04:40:53 <paupau> Lol moving to SHA-512
2988 2011-06-20 04:41:02 <copumpkin> BIG NUMBERS MUST BE SECURE
2989 2011-06-20 04:41:04 <paupau> Just use bcrypt goddammit
2990 2011-06-20 04:41:05 <copumpkin> EVERYONE KNOWS THAT
2991 2011-06-20 04:41:07 <genewitch> why is the salt stored in the same table as the password
2992 2011-06-20 04:41:19 grndzero has left ()
2993 2011-06-20 04:41:27 <jrmithdobbs> genewitch: that is not a problem
2994 2011-06-20 04:41:29 <midnightmagic> genewitch: too much?
2995 2011-06-20 04:41:30 <paupau> the salt is not for secrecy
2996 2011-06-20 04:41:34 <jrmithdobbs> the point of the salt isn't to be secret
2997 2011-06-20 04:41:39 <paupau> you could have the salt table on a public-facing website
2998 2011-06-20 04:41:50 <genewitch> doesn't sound like it
2999 2011-06-20 04:41:54 <paupau> and the security wouldn't be affected
3000 2011-06-20 04:41:58 <B0g4r7> By keeping the salt secret things could be made more difficlud for an attacker.
3001 2011-06-20 04:42:12 <enquire> i'm thinking of keepass but it seems even less secure
3002 2011-06-20 04:42:17 <B0g4r7> But there's a lot of "could have"s
3003 2011-06-20 04:42:18 <jrmithdobbs> B0g4r7: but anything that needs the hash needs the salt so you accomplish nothing by splitting up storage
3004 2011-06-20 04:42:30 <jrmithdobbs> B0g4r7: so anything that can read the hash can read the salt
3005 2011-06-20 04:42:32 <enquire> i should carry all my passwords everywhere, even on untrusted computers
3006 2011-06-20 04:42:35 <paupau> Theoretically I guess, but in that case the data isn't really acting like a salt but like an encryption key
3007 2011-06-20 04:42:42 <jrmithdobbs> so anything that would have compromised the hash WOULD HAVE STILL COMPROMISED THE SALT
3008 2011-06-20 04:42:45 <jrmithdobbs> catching on?
3009 2011-06-20 04:42:47 <paupau> you could use it for both possibly SOMEHOW probably
3010 2011-06-20 04:42:57 <paupau> but that confuses the nature of what a salt does
3011 2011-06-20 04:43:05 <genewitch> what good is the salt then
3012 2011-06-20 04:43:13 <paupau> the salt is to protect against rainbow tables
3013 2011-06-20 04:43:14 <paupau> that's it
3014 2011-06-20 04:43:14 <Cryo> makes food taste better]
3015 2011-06-20 04:43:15 lessPlastic has quit (Client Quit)
3016 2011-06-20 04:43:17 <jrmithdobbs> genewitch: prevents parallelizing brute force attacks
3017 2011-06-20 04:43:23 <paupau> er that too
3018 2011-06-20 04:43:29 <genewitch> what? how
3019 2011-06-20 04:43:36 <enquire> genewitch: you can't use pregenerated rainbow tables
3020 2011-06-20 04:43:40 <jrmithdobbs> genewitch: eg, you must focus on one specific hash and work done to brute force that hash will not apply to the other hashes stored in the same place
3021 2011-06-20 04:43:52 <genewitch> brute force is just trying passwords
3022 2011-06-20 04:43:55 <B0g4r7> (or stored in different places)
3023 2011-06-20 04:43:58 <dude65535> There is a diffrent salt for each password so you must brute force eash seperatly
3024 2011-06-20 04:44:04 <genewitch> rainbow tables aren't brute force
3025 2011-06-20 04:44:10 <jrmithdobbs> genewitch: yes they are
3026 2011-06-20 04:44:13 <copumpkin> they were generated by brute force
3027 2011-06-20 04:44:18 <paupau> same difference
3028 2011-06-20 04:44:20 <jrmithdobbs> they're precomputed bruteforce
3029 2011-06-20 04:44:22 <bmwiedemann> with unsalted hashes, you do echo -n abc123| md5sum and can find the hash on google :)
3030 2011-06-20 04:44:24 <paupau> they are functionally equivalent
3031 2011-06-20 04:44:33 <B0g4r7> rainbow tables implement a time/memory tradeoff
3032 2011-06-20 04:44:34 <minixking> if you just require some kind of server+client side security certificate, then problem solved, i wish they had a protocol for that.
3033 2011-06-20 04:44:42 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3034 2011-06-20 04:44:42 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3035 2011-06-20 04:44:42 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3036 2011-06-20 04:44:42 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3037 2011-06-20 04:44:45 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3038 2011-06-20 04:44:45 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3039 2011-06-20 04:44:45 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3040 2011-06-20 04:44:45 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3041 2011-06-20 04:44:48 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3042 2011-06-20 04:44:48 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3043 2011-06-20 04:44:48 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3044 2011-06-20 04:44:48 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3045 2011-06-20 04:44:49 <copumpkin> o.O
3046 2011-06-20 04:44:50 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3047 2011-06-20 04:44:50 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3048 2011-06-20 04:44:50 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3049 2011-06-20 04:44:50 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3050 2011-06-20 04:44:52 trocko is now known as hahahah
3051 2011-06-20 04:44:53 <hahahah> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3052 2011-06-20 04:44:54 <hahahah> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3053 2011-06-20 04:44:54 <hahahah> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3054 2011-06-20 04:44:54 <hahahah> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3055 2011-06-20 04:44:55 <paupau> okay.jpg
3056 2011-06-20 04:44:56 hahahah is now known as hahah4
3057 2011-06-20 04:44:56 <Cryo> god, really
3058 2011-06-20 04:44:58 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3059 2011-06-20 04:44:58 <hahah4> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3060 2011-06-20 04:44:58 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3061 2011-06-20 04:44:58 <hahah4> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3062 2011-06-20 04:44:58 <jrmithdobbs> this guy again
3063 2011-06-20 04:45:00 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3064 2011-06-20 04:45:00 <hahah4> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3065 2011-06-20 04:45:00 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3066 2011-06-20 04:45:00 RevolutionMasta_ has joined
3067 2011-06-20 04:45:01 * copumpkin sighs
3068 2011-06-20 04:45:02 hahah4 is now known as youlose
3069 2011-06-20 04:45:03 <Cryo> welcome to 1994
3070 2011-06-20 04:45:05 <paupau> HERP
3071 2011-06-20 04:45:05 <jrmithdobbs> midnightmagic: c'mon now
3072 2011-06-20 04:45:07 youlose is now known as suckers
3073 2011-06-20 04:45:11 suckers is now known as hootay
3074 2011-06-20 04:45:12 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3075 2011-06-20 04:45:12 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3076 2011-06-20 04:45:12 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3077 2011-06-20 04:45:12 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3078 2011-06-20 04:45:13 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3079 2011-06-20 04:45:14 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3080 2011-06-20 04:45:14 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3081 2011-06-20 04:45:14 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3082 2011-06-20 04:45:16 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3083 2011-06-20 04:45:16 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3084 2011-06-20 04:45:16 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3085 2011-06-20 04:45:16 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3086 2011-06-20 04:45:17 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3087 2011-06-20 04:45:18 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3088 2011-06-20 04:45:18 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3089 2011-06-20 04:45:18 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3090 2011-06-20 04:45:21 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3091 2011-06-20 04:45:22 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3092 2011-06-20 04:45:22 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3093 2011-06-20 04:45:22 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3094 2011-06-20 04:45:22 <copumpkin> that's pretty creepy
3095 2011-06-20 04:45:28 <B0g4r7> what, no flood protection bots?
3096 2011-06-20 04:45:29 <copumpkin> nanotube: that sucks
3097 2011-06-20 04:45:38 <Optimo> this happened before too
3098 2011-06-20 04:45:41 bittymcbit has quit (Ping timeout: 252 seconds)
3099 2011-06-20 04:45:45 <nanotube> happened before
3100 2011-06-20 04:45:47 <nanotube> haha
3101 2011-06-20 04:45:50 * midnightmagic shrugs.
3102 2011-06-20 04:45:50 <genewitch> copumpkin: that his parents live in PA or what
3103 2011-06-20 04:45:50 <jrmithdobbs> copumpkin: that is all publically available information. nanotube doesn't care.
3104 2011-06-20 04:45:58 <copumpkin> still creepy as hell
3105 2011-06-20 04:45:59 <midnightmagic> hi Daniel, nice to meet you.
3106 2011-06-20 04:46:04 Tabmow has joined
3107 2011-06-20 04:46:05 <nanotube> howdy midnightmagic :)
3108 2011-06-20 04:46:05 <copumpkin> me? :P
3109 2011-06-20 04:46:08 <copumpkin> oh wait, that daniel
3110 2011-06-20 04:46:16 <midnightmagic> ;-)
3111 2011-06-20 04:46:16 <Optimo> lol
3112 2011-06-20 04:46:16 <nameless> !~root@weowntheinter.net|SO, uh, while I was at work, what happened with bitcoins tat the internet is exploding over?
3113 2011-06-20 04:46:17 <nanotube> Tabmow: hey, you missed out on some nice trollspam ;)
3114 2011-06-20 04:46:20 <Cryo> ECOMMONNAME
3115 2011-06-20 04:46:22 <csshih> o.o
3116 2011-06-20 04:46:32 <paupau> EHERPEDSOHARD
3117 2011-06-20 04:46:38 <Keefe> nameless|: see mtgox.com
3118 2011-06-20 04:46:40 hahahaa has joined
3119 2011-06-20 04:46:41 <jrmithdobbs> nameless|: mtgox compromised
3120 2011-06-20 04:46:41 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3121 2011-06-20 04:46:42 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3122 2011-06-20 04:46:42 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3123 2011-06-20 04:46:42 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3124 2011-06-20 04:46:43 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3125 2011-06-20 04:46:43 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3126 2011-06-20 04:46:43 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3127 2011-06-20 04:46:43 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3128 2011-06-20 04:46:44 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3129 2011-06-20 04:46:44 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3130 2011-06-20 04:46:44 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3131 2011-06-20 04:46:45 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3132 2011-06-20 04:46:45 hahahaa is now known as loool
3133 2011-06-20 04:46:52 loool has joined
3134 2011-06-20 04:46:53 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3135 2011-06-20 04:46:53 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3136 2011-06-20 04:46:53 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3137 2011-06-20 04:46:53 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3138 2011-06-20 04:46:54 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3139 2011-06-20 04:46:54 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3140 2011-06-20 04:46:54 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3141 2011-06-20 04:46:54 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3142 2011-06-20 04:46:56 loool is now known as j2hj3h
3143 2011-06-20 04:46:56 <j2hj3h> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3144 2011-06-20 04:46:57 <genewitch> Oh man i smell a G-Line
3145 2011-06-20 04:47:03 <paupau> Oh baby
3146 2011-06-20 04:47:05 sharks has joined
3147 2011-06-20 04:47:06 <csshih> hawt
3148 2011-06-20 04:47:06 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3149 2011-06-20 04:47:06 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3150 2011-06-20 04:47:06 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3151 2011-06-20 04:47:06 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3152 2011-06-20 04:47:07 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3153 2011-06-20 04:47:07 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3154 2011-06-20 04:47:07 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3155 2011-06-20 04:47:07 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3156 2011-06-20 04:47:08 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3157 2011-06-20 04:47:08 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3158 2011-06-20 04:47:19 <seventoes> -_-
3159 2011-06-20 04:47:19 sharks has joined
3160 2011-06-20 04:47:20 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3161 2011-06-20 04:47:20 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3162 2011-06-20 04:47:20 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3163 2011-06-20 04:47:20 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3164 2011-06-20 04:47:21 <copumpkin> why not just ban the mask?
3165 2011-06-20 04:47:21 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3166 2011-06-20 04:47:21 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3167 2011-06-20 04:47:21 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3168 2011-06-20 04:47:21 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3169 2011-06-20 04:47:23 <Gekz> just op me so I can ban him right?
3170 2011-06-20 04:47:24 <Gekz> lol
3171 2011-06-20 04:47:26 <bikcmp> just ban it
3172 2011-06-20 04:47:26 <midnightmagic> lol
3173 2011-06-20 04:47:26 <bikcmp> god
3174 2011-06-20 04:47:28 <csshih> someone is butthurt
3175 2011-06-20 04:47:29 <Gekz> there we go.
3176 2011-06-20 04:47:29 <seventoes> Op me so I can ban him
3177 2011-06-20 04:47:32 <Gekz> you ops are terrible.
3178 2011-06-20 04:47:35 <csshih> nono seventoes
3179 2011-06-20 04:47:41 <csshih> you're supposed to say
3180 2011-06-20 04:47:47 <csshih> oper me so I can kline him
3181 2011-06-20 04:47:47 <seventoes> We should all be OP'd and we can ban him together
3182 2011-06-20 04:47:49 * nameless !~root@weowntheinter.net|isn't in a good mood
3183 2011-06-20 04:47:52 Gekz has joined
3184 2011-06-20 04:47:53 <csshih> oper nao
3185 2011-06-20 04:47:54 <csshih> >_>
3186 2011-06-20 04:47:57 <Gekz> grow the fuck up.
3187 2011-06-20 04:48:00 <minixking> im calling
3188 2011-06-20 04:48:05 <genewitch> Gekz: you're sort of stupid
3189 2011-06-20 04:48:23 <nanotube> heh bonus points for linkedin connection requests :)
3190 2011-06-20 04:48:29 <genewitch> my six year old does that
3191 2011-06-20 04:48:46 <copumpkin> lol
3192 2011-06-20 04:48:54 <midnightmagic> lol stupid xchat is showing up whois in a random other window, so my bans are slow and manual.
3193 2011-06-20 04:48:56 <Cryo> someone should order pizza for MagicalTux
3194 2011-06-20 04:49:04 <jrmithdobbs> nameless|: would you fix the ban so he wont just rejoin in 10 seconds please
3195 2011-06-20 04:49:09 <paupau> so Mt.Gox is PHP eh
3196 2011-06-20 04:49:15 <Optimo> can't trust pizza guy might be a spy
3197 2011-06-20 04:49:16 <genewitch> jrmithdobbs: most people don't know how to change their username
3198 2011-06-20 04:49:18 <Cryo> eww php
3199 2011-06-20 04:49:18 KedP has quit (Quit: Leaving)
3200 2011-06-20 04:49:25 <jrmithdobbs> genewitch: he does, obviously
3201 2011-06-20 04:49:34 <nameless> !~root@weowntheinter.net|jrmithdobbs: I'd prefer to not ban all of comcast
3202 2011-06-20 04:49:35 <genewitch> jrmithdobbs: his nick, not his username
3203 2011-06-20 04:49:59 <copumpkin> I like that quiznor is still online
3204 2011-06-20 04:50:00 hamush1 has quit (Ping timeout: 276 seconds)
3205 2011-06-20 04:50:01 <copumpkin> and in the foyer
3206 2011-06-20 04:50:04 <copumpkin> real clever
3207 2011-06-20 04:50:13 <genewitch> I once got all of so cal SBC DSL G-lined from dalnet and efnet
3208 2011-06-20 04:50:18 <sblinda> did they reverse the malicious transactions?
3209 2011-06-20 04:50:20 <bikcmp> genewitch: how?
3210 2011-06-20 04:50:27 dbasch has quit (Quit: dbasch)
3211 2011-06-20 04:50:35 <genewitch> bikcmp: gigabit flooding every op
3212 2011-06-20 04:50:38 <genewitch> IRCop
3213 2011-06-20 04:50:39 f33x has quit (Ping timeout: 250 seconds)
3214 2011-06-20 04:50:53 <genewitch> I was moving out of state and someone offended my delicate sensibilities
3215 2011-06-20 04:50:59 hamush1 has joined
3216 2011-06-20 04:51:20 <genewitch> i was hoping for a K-line
3217 2011-06-20 04:51:23 <genewitch> but got a G
3218 2011-06-20 04:51:56 f33x has joined
3219 2011-06-20 04:52:01 <bikcmp> klines ftw
3220 2011-06-20 04:52:24 jburkle has quit (Remote host closed the connection)
3221 2011-06-20 04:52:31 <jrmithdobbs> genewitch: i got telocity glined from efenet for a bit once
3222 2011-06-20 04:52:36 <jrmithdobbs> genewitch: didn't even have to ddos
3223 2011-06-20 04:52:49 <jrmithdobbs> genewitch: just proved dianora wrong about semantics in #c ;P
3224 2011-06-20 04:53:38 <jrmithdobbs> genewitch: had part of comcast in texas glined from freenode for /notic'ing lilo for /noticing me about giving him money too
3225 2011-06-20 04:53:57 <Cryo> :( lilo
3226 2011-06-20 04:54:01 <jrmithdobbs> fuck that guy
3227 2011-06-20 04:54:02 <hmmmm> jrmithdobbs, you're on #C?
3228 2011-06-20 04:54:04 <bikcmp> i've never met lilo
3229 2011-06-20 04:54:07 <bikcmp> what was he like?
3230 2011-06-20 04:54:11 <Cryo> horrible way to die.
3231 2011-06-20 04:54:12 <jrmithdobbs> asshat
3232 2011-06-20 04:54:49 RenaKunisaki has quit (Remote host closed the connection)
3233 2011-06-20 04:54:57 <jrmithdobbs> Cryo: no loss
3234 2011-06-20 04:54:58 <bikcmp> jrmithdobbs: really?
3235 2011-06-20 04:55:07 <bikcmp> i've heard mixed things.
3236 2011-06-20 04:55:13 <paupau> my gline is thiiiiiis big
3237 2011-06-20 04:55:22 RenaKunisaki has joined
3238 2011-06-20 04:55:26 <bikcmp> actual size?
3239 2011-06-20 04:55:30 <paupau> you know it
3240 2011-06-20 04:55:36 <paupau> you might have to fiddle with the zoom controls
3241 2011-06-20 04:55:38 <bikcmp> i'm sorry for you.
3242 2011-06-20 04:55:44 <jrmithdobbs> i pissed him off enough times to actually get my chanserv nick locked and taken away
3243 2011-06-20 04:55:45 <paupau> well, I try.
3244 2011-06-20 04:55:47 <jrmithdobbs> heh
3245 2011-06-20 04:55:58 <jrmithdobbs> fuck that guy ;P
3246 2011-06-20 04:56:09 <jercos> and his couch
3247 2011-06-20 04:56:20 RenaKunisaki has quit (Max SendQ exceeded)
3248 2011-06-20 04:56:39 <midnightmagic> who the hell is lilo?
3249 2011-06-20 04:56:41 * nameless !~root@weowntheinter.net|eyes jercos 
3250 2011-06-20 04:56:57 * jercos legs nameless| 
3251 2011-06-20 04:57:04 <Cryo> I guess I was never a dick to him
3252 2011-06-20 04:57:12 * paupau dicks Cryo
3253 2011-06-20 04:57:18 RenaKunisaki has joined
3254 2011-06-20 04:57:22 <midnightmagic> LOL
3255 2011-06-20 04:57:22 <nameless> !~root@weowntheinter.net|Anyway, as it seems the spamfest is over, I'm going to go back to studying
3256 2011-06-20 04:57:22 sigwins has joined
3257 2011-06-20 04:58:03 RenaKunisaki has quit (Max SendQ exceeded)
3258 2011-06-20 04:58:33 AStove has joined
3259 2011-06-20 04:58:39 RenaKunisaki has joined
3260 2011-06-20 04:58:57 <upb> lilo is the most rooted ircop in history :P
3261 2011-06-20 04:58:57 dfc_ has quit (Quit: leaving)
3262 2011-06-20 04:59:09 <copumpkin> nameless|: studying what?
3263 2011-06-20 04:59:14 xert has quit (Read error: Connection reset by peer)
3264 2011-06-20 04:59:22 delpes has quit (Quit: Page closed)
3265 2011-06-20 04:59:23 <nameless> !~root@weowntheinter.net|copumpkin: For my pilots license
3266 2011-06-20 04:59:28 <copumpkin> oh cool
3267 2011-06-20 04:59:42 <nameless> !~root@weowntheinter.net|yup, I'm almost done with it, like 5 hours of flight left
3268 2011-06-20 04:59:54 <copumpkin> wow
3269 2011-06-20 04:59:57 <copumpkin> I've wanted to do that for a while
3270 2011-06-20 05:00:06 <jrmithdobbs> nameless|: awesome
3271 2011-06-20 05:00:10 <nameless> !~root@weowntheinter.net|It's expensive
3272 2011-06-20 05:00:11 <copumpkin> my dad flies gliders
3273 2011-06-20 05:00:12 <jrmithdobbs> nameless|: buddy of mine got a stearman recently
3274 2011-06-20 05:00:15 <nameless> !~root@weowntheinter.net|I wish I had BTC to finance it
3275 2011-06-20 05:00:22 mmoya has quit (Ping timeout: 260 seconds)
3276 2011-06-20 05:00:24 <nameless> !~root@weowntheinter.net|copumpkin: Gliders are amazing!
3277 2011-06-20 05:00:25 <jrmithdobbs> nameless|: had to recertify to be able to fly it home ;P
3278 2011-06-20 05:00:32 <nameless> !~root@weowntheinter.net|I plan on getting a gliding endorsement after I get my license
3279 2011-06-20 05:00:36 <copumpkin> cool
3280 2011-06-20 05:00:39 <copumpkin> yeah, he tells me they're great
3281 2011-06-20 05:00:42 <copumpkin> I've never been up with him
3282 2011-06-20 05:00:45 <nameless> !~root@weowntheinter.net|jrmithdobbs: That's not that hard though :p
3283 2011-06-20 05:00:54 <nameless> !~root@weowntheinter.net|copumpkin: They are, it's like
3284 2011-06-20 05:01:03 <nameless> !~root@weowntheinter.net|I don't even know how to describe it
3285 2011-06-20 05:01:09 <denisx> the worst thing about the mtgox thing is the .exe spam I now get ;(
3286 2011-06-20 05:01:09 <nameless> !~root@weowntheinter.net|It's loud, even though there's no engine
3287 2011-06-20 05:01:12 <jrmithdobbs> nameless|: it is when you've never flown a biplane with no instruments ;P
3288 2011-06-20 05:01:13 <bikcmp> i wonder
3289 2011-06-20 05:01:17 <bikcmp> is bitcoin completely p2p?
3290 2011-06-20 05:01:23 <bikcmp> aside from initial briding.
3291 2011-06-20 05:01:26 <copumpkin> bikcmp: if you ignore exchanges
3292 2011-06-20 05:01:31 <bikcmp> copumpkin: exchanges?
3293 2011-06-20 05:01:33 xert has joined
3294 2011-06-20 05:01:35 <nameless> !~root@weowntheinter.net|And you can easily pull 2+G's in a thermal
3295 2011-06-20 05:01:36 <bikcmp> i'm new to bitcoin crap. :)
3296 2011-06-20 05:01:47 <nameless> !~root@weowntheinter.net|jrmithdobbs: what country?
3297 2011-06-20 05:01:56 <jrmithdobbs> nameless|: us
3298 2011-06-20 05:01:59 <jercos> bikcmp: bitcoin itself is p2p. exchanges that convert fiat moneys to and from bitcoin are not.
3299 2011-06-20 05:02:10 <nameless> !~root@weowntheinter.net|jrmithdobbs: No insturements you say?
3300 2011-06-20 05:02:19 bit_monger has quit (Quit: ChatZilla 0.9.87 [Firefox 3.6.17/20110420140830])
3301 2011-06-20 05:02:19 <Cryo> bitcoins are magical unicorn blood
3302 2011-06-20 05:02:24 <bikcmp> jercos: how much is 5 bitcoins worth?
3303 2011-06-20 05:02:26 <bikcmp> out of curiousity.
3304 2011-06-20 05:02:28 <nameless> !~root@weowntheinter.net|jrmithdobbs: That was probably the biggest hassle, he had to get a waiver from the flight standards office most likely
3305 2011-06-20 05:02:30 <jrmithdobbs> nameless|: radio is the only thing electronic in the thing
3306 2011-06-20 05:02:34 <jrmithdobbs> nameless|: yup.
3307 2011-06-20 05:02:52 <nameless> !~root@weowntheinter.net|that's not recertifying :p
3308 2011-06-20 05:02:53 <jercos> bikcmp: however much you decide it's worth. Some exchangers would give you about $100 for that.
3309 2011-06-20 05:02:54 <jrmithdobbs> nameless|: he actually flies by iphone gps in it
3310 2011-06-20 05:03:04 <bikcmp> what?
3311 2011-06-20 05:03:06 <bikcmp> 5?
3312 2011-06-20 05:03:07 <jrmithdobbs> nameless|: he had to recertify as well because it'd been ~15-20 years
3313 2011-06-20 05:03:14 <bikcmp> for 5 freaking bitcoins? what
3314 2011-06-20 05:03:14 <bikcmp> lol
3315 2011-06-20 05:03:16 <jrmithdobbs> nameless|: ps don't tell faa re: iphone ;P
3316 2011-06-20 05:03:33 vragnaro1a has joined
3317 2011-06-20 05:03:38 <nameless> !~root@weowntheinter.net|jrmithdobbs: :3
3318 2011-06-20 05:04:30 <nameless> !~root@weowntheinter.net|jrmithdobbs: Well, uh, yeah, lets see, bianual flight review for starters
3319 2011-06-20 05:04:36 RevolutionMasta_ has left ()
3320 2011-06-20 05:04:48 <jrmithdobbs> nameless|: fucker's still not taken me up in it
3321 2011-06-20 05:04:55 <jrmithdobbs> heh
3322 2011-06-20 05:05:01 legion050 has left ()
3323 2011-06-20 05:05:14 doofus2 has quit ()
3324 2011-06-20 05:05:29 vragnaroda has quit (Ping timeout: 250 seconds)
3325 2011-06-20 05:05:37 <nameless> !~root@weowntheinter.net|jrmithdobbs: that sucks, what state you live in?
3326 2011-06-20 05:05:42 <bikcmp> nameless|: think you can do me a favor?
3327 2011-06-20 05:05:45 <jrmithdobbs> nameless|: tx
3328 2011-06-20 05:05:47 <nameless> !~root@weowntheinter.net|bikcmp: perhaps
3329 2011-06-20 05:05:53 <bikcmp> nameless|: link me directly to a windows binary for bitcoin
3330 2011-06-20 05:05:57 <nameless> !~root@weowntheinter.net|jrmithdobbs: Oh, you're on the other side of that oceany thingy
3331 2011-06-20 05:05:58 <bikcmp> i'm on a REALLY slow machine.
3332 2011-06-20 05:06:04 <bikcmp> 40 mhz.
3333 2011-06-20 05:06:04 <bikcmp> lol
3334 2011-06-20 05:06:06 <bikcmp> iirc.
3335 2011-06-20 05:06:10 <jrmithdobbs> nameless|: fl?
3336 2011-06-20 05:06:16 <nameless> !~root@weowntheinter.net|jrmithdobbs: yeah
3337 2011-06-20 05:06:19 sdfasd has joined
3338 2011-06-20 05:06:23 <nameless> !~root@weowntheinter.net|http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-win32-setup.exe/download
3339 2011-06-20 05:06:24 <copumpkin> oh, I go to florida regularly
3340 2011-06-20 05:06:30 <nameless> !~root@weowntheinter.net|copumpkin: what part?
3341 2011-06-20 05:06:32 <copumpkin> tampa
3342 2011-06-20 05:06:37 <copumpkin> my gf lives there
3343 2011-06-20 05:06:42 <nameless> !~root@weowntheinter.net|that's like, not my part
3344 2011-06-20 05:06:42 <bikcmp> nameless|: direct enough
3345 2011-06-20 05:06:43 <bikcmp> thanks
3346 2011-06-20 05:06:48 <copumpkin> nameless|: ah well :)
3347 2011-06-20 05:06:50 theymos has quit (Remote host closed the connection)
3348 2011-06-20 05:06:53 <copumpkin> damn hot all over
3349 2011-06-20 05:07:22 RenaKunisaki has quit (Ping timeout: 276 seconds)
3350 2011-06-20 05:07:33 vragnaro1a is now known as vragnaroda
3351 2011-06-20 05:07:53 <nameless> !~root@weowntheinter.net|copumpkin: yup
3352 2011-06-20 05:07:55 <nameless> !~root@weowntheinter.net|98 today
3353 2011-06-20 05:08:00 <nameless> !~root@weowntheinter.net|and then it rained
3354 2011-06-20 05:08:08 <copumpkin> mmm humidity
3355 2011-06-20 05:08:09 <copumpkin> :P
3356 2011-06-20 05:08:26 phunction has quit (Ping timeout: 252 seconds)
3357 2011-06-20 05:08:46 grnbrg has left ("Leaving")
3358 2011-06-20 05:09:43 Atterall has joined
3359 2011-06-20 05:10:09 piperdude has joined
3360 2011-06-20 05:10:59 DaQatz has quit (Read error: Connection reset by peer)
3361 2011-06-20 05:11:11 sblinda has quit (Quit: Leaving.)
3362 2011-06-20 05:11:14 DaQatz has joined
3363 2011-06-20 05:11:17 Sangheili has quit (Read error: Connection reset by peer)
3364 2011-06-20 05:11:21 Juffo-Wup has quit (Read error: Connection reset by peer)
3365 2011-06-20 05:11:52 hallowworld has joined
3366 2011-06-20 05:12:02 slux has joined
3367 2011-06-20 05:12:16 samlander has quit (Read error: Connection reset by peer)
3368 2011-06-20 05:12:25 samlander has joined
3369 2011-06-20 05:12:34 <gentz> When is mtgox gonna do the rollback and be back up and trading?
3370 2011-06-20 05:12:40 Juffo-Wup has joined
3371 2011-06-20 05:12:48 s13013 has quit (Read error: Operation timed out)
3372 2011-06-20 05:12:49 Pinion has quit (Read error: Connection reset by peer)
3373 2011-06-20 05:12:59 Pinion has joined
3374 2011-06-20 05:13:02 glassresistor has quit (Ping timeout: 260 seconds)
3375 2011-06-20 05:13:08 s13013 has joined
3376 2011-06-20 05:13:09 <jrmithdobbs> gentz: last estimate was 1 hr from now
3377 2011-06-20 05:13:44 Sangheili has joined
3378 2011-06-20 05:14:27 <jlgaddis> 0800 utc at the earliest
3379 2011-06-20 05:14:30 Sangheili has quit (Read error: Connection reset by peer)
3380 2011-06-20 05:15:49 minixking has quit (Ping timeout: 276 seconds)
3381 2011-06-20 05:15:49 skeledrew has quit (Ping timeout: 255 seconds)
3382 2011-06-20 05:16:38 nevezen has left ()
3383 2011-06-20 05:16:49 dbasch has joined
3384 2011-06-20 05:17:56 kreal- has joined
3385 2011-06-20 05:17:58 sigwins has quit (Ping timeout: 252 seconds)
3386 2011-06-20 05:18:01 Saab- has quit (Quit: Saab-)
3387 2011-06-20 05:19:00 Ademan has joined
3388 2011-06-20 05:19:01 * nameless !~root@weowntheinter.net|looks up to see that the channel is still spam free
3389 2011-06-20 05:19:10 <paupau> yo
3390 2011-06-20 05:19:12 <paupau> fgsfds.
3391 2011-06-20 05:19:12 <copumpkin> amazing, eh
3392 2011-06-20 05:19:13 phunction has joined
3393 2011-06-20 05:19:25 <copumpkin> I can spam haskell propaganda if you'd like
3394 2011-06-20 05:19:31 * nameless !~root@weowntheinter.net|detaches and goes back to studying
3395 2011-06-20 05:19:34 <nameless> !~root@weowntheinter.net|You do that
3396 2011-06-20 05:19:36 OVerLoRDI_ is now known as OVerLoRDI
3397 2011-06-20 05:19:41 OVerLoRDI has quit (Changing host)
3398 2011-06-20 05:19:41 OVerLoRDI has joined
3399 2011-06-20 05:19:45 <nameless> !~root@weowntheinter.net|And you'll find yourself staring at a nast mode +b in your name :p
3400 2011-06-20 05:19:47 <copumpkin> :(
3401 2011-06-20 05:19:48 <Ademan> does anyone else get a segfault running bitcoind from the latest head ( the only config option I'm worried about was disabling miniupnp)? the backtrace points at EC_POINT_point2oct
3402 2011-06-20 05:19:58 * copumpkin was just about to start telling everyone how awesome it was
3403 2011-06-20 05:20:06 <paupau> LAZY EVALUATION IS COMMUNISM
3404 2011-06-20 05:20:19 <copumpkin> the worst insult ever in the US!
3405 2011-06-20 05:20:21 * copumpkin faints
3406 2011-06-20 05:20:23 phunction has quit (Client Quit)
3407 2011-06-20 05:20:34 <paupau> the US, right
3408 2011-06-20 05:23:52 piperdude has left ()
3409 2011-06-20 05:26:29 markio has quit ()
3410 2011-06-20 05:27:58 lessPlastic has joined
3411 2011-06-20 05:28:26 sdfasd has quit (Quit: Leaving)
3412 2011-06-20 05:28:58 jpierre has joined
3413 2011-06-20 05:29:11 NOTAL has quit (Read error: Connection reset by peer)
3414 2011-06-20 05:29:38 glassresistor has joined
3415 2011-06-20 05:30:25 Beccara_ has quit (Read error: Connection reset by peer)
3416 2011-06-20 05:30:54 Beccara_ has joined
3417 2011-06-20 05:31:16 filmhtedue has quit (Quit: Page closed)
3418 2011-06-20 05:31:22 <jrmithdobbs> ;;bc,blocks
3419 2011-06-20 05:31:23 <gribble> 131990
3420 2011-06-20 05:32:40 ThomasV has joined
3421 2011-06-20 05:33:26 jpierre has quit (Client Quit)
3422 2011-06-20 05:35:23 bitcoiner has quit (Quit: ChatZilla 0.9.87 [Firefox 3.6.17/20110420140830])
3423 2011-06-20 05:35:33 hahuang65 has joined
3424 2011-06-20 05:35:41 celm has joined
3425 2011-06-20 05:35:52 mmoya has joined
3426 2011-06-20 05:36:40 netsky has joined
3427 2011-06-20 05:36:47 OVerLoRDI has quit (Quit: Leaving)
3428 2011-06-20 05:36:55 Beccara_ has quit (Ping timeout: 264 seconds)
3429 2011-06-20 05:37:13 doofus2 has joined
3430 2011-06-20 05:38:45 <jgarzik> ;;bc,stats
3431 2011-06-20 05:38:48 <gribble> Current Blocks: 131991 | Current Difficulty: 877226.66666667 | Next Difficulty At Block: 133055 | Next Difficulty In: 1064 blocks | Next Difficulty In About: 5 days, 5 hours, 1 minute, and 12 seconds | Next Difficulty Estimate: 1245131.67718153
3432 2011-06-20 05:40:52 err0r^ has joined
3433 2011-06-20 05:41:04 err0r^ has left ()
3434 2011-06-20 05:46:23 Lenovo01 has quit (Quit: Leaving)
3435 2011-06-20 05:51:21 <jrmithdobbs> this pretty much sums up my feelings on all the calls (and concession to) the trade reverts
3436 2011-06-20 05:51:22 glitch-mod has quit (Ping timeout: 255 seconds)
3437 2011-06-20 05:51:29 <jrmithdobbs> https://twitter.com/#!/virgiltexas/status/82584695879122944
3438 2011-06-20 05:51:34 <jrmithdobbs> lol
3439 2011-06-20 05:51:42 fimp has joined
3440 2011-06-20 05:53:36 Beccara has joined
3441 2011-06-20 05:53:38 lessPlastic has quit (Quit: lessPlastic)
3442 2011-06-20 05:53:46 nefario has joined
3443 2011-06-20 05:55:14 d1234 has quit (Remote host closed the connection)
3444 2011-06-20 05:58:06 Beccara has quit (Read error: Connection reset by peer)
3445 2011-06-20 05:58:29 g37 has joined
3446 2011-06-20 05:58:53 <csshih> trolololo
3447 2011-06-20 05:59:34 wolfspraul has quit (Quit: leaving)
3448 2011-06-20 05:59:40 <paupau> aww shit I just got troll'd
3449 2011-06-20 06:00:00 <paupau> I ain't even not mad
3450 2011-06-20 06:00:39 <hmmmm> >suggesting we care
3451 2011-06-20 06:00:51 bitcoinbulletin has quit (Remote host closed the connection)
3452 2011-06-20 06:01:55 lessPlastic has joined
3453 2011-06-20 06:02:24 MetaV has joined
3454 2011-06-20 06:02:52 Geebus has joined
3455 2011-06-20 06:03:12 ThomasV has quit (Ping timeout: 260 seconds)
3456 2011-06-20 06:05:19 larsivi has quit (Ping timeout: 255 seconds)
3457 2011-06-20 06:11:06 bitcoinbulletin has joined
3458 2011-06-20 06:12:32 <paupau> FUCK I MAD
3459 2011-06-20 06:16:03 anddam has joined
3460 2011-06-20 06:16:04 <anddam> hello
3461 2011-06-20 06:16:12 syke has joined
3462 2011-06-20 06:16:21 notallhere has left ()
3463 2011-06-20 06:17:31 f33x has quit (Quit: f33x)
3464 2011-06-20 06:17:32 kreal- has quit (Read error: Operation timed out)
3465 2011-06-20 06:18:05 Atterall has quit (Quit: Page closed)
3466 2011-06-20 06:19:43 celm has quit (Quit: Page closed)
3467 2011-06-20 06:20:07 hamush1 has quit (Ping timeout: 260 seconds)
3468 2011-06-20 06:22:13 <Kireji> ;;bc,mtgox
3469 2011-06-20 06:22:16 <gribble> '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\n<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">\n\n<head>\n  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>\n  <title>\n      Huge Bitcoin sell off due to a compromised account - rollback : Mt.Gox\n  </title>\n  <link rel=\'shortcut icon\' (6 more messages)
3470 2011-06-20 06:22:32 <Kireji> sry
3471 2011-06-20 06:22:38 anddam has quit (Quit: anddam)
3472 2011-06-20 06:22:49 lessPlastic has quit (Quit: lessPlastic)
3473 2011-06-20 06:22:50 wasabi1 is now known as wasabii
3474 2011-06-20 06:23:44 wasabii is now known as wasabiii
3475 2011-06-20 06:24:04 paul0 has joined
3476 2011-06-20 06:24:20 wasabiii is now known as wasabii
3477 2011-06-20 06:25:47 fimp has quit (Quit: This computer has gone to sleep)
3478 2011-06-20 06:26:33 Blitzboom_ has joined
3479 2011-06-20 06:26:42 mmoya has quit (Ping timeout: 260 seconds)
3480 2011-06-20 06:28:43 Blitzboom has quit (Ping timeout: 255 seconds)
3481 2011-06-20 06:29:27 djoot has quit (Ping timeout: 276 seconds)
3482 2011-06-20 06:29:41 <gentz> Is the market gonna plummet for a few days or what
3483 2011-06-20 06:29:44 BTCTrader has quit (Quit: BTCTrader)
3484 2011-06-20 06:30:05 <phantomcircuit> gentz, nobody knows
3485 2011-06-20 06:31:24 Beccara has joined
3486 2011-06-20 06:32:25 slux has quit (Ping timeout: 258 seconds)
3487 2011-06-20 06:32:34 kreal- has joined
3488 2011-06-20 06:32:58 eianpsego has quit ()
3489 2011-06-20 06:33:49 Georgyo has quit (Ping timeout: 246 seconds)
3490 2011-06-20 06:33:57 Georgyo has joined
3491 2011-06-20 06:35:24 Skinnner has quit (Quit: http://irc2go.com/)
3492 2011-06-20 06:37:20 Lenovo01 has joined
3493 2011-06-20 06:38:38 <wasabii> Okay. I have one final question. When you generate a SHA hash, should it END or BEGIN with a 0x00000000?  Most of the code I see checks position [7] of the state variable for 0.
3494 2011-06-20 06:38:51 <wasabii> But my understanding is that is the end of the hash. Most of the stuff I see in block explorer begins with a 0...
3495 2011-06-20 06:39:57 IncitatusOnWater has quit (Ping timeout: 250 seconds)
3496 2011-06-20 06:40:04 <wasabii> And my sha algorithm is good enough now that I can run it against some real test cases... so I know it's not generating stuff backwards.
3497 2011-06-20 06:40:46 SimmyD has joined
3498 2011-06-20 06:41:43 sgornick has joined
3499 2011-06-20 06:42:32 SimmyD has quit (Client Quit)
3500 2011-06-20 06:43:41 humana has quit (Quit: Leaving)
3501 2011-06-20 06:43:47 <denisx> wasabi: I think nobody can answer that! ;)
3502 2011-06-20 06:43:51 <phantomcircuit> wasabi, the sha256 hash is interpreted little endian uint256
3503 2011-06-20 06:43:52 SimmyD has joined
3504 2011-06-20 06:43:59 <denisx> this little/big endian stuff is a mess
3505 2011-06-20 06:44:08 <denisx> you need to try until it fits
3506 2011-06-20 06:44:21 <phantomcircuit> denisx, no he doesn't, i already have
3507 2011-06-20 06:44:23 <phantomcircuit> (
3508 2011-06-20 06:44:25 <phantomcircuit> :(
3509 2011-06-20 06:44:26 ThomasV has joined
3510 2011-06-20 06:45:00 sabalabas has quit (Quit: Leaving)
3511 2011-06-20 06:46:17 cereal7802 has quit ()
3512 2011-06-20 06:48:47 paupau has quit (Quit: bye)
3513 2011-06-20 06:51:52 Kurtov has quit (Read error: Connection reset by peer)
3514 2011-06-20 06:51:57 mmoya has joined
3515 2011-06-20 06:52:18 neurochasm has joined
3516 2011-06-20 06:52:18 BGL has quit (Ping timeout: 244 seconds)
3517 2011-06-20 06:52:31 m86 has joined
3518 2011-06-20 06:52:51 EPiSKiNG- has joined
3519 2011-06-20 06:53:14 kallestrop has left ()
3520 2011-06-20 06:53:47 slux has joined
3521 2011-06-20 06:54:24 Beccara_ has joined
3522 2011-06-20 06:55:02 <wasabii> Well, I have finally managed to generate a hash, and figure out the encoding of the header.
3523 2011-06-20 06:55:06 <wasabii> That took awhile.
3524 2011-06-20 06:55:40 <wasabii> little endian uint256. 256bit int?
3525 2011-06-20 06:55:45 <wasabii> So the entire hash is in fact reversed?
3526 2011-06-20 06:56:07 Beccara_ has quit (Client Quit)
3527 2011-06-20 06:56:52 gsathya has joined
3528 2011-06-20 06:56:58 Beccara has quit (Ping timeout: 240 seconds)
3529 2011-06-20 06:59:19 paul0 has quit (Quit: paul0)
3530 2011-06-20 06:59:43 bmwiedemann has quit (Quit: Leaving.)
3531 2011-06-20 07:00:05 <wasabii> So it ain't just hasing the header, then hashing that, with a standard algorithm, and the hex output being what I see online.
3532 2011-06-20 07:00:48 djoot has joined
3533 2011-06-20 07:02:03 <wasabii> I'm not really sure comparing the thing to the target is even worth it at this point
3534 2011-06-20 07:02:20 <wasabii> If the last byte is 0, let it go. Server won't mind.
3535 2011-06-20 07:03:24 Faraday has joined
3536 2011-06-20 07:04:32 red_dawn_ has quit (Read error: Connection reset by peer)
3537 2011-06-20 07:07:57 hallowworld has quit (Ping timeout: 260 seconds)
3538 2011-06-20 07:08:17 hmmmm has quit (Quit: Just according to keikaku)
3539 2011-06-20 07:08:42 Storagewars has quit ()
3540 2011-06-20 07:08:48 SimmyD has quit (Quit: leaving)
3541 2011-06-20 07:08:59 torsthaldo has joined
3542 2011-06-20 07:10:01 dissipate has joined
3543 2011-06-20 07:11:16 Herodes has quit (Ping timeout: 246 seconds)
3544 2011-06-20 07:12:53 lorenzoIT has joined
3545 2011-06-20 07:14:23 larsivi has joined
3546 2011-06-20 07:14:35 somuchwin has quit (Ping timeout: 252 seconds)
3547 2011-06-20 07:15:20 somuchwin has joined
3548 2011-06-20 07:15:47 Nexus7 has joined
3549 2011-06-20 07:17:55 <EskimoBob> MagicalTux: thanx for the update, but can you please use date when you write "We are going to push our relaunch time to 2:00am GMT ***tomorrow*** ...." :)
3550 2011-06-20 07:18:36 Lenovo01 has quit (Quit: Leaving)
3551 2011-06-20 07:20:00 MartianW has joined
3552 2011-06-20 07:21:33 <SerajewelKS> hmm
3553 2011-06-20 07:21:42 <phantomcircuit> wasabi, what are you writting?
3554 2011-06-20 07:23:22 <denisx> wasabi: no, if the last byte is NOT null let it go
3555 2011-06-20 07:23:33 <denisx> actually it is an int32
3556 2011-06-20 07:24:04 rrix has left ("Konversation terminated!")
3557 2011-06-20 07:25:38 djoot has quit (Ping timeout: 246 seconds)
3558 2011-06-20 07:26:23 dissipate has quit (Remote host closed the connection)
3559 2011-06-20 07:26:55 roconnor has quit (Remote host closed the connection)
3560 2011-06-20 07:28:18 Herodes has joined
3561 2011-06-20 07:28:28 dissipate has joined
3562 2011-06-20 07:28:50 Zefir has joined
3563 2011-06-20 07:28:52 <wasabii> Hmm?
3564 2011-06-20 07:29:02 eoss has quit (Remote host closed the connection)
3565 2011-06-20 07:29:03 MartianW has quit (Quit: Bye all.)
3566 2011-06-20 07:29:06 <wasabii> If it's not null, send it to the server?
3567 2011-06-20 07:29:34 <wasabii> phantomcircuit: A miner. In C#.
3568 2011-06-20 07:30:22 lvnyk has joined
3569 2011-06-20 07:31:20 <denisx> wasabi: image the hash is a number, and if it is too big it is not valid
3570 2011-06-20 07:31:28 <wasabii> I know.
3571 2011-06-20 07:31:41 <denisx> and it must have at least 4 bytes zero in the beginning
3572 2011-06-20 07:31:46 <wasabii> I know all that. But what direction is the hash pointing?
3573 2011-06-20 07:32:04 <wasabii> Most of the miners I've read check for 0x00 on the 7th byte of the hash, before doing a full test.
3574 2011-06-20 07:32:18 <wasabii> But the 7th byte is the end, not the beginning.
3575 2011-06-20 07:32:25 <denisx> wasabi: I think this is optimizing already
3576 2011-06-20 07:32:31 <wasabii> Huh?
3577 2011-06-20 07:32:38 <denisx> so they do not need to convert it
3578 2011-06-20 07:33:09 <wasabii> You'd get a wildly different hash if their SHA2 state wasn't facing the right way.
3579 2011-06-20 07:33:23 <wasabii> So I don't think they're producing backwards results. I could be wrong I guess.
3580 2011-06-20 07:33:26 lvnyk has left ()
3581 2011-06-20 07:33:48 mmoya has quit (Ping timeout: 260 seconds)
3582 2011-06-20 07:35:40 <fpgaminer> Miners are checking that the 32 Most Significant Bits are equal to zero.
3583 2011-06-20 07:36:14 <phantomcircuit> wasabii, lol why
3584 2011-06-20 07:36:17 <wasabii> How do you define "significant bites" on a SHA-2 HASH?
3585 2011-06-20 07:36:32 <wasabii> Since it's actually just a string of 8 integers.
3586 2011-06-20 07:36:33 dissipate has quit (Read error: Connection reset by peer)
3587 2011-06-20 07:36:49 <fpgaminer> In terms of SHA2 that's H
3588 2011-06-20 07:36:51 <phantomcircuit> wasabii, like i said, little endian
3589 2011-06-20 07:36:51 <wasabii> That's the question. It has an answer. It's either at the beginning, or the end. :)
3590 2011-06-20 07:37:06 asynkritus has left ()
3591 2011-06-20 07:37:07 <wasabii> okay, little endian, so least significant bites are on the left.
3592 2011-06-20 07:37:09 <phantomcircuit> wasabii, most significant bits are last
3593 2011-06-20 07:37:19 <phantomcircuit> er
3594 2011-06-20 07:37:21 <phantomcircuit> first?
3595 2011-06-20 07:37:26 <fpgaminer> :P
3596 2011-06-20 07:37:31 <wasabii> Err
3597 2011-06-20 07:37:38 <phantomcircuit> no
3598 2011-06-20 07:37:44 <wasabii> Yeah. Little. Least first.
3599 2011-06-20 07:37:50 <wasabii> Err, no most first.
3600 2011-06-20 07:37:57 <fpgaminer> So fantastically confusing
3601 2011-06-20 07:37:58 <wasabii> No, least. Final answer.
3602 2011-06-20 07:38:01 <phantomcircuit> First Bytelittle 	least significant
3603 2011-06-20 07:38:03 hallowworld has joined
3604 2011-06-20 07:38:09 doofus2 has quit ()
3605 2011-06-20 07:39:06 <wasabii> Okay, and in terms of matching a hash to a target, you'd want to check it's most significant values for the fast check.
3606 2011-06-20 07:39:13 TommyBoy3G has quit ()
3607 2011-06-20 07:39:14 <wasabii> Since they are most significant, after all.
3608 2011-06-20 07:39:19 <fpgaminer> indeed
3609 2011-06-20 07:39:25 <fpgaminer> H == 0 for Difficult == 1
3610 2011-06-20 07:39:53 <denisx> difficulty-1 means 32 bits are 0
3611 2011-06-20 07:40:03 <wasabii> H0 is the first byte I'm outputting.
3612 2011-06-20 07:40:05 <denisx> difficulty 33 bits and so on
3613 2011-06-20 07:40:15 DaQatz has quit (Read error: Connection reset by peer)
3614 2011-06-20 07:40:18 Qatz has joined
3615 2011-06-20 07:40:18 <denisx> difficulty-2 33 bits and so on
3616 2011-06-20 07:40:48 arima has quit (Ping timeout: 260 seconds)
3617 2011-06-20 07:41:02 <wasabii> Sometimes also known as 'a'... out of 'a' through 'e'.
3618 2011-06-20 07:41:14 <wasabii> err, h.
3619 2011-06-20 07:41:17 <wasabii> Oh. H. I get you.
3620 2011-06-20 07:41:19 <fpgaminer> :P
3621 2011-06-20 07:41:30 <wasabii> There's an array the nist standard uses called H.
3622 2011-06-20 07:41:38 <denisx> actually it is even more complicated since the difficulty is linear
3623 2011-06-20 07:41:40 <wasabii> Do you mean that, or the last output byte of the transform function?
3624 2011-06-20 07:41:41 Geebus has quit (Ping timeout: 252 seconds)
3625 2011-06-20 07:41:42 guest9 has joined
3626 2011-06-20 07:41:55 danbri has quit (Remote host closed the connection)
3627 2011-06-20 07:42:29 combo has joined
3628 2011-06-20 07:42:42 <wasabii> phantomcircuit: ANd I'm doing this for a) lulz b) learning c) So I can easily customize it and deploy it around the office computers. :)
3629 2011-06-20 07:43:10 syke has quit (Read error: Connection reset by peer)
3630 2011-06-20 07:43:14 <denisx> wasabi: you will not get far with cpu mining ;)
3631 2011-06-20 07:43:16 <wasabii> https://github.com/wasabii/BitMaker
3632 2011-06-20 07:43:21 <wasabii> I know. It'll have GPU support.
3633 2011-06-20 07:43:31 abragin has joined
3634 2011-06-20 07:43:31 abragin has quit (Changing host)
3635 2011-06-20 07:43:31 abragin has joined
3636 2011-06-20 07:43:49 <wasabii> Automatically enumerate all the available GPUs, and use the CPU, multithreaded.
3637 2011-06-20 07:44:02 <wasabii> So I can push it around to a bunch of desktops with unknown hardware.
3638 2011-06-20 07:44:07 arima has joined
3639 2011-06-20 07:44:15 <denisx> wasabi: sounds like a botnet! ;)
3640 2011-06-20 07:44:48 <midnightmagic> hey it's fpgaminer. hi fpgaminer !
3641 2011-06-20 07:44:50 TommyBoy3G has joined
3642 2011-06-20 07:44:52 <wasabii> The CPU code I wrote is actually running faster than I thought it would.
3643 2011-06-20 07:45:00 <fpgaminer> Hey it's midnightmagic!
3644 2011-06-20 07:45:14 <wasabii> 650 khash/s
3645 2011-06-20 07:45:17 Pinion has quit (Quit: Colloquy for iPad - http://colloquy.mobi)
3646 2011-06-20 07:45:21 <midnightmagic> fpgaminer: did you hear about those intriguing comments re: the LX150?
3647 2011-06-20 07:45:33 <fpgaminer> mignightmagic: recently?
3648 2011-06-20 07:45:46 <midnightmagic> fpgaminer: Few days ago I guess. Art was talking about them.
3649 2011-06-20 07:46:00 <fpgaminer> midnightmagic: No, I guess not. What were they? That the routing sucks? :P
3650 2011-06-20 07:46:15 <midnightmagic> fpgaminer: Ah, surprisingly, he did mention router congestion of some sort.
3651 2011-06-20 07:46:42 moe1111 has quit (Ping timeout: 250 seconds)
3652 2011-06-20 07:46:47 <midnightmagic> fpgaminer: He's reporting 190MH/s on a double-pipelined bitcoin hash engine on an LX150.
3653 2011-06-20 07:47:04 <fpgaminer> midnightmagic: Very nice
3654 2011-06-20 07:47:27 <fpgaminer> midnightmagic: I was expecting 160 our of it, but had so much trouble with P&R
3655 2011-06-20 07:47:45 <midnightmagic> fpgaminer: I don't know what to believe with him anymore. But it's certainly a lovely thought to not have to figure out how to do mosis all by myself.
3656 2011-06-20 07:48:08 <fpgaminer> midnightmagic: It's a shame he doesn't work open-source
3657 2011-06-20 07:48:40 dbasch has quit (Quit: dbasch)
3658 2011-06-20 07:48:42 <midnightmagic> fpgaminer: but kind of understandable.  perhaps he'll be more inclined to do that once he makes enough money that he feels comfortable with his account balance. :)
3659 2011-06-20 07:48:46 <wasabii> I'd sure like a sample getwork request with a known hash
3660 2011-06-20 07:48:56 <wasabii> that'd make testing this crap eaiser.
3661 2011-06-20 07:49:14 guest9 has quit (Quit: Page closed)
3662 2011-06-20 07:49:19 <fpgaminer> midnightmagic: Is he really aiming for a commericial product? For 190MH/s on an LX150 he could certianly do it (those chips are $130 each)
3663 2011-06-20 07:49:19 <midnightmagic> fpgaminer: competitive advantage and all that. he was talking about breaking the DES cracking record with some kind of LX150 array he's put together.
3664 2011-06-20 07:49:34 <midnightmagic> fpgaminer: no, I suspect just a personal competitive advantage for himself and his investors.
3665 2011-06-20 07:49:44 larsivi has quit (Ping timeout: 250 seconds)
3666 2011-06-20 07:49:46 <fpgaminer> midnightmagic: heh, go figure
3667 2011-06-20 07:50:08 <midnightmagic> fpgaminer: he seems to release the stuff one or two generations behind his best
3668 2011-06-20 07:50:18 <fpgaminer> midnightmagic: Well I guess I gotta step up my efforts with my LX150 and get a working design out there
3669 2011-06-20 07:50:57 <midnightmagic> fpgaminer: =] may I ask you a recommendation for a devboard, and your thoughts on whether there's a better chip than LX150 to be doing this on?
3670 2011-06-20 07:51:14 <midnightmagic> fpgaminer: (Also, are you using the webpack?)
3671 2011-06-20 07:51:20 <fpgaminer> midnightmagic: Devboard for the LX150?
3672 2011-06-20 07:51:32 <midnightmagic> fpgaminer: yeah, the devboard in digikey are $4k.
3673 2011-06-20 07:51:45 <fpgaminer> midnightmagic: That's weird. I got my dev-board for $1K
3674 2011-06-20 07:51:58 <fpgaminer> one sec....
3675 2011-06-20 07:52:03 <sivu> omg digikey rips people
3676 2011-06-20 07:52:07 <midnightmagic> fpgaminer: and Xilinx lists some cheap ones for like $225. haven't the foggiest where to get them though
3677 2011-06-20 07:52:27 <midnightmagic> sivu: not always. sometimes the volume stuff is okay.  but.. do you have a good alternative?
3678 2011-06-20 07:52:27 <fpgaminer> midnightmagic: This is what I bought: http://www.xilinx.com/products/boards-and-kits/AES-S6DEV-LX150T-G.htm
3679 2011-06-20 07:52:42 <fpgaminer> midnightmagic: But, again, I've had a terrible time with P&R on Xilinx devices
3680 2011-06-20 07:53:04 <fpgaminer> midnightmagic: And no, I don't use webpack. The devkit comes with a device-locked license for something a step above that
3681 2011-06-20 07:53:05 <sivu> midnightmagic, actually i've found that digikey is one of the cheapest atleast when compared to farnell or mouser
3682 2011-06-20 07:53:06 <midnightmagic> fpgaminer: ah, that's for an LX-150T. that's with the PCI-e endpoint on it? or was the T for the gE?
3683 2011-06-20 07:53:14 somuchwin has quit (Ping timeout: 240 seconds)
3684 2011-06-20 07:53:47 <fpgaminer> midnightmagic: It has PCI-e, sure, but I don't use it for that :P And T means the chip has transceivers on it, which aren't needed for strictly mining
3685 2011-06-20 07:53:47 dude65535 has quit (Ping timeout: 252 seconds)
3686 2011-06-20 07:53:48 somuchwin has joined
3687 2011-06-20 07:53:58 Artifex_ has joined
3688 2011-06-20 07:54:25 <fpgaminer> midnightmagic: Anyway, that's really the only LX150 board I could actually find. I'd be glad to know if there's something cheaper out there.
3689 2011-06-20 07:54:38 <midnightmagic> fpgaminer: I recently learned that ISE allows gate-level design, and I became happier. I haven't the foggiest re: verilog/VHDL but gate-level design work is something I did a lot of in college.
3690 2011-06-20 07:55:03 <midnightmagic> sivu: thanks for the note.
3691 2011-06-20 07:55:10 <fpgaminer> midnightmagic: Sounds hardcore :)
3692 2011-06-20 07:55:29 <fpgaminer> midnightmagic: Altera also lets you do gate and block level design
3693 2011-06-20 07:55:49 <midnightmagic> fpgaminer: I.. LOVED.. it. Loved it. We designed a full computer, gate by gate, right from scratch..  never built anything (we were poor students) but it was fun simulating it in logicworks.
3694 2011-06-20 07:56:06 <sivu> midnightmagic, we order a lot of volume stuff (altough very low volumes. <1-5k pcs) and digikey prices scale very well. farnell tried to sell us 500pcs of one microcontroller for the same price as 1
3695 2011-06-20 07:56:08 <fpgaminer> midnightmagic: That ... actually does sound like fun :D
3696 2011-06-20 07:56:17 <midnightmagic> sivu: ouch :)
3697 2011-06-20 07:56:18 <fpgaminer> midnightmagic: Verilog has spoiled me
3698 2011-06-20 07:56:43 <sivu> midnightmagic, which was something like ~7euros. digikey prices were <2eur for 500pcs
3699 2011-06-20 07:56:46 <denisx> I have here ca. 40 XC2VP50 lying around
3700 2011-06-20 07:57:11 <sivu> and, farnell said that they will only sell us 100 max
3701 2011-06-20 07:57:34 <midnightmagic> sivu: nice.  every once in a while, digikey really sucks.. but on the whole I've been pretty happy with their atmel supplies.
3702 2011-06-20 07:58:29 <sivu> midnightmagic, yep. i'm handling mostly atmel also
3703 2011-06-20 07:59:00 moe1111 has joined
3704 2011-06-20 07:59:05 <midnightmagic> fpgaminer: well, if I do end up with a devkit as I plan, would you mind if I asked you the odd question for bootstrapping my brain into the process?
3705 2011-06-20 07:59:17 g37 has quit (Ping timeout: 252 seconds)
3706 2011-06-20 07:59:19 <sivu> msp430 stuff comes directly from ti
3707 2011-06-20 08:00:02 <fpgaminer> midnightmagic: Feel free :) I'm not always on IRC, so you can PM me on the forums or email me fpgaminer ..at... bitcoin-mining.com
3708 2011-06-20 08:00:42 newark73 has joined
3709 2011-06-20 08:01:01 <midnightmagic> fpgaminer: I'd really appreciate it. And of course I tend to pay it forward when people help, so, I'm not a knowledge dead-end type.
3710 2011-06-20 08:01:20 <fpgaminer> midnightmagic: I just like the spread the FPGA love :)
3711 2011-06-20 08:01:21 larsivi has joined
3712 2011-06-20 08:01:27 <fpgaminer> like to spread*
3713 2011-06-20 08:02:21 Gonzago has quit (Read error: Operation timed out)
3714 2011-06-20 08:02:29 <midnightmagic> fpgaminer: :-)  much obliged, again. ah who knows, maybe nothing will come of it, but I do have some vacation coming up and this seems like a great diversion.
3715 2011-06-20 08:02:55 <sivu> speaking of dev, i think the wallet code should be made so that its easy to split accounts into multiple files
3716 2011-06-20 08:03:11 <midnightmagic> sivu: and merge them back again, the same way gpg does.
3717 2011-06-20 08:03:15 <fpgaminer> midnightmagic: Heh, nothing like a little FPGA deving vacation ;)
3718 2011-06-20 08:03:31 <sivu> midnightmagic, yeah.
3719 2011-06-20 08:03:46 <midnightmagic> fpgaminer: I have a very understanding wife who likes the fact that bitcoins have replaced her salary.
3720 2011-06-20 08:03:47 <fpgaminer> midnightmagic: Anyway, thank you for letting me know about ArtForz's progress. I hope I too can squeeze 190MH/s out of this chip :) I'm off to bed for now, though
3721 2011-06-20 08:03:58 <midnightmagic> fpgaminer: night
3722 2011-06-20 08:04:00 <sivu> it could be a tree like structure where each branch could be in its own file
3723 2011-06-20 08:04:29 fpgaminer has quit ()
3724 2011-06-20 08:04:45 <sivu> so you could attach a savings branch, move coins, detach savings and put the file back in the safe
3725 2011-06-20 08:06:11 <sivu> it would also benefit online 'banks' by having each user in its own branch, encrypted with user key
3726 2011-06-20 08:07:07 ThomasV has quit (Read error: Operation timed out)
3727 2011-06-20 08:07:38 wasabii is now known as wasabi2
3728 2011-06-20 08:08:34 Bossland_ has joined
3729 2011-06-20 08:09:49 weinerk has joined
3730 2011-06-20 08:10:13 weinerk has quit (Changing host)
3731 2011-06-20 08:10:13 weinerk has joined
3732 2011-06-20 08:10:19 slux has quit (Ping timeout: 252 seconds)
3733 2011-06-20 08:10:24 danbri has joined
3734 2011-06-20 08:11:51 ColdHardMetal has left ()
3735 2011-06-20 08:12:02 Bossland has quit (Ping timeout: 240 seconds)
3736 2011-06-20 08:12:53 Tritonio has joined
3737 2011-06-20 08:13:16 oneohoneohfive has joined
3738 2011-06-20 08:15:26 hahuang65 has quit ()
3739 2011-06-20 08:18:19 Slober has joined
3740 2011-06-20 08:22:34 btc4beer has quit (Ping timeout: 276 seconds)
3741 2011-06-20 08:24:42 testuser444 has joined
3742 2011-06-20 08:26:49 gsathya has quit (Ping timeout: 240 seconds)
3743 2011-06-20 08:27:37 btc4beer has joined
3744 2011-06-20 08:27:44 hamush1 has joined
3745 2011-06-20 08:30:06 testuser444 has quit (Remote host closed the connection)
3746 2011-06-20 08:31:30 gsathya has joined
3747 2011-06-20 08:31:33 RAM2012 has joined
3748 2011-06-20 08:38:32 <denisx> MagicalTux: mtgox runs on freebsd you said? was it always freebsd?
3749 2011-06-20 08:41:04 <tuoppi> [Update - 6:30 GMT] Still here. Still working hard to get things online.
3750 2011-06-20 08:41:04 <tuoppi> SHA-512 multi-iteration salted hashing is in enabled and ready for when we get users reactivating their accounts
3751 2011-06-20 08:41:04 <tuoppi> We are going to push our relaunch time to 2:00am GMT tomorrow so we have time to launch a our new backend and withdraw passwords.
3752 2011-06-20 08:41:04 <tuoppi> Thanks to everyone sending the supportive emails and our extremely patient users.
3753 2011-06-20 08:41:15 <tuoppi> what does that mean exactly?
3754 2011-06-20 08:41:26 <tuoppi> do we have to wait like 15 hours from now on or just 5
3755 2011-06-20 08:41:36 <tuoppi> i mean 5 or 17
3756 2011-06-20 08:41:41 Geebus has joined
3757 2011-06-20 08:41:46 <Artifex_> 17 i think
3758 2011-06-20 08:41:54 <kinlo> 17 indeed
3759 2011-06-20 08:41:55 <tuoppi> geez
3760 2011-06-20 08:41:58 <tuoppi> kinda long wait
3761 2011-06-20 08:42:45 combo has quit (Ping timeout: 258 seconds)
3762 2011-06-20 08:44:16 Herodes has quit (Quit: Leaving)
3763 2011-06-20 08:49:21 LightRider is now known as LightRider|afk
3764 2011-06-20 08:49:46 <sipa> i prefer having it down for longer than that they have to rush things
3765 2011-06-20 08:49:51 IncitatusOnWater has joined
3766 2011-06-20 08:49:51 Joric has joined
3767 2011-06-20 08:50:00 gjs278 has joined
3768 2011-06-20 08:50:05 triplex has joined
3769 2011-06-20 08:50:18 oneohoneohfive has left ("bye")
3770 2011-06-20 08:52:07 f33x has joined
3771 2011-06-20 08:52:37 <epscy> yeah, if they want to rebuild trust they need to do this properly
3772 2011-06-20 08:52:41 d1234 has joined
3773 2011-06-20 08:53:18 larsivi has quit (Quit: No Ping reply in 180 seconds.)
3774 2011-06-20 08:53:36 larsivi has joined
3775 2011-06-20 08:53:42 ionspin has quit (Remote host closed the connection)
3776 2011-06-20 08:59:36 entertheb_ has joined
3777 2011-06-20 09:00:52 xert has quit (Read error: Connection reset by peer)
3778 2011-06-20 09:01:00 entertheb_ has quit (Client Quit)
3779 2011-06-20 09:01:30 f33x_ has joined
3780 2011-06-20 09:01:51 AnatolV has joined
3781 2011-06-20 09:02:58 xert has joined
3782 2011-06-20 09:04:10 f33x has quit (Ping timeout: 250 seconds)
3783 2011-06-20 09:04:11 f33x_ is now known as f33x
3784 2011-06-20 09:08:26 ionspin has joined
3785 2011-06-20 09:10:46 neurochasm has quit (Ping timeout: 250 seconds)
3786 2011-06-20 09:11:11 IncitatusOnWater has quit (Ping timeout: 255 seconds)
3787 2011-06-20 09:11:40 f33x has quit (Quit: f33x)
3788 2011-06-20 09:15:23 Sebastan has joined
3789 2011-06-20 09:15:53 Sebastan has quit (Read error: Connection reset by peer)
3790 2011-06-20 09:16:05 pogden has quit (Remote host closed the connection)
3791 2011-06-20 09:16:28 slux has joined
3792 2011-06-20 09:18:21 abragin has quit ()
3793 2011-06-20 09:19:06 abragin has joined
3794 2011-06-20 09:19:06 abragin has quit (Changing host)
3795 2011-06-20 09:19:06 abragin has joined
3796 2011-06-20 09:21:30 <Nachtwind> may someone give me a hint for the RPC commands?
3797 2011-06-20 09:21:55 <Nachtwind> i try to use bitcoind with php and want to connect a sender's address to one of the payments
3798 2011-06-20 09:22:01 <Nachtwind> is that with just RPC possible at all?
3799 2011-06-20 09:22:37 <sipa> that's not possible in general
3800 2011-06-20 09:22:47 <sipa> bitcoin transactions do not have a clearly definable from address
3801 2011-06-20 09:23:15 <sipa> and you definitely shouldn't rely on it - if you want a chargeback address or so, ask the customer
3802 2011-06-20 09:23:21 <Nachtwind> ok.. figured that out already.. but in case i know the senders address - can i somehow connect that to transactions?
3803 2011-06-20 09:23:32 <sipa> in general, not
3804 2011-06-20 09:23:35 <Nachtwind> no i just want to see wether someone paid or not
3805 2011-06-20 09:23:41 <sipa> don't
3806 2011-06-20 09:23:50 <sipa> use a separate receive address for each payment
3807 2011-06-20 09:24:45 <Nachtwind> lets say someone enters an amount on my page and his return address - how do i know that a transaction i get belongs to this person?
3808 2011-06-20 09:25:07 <Nachtwind> i mean, i have seen this kind of thing on a lot of pages - so it should be doable.. yet i dont see how
3809 2011-06-20 09:25:18 <sipa> you generate a new address every time you need someone to pay you
3810 2011-06-20 09:25:35 <doublec> Nachtwind: listreceivedbyaddress
3811 2011-06-20 09:25:50 <doublec> Nachtwind: look at that and you'll see payments made to an address
3812 2011-06-20 09:25:55 <doublec> Nachtwind: you can poll it
3813 2011-06-20 09:26:04 <doublec> Nachtwind: or use a half node and monitor transactions
3814 2011-06-20 09:26:10 <Nachtwind> oi... now i see...
3815 2011-06-20 09:26:29 <Nachtwind> i have to store the receivers address and have to rely on a unique address for every transaction and check for that?
3816 2011-06-20 09:26:31 <doublec> Nachtwind: you can also use getreceivedbyaddress
3817 2011-06-20 09:26:38 <doublec> Nachtwind: yes
3818 2011-06-20 09:26:50 <Nachtwind> ohhh.. thank you
3819 2011-06-20 09:26:53 neurochasm has joined
3820 2011-06-20 09:26:58 <Nachtwind> have been biting my teeth out on that already
3821 2011-06-20 09:27:40 gsathya has quit (Ping timeout: 250 seconds)
3822 2011-06-20 09:28:21 Mender has joined
3823 2011-06-20 09:28:52 hallowworld has quit (Ping timeout: 276 seconds)
3824 2011-06-20 09:29:26 hallowworld has joined
3825 2011-06-20 09:30:33 Keefe has quit (Ping timeout: 246 seconds)
3826 2011-06-20 09:30:51 sherpishoru has quit (Quit: Page closed)
3827 2011-06-20 09:31:35 echelon has quit (Remote host closed the connection)
3828 2011-06-20 09:31:44 echelon_ has joined
3829 2011-06-20 09:32:50 sipa has quit (Changing host)
3830 2011-06-20 09:32:50 sipa has joined
3831 2011-06-20 09:32:52 neurochasm has quit (Ping timeout: 250 seconds)
3832 2011-06-20 09:34:40 Diablo-D3 has joined
3833 2011-06-20 09:36:18 jimpsson has quit (Quit: o/)
3834 2011-06-20 09:38:46 <gjs278> ;;bc,mtgox
3835 2011-06-20 09:38:52 <gribble> timed out
3836 2011-06-20 09:39:16 lorenzoIT has quit (Quit: Sto andando via)
3837 2011-06-20 09:39:20 DukeOfURL has quit (Ping timeout: 264 seconds)
3838 2011-06-20 09:39:25 rusty has quit (Quit: Leaving.)
3839 2011-06-20 09:40:25 kv39 has joined
3840 2011-06-20 09:40:34 DukeOfURL has joined
3841 2011-06-20 09:40:37 Sebastan has joined
3842 2011-06-20 09:41:06 pyro_ has quit (Ping timeout: 250 seconds)
3843 2011-06-20 09:41:27 pyro_ has joined
3844 2011-06-20 09:42:20 anarchyx has quit (Ping timeout: 264 seconds)
3845 2011-06-20 09:43:04 RealBorg has left ("Leaving")
3846 2011-06-20 09:43:12 nFvF6vtT6m has joined
3847 2011-06-20 09:43:39 <d1234> ;;bc,stats
3848 2011-06-20 09:44:06 <gribble> Error: invalid syntax (<string>, line 1)
3849 2011-06-20 09:45:37 Kurtov has joined
3850 2011-06-20 09:45:38 germanMNY has joined
3851 2011-06-20 09:45:53 <phantomcircuit> ;;bc,gen 300000
3852 2011-06-20 09:46:04 <gribble> Error: invalid syntax (<string>, line 1)
3853 2011-06-20 09:46:10 <phantomcircuit> ;;bc,calc 300000
3854 2011-06-20 09:46:21 <gribble> Error: invalid syntax (<string>, line 1)
3855 2011-06-20 09:46:24 <phantomcircuit> wat
3856 2011-06-20 09:48:36 <ne0futur> nanotube: !!!
3857 2011-06-20 09:48:40 Daviey has quit (Remote host closed the connection)
3858 2011-06-20 09:50:50 ChuckSchumer has joined
3859 2011-06-20 09:51:04 jimpsson has joined
3860 2011-06-20 09:51:56 Sebastan has quit (Ping timeout: 246 seconds)
3861 2011-06-20 09:51:57 pyro_ has quit (Disconnected by services)
3862 2011-06-20 09:52:44 jimpsson has quit (Client Quit)
3863 2011-06-20 09:52:45 kish has quit (Read error: Connection reset by peer)
3864 2011-06-20 09:53:03 Daviey has joined
3865 2011-06-20 09:53:04 kish has joined
3866 2011-06-20 09:55:42 pyro__ has joined
3867 2011-06-20 09:56:24 triplex has quit (Quit: Page closed)
3868 2011-06-20 09:57:01 <denisx> there are 100 keys in the wallet, right?
3869 2011-06-20 09:57:01 BlueMattBot has quit (Ping timeout: 252 seconds)
3870 2011-06-20 09:57:28 <nuthin> doesn't that depend on the number of adresses?
3871 2011-06-20 09:57:45 lumos has joined
3872 2011-06-20 09:57:51 <denisx> sure, but you start with 100
3873 2011-06-20 09:57:51 <mtrlt> one key per address
3874 2011-06-20 09:58:19 <denisx> I thinking about a backup solution which prints the keys as qr-codes
3875 2011-06-20 09:58:23 viggi has quit (Read error: Connection reset by peer)
3876 2011-06-20 09:58:37 pmazur_ has joined
3877 2011-06-20 09:59:53 exstntlstfrtn has joined
3878 2011-06-20 10:00:29 torsthaldo_ has joined
3879 2011-06-20 10:01:29 torsthaldo has quit (Ping timeout: 240 seconds)
3880 2011-06-20 10:02:00 d1g1t4l has joined
3881 2011-06-20 10:02:49 karnac_ has quit (Ping timeout: 240 seconds)
3882 2011-06-20 10:02:49 <D0han> d1g1t4l: paint it on wall
3883 2011-06-20 10:02:58 <D0han> denisx: ^
3884 2011-06-20 10:03:10 viggi has joined
3885 2011-06-20 10:03:14 <d1g1t4l> ?
3886 2011-06-20 10:03:22 <D0han> miss tab, nvm d1g1t4l
3887 2011-06-20 10:03:35 <d1g1t4l> heh ok
3888 2011-06-20 10:03:49 <denisx> too much to paint
3889 2011-06-20 10:04:08 <denisx> and for qr-codes there is already scanning solution available
3890 2011-06-20 10:04:22 <mtrlt> how would you store the codes?
3891 2011-06-20 10:04:38 <mtrlt> in a secure vault 1km deep in the ground?
3892 2011-06-20 10:04:59 jaybny has joined
3893 2011-06-20 10:05:01 <denisx> no, but I trust printed paper more than two disks
3894 2011-06-20 10:05:07 <mtrlt> true
3895 2011-06-20 10:05:31 <mtrlt> but you still have to store them safely :p
3896 2011-06-20 10:05:40 IncitatusOnWater has joined
3897 2011-06-20 10:05:58 <[7]> midnightmagic: http://pastie.org/private/yfna2z4don44t1tm6dcf0a
3898 2011-06-20 10:06:01 danbri has quit (Remote host closed the connection)
3899 2011-06-20 10:06:13 <jaybny> everytime i try to join bitcoin-otc.. it brings me to the foyer
3900 2011-06-20 10:06:15 aristidesfl has joined
3901 2011-06-20 10:06:22 f33x has joined
3902 2011-06-20 10:06:23 Blitzboom_ is now known as Blitzboom
3903 2011-06-20 10:06:29 Blitzboom has quit (Changing host)
3904 2011-06-20 10:06:29 Blitzboom has joined
3905 2011-06-20 10:07:57 <jaybny> ;;letmein
3906 2011-06-20 10:09:53 stamit has quit (Remote host closed the connection)
3907 2011-06-20 10:12:50 abragin has quit ()
3908 2011-06-20 10:14:19 BlueMattBot has joined
3909 2011-06-20 10:16:57 <Diablo-D3> ;;bc,mtgox
3910 2011-06-20 10:17:03 <gribble> timed out
3911 2011-06-20 10:17:07 <Diablo-D3> ;;bc,mtgox
3912 2011-06-20 10:17:13 <gribble> timed out
3913 2011-06-20 10:17:16 <Diablo-D3> goddanmit
3914 2011-06-20 10:21:31 qwebirc91214 has joined
3915 2011-06-20 10:23:02 Atterall has joined
3916 2011-06-20 10:26:06 <d1234> ;;bc,stats
3917 2011-06-20 10:26:19 EskimoBob has left ("WeeChat 0.3.5")
3918 2011-06-20 10:26:32 <gribble> Error: invalid syntax (<string>, line 1)
3919 2011-06-20 10:28:11 nFvF6vtT6m has quit (Quit: 123)
3920 2011-06-20 10:30:11 Keefe has joined
3921 2011-06-20 10:32:30 coderrr is now known as coderrr`brb
3922 2011-06-20 10:32:48 kW_ has joined
3923 2011-06-20 10:35:40 AntiVigilante has joined
3924 2011-06-20 10:36:45 oozyburglar has joined
3925 2011-06-20 10:36:52 Keefe has quit (Changing host)
3926 2011-06-20 10:36:52 Keefe has joined
3927 2011-06-20 10:36:58 oozyburglar has quit (Read error: Connection reset by peer)
3928 2011-06-20 10:37:11 coderrr`brb is now known as coderrr
3929 2011-06-20 10:37:13 DELTA9 has joined
3930 2011-06-20 10:37:15 oozyburglar has joined
3931 2011-06-20 10:38:48 Atterall has left ()
3932 2011-06-20 10:40:09 LoveBeads has joined
3933 2011-06-20 10:42:59 jogis has joined
3934 2011-06-20 10:44:17 newark73 has quit (Quit: newark73)
3935 2011-06-20 10:44:32 Lachesis has joined
3936 2011-06-20 10:44:55 kW_ has quit (Remote host closed the connection)
3937 2011-06-20 10:47:11 o_0oo has joined
3938 2011-06-20 10:48:02 KuDeTa has joined
3939 2011-06-20 10:48:03 arima has quit (Ping timeout: 260 seconds)
3940 2011-06-20 10:49:41 DELTA9 has quit (Quit: leaving)
3941 2011-06-20 10:53:53 Lachesis has quit (Ping timeout: 260 seconds)
3942 2011-06-20 10:54:31 BlueMatt has joined
3943 2011-06-20 11:02:38 amod has quit (Ping timeout: 252 seconds)
3944 2011-06-20 11:07:01 <[Tycho]> ;;bc,stats
3945 2011-06-20 11:07:27 <gribble> Error: invalid syntax (<string>, line 1)
3946 2011-06-20 11:07:28 underBit has joined
3947 2011-06-20 11:07:51 <pyro__> were can I download the stolen list?
3948 2011-06-20 11:09:02 <BlueMatt> stolen list of...?
3949 2011-06-20 11:09:37 <underBit> did ur grandmother tutor you in theft?
3950 2011-06-20 11:10:30 <pyro__> the usernames and e-mail email adresses of mtgox
3951 2011-06-20 11:10:49 <sivu> from the internet
3952 2011-06-20 11:10:59 Sylph has quit (Ping timeout: 240 seconds)
3953 2011-06-20 11:11:06 <underBit> look inside ur grandmother for the list
3954 2011-06-20 11:12:10 <BlueMatt> pyro__: you realize that was a rumor and not true...?
3955 2011-06-20 11:12:50 danbri has joined
3956 2011-06-20 11:13:17 <sivu> bluematt, so what was that accounts.csv then?
3957 2011-06-20 11:13:47 <ius> pictures of unicorns and cute kittens
3958 2011-06-20 11:14:52 <sivu> one of the lines matched the name and email i used in mtgox and nowhere else. but that just might be a coincidence
3959 2011-06-20 11:15:20 Nachtwind has left ()
3960 2011-06-20 11:15:52 <ius> Wish it was.
3961 2011-06-20 11:16:06 Sylph has joined
3962 2011-06-20 11:17:10 qwebirc91214 has quit (Quit: Page closed)
3963 2011-06-20 11:17:12 Bossland__ has joined
3964 2011-06-20 11:17:27 <gjs278> BlueMatt there most definitely is a list of them somewhere with hashes
3965 2011-06-20 11:17:50 <dsg> The list is real, as evidenced by the inordinate amount of bitcoin-related spam in my inbox (to a single-use email address for mtgox).
3966 2011-06-20 11:18:37 BlueMatt has quit (Ping timeout: 250 seconds)
3967 2011-06-20 11:20:19 Atterall has joined
3968 2011-06-20 11:20:42 Bossland_ has quit (Ping timeout: 258 seconds)
3969 2011-06-20 11:21:54 underBit has quit (Quit: Page closed)
3970 2011-06-20 11:24:18 gjs278 has quit (Read error: Connection reset by peer)
3971 2011-06-20 11:25:30 Juice2 has joined
3972 2011-06-20 11:26:01 <Juice2> Is there a trick to getting OpenCL to run for HD 6900 series cards on Linux?
3973 2011-06-20 11:26:26 gjs278 has joined
3974 2011-06-20 11:26:34 <Juice2> I'm getting a "FATAL kernel error: Failed to load OpenCL kernel!" error despite seeing the cards with aticonfig --list-adapters
3975 2011-06-20 11:26:45 <Juice2> and unpacking the license agreement
3976 2011-06-20 11:26:50 <Raccoon> interesting. ICANN plans on releasing HUNDREDS of new Top Level Domains in 2012. there goes the neighborhood... http://www.theregister.co.uk/2011/06/20/icann_expands_gtlds/
3977 2011-06-20 11:28:27 vokoda has quit (Ping timeout: 255 seconds)
3978 2011-06-20 11:28:32 larsivi has quit (Ping timeout: 246 seconds)
3979 2011-06-20 11:30:38 Atterall has quit (Quit: Changing server)
3980 2011-06-20 11:30:40 skeledrew has joined
3981 2011-06-20 11:32:19 hallowworld has quit (Read error: Operation timed out)
3982 2011-06-20 11:32:57 skeledrew has quit (Client Quit)
3983 2011-06-20 11:35:48 skeledrew has joined
3984 2011-06-20 11:36:32 AStove has quit (Read error: Operation timed out)
3985 2011-06-20 11:36:37 BlueMatt has joined
3986 2011-06-20 11:36:54 AStove has joined
3987 2011-06-20 11:37:42 <BlueMatt> until someone who has even a tiny bit of trust in the community has seen the contents of any kind of accounts.csv or smth, its just a rumor, and probably not true
3988 2011-06-20 11:38:09 <Juice2> which part is a rumor?
3989 2011-06-20 11:38:18 <tcatm> BlueMatt: do I count as "tiny bit of trust"? :)
3990 2011-06-20 11:38:23 smart990 has joined
3991 2011-06-20 11:38:34 DukeOfURL has quit (Quit: ChatZilla 0.9.87 [Firefox 4.0.1/20110413222027])
3992 2011-06-20 11:38:34 <BlueMatt> tcatm: youve seen the contents of this file?
3993 2011-06-20 11:38:42 <iera> BlueMatt: i have the file, and my account is valid
3994 2011-06-20 11:38:43 <Juice2> I have
3995 2011-06-20 11:38:51 <tcatm> Got it on my harddrive, found my two accounts in it.
3996 2011-06-20 11:38:51 <BlueMatt> hm, well that sucks
3997 2011-06-20 11:38:53 <Juice2> so is mine
3998 2011-06-20 11:39:10 <denisx> mine too
3999 2011-06-20 11:39:18 <BlueMatt> is it possible to login with that file, or are the passwords just hashed?
4000 2011-06-20 11:39:23 <iera> hashed
4001 2011-06-20 11:39:26 <denisx> hashed
4002 2011-06-20 11:39:27 <BlueMatt> and are they salted?
4003 2011-06-20 11:39:39 <tcatm> yes
4004 2011-06-20 11:39:40 <Wuked> supposedly
4005 2011-06-20 11:39:45 <jaybny> i have the file
4006 2011-06-20 11:39:57 <tcatm> except for some old accounts that never logged in after the salt was added
4007 2011-06-20 11:40:02 <jaybny> accounts.csv ... its all over the place
4008 2011-06-20 11:40:04 larsivi has joined
4009 2011-06-20 11:40:07 <cut> guesses: 1518  time: 0:11:23:48 1.46% (2) (ETA: Fri Jul 22 07:22:59 2011)  c/s: 6184  trying: steph1 - stocks
4010 2011-06-20 11:40:14 <dirtyfilthy> hashed
4011 2011-06-20 11:40:37 <BlueMatt> well, that sucks
4012 2011-06-20 11:40:44 hallowworld has joined
4013 2011-06-20 11:41:21 <cut> 1835,BlueMatt,mtgox@bluematt.me,$1$eBPPP3Vz$c0Zqsnpwjy1IrSxPzHWQS0
4014 2011-06-20 11:41:26 <ius> BlueMatt: crypt, md5
4015 2011-06-20 11:41:34 <BlueMatt> well that sucks
4016 2011-06-20 11:41:53 <ius> understatement
4017 2011-06-20 11:42:01 inktri has left ()
4018 2011-06-20 11:42:06 <BlueMatt> well they are salted pw's
4019 2011-06-20 11:42:34 <BlueMatt> if people are smart it wont effect anyone...but people are never smart, I would agree that mt should force everyone to use a new pw
4020 2011-06-20 11:42:42 <BlueMatt> plus phishing
4021 2011-06-20 11:42:43 <cut> theres a couple hundred that arent salted that have already been released
4022 2011-06-20 11:42:44 <vegard> BlueMatt: did you just wake up or something? :-P the leak is real.
4023 2011-06-20 11:42:59 <BlueMatt> vegard: Ive been on vacation for the past couple weeks so...yea
4024 2011-06-20 11:43:07 <iera> BlueMatt: fyi i got a mtgox_client.exe on my mtgox address :p
4025 2011-06-20 11:43:18 <ducki2p> BlueMatt: 3% wasn't salted
4026 2011-06-20 11:43:31 <BlueMatt> well that sucks really bad for those people
4027 2011-06-20 11:43:47 <tcatm> the accounts that were not salted we're inactive anyway. thould have been converted after the next login
4028 2011-06-20 11:43:48 <vegard> mtgox is the real loser here
4029 2011-06-20 11:44:38 <jogis> vegard: no, the people whose transactions will be reversed are the real losers
4030 2011-06-20 11:44:51 <jogis> unless they transferred the btc out of mtgox, that is
4031 2011-06-20 11:44:58 Stellar has quit (Ping timeout: 246 seconds)
4032 2011-06-20 11:45:13 <picci> jogis: grats to who actually made it in time
4033 2011-06-20 11:45:32 <jogis> yeah, grats from me to them as well :)
4034 2011-06-20 11:45:33 <vegard> I tend to disagree
4035 2011-06-20 11:45:51 Stove has joined
4036 2011-06-20 11:45:53 <jogis> vegard: but then you are assuming that making profit is not good for you :>
4037 2011-06-20 11:45:56 AStove has quit (Ping timeout: 252 seconds)
4038 2011-06-20 11:46:24 <vegard> whatever gains they had were based on an illegal transaction
4039 2011-06-20 11:46:49 <vegard> or, no, it wasn't even illegal
4040 2011-06-20 11:47:11 <vegard> whatever they earned was somehow not theirs to win in the first place, I guess
4041 2011-06-20 11:47:21 hallowworld has quit (Ping timeout: 244 seconds)
4042 2011-06-20 11:48:26 <jogis> :?
4043 2011-06-20 11:49:01 <jogis> well, as a legit user of mtgox, i assume to be able to conduct business all the time when the site is up
4044 2011-06-20 11:49:21 <jogis> and the fact that some scriptkiddies did something wrong
4045 2011-06-20 11:49:28 <jogis> is none of mine problem
4046 2011-06-20 11:49:58 xert has quit (Read error: Connection reset by peer)
4047 2011-06-20 11:50:06 <picci> basically yes, and if i had the chance to get 1k btc for 0.01 i probably would've... too bad i was afk
4048 2011-06-20 11:50:39 <picci> and if i had the chance to cash those out and sell them a week later for 10kusd.. it would've been stupid not to take them in the first place
4049 2011-06-20 11:50:46 <jogis> i did get like 5 btc for 5$ each
4050 2011-06-20 11:50:53 <picci> i wish i did :(
4051 2011-06-20 11:50:53 anarchyx has joined
4052 2011-06-20 11:51:01 anarchyx has quit (Changing host)
4053 2011-06-20 11:51:01 anarchyx has joined
4054 2011-06-20 11:51:02 <jogis> but i was stupid enought to trust mtgox and not transfer my coins away
4055 2011-06-20 11:51:02 <vegard> jogis: and if you lost 400k btc because mtgox was hacked, wouldn't you say the trade should be reversed?
4056 2011-06-20 11:51:20 <picci> so... since i didn't... i would like the roll back... but i know that's just cause i didn't get any
4057 2011-06-20 11:51:24 <jogis> vegard: and it happen to whom?
4058 2011-06-20 11:51:38 <jogis> damn, my english sux badly
4059 2011-06-20 11:51:50 <jogis> vegard: are you argueing this has happened to somebody?
4060 2011-06-20 11:51:52 Bossland_ has joined
4061 2011-06-20 11:51:58 <picci> basically, i do want the rollback, cause i didn't make any $ on the whole thing that happened...
4062 2011-06-20 11:52:06 <jogis> :)))
4063 2011-06-20 11:52:08 <ducki2p> jogis: do you plan to continue to use mtgox after it comes back up?
4064 2011-06-20 11:52:14 <picci> i do
4065 2011-06-20 11:52:22 <ius> jogis: obviously someone lost 400k+
4066 2011-06-20 11:52:35 <jogis> ducki2p: i do, since i see no other alternative thus far
4067 2011-06-20 11:52:36 <picci> iusd. that could be the mtgox wallet with e1's coins in it :)
4068 2011-06-20 11:52:44 <picci> *ius
4069 2011-06-20 11:52:53 xert has joined
4070 2011-06-20 11:53:04 <jogis> ius: i think nobody lost >9000 BTC due to mtgox being hacked
4071 2011-06-20 11:53:10 airfox has quit (Quit: Leaving...)
4072 2011-06-20 11:53:18 <jogis> somebody got a trojan installed and lost his wallet
4073 2011-06-20 11:53:38 <jogis> and then the evil hax0r just tried to cash out using mtgox in some strange way
4074 2011-06-20 11:53:52 <jtaylor> that would be stupid
4075 2011-06-20 11:53:52 <jogis> by performing a no-limit trade
4076 2011-06-20 11:54:00 <jtaylor> why risk the value of the goods he's stolen
4077 2011-06-20 11:54:08 <jtaylor> just cash out slowly over the next few month
4078 2011-06-20 11:54:19 <picci> jtaylor: 4thelulz
4079 2011-06-20 11:54:25 kreal- has quit (Read error: Operation timed out)
4080 2011-06-20 11:54:37 airfox has joined
4081 2011-06-20 11:54:38 <picci> and... to cashout 100kbtc at a time, since withdraw limit was 1kusd and btc's were down to 0.01
4082 2011-06-20 11:54:40 <jogis> jtaylor: if you have a more coherent picture, i would be very happy to know it
4083 2011-06-20 11:54:42 Bossland__ has quit (Ping timeout: 252 seconds)
4084 2011-06-20 11:54:54 <jtaylor> I don't but your theory makes less sense than mtgox story
4085 2011-06-20 11:55:05 <jogis> but that *is* the mtgox story
4086 2011-06-20 11:55:09 <jogis> isin't it? :/
4087 2011-06-20 11:55:20 <jtaylor> they never said anything about a stolen wallet
4088 2011-06-20 11:55:38 <picci> jtaylor: w/d limit is 1k usd WORTH OF COINS, so if you take the value down, you can withdraw more.
4089 2011-06-20 11:55:49 <picci> makes sense ?
4090 2011-06-20 11:55:54 <jtaylor> assuming mtgox admins are stupid and didn't see that possiblity
4091 2011-06-20 11:56:02 <ius> The database was compromised, they claim it was using MySQL credentials the attacker obtained.
4092 2011-06-20 11:56:07 <vegard> jogis: you know that the database was leaked, right?
4093 2011-06-20 11:56:08 <Diablo-D3> jtaylor: singular
4094 2011-06-20 11:56:11 <jogis> jtaylor: they write that one account was compromised, but they don't point out explicitly, if it was on the user side, or the server side
4095 2011-06-20 11:56:16 <jogis> vegard: sure
4096 2011-06-20 11:56:22 <Diablo-D3> mtgox is ran by ONE person
4097 2011-06-20 11:56:44 <tcatm> wrong. mtgox is run by a company
4098 2011-06-20 11:56:44 nefario has left ()
4099 2011-06-20 11:56:51 <jtaylor> Diablo-D3: one person when implementing the cashout limit should immediatly see the flaw when using the current price
4100 2011-06-20 11:56:54 <picci> jogis: mtgox will never come back if they lost the 400kbtc
4101 2011-06-20 11:56:59 <jtaylor> I can't imagine anyone would be so dumb
4102 2011-06-20 11:57:10 <vegard> jogis: I think it's more likely that the people who got hacked did so because the database was out (doesn't justify weak passwords, however)
4103 2011-06-20 11:57:11 <picci> jtaylor: welcome to mtgox
4104 2011-06-20 11:57:12 <jtaylor> but its worrying that it has not been denied yet
4105 2011-06-20 11:57:14 <ius> jogis: fyi that was his first newspost, trying to cover it up by saying it was a single account being compromised
4106 2011-06-20 11:57:22 <ius> then the db leaked
4107 2011-06-20 11:57:30 <picci> jtaylor: they were using md5 as well... could you imagine anyone being so dumb as wel ?
4108 2011-06-20 11:57:45 <jtaylor> well thats not as bad
4109 2011-06-20 11:57:50 <jtaylor> most where at least salted
4110 2011-06-20 11:58:05 <picci> lol, as if that helps with all the gpu's people have here..
4111 2011-06-20 11:58:09 <ius> either he knew the db was compromised and he held his mouth shut, or he didn't know his db was compromised and he failed to audit his logs
4112 2011-06-20 11:58:27 <picci> the db was compromised FRIDAY from what i figured out yesterday
4113 2011-06-20 11:58:32 <jogis> vegard: well, if the person with 500k BTC in the account was using a weak password/has not logged in for 2 months (that's the condition for unsalted pws, right?), then it is sort-of a user side problem, i think
4114 2011-06-20 11:58:34 <jtaylor> it helps when the users ahve good apsswords, also multi round sha does not help against weak passwords
4115 2011-06-20 11:58:37 devon_hillard has joined
4116 2011-06-20 11:58:45 <picci> a user who put his email in on friday, didn't have his email in the db, meaning the db leak was pre FRIDAY
4117 2011-06-20 11:58:46 <Diablo-D3> [07:56:03] <jtaylor> Diablo-D3: one person when implementing the cashout limit should immediatly see the flaw when using the current price
4118 2011-06-20 11:58:51 <Diablo-D3> jtaylor: he didnt write the software.
4119 2011-06-20 11:59:03 <jtaylor> hm thats bad
4120 2011-06-20 11:59:20 <picci> they had the db before friday... so they had time to crack the hashes...
4121 2011-06-20 11:59:23 <denisx> I think the 400k was put away by mtgox itself to safe place
4122 2011-06-20 11:59:24 <jtaylor> But I still have enough faith in human intelligence, to hope that did not happen
4123 2011-06-20 11:59:31 <denisx> someone this morning said so
4124 2011-06-20 11:59:32 <picci> denisx: he never said that
4125 2011-06-20 11:59:42 <ius> He did
4126 2011-06-20 11:59:44 rm99 has joined
4127 2011-06-20 11:59:46 <ducki2p> jogis: so if you dont use a service for 2 months, its your own fault if you lose access?
4128 2011-06-20 11:59:48 <picci> denisx: if that's the case, why didn't he tell everyone and sign it ?
4129 2011-06-20 11:59:52 <jtaylor> there is no proof of it being true or false, so its just speculation at this point
4130 2011-06-20 11:59:56 <picci> ius: he said "some transfers" where his
4131 2011-06-20 11:59:58 <picci> not the 400k ones.
4132 2011-06-20 11:59:59 <ius> picci: People asked him to prove it
4133 2011-06-20 12:00:06 <picci> yeh, and he didnt...
4134 2011-06-20 12:00:12 <ius> I think he also claimed ownership of the large 400k transfer, but never proved it
4135 2011-06-20 12:00:18 <jogis> ducki2p: well, if you store 500k BTC and forget them, i think so
4136 2011-06-20 12:00:19 <picci> exactly.
4137 2011-06-20 12:00:23 <ius> Just like I do not believe there wasn't SQLi involved ;)
4138 2011-06-20 12:00:28 <jaybny> yes the 400k transfer was mtgox internal transfer
4139 2011-06-20 12:00:30 <gjs278> http://img801.imageshack.us/img801/3892/screenshotrzw.png
4140 2011-06-20 12:00:33 <picci> ius: i agree with you.
4141 2011-06-20 12:00:35 <jogis> ducki2p: but you have a point here, i agree
4142 2011-06-20 12:00:37 <gjs278> I can't wait to get like
4143 2011-06-20 12:00:42 <gjs278> hundreds of these emails now
4144 2011-06-20 12:00:44 <upb> 20 14:36 <@BlueMatt> until someone who has even a tiny bit of trust in the community has seen the contents of any kind of accounts.csv or smth, its just a rumor, and probably not true
4145 2011-06-20 12:00:48 <upb> lol
4146 2011-06-20 12:00:52 <gjs278> lol indeed
4147 2011-06-20 12:01:05 <jogis> ;)))
4148 2011-06-20 12:01:08 Faraday has quit (Read error: Connection reset by peer)
4149 2011-06-20 12:01:19 <ducki2p> jogis: its always convenient to blame the user, but at some point it is the responsibility of mtgox
4150 2011-06-20 12:01:27 <BlueMatt> hell dont blame the person who's been seeing those rumors for the past 6 months and didnt bother to read the forums
4151 2011-06-20 12:01:32 <BlueMatt> and is on vacation
4152 2011-06-20 12:01:42 <ducki2p> even though you didn't write the code yourself; he bought it and he operated it.
4153 2011-06-20 12:01:55 Faraday has joined
4154 2011-06-20 12:01:55 <jogis> ducki2p: agreed.
4155 2011-06-20 12:01:57 <jaybny> is the $1000 limit based on last mtgox price? does anyone know how many BTCs hacker was able to withdraw?
4156 2011-06-20 12:02:05 <gjs278> they were able to draw
4157 2011-06-20 12:02:06 <gjs278> $1000
4158 2011-06-20 12:02:13 <picci> which has a limit of 100kbtc
4159 2011-06-20 12:02:13 <jaybny> hoe mant BTCs?
4160 2011-06-20 12:02:18 <picci> at 0.01usd/btc
4161 2011-06-20 12:02:25 <picci> max: 100kbtc/withdraw
4162 2011-06-20 12:02:27 <ius> ducki2p: That's what I honestly don't understand either. Apparantly he's BUSY BUSY BUSY and making quite some cash, yet refuses to hire some people?
4163 2011-06-20 12:02:35 <jogis> BlueMatt: that's not a rumour, the accounts.csv is floating out there somewhere (was upped to rapidshare and ifile), and it is legit (my pw checks)
4164 2011-06-20 12:02:40 <picci> ius: more money for him...
4165 2011-06-20 12:02:43 <jaybny> picci question is what price was used to calulate the max!
4166 2011-06-20 12:02:49 <upb> < vegard> jogis: and if you lost 400k btc because mtgox was hacked, wouldn't you say the trade should be reversed?
4167 2011-06-20 12:02:50 <BlueMatt> jogis: yes, Ive seen that if you read scrollback :)
4168 2011-06-20 12:02:52 <ius> It's irresponsible..
4169 2011-06-20 12:02:54 <ducki2p> hiring good people is hard though
4170 2011-06-20 12:02:59 Atterall has joined
4171 2011-06-20 12:03:02 <picci> jaybny: well, worst case scenario is .01
4172 2011-06-20 12:03:06 <jogis> picci: are you even sure there was a limit on btc withdrawals?
4173 2011-06-20 12:03:08 <tcatm> can you move the non-dev discussion to #bitcoin?
4174 2011-06-20 12:03:08 <ducki2p> especially when so much money is involved
4175 2011-06-20 12:03:19 <upb> ^- btw there are not just 2 solutions 1) revert trades (users pay for the error) 2) not revert trades (400k user doesnt get btc back)
4176 2011-06-20 12:03:22 <jaybny> picci.. does anyone know the answer?
4177 2011-06-20 12:03:25 <picci> jogis: that's what MT said.
4178 2011-06-20 12:03:34 <picci> jaybny: dunno
4179 2011-06-20 12:03:36 <upb> there are 3) trades not reverted, mtgox pays this 400k for damages to the user
4180 2011-06-20 12:03:41 <jogis> picci: ok, then the strategy of the hacker makes total sense
4181 2011-06-20 12:03:44 gavinandresen has joined
4182 2011-06-20 12:03:58 <picci> jogis: it does, and it's f**** smart
4183 2011-06-20 12:04:02 <jaybny> trades will be reverted..  end of story
4184 2011-06-20 12:04:03 <cacheson> tcatm: agreed.  go away, guys  :P
4185 2011-06-20 12:04:18 <gjs278> I'd do it if the ? wasn't tacked on
4186 2011-06-20 12:04:27 <phantomcircuit> gjs278, there are well known and trivially exploitable ways to move more than 1k USD in BTC off of mtgox in 1 day
4187 2011-06-20 12:04:34 <jogis> yeah, we should start #bitcoin-mtgox
4188 2011-06-20 12:04:35 <gjs278> different accounts
4189 2011-06-20 12:04:42 <phantomcircuit> gjs278, yes
4190 2011-06-20 12:04:46 <ducki2p> fair enough, moving to #bitcoin
4191 2011-06-20 12:04:47 xelister has joined
4192 2011-06-20 12:04:54 <cacheson> ducki2p: thank you
4193 2011-06-20 12:04:55 <xelister> THE JUST JUST GOT VERTICAL
4194 2011-06-20 12:04:55 f33x has quit (Quit: f33x)
4195 2011-06-20 12:04:58 <phantomcircuit> intra mtgox trades are not counted towards
4196 2011-06-20 12:04:59 <xelister> THE SHIT JUST GOT VERTICAL
4197 2011-06-20 12:05:25 <xelister> SELL SELL SELL   @0.01 mtgox   :-}
4198 2011-06-20 12:05:31 nefario has joined
4199 2011-06-20 12:05:37 sirius has quit (Remote host closed the connection)
4200 2011-06-20 12:05:46 <xelister> seriously though, what do you think it has impact on bitcoin economy, will btc not collapse
4201 2011-06-20 12:05:47 <phantomcircuit> xelister, rofl
4202 2011-06-20 12:05:57 <phantomcircuit> xelister, other exchanges are up and trading
4203 2011-06-20 12:05:59 <jogis> xelister: calm down, dude
4204 2011-06-20 12:06:06 <cacheson> xelister: #bitcoin or #bitcoin-otc please
4205 2011-06-20 12:06:17 Phoebus has joined
4206 2011-06-20 12:06:24 <phantomcircuit> he is trolling
4207 2011-06-20 12:06:26 <phantomcircuit> jeez
4208 2011-06-20 12:06:34 <gjs278> yeah take it to #bitcoin-trolling
4209 2011-06-20 12:06:40 <upb> hah
4210 2011-06-20 12:06:41 <phantomcircuit> lollolol
4211 2011-06-20 12:06:49 <xelister> cacheson: nollock please, #bitcoin-dev is always channel for interesting discussion not just actuall development of officiall client
4212 2011-06-20 12:07:07 <upb> jaybny: yeah but whether its fair or not is another q
4213 2011-06-20 12:07:27 <cacheson> xelister: it's for dev talk
4214 2011-06-20 12:07:35 <cacheson> which this is clearly not
4215 2011-06-20 12:07:39 <xelister> guys, seriously now.    Do you think this mtgox problem will have serious impact on project development, the PR and in the end the prices
4216 2011-06-20 12:07:49 <jaybny> upb.. all exchanges do it... those were not real orders.. those were fruadulant orders
4217 2011-06-20 12:07:54 jogis has left ()
4218 2011-06-20 12:08:52 Geebus is now known as Coding!b84c0259@gateway/web/freenode/ip.184.76.2.89|Geebus|Away
4219 2011-06-20 12:08:52 Juice2 has quit (Quit: Page closed)
4220 2011-06-20 12:09:10 <xelister> we where about to develop few things for say 500 btc, but heaving lost(?) 500 usd with mtgox and now risk of prices going down it's really a bit of a dark monday.
4221 2011-06-20 12:09:18 agricocb has quit (Quit: Leaving.)
4222 2011-06-20 12:10:27 <sivu> yeah, cloudy, possibly starting to rain
4223 2011-06-20 12:10:40 <sivu> dark
4224 2011-06-20 12:11:37 <upb> jaybny: exchanges or brokers?
4225 2011-06-20 12:11:38 airfox has quit (Remote host closed the connection)
4226 2011-06-20 12:11:46 <jaybny> exchanges
4227 2011-06-20 12:11:52 <upb> eyactly
4228 2011-06-20 12:12:01 <xelister> jaybny: they do what, reverse fraudlet orders?
4229 2011-06-20 12:12:01 airfox has joined
4230 2011-06-20 12:12:11 <upb> and in this case the broker was compromised not exchange
4231 2011-06-20 12:12:27 <jaybny> yes - when there is s fat finger.... or even duringthe flash crash..
4232 2011-06-20 12:12:39 <xelister> well to rollback, mtgox needs to come up with 500,000 usd overnight to cover the losses of the bitcoin that was already taken out
4233 2011-06-20 12:12:40 <jaybny> many stocks went to .01 and back to 50.. trades were reversed
4234 2011-06-20 12:12:53 <jaybny> xelister 500k was not taken out
4235 2011-06-20 12:13:07 <xelister> jaybny: how do you know?
4236 2011-06-20 12:13:16 smart990 has quit (Quit: Page closed)
4237 2011-06-20 12:13:34 <xelister> there was link to blockexplorer block with big fat ~400,000 transaction
4238 2011-06-20 12:13:40 <Diablo-D3> lol xel is back on ignore
4239 2011-06-20 12:13:48 <jaybny> xelister that was mtgox
4240 2011-06-20 12:13:51 <upb> if btc trading bots would drive the price to 0.01 +2 "ß*= 8& #*)2+4+& 8*2 +9 26+) ()& 9ß
4241 2011-06-20 12:13:57 <sivu> xelister, that was just mtgox moving their coins to another place
4242 2011-06-20 12:14:02 <Diablo-D3> xchat hates xelister
4243 2011-06-20 12:14:13 <xelister> Diablo-D3: you fail at using irc clients ;)
4244 2011-06-20 12:14:16 <upb> *it would be justified but in this case no
4245 2011-06-20 12:14:21 <Diablo-D3> xelister: not at all
4246 2011-06-20 12:14:24 <Diablo-D3> it just hates you
4247 2011-06-20 12:14:32 <Diablo-D3> I wonder how long its been like that
4248 2011-06-20 12:14:35 <xelister> Diablo-D3: actually it seems to hate YOU ;)
4249 2011-06-20 12:14:40 <Blitzboom> how long has mtgox been online since selloff started?
4250 2011-06-20 12:14:49 <jaybny> anyone that has been trading stocks and futures for many years knows that this wont effect the price of BTCs.. (assuming all news out of mtgox is true)
4251 2011-06-20 12:14:52 <Diablo-D3> Blitzboom: since it happened
4252 2011-06-20 12:15:03 <Blitzboom> Diablo-D3: i mean, how long until it was taken offline
4253 2011-06-20 12:15:05 <Diablo-D3> jaybny: yeah but people suck
4254 2011-06-20 12:15:11 sirius-m has quit (Remote host closed the connection)
4255 2011-06-20 12:15:14 <Diablo-D3> Blitzboom: about an hour or two
4256 2011-06-20 12:15:38 <Blitzboom> 1-2 hours? i don’t believe there wouldn’t have been any bitcoin withdrawals that were bought during the panic sell
4257 2011-06-20 12:15:43 <Diablo-D3> Blitzboom: it wasnt enough time to start cracking md5s
4258 2011-06-20 12:16:04 <Diablo-D3> he'll probably have to clean up the mess afterwards
4259 2011-06-20 12:16:05 <Blitzboom> which would make a market rollback difficult
4260 2011-06-20 12:16:10 <xelister> Diablo-D3: some idiots used login==password even, and other accounts where also broken in minutes
4261 2011-06-20 12:16:12 <Diablo-D3> but nothing of interest was stolen
4262 2011-06-20 12:16:18 <Diablo-D3> xelister: not quite.
4263 2011-06-20 12:16:20 <jaybny> mtgox will conpensate anyone whos trades get rolled back, but the user withdraw the coins.
4264 2011-06-20 12:16:21 <Blitzboom> well, you can’t rollback bitcoin transactions …
4265 2011-06-20 12:16:22 <xelister> Diablo-D3: how can you be sure not much was withdrawn
4266 2011-06-20 12:16:24 <Diablo-D3> and yes, there are faggots who used password
4267 2011-06-20 12:16:32 <Diablo-D3> xelister: he thinks less than 500btc was stolen
4268 2011-06-20 12:16:36 <xelister> jaybny: that would be nice,  but how much was stolen?
4269 2011-06-20 12:16:39 <Diablo-D3> Blitzboom: you can
4270 2011-06-20 12:16:42 <Blitzboom> jaybny: so a few people get free bitcoins?
4271 2011-06-20 12:16:45 <Diablo-D3> Blitzboom: he'll replace the btc.
4272 2011-06-20 12:16:49 <Blitzboom> Diablo-D3: with 50% of the mining power, blabla
4273 2011-06-20 12:17:08 <jaybny> apparently not much was stolen.. and mtgox has been making $50k a day in comissions..
4274 2011-06-20 12:17:10 RobboNZ has quit (Ping timeout: 240 seconds)
4275 2011-06-20 12:17:18 <Diablo-D3> and hes not even sure if it was stolen
4276 2011-06-20 12:17:33 <xelister> Diablo-D3: why in the world the attacker would NOT take out ALL coins after he dumped thousands of BTC to drive price to 0.01 ? then he could take out tons of  BTC, like 1000*100 = 100,000,  the rule is "1000 usd WORTH of bitcoins in CURRENT RATE per account per day"
4277 2011-06-20 12:17:34 <Blitzboom> how did he even know?!
4278 2011-06-20 12:17:52 <jtaylor> xelister: probably because he couldn't
4279 2011-06-20 12:17:52 <Blitzboom> how do we know they account with the coins was compromised?
4280 2011-06-20 12:18:02 <Diablo-D3> Blitzboom: it was sent to new addresses and addresses that were linked to multiple accounts
4281 2011-06-20 12:18:13 <Diablo-D3> most likely they're addresses owned by the attacker
4282 2011-06-20 12:18:17 <Gekz> how do you know he wont just chuck a reserve bank and "print more bitcoins"?
4283 2011-06-20 12:18:21 <jaybny> Nobody knows how mtgox calculates the $1000 limit.
4284 2011-06-20 12:18:42 <Diablo-D3> xelister: he can take the coins without the passwords
4285 2011-06-20 12:18:52 <Blitzboom> jaybny: they just take the market rate
4286 2011-06-20 12:19:00 <jaybny> anyways... before a withdraw happens.. mtgox needs to get the coins from their own wallet.. im sure teh software has a hard limit to get human approval.
4287 2011-06-20 12:19:07 <Blitzboom> which is probably why the selloff happened in the first place
4288 2011-06-20 12:19:09 <jaybny> Blitzboom.. are you sure?
4289 2011-06-20 12:19:11 <Diablo-D3> xelister: and easy passwords like "password" are immaterial to the attack... they were easy to guess WITHOUT the hashes.
4290 2011-06-20 12:19:17 <Blitzboom> jaybny: pretty sure
4291 2011-06-20 12:19:23 <jaybny> I heard the opposite
4292 2011-06-20 12:19:33 <Blitzboom> what would be the opposite?
4293 2011-06-20 12:19:43 <BlueMatt> sipa: around?
4294 2011-06-20 12:20:01 <Diablo-D3> this is also why Im not handling authentication locally
4295 2011-06-20 12:20:01 <jaybny> That its not market rate.. but a mrket rate from start of trading day or something
4296 2011-06-20 12:20:08 <Diablo-D3> if something goes wrong, its not going to be in my shit.
4297 2011-06-20 12:20:27 <Blitzboom> hm, hopefully, jaybny
4298 2011-06-20 12:20:44 <xelister> BlueMatt: now would be a good time for bitcoin leaders to make some officiall announcmenet, includig how it is NOT bitcoin's fault, same as it is not paper money's fault if someone robs a bank
4299 2011-06-20 12:20:56 <Diablo-D3> xelister: what leaders?
4300 2011-06-20 12:20:57 <Blitzboom> i blame satoshi
4301 2011-06-20 12:20:58 <sipa> BlueMatt: yes
4302 2011-06-20 12:21:02 <jaybny> all we need to do is find out how many BTC were stolen.. we know it was "only $1000" but that doesnt meen anything w/o an exchange rate
4303 2011-06-20 12:21:07 <Blitzboom> he should’ve seen this would happen!
4304 2011-06-20 12:21:08 <xelister> Diablo-D3: I had main developers and bitcoin.org maintainers in mind
4305 2011-06-20 12:21:08 <ShadeS> it's the auditors fault
4306 2011-06-20 12:21:13 <Diablo-D3> jaybny: he believes its about 500btc
4307 2011-06-20 12:21:22 <ShadeS> his name should be named
4308 2011-06-20 12:21:26 <Blitzboom> ShadeS: it’s mtgox’ fault the auditor had access to this shit
4309 2011-06-20 12:21:29 <ShadeS> so people can find him and rough him the hell up
4310 2011-06-20 12:21:31 <Diablo-D3> ShadeS: there is no auditor.
4311 2011-06-20 12:21:38 <xelister> Diablo-D3: how it could be just 500 btc.  Hacker obviously had access to manu accounts
4312 2011-06-20 12:21:41 <ShadeS> what do you mean there is no auditor?
4313 2011-06-20 12:21:42 <jaybny> wow.. so it was market at $2 a btc
4314 2011-06-20 12:21:46 <Diablo-D3> xelister: he didnt have the passwords
4315 2011-06-20 12:21:47 <xelister> so many accounts that he dumped enough coins to get price to 0.01
4316 2011-06-20 12:21:52 <Diablo-D3> xelister: only the hashes for the passwords
4317 2011-06-20 12:22:05 <xelister> Diablo-D3: ok but say 50 where idiotic passwords etc
4318 2011-06-20 12:22:10 <jaybny> the selling was 1 big fat order to .01 .. it took 30 minutes to fill that order
4319 2011-06-20 12:22:14 <BlueMatt> sipa: does ecdsa key derivation easily speed up on gpus?
4320 2011-06-20 12:22:15 <Diablo-D3> xelister: yes, but those passwords are immaterial
4321 2011-06-20 12:22:20 <Gekz> it was the CIA.
4322 2011-06-20 12:22:21 <Gekz> Discuss.
4323 2011-06-20 12:22:24 <xelister> he could use say 50 accounts to get out say 50*1000 btc's
4324 2011-06-20 12:22:24 <Diablo-D3> bluematt: no
4325 2011-06-20 12:22:32 germanMNY has quit (Quit: WeeChat 0.3.4)
4326 2011-06-20 12:22:33 <BlueMatt> nice
4327 2011-06-20 12:22:34 <Diablo-D3> xelister: do you know what a password hash looks like?
4328 2011-06-20 12:22:58 <edcba> it looks like a bitcoin address ! :)
4329 2011-06-20 12:23:02 <sipa> BlueMatt: you mean the operation of calculating a public key from a private key?
4330 2011-06-20 12:23:08 <jaybny> it wasnt at .01 for too long.. anyways mtgox was very slow... at the time.. so hacker was an idiot
4331 2011-06-20 12:23:09 <BlueMatt> yes
4332 2011-06-20 12:23:23 <xelister> Diablo-D3: did you read the forum how entier hash + SALT was leaked, how no extra salt (e.g. in source code or anywhere besides main DB) was used,     and how people in forum cracked  tens of accounts in minuts just for fun with jonny the ripper
4333 2011-06-20 12:23:32 <Diablo-D3> xelister: /me shrugs.
4334 2011-06-20 12:23:41 <Diablo-D3> this is why you dont keep money or coins in mtgox.
4335 2011-06-20 12:23:55 <jaybny> 2 minutes after it hit  $0.01 it was at $14
4336 2011-06-20 12:24:00 <sipa> BlueMatt: hmmm, let me think
4337 2011-06-20 12:24:05 <xelister> well Im more concerned about how much coins are in hands of violet hackers
4338 2011-06-20 12:24:13 <Diablo-D3> xelister: Im not
4339 2011-06-20 12:24:24 <sipa> BlueMatt: i don't dare saying
4340 2011-06-20 12:24:27 <Diablo-D3> tux has already said he'd replace any ones that have actually been stolen to the best of his ability
4341 2011-06-20 12:24:30 <xelister> if they have say 50,000 actuall BTC, they can any time drop them on all exchanges, lowering price a lot
4342 2011-06-20 12:24:33 <BlueMatt> sipa: your guess would be?
4343 2011-06-20 12:24:45 <Diablo-D3> xelister: they have about 500.
4344 2011-06-20 12:24:50 <Diablo-D3> anyhow, take it up with tux
4345 2011-06-20 12:24:51 <xelister> Diablo-D3: if 400,000 btc would be stolen, then I doubt he can cover
4346 2011-06-20 12:25:06 <Diablo-D3> xelister: if 400k is stolen, then I need to open the BDIC.
4347 2011-06-20 12:25:09 <xelister> now I think not of our mere 500 usd
4348 2011-06-20 12:25:11 <Diablo-D3> bitcoin deposit insurance company.
4349 2011-06-20 12:25:25 <xelister> but of possible medium term (at least) collapse of btc value
4350 2011-06-20 12:25:32 <sipa> BlueMatt: it uses 256-bit integer arithmetic, i think that's hard to do on gpu's
4351 2011-06-20 12:25:36 <xelister> 1) lost of trust (FUD like "btc is insecure, see?")
4352 2011-06-20 12:25:44 <Diablo-D3> xelister: you know what?
4353 2011-06-20 12:25:48 <Diablo-D3> you're annoying the shit out of people.
4354 2011-06-20 12:25:52 <Diablo-D3> and I have work to do.
4355 2011-06-20 12:25:54 <xelister> 2) hackers quickly dumping lots of btc on all markets,  and panicking people doing the same
4356 2011-06-20 12:25:59 <BlueMatt> sipa: ah, ok...so probably not, but dont depend on it, sounds good
4357 2011-06-20 12:25:59 nocreativenick1 has quit (Read error: Connection reset by peer)
4358 2011-06-20 12:26:09 oozyburglar has quit (Ping timeout: 276 seconds)
4359 2011-06-20 12:26:18 kreal- has joined
4360 2011-06-20 12:26:29 nocreativenick1 has joined
4361 2011-06-20 12:26:35 <sipa> BlueMatt: you need to do 256 times the ec point doubling/addition algorithm
4362 2011-06-20 12:26:48 <Zoiah> xelister: those tens of accounts were stupid passwords.
4363 2011-06-20 12:27:00 datagutt has joined
4364 2011-06-20 12:27:17 <Zoiah> xelister: and the majority of the passwords were salted properl. Only some old accounts weren't.
4365 2011-06-20 12:27:42 <xelister> Zoiah: possibly, but how this helps
4366 2011-06-20 12:27:44 <sipa> BlueMatt: maybe you can accelerate on such doubling/adding step on a gpu, and combine the data from the cpu
4367 2011-06-20 12:27:47 <sipa> BlueMatt: why, actually?
4368 2011-06-20 12:28:04 <xelister> anyone knows mroe exactly how much BTC made from fraudlet trades did actually left mtgox then?
4369 2011-06-20 12:28:24 Guest16052 has quit (Quit: I think, therefore I think I am)
4370 2011-06-20 12:28:42 <ersi> xelister: Three million billions
4371 2011-06-20 12:28:47 ducki2p has left ()
4372 2011-06-20 12:28:52 <mtrlt> umm isn't implementing 256 bit integer arithmetic just as hard to do on a GPU as on a CPU? i.e. not hard at all
4373 2011-06-20 12:29:08 <sivu> yes
4374 2011-06-20 12:29:18 <BlueMatt> sipa: gavin suggested one might strip out the constant bits before encrypting on wallet crypto so that to check you need to ecdsa derive, sha256, ripemd160
4375 2011-06-20 12:29:19 <xelister> ersi: if you don't have anything to say, why not stfu?
4376 2011-06-20 12:29:41 <ersi> xelister: Likewise.
4377 2011-06-20 12:29:43 <molecular> sipa, your showwallet patch works nicely... is there a way to remove a privkey from a wallet?
4378 2011-06-20 12:29:49 <sipa> mtrlt: well yes, but it's a long computation
4379 2011-06-20 12:29:49 <BlueMatt> sipa: sounds like a good idea even if you can ecdsa accelerate well on gpus
4380 2011-06-20 12:30:25 <sipa> what do you mean with strip out constant bits?
4381 2011-06-20 12:30:43 <BlueMatt> the constant stuff thats currently encrypted which represents curve and some other crap
4382 2011-06-20 12:30:44 <xelister> ersi: question was can we follow how much coins left mtgox.
4383 2011-06-20 12:30:51 <BlueMatt> (in vchPrivKeys)
4384 2011-06-20 12:31:22 <ersi> xelister: No, not without knowing the transactions
4385 2011-06-20 12:31:24 <mtrlt> sipa: but i'd still assume it's quite a bit faster on a gpu :P
4386 2011-06-20 12:31:29 <ersi> So that's up to Goxers
4387 2011-06-20 12:32:08 anarchyx has quit ()
4388 2011-06-20 12:32:12 <sipa> BlueMatt: so just store the private parameter, like i suggested already a long time ago? :)
4389 2011-06-20 12:32:31 <BlueMatt> exactly, except now there is an actual reason to do it
4390 2011-06-20 12:32:34 <BlueMatt> ;)
4391 2011-06-20 12:32:38 <sipa> but indeed, that's an advantage i didn't think about
4392 2011-06-20 12:32:57 <jaybny> BlueMatt word is 200-300 coins
4393 2011-06-20 12:33:11 <BlueMatt> in any case, Ill do that when I rebase and add random salts
4394 2011-06-20 12:33:16 <BlueMatt> jaybny: tab complete fail?
4395 2011-06-20 12:33:42 kcsrnd has quit (Ping timeout: 255 seconds)
4396 2011-06-20 12:33:59 <xelister> x is not even close to b ;)
4397 2011-06-20 12:34:32 <upb> wouldnt not storing the curve close upgrade path to another one in case its needed?
4398 2011-06-20 12:34:45 <sipa> you would need to store a version number with it
4399 2011-06-20 12:35:01 <sipa> as the address format is currently hardlinked to a specific curve and algorithm too
4400 2011-06-20 12:35:01 <BlueMatt> wallet already has a version number in it, doesnt it?
4401 2011-06-20 12:35:16 <sipa> i wouldn't rely on that
4402 2011-06-20 12:35:35 <xelister> jaybny: you say that 200-300 btc only left mtgox.com due to the heist?
4403 2011-06-20 12:35:36 <vegard> don't you need more than 256 bit integer arithmetic? I thought the private key was 279 bits
4404 2011-06-20 12:35:51 <vegard> hm, wait, no, more. 512 bits
4405 2011-06-20 12:35:51 <sipa> vegard: 279 bytes, with all the clutter
4406 2011-06-20 12:35:57 <BlueMatt> well the point is to not have any constant bits/bytes in the key, so adding version is also worthless
4407 2011-06-20 12:36:22 <sipa> no the point is not having the public key in there
4408 2011-06-20 12:36:32 DukeOfURL has joined
4409 2011-06-20 12:36:32 <BlueMatt> you currently dont
4410 2011-06-20 12:36:37 <sipa> you do
4411 2011-06-20 12:36:48 <BlueMatt> well you need that in unencrypted so you can check, and thats the IV
4412 2011-06-20 12:36:51 <sipa> the 279 byte ecdsa private key representation contains the public key
4413 2011-06-20 12:36:54 <BlueMatt> so you need it with the way its done now
4414 2011-06-20 12:37:01 <BlueMatt> it does?
4415 2011-06-20 12:37:03 <sipa> yes
4416 2011-06-20 12:37:14 <BlueMatt> wait, how many bytes is the pubkey?
4417 2011-06-20 12:37:29 <sipa> serialized pubkey 65 bytes, of which 64 bytes useful
4418 2011-06-20 12:37:34 agricocb has joined
4419 2011-06-20 12:37:40 <sipa> serialized privkey 279 bytes, of which 32 bytes useful
4420 2011-06-20 12:37:56 <BlueMatt> 32 + 64 != 279?
4421 2011-06-20 12:38:02 <BlueMatt> whats the rest?
4422 2011-06-20 12:38:03 <upb> you want to reduce known plaintext? why not store everything thats needed and only encrypt the private portion
4423 2011-06-20 12:38:08 <sipa> BlueMatt: the constant parts
4424 2011-06-20 12:38:14 <sipa> curve and field parameters
4425 2011-06-20 12:38:19 <BlueMatt> wow, no constant isnt that big
4426 2011-06-20 12:38:25 <sipa> it is
4427 2011-06-20 12:38:33 <vegard> oh, it contains the parameters?
4428 2011-06-20 12:38:34 <BlueMatt> I thought it was like first 10-20 bytes?
4429 2011-06-20 12:38:40 <sipa> it's much more
4430 2011-06-20 12:38:52 <BlueMatt> oh, well I suppose Im much mistaken
4431 2011-06-20 12:39:04 <sipa> there are constant parts all over the privkey
4432 2011-06-20 12:39:07 <BlueMatt> so, all you actually need is last 32 bytes and you can regen the rest?
4433 2011-06-20 12:39:17 <BlueMatt> oh, ok its not just first x bytes
4434 2011-06-20 12:39:17 <sipa> not sure it's the last 32 bytes
4435 2011-06-20 12:39:34 <sipa> but you need some 32 bytes from it (my dumpprivkey patch has the code to extract it)
4436 2011-06-20 12:39:42 <sipa> and i would suggest a version byte as well
4437 2011-06-20 12:39:56 <BlueMatt> version byte ruins the whole point
4438 2011-06-20 12:40:00 <sipa> why?
4439 2011-06-20 12:40:31 <sipa> the point is that you need an ec multiplication to find if a decrypted privkey is valid
4440 2011-06-20 12:40:40 <sipa> ... right
4441 2011-06-20 12:40:44 * sipa shuts up
4442 2011-06-20 12:40:50 scott` has quit (Ping timeout: 240 seconds)
4443 2011-06-20 12:41:01 M4v3R has joined
4444 2011-06-20 12:41:31 <sipa> you can put a version byte in the unencrypted part though
4445 2011-06-20 12:41:35 <sipa> or in the key
4446 2011-06-20 12:41:48 <M4v3R> Hello all
4447 2011-06-20 12:41:57 da2ce7 has quit ()
4448 2011-06-20 12:42:17 <M4v3R> Anybody knows if there is any way to get the address of generated coins from bitcoind?
4449 2011-06-20 12:42:17 <upb> thats what i suggested, split the data up, encypt only private key
4450 2011-06-20 12:42:26 <BlueMatt> hm, yea maybe ekey becomes unencrypted version + crypted stuff
4451 2011-06-20 12:42:39 <BlueMatt> upb: thats sort of what already happens
4452 2011-06-20 12:42:40 <tcatm> M4v3R: does listtransactions work?
4453 2011-06-20 12:42:43 <M4v3R> Like the coins that came from Eligius pool
4454 2011-06-20 12:42:45 <xelister> M4v3R: is it in listtransactions
4455 2011-06-20 12:42:46 <upb> oh
4456 2011-06-20 12:42:46 <M4v3R> tcatm: no
4457 2011-06-20 12:43:05 <tcatm> can you pastebin a sample listtransactions entry with a generation tx?
4458 2011-06-20 12:43:10 <sipa> key="ekey"+versionbyte+pubkey, value=aes(privkey)
4459 2011-06-20 12:43:15 <sipa> BlueMatt: good?
4460 2011-06-20 12:43:25 <M4v3R> http://pastebin.com/jK3atM0A
4461 2011-06-20 12:43:46 TommyBoy3G has quit ()
4462 2011-06-20 12:44:14 <tcatm> M4v3R: work around: fetch from bbe http://blockexplorer.com/tx/4831d72522553ecca8d0226a708596f3ce30a3520989ebfa889364a583733000
4463 2011-06-20 12:44:25 <M4v3R> tcatm, it's an ugly workaround
4464 2011-06-20 12:44:36 <tcatm> yep
4465 2011-06-20 12:44:40 <M4v3R> And will all respect to your service, because this is for BitMarket exchange
4466 2011-06-20 12:44:46 <M4v3R> I would like to rely on data from bitcoind
4467 2011-06-20 12:44:52 <M4v3R> And not to rely on external data
4468 2011-06-20 12:45:30 iToast has joined
4469 2011-06-20 12:45:31 <M4v3R> Any other tool to examine block dat files or something
4470 2011-06-20 12:45:31 <iToast> ..
4471 2011-06-20 12:45:33 <M4v3R> To get this?
4472 2011-06-20 12:45:36 <Blitzboom> is bitomat for real?
4473 2011-06-20 12:45:39 <Blitzboom> 40 zloty?
4474 2011-06-20 12:45:46 <M4v3R> Blitzboom: yeah
4475 2011-06-20 12:45:47 <M4v3R> :D
4476 2011-06-20 12:45:52 <iToast> I warned you guys somone would write a bitcoin virus
4477 2011-06-20 12:45:54 <iToast> i was ignored
4478 2011-06-20 12:45:54 <Blitzboom> ok, so that’s ~14 USD
4479 2011-06-20 12:45:55 <iToast> Brabo
4480 2011-06-20 12:45:57 <M4v3R> tcatm: How do you get this info on bbe?
4481 2011-06-20 12:45:59 * iToast claps for you
4482 2011-06-20 12:46:01 <BlueMatt> sipa: no, key is and always will be, unencrypted, ekey could be key = pubkey value = version+crypted stuff
4483 2011-06-20 12:46:06 <Blitzboom> why the hell is bitcoin not dropping further? :D
4484 2011-06-20 12:46:12 <iToast> Now thousands of bitcoins are geting stolen by a trojan XD
4485 2011-06-20 12:46:13 <copumpkin> Blitzboom: cause it's stuck
4486 2011-06-20 12:46:19 <tcatm> M4v3R: I don't run bbe, but the info is in the blockchain. I'll see whether it's easy to add to listtransactions
4487 2011-06-20 12:46:22 <Blitzboom> no, the trades are recent, copumpkin
4488 2011-06-20 12:46:29 T_X has quit (Ping timeout: 276 seconds)
4489 2011-06-20 12:46:31 <mtrlt> it might be differnet once mtgox gets back online :P
4490 2011-06-20 12:46:35 <copumpkin> Blitzboom: where?
4491 2011-06-20 12:46:40 <M4v3R> tcatm: It's an old problem
4492 2011-06-20 12:46:43 <Blitzboom> see time on http://bitcoincharts.com/markets/
4493 2011-06-20 12:46:51 <Blitzboom> bitomat is recent
4494 2011-06-20 12:46:51 <iToast> hey
4495 2011-06-20 12:46:58 <iToast> So how do you mine bitcoin blocks
4496 2011-06-20 12:47:01 <iToast> Like how does that work?
4497 2011-06-20 12:47:07 <M4v3R> Many ppl got confused when for example they pointer their eligius workers to mybitcoin.com or other services
4498 2011-06-20 12:47:11 <iToast> Trace processing power for bitcoins?
4499 2011-06-20 12:47:17 anarchyx has joined
4500 2011-06-20 12:47:23 anarchyx has quit (Changing host)
4501 2011-06-20 12:47:23 anarchyx has joined
4502 2011-06-20 12:47:23 <M4v3R> We can't handle these transactions because bitcoind doesn't give us the address of generation
4503 2011-06-20 12:47:55 <iToast> ...
4504 2011-06-20 12:47:57 <M4v3R> Blitzboom: Now the polish exchange are setting the price
4505 2011-06-20 12:47:58 <M4v3R> :D
4506 2011-06-20 12:48:02 <M4v3R> *exchanges
4507 2011-06-20 12:48:06 <M4v3R> brb
4508 2011-06-20 12:48:27 <iToast> How do bitcoins work
4509 2011-06-20 12:48:28 <iToast> Like the mining
4510 2011-06-20 12:48:30 karnac has joined
4511 2011-06-20 12:48:36 <iToast> Is it trading processing power for coins?
4512 2011-06-20 12:48:44 <iToast> and were goes all this processing power go..
4513 2011-06-20 12:48:51 Faraday has quit ()
4514 2011-06-20 12:48:52 TommyBoy3G has joined
4515 2011-06-20 12:49:13 GuitarJJ has joined
4516 2011-06-20 12:49:13 <xelister> bikcmp: bitomat is polish \o/
4517 2011-06-20 12:49:16 oozyburglar has joined
4518 2011-06-20 12:49:17 <xelister> Blitzboom: ^
4519 2011-06-20 12:49:18 polakmaly has joined
4520 2011-06-20 12:49:33 <sipa> BlueMatt: with 'key=' i mean the first part of the key-value-pair in the database, not the type of record used
4521 2011-06-20 12:49:38 BubbleBoy has joined
4522 2011-06-20 12:49:52 weinerk has quit (Quit: #bitcoin-watch)
4523 2011-06-20 12:50:08 <Blitzboom> MTGOX Y U LET THIS HAPPEN
4524 2011-06-20 12:50:24 <Blitzboom> all of this is pretty depressing, because it had to happen
4525 2011-06-20 12:50:27 iToast has quit (Quit: Page closed)
4526 2011-06-20 12:50:32 <BlueMatt> sipa: I prefer version to be in value before crypted stuff
4527 2011-06-20 12:50:40 <BlueMatt> sipa: not hard to strip one byte off
4528 2011-06-20 12:50:45 weinerk has joined
4529 2011-06-20 12:50:51 GuitarJJ has quit (Client Quit)
4530 2011-06-20 12:51:08 weinerk has quit (Changing host)
4531 2011-06-20 12:51:08 weinerk has joined
4532 2011-06-20 12:51:08 <xelister> Blitzboom: yeah this is a huge wtf.  Actually we're talking at #bitcoin >_>
4533 2011-06-20 12:51:21 <BlueMatt> sipa: but it doesnt really matter, either way
4534 2011-06-20 12:51:28 <sipa> indeed
4535 2011-06-20 12:51:32 kish_ has joined
4536 2011-06-20 12:51:52 kish has quit (Read error: Operation timed out)
4537 2011-06-20 12:51:57 da2ce7 has joined
4538 2011-06-20 12:52:01 abragin has joined
4539 2011-06-20 12:52:01 abragin has quit (Changing host)
4540 2011-06-20 12:52:01 abragin has joined
4541 2011-06-20 12:52:17 cronopio has joined
4542 2011-06-20 12:53:17 Rictoo has joined
4543 2011-06-20 12:54:14 polakmaly has quit (Quit: Page closed)
4544 2011-06-20 12:54:35 Diablo-D3 has quit (Quit: do coders dream of sheep()?)
4545 2011-06-20 12:54:52 Diablo-D3 has joined
4546 2011-06-20 12:55:21 polakmaly has joined
4547 2011-06-20 12:55:25 Gonzago has joined
4548 2011-06-20 12:56:39 flykoko has joined
4549 2011-06-20 12:57:18 molecular has quit (Ping timeout: 258 seconds)
4550 2011-06-20 12:57:21 Diablo-D3 has quit (Client Quit)
4551 2011-06-20 12:57:22 BitCashier has joined
4552 2011-06-20 12:57:26 ezl has quit (Ping timeout: 246 seconds)
4553 2011-06-20 12:58:08 minimoose has joined
4554 2011-06-20 12:58:11 Diablo-D3 has joined
4555 2011-06-20 13:00:45 <M4v3R> tcatm: it would be great if you dropped me a note if you find something on this generated address thing :)
4556 2011-06-20 13:01:03 <sipa> M4v3R: which information do you need?
4557 2011-06-20 13:01:40 Breign has joined
4558 2011-06-20 13:02:23 <sipa> BlueMatt: so, in total: user provides passphrase, which is passed to EVP to generate an AES private key, with which used to encrypt a master wallet key M, and the data in the wallet is stored as tuples ("ekey"+pubkeyN,version+AES(key=M,iv=hash(pubkey),data=privkeyN)
4559 2011-06-20 13:02:52 <sipa> +)
4560 2011-06-20 13:03:22 <M4v3R> sipa: I need information about how to get generation address from bitcoind
4561 2011-06-20 13:03:32 <M4v3R> Right now bitcoind doesn't show this anywhere
4562 2011-06-20 13:03:32 glassresistor has quit (Quit: Lost terminal)
4563 2011-06-20 13:03:48 <M4v3R> *address for generated coins, that come from pools like Eligius
4564 2011-06-20 13:03:49 <sipa> which generated address?
4565 2011-06-20 13:03:53 <sipa> oh i see
4566 2011-06-20 13:03:57 arima has joined
4567 2011-06-20 13:04:02 lolak has joined
4568 2011-06-20 13:04:08 <sipa> give me a second
4569 2011-06-20 13:04:39 Tritonio has quit (Quit: Leaving)
4570 2011-06-20 13:04:47 scott`_ has joined
4571 2011-06-20 13:04:51 <BlueMatt> sipa: wayyy too complicated
4572 2011-06-20 13:05:02 <sipa> BlueMatt: huh?
4573 2011-06-20 13:05:27 <sipa> ah, it's without master key
4574 2011-06-20 13:05:29 <sipa> right
4575 2011-06-20 13:05:36 <BlueMatt> just p/w generates key via EVP then that encrypts privkeys with pubkey as IV
4576 2011-06-20 13:05:44 <BlueMatt> +random salt
4577 2011-06-20 13:05:58 lolak has left ("Leaving")
4578 2011-06-20 13:06:04 <BlueMatt> well have to go, but thats the idea, any problems?
4579 2011-06-20 13:06:09 <BlueMatt> leave them with ;;later tell
4580 2011-06-20 13:06:13 BlueMatt has quit (Quit: Ex-Chat)
4581 2011-06-20 13:06:27 <sipa> M4v3R, tcatm: based on https://github.com/bitcoin/bitcoin/pull/295/files it should be trivial to add
4582 2011-06-20 13:07:17 <sipa> M4v3R, tcatm: hmm, i just realize, it is only using the first txout of a transaction
4583 2011-06-20 13:07:23 <M4v3R> sipa: you mean that I can use this pull request to do this?
4584 2011-06-20 13:07:30 <M4v3R> hm...
4585 2011-06-20 13:07:37 Qatz is now known as DaQatz
4586 2011-06-20 13:08:05 <Wuked> ;;bc,calc 25 * 1024 * 1024
4587 2011-06-20 13:08:06 <M4v3R> sipa: http://blockexplorer.com/block/0000000000000ba4dec1698ec492cf0c579de1bdf0743108a38f7aa1c031e5bf
4588 2011-06-20 13:08:16 <gribble> Error: invalid syntax (<string>, line 1)
4589 2011-06-20 13:08:18 <M4v3R> Here's an example block that is showing this
4590 2011-06-20 13:08:46 weinerk has quit (Ping timeout: 252 seconds)
4591 2011-06-20 13:09:34 <Atterall> sourcing some of the precusors is a bitch
4592 2011-06-20 13:09:54 Phoebus has quit (Quit: Leaving)
4593 2011-06-20 13:10:04 <Diablo-D3> https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
4594 2011-06-20 13:10:10 Nexus7 has quit (Read error: Connection reset by peer)
4595 2011-06-20 13:10:15 <dsockwell> Atterall: you must have one hell of a cold
4596 2011-06-20 13:11:00 <Atterall> just a runny nose
4597 2011-06-20 13:11:41 Obehsh has joined
4598 2011-06-20 13:11:46 <Atterall> wrong channel = P
4599 2011-06-20 13:12:20 Nexus7 has joined
4600 2011-06-20 13:12:21 <M4v3R> So, MtGox will resume tomorrow?
4601 2011-06-20 13:12:34 gsathya has joined
4602 2011-06-20 13:12:38 <Gonzago> Is there a way to cancel a transaction sitting at 0 confirmations?
4603 2011-06-20 13:12:48 <xelister> M4v3R: it should. Man I hope really just < 1000 usd was actually transferred out of mtgox
4604 2011-06-20 13:13:08 <M4v3R> xelister: it would suck if they didn't
4605 2011-06-20 13:13:15 assassindrake has quit (Quit: assassindrake)
4606 2011-06-20 13:13:17 <tcatm> M4v3R: try gettransaction TXID. it should show the account
4607 2011-06-20 13:13:30 <M4v3R> tcatm: no, it doesn't
4608 2011-06-20 13:13:36 <tcatm> actually, listtransaction shows it, too
4609 2011-06-20 13:13:38 <M4v3R> http://pastebin.com/jK3atM0A
4610 2011-06-20 13:13:41 <sipa> generations are treated specially
4611 2011-06-20 13:13:42 <tcatm> M4v3R: 0.3.23?
4612 2011-06-20 13:13:49 <M4v3R> um, I run 0.3.22 though
4613 2011-06-20 13:13:58 <sipa> doesn't matter
4614 2011-06-20 13:13:59 samlande has joined
4615 2011-06-20 13:14:10 <sipa> generations are always assigned to the "" account
4616 2011-06-20 13:14:14 <M4v3R> yeah
4617 2011-06-20 13:14:17 Artifex_ has quit (Ping timeout: 252 seconds)
4618 2011-06-20 13:14:20 karnac_ has joined
4619 2011-06-20 13:14:21 <tcatm> wasn't there a pull request to fix that?
4620 2011-06-20 13:14:27 <M4v3R> but BBE knows the address
4621 2011-06-20 13:14:28 <sipa> yes, the one i just mentioned
4622 2011-06-20 13:14:38 <sipa> but even that is not compatible with multiple txouts in a generation
4623 2011-06-20 13:14:40 karnac has quit (Ping timeout: 244 seconds)
4624 2011-06-20 13:14:44 <M4v3R> meh
4625 2011-06-20 13:14:47 <s13013> M4v3R: http://forum.bitcoin.org/?topic=724.0 how about this patch
4626 2011-06-20 13:15:11 samlander has quit (Disconnected by services)
4627 2011-06-20 13:15:18 samlande is now known as samlander
4628 2011-06-20 13:15:18 <M4v3R> I know we could just say to our users that they should not use our deposit address in Eligius
4629 2011-06-20 13:15:22 <sipa> that'd be useful, but you'd still need code to extract an address from a pubkeyscript
4630 2011-06-20 13:15:41 <M4v3R> But I want to do this right
4631 2011-06-20 13:15:44 <polakmaly> how to have access to #bitcoin ?
4632 2011-06-20 13:15:52 <sipa> /join #bitcoin
4633 2011-06-20 13:16:10 <polakmaly> #bitcoin Cannot join channel (+r) - you need to be identified with services
4634 2011-06-20 13:16:19 <xelister> polakmaly: /msg chanserv register
4635 2011-06-20 13:16:20 <sipa> talk to nickserv
4636 2011-06-20 13:16:28 <xelister> polakmaly: /msg nickserv register
4637 2011-06-20 13:16:36 sipa has left ()
4638 2011-06-20 13:16:37 <M4v3R> sipa: how one could extract the address from pubkeyscript?
4639 2011-06-20 13:17:35 <edcba> it's not 'extracted'
4640 2011-06-20 13:17:52 <edcba> M4v3R: can't you read c++ ?
4641 2011-06-20 13:18:14 <Diablo-D3> https://github.com/speedygonzalez/OptDiabloMinerII/
4642 2011-06-20 13:18:15 <Diablo-D3> wee
4643 2011-06-20 13:18:20 <Diablo-D3> I noticed the DMCA worked
4644 2011-06-20 13:18:35 <M4v3R> edcba: sipa: that'd be useful, but you'd still need code to extract an address from a pubkeyscript
4645 2011-06-20 13:20:29 assassindrake has joined
4646 2011-06-20 13:20:55 <upb> the code exists in bitcoin
4647 2011-06-20 13:21:39 <upb> bool ExtractPubKey(const CScript& scriptPubKey, bool fMineOnly, vector<unsigned char>& vchPubKeyRet)
4648 2011-06-20 13:22:06 <samlander> anyword on the gox happenenings?
4649 2011-06-20 13:22:22 clarkbox has quit (Read error: Connection reset by peer)
4650 2011-06-20 13:22:37 <iz> samlander: http://mtgox.com has updated info about the mtgox happenings..  ...
4651 2011-06-20 13:22:55 <upb> whoa, they have unit tests
4652 2011-06-20 13:23:15 <upb> i wonder how that works when executing an order at 0.01 takes 40 minutes :)
4653 2011-06-20 13:23:28 <jrmithdobbs> M4v3R: there is no address coinbase though it uses hash160 ... i thought
4654 2011-06-20 13:23:29 AStove has joined
4655 2011-06-20 13:23:39 <iz> what's the best way to include 0tx fee transactions ONLY in the block you are trying to mine?
4656 2011-06-20 13:23:41 <jrmithdobbs> err s/address/address in/
4657 2011-06-20 13:24:11 Stove has quit (Ping timeout: 276 seconds)
4658 2011-06-20 13:24:31 Stellar has joined
4659 2011-06-20 13:24:36 <M4v3R> Still, I need to somehow access the scriptpubkey
4660 2011-06-20 13:24:39 <M4v3R> For that tx
4661 2011-06-20 13:24:44 <upb> yep
4662 2011-06-20 13:24:51 <M4v3R> bitcoind won't let me to afaik
4663 2011-06-20 13:25:24 <iz> is there an easy way to keep those 0tx fee transactions from getting sent to other nodes?
4664 2011-06-20 13:26:15 kermit has quit (Quit: Leaving.)
4665 2011-06-20 13:26:33 kermit has joined
4666 2011-06-20 13:27:16 <M4v3R> upb: Do you think it would be feasible to patch rpc.c to print the address of these generate txes?
4667 2011-06-20 13:27:20 larsivi has quit (Read error: Connection reset by peer)
4668 2011-06-20 13:27:38 <M4v3R> Using the function you pointed out
4669 2011-06-20 13:28:17 larsivi has joined
4670 2011-06-20 13:31:23 hellais has joined
4671 2011-06-20 13:31:37 pnicholson has joined
4672 2011-06-20 13:32:35 mmoya has joined
4673 2011-06-20 13:34:08 viggi has quit (Quit: leaving)
4674 2011-06-20 13:34:10 <jrmithdobbs> M4v3R: sipa's showwallet branch will do it
4675 2011-06-20 13:34:22 copumpkin has quit (Quit: Computer has gone to sleep.)
4676 2011-06-20 13:34:45 <jrmithdobbs> M4v3R: but you'd have to dump ALL of them, filter out the keypool and known ones
4677 2011-06-20 13:35:55 <M4v3R> Meh
4678 2011-06-20 13:36:35 <M4v3R> It seems that we'd just have to let our users know that they should not use our deposit address in Eligius
4679 2011-06-20 13:37:04 * nameless !~root@weowntheinter.net|is happy to see that there is no more spammers
4680 2011-06-20 13:37:07 viggi has joined
4681 2011-06-20 13:39:24 hachque has quit (Ping timeout: 260 seconds)
4682 2011-06-20 13:42:53 droud has left ()
4683 2011-06-20 13:43:00 Nexus7 has quit (Ping timeout: 255 seconds)
4684 2011-06-20 13:43:23 ramontayag has joined
4685 2011-06-20 13:43:24 Kurtov has quit (Quit: Leaving)
4686 2011-06-20 13:43:52 <ramontayag> Is there a sandbox version of bitcoind, for development/testing purposes? for example, if I ask that locally running daemon it will act pretty much like a normal bitcoind client, except it doesn't talk to the network
4687 2011-06-20 13:44:23 <dsockwell> ramontayag: you can put it on the testnet
4688 2011-06-20 13:44:39 <ramontayag> dsockwell, is there documentation regarding this? i'm not familiar with testnet
4689 2011-06-20 13:44:52 Joric is now known as TradehillRules
4690 2011-06-20 13:45:18 <dsockwell> https://en.bitcoin.it/wiki/Testnet
4691 2011-06-20 13:45:27 <dsockwell> first result for 'bitcoin testnet' on google, btw
4692 2011-06-20 13:45:53 <ramontayag> dsockwell, oh sorry. and thanks :)
4693 2011-06-20 13:46:35 flykoko2 has quit (Quit: Leaving)
4694 2011-06-20 13:48:34 glassresistor has joined
4695 2011-06-20 13:48:34 glassresistor has quit (Changing host)
4696 2011-06-20 13:48:34 glassresistor has joined
4697 2011-06-20 13:48:57 kcsrnd has joined
4698 2011-06-20 13:49:07 ezl has joined
4699 2011-06-20 13:50:12 <dsockwell> :|
4700 2011-06-20 13:50:25 <dsockwell> does bitcoin really need to do synchronous writes all the time?
4701 2011-06-20 13:50:29 knightrage has quit (Ping timeout: 260 seconds)
4702 2011-06-20 13:52:05 Gonzago has quit ()
4703 2011-06-20 13:52:17 hmmmm has joined
4704 2011-06-20 13:54:27 <dsockwell> it seems like whenever i pull incoming transactions through the API, bitcoin hoses my disks with writes
4705 2011-06-20 13:54:31 <dsockwell> very inconvenient
4706 2011-06-20 13:55:44 ezl has quit (Ping timeout: 252 seconds)
4707 2011-06-20 13:55:58 <dsockwell> and it's all writes, it seems like.  very strange for what should be a read operation.
4708 2011-06-20 13:56:11 weinerk has joined
4709 2011-06-20 13:56:20 <dsockwell> does anyone else get this behavior?
4710 2011-06-20 13:56:29 <slush> dsockwell: yes, it's pretty common
4711 2011-06-20 13:56:33 <slush> buy SSD :)
4712 2011-06-20 13:56:33 weinerk has quit (Changing host)
4713 2011-06-20 13:56:33 weinerk has joined
4714 2011-06-20 13:56:43 <dsockwell> no, fix software
4715 2011-06-20 13:56:52 ericmock has quit (Quit: ericmock)
4716 2011-06-20 13:57:07 <tcatm> dsockwell: help us :)
4717 2011-06-20 13:57:24 <dsockwell> where do i start
4718 2011-06-20 13:57:31 <dsockwell> do you have a bugtracker?
4719 2011-06-20 13:57:37 <tcatm> https://github.com/bitcoin/bitcoin
4720 2011-06-20 13:58:00 <dsockwell> is there a reason bitcoin needs to do 1k tps?
4721 2011-06-20 13:58:06 weinerk has quit (Read error: Connection reset by peer)
4722 2011-06-20 13:58:17 <tcatm> dsockwell: probably not
4723 2011-06-20 13:58:24 weinerk has joined
4724 2011-06-20 13:58:39 AnatolV has quit (Remote host closed the connection)
4725 2011-06-20 13:59:01 joecool has quit (Ping timeout: 260 seconds)
4726 2011-06-20 14:00:02 weinerk has quit (Changing host)
4727 2011-06-20 14:00:02 weinerk has joined
4728 2011-06-20 14:00:39 ThomasV has joined
4729 2011-06-20 14:00:46 copumpkin has joined
4730 2011-06-20 14:00:52 <dsockwell> i imagine what i'm looking for is in or near wallet.cpp ?
4731 2011-06-20 14:01:36 <tcatm> likely
4732 2011-06-20 14:02:24 MetaV has quit (Quit: Leaving)
4733 2011-06-20 14:02:52 airfox has quit (Quit: Leaving...)
4734 2011-06-20 14:04:02 Clipse has quit (Quit: Clipse)
4735 2011-06-20 14:04:16 airfox has joined
4736 2011-06-20 14:05:30 aristidesfl has quit (Ping timeout: 255 seconds)
4737 2011-06-20 14:06:06 dude65535 has joined
4738 2011-06-20 14:07:22 polakmaly has quit (Quit: Page closed)
4739 2011-06-20 14:10:49 davro has joined
4740 2011-06-20 14:11:07 <dsockwell> http://stackoverflow.com/questions/3825022/optimizing-put-performance-in-berkeley-db
4741 2011-06-20 14:12:07 aristidesfl has joined
4742 2011-06-20 14:12:07 <dsockwell> we are dealing with berkeleydb right?
4743 2011-06-20 14:12:29 <ramontayag> i got testnet to work, thanks. is there a way to keep things offline? running my tests won't work if I'm not connected to the internet.
4744 2011-06-20 14:12:37 knightrage has joined
4745 2011-06-20 14:12:48 <Sthebig> https://sourceforge.net/projects/bitcoin/files/Bitcoin/testnet-in-a-box/
4746 2011-06-20 14:13:23 karnac_ has quit (Quit: karnac_)
4747 2011-06-20 14:13:30 <ramontayag> cool thanks Sthebig
4748 2011-06-20 14:13:49 <Sthebig> That was linked from dsockwell's wiki link earlier
4749 2011-06-20 14:13:54 <upb> ramontayag: i needed the same thing, ended up running with -noirc, deleting the addresses from db and disabling the code with hardcoded seed nodes
4750 2011-06-20 14:14:15 <ramontayag> upb, looks like Sthebig's link is the answer
4751 2011-06-20 14:15:21 <upb> yeah if youre ok with linux i guess :)
4752 2011-06-20 14:16:46 <luke-jr> people use something else?
4753 2011-06-20 14:17:55 Nexus7 has joined
4754 2011-06-20 14:18:17 <upb> i wanted to debug it in visual studio :)
4755 2011-06-20 14:18:22 <upb> much better than gdb imo
4756 2011-06-20 14:18:58 <lfm> too bad
4757 2011-06-20 14:19:33 slux has quit (Ping timeout: 264 seconds)
4758 2011-06-20 14:20:01 <upb> too good, since it succeeded :))
4759 2011-06-20 14:20:39 larsivi has quit (Ping timeout: 252 seconds)
4760 2011-06-20 14:21:11 <lfm> so you found the bug?
4761 2011-06-20 14:21:24 Zarutian has joined
4762 2011-06-20 14:22:54 jivvz has joined
4763 2011-06-20 14:23:26 dude65535 has quit (Quit: Page closed)
4764 2011-06-20 14:24:17 <upb> yes but there is a slight complication, it requires a preimage attack on the hash
4765 2011-06-20 14:24:18 Ademan has quit (Quit: leaving)
4766 2011-06-20 14:24:20 <upb> :D
4767 2011-06-20 14:24:36 Obehsh has quit (Remote host closed the connection)
4768 2011-06-20 14:24:46 <upb> which makes it pretty pointless
4769 2011-06-20 14:24:50 <dsockwell> so, re: sync writes, is it really the end of the world if a peer loses a transaction during a crash?
4770 2011-06-20 14:25:10 <dsockwell> i don't want to break the network over performance
4771 2011-06-20 14:25:33 <upb> lfm: its in this code
4772 2011-06-20 14:25:33 <upb>     while (mapOrphanBlocks.count(pblock->hashPrevBlock))
4773 2011-06-20 14:25:33 <upb>         pblock = mapOrphanBlocks[pblock->hashPrevBlock];
4774 2011-06-20 14:25:50 <upb> if you introduce a loop in orphan blocks, it will not finish
4775 2011-06-20 14:26:18 couponmen has joined
4776 2011-06-20 14:26:28 couponmen has left ()
4777 2011-06-20 14:27:21 <dsockwell> right now my hypothesis is that this line could include a nosync flag:
4778 2011-06-20 14:27:26 <dsockwell> ./db.h:        int ret = pdb->put(GetTxn(), &datKey, &datValue, (fOverwrite ? 0 : DB_NOOVERWRITE));
4779 2011-06-20 14:27:51 <lfm> upb how could you do that? You need the hash of all prev beofre you could make a hash of the curr
4780 2011-06-20 14:28:07 KaosMcRage has joined
4781 2011-06-20 14:28:44 <upb> exactly
4782 2011-06-20 14:28:57 <lfm> ok so its not a bug
4783 2011-06-20 14:29:16 <upb> it is, if there would be a preimage attack on the hash
4784 2011-06-20 14:29:24 <upb> but you could do worse things with that
4785 2011-06-20 14:29:35 <dsockwell> the only instance of nosync in the whole project is ./db.h:        int ret = dbenv.txn_begin(GetTxn(), &ptxn, DB_TXN_NOSYNC);
4786 2011-06-20 14:29:48 <dsockwell> does that set nosync globally?
4787 2011-06-20 14:29:50 <lfm> well if you could do that the hash would be broken for other things too Id expect
4788 2011-06-20 14:30:13 <upb> lfm: you can introduce blockA (prev = hash(blockB)) and blockB (prev = hash(blockA))
4789 2011-06-20 14:30:25 <upb> if you can do that, there is an endless loop remote DoS
4790 2011-06-20 14:30:25 KaosMcRage has left ()
4791 2011-06-20 14:30:42 <lfm> upb I thot we just agreed you cant
4792 2011-06-20 14:31:09 <upb> right at this time, yes
4793 2011-06-20 14:31:13 <upb> since there isnt such an attack
4794 2011-06-20 14:31:21 <lfm> maybe in 30 years huh?
4795 2011-06-20 14:31:24 <upb> :)
4796 2011-06-20 14:31:24 <mtrlt> but that requires considerable computation power :P
4797 2011-06-20 14:31:29 <upb> doesnt mean its not a bug
4798 2011-06-20 14:31:30 lars100 has joined
4799 2011-06-20 14:31:44 <lfm> when is a bug not a bug
4800 2011-06-20 14:32:03 <lfm> if it will NEVER happen
4801 2011-06-20 14:32:37 <mtrlt> how do you know :-)
4802 2011-06-20 14:32:42 <mtrlt> it's unlikely but it still might
4803 2011-06-20 14:33:07 <iz> haha
4804 2011-06-20 14:33:14 <lfm> I am far more worried about meteorites hitting me on the head
4805 2011-06-20 14:33:17 Obehsh has joined
4806 2011-06-20 14:33:46 <iz> heisenbug
4807 2011-06-20 14:34:32 <lfm> ya when you get you improbability engin working come back and let us know
4808 2011-06-20 14:35:10 <lfm> and we can start watching for petunias falling outa the sky
4809 2011-06-20 14:35:18 noot has left ()
4810 2011-06-20 14:36:16 <iz> actually, i define that as a bug that is only there when debugging is turned off
4811 2011-06-20 14:36:16 <upb> heh
4812 2011-06-20 14:36:17 joepie91 has joined
4813 2011-06-20 14:36:19 <UukGoblin> gribbol is not reporting bitomat trades again
4814 2011-06-20 14:36:22 DiSTANT187 has quit ()
4815 2011-06-20 14:36:30 <upb> a bug is exploitable given some conditions X,Y
4816 2011-06-20 14:36:42 Stove has joined
4817 2011-06-20 14:36:44 <upb> if condition Y doesnt exist, doesnt mean the bug doesnt, just that its not exploitable
4818 2011-06-20 14:36:58 AStove has quit (Ping timeout: 258 seconds)
4819 2011-06-20 14:37:12 <lfm> upb if the condition doesnt exist then it doesnt exist.
4820 2011-06-20 14:37:40 <dsockwell> it seems I need to set up a build environment
4821 2011-06-20 14:37:53 <dsockwell> are there any tricks I should know about?
4822 2011-06-20 14:37:56 <lfm> you might just as well check every 2+2 is really equal to 3 + 1
4823 2011-06-20 14:38:34 <lfm> you never know when you might have a bad bit, far more likely than what you proopose
4824 2011-06-20 14:38:53 pmazur_ has quit (Ping timeout: 258 seconds)
4825 2011-06-20 14:39:39 joepie91 has quit (Ping timeout: 260 seconds)
4826 2011-06-20 14:40:10 gsathya has quit (Quit: gsathya)
4827 2011-06-20 14:41:06 phungus has joined
4828 2011-06-20 14:41:51 emock has joined
4829 2011-06-20 14:41:54 syke has joined
4830 2011-06-20 14:42:12 Nexus_7 has joined
4831 2011-06-20 14:43:25 <dsockwell> tcatm: i have an idea re: the disk usage, can you give me a hand testing it on linux?  is there an introduction to the proejct I should be reading?
4832 2011-06-20 14:44:12 IncitatusOnWater has quit (Ping timeout: 255 seconds)
4833 2011-06-20 14:44:13 <lfm> dsockwell: did you read Satoshi's white paper?
4834 2011-06-20 14:44:57 <dsockwell> no
4835 2011-06-20 14:45:06 <lfm> well thats a good place to start
4836 2011-06-20 14:45:11 <dsockwell> ok
4837 2011-06-20 14:45:15 phearful has joined
4838 2011-06-20 14:45:19 Nexus7 has quit (Ping timeout: 260 seconds)
4839 2011-06-20 14:46:00 davex___ has joined
4840 2011-06-20 14:46:00 Nexus7 has joined
4841 2011-06-20 14:46:54 Nexus_7 has quit (Ping timeout: 255 seconds)
4842 2011-06-20 14:47:00 IncitatusOnWater has joined
4843 2011-06-20 14:47:01 <davex___> anyone listening to Donald Norman on Peter Schiff show?
4844 2011-06-20 14:47:04 aristidesfl has quit (Max SendQ exceeded)
4845 2011-06-20 14:47:12 <davex___> he just bombed the store of value, intrinsic value question.
4846 2011-06-20 14:47:18 <davex___> need to get Kiba on there.
4847 2011-06-20 14:47:21 <dsockwell> lfm: thanks, i had been meaning to find out where all this theory was coming from.
4848 2011-06-20 14:48:10 <lfm> dsockwell: yup, the bibliography there could make you an expert if you understand it all
4849 2011-06-20 14:48:32 <dsockwell> i'd love to jump in and try a patch to try to stop bitcoin from chewing up my i/o, is there a list of libraries i should be using?
4850 2011-06-20 14:49:09 M4v3R has quit (Ping timeout: 255 seconds)
4851 2011-06-20 14:49:19 <dsockwell> i.e. how is bitcoin formed
4852 2011-06-20 14:49:24 <lfm> dsockwell: huh? have you got the complete block chain yet?
4853 2011-06-20 14:49:57 <dsockwell> lfm: i'll start at the beginning, i have an rpc client pulling transactions out of a bitcoind, and the client is thrashing my disks with sync writes
4854 2011-06-20 14:50:05 <dsockwell> er, bitcoind is
4855 2011-06-20 14:50:26 aristidesfl has joined
4856 2011-06-20 14:50:27 Zefir has quit (Ping timeout: 276 seconds)
4857 2011-06-20 14:50:30 <dsockwell> I think that if i can put the berkeley db into NOSYNC mode that it will get better
4858 2011-06-20 14:50:36 <lfm> oh, ya, I spoze thats due to bdb database syncs
4859 2011-06-20 14:50:38 <dsockwell> How can I build the bitcoin client to test it?
4860 2011-06-20 14:51:22 <lfm> kinda depends what you're doing via rpc calls too Id expect
4861 2011-06-20 14:51:48 <dsockwell> i have an external database that i'm trying to keep updated with received transactions
4862 2011-06-20 14:51:54 <lfm> worst case maybe you need a ssd
4863 2011-06-20 14:52:16 <dsockwell> what version of bdb is bitcoin built with?
4864 2011-06-20 14:52:24 DukeOfURL has quit (Ping timeout: 276 seconds)
4865 2011-06-20 14:52:29 <dsockwell> should I get the latest wxwidgets or will 2.8 do?
4866 2011-06-20 14:52:41 <lfm> dsockwell: look for file unix.build
4867 2011-06-20 14:52:49 <upb> its listen in some readme there in the tgz
4868 2011-06-20 14:52:52 <upb> listed
4869 2011-06-20 14:53:04 <lfm> or build.unix or whatever it is
4870 2011-06-20 14:53:09 <ius> dsockwell: 2.9
4871 2011-06-20 14:53:17 <ius> and not the latest bdb iirc
4872 2011-06-20 14:53:17 <dsockwell> thanks lfm
4873 2011-06-20 14:53:18 <davex___> wow. who the fuck is donald norman?  sucks
4874 2011-06-20 14:54:16 <lfm> davex__* no shortage or bitcoin experts coming outa the woods these days. some are good some arnt
4875 2011-06-20 14:54:35 <mtrlt> no expert is ever good
4876 2011-06-20 14:54:39 <mtrlt> :P
4877 2011-06-20 14:54:40 <davex___> yeah...  he's not the guy that should be explaining this to Schiff.
4878 2011-06-20 14:54:56 <davex___> i can't even listen to this.
4879 2011-06-20 14:55:04 <dsockwell> do i need wxwidgets to build the headless client?
4880 2011-06-20 14:55:08 <lfm> mtrlt: thats your expert opinion eh?
4881 2011-06-20 14:55:15 <mtrlt> lfm: naturally
4882 2011-06-20 14:55:26 <ius> dsockwell: You can't build it without wx atm iirc
4883 2011-06-20 14:55:32 <dsockwell> ok
4884 2011-06-20 14:55:51 lars100 has left ()
4885 2011-06-20 14:56:01 <lfm> you can build bitcoind without wx
4886 2011-06-20 14:56:23 <lfm> thats all you need for most things
4887 2011-06-20 14:56:41 karnac has joined
4888 2011-06-20 14:56:53 <dsockwell> yeah i'm not modifying the gui so I'd rather not deal with wx2.9
4889 2011-06-20 14:57:29 <lfm> should be fine just "make -f makefile.unix bitcoind"
4890 2011-06-20 14:57:53 <dsockwell> installing other deps now
4891 2011-06-20 14:58:09 <dsockwell> ius: do you happen to know if there's a good reason for bitcoin to run bdb in sync mode?
4892 2011-06-20 14:58:10 <lfm> ya you still need boost, ssl and bdb
4893 2011-06-20 14:58:26 <ius> No I wouldn't know
4894 2011-06-20 14:58:30 aFK-[u] has joined
4895 2011-06-20 14:58:32 <dsockwell> ok
4896 2011-06-20 14:58:56 <lfm> to save you from power failure?
4897 2011-06-20 14:59:03 <ius> Perhaps to maintain integrity in case the process is somehow killed?
4898 2011-06-20 14:59:18 <ius> Yeah, that sounds fair.
4899 2011-06-20 14:59:21 ThomasV has quit (Quit: Leaving)
4900 2011-06-20 14:59:24 Superbest has joined
4901 2011-06-20 14:59:30 <dsockwell> yeah there's that
4902 2011-06-20 14:59:35 viggi has quit (Changing host)
4903 2011-06-20 14:59:35 viggi has joined
4904 2011-06-20 14:59:58 <lfm> considering there is money at stake
4905 2011-06-20 15:00:16 <dsockwell> i wonder how bitcoin would recover from something like that, would it go to the network to replay the failed transaction?
4906 2011-06-20 15:00:22 <dsockwell> yeah, my $60 for an ssd ;)
4907 2011-06-20 15:00:58 SerajewelKS has left ()
4908 2011-06-20 15:00:59 bitsnbytes has quit (Remote host closed the connection)
4909 2011-06-20 15:01:18 lumos has quit (Ping timeout: 255 seconds)
4910 2011-06-20 15:02:08 <lfm> dsockwell: if its just the block chain you can restart that. if its the wallet.dat you need a backup
4911 2011-06-20 15:02:29 Superbest has quit (Max SendQ exceeded)
4912 2011-06-20 15:02:29 <ius> lfm: I guess you can force it to sync though..
4913 2011-06-20 15:02:30 neversleepy has joined
4914 2011-06-20 15:03:04 <lfm> ius not sure you can, databases need to be synced at the right place
4915 2011-06-20 15:03:52 <Optimo> gavinandresen: thanks for patching up clearcoin
4916 2011-06-20 15:04:17 exstntlstfrtn has quit (Ping timeout: 252 seconds)
4917 2011-06-20 15:04:30 slux has joined
4918 2011-06-20 15:05:31 <dsockwell> build-unix doesn't mention whatever upnp lib y'all are using
4919 2011-06-20 15:05:54 <dsockwell> disregard, it would help if i read the file
4920 2011-06-20 15:06:03 <lfm> hehe
4921 2011-06-20 15:06:09 never_sleep has quit (Ping timeout: 252 seconds)
4922 2011-06-20 15:06:50 <dsockwell> well
4923 2011-06-20 15:07:09 <dsockwell> the operation i'm seeing the bad behavior on isn't supposed to be a write
4924 2011-06-20 15:07:14 <lfm> dsockwell: you can build without upnp too with a small edit to the makefile
4925 2011-06-20 15:07:16 <dsockwell> at least i don't think it should be
4926 2011-06-20 15:08:07 musp3r_ has joined
4927 2011-06-20 15:08:50 sipa has joined
4928 2011-06-20 15:09:20 <dsockwell> if this doesn't work out i'll put my client into a ramfs and then everyone will be sorry :<
4929 2011-06-20 15:10:56 <dsockwell> 'there i fixed it'
4930 2011-06-20 15:11:39 <sipa> gmaxwell: you're right that with the current suggested encryption, if you have a table of the keys derived from many likely passwords, the work to crack is a single aes decryption per wallet and per passphrase
4931 2011-06-20 15:12:10 Tiraspol has left ()
4932 2011-06-20 15:12:12 <sipa> essentially removing the improvement EVP brings
4933 2011-06-20 15:12:40 <o_0oo> does the amount of memory a GFX card has make any difference, or is it only the GPU, or both?
4934 2011-06-20 15:12:51 <o_0oo> for mining bitcoins
4935 2011-06-20 15:12:52 <sipa> o_0oo: memory doesn't matter
4936 2011-06-20 15:13:04 <o_0oo> thanks sipa - good to know
4937 2011-06-20 15:13:05 <lfm> o_0oo: for bitcoin mining the memory is not used
4938 2011-06-20 15:13:15 lumos has joined
4939 2011-06-20 15:13:28 <sipa> clocking down memory can in some cases improve mining speed
4940 2011-06-20 15:13:29 draaglom has quit (Ping timeout: 252 seconds)
4941 2011-06-20 15:14:07 <lfm> and certainly improve power usage
4942 2011-06-20 15:15:22 LoveBeads has quit ()
4943 2011-06-20 15:15:26 <denisx> with memory downclocking you have more voltage left for overclocking
4944 2011-06-20 15:15:48 <lfm> hehe I dont think thats it
4945 2011-06-20 15:16:04 <o_0oo> does amazon only offer NVIDIA GPU instances?
4946 2011-06-20 15:16:56 <o_0oo> I'll google that one :) thanks guys
4947 2011-06-20 15:17:09 Obehsh has quit (Remote host closed the connection)
4948 2011-06-20 15:17:39 wasabi has quit (Quit: Leaving.)
4949 2011-06-20 15:17:50 wasabi has joined
4950 2011-06-20 15:18:01 jargon has joined
4951 2011-06-20 15:18:01 jargon has quit (Changing host)
4952 2011-06-20 15:18:01 jargon has joined
4953 2011-06-20 15:19:09 TheAncientGoat has joined
4954 2011-06-20 15:19:51 <gmaxwell> sipa: Yea... meh.
4955 2011-06-20 15:22:07 macbook-air has joined
4956 2011-06-20 15:22:12 <gmaxwell> I still question the wisdom of using an strenghtening scheme that our project's users own GPUs largely moot, but it should at least not be completely ineffective.
4957 2011-06-20 15:24:38 weinerk` has joined
4958 2011-06-20 15:24:45 never_sleep has joined
4959 2011-06-20 15:24:51 <TheAncientGoat> Sooo, anyone mind giving me a recap of the last 24 hours?
4960 2011-06-20 15:25:16 <davro> ;;bc;stats
4961 2011-06-20 15:25:17 <gribble> Error: "bc;stats" is not a valid command.
4962 2011-06-20 15:25:24 p0s has joined
4963 2011-06-20 15:25:28 p0s has quit (Changing host)
4964 2011-06-20 15:25:28 p0s has joined
4965 2011-06-20 15:25:34 xert has quit (Read error: Connection reset by peer)
4966 2011-06-20 15:25:36 dbasch has joined
4967 2011-06-20 15:25:54 <d1234> ;;bc,stats
4968 2011-06-20 15:25:58 <gribble> Current Blocks: 132087 | Current Difficulty: 877226.66666667 | Next Difficulty At Block: 133055 | Next Difficulty In: 968 blocks | Next Difficulty In About: 4 days, 16 hours, 56 minutes, and 0 seconds | Next Difficulty Estimate: 1259995.61155052
4969 2011-06-20 15:26:02 <CIA-103> bitcoin: Chris Howie * reeba06226681 mining-proxy/htdocs/index.php: Convert work_data.data column values to lowercase during inserts and queries (fixes issue #16) http://tinyurl.com/3jr8bz8
4970 2011-06-20 15:26:16 <edcba>             ser.
4971 2011-06-20 15:26:26 <edcba> damn mouse
4972 2011-06-20 15:26:37 licutis has left ()
4973 2011-06-20 15:26:41 weinerk` has quit (Remote host closed the connection)
4974 2011-06-20 15:26:58 weinerk` has joined
4975 2011-06-20 15:28:16 neversleepy has quit (Read error: Operation timed out)
4976 2011-06-20 15:28:47 XertroV has joined
4977 2011-06-20 15:29:17 Clipse has joined
4978 2011-06-20 15:29:26 <sipa> gmaxwell: it's actually quite simple to make sure each and every attempt requires 1) iterated key strengthening 2) AES decryption 3) EC point multiplication 4) SHA256+RIPEMD160 hashing
4979 2011-06-20 15:30:06 IncitatusOnWater has quit (Ping timeout: 255 seconds)
4980 2011-06-20 15:30:17 <sipa> do you agree that would be enough to protect against most cracking power the bitcoin network can conjure up?
4981 2011-06-20 15:31:10 <citiz3n> how can that be measured?
4982 2011-06-20 15:31:22 <citiz3n> it's been increasing each week by 20-30% and sometimes more
4983 2011-06-20 15:31:38 weinerk`` has joined
4984 2011-06-20 15:31:40 <gmaxwell> sipa: Yep. (assuming each and every means no multi-wallet speedup). I still think more iterations than 1000 are kind of a no brainer, but it's less of a issue if you put the rest in the loop.
4985 2011-06-20 15:31:41 p0s has quit (Quit: Konversation terminated!)
4986 2011-06-20 15:31:50 IncitatusOnWater has joined
4987 2011-06-20 15:31:56 p0s has joined
4988 2011-06-20 15:32:08 <sipa> gmaxwell: i'm writing out a more concrete proposal on the forum
4989 2011-06-20 15:33:02 weinerk` has quit (Remote host closed the connection)
4990 2011-06-20 15:33:28 Nexus7 has quit ()
4991 2011-06-20 15:34:51 <gmaxwell> I think the sha512 password hashes my fedora deskop uses runs 5000 rounds by default.
4992 2011-06-20 15:35:09 <sipa> why not make it dynamic
4993 2011-06-20 15:35:23 <sipa> store the number of iterations in the wallet as well
4994 2011-06-20 15:35:46 <sipa> and do it dynamically by eg. using 0.1s of hashing on the user's system
4995 2011-06-20 15:36:00 <CIA-103> bitcoin: Chris Howie * r2c96a9fbaa72 mining-proxy/ (README.markdown htdocs/.htaccess): Set allow_url_fopen per issue #14, and document the proxy's requirements http://tinyurl.com/3k5xcrr
4996 2011-06-20 15:36:05 <CIA-103> bitcoin: Chris Howie * rac85366fbcc7 mining-proxy/htdocs/index.php: Fix PHP notice mentioned in issue #14 http://tinyurl.com/3fyzv8z
4997 2011-06-20 15:36:25 weinerk`` has left ()
4998 2011-06-20 15:36:43 echelon_ has quit (Remote host closed the connection)
4999 2011-06-20 15:36:43 dbitcoin has quit (Remote host closed the connection)
5000 2011-06-20 15:36:46 <vegard> TheAncientGoat: http://blog.zorinaq.com/?e=55
5001 2011-06-20 15:36:50 <gmaxwell> sipa: yea, I suggsted that on the forum.
5002 2011-06-20 15:36:54 <p0s> there is a much better solution than insane amounts of paranoia: look at the password length table, chose a password with reasonable entropy: http://en.wikipedia.org/wiki/Password_strength ...
5003 2011-06-20 15:37:16 echelon_ has joined
5004 2011-06-20 15:37:21 <gmaxwell> p0s: common password advice actually results in pretty bad choices, fwiw.
5005 2011-06-20 15:37:22 dbitcoin has joined
5006 2011-06-20 15:37:34 <gmaxwell> And to get the herd immunity we can't count on users being smart, because they won't be.
5007 2011-06-20 15:37:44 <p0s> gmaxwell: "common password advice"?
5008 2011-06-20 15:37:59 mmo1 has joined
5009 2011-06-20 15:38:02 <p0s> gmaxwell: just show the user PROPER password advice when he is about to set one
5010 2011-06-20 15:38:21 <gmaxwell> p0s: e.g. "use at least 8 characters with at least one character from each of Upper/Lower/Number/Symbol"
5011 2011-06-20 15:38:44 <gmaxwell> an you end up with "Pa55word!" as the password.
5012 2011-06-20 15:38:44 <samlander> 12 is better
5013 2011-06-20 15:38:59 anu has joined
5014 2011-06-20 15:39:04 <p0s> gmaxwell: i'd just compute a 96 bit or 128bit entropy random password and show it to the user and suggest to use that one...
5015 2011-06-20 15:39:14 <gmaxwell> "Pa55\/\/ord!" < 12.
5016 2011-06-20 15:39:43 joepie91 has quit (2!~joepie91@s514735fe.adsl.wanadoo.nl|Quit: KVIrc 4.0.4 Insomnia http://www.kvirc.net/)
5017 2011-06-20 15:39:53 copumpkin has quit (Ping timeout: 252 seconds)
5018 2011-06-20 15:39:56 soossii has quit (Ping timeout: 250 seconds)
5019 2011-06-20 15:40:22 <gmaxwell> p0s: yes, though there is a fine line here. Wallet loss is probably a more serious threat than wallet theft. We've done our users no favor if we make them more likely to lose their coins because we pushed them into a password they can't remember.
5020 2011-06-20 15:41:09 copumpkin has joined
5021 2011-06-20 15:41:25 <UukGoblin> in kde, you can try to talk to the wallet
5022 2011-06-20 15:41:30 weinerk` has joined
5023 2011-06-20 15:41:30 krekbwoy has quit (Ping timeout: 260 seconds)
5024 2011-06-20 15:41:37 <p0s> gmaxwell: for example lets consider a 15 character random password with 96bit of entropy... trivially assuming that our current concept of hashes/sec which bitcoin uses applies to cracking the passwordl.... assuming the whole network would try to crack it... ((2^96) / (8*1000*1000*1000*1000)) / (60*60*24) ...
5025 2011-06-20 15:41:45 <p0s> = 114624077711.60928471288187259259 days
5026 2011-06-20 15:41:57 <UukGoblin> in windows... well... there should be a big popup in windows saying "microsoft already has your wallet!"
5027 2011-06-20 15:42:07 <p0s> = 314038569 years
5028 2011-06-20 15:42:14 SkiesAreRed has joined
5029 2011-06-20 15:42:29 weinerk` has quit (Remote host closed the connection)
5030 2011-06-20 15:42:42 <samlander> gmaxwell: you joke about Pa55\/\/ord! but that is a pretty good password
5031 2011-06-20 15:42:47 neurochasm has joined
5032 2011-06-20 15:42:54 <jtaylor> no its not
5033 2011-06-20 15:42:58 <jtaylor> its probably in every dictionary
5034 2011-06-20 15:43:01 <gmaxwell> samlander: no it's not, the standard mangling rules will convert password into that.
5035 2011-06-20 15:43:07 <samlander> ah
5036 2011-06-20 15:43:19 <UukGoblin> samlander, john the ripper knows that s can be spelled 5
5037 2011-06-20 15:43:19 * samlander changes his pas55Word!
5038 2011-06-20 15:43:21 joepie91 has joined
5039 2011-06-20 15:43:35 <UukGoblin> and does applies rules like that on all dictionary words
5040 2011-06-20 15:43:39 <UukGoblin> s/does //
5041 2011-06-20 15:43:40 <samlander> it's been awhile since i've done any sort of dictionary attack.. they werent that smart back then
5042 2011-06-20 15:43:51 <p0s> 80 bit password... 13 characters (full ASCII printable).... ((2^80) / (8*1000*1000*1000*1000)) / (60*60*24*365) = 4791 years
5043 2011-06-20 15:43:51 <gmaxwell> UukGoblin: there is a set of mangling rules based on the "rockyou" passwords that knows w = \/\/ too.
5044 2011-06-20 15:44:09 <jrmithdobbs> samlander: most publically available ones are that smart or smarter at this point
5045 2011-06-20 15:44:23 <samlander> im just going to use unicode for my pw :P
5046 2011-06-20 15:44:28 <UukGoblin> pwgen pwnz
5047 2011-06-20 15:44:36 <AntiVigilante> I walk the keyboard
5048 2011-06-20 15:44:42 <vegard> it's not just about being, smart, though. you'll soon have a combinatorial explosion if you want to try all combinations of possible replacements
5049 2011-06-20 15:44:58 <AntiVigilante> i can remember it and have pretty security
5050 2011-06-20 15:45:10 joecool has joined
5051 2011-06-20 15:45:10 <gmaxwell> vegard: yes, but people are predictable.
5052 2011-06-20 15:45:23 <vegard> I guess.
5053 2011-06-20 15:45:23 DukeOfURL has joined
5054 2011-06-20 15:45:31 <gmaxwell> AntiVigilante: like 1qaz2wsx ?
5055 2011-06-20 15:45:46 <AntiVigilante> similar
5056 2011-06-20 15:46:04 <gmaxwell> AntiVigilante: yea, 21 mtgox users liked that one. There are JTR rules for common walks.
5057 2011-06-20 15:46:08 mmo1 has left ()
5058 2011-06-20 15:46:21 <CIA-103> bitcoin: Icy2k * r6fbde02e9ea2 mining-proxy/htdocs/admin/index.php: Fixed for display order issue on dashboard. http://tinyurl.com/6gc9gu5
5059 2011-06-20 15:46:22 <UukGoblin> :->
5060 2011-06-20 15:46:23 <CIA-103> bitcoin: Chris Howie * r4c4c84d999d1 mining-proxy/htdocs/admin/index.php: Merge pull request #11 from Icy2k/patch-1 http://tinyurl.com/6esphlf
5061 2011-06-20 15:46:29 <AntiVigilante> mine rotates
5062 2011-06-20 15:46:46 <AntiVigilante> and deals with odds and evens
5063 2011-06-20 15:47:05 <UukGoblin> pwgen is really cool for good passwords
5064 2011-06-20 15:47:08 Mononofu has joined
5065 2011-06-20 15:47:10 macbook-air has quit (Quit: macbook-air)
5066 2011-06-20 15:47:15 <Cryo> 1password ftw.
5067 2011-06-20 15:47:18 <UukGoblin> and after typing them about 10 times you can easily remember them
5068 2011-06-20 15:47:24 XertroV has quit (Ping timeout: 240 seconds)
5069 2011-06-20 15:47:37 <UukGoblin> Cryo, yeah, master password is what I use for a lot of things
5070 2011-06-20 15:47:42 pirrr has joined
5071 2011-06-20 15:47:44 netsky has quit (Read error: Connection reset by peer)
5072 2011-06-20 15:47:56 <gmaxwell> AntiVigilante: Really, if the length isn't limited you'd be better of with "My mother told me I was the best! Alam0." or something not actually hard looking but long.
5073 2011-06-20 15:47:57 krekbwoy has joined
5074 2011-06-20 15:48:12 <Cryo> the interfacing with browsers is really where it shines
5075 2011-06-20 15:48:27 <gmaxwell> (of course, best off with something actually random)
5076 2011-06-20 15:48:34 neurochasm has quit (Quit: Leaving)
5077 2011-06-20 15:48:44 <Cryo> dictionary words? really?
5078 2011-06-20 15:48:46 <AntiVigilante> gmaxwell I have a nutritionally exacerbated memory problem
5079 2011-06-20 15:49:20 <gmaxwell> Cryo: doesn't matter if its long enough.
5080 2011-06-20 15:49:37 Storagewars has joined
5081 2011-06-20 15:49:45 <AntiVigilante> Cryo you can always take the first letter and then rotate around the keyboard
5082 2011-06-20 15:49:50 <Cryo> that's what she said
5083 2011-06-20 15:50:17 <AntiVigilante> stop playing with her distributor cap
5084 2011-06-20 15:50:31 <Cryo> spin me right round
5085 2011-06-20 15:52:31 <nomit> is any BTC market open? gribble doesn't report anything
5086 2011-06-20 15:53:21 d1234 has quit (Remote host closed the connection)
5087 2011-06-20 15:53:51 <lfm> nomit: prolly not
5088 2011-06-20 15:54:13 kratosk has quit (Ping timeout: 240 seconds)
5089 2011-06-20 15:54:17 cenuij has quit (Remote host closed the connection)
5090 2011-06-20 15:54:27 Nesetalis has quit (Read error: Connection reset by peer)
5091 2011-06-20 15:54:32 MartianW has joined
5092 2011-06-20 15:54:32 MartianW has quit (Changing host)
5093 2011-06-20 15:54:32 MartianW has joined
5094 2011-06-20 15:54:50 Nesetalis has joined
5095 2011-06-20 15:54:53 Titanium123_ has quit (Ping timeout: 252 seconds)
5096 2011-06-20 15:55:05 MartianW has quit (Client Quit)
5097 2011-06-20 15:55:37 cl909 has quit (Ping timeout: 252 seconds)
5098 2011-06-20 15:57:06 antgly20 has joined
5099 2011-06-20 15:57:11 antgly20 has left ()
5100 2011-06-20 15:59:35 <Katapult> nomit: cavirtex.com still seems open, never used them though so can't comment on their service
5101 2011-06-20 15:59:46 danbri has quit (Ping timeout: 264 seconds)
5102 2011-06-20 16:00:05 <sipa> gmaxwell: http://forum.bitcoin.org/index.php?topic=8728.msg250739
5103 2011-06-20 16:00:32 never_sleep has quit (Ping timeout: 244 seconds)
5104 2011-06-20 16:00:34 <sipa> http://forum.bitcoin.org/index.php?topic=8728.msg250739#msg250739
5105 2011-06-20 16:00:43 never_sleep has joined
5106 2011-06-20 16:02:08 ThomasV has joined
5107 2011-06-20 16:04:09 sanchaz has quit ()
5108 2011-06-20 16:04:29 <gmaxwell> sipa: Very good. I'm not sure about making it depend on particular transactions to verify because it shouldn't be too incompatible with pruning old things from the wallet.
5109 2011-06-20 16:04:51 <UukGoblin> gribble is still b0rk3d :-[
5110 2011-06-20 16:05:21 aFK-[u] is now known as BGL
5111 2011-06-20 16:05:45 triplex has joined
5112 2011-06-20 16:06:01 <sipa> gmaxwell: i'm not suggesting that
5113 2011-06-20 16:06:23 <WildSoil> "Withdrawing EUR is unfortunately not supported at this time. If you'd like to help us support this currency please consider becoming a TradeHill Partner." what is this ?? no support europeans?
5114 2011-06-20 16:06:24 <sipa> but it may be written in a confusing way
5115 2011-06-20 16:06:59 phearful has quit (Ping timeout: 260 seconds)
5116 2011-06-20 16:07:13 <sipa> if you use identifiers in ekey's KEYs, i suggest adding a checksum-based verification on top, but otherwise it becomes too hard to check a legitimate access attempt is valid
5117 2011-06-20 16:07:21 Titeuf_87 has joined
5118 2011-06-20 16:08:33 jargon has quit (Ping timeout: 246 seconds)
5119 2011-06-20 16:08:37 flykoko2 has joined
5120 2011-06-20 16:08:59 darnold has joined
5121 2011-06-20 16:09:43 jargon has joined
5122 2011-06-20 16:10:15 <gmaxwell> sipa: got it.
5123 2011-06-20 16:10:53 BlueMatt has joined
5124 2011-06-20 16:12:59 notallhere has joined
5125 2011-06-20 16:14:12 <jrmithdobbs> sipa: isn't it a safe assumption that anyone attacking would have at least some of the addresses in the wallet pre-computed?
5126 2011-06-20 16:14:45 <jrmithdobbs> so the ripemd16(sha256()) addition to computer time isn't all that helpful?
5127 2011-06-20 16:15:03 <jrmithdobbs> err, nm, you have no way of associating a pre-computed address with the correct key
5128 2011-06-20 16:15:16 <BlueMatt> sipa: any further suggestions for wallet crypto?
5129 2011-06-20 16:15:20 <BlueMatt> or anyone else?'
5130 2011-06-20 16:15:25 <sipa> BlueMatt: yes, see the forum thread
5131 2011-06-20 16:16:20 jargon has quit (Ping timeout: 250 seconds)
5132 2011-06-20 16:16:26 PI_314 has joined
5133 2011-06-20 16:17:29 <K_F> the question is if a pure encryption will work, as you'd presume that the attacker would've had access to a keylogger and henche the password
5134 2011-06-20 16:17:38 Sylph has quit (Ping timeout: 250 seconds)
5135 2011-06-20 16:18:04 <K_F> would it be a possibility to make e.g. gpg optional so that it'd be possible to use a smartcard as an added token?
5136 2011-06-20 16:18:15 <sacarlson> BlueMatt I just use luks encrypted partitions, but maybe windows needs something else https://sites.google.com/site/remotekeyencrypt/files/remote_key_encrypt.pdf?attredirects=0&d=1
5137 2011-06-20 16:18:31 <gmaxwell> K_F: It doesn't help if the attacker has a keylogger. Doesn't fix everything, alas.
5138 2011-06-20 16:18:48 <jrmithdobbs> K_F: yes wallet encryption does nothing to mitigate those types of scenario
5139 2011-06-20 16:19:02 <PI_314> there are still client certificates (http://cs.uccs.edu/~cs526/secureWebAccess/secureWebAccess.htm)
5140 2011-06-20 16:19:02 <BlueMatt> sacarlson: well having it in bitcoin makes it >9k x better for noobs
5141 2011-06-20 16:19:13 <jrmithdobbs> i disagree
5142 2011-06-20 16:19:27 <jrmithdobbs> i still think that adding wallet crypto does more harm than good
5143 2011-06-20 16:19:36 <jrmithdobbs> false sense of security etc
5144 2011-06-20 16:19:37 <BlueMatt> K_F: true, but it could help in many other cases.  Especially servers where you dont want to be able to send coins but want to accept them
5145 2011-06-20 16:19:43 <gmaxwell> K_F: also, if you assume a keylogger you can assume that they could pull the keys out of memory when you use your smartcard to decrypt them... so the marginal improvement there isn't fantastic.
5146 2011-06-20 16:19:53 T_X has joined
5147 2011-06-20 16:20:01 <jrmithdobbs> BlueMatt: you don't need to have a client online *at all* to accept them so that's a worthless use case
5148 2011-06-20 16:20:02 <AntiVigilante> jrmithdobbs: there are a variety of scenarios
5149 2011-06-20 16:20:06 karnac has quit (Ping timeout: 258 seconds)
5150 2011-06-20 16:20:13 <BlueMatt> if someone has access to run whatever the hell they want on your machine when you are sending coins, you are screwed...period
5151 2011-06-20 16:20:16 <gmaxwell> BlueMatt: the server case is addressed better by the type-2 determinstic wallets I proposed.
5152 2011-06-20 16:20:29 <emock> well, hopefully, people will realize that encrypting wallet doesn't remove the need to back it up
5153 2011-06-20 16:20:41 phearful has joined
5154 2011-06-20 16:20:52 <sipa> emock: on the contrary... encrypted wallets make backups a lot more feasable
5155 2011-06-20 16:21:02 <jrmithdobbs> and *more* necessary
5156 2011-06-20 16:21:03 <AntiVigilante> someone stealing your flash disk
5157 2011-06-20 16:21:09 <BlueMatt> gmaxwell: you mean deterministic calculation of all the keys you will ever have in your wallet...I really disagree with that
5158 2011-06-20 16:21:17 <BlueMatt> gmaxwell: then they dont even need your wallet, just the pw
5159 2011-06-20 16:21:21 <jrmithdobbs> BlueMatt: no not what he means at all
5160 2011-06-20 16:21:22 <gmaxwell> BlueMatt: No. Jesus.
5161 2011-06-20 16:21:31 <emock> yea, I'm just saying that 'safe' wallet needs at least encryption and backup
5162 2011-06-20 16:21:34 <gmaxwell> BlueMatt: http://forum.bitcoin.org/index.php?topic=19137.0  I know I'm wordy, but this isn't long.
5163 2011-06-20 16:21:36 <BlueMatt> oh, sorry well where did you post this
5164 2011-06-20 16:22:02 <emock> and I worry that people might think the client is now making their wallet 'safe'
5165 2011-06-20 16:22:21 <gmaxwell> ^there. I don't agree with purely password based determinstic wallets. But stored blob based ones should be fine.
5166 2011-06-20 16:22:21 vorlov has joined
5167 2011-06-20 16:22:32 <sacarlson> BlueMatt: I can't argue that and it can't be too hard to add something at least as an option,  I had some simple encryption methods I used in ruby just to have passwords kept safe
5168 2011-06-20 16:22:34 Mookman288 has joined
5169 2011-06-20 16:22:54 da2ce7 has quit (Read error: Connection reset by peer)
5170 2011-06-20 16:22:58 Sylph has joined
5171 2011-06-20 16:23:00 <pasky> Hmm, I had a 0.16 balance on one account, so I did 0.16 transaction to different address, and now that account shows balance -0.01 since apparently, bitcoind decided to automatically throw in 0.01 transaction fee. What happens now? Will the transaction go through? How can the balance go to negative numbers? If the transaction will not go through, how to repair this?
5172 2011-06-20 16:23:19 da2ce7 has joined
5173 2011-06-20 16:23:30 <gmaxwell> pasky: accounts can go negative, because they are just bookkeeping.
5174 2011-06-20 16:23:32 <Cryo> format your harddrive, you aren't allowed on the Internet any more
5175 2011-06-20 16:23:34 <BlueMatt> gmaxwell: well I still disagree with that, if you wallet is stolen, and then a year later the attacker goes back and sees if you have new coins, you are fucked...currently you are fine
5176 2011-06-20 16:23:50 Mookman288 has left ()
5177 2011-06-20 16:23:51 <jrmithdobbs> gmaxwell: your type-2 example is still pretty damned awesome ;p
5178 2011-06-20 16:24:03 <pasky> gmaxwell: Ok, but the transaction is for -0.16 + -0.01 on account that has just -0.16, won't my peers reject that?
5179 2011-06-20 16:24:16 <pasky> gmaxwell: or will it be simply considered as if there would be no fee?
5180 2011-06-20 16:24:29 hwolf has quit ()
5181 2011-06-20 16:24:29 krekbwoy has quit (Read error: Connection reset by peer)
5182 2011-06-20 16:24:36 <gmaxwell> BlueMatt: Yes, thats the tradeoff. I think thats a smaller risk. Also, you _could_ create a determinstic wallet that rotated itself every time you hit backup. (though you'd lose the small size advantage)
5183 2011-06-20 16:24:36 <Cryo> ah, qr-code.. excellent idea.
5184 2011-06-20 16:24:37 terracotta has quit (Ping timeout: 240 seconds)
5185 2011-06-20 16:24:38 <UukGoblin> pasky, it'd get rejected
5186 2011-06-20 16:24:47 <pasky> (eh, the s/account that has just -0.16/address that had just 0.16/)
5187 2011-06-20 16:25:00 <BlueMatt> UukGoblin: stop trolling
5188 2011-06-20 16:25:01 <jrmithdobbs> BlueMatt: i think that attack scenario is contrived
5189 2011-06-20 16:25:01 <dsockwell> well i compiled with the nosync flags, it doesn't seem to be any better
5190 2011-06-20 16:25:05 <gmaxwell> pasky: it didn't just send from one address.
5191 2011-06-20 16:25:07 <BlueMatt> also pasky support chan is #bitcoin ;)
5192 2011-06-20 16:25:11 <jrmithdobbs> BlueMatt: if your wallet is stolen you will most likely know fairly quickly.
5193 2011-06-20 16:25:25 <UukGoblin> BlueMatt, lol sorry ;-]
5194 2011-06-20 16:25:26 rasengan has quit (Quit: <3)
5195 2011-06-20 16:25:41 <jrmithdobbs> BlueMatt: once it's known that the wallet is stolen the *reasonable* thing to do is to immediately create a new wallet and send all funds to it anyways
5196 2011-06-20 16:25:43 <nameless> !~root@weowntheinter.net|Truth be told, wallet.dat is very insecure
5197 2011-06-20 16:25:48 triplex has quit (Quit: Page closed)
5198 2011-06-20 16:26:02 <pasky> BlueMatt: that one is so hopelessly off-topic with mtgox discussions though
5199 2011-06-20 16:26:05 <gmaxwell> jrmithdobbs: I don't know. He's right that its the compromise. But I think users are already far more likely to lose coins via inadequate backup than theft. Moreover, wallet encryption will drastically reduce the exposure from theft.
5200 2011-06-20 16:26:07 <BlueMatt> nameless|: thats why web-based wallets would be much better
5201 2011-06-20 16:26:11 syke has quit ()
5202 2011-06-20 16:26:16 <nameless> !~root@weowntheinter.net|I've often thought what the implications on bitcoin would be if someone wrote a virus or a worm that stole wallet.dat
5203 2011-06-20 16:26:17 <BlueMatt> pasky: well every bitcoin chan usually is
5204 2011-06-20 16:26:41 jivvz has quit (Quit: Lämnar)
5205 2011-06-20 16:26:41 <gmaxwell> BlueMatt: Ahem. Mtgox was, in most relevant ways, a web based wallet.
5206 2011-06-20 16:26:46 BTCTrader has joined
5207 2011-06-20 16:26:48 <nameless> !~root@weowntheinter.net|Or create a rouge installer witha  clause in the EULA that the licensing fee for the program is all wallet.dat files on the system
5208 2011-06-20 16:26:49 <copumpkin> next up on sensationalist news website: "two #bitcoin-dev ops agree: bitcoin is destined to fail because of security issues"
5209 2011-06-20 16:26:53 <pasky> gmaxwell: I'm sorry, I don't understand.
5210 2011-06-20 16:26:57 <BlueMatt> jrmithdobbs: yea, but I just dont know; it could make sense for some people, but for the majority I just dont think it is the best way
5211 2011-06-20 16:27:04 jivvz has joined
5212 2011-06-20 16:27:05 <TradehillRules> nameless|, http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours
5213 2011-06-20 16:27:07 <nameless> !~root@weowntheinter.net|copumpkin: nah
5214 2011-06-20 16:27:10 <copumpkin> :)
5215 2011-06-20 16:27:12 BTCTrader is now known as Guest43775
5216 2011-06-20 16:27:15 <BlueMatt> gmaxwell: well, the need for more secure bitcoin web-based wallets...
5217 2011-06-20 16:27:28 sytse has quit (Read error: Connection reset by peer)
5218 2011-06-20 16:27:30 <gmaxwell> pasky: I know, and I'm sorry. but I'd like to finish this other conversation before I go explaining it to you. :) If you can hang around a bit I will.
5219 2011-06-20 16:27:35 fimp has joined
5220 2011-06-20 16:27:38 <pasky> sure
5221 2011-06-20 16:27:44 <sipa> BlueMatt: what do you think about my last post in the thread?
5222 2011-06-20 16:27:50 <jrmithdobbs> BlueMatt: i think combined with properly implemented wallet encryption it reduces backup headaches enough to outweigh that unlikely attack scenario
5223 2011-06-20 16:28:09 <jrmithdobbs> gmaxwell: it's definitely a risk but: what I just said
5224 2011-06-20 16:28:13 <sipa> (i suppose you'll say "too complicated", but i believe this is something that should be done right)
5225 2011-06-20 16:28:14 <nameless> !~root@weowntheinter.net|TradehillRules: Well damn, I've been beat to my idea
5226 2011-06-20 16:28:24 <AntiVigilante> gmaxwell: how does Type 2 fare in preventing someone from accusing you of something you didn't do
5227 2011-06-20 16:28:33 zelyony has joined
5228 2011-06-20 16:28:34 abragin has quit (Ping timeout: 264 seconds)
5229 2011-06-20 16:28:43 <K_F> I wonder how many will loose their coins because of missed passwords in an encrypted wallet
5230 2011-06-20 16:28:47 <gmaxwell> BlueMatt: So anyways, on the determinstic wallets: Don't you think that the encryption mostly closes the delayed theft risk? Does my point re: more likely to lose due to inadequate backups vs theft make sense to you?
5231 2011-06-20 16:28:52 <K_F> in a "mass-user scenario"
5232 2011-06-20 16:28:55 <gmaxwell> K_F: probably more than due to theft. But ::shrugs::.
5233 2011-06-20 16:29:07 <emock> I suspect most people won't know their wallet was stolen until their coins are gone
5234 2011-06-20 16:29:16 <K_F> gmaxwell: exactly.. :)
5235 2011-06-20 16:29:21 <gmaxwell> Users would rather have failures they control (forgetting) than failures someone else controls (theft).
5236 2011-06-20 16:29:32 <jrmithdobbs> agreed
5237 2011-06-20 16:29:40 <BlueMatt> sipa: well the passphrase stuff isnt theoretically dangerous as it doesnt commit until after its all done anyway...I still prefer individual encryption because Im lazy and dont feel like coding more
5238 2011-06-20 16:29:44 abragin has joined
5239 2011-06-20 16:29:53 <AntiVigilante> however forgetting is harder to reverse than theft
5240 2011-06-20 16:29:54 zelyony has left ()
5241 2011-06-20 16:29:55 sytse has joined
5242 2011-06-20 16:29:57 <K_F> indeed, but a proper use case might be to have a non-encrypted wallet stored off somewhere very safe before encrypting it on the day-to-day device
5243 2011-06-20 16:30:13 <jrmithdobbs> BlueMatt: your current passphrase "hardening" is deterministic and parallelizable
5244 2011-06-20 16:30:16 <K_F> so an encryption scheme probably shouldn't disallow that behavior
5245 2011-06-20 16:30:18 <BlueMatt> jrmithdobbs: most users dont backup so...
5246 2011-06-20 16:30:24 <AntiVigilante> how many coins are lost to backup over malfunction
5247 2011-06-20 16:30:35 <emock> but users are accustomed to blaming themselves for forgetting a password
5248 2011-06-20 16:30:45 <gmaxwell> AntiVigilante: Hm. I'm not seeing the risk there. The primary risk of type-2 is that someone can steal the address generating keys and find out what addresses of yours are connected.
5249 2011-06-20 16:30:55 <UukGoblin> emock, they still expect a "Forgot your password?" link though ;-]
5250 2011-06-20 16:31:01 <gmaxwell> emock: also accustomed to recovery.
5251 2011-06-20 16:31:03 <BlueMatt> gmaxwell: encryption closes delayed-theft: no, I dont see how if they also got a pw, and I didnt see a backup vs theft argument?
5252 2011-06-20 16:31:19 IncitatusOnWater has quit (Ping timeout: 255 seconds)
5253 2011-06-20 16:31:27 <jrmithdobbs> BlueMatt: backup vs theft argument is in the thread he linked
5254 2011-06-20 16:31:30 <BlueMatt> jrmithdobbs: yep, and that will be changed eventually
5255 2011-06-20 16:31:39 <BlueMatt> arg I didnt read that far
5256 2011-06-20 16:31:46 <jrmithdobbs> BlueMatt: eventually needs to be before pull/push
5257 2011-06-20 16:31:48 <BlueMatt> eventually meaning before merge
5258 2011-06-20 16:31:50 PI_314 has left ()
5259 2011-06-20 16:31:55 <gmaxwell> BlueMatt: I think people are already more likely to lose their coins due to insufficient backups / hardware failures than due to theft. Certantly encryption shifts the balance away from theft.
5260 2011-06-20 16:31:57 TradehillRules is now known as Joric
5261 2011-06-20 16:32:01 csshih has quit (Ping timeout: 240 seconds)
5262 2011-06-20 16:32:13 <sipa> and the public eyes are definitely on theft now
5263 2011-06-20 16:32:23 <jrmithdobbs> and secure backups
5264 2011-06-20 16:32:29 <Joric> did anyone try to use mybitcoin merchant service?
5265 2011-06-20 16:32:35 <gmaxwell> BlueMatt: also, type-2 allows complete seperation of the private key data from a front end web server that only accepts payments.
5266 2011-06-20 16:32:37 <sipa> BlueMatt: even just for having the ability (not necessarily implemented right now) to have a function for adding additional passphrases later (unlocking codes, ...), is worth it to me
5267 2011-06-20 16:32:51 <sipa> BlueMatt: and i don't think laziness is an excuse, sorry
5268 2011-06-20 16:33:03 <midnightmagic> i wonder how much of the theft stuff is going to act as a feedback loop to encourage more theft.
5269 2011-06-20 16:33:08 <BlueMatt> its not, but it means Im not gonna write it...if you want to have fun though
5270 2011-06-20 16:33:13 <jrmithdobbs> midnightmagic: quite a bit
5271 2011-06-20 16:33:24 <jrmithdobbs> midnightmagic: it's scarily profitable
5272 2011-06-20 16:33:30 <gmaxwell> midnightmagic: this is why I've talked about herd immunity too.
5273 2011-06-20 16:33:41 <Joric> is it possible to reskin mybitcoin forms or get rid of them completely?
5274 2011-06-20 16:33:57 <jrmithdobbs> midnightmagic: with so little effort. Sit on irc bootstrap channel. Watch for connecting nodes. Run nessus. Rinse. Repeat.
5275 2011-06-20 16:34:00 <emock> thoughts on integrating wallet password with OS keychains?
5276 2011-06-20 16:34:06 <BlueMatt> sipa: thats also an interesting idea, but Im not so sure about doing that *in* bitcoin...that might be something that could be done in the wallet file format, but only in an advanced form of client imo
5277 2011-06-20 16:34:10 <jrmithdobbs> midnightmagic: whole thing can be automated trivially with a huge payoff.
5278 2011-06-20 16:34:18 <midnightmagic> jrmithdobbs: nessus is still the current top-open-source dog?
5279 2011-06-20 16:34:24 <sipa> BlueMatt: sure, i'm talking about the possibility
5280 2011-06-20 16:34:28 <jrmithdobbs> midnightmagic: just an example
5281 2011-06-20 16:34:28 da2ce7 has quit (Ping timeout: 255 seconds)
5282 2011-06-20 16:34:41 <midnightmagic> i use -noirc so I guess that specific vector doesn't apply to me.
5283 2011-06-20 16:34:47 <BlueMatt> sipa: hm, well that is a cool idea...
5284 2011-06-20 16:34:57 krekbwoy has joined
5285 2011-06-20 16:35:00 <gmaxwell> jrmithdobbs: arguably the wallet file name should be changed to secret_wallet_do_not_share.dat
5286 2011-06-20 16:35:04 <jrmithdobbs> midnightmagic: fine. Sit on p2p network. Wait for addr broadcasts. <see above>
5287 2011-06-20 16:35:09 <emock> specifically, should I include storing password in OSX keychain in my client?
5288 2011-06-20 16:35:27 <midnightmagic> that's why I said "specific"
5289 2011-06-20 16:35:30 <BlueMatt> sipa: well I suppose if Im gonna do random salt, it would fall in around the same class of stuff anyway...
5290 2011-06-20 16:35:34 <jrmithdobbs> midnightmagic: it's less trivial in that the p2p protocol does not have good external implementations, but that is slowly changing.
5291 2011-06-20 16:35:50 <Cryo> gmaxwell, excellent article
5292 2011-06-20 16:35:54 <gmaxwell> BlueMatt: Did you see sipa's proposal on the forums? I think it's pretty good.
5293 2011-06-20 16:36:00 <BlueMatt> sipa: arg, fine...Ill store it as a setting with the salt then too...this amount of work is just piling up
5294 2011-06-20 16:36:15 <jrmithdobbs> BlueMatt: it's not a trivial thing to do properly
5295 2011-06-20 16:36:18 <jrmithdobbs> you knew this going in
5296 2011-06-20 16:36:27 <Joric> did anyone stumble upon merchant service that doesn't need VPS? hate mybitcoin forms
5297 2011-06-20 16:36:46 <BlueMatt> jrmithdobbs: well aside from the random salt stuff, it pretty much is already properly done
5298 2011-06-20 16:36:59 <sipa> actually, i just realize a weakness
5299 2011-06-20 16:37:00 <BlueMatt> jrmithdobbs: the multi-key idea is a feature, and by no means a requirement
5300 2011-06-20 16:37:02 <jrmithdobbs> Joric: at this time, i cannot in good conscience recomend any web-based apis
5301 2011-06-20 16:37:16 <gmaxwell> pasky: okay. Hello! The accounts in the client are just for book keeping. When you send out it can use coins in any of the accounts/addresses your wallet has access to.
5302 2011-06-20 16:37:37 <sipa> some public keys are stored directly (not hashed) in the wallet
5303 2011-06-20 16:37:38 <BlueMatt> jrmithdobbs: and multi-key isnt something that is required to do it "right"
5304 2011-06-20 16:37:44 <Joric> jrmithdobbs because there's none
5305 2011-06-20 16:37:52 never_sleep has quit (Read error: Operation timed out)
5306 2011-06-20 16:37:56 <gmaxwell> pasky: so the only reason that balance could go negative was because you had positive balances in other accounts.
5307 2011-06-20 16:37:59 <jrmithdobbs> Joric: mtgox ;P
5308 2011-06-20 16:38:01 vragnaroda has quit (Disconnected by services)
5309 2011-06-20 16:38:02 <jrmithdobbs> lol
5310 2011-06-20 16:38:07 <sipa> that would remove the need for the ripemd160(sha256(pubkey)) to be done by an attacker to verify correctness
5311 2011-06-20 16:38:22 <midnightmagic> jrmithdobbs: i would say it's relatively trivial, all you have to do is patch the address grokker and have it write out individual IPs, or I guess just grep the debug.log when you first connect.
5312 2011-06-20 16:38:29 <gmaxwell> sipa: feh!
5313 2011-06-20 16:38:32 <sipa> now that's a minor part, as ec point, aes, and key strengthening remain
5314 2011-06-20 16:38:33 KillGuta has joined
5315 2011-06-20 16:38:35 <BlueMatt> sipa: yep, as it currently is all keys are stored as such
5316 2011-06-20 16:38:37 JamesBoo has joined
5317 2011-06-20 16:38:41 <jrmithdobbs> midnightmagic: good point
5318 2011-06-20 16:38:42 <JamesBoo> HAHAHHAHAHAH, did you guys see the CNBC article???????  They say Bitcoins are MORE PRONE TO INFLATION than the U.S. Dollar
5319 2011-06-20 16:38:44 <sipa> BlueMatt: in my proposal they aren't
5320 2011-06-20 16:38:45 <JamesBoo> Im still laughing, i read the article 35 minutes ago
5321 2011-06-20 16:38:53 <Joric> jrmithdobbs, no kidding, i was thinking about mtgox, but it delays transaction for a while
5322 2011-06-20 16:38:55 <sipa> and i know they currently are
5323 2011-06-20 16:38:57 <jrmithdobbs> JamesBoo: that's a personal blog of a cnbc reporter
5324 2011-06-20 16:39:04 <JamesBoo> hahahhhahah
5325 2011-06-20 16:39:08 never_sleep has joined
5326 2011-06-20 16:39:10 <JamesBoo> MORE PRONE TO INFLATION THAN THE US DOLLAR
5327 2011-06-20 16:39:11 <jrmithdobbs> Joric: i can't in good conscience recomend mtgox for *anything* right now
5328 2011-06-20 16:39:11 <gmaxwell> jrmithdobbs: well more are being "printed" right now than dollars, I suppose!
5329 2011-06-20 16:39:13 <BlueMatt> sipa: I see nothing about public keys in that post?
5330 2011-06-20 16:39:14 <JamesBoo> HAHAHAHAHHAHA
5331 2011-06-20 16:39:17 <jrmithdobbs> Joric: *especially* merchant services.
5332 2011-06-20 16:39:17 <JamesBoo> MORE PRONE TO INFLATION THAN THE US DOLLAR
5333 2011-06-20 16:39:19 <bobke> http://www.cnbc.com/id/43464477
5334 2011-06-20 16:39:21 <sipa> BlueMatt: but i'm talking about pubkeys inside txout scripts and keypool
5335 2011-06-20 16:39:22 <bobke> i think that is the article
5336 2011-06-20 16:39:38 ghtdak has joined
5337 2011-06-20 16:39:50 <BlueMatt> wait, am I reading a different post?
5338 2011-06-20 16:39:52 <Joric> i want some of those http://media.cnbc.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__COMPANY_IMAGES/B/bitcoin_candy_200.jpg
5339 2011-06-20 16:39:54 <BlueMatt> oh, I am
5340 2011-06-20 16:39:56 <BlueMatt> damn
5341 2011-06-20 16:40:02 <sipa> BlueMatt: http://forum.bitcoin.org/index.php?topic=8728.msg250739#msg250739
5342 2011-06-20 16:40:11 <BlueMatt> yea, I hadnt scrolled all the way down
5343 2011-06-20 16:40:19 <jrmithdobbs> sipa: oh good point, i guess my earlier thoughts about pre-computing ripemd160(sha256()) do actually apply
5344 2011-06-20 16:40:49 <midnightmagic> jrmithdobbs: I can recommend them. Given the completely lack of communication on the part of my bank when my details are divulged, I would say MT's got a pretty good track record.
5345 2011-06-20 16:40:58 davex___ has quit (Quit: Ex-Chat)
5346 2011-06-20 16:41:18 <ius> sipa: jumping in, might've missed stuff, but deriving AES IV using RIPEMD160(SHA256()) looks a bit silly to me - one hash should suffice?
5347 2011-06-20 16:41:21 davex__ has quit (Remote host closed the connection)
5348 2011-06-20 16:41:21 <Joric> damn, why they mention symantec stocks went up )
5349 2011-06-20 16:41:22 <jrmithdobbs> midnightmagic: fine by me. I can't. ;P
5350 2011-06-20 16:41:38 <emock> crazy thought (from a naive person):  how about some kind of proof of work to access your coins?
5351 2011-06-20 16:41:41 <Joric> i can't in good conscience recomend symantec )
5352 2011-06-20 16:41:43 davex__ has joined
5353 2011-06-20 16:41:47 jargon has joined
5354 2011-06-20 16:41:47 jargon has quit (Changing host)
5355 2011-06-20 16:41:47 jargon has joined
5356 2011-06-20 16:41:55 <sipa> ius: of course one hash suffices, but you need to know the IV in advance
5357 2011-06-20 16:41:59 <midnightmagic> jrmithdobbs: You should! MT's success is the primary driver of btc's success in the last few months
5358 2011-06-20 16:41:59 <jrmithdobbs> emock: no, makes them unusable for their intended purpose
5359 2011-06-20 16:42:05 <gmaxwell> sipa: meh. just make the EVP harder and salted, and call it done. Forcing the rest to be in loop is nice, but its only worth it if its trivial.
5360 2011-06-20 16:42:07 mosimo has joined
5361 2011-06-20 16:42:26 <emock> jrmithdobbs: the coins unusable?
5362 2011-06-20 16:42:29 <jrmithdobbs> midnightmagic: not willing to overlook incompetence even in light of personal gain.
5363 2011-06-20 16:42:36 gjs278 has quit (Remote host closed the connection)
5364 2011-06-20 16:42:45 <jrmithdobbs> emock: yes. how do you propes doing proof of work for point of sale transactions, for instance.
5365 2011-06-20 16:42:55 <jrmithdobbs> propose
5366 2011-06-20 16:43:03 <sipa> gmaxwell: the reason for the ripemd160(sha256()) part is not actually for security, but to be able to map addresses to public key records
5367 2011-06-20 16:43:12 <ius> sipa: 'in advance'? How's that related? Just double hashing looks a bit useless. Doesn't add any significant security, and it's just an IV, as long as it's unpredictable it's fine
5368 2011-06-20 16:43:13 <sipa> gmaxwell: and that you can use it as IV is a nice shortcut
5369 2011-06-20 16:43:22 <jrmithdobbs> emock: requiring proof of work for spending is fine if you never want to see bitcoin used for anything but speculation.
5370 2011-06-20 16:43:37 <ius> oh
5371 2011-06-20 16:43:41 <jrmithdobbs> emock: but anything outside of that proof of work req for spending coins destroys bitcoin
5372 2011-06-20 16:43:41 <gmaxwell> sipa: ...Yea, I think we're desynced I'm not disagreeing with that.
5373 2011-06-20 16:43:47 <emock> jrmithdobbs: not sure…  that's why it was a crazy idea.  but people are smart and could probably figure something out
5374 2011-06-20 16:43:54 <sipa> gmaxwell: i'm not disagreeing with you either
5375 2011-06-20 16:43:55 JamesBoo has quit (Quit: Page closed)
5376 2011-06-20 16:44:28 <BlueMatt> sipa: how often does the client search through mapKeys not after a search of mapPubKeys?
5377 2011-06-20 16:45:19 <jrmithdobbs> emock: right, I was telling you why it wouldn't work ;)
5378 2011-06-20 16:45:40 <midnightmagic> jrmithdobbs: You haven't convinced me of any incompetence on MT's part. Your evidence is a single note that may or may not suggest MT completely groks both the concept of an absence of evidence *and* is able to convey that specific knowledge to others in a way that satisfies your concept of how he should be demonstrating it. About the only thing I've seen that should be improved is the site's reliance on outside contractor's to d
5379 2011-06-20 16:45:40 <midnightmagic> o their jobs without giving everyone's passwords away.
5380 2011-06-20 16:45:41 Mononofu has quit (Read error: Operation timed out)
5381 2011-06-20 16:45:51 <sacarlson> jrmithdobbs: that's why some people have thought of alternative crypto-currencies like http://forum.bitcoin.org/index.php?topic=9493.msg138247#msg138247
5382 2011-06-20 16:45:53 <emock> jrmithdobbs: but maybe it's just that we can't think of a way to make it work /at the moment/
5383 2011-06-20 16:46:02 gjs278 has joined
5384 2011-06-20 16:46:02 Kebert has joined
5385 2011-06-20 16:46:10 <jrmithdobbs> midnightmagic: i don't want to start this argument again. I stated an opinion. Clearly said it was such. The end.
5386 2011-06-20 16:46:21 <gmaxwell> meh. just make the EVP harder and salted, and call it done. Forcing the rest to be inside a bruteforcing loop is nice, but its only worth it if its trivial. Even with it the system is still vulnerable to brute forcing on FPGAs (which was why I was advocating scrypt), so it's not that big of an improvement over just setting the EVP rounds well.
5387 2011-06-20 16:47:18 <BlueMatt> sipa: so you are saying the client never needs the full public key, and thus we shouldnt bother storing it, just pull out the address so we know that when we need to look up privkey to sign and such?
5388 2011-06-20 16:47:37 <emock> i.e. proof of work could have a lifetime…  and if you forgot to do the work before going shopping it would be like you forgot your 'real' wallet now-a-days
5389 2011-06-20 16:47:56 <midnightmagic> jrmithdobbs: I wouldn't even be mentioning it again if you didn't keep going on at length about how much you can't recommend the site and by extension, neither should anyone else.
5390 2011-06-20 16:47:59 <sipa> BlueMatt: actually, no
5391 2011-06-20 16:48:22 <sipa> wait
5392 2011-06-20 16:48:32 <BlueMatt> so...just do the ripemd160+sha for the hell of it to make it harder to brute?
5393 2011-06-20 16:48:33 <jrmithdobbs> midnightmagic: someone asked a specific question about merchant apis. It was relevant. I stated my opinion. which knight for tux somewhere else.
5394 2011-06-20 16:48:35 <ionspin> Somebody should start implementing secure wallets for mobile phones, i always feel like i forgot my money at home when i go to work :)
5395 2011-06-20 16:48:42 <jrmithdobbs> s/which/white/
5396 2011-06-20 16:48:45 <ionspin> and actually i did :)
5397 2011-06-20 16:48:48 <sipa> BlueMatt: the ripem160+sha is not for security
5398 2011-06-20 16:48:56 <sipa> it doesn't add anything really
5399 2011-06-20 16:48:57 <BurningToad> why does bitcoind getinfo show a different difficulty than bitcoinwatch, etc
5400 2011-06-20 16:49:00 <ius> midnightmagic: For example, what MT did not tell you was that they patched up a SQLi hole. _ANY_ organization practising sane security would inform their clients and take appropriate measures
5401 2011-06-20 16:49:04 <BlueMatt> sipa: so...why?
5402 2011-06-20 16:49:17 <sipa> BlueMatt: to be able to do a lookup of a key if you only have the address
5403 2011-06-20 16:49:18 <gmaxwell> BurningToad: because bitcoin watch is using an old bitcoind which was wrong.
5404 2011-06-20 16:49:22 <sipa> BlueMatt: for now, no issue
5405 2011-06-20 16:49:25 <midnightmagic> jrmithdobbs: lol So you can black knight without a challenge?
5406 2011-06-20 16:49:26 <midnightmagic> gimme a break
5407 2011-06-20 16:49:30 <sipa> BlueMatt: if you want to change it, go ahead
5408 2011-06-20 16:49:37 <jrmithdobbs> midnightmagic: see what ius just said for yet another example
5409 2011-06-20 16:49:38 <ius> midnightmagic: Look at Lastpass' proactive approach recently, imo they did pretty well by informing their users even though there was little compromised in the end
5410 2011-06-20 16:49:39 <BurningToad> ah ok, so mine is right, thanks!
5411 2011-06-20 16:49:52 <BlueMatt> I mean if we just do away with mapKeys+mapPubKeys and just do a mapKeys which goes from address -> privkey, fine, otherwise I see no huge advantage?
5412 2011-06-20 16:49:54 <midnightmagic> ius: How did this information come to light?
5413 2011-06-20 16:50:03 <BlueMatt> (Im not sure that that would be entirely hard)
5414 2011-06-20 16:50:09 <jrmithdobbs> midnightmagic: ius is the one who reported and worked with tux to confirm it was fixed.
5415 2011-06-20 16:50:13 <BlueMatt> probably wouldnt be too much work
5416 2011-06-20 16:50:32 <midnightmagic> ius: Any evidence of it being exploited?
5417 2011-06-20 16:50:33 <jrmithdobbs> ius: next time save us all the questioning and disclose fully immediately instead please ;P
5418 2011-06-20 16:50:39 <sipa> BlueMatt: i'm quite sure that is possible yes, to only have a address -> privkey map
5419 2011-06-20 16:50:40 <ius> midnightmagic: And it is still NOT impossible for an attacker to obtain a MySQL account via SQL injection - rather I'd say it's much more probably than his 'auditor' being compromised (nice scapegoat)
5420 2011-06-20 16:50:48 <ius> jrmithdobbs: ;)
5421 2011-06-20 16:50:54 <jrmithdobbs> midnightmagic: doesn't matter if there's proof it was exploited
5422 2011-06-20 16:51:03 <sipa> you only need the pubkey when verifying signatures, really
5423 2011-06-20 16:51:05 <midnightmagic> jrmithdobbs: I said "evidence", not "proof"
5424 2011-06-20 16:51:08 <jrmithdobbs> midnightmagic: tux has said REPEATEDLY over the last 24 hours that there was never an sqli exploit
5425 2011-06-20 16:51:16 <gmaxwell> presumably ius found it by exploiting it.
5426 2011-06-20 16:51:20 <sipa> and when you are, the pubkey is always stored in the scripts anyway
5427 2011-06-20 16:51:21 <BlueMatt> sipa: so...after all this it sounds like the best way is to start over on wallet class and do a recode
5428 2011-06-20 16:51:24 <ius> midnightmagic: No, but the SQLi scenario is much more probable than the auditor being compromised, given that it's not publically known who the party even is
5429 2011-06-20 16:51:33 <emock> jrmithdobbs be damned, I'm kinda liking this proof-of-work to unlock your wallet idea ;-)
5430 2011-06-20 16:51:51 linagee has quit (Ping timeout: 240 seconds)
5431 2011-06-20 16:52:02 <gmaxwell> emock: it's normally called strenghtening in the context of passwords.
5432 2011-06-20 16:52:06 <jrmithdobbs> emock: work out a more complete proposal, you may be on to something with pre-computed POW but i'm not sure that doesn't defeat the purpose ;P
5433 2011-06-20 16:52:26 <midnightmagic> ius: You appear to be doing the same thing jrmithdobbs is. Do you have specific knowledge of what brought MT to think an outside auditor was the leak based on faulty evidence?
5434 2011-06-20 16:52:27 <emock> yea, thinking it through better now...
5435 2011-06-20 16:52:28 <jrmithdobbs> gmaxwell: he's talking network-based pof req for spending coins
5436 2011-06-20 16:52:32 <BlueMatt> well...I suppose Ive got an hour now, might as well go get started...:(
5437 2011-06-20 16:52:34 <ius> Unless some attacker randomly stumbled upon the auditor's PC and found the MySQL credentials, I suspect it might be just be used as an excuse to blame another party
5438 2011-06-20 16:52:38 ionspin has quit (Quit: Leaving)
5439 2011-06-20 16:52:39 <gmaxwell> s/strenghtening/strengthening/
5440 2011-06-20 16:52:43 <lfm> ius: actually its more probable you are mistaken than MT is
5441 2011-06-20 16:52:46 <ius> midnightmagic: He stated so
5442 2011-06-20 16:52:46 <sipa> BlueMatt: that's up to you how to implement it
5443 2011-06-20 16:52:51 <jrmithdobbs> midnightmagic: no because he discloses nothing, ever, until publically ridiculed
5444 2011-06-20 16:53:21 <gmaxwell> jrmithdobbs: more likely that he knows nothing until publically ridiculed
5445 2011-06-20 16:53:24 linagee has joined
5446 2011-06-20 16:53:31 <midnightmagic> ius: Did he state specifically, "We know it was the auditor because we found X on his machine and Y evidence in the logs," or are you basing your conclusion SOLELY on the press release?
5447 2011-06-20 16:53:34 <gmaxwell> Assuming dishonesty is a greater assumption than ignorance.
5448 2011-06-20 16:53:35 <sipa> BlueMatt: if i were to do it, i guess i'd start on wallet class, and as a first step make implement a system where private keys can be unavailable (no new address generatable, ...)
5449 2011-06-20 16:53:53 <ius> lfm: Why? Failure to inform his users of the closed vuln does not inspire much confidence...
5450 2011-06-20 16:53:55 <jrmithdobbs> gmaxwell: trying to avoid explicitly stating my assumption of his incompetence in relation to this discussion ;P
5451 2011-06-20 16:54:20 <sipa> BlueMatt: then i guess you can modify CKeyStore to be in a 'locked' or 'unlocked' state
5452 2011-06-20 16:54:21 tixtax has joined
5453 2011-06-20 16:54:28 <lfm> ius cuz I dont know you as well
5454 2011-06-20 16:54:30 <ius> midnightmagic: Press release.
5455 2011-06-20 16:54:31 <midnightmagic> jrmithdobbs: So it's speculation, in other words.
5456 2011-06-20 16:54:34 <ius> "It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised"
5457 2011-06-20 16:54:50 <midnightmagic> ius: Yeah, so how do we know what he based his claim on? We know nothing. It's speculation.
5458 2011-06-20 16:54:57 <jrmithdobbs> gmaxwell: also it doesn't matter if it's incopetence vs dishonesty in this case, both are equally bad
5459 2011-06-20 16:54:58 <gmaxwell> ius: he said more about that in IRC as well, but didn't give details.
5460 2011-06-20 16:55:13 <ius> lfm: Are you questioning my claim of the site having been vulnerable to SQL injection? You may of course doubt me, that's fine. I would understand if you would trust MT more than me..
5461 2011-06-20 16:55:14 <sipa> BlueMatt: containing encrypted CPrivKey's, decrypting them on the fly when possible, failing otherwise
5462 2011-06-20 16:55:23 <gmaxwell> jrmithdobbs: I didn't say incompetence. You don't need to be incompent to not know when someone has copied your password table
5463 2011-06-20 16:55:27 neversleepy has joined
5464 2011-06-20 16:55:29 istat has joined
5465 2011-06-20 16:55:36 <dD0T> gmaxwell: I like stretching better ;-) It's not like the password itself gets stronger....
5466 2011-06-20 16:55:37 <ius> midnightmagic: Yeah that's why I think it's not the full story, but yet he said 'no SQLi was used'
5467 2011-06-20 16:55:48 <BlueMatt> sipa: yep, Ill go get started (for the third time)
5468 2011-06-20 16:55:55 peck has quit (Read error: Connection reset by peer)
5469 2011-06-20 16:55:55 <jrmithdobbs> gmaxwell: you need to be incompetant to give financial auditors access to user tables though
5470 2011-06-20 16:56:04 <sipa> BlueMatt: in any case, many thanks for wanting to do this
5471 2011-06-20 16:56:06 <jrmithdobbs> user *auth* tables
5472 2011-06-20 16:56:11 <ius> Off for dinner now, apparantly 'the guy who transfered the 500k' will be on that bitcoin show, hope that has anything new
5473 2011-06-20 16:56:13 <gmaxwell> jrmithdobbs: even if thy are auditing for market manipulation via sock accounts?
5474 2011-06-20 16:56:19 <lfm> ius: so did you access his passwords file?
5475 2011-06-20 16:56:21 <BlueMatt> sipa: meh, wtf else am I gonna waste my time on?
5476 2011-06-20 16:56:23 <jrmithdobbs> gmaxwell: auth tables
5477 2011-06-20 16:56:35 <sipa> BlueMatt: haha
5478 2011-06-20 16:56:41 <jrmithdobbs> gmaxwell: and if your auth and acct data tablesa re the same that's just a different type of incompetence ;P
5479 2011-06-20 16:56:44 <dD0T> jrmithdobbs: If the guy says "I need access to all of the data" and someone clicks "all" in his phpmyadmin...
5480 2011-06-20 16:56:45 <gmaxwell> BlueMatt: you could argue with idiots on irc instead?
5481 2011-06-20 16:56:46 vokoda has joined
5482 2011-06-20 16:57:06 <BlueMatt> gmaxwell: coding is a ton more fun in that case...
5483 2011-06-20 16:57:09 <Cryo> erf phpmyadmin ftl
5484 2011-06-20 16:57:13 <ius> lfm: I only confirmed that it was injectable, I'm /assuming/ it had at least access to the full frontend database
5485 2011-06-20 16:57:28 <gmaxwell> ius: where was it injectable?
5486 2011-06-20 16:57:34 <lfm> ius oh so you dont know either
5487 2011-06-20 16:57:45 <ius> gmaxwell: Some claims page.. mtgox.com/claim?token=<inj>
5488 2011-06-20 16:58:11 <gmaxwell> ius: makes sense that it would have auth table access from there, I guess.
5489 2011-06-20 16:58:14 <ius> lfm: It's a reasonable assumption for it to have access to all tables, especially since it was looking for an email address
5490 2011-06-20 16:58:19 <jrmithdobbs> midnightmagic: ps: here's some fun results from site:pastebin.com magicaltux
5491 2011-06-20 16:58:19 never_sleep has quit (Ping timeout: 260 seconds)
5492 2011-06-20 16:58:24 <jrmithdobbs> midnightmagic: http://pastebin.com/8utWDqaY
5493 2011-06-20 16:58:30 * jgarzik wakes up
5494 2011-06-20 16:58:31 <dD0T> ius: Not to users tables
5495 2011-06-20 16:58:31 <ius> Anyway, dinner.
5496 2011-06-20 16:58:36 <jrmithdobbs> midnightmagic: http://pastebin.com/vr36QvX0
5497 2011-06-20 16:58:47 <lfm> ius yup, you're assuming, just like you're accusing someone else of assuming
5498 2011-06-20 16:58:51 <dD0T> ius: That would just be pure fail. Would've had to run as root to be that open
5499 2011-06-20 16:59:01 sherpishoru has joined
5500 2011-06-20 16:59:35 <ius> dD0T: Could be
5501 2011-06-20 16:59:41 <Wuked> any forum admins about ?
5502 2011-06-20 17:00:05 <ius> lfm: Yes, SQli being used is an assumption on my part - not going to deny that
5503 2011-06-20 17:00:16 Obehsh has joined
5504 2011-06-20 17:00:37 <ius> lfm: But he didn't disclose the vuln and his response suggested he wasn't really taking things serious
5505 2011-06-20 17:02:01 Mononofu has joined
5506 2011-06-20 17:02:11 <ius> lfm: For example, reasoning that the users being compromised was not his fault cause the correct password was used to login
5507 2011-06-20 17:02:43 p0s has left ("Konversation terminated!")
5508 2011-06-20 17:03:18 <ius> Doesn't tell you much if your DB /could/ have leaked via SQLi. Fact is there was a hole, and unless he had full request/response logs you can't tell whether or not info leaked
5509 2011-06-20 17:03:51 <ius> As said before, I 'hope' the guy who was playing with the funds is the same guy who compromised the DB, so we can hear his part of the story
5510 2011-06-20 17:04:26 peck has joined
5511 2011-06-20 17:04:36 kika_ has joined
5512 2011-06-20 17:04:59 <kika_> does anyone know how diffie hellman key exchange is used?
5513 2011-06-20 17:05:08 dukeleto has quit (Excess Flood)
5514 2011-06-20 17:05:16 <Juggie> can this exchange be trusted again though.
5515 2011-06-20 17:05:25 <upb> ius: wow where is it going to be ?
5516 2011-06-20 17:05:32 <ius> dD0T: re: users tables - correct, but don't you agree the external auditor being compromised is an improbable vector too?
5517 2011-06-20 17:05:34 <Guest43775> kikia_ http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
5518 2011-06-20 17:05:41 dukeleto has joined
5519