1 2011-06-20 00:00:09 hamush1 has joined
2 2011-06-20 00:00:11 <BTCTrader> Welcome to the AK Bitcoin Exchange, you bring your bitcoins, we guard them with AK's
3 2011-06-20 00:00:27 <KuDeTa> phantomcircuit: i think community needs to step up now. Framework for exchanges, minimum security, how to handle hacks etc
4 2011-06-20 00:00:36 DontMindMe has joined
5 2011-06-20 00:00:37 joepie91 has joined
6 2011-06-20 00:00:58 <phantomcircuit> KuDeTa, yeah im currently the unmasked exchange crusader stay tuned for updates...
7 2011-06-20 00:00:59 kratosk has joined
8 2011-06-20 00:01:02 <ThomasV> BTCTrader: AK47 ?
9 2011-06-20 00:01:08 <lfm> KuDeTa: I think you are wasting your breath.
10 2011-06-20 00:01:11 <OVerLoRDI> BTCTrader, I'd put my coins there
11 2011-06-20 00:01:20 <BTCTrader> sure, what better way to secure bitcoins? :D
12 2011-06-20 00:01:23 <OVerLoRDI> or are we exchanging coins for guns now?
13 2011-06-20 00:01:28 <OVerLoRDI> cause I'll do that too
14 2011-06-20 00:01:35 <jrmithdobbs> KuDeTa: exactly why i did f-d on gavin earlier
15 2011-06-20 00:01:35 <lfm> OVerLoRDI: you want a gun?
16 2011-06-20 00:01:49 <jrmithdobbs> KuDeTa: people shuffling this shit under the rug is not acceptable any more
17 2011-06-20 00:01:52 <OVerLoRDI> lfm sure, what kind
18 2011-06-20 00:01:53 <BTCTrader> there is already 1 firearms dealer in the us accepting bitcoins
19 2011-06-20 00:01:59 <KuDeTa> lfm: it works everywhere else, go to any linux distro (eg. ubuntu), any open source project
20 2011-06-20 00:02:05 Neocryptek_ has joined
21 2011-06-20 00:02:27 <lfm> KuDeTa: I dont know of any widley enforced security standards
22 2011-06-20 00:02:42 storrgie has quit (Remote host closed the connection)
23 2011-06-20 00:03:03 hahuang65 has quit ()
24 2011-06-20 00:03:05 <luke-jr> ;;bc,blocks
25 2011-06-20 00:03:37 <lfm> KuDeTa: and it seems the security pros and the black hats would always be way ahead of any standard written and enforced by a commitee
26 2011-06-20 00:04:06 theorb has joined
27 2011-06-20 00:04:13 <ThomasV> I read there are rumors about a possible 400k btc theft ; have they been confirmed by MagicalTux ?
28 2011-06-20 00:04:26 Raulo has quit (Ping timeout: 252 seconds)
29 2011-06-20 00:04:28 <phantomcircuit> KuDeTa, community guidelines for security practices would be a very good place to start though
30 2011-06-20 00:04:36 <lfm> ThomasV: go to mtgox.com and read before you speak
31 2011-06-20 00:04:42 <KuDeTa> i think community guidelines would be a good place
32 2011-06-20 00:04:47 theorbtwo has quit (Ping timeout: 240 seconds)
33 2011-06-20 00:04:47 <phantomcircuit> lfm, the shit that's going wrong right now is like, amateur hour
34 2011-06-20 00:04:54 theorb is now known as theorbtwo
35 2011-06-20 00:05:16 <lfm> phantomcircuit: oh? you know how they got the account file outa mtgox?
36 2011-06-20 00:05:31 <ThomasV> lfm: I see nothing there about that
37 2011-06-20 00:05:46 <KuDeTa> if the community asks for a minimum level and agree it amongst itself, it would be hard for the exchanges not to follow
38 2011-06-20 00:05:54 <lfm> ThomasV: refresh
39 2011-06-20 00:06:12 <BTCTrader> https://rapidshare.com/#!download|359tg2|1969319443|accounts.csv|4023|R~0
40 2011-06-20 00:06:23 StephenFalken has left ()
41 2011-06-20 00:06:52 inktri has left ()
42 2011-06-20 00:07:09 <lfm> BTCTrader: you want a copy? You might as well, everyone else has
43 2011-06-20 00:07:24 unspecified has quit (Quit: Page closed)
44 2011-06-20 00:07:26 <ThomasV> lfm: huh ?
45 2011-06-20 00:07:29 <BTCTrader> i had a copy for 2 hours now :D
46 2011-06-20 00:07:36 <lfm> hehe ok
47 2011-06-20 00:07:42 <phantomcircuit> lfm, no but that csrf i found is seriously amateur hour here
48 2011-06-20 00:07:46 <jrmithdobbs> lfm: tux is saying it's not sqli but if it's something else it's something way worse
49 2011-06-20 00:07:52 <ThomasV> lfm: I am not talking about the hack
50 2011-06-20 00:08:16 <lfm> ThomasV: they are the same thing
51 2011-06-20 00:08:22 <ThomasV> lfm: no
52 2011-06-20 00:08:29 <lfm> sigh
53 2011-06-20 00:08:45 <ThomasV> according to mt, damages are limited to $1000
54 2011-06-20 00:08:53 <jrmithdobbs> ;;bc,blocks
55 2011-06-20 00:08:57 <ThomasV> $1000 is not the same thing as 400k btc
56 2011-06-20 00:09:04 aoeui has quit (Ping timeout: 250 seconds)
57 2011-06-20 00:09:14 <jarly> it's the same as 100k btc if they're all 1 cent
58 2011-06-20 00:09:20 <copumpkin> they aren't though
59 2011-06-20 00:09:25 <jarly> well, they were :)
60 2011-06-20 00:09:27 <copumpkin> according to MagicalTux at least
61 2011-06-20 00:09:29 Obehsh has joined
62 2011-06-20 00:09:40 <lfm> thomas one is the facts, the other is the facts blow out of proportion
63 2011-06-20 00:09:42 <jrmithdobbs> he better talk to his lawyers before he rolls back all that market movement
64 2011-06-20 00:10:04 <jtaylor> is there news if there was a protection against this workaround the 1000$ limit?
65 2011-06-20 00:10:13 GarrettB has joined
66 2011-06-20 00:10:21 GarrettB has quit (Changing host)
67 2011-06-20 00:10:21 GarrettB has joined
68 2011-06-20 00:10:38 kv39 has quit (Quit: Page closed)
69 2011-06-20 00:10:58 darnold has quit (Ping timeout: 258 seconds)
70 2011-06-20 00:11:05 dosman711 has joined
71 2011-06-20 00:11:15 <assassindrake> copumpkin how much was 1000 worth of bitcoins?
72 2011-06-20 00:11:50 <copumpkin> assassindrake: MagicalTux said they only got around 100 btc out iirc
73 2011-06-20 00:12:30 aristidesfl has quit (Max SendQ exceeded)
74 2011-06-20 00:12:42 Obehsh has quit (Client Quit)
75 2011-06-20 00:13:08 hahuang65 has joined
76 2011-06-20 00:13:27 lessPlastic has joined
77 2011-06-20 00:14:13 <ssalxs> At least one user with no reason to lie claims 1000BTC bought at 0.01 and 600 BTC transferred out. Not malicious, just lucky.
78 2011-06-20 00:14:27 <copumpkin> ah
79 2011-06-20 00:15:49 aristidesfl has joined
80 2011-06-20 00:15:54 <genewitch> _;;bc,stats
81 2011-06-20 00:16:00 BCBot has quit (Ping timeout: 244 seconds)
82 2011-06-20 00:16:14 <genewitch> bot broken? I can't get mine to retrieve market data
83 2011-06-20 00:16:20 <Kiba> hmm
84 2011-06-20 00:16:22 <KuDeTa> there is no market
85 2011-06-20 00:16:23 <Kiba> lot of angry people today
86 2011-06-20 00:16:24 <KuDeTa> :(
87 2011-06-20 00:16:27 <lfm> dont put the "_" in front
88 2011-06-20 00:16:39 <Kiba> gald I am not the guy who runs a million dollars a day exchange market
89 2011-06-20 00:17:04 dosman711 has quit (Quit: Leaving)
90 2011-06-20 00:17:10 <briareus> there is a market
91 2011-06-20 00:17:10 <lfm> genewitch: mtgox is down, see mtgox.com for info
92 2011-06-20 00:17:38 <genewitch> cuddlefish mentioned that there was a cross site scripting issue
93 2011-06-20 00:17:41 <briareus> virwox is trading, bitomat is trading, individual trading
94 2011-06-20 00:17:59 richardus has joined
95 2011-06-20 00:18:05 <lfm> ThomasV: well I did read the forum threads regarding that old txn too and I think they explained it to my satisfaction but obviously you have higher standards
96 2011-06-20 00:18:08 <Kiba> hmm
97 2011-06-20 00:18:17 <Kiba> I don't like bad people. bad people are evil and mean.
98 2011-06-20 00:18:54 <ThomasV> Kiba: lol
99 2011-06-20 00:19:10 <Cryo> back up
100 2011-06-20 00:19:22 <Cryo> or at least looks like it might be coming out of a coma
101 2011-06-20 00:19:30 <jrmithdobbs> genewitch: csrf not xss
102 2011-06-20 00:19:37 <jrmithdobbs> genewitch: much different and much worse
103 2011-06-20 00:20:18 Obehsh has joined
104 2011-06-20 00:20:50 <ne0futur> virwox still going up
105 2011-06-20 00:21:03 <sanchaz> i aint using mtgox for a while
106 2011-06-20 00:21:28 <Kiba> I stop using mtgox when I stop trading
107 2011-06-20 00:21:43 <Kiba> now I just hold bitcoin and build a bitcoin business
108 2011-06-20 00:21:55 <devon_hillard> so with BTC down, what is the current going rate?
109 2011-06-20 00:22:03 <devon_hillard> s/BTC/mtgox/ sorry
110 2011-06-20 00:22:03 <Kiba> Mtgox down ya mean
111 2011-06-20 00:22:14 <Xunie> Lol, BTC ain't never down1
112 2011-06-20 00:22:24 marc0polo has quit (Ping timeout: 252 seconds)
113 2011-06-20 00:22:26 GarrettB has quit (Read error: Connection reset by peer)
114 2011-06-20 00:23:02 BCBot has joined
115 2011-06-20 00:23:27 <Xunie> Man, this whole Mt.Gox situation? People need to calm down mang.
116 2011-06-20 00:23:44 <Kiba> when ya got money in mtgox, you ARE NOT going to be calm
117 2011-06-20 00:23:44 <D0han> devon_hillard: http://bitcoincharts.com/markets/
118 2011-06-20 00:23:56 <devon_hillard> Xunie, haha, no, they need to panic :p
119 2011-06-20 00:24:31 <Xunie> Man, this scenario was inevitable!
120 2011-06-20 00:24:54 apsoa has joined
121 2011-06-20 00:25:09 <sanchaz> yeah but i fail to see how that makes it all better this should never have happened
122 2011-06-20 00:25:10 bulletbill has joined
123 2011-06-20 00:25:36 <D0han> so bitomat.pl is now biggest BTC market
124 2011-06-20 00:25:36 RobboNZ has quit (Ping timeout: 246 seconds)
125 2011-06-20 00:25:40 <D0han> lulz
126 2011-06-20 00:25:50 <Kiba> that's because the original owner sucks at security and the current owner didn't make security a bigger prority
127 2011-06-20 00:26:14 <Xunie> *.pl, I laughed.
128 2011-06-20 00:26:19 <Kiba> that's "hobby" level site for ya
129 2011-06-20 00:26:35 doofus2 has joined
130 2011-06-20 00:27:11 m00p has quit (Ping timeout: 260 seconds)
131 2011-06-20 00:27:27 <Kiba> my site sucks too but it was not important and doesn't have money stored on it
132 2011-06-20 00:27:31 <D0han> bitomat dont have fees ;>
133 2011-06-20 00:27:46 <Kiba> and I should be securing it anyway though
134 2011-06-20 00:27:49 <Xunie> D0han, really?! My god, I don't have any bitcoins now! DAMN IT Mt.Gox! I need mah money!
135 2011-06-20 00:28:11 <D0han> ..it never had
136 2011-06-20 00:28:36 musp3r_ has quit (Ping timeout: 258 seconds)
137 2011-06-20 00:29:32 <Kiba> anyway
138 2011-06-20 00:29:56 <Kiba> http://bitcoinweekly.com will have a dedicated comic section
139 2011-06-20 00:30:04 <Wuked> bc,prob
140 2011-06-20 00:30:09 <Wuked> ;;bc,probd
141 2011-06-20 00:30:10 <genewitch> bot's down
142 2011-06-20 00:30:13 <Wuked> ah
143 2011-06-20 00:30:13 <Wuked> :D
144 2011-06-20 00:31:04 gim has quit (Quit: Leaving)
145 2011-06-20 00:31:11 <KuDeTa> thats just rubbing salts into the wound
146 2011-06-20 00:31:17 <genewitch> world's coming to an end because of a centralized trading hub
147 2011-06-20 00:31:21 <jarly> lolololo "salts"
148 2011-06-20 00:31:23 <KuDeTa> :)
149 2011-06-20 00:31:29 <Xunie> genewitch, pretty much...
150 2011-06-20 00:31:44 <genewitch> Xunie: want to buy 1 BTC? i want a steam game :-D
151 2011-06-20 00:31:56 <genewitch> anyhow i am off to change every password
152 2011-06-20 00:31:59 <Xunie> genewitch, can't.
153 2011-06-20 00:32:05 <ericmock> bitpizza.com still up?
154 2011-06-20 00:32:07 <genewitch> makemeapassword.com seems like a useful strategy
155 2011-06-20 00:32:16 <KuDeTa> get your favourite book
156 2011-06-20 00:32:19 <KuDeTa> random page
157 2011-06-20 00:32:24 <KuDeTa> first letter of every line
158 2011-06-20 00:32:45 knightrage has joined
159 2011-06-20 00:32:52 jrabbit has joined
160 2011-06-20 00:33:06 <jrabbit> Dear god google scared me saying my account was suspicious
161 2011-06-20 00:33:08 <jarly> genewith: that's pretty cool
162 2011-06-20 00:33:17 Rolz73 has quit (Quit: AndroIRC)
163 2011-06-20 00:33:19 <jrabbit> Atleast I only had to change my password
164 2011-06-20 00:33:23 erek has joined
165 2011-06-20 00:33:24 <lfm> KuDeTa: the last letter of the lines might be better, then you could get some puncuation maybe
166 2011-06-20 00:33:32 <Xunie> jrabbit, me too mang!
167 2011-06-20 00:33:44 <MagicalTux> anyone working at google in there ?
168 2011-06-20 00:33:47 <jrabbit> Xunie: Maybe someone attemtped to brute force it
169 2011-06-20 00:33:53 <ericmock> there?
170 2011-06-20 00:33:57 <ericmock> here?
171 2011-06-20 00:33:59 <ericmock> yes
172 2011-06-20 00:34:01 <KuDeTa> yea, i think once you get the book you'll figure it out from there :)
173 2011-06-20 00:34:08 <jrabbit> Xunie: or tried basic passwords on all of the accounts.
174 2011-06-20 00:34:15 <Xunie> jrabbit, bruteforce with google? No. Most likely a bitcoin fan @ google said "Hey, Mt.Gox got hacked, let's force these users to change their passwords!"
175 2011-06-20 00:34:21 <jarly> MagicalTux: TD is a google employee, i talked to him about the passwords
176 2011-06-20 00:34:29 <Xunie> ^ See?! :P
177 2011-06-20 00:34:35 <jrabbit> Xunie: Oddly google didn't say what trigged it, the gmail log was clean
178 2011-06-20 00:34:44 <jarly> it wouldn't, td said
179 2011-06-20 00:34:44 <jrabbit> Xunie: I coudlnt' change my pw on the phone!
180 2011-06-20 00:34:50 <jrabbit> it just locked me out :(
181 2011-06-20 00:35:00 <jrabbit> man android sucks
182 2011-06-20 00:35:05 <jarly> jrabbit: was your password salted?
183 2011-06-20 00:35:07 <MagicalTux> TD is not here anymore
184 2011-06-20 00:35:11 <jrabbit> also fuck that guy who emailed me
185 2011-06-20 00:35:12 <sanchaz> jrabbit: i got that too
186 2011-06-20 00:35:13 <jrabbit> spammy whore
187 2011-06-20 00:35:35 <Xunie> jrabbit, thank *GOD* I am sane enough to use different passwords for everything.
188 2011-06-20 00:35:38 nevezen has joined
189 2011-06-20 00:35:41 <Xunie> DIY password solution with GPG FTW!
190 2011-06-20 00:35:50 <Xunie> (inb4 harddrive crash btw.)
191 2011-06-20 00:36:10 <jrabbit> Xunie: I'm not happy to hear Md5 in relatino to my security
192 2011-06-20 00:36:10 <Kiba> the world needs to switch to public key cryptography
193 2011-06-20 00:36:13 <jrabbit> whats pissing me off is
194 2011-06-20 00:36:14 <lfm> Xunie: that sounds like a good way to go
195 2011-06-20 00:36:15 commonlisp has joined
196 2011-06-20 00:36:19 <ius> Xunie: TD works at abuse @ Google even, he swiftly locked/whatnot all accounts
197 2011-06-20 00:36:23 <jrabbit> I don't have the password I used written down for mtgox
198 2011-06-20 00:36:30 <Xunie> jrabbit, yeah, SHA256-HMAC ftw.
199 2011-06-20 00:36:30 <jrabbit> I don't know which I used
200 2011-06-20 00:36:40 <jrabbit> is the salt stuff out there?
201 2011-06-20 00:36:45 <Xunie> jrabbit, brute force it! xD
202 2011-06-20 00:36:56 <genewitch> Xunie: i was thinking of putting a private key on a thumb drive and using that to unlock an encrypted document with all my passwords
203 2011-06-20 00:37:19 <jrabbit> so I could check which of my passwords it was
204 2011-06-20 00:37:23 <genewitch> but there is software that does something similar, you have to remember 1 password and it stores the rest
205 2011-06-20 00:37:29 <Xunie> genewitch, I will defiantly do that, however if the drive gets stolen... D:
206 2011-06-20 00:37:31 <jrabbit> genewitch: most "password solutiuon" apps do that
207 2011-06-20 00:37:33 <BTCTrader> genewitch: google openpgp card
208 2011-06-20 00:37:38 <jrmithdobbs> genewitch: i keep the key on my laptop in an encrypted disk image (using passphrase) that gets backed up
209 2011-06-20 00:37:39 <jrabbit> or can
210 2011-06-20 00:37:45 <lfm> genewitch: you'd want some backups, thumbdrives fail and get lost
211 2011-06-20 00:37:46 <genewitch> Xunie: i have cloud servers i can use to back up the private key
212 2011-06-20 00:37:47 <pettr1> this is my truecrypt encryption: http://dl.dropbox.com/u/12590040/nimet%C3%B6n.jpg no idea if it's good :D
213 2011-06-20 00:37:48 <jrabbit> jrmithdobbs: rubber hose.
214 2011-06-20 00:37:50 <random_cat> genewitch: that works pretty well
215 2011-06-20 00:37:50 <sanchaz> keepass
216 2011-06-20 00:38:07 <Xunie> genewitch, and have your key in the cloud? Oh man, don't get me started on that!
217 2011-06-20 00:38:15 <jrabbit> ... lol
218 2011-06-20 00:38:28 <genewitch> Xunie: hey i'm a cloud admin, you don't get ME started on that
219 2011-06-20 00:38:35 <random_cat> haha.. yeah.. don't put the private key on the cloud
220 2011-06-20 00:38:38 * genewitch points at my hostname
221 2011-06-20 00:38:38 <jrabbit> wheres the leaked info?
222 2011-06-20 00:38:45 <lfm> genewitch: ya, if its on the cloud you need to encrypt THAT with another key
223 2011-06-20 00:38:51 <random_cat> put the private key close to you
224 2011-06-20 00:38:55 <genewitch> lfm it is encrypted
225 2011-06-20 00:38:56 xert has quit (Read error: Connection reset by peer)
226 2011-06-20 00:38:57 <jrmithdobbs> jrabbit: why?
227 2011-06-20 00:39:14 <lfm> genewitch: ya but who has those keys?
228 2011-06-20 00:39:15 <jrmithdobbs> jrabbit: it's a 30char+ passphrase on both the disk image and the key?!
229 2011-06-20 00:39:27 kreal- has quit (Ping timeout: 240 seconds)
230 2011-06-20 00:40:19 <jrabbit> jrmithdobbs: they'll just beat you with a rubber hose :P
231 2011-06-20 00:40:25 <jrabbit> jrmithdobbs: or your loved ones
232 2011-06-20 00:40:36 <jrmithdobbs> jrabbit: who's they
233 2011-06-20 00:40:49 <jrabbit> Whoever you're hiding stuff from
234 2011-06-20 00:40:58 <lfm> they is who wants to own all your bases
235 2011-06-20 00:41:02 <ius> Rubber hose cryptanalysis \p/
236 2011-06-20 00:41:10 <jrmithdobbs> it's just my auth data / signing stuff and some financial info tbqh
237 2011-06-20 00:41:19 <jrabbit> Is the salt out yet?
238 2011-06-20 00:41:29 <jrabbit> I need to verify which pw I used
239 2011-06-20 00:41:35 <lfm> jrabbit: what salt do you mean?
240 2011-06-20 00:41:38 <jrmithdobbs> jrabbit: nobody wants it anyways ;p
241 2011-06-20 00:41:38 <jrabbit> so I can check my important accounts
242 2011-06-20 00:41:39 xert has joined
243 2011-06-20 00:41:45 <jrabbit> lfm: the passwords are salted
244 2011-06-20 00:41:53 <gmaxwell> jrabbit is just demonstrating that they don't understand salted passwords.
245 2011-06-20 00:41:59 <jrmithdobbs> lol
246 2011-06-20 00:42:02 <jrabbit> you do an operation of the passcode + salt then do the hash
247 2011-06-20 00:42:16 <gmaxwell> jrabbit: yes, and the salt is stored with the password.
248 2011-06-20 00:42:17 <jrabbit> md5(funct(pass,salt)) in this case
249 2011-06-20 00:42:22 <jrabbit> gmaxwell: no I know
250 2011-06-20 00:42:24 <ius> jrabbit: unix crypt(md5), per-password salt
251 2011-06-20 00:42:26 <jrabbit> gmaxwell: wait
252 2011-06-20 00:42:38 <jrabbit> ius: oh.
253 2011-06-20 00:42:42 commonlisp has quit (Quit: This computer has gone to sleep)
254 2011-06-20 00:42:43 <jrmithdobbs> jrabbit: um, the salt just gets prepended to the password before the function
255 2011-06-20 00:42:49 <jrmithdobbs> s/function/hash function/
256 2011-06-20 00:42:55 <genewitch> https://lastpass.com
257 2011-06-20 00:42:55 <jrabbit> jrmithdobbs: ... duh?
258 2011-06-20 00:43:10 <jrabbit> its psuedo-code don't get your panties in a bunch
259 2011-06-20 00:43:13 <jrmithdobbs> so the 'is the salt out yet?' is a stupid question?
260 2011-06-20 00:43:14 quiznor has joined
261 2011-06-20 00:43:17 <jrabbit> I jsut want to verify which pw I used >_<
262 2011-06-20 00:43:17 <quiznor> crazy shit goin down
263 2011-06-20 00:43:24 <gmaxwell> jrabbit: then verify it
264 2011-06-20 00:43:25 <jrabbit> jrmithdobbs: I didn't know how dumb the security was
265 2011-06-20 00:43:35 <gmaxwell> jrabbit: thats how it works _everywhere_
266 2011-06-20 00:43:35 <lfm> and those salt are right there for you to see. and its not dumb
267 2011-06-20 00:43:43 <jrabbit> lfm: ah
268 2011-06-20 00:44:04 <alystair> lmao who's the asshat whom tried to get into my gmail account :D
269 2011-06-20 00:44:18 <alystair> I use different passwords everywhere, good luck with that.
270 2011-06-20 00:44:22 <gmaxwell> alystair: no one, all gmail accounts listed in the file were locked down because google rocks.
271 2011-06-20 00:44:29 <ericmock> can't salt be prepended, appended, sprinkled throughout, etc?
272 2011-06-20 00:44:35 <jrabbit> alystair: I generally do but I have some "untrusted" passwords I share
273 2011-06-20 00:44:41 <gmaxwell> ericmock: it doesn't matter.
274 2011-06-20 00:44:43 <cut> http://oi53.tinypic.com/2mhzq6u.jpg
275 2011-06-20 00:44:46 <quiznor> alystair: google locked all the accounts down after they discovered the breach
276 2011-06-20 00:44:48 <alystair> they forced me to change my account password even tho' it was different.
277 2011-06-20 00:44:55 * alystair shrugs
278 2011-06-20 00:44:56 <jrabbit> cut: ^5
279 2011-06-20 00:44:58 <lfm> ericmock: it could but it doesnt really matter
280 2011-06-20 00:45:05 <ericmock> gmaxwell: from a security perspective, yea, I get that
281 2011-06-20 00:45:15 <alystair> TD left the room tho' eh?
282 2011-06-20 00:45:24 <gmaxwell> alystair: they couldn't tell if it was different without cracking the mtgox passwords. :)
283 2011-06-20 00:45:24 datguy has quit (Quit: datguy)
284 2011-06-20 00:45:34 <ericmock> but if you just wanted to quickly MD5 a few p-words you might have used to see which one it was in the mtgox db
285 2011-06-20 00:45:52 <quiznor> mining hashrates went down as miners switched their GPUs to password cracking
286 2011-06-20 00:46:05 <lfm> quiznor: lol
287 2011-06-20 00:46:11 <quiznor> the world's largest supercomputer is picking apart the 60,000 or so passwords in that list as we speak
288 2011-06-20 00:46:17 <gmaxwell> ericmock: perl -le 'print crypt("$yourpass", "$salt")
289 2011-06-20 00:46:19 <quiznor> (largest supercomputer = bitcoin hash network)
290 2011-06-20 00:46:31 <gmaxwell> where $salt is the part before the second $
291 2011-06-20 00:46:39 McMini has quit ()
292 2011-06-20 00:46:50 bk128_ has joined
293 2011-06-20 00:46:51 <ericmock> ah, okay, then it was overly simple
294 2011-06-20 00:47:08 <bk128_> did other people on gox get the email promoting tradehill? Guess they got the email database
295 2011-06-20 00:47:11 <ericmock> I mean, sheesh, be a little clever with the salt at least
296 2011-06-20 00:47:14 <gmaxwell> ericmock: er sorry. Third $. And escape the $ with \
297 2011-06-20 00:47:31 <gmaxwell> ericmock: er? huh?
298 2011-06-20 00:47:33 <lfm> ericmock: ya, if your password in in a dictionary or too short then you could have lost it all
299 2011-06-20 00:47:34 <quiznor> yeah the gov now has the email address of every bitcoin user.. they will be stepping up surveillance of those accounts looking for suspicious keywords etc
300 2011-06-20 00:47:51 <gmaxwell> ericmock: this is the standard way that salted hashed passwords are stored.
301 2011-06-20 00:48:02 <ericmock> gmaxwell: yea 'standard' is the problem
302 2011-06-20 00:48:14 <gmaxwell> ericmock: well what would you expect?
303 2011-06-20 00:48:16 <ericmock> that's why I said it would have been good to be clever
304 2011-06-20 00:48:21 <lfm> ericmock: standard means it is well tested for weaknesses
305 2011-06-20 00:48:50 <ericmock> and I'm not talking about me... just sticking up for the guy asking above.
306 2011-06-20 00:48:55 intlkleinblue has joined
307 2011-06-20 00:49:19 <lfm> ericmock: odds are anyone who comes up with something "clever" will miss some weaknees that makes it worse than the standard
308 2011-06-20 00:49:25 <quiznor> looks like a good chunk of the bitcoins in circulation are stolen goods.. interesting
309 2011-06-20 00:49:29 <gmaxwell> ericmock: There really isn't any point to being "clever".
310 2011-06-20 00:49:47 aristidesfl has quit (Ping timeout: 240 seconds)
311 2011-06-20 00:49:51 <gmaxwell> quiznor: huh? AFAIK none of the big wad of coins stolen today left the exchange.
312 2011-06-20 00:50:07 <ericmock> well, I'm just saying if you're storing the salt with the password and the cracker knows how the salt is used...
313 2011-06-20 00:50:11 <quiznor> lol gmaxwell.. what about allinvain? what about the reports of gox accounts being hacked for the past week? you think hackers were just in there today?
314 2011-06-20 00:50:16 <jrabbit> gmaxwell: the perl crypt() is limited in length...
315 2011-06-20 00:50:21 Technomage is now known as Guest16052
316 2011-06-20 00:50:35 <ius> ericmock: if you're writing crypto code yourself you're doing it wrong, a wise man once said
317 2011-06-20 00:50:36 <quiznor> there were major thefts months ago as well
318 2011-06-20 00:50:37 <ericmock> lfm: and I'm not talking about re-inventing the wheel here...
319 2011-06-20 00:50:42 <gmaxwell> ericmock: if you don't know the salt you can't check the password.
320 2011-06-20 00:50:53 apsoa has quit (Quit: Leaving.)
321 2011-06-20 00:50:54 <lfm> quiznor: those are prolly gonna be reversed back to them
322 2011-06-20 00:50:55 <quiznor> if you count up all the reported thefts, it probably comes out to around 1.5 mil btc at this point
323 2011-06-20 00:51:06 <ericmock> but the salt is in with the hashed password, no?
324 2011-06-20 00:51:11 <jrabbit> ericmock: it is
325 2011-06-20 00:51:21 asynkritus has joined
326 2011-06-20 00:51:27 <copumpkin> I think it's pretty impressive that roconnor implemented a reasonably functional bitcoin implementation from scratch (including ECDSA and hashing implementations) in so little time
327 2011-06-20 00:51:33 <jrabbit> http://forum.bitcoin.org/index.php?topic=19566.msg245054#msg245054 suoposedly?
328 2011-06-20 00:51:36 <gmaxwell> quiznor: no.. it comes up to about 26k at most.
329 2011-06-20 00:51:39 <lfm> ericmock: and you are just saying stuff that has no relevance to real security
330 2011-06-20 00:51:41 <ericmock> so, then it's essentially just helping in one way
331 2011-06-20 00:51:43 <KuDeTa> the charcs between $1$SALT$HASH
332 2011-06-20 00:51:45 <luke-jr> copumpkin: who?
333 2011-06-20 00:51:50 <phantomcircuit> copumpkin, it is very impressive actually
334 2011-06-20 00:51:50 <roconnor> :)
335 2011-06-20 00:51:54 <ericmock> lfm: 'real' security?
336 2011-06-20 00:52:04 <copumpkin> luke-jr: the guy who just smiled
337 2011-06-20 00:52:12 <ius> copumpkin: in a functional language evil? black magic, i tell you! ;)
338 2011-06-20 00:52:18 <copumpkin> indeed!
339 2011-06-20 00:52:19 Gaming4JC has quit (Quit: Are you a good person? http://needgod.com)
340 2011-06-20 00:52:20 caedes has joined
341 2011-06-20 00:52:20 caedes has quit (Changing host)
342 2011-06-20 00:52:20 caedes has joined
343 2011-06-20 00:52:23 <copumpkin> the horror
344 2011-06-20 00:52:25 <quiznor> gmaxwell: lol you haven't been reading the reports then
345 2011-06-20 00:52:28 <ericmock> you store the salt in plain text and use a known algorithm to hash it... that's slightly better than no salt
346 2011-06-20 00:52:35 caedes is now known as _caedes
347 2011-06-20 00:52:41 <lfm> ericmock: knowing the salt does not help you find the password and it does slow down the so called rainbow table attacks and such
348 2011-06-20 00:52:42 <roconnor> bitcoin isn't that complicated ... granted it was more complicated than I thought when I started ^_^
349 2011-06-20 00:52:45 _caedes is now known as caedes
350 2011-06-20 00:52:50 <gmaxwell> quiznor: You know that the mtgox activity doay is being reversed, right?
351 2011-06-20 00:52:53 <ius> ericmock: http://en.wikipedia.org/wiki/Kerckhoffs%27s_Principle
352 2011-06-20 00:52:56 <ius> Go read it, then return
353 2011-06-20 00:52:56 <quiznor> you should assume most of the gox accounts were hacked (for how long we have no idea really, but it was more than a few weeks)
354 2011-06-20 00:52:57 <roconnor> and the real bitcoin client does way way more than what I have.
355 2011-06-20 00:53:00 <phantomcircuit> ericmock, actually it's a lot better than no salt
356 2011-06-20 00:53:01 <ericmock> lfm: yea, that's why I said 'slightly'
357 2011-06-20 00:53:04 <quiznor> gmaxwell: so what? gox has been comrpomised for much longer than that
358 2011-06-20 00:53:14 <gmaxwell> quiznor: and the prior claims about 260k and 400k being stolen were just speculation and those accounts were just mtgox's normal business, right.
359 2011-06-20 00:53:17 <ericmock> it just slows things down some...
360 2011-06-20 00:53:42 <phantomcircuit> ericmock, for md5 it's orders of magnitude since there are publicaly available extensive rainbow tables
361 2011-06-20 00:53:46 <lfm> ericmock: fine, you can use "eric's wonderfull password encryption" and sensible people will stick to the standards
362 2011-06-20 00:53:49 <quiznor> gmaxwell: gox hasn't said one way or the other
363 2011-06-20 00:53:49 lessPlastic has quit (Quit: lessPlastic)
364 2011-06-20 00:54:01 Hal____ has joined
365 2011-06-20 00:54:06 <gmaxwell> quiznor: Hasn't said what?
366 2011-06-20 00:54:15 theymos has joined
367 2011-06-20 00:54:19 theymos has left ()
368 2011-06-20 00:54:24 <ericmock> lfm: wtf? I'm not talking about reinvent cryptography here
369 2011-06-20 00:54:28 <quiznor> he didn't say if those were authorized transfers or not
370 2011-06-20 00:54:32 Raccoon is now known as ifyouwantmeinsid
371 2011-06-20 00:54:36 ifyouwantmeinsid is now known as Raccoon
372 2011-06-20 00:54:43 <gmaxwell> quiznor: yes he did, a aweek or so ago.
373 2011-06-20 00:54:44 <quiznor> http://forum.bitcoin.org/index.php?topic=18050.0 <-- tons of ppl reporting their gox account hacked into, before the latest meltdown
374 2011-06-20 00:54:54 elly has joined
375 2011-06-20 00:54:58 <gmaxwell> quiznor: yes, thats probably legit. but go add up the reports.
376 2011-06-20 00:55:02 <gmaxwell> quiznor: its not much in total.
377 2011-06-20 00:55:20 <lfm> ericmock: well you are questioning what most accept so it sounds like you want to reinvent something
378 2011-06-20 00:55:30 <jrmithdobbs> http://oi53.tinypic.com/2mhzq6u.jpg
379 2011-06-20 00:55:31 <jrmithdobbs> rofl
380 2011-06-20 00:55:34 <gmaxwell> ericmock: what exactly are you proposing?
381 2011-06-20 00:55:45 <quiznor> gmaxwell: mtgox's statements arent credible. for instance, on their home page now they say "Apart from this no account was compromised, and nothing was lost."
382 2011-06-20 00:55:47 Tim-7967 has quit (Ping timeout: 244 seconds)
383 2011-06-20 00:55:54 <quiznor> which is a steaming pile of bs heh
384 2011-06-20 00:55:56 <ericmock> why do you /need/ to use crypt()? and not go back to whatever crypt uses to hash?
385 2011-06-20 00:56:08 <quiznor> "Apart from this no account was compromised, and nothing was lost." and then in the next paragraph, btw the whole database was leaked!
386 2011-06-20 00:56:17 <gmaxwell> ericmock: because people who do that get compromised, because they end up using raw md5.
387 2011-06-20 00:56:33 <ericmock> well, not using crypt does /not/ mean using raw md5
388 2011-06-20 00:56:40 <copumpkin> use pbkdf2
389 2011-06-20 00:56:48 bk128_ has quit (Quit: bk128_)
390 2011-06-20 00:56:51 <jrmithdobbs> ericmock: because they don't understand the unix md5 password hashing algorithm
391 2011-06-20 00:56:53 theymos has joined
392 2011-06-20 00:57:12 aristidesfl has joined
393 2011-06-20 00:57:13 <gmaxwell> ericmock: so, What exactly are you proposing which would have been better?
394 2011-06-20 00:57:14 <ericmock> being 'clever' does not mean reinventing the wheel...
395 2011-06-20 00:57:15 <quiznor> pbkdf2 is nice
396 2011-06-20 00:57:22 netsky has quit (Read error: Connection reset by peer)
397 2011-06-20 00:57:24 <lfm> ericmock: well, crypt has had years of analysis and no attacks are really much better than brute force
398 2011-06-20 00:58:04 <gmaxwell> quiznor: the wallet encryption uses pbkdf2 and yet is vulnerable to precomputation/rainbow table attacks.
399 2011-06-20 00:58:09 hallowworld has joined
400 2011-06-20 00:58:33 a_meteorite has quit (Quit: a_meteorite)
401 2011-06-20 00:58:52 * ericmock proposes rot58!!!
402 2011-06-20 00:59:20 <quiznor> gmaxwell: dude you have to use a sufficient hash and enough iterations
403 2011-06-20 00:59:22 <JFK911> why rot58? rot52 would be much more secure
404 2011-06-20 00:59:26 <quiznor> salt rather
405 2011-06-20 00:59:35 <gmaxwell> quiznor: yep.
406 2011-06-20 00:59:40 <lfm> ericmock: in cryptography, being clever is generally regarded as counter productive
407 2011-06-20 00:59:57 <gmaxwell> quiznor: I'm sure matt thought he was being uber secure with this:
408 2011-06-20 01:00:03 <gmaxwell> + int i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), (unsigned char *)"bitcoin is fun! and I prefer much longer salts, though I don't think they offer any real advantage",
409 2011-06-20 01:00:07 <gmaxwell> + (unsigned char *)&vchKeyData[0], vchKeyData.size(), 1000, chKey, chNotIV);
410 2011-06-20 01:00:07 <copumpkin> depends what kind of clever
411 2011-06-20 01:00:37 <lfm> copumpkin: amateure clever
412 2011-06-20 01:00:52 * copumpkin is only professionally clever
413 2011-06-20 01:00:55 <copumpkin> phew
414 2011-06-20 01:01:14 <quiznor> well.. a static salt isn't really a salt heh
415 2011-06-20 01:01:15 <ericmock> look, just take salt, mix it with some (1-1) algorithm of your choosing, use that as that with crypt
416 2011-06-20 01:01:33 <ericmock> s/that/input
417 2011-06-20 01:02:06 <s13013> why
418 2011-06-20 01:02:13 aoeui has joined
419 2011-06-20 01:02:23 <gmaxwell> ericmock: if the person can get the password file he can usually get the code for your "(1-1) algorithm of your choosing". And chances are you screwed up and managed to break the salt entirely, because people make mistakes.
420 2011-06-20 01:02:52 <ericmock> well, that's another step to cracking it isn't it?
421 2011-06-20 01:03:00 <quiznor> http://pastebin.com/hN7PxRhc
422 2011-06-20 01:03:02 <ericmock> and like five lines of code...
423 2011-06-20 01:03:14 <gmaxwell> ericmock: like five lines of code for the cracker too.
424 2011-06-20 01:03:14 MenderV has quit (Ping timeout: 250 seconds)
425 2011-06-20 01:03:28 <gmaxwell> Who probably knows a lot more about password security than the site operator.
426 2011-06-20 01:03:38 lessPlastic has joined
427 2011-06-20 01:03:56 <ericmock> well, it's a little hard to reverse how you're mixing the salt with the original password, no?
428 2011-06-20 01:03:57 <lfm> ericmock: it doesnt really slow anything down and it might acually speed up cracking efforts if you made any of the mistakes which have been researched for regular salts for many years
429 2011-06-20 01:04:02 <gmaxwell> quiznor: kinda crappy, it would have been just as good with the hashes stripped.
430 2011-06-20 01:04:15 <Zeiris_> Security by obscurity only works when the attackers have a short attention span before they give up. Like if you're protecting a little-used program of little value.
431 2011-06-20 01:04:20 markio has joined
432 2011-06-20 01:04:24 xert has quit (Read error: Connection reset by peer)
433 2011-06-20 01:04:24 <Zeiris_> The moment you involve money, people will figure it out.
434 2011-06-20 01:04:26 kika_ has joined
435 2011-06-20 01:04:32 <gmaxwell> ericmock: the site has to be able to decode it for it to be useful. If the site can decode it the attacker can too.
436 2011-06-20 01:04:32 <dD0T> gmaxwell: Hm. Skimmed the paper. Can't say I'm now any wiser about scrypt then I was before. Seems like it is very young and not exactly widespread. Also I lack the math to know whether it is safe to assume all those rounds can not simply be collapsed like for some of the other hashes out there. Is this hash worth using?
437 2011-06-20 01:04:47 kgo has quit (Read error: Connection reset by peer)
438 2011-06-20 01:04:48 <ericmock> you can be obscure and use well-tested methods too
439 2011-06-20 01:04:57 <kika_> on which IRC channel is MagicalTux mtgox owner?
440 2011-06-20 01:05:10 <Optimo> should we go to #bitcoin-exchange ?
441 2011-06-20 01:05:12 <ericmock> gmaxwell: that would mean the hacker got the php (presumably) code with the db
442 2011-06-20 01:05:13 <gmaxwell> dD0T: Thats the whole point of it. And its based on a proof that it can't be collapsed (given varrious assumptions) as well as a well tested hash function.
443 2011-06-20 01:05:14 kgo has joined
444 2011-06-20 01:05:27 <briareus> http://onlyonetv.com/ #bitcoin-onlyonetv (interview in 2 hours with mtgox guys and tradehill guys)
445 2011-06-20 01:05:47 <Optimo> #bitcoin-security ;p
446 2011-06-20 01:05:47 <gmaxwell> ericmock: And why couldn't he? moreover, if you were able to keep your code secure do the same with the hashed passwords.
447 2011-06-20 01:05:48 <quiznor> gmaxwell: yes it would be better without disclosing the hashes
448 2011-06-20 01:05:53 <lfm> about the only resonable proposal I have heard is to replace md5 with sha-2 hash
449 2011-06-20 01:06:02 <quiznor> i dunno why they posted that
450 2011-06-20 01:06:08 <gmaxwell> lfm: that wouldn't matter much.
451 2011-06-20 01:06:10 OtaconEmmerich has joined
452 2011-06-20 01:06:13 <ericmock> can sql injection get you access to the entire server?
453 2011-06-20 01:06:14 <eianpsego> there is a scrypt paper?
454 2011-06-20 01:06:21 <quiznor> ericmock: yes potentially
455 2011-06-20 01:06:38 <gmaxwell> Scrypt paper: http://www.tarsnap.com/scrypt/scrypt.pdf
456 2011-06-20 01:06:43 <eianpsego> gmaxwell, thanks
457 2011-06-20 01:06:45 <ericmock> sure... it could also potentially cause the server to explode...
458 2011-06-20 01:06:58 hachque has joined
459 2011-06-20 01:07:00 <dude65535> One way to make password hashes more secures is to hash the password many many times instead of just once.
460 2011-06-20 01:07:03 xert has joined
461 2011-06-20 01:07:06 <quiznor> exploding servers?
462 2011-06-20 01:07:08 <jrmithdobbs> ericmock: considering that if there's sqli your sql server is probably a) on the same host and b) not configured properly
463 2011-06-20 01:07:16 <lfm> gmaxwell: ya I know since the breaches have been afaik all from too simple passwords
464 2011-06-20 01:07:22 <copumpkin> dude65535: that's what that pbkdf2 does
465 2011-06-20 01:07:25 <copumpkin> among other things
466 2011-06-20 01:07:29 <kika_> dude65535: why just not use sha512 to hash the password? that would be secure i think!
467 2011-06-20 01:07:35 <gmaxwell> copumpkin: thats what the system in use does too.
468 2011-06-20 01:07:48 <copumpkin> kika_: no
469 2011-06-20 01:07:51 <copumpkin> that's not how it works
470 2011-06-20 01:07:52 <gmaxwell> copumpkin: the system used for most of those passwords was 1000x MD5.
471 2011-06-20 01:08:02 <copumpkin> gmaxwell: ah, okay
472 2011-06-20 01:08:02 <kika_> copumpkin: why it woulndt be secure?
473 2011-06-20 01:08:03 <jrmithdobbs> lfm: no, they haven't
474 2011-06-20 01:08:05 Tim-7967 has joined
475 2011-06-20 01:08:14 <jrmithdobbs> lfm: there is at least one previously known sqli in mtgox
476 2011-06-20 01:08:14 <copumpkin> kika_: you're kind of scaling it along the wrong axis :P
477 2011-06-20 01:08:14 <ericmock> wow, you guys are just assuming everything is broken now
478 2011-06-20 01:08:21 <quiznor> there are lots of ways
479 2011-06-20 01:08:26 <gmaxwell> sha2-256 would have been just as broken.
480 2011-06-20 01:08:30 <copumpkin> yeah
481 2011-06-20 01:08:31 <lfm> the fact is the crypt() is not the problem, the problem is passwords which are too simple
482 2011-06-20 01:08:34 <gmaxwell> (actually far more broken if they didn't run it many times)
483 2011-06-20 01:08:36 <ericmock> and I suppose you can assume he left the root password as alpine as was running on a jailbroken iphone
484 2011-06-20 01:08:42 <quiznor> you could have mysql import one of the include files into a table and then you have the database password
485 2011-06-20 01:08:43 <jrmithdobbs> lfm: and two csrfs that tux claims "weren't used" but considering a properly taken-advantage-of csrf isn't really tracable that claim is a fuckin joke
486 2011-06-20 01:08:52 <Cryo> heh, alpine ftw
487 2011-06-20 01:09:00 <jrmithdobbs> lfm: at the *least*
488 2011-06-20 01:09:08 <kika_> copumpkin: if you want to protect a password just sha512 it i think
489 2011-06-20 01:09:16 <copumpkin> kika_: no!
490 2011-06-20 01:09:23 <kika_> copumpkin: why not'
491 2011-06-20 01:09:23 <copumpkin> that is no better than md5 :P
492 2011-06-20 01:09:23 aristidesfl has quit (Quit: Leaving.)
493 2011-06-20 01:09:23 <jrmithdobbs> lfm: those are the ones i know of, and considering tux discloses nothing and responds to nothing who knows how many more issues have been corrected
494 2011-06-20 01:09:28 <gmaxwell> kika_: that would be less secure than the system mtgox used!
495 2011-06-20 01:09:39 <kika_> gmaxwell: why?
496 2011-06-20 01:09:42 <copumpkin> kika_: well, think about how an attacker attacks this stuff
497 2011-06-20 01:09:46 <gmaxwell> 1000x md5 is much slower to execute than 1000x sha-512.
498 2011-06-20 01:09:47 kish_ is now known as kish
499 2011-06-20 01:09:50 <gmaxwell> er than 1x sha-512
500 2011-06-20 01:09:51 <dD0T> kika_: It's not about the hash itself but the "stretching" of the underlying passwords entropy. The hash is important to but 1000x md5 still is more expensive than 1x sha512
501 2011-06-20 01:09:53 <quiznor> gox is swiss cheese
502 2011-06-20 01:09:57 <copumpkin> kika_: what properties does sha512 have that md5 does not?
503 2011-06-20 01:10:09 StephenFalken has joined
504 2011-06-20 01:10:13 <jlgaddis> ponies
505 2011-06-20 01:10:14 <gmaxwell> copumpkin: or more importantly that 1000x md5 does not. :)
506 2011-06-20 01:10:16 <jlgaddis> sha512 has ponies
507 2011-06-20 01:10:18 <kika_> copumpkin: i see so they just bruteforce i see
508 2011-06-20 01:10:26 <gmaxwell> kika_: yes!
509 2011-06-20 01:10:26 Neocryptek_ has quit (Ping timeout: 252 seconds)
510 2011-06-20 01:10:28 <dude65535> what matters is how long it takes to do the hash. The longer it takes to test one possiblities the longer it will take to brute force the password.
511 2011-06-20 01:10:32 <copumpkin> kika_: yeah, so having a longer, more collision-resistant hash won't fix anything
512 2011-06-20 01:10:36 <kika_> copumpkin: im talking about very long passwords
513 2011-06-20 01:10:41 <copumpkin> you want to make bruteforcing expensive for them
514 2011-06-20 01:10:46 <eianpsego> jlgaddis, I'm going to go with you on this one. Ponies it is.
515 2011-06-20 01:10:48 <gmaxwell> very long passwords are secure (if they're also random)
516 2011-06-20 01:10:53 <kika_> MD5 has collisions
517 2011-06-20 01:10:54 <jrmithdobbs> dude65535: and properly salting so that you can't parallelize against multiple hashes
518 2011-06-20 01:10:59 <quiznor> if they bring the site up using the same server its probably completely hacked
519 2011-06-20 01:11:00 <copumpkin> kika_: they don't help the attacker at all here
520 2011-06-20 01:11:06 <copumpkin> kika_: and they're not fully general collisions
521 2011-06-20 01:11:11 <copumpkin> which it's still secure from
522 2011-06-20 01:11:17 Nachtwind is now known as N8{afk}
523 2011-06-20 01:11:18 <gmaxwell> kika_: the md5 collisions are special forumations not applicable here. (especially not to 1000x md5)
524 2011-06-20 01:11:25 <kika_> so i hope the salts for the passwords be secure
525 2011-06-20 01:11:31 <dD0T> kika_: Every hash has collisions. They don't help if you are searching the actual plaintexts
526 2011-06-20 01:11:33 <kika_> and long and random enough
527 2011-06-20 01:11:40 <gmaxwell> kika_: no, you're misunderstanding salt.
528 2011-06-20 01:11:51 <lfm> quiznor: huh? no one has ever claimed the server was rooted or anything of the sort
529 2011-06-20 01:11:51 <gmaxwell> Why is it that many people misunderstand salt this way?
530 2011-06-20 01:12:06 <copumpkin> salt means you need to run md5 in google native client, right? ;)
531 2011-06-20 01:12:07 <kika_> encrypted_password = md5 ( salt + password )
532 2011-06-20 01:12:09 <gmaxwell> lfm: MagicalTux said it wasn't sql injection. Server rooted is a reasonable guess!
533 2011-06-20 01:12:12 <quiznor> lfm: do you really expect the hackers to announce theyve rooted it?
534 2011-06-20 01:12:26 <gmaxwell> kika_: and yes, the salt is a unique string stored with the password.
535 2011-06-20 01:12:33 <copumpkin> kika_: I wouldn't say "encrypted"
536 2011-06-20 01:12:35 <copumpkin> kika_: it's a one-way function
537 2011-06-20 01:12:42 <dD0T> gmaxwell: Most ppl. don't know what salt (beyond table salt) is
538 2011-06-20 01:12:49 <kika_> gmaxwell: wondering where mtgox was storing the salt for each password...
539 2011-06-20 01:12:51 <amiller> pepper... i put it on my plate
540 2011-06-20 01:12:53 <KuDeTa> NaCL
541 2011-06-20 01:12:54 <lfm> quiznor: depends who they are. they wanted to sell the password file. they might announce other stuff of value too
542 2011-06-20 01:13:03 <jrmithdobbs> kika_: and no, the unix md5 password algorithm is MUCH more complicated than that.
543 2011-06-20 01:13:09 <gmaxwell> kika_: with the password, it's the text before the third $. Just like _everyone_ else does.
544 2011-06-20 01:13:13 <quiznor> assume the entire system has been copromised. if they don't reload the OS and start from scratch they are allowing the very likely possibility that the hackers installed a backdoor
545 2011-06-20 01:13:17 <DaQatz> Salt is a rather old concept for hashing
546 2011-06-20 01:13:24 <dD0T> gmaxwell: Well no need to root the box. Access at the level of the webserver would've sufficed
547 2011-06-20 01:13:25 <jrmithdobbs> kika_: but thank you for proving gmaxwell's point about re-implementing it without crypt() being error prone due to misunderstanding
548 2011-06-20 01:13:29 <dude65535> The salt was store with the password and was unique for each password
549 2011-06-20 01:13:29 <DaQatz> surpised he was still suing md5 though
550 2011-06-20 01:13:43 <lfm> quiznor: so the same vulnerability would still be there
551 2011-06-20 01:13:46 * copumpkin screams
552 2011-06-20 01:13:51 OtaconEmmerich has left ()
553 2011-06-20 01:13:56 <quiznor> what vuln?
554 2011-06-20 01:13:58 <copumpkin> I wonder how many more times this will be repeated
555 2011-06-20 01:14:03 <gmaxwell> yea... "I made it more secure, I used 1xsha-512 and a (single) 100 byte salt for all accounts"
556 2011-06-20 01:14:13 <quiznor> the application needs to be fixed
557 2011-06-20 01:14:15 <lfm> quiznor: whatever one let someone root them the first time
558 2011-06-20 01:14:16 <gmaxwell> DaQatz: he was using 1000x md5.
559 2011-06-20 01:14:22 <gmaxwell> DaQatz: with salting.
560 2011-06-20 01:14:32 <lfm> if in fact thats what happened
561 2011-06-20 01:14:40 <dD0T> DaQatz: There's nothing wrong with crypt-md5 afaik
562 2011-06-20 01:14:48 <gmaxwell> If he has just switched to home grown using sha-512 it would have been _less_ secure.
563 2011-06-20 01:14:55 <kika_> dude65535: but then to check if the password is valid, you need to get the salt from somewhere
564 2011-06-20 01:15:22 <KuDeTa> kika_ if we know password and md5 can we compute salt??
565 2011-06-20 01:15:31 <jrmithdobbs> gmaxwell: except on uids <~3050 who haven't changed their password
566 2011-06-20 01:15:32 xert has quit (Read error: Connection reset by peer)
567 2011-06-20 01:15:37 <jrmithdobbs> where he was in fact just using a single md5
568 2011-06-20 01:15:38 <jrmithdobbs> lol
569 2011-06-20 01:15:48 <dD0T> gmaxwell: Optimized attack tools would've been less readily available but for a knowledgeable attacker... No spinning your own in crypto doesn't pay off for mere mortals...
570 2011-06-20 01:15:53 <kika_> KuDeTa: i dont know, can you ?
571 2011-06-20 01:16:01 nuthin has joined
572 2011-06-20 01:16:03 <kika_> KuDeTa: i dont think so
573 2011-06-20 01:16:09 <quiznor> once they have the web user account and mysql passwd, they can setup shells and have free reign over the db / scripts
574 2011-06-20 01:16:27 <MagicalTux> gmaxwell: not a rooted server either, too bad
575 2011-06-20 01:16:28 <dD0T> jrmithdobbs: Usually those get converted on login. I guess they've been unused for quite a while
576 2011-06-20 01:16:31 <KuDeTa> i don't know, just thought it was interesting
577 2011-06-20 01:16:35 <lfm> KuDeTa: no, the salt is not encrypted, the salt is right there in front of your face. no one needs to guess it. it is right there!
578 2011-06-20 01:16:41 <gmaxwell> dD0T: well optimized sha-512 is available (and hell, all bitcoin miners have awesome sha256 code. ;))
579 2011-06-20 01:16:46 <KuDeTa> lol i can see the salt
580 2011-06-20 01:16:51 <KuDeTa> you know what i meant
581 2011-06-20 01:16:57 <gmaxwell> MagicalTux: do you know how the passwords data was obtained?
582 2011-06-20 01:17:04 Hal____ has quit (Ping timeout: 246 seconds)
583 2011-06-20 01:17:07 <gmaxwell> MagicalTux: sorry for spreading fud. :-/
584 2011-06-20 01:17:11 <Blitzboom> MagicalTux: i hope a rollback is legal?
585 2011-06-20 01:17:15 <Blitzboom> just wondering
586 2011-06-20 01:17:16 <eianpsego> KuDeTa, with the md5 digest and the password, you can brute force and find a small salt value - that's no problem
587 2011-06-20 01:17:23 <lfm> KuDeTa: the salt is taken originally from /dev/random usually
588 2011-06-20 01:17:34 <kika_> gmaxwell: so mtgox is storing the salt in plaintext???
589 2011-06-20 01:17:41 <dD0T> gmaxwell: Well add a 'gmaxwell' after each string you hash and you'll have to do modifications that would be above what script kiddies can do.
590 2011-06-20 01:17:45 <jrmithdobbs> kika_: that's fine?!
591 2011-06-20 01:17:47 <lfm> kika_: yes that is hwo salts work!
592 2011-06-20 01:17:51 <gmaxwell> kika_: Yes. That is what _everyone_ does. It's the proper thing to do.
593 2011-06-20 01:17:54 <iz> kika_: the salt is always stored in plaintext
594 2011-06-20 01:17:57 davro has quit (Read error: Connection reset by peer)
595 2011-06-20 01:17:58 <kika_> lfm: yes i know how salts work!
596 2011-06-20 01:18:01 <MagicalTux> gmaxwell: someone who had read only access for the database to perform audits got compromised in some way, investigation is still in progress
597 2011-06-20 01:18:05 <jrmithdobbs> apparently you don't
598 2011-06-20 01:18:12 <iz> ah..
599 2011-06-20 01:18:21 <lfm> kika_: look at your own /etc/passwd on your linux systems, it is the same thing
600 2011-06-20 01:18:39 <kika_> lfm: i know
601 2011-06-20 01:18:39 xert has joined
602 2011-06-20 01:18:45 <MagicalTux> anyway I'm updating the system now to use a separate system to perform authentications and store password in a custom way
603 2011-06-20 01:18:46 <kika_> lfm: the salt should be on the php scripts
604 2011-06-20 01:18:50 <ericmock> ah, so, some clever pre-salting /would/ have helped...
605 2011-06-20 01:18:58 <eianpsego> custom way?
606 2011-06-20 01:19:00 <gmaxwell> kika_: ! then you'd have the same sale for all passwords?
607 2011-06-20 01:19:02 <quiznor> britcoin says gox had an sql injection
608 2011-06-20 01:19:05 <lfm> kika_: so why are you incredulous that mtgox is doing it?
609 2011-06-20 01:19:08 <jrmithdobbs> MagicalTux: don't fuckin store it in a custom way
610 2011-06-20 01:19:09 <kika_> MagicalTux: do you need a programmer and system administrator to help ?
611 2011-06-20 01:19:09 <jlgaddis> MagicalTux: still expect to be back up by 0200 utc?
612 2011-06-20 01:19:13 <gmaxwell> dD0T: I promise you that lots of people can do that modification
613 2011-06-20 01:19:15 <jrmithdobbs> MagicalTux: read the last 30 minutes of this discussion
614 2011-06-20 01:19:16 <jrmithdobbs> jesus fuck
615 2011-06-20 01:19:22 <kika_> MagicalTux: i can perform security audits on the code too
616 2011-06-20 01:19:23 <eianpsego> magictux, custom way sounds super dangerous
617 2011-06-20 01:19:27 <nuthin> mmm ... custom ... what does that entail ...
618 2011-06-20 01:19:33 <nuthin> yeah, I agree
619 2011-06-20 01:19:52 <goobrnaut> http://complainr.syx.sk/
620 2011-06-20 01:19:52 <KuDeTa> i dont think he means custom as in pulled form his butt
621 2011-06-20 01:19:58 <MagicalTux> that entails that only access to the db will not allow even bruteforce of pass
622 2011-06-20 01:20:00 <lfm> kika_: no one has broken the passwords unless they were silly simple
623 2011-06-20 01:20:02 <ThomasV> heh, someone want to perform security audit on my code ?
624 2011-06-20 01:20:08 wolfspraul has joined
625 2011-06-20 01:20:12 <gmaxwell> MagicalTux: no offense, but the last 30 minutes of this channel has been cryptonewbs suggesting custom things which are less secure than the freebsd md5s most of your accounts had.
626 2011-06-20 01:20:13 <doofus2> introducing MagicalTux-256, a new hash algorithm
627 2011-06-20 01:20:14 <dD0T> gmaxwell: Oh I don't doubt that. It would've prevented me from simply throwing the list into JTR for the lulz though.
628 2011-06-20 01:20:16 <jrmithdobbs> MagicalTux: if you want to use a well-vetted password hashing algorithm and store the salt in a separate place from the hash, fine, but don't try and write your own
629 2011-06-20 01:20:19 <lizthegrey> magicaltux: I would gladly switch to SSL client cert-based authentication were it offered. and locking down IPs that could be used to only one or two
630 2011-06-20 01:20:26 <kika_> lfm: usually the salt is a secret string stored on the php code
631 2011-06-20 01:20:37 <s13013> no
632 2011-06-20 01:20:43 <jrmithdobbs> kika_: NO
633 2011-06-20 01:20:45 <nuthin> I just learned about bcrypt today, but from what I read, that sounds like the way to go
634 2011-06-20 01:20:46 <kika_> lfm: or you can randomly generate a salt for each account and store it somewhere in plaintext
635 2011-06-20 01:20:54 <gmaxwell> nuthin: bcrypt << scrypt
636 2011-06-20 01:20:54 neurochasm has joined
637 2011-06-20 01:20:55 <lfm> kika_: well not the way the standard crypt does it
638 2011-06-20 01:21:05 <ketsa> you cant lock IP, ppl have dynamic IPs
639 2011-06-20 01:21:15 <lfm> kika yes, each account had its own salt
640 2011-06-20 01:21:15 <nuthin> gmaxwell: thanks :)
641 2011-06-20 01:21:15 <lizthegrey> ketsa: as an option.
642 2011-06-20 01:21:16 <ericmock> why does everyone seem to think 'custom' and/or 'clever' means rolling your own crypto?
643 2011-06-20 01:21:23 <gmaxwell> kika_: if you have a secure place to put the salt, put the whole hash there. :)
644 2011-06-20 01:21:27 <eianpsego> eric, because it usually does :(
645 2011-06-20 01:21:34 <quiznor> the big question is why on earth did the intruder sell of 500k bitcoins in one shot.. he would've known that would cause an immediate shutdown
646 2011-06-20 01:21:45 <gmaxwell> ericmock: the proposals here that didn't like just using sha-512 were also bad.
647 2011-06-20 01:21:46 <ericmock> okay, but I'd hope we can assume the people here aren't idiots
648 2011-06-20 01:21:51 <kika_> lfm: im talking about md5 salt
649 2011-06-20 01:21:53 <nuthin> ericmock: what else would it mean?
650 2011-06-20 01:21:53 <MagicalTux> [10:19:27] <gmaxwell> MagicalTux: no offense, but the last 30 minutes of this channel has been cryptonewbs suggesting custom things which are less secure than the freebsd md5s most of your accounts had. <- I'm suggesting something similar, using SHA512, and a double salt (part will be per user in clear text, part will be computed by the system for each account based on sepcific parameters)
651 2011-06-20 01:21:54 <kika_> lfm: not crypt
652 2011-06-20 01:22:01 <lizthegrey> ketsa: I *know* I only access mtgox from two IP addresses. it would be good to make it clear that access from any other IP is an intrusion
653 2011-06-20 01:22:07 <MagicalTux> ie. adding some salt in the salt cannot make ths thing weaker, only stronger
654 2011-06-20 01:22:10 <roconnor> quiznor: Wasn't the idea to get the price of bitcoins down low enough to move lots of them out under the daily limit?
655 2011-06-20 01:22:10 <nuthin> ericmock: custom kinda sounds like security through obscurity
656 2011-06-20 01:22:22 <gmaxwell> MagicalTux: sha-512 alone would be less secure than the freebsd md5, because it does 1000 iterations of md5.
657 2011-06-20 01:22:23 <lfm> kika yes cyrpt() uses md5 nowadays. every account has its own random salt
658 2011-06-20 01:22:27 intlkleinblue has quit (Ping timeout: 276 seconds)
659 2011-06-20 01:22:28 <s13013> trying to hide the salt is a fools errand. if you want to incresae the complexity of hte ciphertext use some other method, don't start trying to be sneaky with the salt.
660 2011-06-20 01:22:33 <gmaxwell> MagicalTux: but sure, adding additional site-salt should be okay.
661 2011-06-20 01:22:39 <quiznor> roconnor: afaik, theres a 50 (or 80?) btc withdrawal limit anyway... mayhe he thought the limit was calculated based on the spot price or something
662 2011-06-20 01:22:41 <kika_> i think it would be better to use public private key crypt to login to mtgox
663 2011-06-20 01:22:50 <ericmock> nuthin: what else would it mean? could mean all kinds of things... like crypt(crypt()), crypt(exp(crypt())
664 2011-06-20 01:23:01 <ericmock> with the appropriate type conversions
665 2011-06-20 01:23:03 <MagicalTux> gmaxwell: I'm pretty sure bruteforcing sha512 is more expensive than bruteforcing md5
666 2011-06-20 01:23:03 <nuthin> right
667 2011-06-20 01:23:09 <nuthin> security through obscurity
668 2011-06-20 01:23:10 csshih has joined
669 2011-06-20 01:23:29 <gmaxwell> MagicalTux: okay, you're not listening. The freebsd md5 hash isn't just md5. It's _1000_ iterations of it. It's much slower than sha512.
670 2011-06-20 01:23:30 <kika_> MagicalTux: can i help you with something?
671 2011-06-20 01:23:36 <lfm> kika_: public key logins would be a lot of extra overhead on the servers and crypt() has not been borken
672 2011-06-20 01:23:38 <nuthin> not that it's less secure, but there are much better methods
673 2011-06-20 01:23:43 <ericmock> obscurity + well-tested > well-tested
674 2011-06-20 01:23:45 <gmaxwell> MagicalTux: this is why you have no business designing this.
675 2011-06-20 01:23:52 <quiznor> roconnor: i dont know how the limit is calculated.. maybe its $1000 worth of btc at that moment..
676 2011-06-20 01:23:55 <jrmithdobbs> kika_: no please don't you've demonstrated you don't understand the subject at hand
677 2011-06-20 01:23:58 devon_hillard has quit (Read error: Connection reset by peer)
678 2011-06-20 01:24:00 red_dawn_ has joined
679 2011-06-20 01:24:08 <roconnor> quiznor: that was my understanding; though I'm not sure.
680 2011-06-20 01:24:11 <lizthegrey> lfm: ssl client certs are not that much extra overhead.
681 2011-06-20 01:24:14 <lizthegrey> the only overhead is *user* comprehension overhead
682 2011-06-20 01:24:37 <eianpsego> magicaltux, are you proposing to do a single iteration of sha256?
683 2011-06-20 01:24:38 <gmaxwell> MagicalTux: PBKDF2 with SHA512 + additional site-salt would be fine, I think. But to be honest, _I_ don't have any business designing this either, at least not by the seat of my pants.
684 2011-06-20 01:24:45 <doofus2> rot13(xor(str[i])) sounds like a good idea 2 me
685 2011-06-20 01:24:53 <kgo> lizthegrey, it'd be extra-awesome to have those certs on smartcards.
686 2011-06-20 01:24:57 <lfm> ericmock: well its quite often the custom "obscurity" that gets broken while the standard well tested security stands up
687 2011-06-20 01:25:06 <jrmithdobbs> gmaxwell: isn't there a well vetted sha256 password hash already available?
688 2011-06-20 01:25:19 <MagicalTux> [10:23:52] <eianpsego> magicaltux, are you proposing to do a single iteration of sha256? <- someone pointed out many people around here have systems optimized for sha256
689 2011-06-20 01:25:24 agricocb has quit (Ping timeout: 255 seconds)
690 2011-06-20 01:25:26 <gmaxwell> jrmithdobbs: PBKDF2 is a general construction that works with any hash function.
691 2011-06-20 01:25:30 <ericmock> like if he'd have maybe even used the user id mixed with the password, it would take a hacker with just the database a possibly very long time to figure out how the user id was mixed in
692 2011-06-20 01:25:38 ThomasV has quit (Read error: Operation timed out)
693 2011-06-20 01:25:39 <ericmock> /that/ is extending entropy
694 2011-06-20 01:25:46 <MagicalTux> [10:22:43] <gmaxwell> MagicalTux: okay, you're not listening. The freebsd md5 hash isn't just md5. It's _1000_ iterations of it. It's much slower than sha512. <- then let's do 1000 iterations of sha512 :)
695 2011-06-20 01:25:54 <Cryo> MagicalTux, are you participating in the onlyonetv chat?
696 2011-06-20 01:26:06 <jrmithdobbs> gmaxwell: then ya pbkdf2 with sha512 + per user salt + site salt should be fairly safe
697 2011-06-20 01:26:08 <MagicalTux> Cryo: I guess I'll be once I solve this
698 2011-06-20 01:26:14 <csshih> hahhaha sha256
699 2011-06-20 01:26:15 <csshih> >_>
700 2011-06-20 01:26:22 <gmaxwell> jrmithdobbs: it's what the EVP_BytesToKey in openssl does.
701 2011-06-20 01:26:25 <jrmithdobbs> gmaxwell: but i also do not have the credentials to design something like this
702 2011-06-20 01:26:33 <Kiba> guys
703 2011-06-20 01:26:33 <lizthegrey> magicaltux: crypt() is known secure *if used properly*.
704 2011-06-20 01:26:41 <jrmithdobbs> and anyone in this channel claiming they do is overestimating their capabilities.
705 2011-06-20 01:26:43 <Kiba> I would like to post a comic from my publication before I goes
706 2011-06-20 01:26:45 <Kiba> http://www.bitcoinweekly.com/comics/bitcoin-rate
707 2011-06-20 01:26:49 <MagicalTux> lizthegrey: until now we've been using crypt()
708 2011-06-20 01:26:51 <s13013> md5_crypt didn't fail. fix the shit the failed instead?
709 2011-06-20 01:27:07 <lfm> and crypt() isnt broken
710 2011-06-20 01:27:08 <jrmithdobbs> MagicalTux: not "until now" you also used straight md5 for uids < 3050
711 2011-06-20 01:27:11 <dD0T> MagicalTux: Nothing wrong with crypt
712 2011-06-20 01:27:11 MrSambal has quit (Ping timeout: 276 seconds)
713 2011-06-20 01:27:12 <MagicalTux> (long time before it was a simple md5() )
714 2011-06-20 01:27:17 <lizthegrey> magicaltux: you were using crypt with MD5 rather than crypt with SHA256 or otherwise
715 2011-06-20 01:27:17 <quiznor> the next step up would be client certificates.... each user downloads a cert and stuffs it into his browser. the trading server rejects clients who's cert/username doesn't match up
716 2011-06-20 01:27:19 <kgo> Did I hear right? Is the site PGP? If so, http://stackoverflow.com/questions/1581610/help-me-make-my-password-storage-safe
717 2011-06-20 01:27:22 Diablo-D3 has quit (Read error: Operation timed out)
718 2011-06-20 01:27:28 <kgo> s/PGP/PHP
719 2011-06-20 01:27:29 <MagicalTux> jrmithdobbs: any user who logged in with a md5 pass got their pass upgraded to crypt() automatically
720 2011-06-20 01:27:31 <gmaxwell> MagicalTux: there is pbkdf2 implemented in here http://php.net/manual/en/function.hash-hmac.php and it supports sha256.
721 2011-06-20 01:27:48 <dude65535> Well all my security knowlege comes from listening to every episode of the security now podcast so I know i'm not qualified
722 2011-06-20 01:27:53 <jrmithdobbs> sha256 is a bad idea for a bitcoin-related password hash
723 2011-06-20 01:27:53 <MagicalTux> gmaxwell: great, I have the hash php ext loaded too
724 2011-06-20 01:28:13 <nuthin> sounds like sha256 is a bad hash for passwords in any case
725 2011-06-20 01:28:22 <hallowworld> Account withdrawal locks options would be nice too (hardcoded delay for withdrawals and lock accounts to be withdrawn to only one address)
726 2011-06-20 01:28:25 <jrmithdobbs> seeing as bitcoin has caused the best/fastest sha256 implementations ever
727 2011-06-20 01:28:31 <gmaxwell> nuthin: the code there does pbkdf2 based on whatever hash you use.
728 2011-06-20 01:28:42 <gmaxwell> jrmithdobbs: yea... but I'm going with whats callable from php...
729 2011-06-20 01:28:43 <fiverawr> jrmithdobbs: Any hash is going to be pretty bad. The bitcoin community is like the worst place to lose a database to. Anyway, isn't sha512 computation faster than sha256?
730 2011-06-20 01:29:00 <jrmithdobbs> fiverawr: i don't recall
731 2011-06-20 01:29:04 <nuthin> gmaxwell: you mean in the first comment?
732 2011-06-20 01:29:15 <lfm> hallowworld: huh? and if your on a dyn ip?
733 2011-06-20 01:29:20 <jrmithdobbs> fiverawr: like I said, I'm not qualified to design something like this and realise that
734 2011-06-20 01:29:36 <jrmithdobbs> fiverawr: especially to be used in a "community" with this many gpus at their disposal
735 2011-06-20 01:29:39 <gmaxwell> fiverawr: no, sha-512 is slower.
736 2011-06-20 01:29:45 <Yahovah> fiverawr: SHA-256 and SHA-512 are both SHA-2 - they just have different block sizes.
737 2011-06-20 01:30:05 <gmaxwell> nuthin: I guess so. I just googled PBKDF2 php.
738 2011-06-20 01:30:05 red_dawn_ has quit (Changing host)
739 2011-06-20 01:30:05 red_dawn_ has joined
740 2011-06-20 01:30:09 <copumpkin> roconnor: do you have anything you want done that you don't want to do yourself in that implementation?
741 2011-06-20 01:30:14 <ius> Also, scrypt/bcrypt should be considered.
742 2011-06-20 01:30:17 bit_monger has joined
743 2011-06-20 01:30:20 <ericmock> is anyone able to get new connections with the client?
744 2011-06-20 01:30:39 <ericmock> I've been sitting here with zero connections for like an hour
745 2011-06-20 01:30:48 <roconnor> copumpkin: hmm
746 2011-06-20 01:30:57 <gmaxwell> ius: lack of php implementations would be a problem I assume. I personally always advocate scrypt but for something where the attacker won't have the hash, it matters less.
747 2011-06-20 01:31:03 <gmaxwell> (hopefully won't have the hash!)
748 2011-06-20 01:31:07 <roconnor> copumpkin: do you know anything about ACIDState?
749 2011-06-20 01:31:07 <copumpkin> roconnor: also, are you attached to darcs or git?
750 2011-06-20 01:31:10 <roconnor> darcs
751 2011-06-20 01:31:10 <jrmithdobbs> gmaxwell: could you use pbkdf2 in combination with sha2? (in the sha512 form of sha2)
752 2011-06-20 01:31:12 <roconnor> heh
753 2011-06-20 01:31:12 <kgo> Actually sha-512 is faster than 256 on 64 bit architectures. That's why nist came up with SHA-512/256 and SHA-512/224
754 2011-06-20 01:31:14 <copumpkin> roconnor: nope :/
755 2011-06-20 01:31:21 agricocb has joined
756 2011-06-20 01:31:22 <fiverawr> Yahovah: http://news.slashdot.org/story/11/02/18/2217206/New-SHA-Functions-Boost-Crypto-On-64-bit-Chips
757 2011-06-20 01:31:34 <fiverawr> I think that's why I thought it was faster
758 2011-06-20 01:31:37 <gmaxwell> jrmithdobbs: yes. you can, you can use it with any hash function.
759 2011-06-20 01:31:37 <roconnor> copumpkin: I bashed git on my blog recently :P
760 2011-06-20 01:31:40 <gmaxwell> fiverawr: neat!
761 2011-06-20 01:31:42 wetBang has quit (Ping timeout: 252 seconds)
762 2011-06-20 01:31:52 <nuthin> I can't find much info on scrypt gmaxwell ...
763 2011-06-20 01:32:04 <gmaxwell> nuthin: (see http://www.tarsnap.com/scrypt/scrypt.pdf and the implementation at http://www.tarsnap.com/scrypt.html)
764 2011-06-20 01:32:07 <kika_> MagicalTux: i would suggest to add a feature to mtgox so that users can login using a 15360 bits RSA key and use a secure key exchange
765 2011-06-20 01:32:09 <kgo> Here's bcrypt for php http://www.openwall.com/phpass/
766 2011-06-20 01:32:11 eao has quit (Quit: Leaving)
767 2011-06-20 01:32:17 <gmaxwell> nuthin: unfortunately scrypt is hard to google.
768 2011-06-20 01:32:21 <jrmithdobbs> then i think pbkdf2 + sha2 (sha256/384 form) is probably the best you can do right now with something that is *well vetted*
769 2011-06-20 01:32:22 <kika_> MagicalTux: i can help you with that if you want
770 2011-06-20 01:32:25 <fiverawr> But, that's taking advantage of 64-bit processors. This community is already taking advantage of GPU which is much faster
771 2011-06-20 01:32:29 <gmaxwell> nuthin: but it's the only thing that really resists FPGA/asic attack.
772 2011-06-20 01:32:34 Kiba has quit (Remote host closed the connection)
773 2011-06-20 01:32:41 kW_ has quit (Ping timeout: 260 seconds)
774 2011-06-20 01:32:48 <MagicalTux> kika_: I already implemented something similar, it works with IE and firefox, but not opera/chrome/etc
775 2011-06-20 01:32:53 <Astounding> I'ts been said that all of the wallets may be compromised?
776 2011-06-20 01:32:57 <copumpkin> roconnor: oh yeah :)
777 2011-06-20 01:33:00 <MagicalTux> so I didn't implement it on mtgox, because we mostly have chrome/safari
778 2011-06-20 01:33:00 <jrmithdobbs> assuming wikipedia's performance numbers are semi-close anyways
779 2011-06-20 01:33:03 Leo_II has quit (Ping timeout: 255 seconds)
780 2011-06-20 01:33:06 <gmaxwell> Astounding: what? no. No one has said that.
781 2011-06-20 01:33:07 <kika_> MagicalTux: so each user just generates its own private key and sends you their public key and thats all
782 2011-06-20 01:33:08 lorph has quit (Ping timeout: 250 seconds)
783 2011-06-20 01:33:10 <ius> gmaxwell: http://www.openwall.com/phpass/
784 2011-06-20 01:33:20 TheZimm has quit (Quit: When will we learn?)
785 2011-06-20 01:33:25 <Optimo> britcoin's message was sending mixed signals
786 2011-06-20 01:33:29 <kika_> MagicalTux: if the public keys get compromissed you dont mind, its not your responsability
787 2011-06-20 01:33:37 <ius> kika_: Welcome to SSL client certs
788 2011-06-20 01:33:38 <MagicalTux> kika_: I'm thinking about adding login through GPG
789 2011-06-20 01:33:39 TheZimm has joined
790 2011-06-20 01:33:41 <MagicalTux> too
791 2011-06-20 01:33:45 <jrmithdobbs> MagicalTux: i'd be happy if you'd allow me upload a ssl cert fingerprint or rsa key to use for auth
792 2011-06-20 01:33:50 <lizthegrey> magicaltux: *applause* - yay gpg login
793 2011-06-20 01:33:50 <jrmithdobbs> MagicalTux: that's the *real* solution.
794 2011-06-20 01:33:52 <kika_> MagicalTux: yes thats what i mean GPG logins
795 2011-06-20 01:34:07 Lachesis has joined
796 2011-06-20 01:34:27 gavinandresen has quit (Quit: gavinandresen)
797 2011-06-20 01:34:32 <MagicalTux> still waiting also for quotes for hardware tokens, that would make it possible to use OTP to login on mtgox
798 2011-06-20 01:34:34 <jrmithdobbs> MagicalTux: as in i upload a ssl cert fingerprint AND you verify it's cert path
799 2011-06-20 01:34:41 <ericmock> just take a look at the crap you need to go through to submit an app to Apple
800 2011-06-20 01:34:48 <Optimo> I was hoping for your sake it was a sexy hot secret agent that 'rooted' you
801 2011-06-20 01:34:49 red_dawn_ has quit (Quit: leaving)
802 2011-06-20 01:34:57 <jrmithdobbs> (comodo issues FREE FOR PERSONAL USE sign/crypt ssl certs with email as CN)
803 2011-06-20 01:34:58 lorph has joined
804 2011-06-20 01:35:07 <fiverawr> were they rooted?
805 2011-06-20 01:35:19 <Optimo> a hot asian chick (in my mind)
806 2011-06-20 01:35:19 <gmaxwell> fiverawr: comodo?
807 2011-06-20 01:35:22 <cut> jrmithdobbs: nobody trusts comodo anymore though
808 2011-06-20 01:35:25 <jlgaddis> fuck comodo
809 2011-06-20 01:35:29 <ius> Also, your password storage mechanism means (...) if all your code is still full of potential holes to phish a specific password or grab other sensitive data
810 2011-06-20 01:35:30 <roconnor> copumpkin: what were your goals for making a Haskell client?
811 2011-06-20 01:35:35 <jrmithdobbs> cut: true but for user auth it's fine
812 2011-06-20 01:35:41 <nuthin> thanks gmaxwell :)
813 2011-06-20 01:35:43 red_dawn_ has joined
814 2011-06-20 01:35:44 <jrmithdobbs> cut: in situations where the user provides the fingerprint to begin with
815 2011-06-20 01:35:54 <ericmock> yea, at least MagicalTux could have gotten laid for his trouble...
816 2011-06-20 01:36:13 <kika_> MagicalTux: i think you should audit the whole mtgox php code and then make it open source
817 2011-06-20 01:36:18 <copumpkin> roconnor: learning more about it, seeing how elegantly it could be done in haskell, and experimenting with automated trading strategies on top of a generic library
818 2011-06-20 01:36:23 <ius> MagicalTux: Forget about the rest, get an audit done, and hire some developers
819 2011-06-20 01:36:41 <fiverawr> I'm kinda hoping that authentication with via bitcoin addresses will eventually be a possibility. But for that to happen, wallets need to be secured pretty well first. Hopefully in the future
820 2011-06-20 01:36:45 <kika_> MagicalTux: im 14 years experienced developer and system administrator, i can help for some bitcoins
821 2011-06-20 01:36:47 <fiverawr> -with
822 2011-06-20 01:37:05 <gmaxwell> ius: well upgrading the password system now matters a little because people will change passwords.
823 2011-06-20 01:37:08 <ius> Also, dongles, Yubikeys are quite cheap and provide a second factor (OTP-based)
824 2011-06-20 01:37:13 <Zeiris_> MagicalTux, good work on getting as far as you have :D Haters gonna hate, but you did good.
825 2011-06-20 01:37:14 <StephenFalken> I wonder...isn't it possible to transfer all the functionality of the web BTC exchanges to the client and do it all in a p2p way ?
826 2011-06-20 01:37:18 <gmaxwell> yubikeys are goodness.
827 2011-06-20 01:37:25 <jrmithdobbs> Zeiris_: no he did not
828 2011-06-20 01:37:31 <dD0T> Generate passwords for users and don't allow them to change them ---> No need for salting ;-)
829 2011-06-20 01:37:31 <ericmock> kika_: I could make the same claim... technically.
830 2011-06-20 01:37:37 <Optimo> haters gonna hash
831 2011-06-20 01:37:45 <roconnor> copumpkin: one thing I have not so much interest in working on is doing proper peering; how many peers to connect to; switching between them; etc.
832 2011-06-20 01:37:50 <gmaxwell> StephenFalken: no, because there needs to be someway to validate that the counterparty has and will pay the non-btc side.
833 2011-06-20 01:38:01 <kika_> ericmock: which claim? 14 years experience?
834 2011-06-20 01:38:03 <Zeiris_> jrmithdobbs, that's the thing I love about early adopters - they don't need to do it right to succeed XD
835 2011-06-20 01:38:04 <copumpkin> roconnor: ah, I see
836 2011-06-20 01:38:04 DukeOfURL has joined
837 2011-06-20 01:38:07 <ius> gmaxwell: True that, and yes, yubikey is nice imo :)
838 2011-06-20 01:38:13 <ericmock> kika_: all
839 2011-06-20 01:38:13 <kika_> ericmock: or open source mtgox code?
840 2011-06-20 01:38:13 <copumpkin> I could play with that, although I can't say it's the most interesting part to me either
841 2011-06-20 01:38:19 <jrmithdobbs> Zeiris_: he still hasn't disclosed what was compromised.
842 2011-06-20 01:38:27 <ericmock> and there's no way I'd feel comfortable helping ;-)
843 2011-06-20 01:38:38 <copumpkin> details of networking (although we could play with stm and threads) aren't my favorite aspect of this :P
844 2011-06-20 01:38:41 <Zeiris_> His competition is being interviewed right now, and don't sound threatening :)
845 2011-06-20 01:38:55 <ericmock> kikia_: 14 years experience
846 2011-06-20 01:38:56 <roconnor> copumpkin: ya; I'm not sure it is really necessary to do anyways.
847 2011-06-20 01:38:56 <jrmithdobbs> Zeiris_: tradehill is just another set of amateurs
848 2011-06-20 01:38:56 <gmaxwell> kika_: 14 years expirence, but apparently not with password security code! :)
849 2011-06-20 01:39:04 <jrmithdobbs> Zeiris_: give it a month before their db gets leaked too
850 2011-06-20 01:39:04 <Zeiris_> I know! Isn't it beautiful!
851 2011-06-20 01:39:13 <Zeiris_> I love this community so much <333
852 2011-06-20 01:39:18 <Optimo> tradehill is indeed amatuer to some extent
853 2011-06-20 01:39:19 <copumpkin> roconnor: isn't it necessary to perform transactions?
854 2011-06-20 01:39:24 <MagicalTux> [10:35:28] <kika_> MagicalTux: i think you should audit the whole mtgox php code and then make it open source <- we will /change/ the whole php code
855 2011-06-20 01:39:25 <gmaxwell> is anyone capturing the stream?
856 2011-06-20 01:39:27 <MagicalTux> current one is not auditable
857 2011-06-20 01:39:28 <quiznor> theres been no tradehill vulns anounced...
858 2011-06-20 01:39:32 <kika_> gmaxwell: its just a matter of read the crypt man page
859 2011-06-20 01:39:33 <Lachesis> MagicalTux, why not?
860 2011-06-20 01:39:42 <Lachesis> MagicalTux, have you written anything about security plans going forward?
861 2011-06-20 01:39:46 <roconnor> copumpkin: I don't know; I think you should just directly connect to the major miners
862 2011-06-20 01:39:50 <jrmithdobbs> Optimo: amateur and hiring outsourced chilaen devs to write financials code
863 2011-06-20 01:39:55 <MagicalTux> Lachesis: yes
864 2011-06-20 01:39:57 <jrmithdobbs> Optimo: it is going to end horribley.
865 2011-06-20 01:39:58 <gmaxwell> kika_: apparently not, because you were advocating less secure alternatives and misunderstanding how salt works. The devil is in the details.
866 2011-06-20 01:40:06 <Lachesis> MagicalTux, link/
867 2011-06-20 01:40:07 <quiznor> hmm
868 2011-06-20 01:40:08 <Optimo> I like horribley
869 2011-06-20 01:40:17 <quiznor> well they have so much money they can hire a ton of ppl to develop the site
870 2011-06-20 01:40:28 <quiznor> bitcoin exchange = license to print $
871 2011-06-20 01:40:34 <Optimo> ?
872 2011-06-20 01:40:36 <kika_> gmaxwell: my alternative is GPG logins
873 2011-06-20 01:40:37 <roconnor> copumpkin: anyhow; I'm off to bed
874 2011-06-20 01:40:41 <jrmithdobbs> more people does not == better development
875 2011-06-20 01:40:44 <jrmithdobbs> or more secure code
876 2011-06-20 01:40:45 <jrmithdobbs> in fact
877 2011-06-20 01:40:45 <copumpkin> roconnor: alright, night! thanks for sending me the code
878 2011-06-20 01:40:48 <dD0T> kika_: GPG? How would that work. No browser supports that
879 2011-06-20 01:40:50 <jrmithdobbs> it usually means the EXACT OPPOSITE
880 2011-06-20 01:40:55 <gmaxwell> dD0T: manutally!
881 2011-06-20 01:40:59 <Optimo> copumpkin ooh what did you get?
882 2011-06-20 01:41:01 <kika_> dD0T: no need for the browser to support it!
883 2011-06-20 01:41:04 backwardation25 has joined
884 2011-06-20 01:41:04 <StephenFalken> gmaxwell: but in a pure BTC world, what would these exchanges be useful for ? People can trade directly between each other. You just have to extend the BTC client to allow it.
885 2011-06-20 01:41:05 <Lachesis> gpg logins, ssl client certificates, OTPs, email verification... the list goes on and on
886 2011-06-20 01:41:11 <dD0T> kika_: Oh yes there is...
887 2011-06-20 01:41:17 <kika_> dD0T: no
888 2011-06-20 01:41:18 <ericmock> Optimo: he got some Haskell
889 2011-06-20 01:41:21 <gmaxwell> StephenFalken: what do you think the client already does?! 0_o
890 2011-06-20 01:41:22 takezo420 has quit (Quit: takezo420)
891 2011-06-20 01:41:24 <Optimo> of course lol
892 2011-06-20 01:41:31 <ericmock> yea
893 2011-06-20 01:41:32 <gmaxwell> StephenFalken: you can send btc to whomever you want!
894 2011-06-20 01:41:37 <kgo> What's the status on SCuTe? Could you use gpgsm with an openpgp smartcard?
895 2011-06-20 01:41:45 <copumpkin> Optimo: roconnor has been working on a pure haskell implementation of bitcoin :)
896 2011-06-20 01:41:46 <quiznor> jrmithdobbs: ermm.. more ppl doesnt guarantee better product, but its certainly necessary to have enough ppl.
897 2011-06-20 01:41:49 <ericmock> damn it, I can't get a connection
898 2011-06-20 01:41:52 <Optimo> brilliant
899 2011-06-20 01:41:52 <dD0T> gmaxwell: That would be interesting: Here you have a randoom string. Please sign this with gpg and paste it back ;-)
900 2011-06-20 01:41:55 <ericmock> and I need one for code testing
901 2011-06-20 01:41:57 <gmaxwell> StephenFalken: watcha gonna do, create a order to buy 10 btc for 10 btc? :)
902 2011-06-20 01:42:00 <Lachesis> what was the actual vulnerability?
903 2011-06-20 01:42:00 Obehsh has quit (Remote host closed the connection)
904 2011-06-20 01:42:20 <ius> Lachesis: All of that is only useful if the code is fixed/rewritten. Going back online means there's a chance to get compromised /again/
905 2011-06-20 01:42:22 <jrmithdobbs> quiznor: studies show that teams of more than ~5-10 working on the same project actually slow it down and cause confusion/problems
906 2011-06-20 01:42:26 <gmaxwell> dD0T: yep, and then you get owned when the attacker passes back a message with a \0 in it and the rest gets taken as arguments to gpg. :)
907 2011-06-20 01:42:33 <dD0T> kika_: You do realise that ppk in the form of tls with client/server certs is already built into all modern browsers?
908 2011-06-20 01:42:36 <Optimo> ericmock: launch with -dnsseed addnode=173.242.112.53
909 2011-06-20 01:42:44 <Optimo> -addnode..
910 2011-06-20 01:42:49 <mrb_> I wrote a quick time-line of events: http://blog.zorinaq.com/?e=55
911 2011-06-20 01:42:49 <dD0T> kika_: You can even tell the browser to generate a cert so it never has to touch your server
912 2011-06-20 01:42:54 * ericmock will hardcode that in
913 2011-06-20 01:42:55 <jrmithdobbs> dD0T: no, kika_ has repeatedly shown he knows nothing about secure auth mechanisms
914 2011-06-20 01:43:04 <jrmithdobbs> dD0T: like, what salt in password hashes is for
915 2011-06-20 01:43:15 <quiznor> jrmithdobbs: depends. what is the scope of the project? what defines a project. how many ppl are working on the google search engine? probably 10k developers
916 2011-06-20 01:43:16 <Optimo> maybe not hardcoded. .23 connects rather well for me
917 2011-06-20 01:43:19 <kika_> dD0T: yes but browsers only trust CA's that sign keys up to 1024 bits lenght thats not secure
918 2011-06-20 01:43:20 <dD0T> jrmithdobbs: He has a lot of self-confidence though...'which is irritating...
919 2011-06-20 01:43:22 <gmaxwell> jrmithdobbs: yea, misunderstanding salt = gpg auth vulnerable to replay attack! :)
920 2011-06-20 01:43:32 <dD0T> kika_: No they don't. Stop talking bs
921 2011-06-20 01:43:34 <Lachesis> i've gotten so much freaking spam because of this...
922 2011-06-20 01:43:34 <kika_> dD0T: 1024 bits is not enough
923 2011-06-20 01:43:39 <Lachesis> 3 different people alredy
924 2011-06-20 01:43:44 <Lachesis> and a scam, claiming to be from MtGox
925 2011-06-20 01:43:50 <gmaxwell> kika_: 1024 bits isn't ideal, but it's not actually a problem right now.
926 2011-06-20 01:43:51 <dD0T> ok...got me. kika_ must be a troll...
927 2011-06-20 01:43:56 <quiznor> google has 10,000 ppl developing their search engine...
928 2011-06-20 01:44:03 <jrmithdobbs> kika_: doesn't matter if the browser supports the CA in the cert path
929 2011-06-20 01:44:19 <copumpkin> there used to be a root cert with a 16384-bit key
930 2011-06-20 01:44:29 <jrmithdobbs> kika_: if you're providing the fingerprint to be used as your ID the server side doesn't even need to verify teh cert path
931 2011-06-20 01:44:41 <jrmithdobbs> kika_: just that you can sign valid data with the cert.
932 2011-06-20 01:44:42 <lfm> kika_: ya and browsers work fine with longer keys
933 2011-06-20 01:44:43 <gmaxwell> copumpkin: 16384 bit... generated with debian openssl rng? ;)
934 2011-06-20 01:44:50 <copumpkin> gmaxwell: hah no
935 2011-06-20 01:44:51 <dD0T> jrmithdobbs: Doesn't seem to know the difference between client/server certs either...
936 2011-06-20 01:44:54 <copumpkin> but it was ages ago
937 2011-06-20 01:44:56 <copumpkin> must've taken a while to generate
938 2011-06-20 01:44:57 <jlgaddis> cacert!
939 2011-06-20 01:45:01 <gmaxwell> The old RSA code only supported up to 8192 AFAIK, but that stuff was shit.
940 2011-06-20 01:45:02 <Cryo> MagicalTux, could you participate in this chat, they're getting... braindead.
941 2011-06-20 01:45:22 <lfm> kika and tell us, how many 1024 bit keys have been factored in the world so far?
942 2011-06-20 01:45:40 <gmaxwell> lfm: how many 768 bit RSA keys, in fact.
943 2011-06-20 01:45:52 <kika_> lfm: yes browsers work fine but no CA trusted by default for browsers supports keys longer than 1024 bits i think
944 2011-06-20 01:46:12 <Cryo> no, 2048
945 2011-06-20 01:46:16 <dD0T> kika_: Stop thinking and read up pls
946 2011-06-20 01:46:20 <quiznor> chrome doesn't support client certs well yet
947 2011-06-20 01:46:29 <kika_> dD0T: ok
948 2011-06-20 01:46:30 Leo_II has joined
949 2011-06-20 01:46:31 <kgo> In this case, you'd probably have a mtgox CA issue a certificate for it's users. You wouldn't buy a InstantSSL ca and set it up with MtGox.
950 2011-06-20 01:46:32 <dD0T> quiznor: Works for me ;-)
951 2011-06-20 01:46:41 <quiznor> yeah it works. but not all sites for some reason
952 2011-06-20 01:46:43 <quiznor> a bit buggy
953 2011-06-20 01:46:53 <dD0T> quiznor: Dunno. Not many sites with ppk out there in any case
954 2011-06-20 01:47:11 <dD0T> quiznor: ehm. client certs
955 2011-06-20 01:47:18 <nuthin> gmaxwell: you a security guru or something?
956 2011-06-20 01:47:34 <ius> StartSSL was able to dump a client cert in my browser without it asking me. Kind of surprised me..
957 2011-06-20 01:47:35 <dD0T> nuthin: He's more like a everything guru.......
958 2011-06-20 01:47:43 <gmaxwell> nuthin: No, I'm an idiot. Please don't make any security decisions based on my noisemaking alone.
959 2011-06-20 01:47:44 <nuthin> cool
960 2011-06-20 01:47:50 <nuthin> hehe
961 2011-06-20 01:48:11 <nuthin> of course not
962 2011-06-20 01:48:24 <quiznor> cyberthieves on the loose
963 2011-06-20 01:48:37 alfakini has quit (Quit: alfakini)
964 2011-06-20 01:48:54 <quiznor> who wants to bet on when/if the first remotely exploitable buffer overflow in the bitcoin client will happen
965 2011-06-20 01:49:07 <quiznor> seems like it would be pretty hard
966 2011-06-20 01:49:14 <doublec> Hmm, spam email with possible trojan claiming to be from mtgox
967 2011-06-20 01:49:16 <doublec> http://pastebin.com/8DUi2rTf
968 2011-06-20 01:49:28 <doublec> From address is noreply@mtgox.com
969 2011-06-20 01:49:29 <quiznor> exactly doublec.. ppl are getting hacked on the rebound by phishing now
970 2011-06-20 01:49:39 <gmaxwell> hahahah
971 2011-06-20 01:49:51 SomeoneWeird has joined
972 2011-06-20 01:50:05 <elnato> mtgox hosts their tutorials on fileden!
973 2011-06-20 01:50:05 <gmaxwell> thats that thing that edits your wallet to lie about you balance, while also stealing it.
974 2011-06-20 01:50:19 <dD0T> lol^^
975 2011-06-20 01:50:35 <gmaxwell> there were videos of it on youtube full of comments doing "omg it works! my balance is a zillion now!"
976 2011-06-20 01:50:45 <gmaxwell> :-/
977 2011-06-20 01:50:53 <ius> gmaxwell: What, someone already came up with something more sophisticated than a grab-and-email attack?
978 2011-06-20 01:50:54 <dD0T> gmaxwell: Does it just edit the wallet?
979 2011-06-20 01:51:15 <quiznor> it would be hard to do a buffer overflow in the bitcoin client.. they avoid unsafe C memory manipulation, sticking to c++ streams for the most part
980 2011-06-20 01:51:18 <gmaxwell> dD0T: yea, I assume it just puts in some crap input transactions that wouldn't validate.
981 2011-06-20 01:51:37 <dD0T> gmaxwell: I see. And for performance reason they aren't validated on loading I take it
982 2011-06-20 01:51:46 <dD0T> arent't / can't be
983 2011-06-20 01:51:53 <gmaxwell> dD0T: right, you can ask the client to revalidate them. -rescan
984 2011-06-20 01:52:06 <dD0T> Poor greedy ppl....
985 2011-06-20 01:52:08 <IncitatusOnWater> so the attacker drove the price of BTC down so he could cash out as many as he wanted
986 2011-06-20 01:52:14 <IncitatusOnWater> because of the 1k Cashout limit
987 2011-06-20 01:52:17 <IncitatusOnWater> on MTGox
988 2011-06-20 01:52:30 <dD0T> gmaxwell: Excellent peace of work from the attacker though. I bet it spread like wildfire
989 2011-06-20 01:52:37 <dD0T> s/peace/pice
990 2011-06-20 01:52:39 <dD0T> +e
991 2011-06-20 01:52:42 <brocktice> did anyone get a copy of that file?
992 2011-06-20 01:52:47 <brocktice> I"d like to have a look
993 2011-06-20 01:52:49 <BTCTrader> incitatusonwater: that is assuming he wasnt just an idiot and in the thrill of the moment did not fuck up
994 2011-06-20 01:52:51 <brocktice> but it's off fileden already
995 2011-06-20 01:52:55 <gmaxwell> dD0T: probably mostly run against empty wallets.
996 2011-06-20 01:52:57 <BTCTrader> fucked up*
997 2011-06-20 01:52:59 <quiznor> IncitatusOnWater, if true he'd be able to withdraw 100K btc
998 2011-06-20 01:53:09 <quiznor> but is a big withdrawal in the block chain?
999 2011-06-20 01:53:16 <IncitatusOnWater> he's had the list for 2 to 3 days
1000 2011-06-20 01:53:17 <KuDeTa> IncitatusOnWater: i thing so
1001 2011-06-20 01:53:17 xinx has joined
1002 2011-06-20 01:53:19 <IncitatusOnWater> he planned it well
1003 2011-06-20 01:53:22 <KuDeTa> i think so*
1004 2011-06-20 01:53:23 <dD0T> gmaxwell: Possibly. But spread enough and chances are you hit a jackpot
1005 2011-06-20 01:53:32 <IncitatusOnWater> a 400K transfer is in the block chain
1006 2011-06-20 01:53:34 <KuDeTa> he though he could take out as many BTC as he liked if they were $0.01�
1007 2011-06-20 01:53:39 <KuDeTa> but somehow didn't
1008 2011-06-20 01:53:41 <IncitatusOnWater> http://blockexplorer.com/tx/a09ac44c71a314316431f53dcf51d5c0ffdf85b738a6b07f622012ee41b38c16
1009 2011-06-20 01:53:48 <gmaxwell> dD0T: oh sure, for all we know thats how allinvain lost his 25k.
1010 2011-06-20 01:53:57 <knightrage> wooows
1011 2011-06-20 01:54:02 <KuDeTa> gmax: no his were transferred to a new account
1012 2011-06-20 01:54:09 <KuDeTa> on the BTC network
1013 2011-06-20 01:54:20 <gmaxwell> IncitatusOnWater: that was just normal wallet grooming.
1014 2011-06-20 01:54:27 <denisx> is the database out?
1015 2011-06-20 01:54:30 <IncitatusOnWater> i hope so
1016 2011-06-20 01:54:37 <IncitatusOnWater> the database has been out for a while
1017 2011-06-20 01:54:38 <gmaxwell> IncitatusOnWater: some wallet had grown to an enormous size and got transfered to clean it out.
1018 2011-06-20 01:54:40 <IncitatusOnWater> 2 days
1019 2011-06-20 01:54:45 <ius> brocktice: Works for me?
1020 2011-06-20 01:54:57 <denisx> ok, because a friend of me showed me my data ;)
1021 2011-06-20 01:54:57 <jrmithdobbs> gmaxwell: see /msg btw
1022 2011-06-20 01:55:01 <IncitatusOnWater> gmaxwell, you are sure he still has the wallet?
1023 2011-06-20 01:55:12 <jrmithdobbs> IncitatusOnWater: he still has not proven that, no
1024 2011-06-20 01:55:16 <quiznor> so the 5000k attack happened when? look for transactions after that
1025 2011-06-20 01:55:19 <SomeoneWeird> tradehill are implementing 2 factor authentication :D
1026 2011-06-20 01:55:36 <quiznor> 3am japan time was 8 hours ago
1027 2011-06-20 01:55:39 <xinx> Hey guys is there anyway that I can get some help setting up my miner please? I'm running ubuntu 11.04 server x64 but I'm a little bit confused
1028 2011-06-20 01:55:55 <kgo> xinx, #bitcoin-mining is probably better
1029 2011-06-20 01:56:06 <xinx> Thank you kgo
1030 2011-06-20 01:56:12 SomeoneWeird has quit (Quit: Leaving)
1031 2011-06-20 01:56:14 <brocktice> ius: maybe I just don't know how to use fileden?
1032 2011-06-20 01:56:16 <denisx> what will be the next target?
1033 2011-06-20 01:56:24 <denisx> btcguild, deepbit?
1034 2011-06-20 01:56:27 <brocktice> ius: but I get redirected to the main page
1035 2011-06-20 01:56:47 <nuthin> 2 factor authenciation and scrypt and I'll be happy
1036 2011-06-20 01:56:50 <gmaxwell> denisx: they've both been attacked before.
1037 2011-06-20 01:57:27 <ius> brocktice: Oh, I directly got the file
1038 2011-06-20 01:57:27 <eianpsego> is the consensus that an sql injection was used to grab the password digests?
1039 2011-06-20 01:57:29 <gmaxwell> luke-jr|otg: you probably feel like an innovator with your accountless pool right now. You may soon be the only bitcoin sevice to never have been exploited.
1040 2011-06-20 01:57:31 <quiznor> http://blockexplorer.com/tx/84f96975ea88d317676771a482c71f39ff53beda790c89c07ae82e427b4d090f 432K btc moved at 3:17 AM japan time
1041 2011-06-20 01:57:36 <gmaxwell> eianpsego: no
1042 2011-06-20 01:57:47 <quiznor> does anyone know whose tx that was
1043 2011-06-20 01:57:52 <brocktice> ius: I tried wget, I got nothing
1044 2011-06-20 01:57:53 <gmaxwell> 18:17 < MagicalTux> gmaxwell: someone who had read only access for the database to perform audits got compromised in some way, investigation is still in progress
1045 2011-06-20 01:57:57 <luke-jr> gmaxwell: I copied that idea.
1046 2011-06-20 01:58:03 <eianpsego> ah, I see
1047 2011-06-20 01:58:07 <gmaxwell> luke-jr: who from?
1048 2011-06-20 01:58:10 <brocktice> ooh interesting
1049 2011-06-20 01:58:18 <luke-jr> gmaxwell: OneFixt aka BitPenny
1050 2011-06-20 01:58:28 <brocktice> inside job?
1051 2011-06-20 01:58:35 <brocktice> that would actually make me feel better
1052 2011-06-20 01:58:40 <brocktice> a little
1053 2011-06-20 01:59:18 <luke-jr> gmaxwell: though, BitPenny was obivously compromised in a different way :P
1054 2011-06-20 01:59:22 <quiznor> who moved 432K BTC at 2PM EST today
1055 2011-06-20 01:59:26 <Kireji> has anyone got a tool that will count unique bitcoins transactions over a time interval, and not count conis that are chained through multiple transactions?
1056 2011-06-20 01:59:33 <MagicalTux> quiznor: me
1057 2011-06-20 01:59:34 minixking has joined
1058 2011-06-20 01:59:50 gsathya has joined
1059 2011-06-20 01:59:54 <quiznor> oh makes sense MagicalTux.. i didn't know you were up at 3 AM JP time :)
1060 2011-06-20 02:00:02 <MagicalTux> quiznor: wasn't planning to
1061 2011-06-20 02:00:05 <Kireji> MagicalTux: good to know, is that the investment base on mtgox?
1062 2011-06-20 02:00:06 <brocktice> MT's had a lot of early mornings lately :(
1063 2011-06-20 02:00:08 <dD0T> luke-jr: Oh. Sweet. I loved you didn't have to register with BitPenny. What's the name/addr of your pool?
1064 2011-06-20 02:00:21 <MagicalTux> Kireji: it's the mtgox funds, which I moved to a secure area until things are cleared
1065 2011-06-20 02:00:24 <doublec> I also learned the idea from bitpenny. I thought it was an awesome approach.
1066 2011-06-20 02:00:27 <MagicalTux> in fact there's more than that
1067 2011-06-20 02:00:33 <MagicalTux> but it's hard to see from the blochain
1068 2011-06-20 02:00:35 <Kireji> k, thanks
1069 2011-06-20 02:00:43 <ketsa> if the 432k btc reached the block chain, how are they going to rollback ? i dont get it.
1070 2011-06-20 02:00:53 sacarlson has quit (Ping timeout: 244 seconds)
1071 2011-06-20 02:01:08 Astounding has left ()
1072 2011-06-20 02:01:15 fimp has joined
1073 2011-06-20 02:01:16 <minixking> can someone give me a straight foreward answer as to what the hashs are?
1074 2011-06-20 02:01:17 <yebyen> what a bunch of winers are on this mtgox hack thread
1075 2011-06-20 02:01:23 elly has left ()
1076 2011-06-20 02:01:28 <yebyen> *whiners
1077 2011-06-20 02:01:50 <kgo> ketsa, internal to mtgox, I don't think they actually send transactions to the blockchain. Only when you deposit/withdraw.
1078 2011-06-20 02:01:50 <ne0futur> minixking: probably wikipedia can help you
1079 2011-06-20 02:01:55 <MagicalTux> minixking: they are FreeBSD MD5 salted hashes for most, and any account that never logged in for 2 months have simple MD5 hashes
1080 2011-06-20 02:01:58 chaord has joined
1081 2011-06-20 02:02:24 common_ has joined
1082 2011-06-20 02:02:35 <ketsa> someone linked the blockexplorer transaction so it did no ?
1083 2011-06-20 02:02:52 exstntlstfrtn_ has quit (Ping timeout: 252 seconds)
1084 2011-06-20 02:02:59 <Lachesis> MagicalTux, why can't the code be audited?
1085 2011-06-20 02:03:00 <gmaxwell> ketsa: 18:59 < MagicalTux> Kireji: it's the mtgox funds, which I moved to a secure area until things are cleared
1086 2011-06-20 02:03:02 <amiller> ketsa, could you send me the link
1087 2011-06-20 02:03:30 <MagicalTux> [11:02:13] <Lachesis> MagicalTux, why can't the code be audited? <- because it's too messy, the current code was written by previous owner which has no background in terms of security
1088 2011-06-20 02:03:36 <eianpsego> The attack vector used (inside comprimise) sounds like a separate problem from the hash mechanism used (eg., crypt() on freebsd) - why isn't this the focus?
1089 2011-06-20 02:03:56 <ketsa> gmaxwell: ah thanks
1090 2011-06-20 02:03:57 <dD0T> eianpsego: ++
1091 2011-06-20 02:04:12 <gmaxwell> eianpsego: because it's not something that gets public discussion.
1092 2011-06-20 02:04:15 <erek> MagicalTux: they mentiond you mark, saying you're in tokyo
1093 2011-06-20 02:04:17 <jlgaddis> MagicalTux: please hurry so these tradehill clowns get the fuck off this interview shit
1094 2011-06-20 02:04:17 <MagicalTux> been spending half my time fixing it, half my time answering email, half my time fighting DDoS and FUD, and remaining time coding a new, more secure system
1095 2011-06-20 02:04:33 <NxTitle> hell yeah 200%
1096 2011-06-20 02:04:41 backwardation25 has quit (Remote host closed the connection)
1097 2011-06-20 02:04:58 <OVerLoRDI> MagicalTux, when you get things sorted out will you make an announcement stating when the exchange will be back online? I think it would be good if as many people as possible knew when the exchange would come online
1098 2011-06-20 02:04:58 <eianpsego> gmaxwell, I wonder if the best mitigation to this attack is a human resources background check... :P
1099 2011-06-20 02:05:01 <gmaxwell> eianpsego: though I'm hoping for it being an account used for auditing by law enforcement. :)
1100 2011-06-20 02:05:10 <MagicalTux> OVerLoRDI: we are updating the announcement right now
1101 2011-06-20 02:05:31 <bulletbill> MagicalTux: was there a large withdrawal of BTC that happened?
1102 2011-06-20 02:05:35 <MagicalTux> we'll make available a minimal interface first that will allow people to restore their account if they have enough background to prove its theirs
1103 2011-06-20 02:05:38 <Lachesis> MagicalTux, legacy code is always killer... i'm glad you're not taking this lying down, but i'm still a bit irritated at the bug. sure, security is hard, but that's no excuse for not making it a priority.
1104 2011-06-20 02:05:47 <fiverawr> MagicalTux: When do you imagine the new website, that your team have written, will go live?
1105 2011-06-20 02:05:51 <minixking> magical: you working on mtgox?
1106 2011-06-20 02:06:02 <lianj> MagicalTux: and that no funds are gone would relief people in the announcement :)
1107 2011-06-20 02:06:05 <Optimo> hey leave him alone geez
1108 2011-06-20 02:06:13 <Optimo> highlihgting him doesn't help
1109 2011-06-20 02:06:14 <quiznor> it looks like the funds have been split up into a bunch of separate wallets with 50K each
1110 2011-06-20 02:06:17 <quiznor> seems like a good idea
1111 2011-06-20 02:06:23 fimp has quit (Quit: This computer has gone to sleep)
1112 2011-06-20 02:06:30 KingMartin has quit (Ping timeout: 250 seconds)
1113 2011-06-20 02:06:35 evolute has joined
1114 2011-06-20 02:06:41 <ius> gmaxwell: re: trojan (Bitcoin_Exploit.rar): "This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support."
1115 2011-06-20 02:06:45 <fiverawr> Optimo: Yeah. Because usually when talking to somebody, you'd face the other way.
1116 2011-06-20 02:06:56 kcsrnd has quit ()
1117 2011-06-20 02:06:58 rusty has joined
1118 2011-06-20 02:07:02 kcsrnd has joined
1119 2011-06-20 02:07:03 kcsrnd has quit (Changing host)
1120 2011-06-20 02:07:03 kcsrnd has joined
1121 2011-06-20 02:08:04 <minixking> i have a copy of the hashed password file
1122 2011-06-20 02:08:07 darnold has joined
1123 2011-06-20 02:08:18 <elnato> minixking congratulations
1124 2011-06-20 02:08:18 darnold has quit (Client Quit)
1125 2011-06-20 02:08:24 <BTCTrader> minixking: you and half the internet ;)
1126 2011-06-20 02:08:51 <minixking> from what im coming to understand is these damn dummies used same password on multiple sites
1127 2011-06-20 02:09:02 <Optimo> fools
1128 2011-06-20 02:09:15 <minixking> so its spreading exponentially
1129 2011-06-20 02:09:17 <dD0T> minixking: Nothing new there either
1130 2011-06-20 02:09:19 <Optimo> but then most people see passwords as a mere formality
1131 2011-06-20 02:09:20 \LoveBeads\ has joined
1132 2011-06-20 02:09:20 <rusty> http://bit.ly/cdmwSu in title is wrong: says "The requested URL /bitcoin/irc/logs/ was not found on this server." Should be http://bit.ly/iPFi3X ?
1133 2011-06-20 02:09:39 jburkle has joined
1134 2011-06-20 02:10:03 eps has quit (Disconnected by services)
1135 2011-06-20 02:10:11 LoveBeads has quit (Ping timeout: 244 seconds)
1136 2011-06-20 02:10:19 <erek> they're calling MagicalTux
1137 2011-06-20 02:10:21 <erek> hehe
1138 2011-06-20 02:10:22 <dD0T> minixking: Depends. gmail makes all its users on that list reset their passwords.
1139 2011-06-20 02:10:37 epscy has joined
1140 2011-06-20 02:10:43 <quiznor> there must be another wallet the site uses to pay out btc withdrawals.. if anyone knows that wallet, they can check if the hacker made out with any significant amount
1141 2011-06-20 02:10:58 <dD0T> minixking: Also exponentially is the wrong word here.
1142 2011-06-20 02:11:01 <nuthin> erek: where?
1143 2011-06-20 02:11:07 Sloth has joined
1144 2011-06-20 02:11:07 <minixking> i didnt make it out with much
1145 2011-06-20 02:11:11 <erek> http://onlyonetv.com/?page_id=178
1146 2011-06-20 02:11:13 <erek> they live stream
1147 2011-06-20 02:11:22 <machine1> Alert: Bitcoin CIA Operation - MTGOX "Hacked" Trades Rolled Back? http://members.beforeitsnews.com/story/730/098/Alert:_Bitcoin_CIA_Operation_-_MTGOX_Hacked_Trades_Rolled_Back.html
1148 2011-06-20 02:11:39 <quiznor> exponentially is the right word probably
1149 2011-06-20 02:11:39 <JFK911> ddos beforeitsnews.com
1150 2011-06-20 02:11:43 <luke-jr> dD0T: #Eligius
1151 2011-06-20 02:11:43 sabalabas has quit (Ping timeout: 240 seconds)
1152 2011-06-20 02:11:49 <quiznor> since each person tells N people, etc
1153 2011-06-20 02:11:51 <minixking> erek: i get a 503
1154 2011-06-20 02:12:01 <erek> try again
1155 2011-06-20 02:12:06 <Optimo> machine1, I'm thoroughly convinced that link is trash
1156 2011-06-20 02:12:17 <dD0T> luke-jr: https://en.bitcoin.it/wiki/Eligius I take it?
1157 2011-06-20 02:13:17 <TheSeven> MagicalTux: do you know at which point in time the dump was taken? i can tell that it must have been fairly recently as it already included my new password
1158 2011-06-20 02:13:55 Turix has quit (Quit: Leaving)
1159 2011-06-20 02:14:04 <quiznor> can anyone give me a recent transaction where they withdrew btc from mtgox
1160 2011-06-20 02:14:13 <vrs> enough time to allow somebody to crack the password of an account with a lot of BTC
1161 2011-06-20 02:14:41 <vrs> several hours at least? (assuming a not-too-weak password)
1162 2011-06-20 02:14:44 spm_Draget has joined
1163 2011-06-20 02:14:48 <NxTitle> MagicalTux: how much in the way of BTC did they get out? what price?
1164 2011-06-20 02:14:49 <luke-jr> dD0T: yes
1165 2011-06-20 02:14:51 <quiznor> vrs: a few hundred were cracked and then posted
1166 2011-06-20 02:14:55 <TheSeven> MagicalTux: must have been after 2011-06-16 12:00 UTC
1167 2011-06-20 02:14:56 Taveren93HGK has quit (Ping timeout: 260 seconds)
1168 2011-06-20 02:14:59 <vrs> quiznor: yes, the easy ones
1169 2011-06-20 02:15:18 <vrs> but i doubt somebody with >100kbtc has such an easy pw
1170 2011-06-20 02:15:34 <vrs> if they have, well...
1171 2011-06-20 02:15:44 <bulletbill> MT still didn't answer whether large amounts of coins were withdrawn
1172 2011-06-20 02:15:46 <upb> oh so mytgox wasnt hacked, their SECURITY CONSULTANT got rooted ?!
1173 2011-06-20 02:15:51 <vrs> yes
1174 2011-06-20 02:15:57 sacarlson has joined
1175 2011-06-20 02:16:12 <min0r> Does anyone know what happens if you send bitcoins to an address that DOESNT EXIST? (i.e. a typo in an address i sent to?)
1176 2011-06-20 02:16:23 <Lachesis> min0r, if it passed the checksum validation
1177 2011-06-20 02:16:24 <Keefe> bulletbill: he did say earlier: 100 btc
1178 2011-06-20 02:16:25 <Lachesis> they're gone
1179 2011-06-20 02:16:25 <vrs> they sit there until the day comes
1180 2011-06-20 02:16:28 <MagicalTux> NxTitle: they didn't get much BTC out, which is great
1181 2011-06-20 02:16:32 <NxTitle> min0r: they're checksummed so it's tough to accidentally typo
1182 2011-06-20 02:16:38 <NxTitle> MagicalTux: ah, kk
1183 2011-06-20 02:16:39 <vrs> or some lucky bastard gets a key that matches the address
1184 2011-06-20 02:16:44 <min0r> i see...
1185 2011-06-20 02:16:47 <quiznor> is 100 btc the withdrawal limit?
1186 2011-06-20 02:16:59 <luke-jr> jgarzik: do you have e-wallet services yet? I've had a number of people on Eligius looking for one that works properly
1187 2011-06-20 02:17:06 <min0r> but if you typo it... can you create that address somewhere before someone else does ?
1188 2011-06-20 02:17:08 <vrs> MagicalTux: is there a btc withdrawal limit too?
1189 2011-06-20 02:17:09 <NxTitle> yeah, people were questioning whether they got out $1000 @ 17 or $1000 @ 0.01
1190 2011-06-20 02:17:14 <luke-jr> min0r: it's not possible
1191 2011-06-20 02:17:16 <NxTitle> vrs: yes
1192 2011-06-20 02:17:21 <NxTitle> $1000 worth of BTC is max
1193 2011-06-20 02:17:29 <MagicalTux> vrs: the btc withdrawal limit saved us
1194 2011-06-20 02:17:30 <slush> anybody else noticed sudden withdrawals from mybitcoin.com ?
1195 2011-06-20 02:17:31 <quiznor> yeah but thats dollar denominated
1196 2011-06-20 02:17:40 <luke-jr> MagicalTux: saved whom?
1197 2011-06-20 02:17:41 <min0r> luke-jr: whats not possible? the odds of typing a valid address?
1198 2011-06-20 02:17:43 <slush> I received email that my balance was sent to some unkown address...
1199 2011-06-20 02:17:43 <quiznor> so you can only withdraw 100 btc per day
1200 2011-06-20 02:17:47 <Keefe> there should be another limit, denominated in btc
1201 2011-06-20 02:17:47 <MagicalTux> luke-jr: mtgox, and everyone else I guess
1202 2011-06-20 02:17:48 <luke-jr> min0r: pretty much
1203 2011-06-20 02:17:52 <min0r> ok np
1204 2011-06-20 02:17:55 <slush> ...and I didn't used same login/password as on mtgox ;)
1205 2011-06-20 02:18:02 <jrabbit> Waht ever happened to collective invalidation of the chain?
1206 2011-06-20 02:18:09 <vrs> MagicalTux: is it a per-account limit? could you circumvent it by intra-mtgox-transactions and withdrawing from sockpuppet accounts?
1207 2011-06-20 02:18:12 <luke-jr> MagicalTux: just saying, a revert means I lose ~$1000; so didn't save me :P
1208 2011-06-20 02:18:17 <jrabbit> i.e. restoring that guy's stolen wallet or similar hijinks?
1209 2011-06-20 02:18:18 <quiznor> didnt the hacker check how much he can withdraw first
1210 2011-06-20 02:18:19 neurochasm has quit (Quit: Leaving)
1211 2011-06-20 02:18:22 <min0r> anyone worried that someone has over 50% of the mining hash power??
1212 2011-06-20 02:18:27 <ius> gmaxwell: btw, that autoit stealer is more than just bitcoin
1213 2011-06-20 02:18:28 <MagicalTux> vrs: they tried to did it, but I shut down mtgox before anything major happened
1214 2011-06-20 02:18:29 <luke-jr> min0r: yep
1215 2011-06-20 02:18:32 <min0r> we jumped from 6Ghash to 8Ghash in a few days
1216 2011-06-20 02:18:45 <vrs> MagicalTux: ah, they weren't stupid then
1217 2011-06-20 02:18:46 <MagicalTux> min0r: and back to 6Gh since miners are busy cracking passwords ?
1218 2011-06-20 02:18:47 <ius> gmaxwell: Also steals chrome. ff and filezilla password caches
1219 2011-06-20 02:18:48 <nuthin> gmaxwell: it seems scrypt doesn't return a fixed output size, like bcrypt
1220 2011-06-20 02:18:57 <vrs> but they probably didn't plan it
1221 2011-06-20 02:19:00 RenaKunisaki has quit (Ping timeout: 276 seconds)
1222 2011-06-20 02:19:03 <jburkle> Newbie question on testnet-in-a-box. After doing everything in the README, the bitcoin daemon in datadir=2 does not appear to have an account. How do I give it a new account?
1223 2011-06-20 02:19:06 TheSeven has quit (Disconnected by services)
1224 2011-06-20 02:19:08 <MagicalTux> vrs: they started moving funds to randomly created accounts, but I stop mtgox before they actually withdraw anything
1225 2011-06-20 02:19:14 [7] has joined
1226 2011-06-20 02:19:22 <vrs> after they ran into the withdrawal limit?
1227 2011-06-20 02:19:25 <Keefe> so they weren't stupid, just slow :/
1228 2011-06-20 02:19:31 RenaKunisaki has joined
1229 2011-06-20 02:19:43 <vrs> that would imply they never moved large sums via mtgox
1230 2011-06-20 02:19:56 <vrs> or they would have known
1231 2011-06-20 02:19:57 <gmaxwell> nuthin: iirc it can return any size you want, so you can use it as a stream cipher source.
1232 2011-06-20 02:19:57 <Keefe> they won't make the same mistakes next time
1233 2011-06-20 02:20:20 <Lachesis> Keefe, *a moment of reflective silence*
1234 2011-06-20 02:20:28 <nuthin> hmm, k
1235 2011-06-20 02:20:31 <Lachesis> let's try to be ready for next time
1236 2011-06-20 02:20:37 <common_> MagicalTux: so the latest official message means, that mtgox won't be back before 8am GMT, which is in about 5h40min?
1237 2011-06-20 02:20:40 lessPlastic has quit (Quit: lessPlastic)
1238 2011-06-20 02:20:56 <quiznor> so the hacker probably made out with around 5,000 btc and probably still has access to a good # of accounts (after resetting the email to something they control)
1239 2011-06-20 02:20:58 <nuthin> I just tried out the demo utility they made and doesn't have many options
1240 2011-06-20 02:21:00 <vrs> MagicalTux: did the audit person have read access to the transaction database? why did they have access to the production database anyway?
1241 2011-06-20 02:21:24 <Optimo> it's an opportunity to tell part of your story, Mark. most people don't even know you took this over from a previous entity
1242 2011-06-20 02:21:34 Lenovo01 has joined
1243 2011-06-20 02:21:40 <vrs> so, is there a possibility that somebody can link bank transactions (names etc) to accounts?
1244 2011-06-20 02:21:42 <Optimo> not an excuse, but at least it lowers some of the mystery
1245 2011-06-20 02:21:43 <briareus> LOL "Bitcoin is for ordinary people, it's not just for criminals!" <--- Hahahaha
1246 2011-06-20 02:21:51 <nuthin> :D
1247 2011-06-20 02:21:56 <upb> MagicalTux: why did you send your helpdesk guy to the interview ?:P
1248 2011-06-20 02:22:02 <erek> MagicalTux: thank you for your help
1249 2011-06-20 02:22:08 <MagicalTux> upb: because I'm busy fixing stuff
1250 2011-06-20 02:22:13 <upb> aha
1251 2011-06-20 02:22:25 <jlgaddis> ...and answering questions from every idjit on irc
1252 2011-06-20 02:22:32 <nuthin> \o/
1253 2011-06-20 02:22:32 <evolute> upb: they said it's because MagicalTux's 1st language isn't english
1254 2011-06-20 02:22:39 <MagicalTux> evolute: that too
1255 2011-06-20 02:22:44 <erek> MagicalTux: ãããã¨ã
1256 2011-06-20 02:22:48 <fiverawr> I think his first language is PHP
1257 2011-06-20 02:22:53 <nuthin> hhaha
1258 2011-06-20 02:22:54 <upb> lol
1259 2011-06-20 02:23:11 Lenovo01 has quit (Client Quit)
1260 2011-06-20 02:23:16 <Keefe> slush: i don't use mybitcoin. i got a bad feeling about them long ago
1261 2011-06-20 02:23:24 Taveren93HGK has joined
1262 2011-06-20 02:23:48 <slush> Keefe: same here, actually I lost 0.5BTC, which is not _so_ bad
1263 2011-06-20 02:24:11 <slush> but I'm just curious if someone cracked my account or it is some wide major attack
1264 2011-06-20 02:24:18 <quiznor> hackstack
1265 2011-06-20 02:24:39 inktri has joined
1266 2011-06-20 02:24:48 Teslah has quit (Ping timeout: 255 seconds)
1267 2011-06-20 02:25:35 <kika_> MagicalTux: when mtgox will be back how many more hours?
1268 2011-06-20 02:25:35 <dehuman> slush: you use same password on mybitcoin as mtgox?
1269 2011-06-20 02:25:41 <slush> no
1270 2011-06-20 02:25:51 <Optimo> gmail really needs sort my attachment size
1271 2011-06-20 02:26:12 <midnightmagic> slush: What's this now? You're seeing problems elsewhere?
1272 2011-06-20 02:26:14 <slush> actually I used pretty strong password on mtgox and I'm not affraid of cracking them from his hashed representation
1273 2011-06-20 02:26:24 <common_> kika_: according to latest info on page ~5h35mins
1274 2011-06-20 02:26:32 <spm_Draget> Some financial markets shut down automatically if there is too much movement. Anyhow, thumbsup for Mark. Can imagine it must be an awful night. Feeling with you =)
1275 2011-06-20 02:26:55 <slush> midnightmagic: bitcoins from my account at mybitcoin.com disappeared before hour or two, I received an email that they were withdrawed :)
1276 2011-06-20 02:27:15 <quiznor> you were my bitcoin hacked?
1277 2011-06-20 02:27:20 <midnightmagic> slush: Jesus brutal..
1278 2011-06-20 02:27:21 <slush> looks like
1279 2011-06-20 02:29:23 <spm_Draget> Cool, bitcoins in der Tagesschau
1280 2011-06-20 02:29:34 <vrs> spm_Draget: eins weiter :)
1281 2011-06-20 02:29:35 <slush> hmm, strange. Thanks to account history, coins were sent to 1Ne8UvHx1CK3zUmUBMmZK2pZFHb2iNqZHi, but blockexplorer does not show anything
1282 2011-06-20 02:29:38 <quiznor> why did the thiefer steal 0.5 btc hmm
1283 2011-06-20 02:29:46 plutonic has joined
1284 2011-06-20 02:29:53 <BaltarNZ> so mybitcoin is cracked as well?
1285 2011-06-20 02:30:07 <vrs> perhaps mybitcoin's bitcoind is offline?
1286 2011-06-20 02:30:20 <Blitzboom> audit mtgox security â compromise it yourself
1287 2011-06-20 02:30:21 <Blitzboom> brilliant
1288 2011-06-20 02:30:34 <NxTitle> people watching onlyonetv right now - who is the guy currently talking to?
1289 2011-06-20 02:30:36 <NxTitle> online
1290 2011-06-20 02:30:42 <Blitzboom> i hope the auditer will kill himself for the darwin award
1291 2011-06-20 02:30:44 <ZOP> slush: i don't see any pending transactions....blockexplorer...doesnt' say completely unknown for that address though?
1292 2011-06-20 02:30:48 <NxTitle> Adam or Mike?
1293 2011-06-20 02:30:51 <NxTitle> erm
1294 2011-06-20 02:30:52 <NxTitle> Mark
1295 2011-06-20 02:31:02 <quiznor> hmm the whole financial auditor story is a little weak
1296 2011-06-20 02:31:03 <nuthin> NxTitle: seems the help desk guy
1297 2011-06-20 02:31:04 <NxTitle> ah, nvm
1298 2011-06-20 02:31:06 <ZOP> slush: maybe it went into a later-invalidated block?
1299 2011-06-20 02:31:09 <slush> ZOP: me too, which looks strange. but my balance dropped to 0
1300 2011-06-20 02:31:20 <quiznor> why would the auditor need access to to mysql? just give them csv dumps like a normal audit
1301 2011-06-20 02:31:33 <vrs> Blitzboom: the shame should be enough, i guess they learned from it
1302 2011-06-20 02:31:33 <ZOP> slush: and just hasn't been resubmitted to the p2p network by mybitcoin? odd.
1303 2011-06-20 02:31:46 <slush> i have no idea
1304 2011-06-20 02:31:49 <quiznor> what accounting company does an audit using a live mysql server thats changing? doesn't happen..
1305 2011-06-20 02:31:55 <phunction> whats the purpose of finanicial audits?
1306 2011-06-20 02:31:59 <ZOP> quiznor: even if the dude got mysql dumps, why were the passwords or email addresses part of it, hell, why were teh account NAMES part of it.
1307 2011-06-20 02:31:59 <slush> I'm curious if I'm alone or more people noticed this
1308 2011-06-20 02:32:07 <jgarzik> luke-jr: unfortunately not. looked into USA regulations, and got scared away from both e-wallet and pool providing
1309 2011-06-20 02:32:07 <markio> mybitcoin is compromised?
1310 2011-06-20 02:32:11 <quiznor> if youve ever done an audit you now they take all teh data in CSV format or something for the period youre auditing. they dont go rooting around your production database
1311 2011-06-20 02:32:25 <luke-jr> jgarzik: whoa, not even pool?
1312 2011-06-20 02:32:39 <luke-jr> jgarzik: what regulations can possibly be applied to pools? :/
1313 2011-06-20 02:32:41 <slush> jgarzik: where is a problem with pools?
1314 2011-06-20 02:32:42 <jlgaddis> quiznor: what makes you think they had access to the production database?
1315 2011-06-20 02:32:44 <jgarzik> luke-jr: it's money transmitting...
1316 2011-06-20 02:32:46 smokemasta2 has quit ()
1317 2011-06-20 02:32:51 <quiznor> a financial auditor doesn't poke around your sql.. they load up your CSV files into cruddy EXCEL and dink around with it :)
1318 2011-06-20 02:32:53 <jrmithdobbs> MagicalTux: after that discussion you're still going to try and implement your own sha512-based password hash format?
1319 2011-06-20 02:32:53 <jgarzik> slush: you are OK. This is only for pools hosted inside USA.
1320 2011-06-20 02:32:56 <luke-jr> jgarzik: stored value = money?
1321 2011-06-20 02:32:57 <jrmithdobbs> MagicalTux: PLEASE SAY IT AINT SO
1322 2011-06-20 02:33:00 <jgarzik> luke-jr: correct
1323 2011-06-20 02:33:11 <quiznor> jlgaddis: because they had the user table
1324 2011-06-20 02:33:23 <phunction> is this for tax compliance in japan?
1325 2011-06-20 02:33:23 <luke-jr> jgarzik: so mining = money transmitting?
1326 2011-06-20 02:33:29 <luke-jr> USA mining is highly regulated?
1327 2011-06-20 02:33:33 <jlgaddis> quiznor: perhaps they had csv files of each table
1328 2011-06-20 02:33:47 <kgo> mining != mining-pool
1329 2011-06-20 02:33:57 digitalirony has quit (Ping timeout: 276 seconds)
1330 2011-06-20 02:34:16 <quiznor> jlgaddis: the story so far is that the auditor had access to the db
1331 2011-06-20 02:34:24 <quiznor> why would you give your accountant the user table?
1332 2011-06-20 02:34:31 <ZOP> i think anonymous is done with sony now....heh....
1333 2011-06-20 02:34:40 <Blitzboom> it was financial auditors?
1334 2011-06-20 02:34:43 <quiznor> yes
1335 2011-06-20 02:34:55 <Blitzboom> so the traditional financial retards managed to fuck it up again
1336 2011-06-20 02:34:59 <jlgaddis> "someone who performs audits"
1337 2011-06-20 02:35:00 <vrs> jburkle: getnewaddress, then setaccount (it will just be created)
1338 2011-06-20 02:35:00 <ZOP> Blitzboom: https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
1339 2011-06-20 02:35:01 <kgo> quiznor, where was that said? People also get code audits.
1340 2011-06-20 02:35:05 <vrs> MagicalTux: (again, sorry) did the audit person have read access to the transaction database / could they see banking details (IBANs, names, addresses, etc)?
1341 2011-06-20 02:35:06 <jlgaddis> not necessarily a financial auditor
1342 2011-06-20 02:35:07 <ZOP> Blitzboom: update @ 2:06 GMT
1343 2011-06-20 02:35:07 <quiznor> kgo - yes it was
1344 2011-06-20 02:35:19 darbsllim_1 has joined
1345 2011-06-20 02:35:20 <Herodes> I for one is ignoring jrmithdobbs. Had enough of his crappy attitude.
1346 2011-06-20 02:35:23 <Blitzboom> goddamn SUITS
1347 2011-06-20 02:35:26 vonnieda has joined
1348 2011-06-20 02:35:31 KedP has joined
1349 2011-06-20 02:35:38 digitalirony has joined
1350 2011-06-20 02:35:40 <KedP> hi
1351 2011-06-20 02:35:55 <quiznor> an accountant would want all the transactions, payins, and payouts.. then they reconcile it
1352 2011-06-20 02:36:06 <quiznor> they dont want email addresses or ppl's bank details etc
1353 2011-06-20 02:36:15 <kgo> quiznor, not trying to force the point, but I never saw anything that indicated it was a finincal auditor vs a security auditor vs code auditor. If you have a link or snipped, I'd apprecaite it.
1354 2011-06-20 02:36:25 <nuthin> quiznor: they probably want peoples bank details
1355 2011-06-20 02:36:28 digitalirony has quit (Client Quit)
1356 2011-06-20 02:36:31 darbsllim has quit (Ping timeout: 260 seconds)
1357 2011-06-20 02:36:34 <quiznor> kgo - it was stated in the chat somewhere.. i had to log back in tho
1358 2011-06-20 02:36:35 <nuthin> they need to know where the money is coming from
1359 2011-06-20 02:36:40 <phunction> they said it one live stream right now
1360 2011-06-20 02:36:42 <jrmithdobbs> nuthin: no they specifically *don't* want it in most cases actually
1361 2011-06-20 02:36:49 <phunction> said it finanical auditor
1362 2011-06-20 02:36:50 <quiznor> but the thing is, no accountant is going to futz around on mysql :) they are excel monkeys
1363 2011-06-20 02:36:53 <nuthin> that's why you even need audits
1364 2011-06-20 02:36:58 darbsllim_1 has quit (Client Quit)
1365 2011-06-20 02:37:05 <Blitzboom> i blame the damn auditor
1366 2011-06-20 02:37:16 <fiverawr> I still blame Blitzboom
1367 2011-06-20 02:37:21 Saab- has joined
1368 2011-06-20 02:37:25 <quiznor> have you ever seen an accountant digging around a live mysql database and figuring shit out... no..
1369 2011-06-20 02:37:29 devserial has joined
1370 2011-06-20 02:37:31 <Blitzboom> those finincial types managed to ruin it for everyone else again
1371 2011-06-20 02:37:40 stamit has joined
1372 2011-06-20 02:37:43 <nuthin> the point in audits is making sure people are not trying to launder money and that you're actually getting in what you claim
1373 2011-06-20 02:37:48 <Blitzboom> i hope they wonât be asking for taxpayer bailouts now
1374 2011-06-20 02:37:53 <quiznor> an audit situation would be: From: accountant@llc.com Hey send me a zip with the transactions in CSV format
1375 2011-06-20 02:38:06 <nuthin> I think
1376 2011-06-20 02:38:07 Castor_ has quit (Ping timeout: 240 seconds)
1377 2011-06-20 02:38:11 <jgarzik> luke-jr: mining == money receiving
1378 2011-06-20 02:38:14 <nuthin> maybe not the launder money part ...
1379 2011-06-20 02:38:16 <jgarzik> luke-jr: pool operating == money transmitting
1380 2011-06-20 02:38:19 <ZOP> kgo: my link is where they've mentioned the auditor, nothing said about what type.
1381 2011-06-20 02:38:25 <jgarzik> big diff
1382 2011-06-20 02:38:33 Castor_ has joined
1383 2011-06-20 02:38:33 <min0r> all bitcoin addresses are 34 characters alphanuemeric?
1384 2011-06-20 02:38:39 <jrmithdobbs> min0r: nope
1385 2011-06-20 02:38:40 <luke-jr> jgarzik: pool is just mining
1386 2011-06-20 02:38:47 Teslah has joined
1387 2011-06-20 02:38:58 <jrmithdobbs> min0r: alphanumeric yes but length varies
1388 2011-06-20 02:39:00 jsnyder has joined
1389 2011-06-20 02:39:01 <luke-jr> jgarzik: unless you mean I simply need to avoid ever using 'send*'
1390 2011-06-20 02:39:04 Teslah has quit (Read error: Connection reset by peer)
1391 2011-06-20 02:39:05 <kika_> jgarzik: pool and mining would be the same
1392 2011-06-20 02:39:06 caedes has quit (Remote host closed the connection)
1393 2011-06-20 02:39:08 <jrmithdobbs> min0r: and case matters
1394 2011-06-20 02:39:10 <kunnis> quiznor I have one tinkering in a mssql database
1395 2011-06-20 02:39:16 <jrmithdobbs> kika_: no it wouldn't
1396 2011-06-20 02:39:18 <min0r> jrmithdobs: whats the minimum length?
1397 2011-06-20 02:39:22 Teslah has joined
1398 2011-06-20 02:39:26 <luke-jr> but then, wouldn't that mean *anyone who ever spends bitcoins* is regulated the same?
1399 2011-06-20 02:39:33 <kika_> jrmithdobbs: whats the difference between mining in a pool and mining in a client?
1400 2011-06-20 02:39:36 Crypticfortune has joined
1401 2011-06-20 02:39:37 <ZOP> min0r: the'yre a base58 representation of the...now i can't remember... http://en.bitcoin.it/wiki/Address probably remembers
1402 2011-06-20 02:39:44 <kgo> A pool has a centralized place where money is collected and distributed by an agent.
1403 2011-06-20 02:39:46 <jrmithdobbs> kika_: it's not the people doing the mining he's talknig about.
1404 2011-06-20 02:39:46 plutonic has quit (Quit: plutonic)
1405 2011-06-20 02:39:48 <kika_> jrmithdobbs: in both cases you are solving a block
1406 2011-06-20 02:39:53 <jrmithdobbs> kika_: he's talking about the *pool operator*
1407 2011-06-20 02:39:58 <ZOP> min0r: basically the hash of the public key.
1408 2011-06-20 02:40:01 <jrmithdobbs> which transmits the resulting money to others
1409 2011-06-20 02:40:02 <kgo> mining doesn't have that agent. Spending money doesn't have that agent.
1410 2011-06-20 02:40:14 <BaltarNZ> I would guess in the US a pool operator would be required to 1099 other US persons and get an exception statement from non US parties.
1411 2011-06-20 02:40:15 <kika_> jrmithdobbs: i think the pool operator is just a miner, a big miner
1412 2011-06-20 02:40:20 <jrmithdobbs> you're wrong
1413 2011-06-20 02:40:21 <luke-jr> kgo: Eligius doesn't collect/distribute money
1414 2011-06-20 02:40:30 <kunnis> kika_ Mining in a pool it distributes the odds of getting a payout across everyone. Much like an office lotto pool. Everyone chips in hoping to get the big payout.
1415 2011-06-20 02:40:35 <jgarzik> kika_: wrong
1416 2011-06-20 02:40:43 <kika_> jrmithdobbs: so to run a pool you need to have a money transmitting licence?
1417 2011-06-20 02:40:46 hallowworld has quit (Ping timeout: 260 seconds)
1418 2011-06-20 02:40:47 <jgarzik> luke-jr: you can continue to tell yourself that. lawyers disagree...
1419 2011-06-20 02:40:59 <jgarzik> kika_: if you are USA'ian, running a USA-based pool, yes
1420 2011-06-20 02:41:07 <jrmithdobbs> kika_: jgarzik says that's the results of his resaurch
1421 2011-06-20 02:41:10 <BaltarNZ> kunnis right, and in the US you need to pay taxes on your winnings.
1422 2011-06-20 02:41:12 <luke-jr> jgarzik: it works exactly the same as any other miner
1423 2011-06-20 02:41:13 <jrmithdobbs> and it sounds plausible to me
1424 2011-06-20 02:41:20 <kgo> luke-jr, asking cuz I really don't know, but where does that 50BTC bounty go? Straight to the miners?
1425 2011-06-20 02:41:25 <luke-jr> kgo: yes
1426 2011-06-20 02:41:30 <jrmithdobbs> luke-jr: actually, you're not doing any transmitting with eligius
1427 2011-06-20 02:41:38 <jrmithdobbs> luke-jr: i don't know it's kind of fuzzy
1428 2011-06-20 02:41:50 <BaltarNZ> the IRS likes fuzzy
1429 2011-06-20 02:41:54 <jburkle> tell vrs thank you very much
1430 2011-06-20 02:41:58 <ZOP> eligius pays out to the addresses during the generation that it occurs....
1431 2011-06-20 02:42:05 <ZOP> which is different.
1432 2011-06-20 02:42:05 <jrmithdobbs> luke-jr: but because you're splitting the coinbase directly i could see making an argument in court at the least
1433 2011-06-20 02:42:11 <jrmithdobbs> luke-jr: just depends if you're willing to do that
1434 2011-06-20 02:42:11 <ZOP> it never actually collects any.
1435 2011-06-20 02:42:13 <jrmithdobbs> and take that chance
1436 2011-06-20 02:42:36 Castor_ is now known as Castor
1437 2011-06-20 02:42:42 <Cryo> MagicalTux, thanks for participating in that chat and adding sanity.
1438 2011-06-20 02:42:45 <ZOP> the others all certainly do collect it together.
1439 2011-06-20 02:42:46 Castor is now known as Castor_
1440 2011-06-20 02:42:57 <kgo> Okay. That's a little more grey than the other pools though. All I know is the IRS took down Capone...
1441 2011-06-20 02:43:15 sacarlson has quit (Quit: Leaving.)
1442 2011-06-20 02:43:17 <luke-jr> jgarzik: so theoretically, isn't there some $N,000 per month per person minimum before the regulations apply?
1443 2011-06-20 02:43:26 <jgarzik> luke-jr: at the federal level, yes
1444 2011-06-20 02:43:27 <ZOP> luke-jr: dude, are you shooting people?
1445 2011-06-20 02:43:28 backwardation25 has joined
1446 2011-06-20 02:43:30 <jgarzik> luke-jr: at the state level, no
1447 2011-06-20 02:43:36 sacarlson has joined
1448 2011-06-20 02:43:40 OVerLoRDI_ has joined
1449 2011-06-20 02:43:41 <ZOP> luke-jr: coz i heard someone say you were shooting people...yanno, like that Capone guy....
1450 2011-06-20 02:43:45 <ZOP> :)
1451 2011-06-20 02:43:55 <joecool> for a capital gain?
1452 2011-06-20 02:43:57 <jgarzik> luke-jr: some fscking states require MT license for -any- money transmitting. Yes, it is completely stupid and ignores reality.
1453 2011-06-20 02:44:00 <joecool> yeah state level shit applies
1454 2011-06-20 02:44:04 <joecool> at least here it does
1455 2011-06-20 02:44:07 <luke-jr> :/
1456 2011-06-20 02:44:23 <luke-jr> jgarzik: so every human needs a MT license to spend money?
1457 2011-06-20 02:44:24 <BaltarNZ> going up against the IRS is no fun.
1458 2011-06-20 02:44:28 <joecool> i'm not subject to taxes on capital gains under x-amount
1459 2011-06-20 02:44:37 <jgarzik> luke-jr: mailing you $20 bill in the mail is money transmitting. that is how insane it is.
1460 2011-06-20 02:45:07 <nuthin> I think Norway is more insane
1461 2011-06-20 02:45:25 <joecool> ofc they are
1462 2011-06-20 02:45:26 <BaltarNZ> is norway still publishing tax records?
1463 2011-06-20 02:45:30 <nuthin> yup
1464 2011-06-20 02:45:31 <joecool> they have polar bears and shit running around
1465 2011-06-20 02:45:33 Hal____ has joined
1466 2011-06-20 02:45:37 <BaltarNZ> fun stuff
1467 2011-06-20 02:45:40 <appamatto> Umm, what's the news with mtgox?
1468 2011-06-20 02:45:41 jarly has quit (Quit: Leaving)
1469 2011-06-20 02:45:43 Sloth has quit ()
1470 2011-06-20 02:45:50 <appamatto> Did unencryted passwords get leaked?
1471 2011-06-20 02:45:53 <luke-jr> appamatto: try reading it
1472 2011-06-20 02:45:54 <nuthin> well, next year you'll have to log in to a government site to gain access
1473 2011-06-20 02:46:01 pyro__ has quit (Ping timeout: 260 seconds)
1474 2011-06-20 02:46:32 <nuthin> but up until now they gave the records to all newspapers etc. and you could search up anyone anonymously
1475 2011-06-20 02:46:38 OVerLoRDI has quit (Ping timeout: 246 seconds)
1476 2011-06-20 02:46:54 <kika_> how do you determine if a pool is USA based or not? by the location of the servers?
1477 2011-06-20 02:47:01 <luke-jr> kika_: good question
1478 2011-06-20 02:47:06 <nuthin> but I guess the idea behind it is the same as the official bitcoin transaction log
1479 2011-06-20 02:47:25 <BaltarNZ> if you are a non-US person you really don't have anything to worry about, it's the pool operator who will get in trouble.
1480 2011-06-20 02:47:25 <kika_> luke-jr: by the location of the miners?
1481 2011-06-20 02:47:38 ^1bitc0inplz has joined
1482 2011-06-20 02:47:41 <luke-jr> kika_: I suspect by the operator's jurisdiction
1483 2011-06-20 02:47:43 Taveren93HGK has quit ()
1484 2011-06-20 02:48:00 gsathya has quit (Ping timeout: 252 seconds)
1485 2011-06-20 02:48:14 sloberi has quit ()
1486 2011-06-20 02:48:17 Cablesaurus has joined
1487 2011-06-20 02:48:17 Cablesaurus has quit (Changing host)
1488 2011-06-20 02:48:17 Cablesaurus has joined
1489 2011-06-20 02:48:21 <kika_> luke-jr: so basically if a Brazilian guy runs a pool with servers hosted on USA it would be a Brazilian based pool and not USA baseD?
1490 2011-06-20 02:48:41 <luke-jr> dunno
1491 2011-06-20 02:48:42 bulletbill has quit (Read error: No route to host)
1492 2011-06-20 02:48:59 <joecool> kika_: it would be subject under both laws
1493 2011-06-20 02:49:08 bulletbill has joined
1494 2011-06-20 02:49:08 <quiznor> mtgox operates out of canada or the US
1495 2011-06-20 02:49:11 <quiznor> they are definitely not in japan
1496 2011-06-20 02:49:12 <^1bitc0inplz> joecool: that would be my understanding as well
1497 2011-06-20 02:49:22 Titanium123 has joined
1498 2011-06-20 02:49:26 <joecool> it's like if you're in the US and you live in one state, but work in another
1499 2011-06-20 02:49:30 <Cablesaurus> Anyone know how I can get ahold of someone with Google Apps? Whatever MTGox did with Google has blocked SMTP sending via my google apps account through ShipWorks, for shipping emails. I can login fine to the account but SMTP is not taking my password.
1500 2011-06-20 02:49:34 <BaltarNZ> they are in japan and some of the servers are in germany it looks like.
1501 2011-06-20 02:49:34 <NxTitle> omg, people in the onlyonetv chatroom are retarded
1502 2011-06-20 02:49:35 <kika_> quiznor: where is mtgox?
1503 2011-06-20 02:49:39 <jgarzik> kika_: if the servers doing the transmitting are in the US, it seems like you would be subject to US MT regulations. But standard disclaimer applies: I Am Not A Lawyer
1504 2011-06-20 02:49:45 <NxTitle> "sha512 isn't secure enough" are you an idiot?
1505 2011-06-20 02:49:54 <Titanium123> lol
1506 2011-06-20 02:49:55 <csshih> lols
1507 2011-06-20 02:50:02 <Blitzboom> lololo
1508 2011-06-20 02:50:06 <csshih> the onlyonetv channel is retarded
1509 2011-06-20 02:50:15 <BaltarNZ> bcrypt is nice for password encryption.
1510 2011-06-20 02:50:16 <KuDeTa> csshih: yup
1511 2011-06-20 02:50:16 <Titanium123> salted sha1000000 isnt secure enough if a dictionary attack will get ur pass
1512 2011-06-20 02:50:21 <NxTitle> sha512 with 1000 iterations isn't that good of an idea - if mtgox gets bogged down it will become even worse
1513 2011-06-20 02:50:29 <joecool> NxTitle: it's not secure enough for the future, have you been to the future?
1514 2011-06-20 02:50:32 common_ has quit (Ping timeout: 252 seconds)
1515 2011-06-20 02:50:44 <nuthin> hmm, bcrypt is not that great?
1516 2011-06-20 02:50:45 <Titanium123> md5 is plenty fine
1517 2011-06-20 02:50:45 <spm_Draget> NxTitle: Are you a cryptographer?
1518 2011-06-20 02:50:48 <KuDeTa> can one of you answer me something? Should/can salts be hidden?
1519 2011-06-20 02:50:51 <nuthin> I want a source
1520 2011-06-20 02:50:56 <Titanium123> its your problem for using crappy passwords that can be brute forced
1521 2011-06-20 02:50:56 <quiznor> kika_: im guessing seattle area
1522 2011-06-20 02:50:58 <Blitzboom> one questions remains â¦
1523 2011-06-20 02:51:03 <kgo> KuDeTa, not really.
1524 2011-06-20 02:51:04 <NxTitle> spm_Draget: I know enough about cryptography to tell you sha512 isn't weak
1525 2011-06-20 02:51:05 <Blitzboom> WHO THE FUCK STORES 400K BTC ON MTGOX?!
1526 2011-06-20 02:51:07 enquire has quit (Read error: Operation timed out)
1527 2011-06-20 02:51:11 <quiznor> kika_: 2 american guys and a canadian
1528 2011-06-20 02:51:12 <lianj> not leaking those hashes is a good start
1529 2011-06-20 02:51:12 <NxTitle> however personally I use whirlpool when I can
1530 2011-06-20 02:51:13 MRD_ has quit (Ping timeout: 246 seconds)
1531 2011-06-20 02:51:23 <midnightmagic> Blitzboom: someone who wants to make a lot of money?
1532 2011-06-20 02:51:29 <nuthin> it's not that sha512 is weak
1533 2011-06-20 02:51:33 <midnightmagic> Blitzboom: oh, no, sorry. Got that wrong. An idiot.
1534 2011-06-20 02:51:43 pyro_ has joined
1535 2011-06-20 02:51:44 <Blitzboom> an idiot with 400k?!
1536 2011-06-20 02:51:48 <nuthin> it's just that sha512 can easily be computed
1537 2011-06-20 02:51:50 <Titanium123> no hashing algorigtm will help in this case, its either waaaaay too slow to use onthe site, or wayyyy to fast so it casn be brute forced
1538 2011-06-20 02:51:50 <NxTitle> Blitzboom: uhm, someone who stole btc from many others :P
1539 2011-06-20 02:51:51 <midnightmagic> Blitzboom: apparently.
1540 2011-06-20 02:51:52 <Blitzboom> how can you get 400k of bitcoins with being an idiot?
1541 2011-06-20 02:52:01 <BaltarNZ> quiznor MtGox is in Japan.
1542 2011-06-20 02:52:04 <markio> is mtgox going to survive this class-action suit?
1543 2011-06-20 02:52:05 <spm_Draget> And salts need to be saved in plaintext with the password. Anyone now familar with this concept of key stretching, please check wikipedia.
1544 2011-06-20 02:52:05 <NxTitle> open orders will be flushed
1545 2011-06-20 02:52:12 <NxTitle> all orders will be cancelled
1546 2011-06-20 02:52:12 <Titanium123> i got 1200 for my $.01 orders :)
1547 2011-06-20 02:52:13 <midnightmagic> Blitzboom: mine it from day 1?
1548 2011-06-20 02:52:18 <Blitzboom> for fucks sake, i thought that with bitcoin, the elite would at least be CLEVER
1549 2011-06-20 02:52:28 <luke-jr> markio: how do cross-nation class action lawsuits work?
1550 2011-06-20 02:52:29 <nuthin> Titanium123: it doesn't have to be slow
1551 2011-06-20 02:52:29 <NxTitle> yeah
1552 2011-06-20 02:52:31 <midnightmagic> Blitzboom: since when are people with money clever?
1553 2011-06-20 02:52:44 <Blitzboom> midnightmagic: does money damage your brain?
1554 2011-06-20 02:52:48 <csshih> dude
1555 2011-06-20 02:52:50 <NxTitle> honestly they probably could have gotten all that money out of mtgox without being caught
1556 2011-06-20 02:52:58 <csshih> just hand out in bitcoin-mining
1557 2011-06-20 02:53:00 <nuthin> Titanium123: if you instead of having to "log on" every time you use the trade api, you log on once and use a session id
1558 2011-06-20 02:53:03 <csshih> so many people popping in and asking
1559 2011-06-20 02:53:03 jrabbit has left ()
1560 2011-06-20 02:53:03 <midnightmagic> Blitzboom: I've seen it happen.
1561 2011-06-20 02:53:08 <Titanium123> nuthin, lets say it takes 1 second to calculate, thats already getting too long to be useful on a website, but guessing 1M dictionary words is easy ona cluster
1562 2011-06-20 02:53:09 <nuthin> possibly with a personal key
1563 2011-06-20 02:53:10 <kgo> In theory, you could try to do something 'smart' like use the 2nd and 3rd chars of a email address as the salt, but an attacker could just create a dummy acount with a known password to figure out the salting algo.
1564 2011-06-20 02:53:12 <NxTitle> kinda glad they didn't, but they made a big mistake by pushing the price down like that
1565 2011-06-20 02:53:14 <csshih> I have a 6 CORE CPU WHAT DO YOU MEAN I CAN'T MINE WITH IT
1566 2011-06-20 02:53:16 <joecool> luke-jr: if your company is big enough you locate parts in both :P
1567 2011-06-20 02:53:20 samlander has joined
1568 2011-06-20 02:53:33 <nuthin> Titanium123: it would be if you have 1000 people logging in at once
1569 2011-06-20 02:53:39 <quiznor> i dont understand the 420K MTGOX wallet.. it had no transactions between the 12th and the 19th. so it must not be the same wallet people withdraw from. it must be mtgox's personal profits
1570 2011-06-20 02:53:39 <samlander> MagicalTux: are you flushing the order book too? aka do i have to re enter my bids?
1571 2011-06-20 02:53:48 <markio> luke-jr I think skype
1572 2011-06-20 02:53:52 <nuthin> but once people are logged in, you don't need to check their password
1573 2011-06-20 02:53:52 <csshih> flush the order book please
1574 2011-06-20 02:53:53 <csshih> lol
1575 2011-06-20 02:53:59 <csshih> it's a bit messy
1576 2011-06-20 02:54:13 <MagicalTux> samlander: we'll flush any order that would be outstanding based on other market's bitcoin value
1577 2011-06-20 02:54:15 <kgo> samlander, long long ago mt said there would be no way to recover the old bids. Not sure if it's still true.
1578 2011-06-20 02:54:18 <samlander> csshih: i think given the circumstances, the projected bids and asks are no longer valid
1579 2011-06-20 02:54:22 <Titanium123> lets say you get 1000 computers and are wilign to spend 1 hour per password to crack it
1580 2011-06-20 02:54:23 <samlander> the market is upset by todays events
1581 2011-06-20 02:54:34 <NxTitle> MagicalTux: sha512 with 1000 iterations isn't the best of ideas. I agree with sha512, but the iterations will lag mtgox and open a possible DoS hole
1582 2011-06-20 02:54:39 <Titanium123> you only need to try 1M passwords to get most common ones
1583 2011-06-20 02:54:40 <erek> MagicalTux: did you see the people on the forum saying the MtGox story is wrong?
1584 2011-06-20 02:54:52 <samlander> MagicalTux: does that include by buy order at 15.30 ?
1585 2011-06-20 02:54:53 <erek> MagicalTux: http://forum.bitcoin.org/index.php?topic=19646.0
1586 2011-06-20 02:54:54 <NxTitle> MagicalTux: by registering a bunch of accounts and using them to log in all at the same time
1587 2011-06-20 02:55:01 <BaltarNZ> http://code.google.com/p/py-bcrypt/ is a nice password hashing system
1588 2011-06-20 02:55:18 <markio> john the ripper
1589 2011-06-20 02:55:18 <samlander> MagicalTux: because i certainly would be revising that myself if i had access to the system right now
1590 2011-06-20 02:55:20 <NxTitle> I've seen 3 or 4 people say the story is wrong, and they've all been rightfully called out as idiots
1591 2011-06-20 02:55:27 <MagicalTux> NxTitle: I said 10000 iterations
1592 2011-06-20 02:55:37 <NxTitle> oh, Adam said 1000 :P
1593 2011-06-20 02:55:39 <MagicalTux> I made the computation and my 24 core servers can handle a lot of those
1594 2011-06-20 02:55:39 <Titanium123> it woudl need to take 3 seconds on the website to calculate the hash if youy want any chance of protecting against brute force (even a lazy brute force)
1595 2011-06-20 02:55:42 <erek> "Mtgox's official story is wrong. The BTC of many accounts was sold: proof inside" = http://forum.bitcoin.org/index.php?topic=19646.0
1596 2011-06-20 02:55:43 <NxTitle> nonetheless, I still think it's a bad idea
1597 2011-06-20 02:56:01 <NxTitle> it's not about the server being able to handle them, it's about opening a possible DoS hole
1598 2011-06-20 02:56:10 <samlander> MagicalTux: i appologize with bothering you with something so trivial, i know you have your hands full ith much more important things
1599 2011-06-20 02:56:15 <NxTitle> MagicalTux: canada ;)
1600 2011-06-20 02:56:39 <nuthin> NxTitle: isn't a DoS hole a matter of the available resources?
1601 2011-06-20 02:56:54 NOTAL has joined
1602 2011-06-20 02:57:04 <Speeder> MagicalTux if you ever need help, call me :D
1603 2011-06-20 02:57:09 <Titanium123> protecting against peopel that use dictionary words as passwords is impossible
1604 2011-06-20 02:57:17 <Titanium123> its not mtgox's fault
1605 2011-06-20 02:57:23 <NxTitle> nuthin: well, if it takes 10k iterations of sha512 and, say, it takes 0.1 seconds to login, imagine if someone executes 100 or 1000 logins at once
1606 2011-06-20 02:57:33 <NxTitle> much less bandy intensive than just throwing traffic at a server
1607 2011-06-20 02:57:33 <jrmithdobbs> MagicalTux: can you please disclose your new password hashing algorithm for vetting?
1608 2011-06-20 02:57:44 <Titanium123> the algorithm does nto matter
1609 2011-06-20 02:57:44 <MagicalTux> NxTitle: it takes 0.007 seconds to make the 10000 iterations
1610 2011-06-20 02:57:52 <jrmithdobbs> MagicalTux: with any site-salts stripped, of course
1611 2011-06-20 02:58:04 <MagicalTux> NxTitle: and I got 24 cores ready to take the load, with HT (new i7 HT, so it should work fine=
1612 2011-06-20 02:58:06 <NxTitle> jrmithdobbs: sha512 works with the current system, i.e. crypt
1613 2011-06-20 02:58:17 <nuthin> NxTitle: I guess you'd need some sort of queue system
1614 2011-06-20 02:58:19 <MagicalTux> jrmithdobbs: I will
1615 2011-06-20 02:58:27 <nuthin> NxTitle: I'd rather have that though
1616 2011-06-20 02:58:30 <jrmithdobbs> MagicalTux: thanks
1617 2011-06-20 02:58:36 <NxTitle> ah, alright
1618 2011-06-20 02:58:39 subigo has quit (Quit: Leaving)
1619 2011-06-20 02:59:01 <vrs> erek: I believe we would see those transactions as a peak on blockexplorer/etc
1620 2011-06-20 02:59:10 <Titanium123> MagicalTux My solution would to provide an option at account creation to only accept transactions signed by a program on the user's computer, then make the TOS say you are 100% responsible if you signed the transaction
1621 2011-06-20 02:59:14 <vrs> (concerning http://forum.bitcoin.org/index.php?topic=19646.0)
1622 2011-06-20 02:59:41 <NxTitle> "signed by a program on the user's computer"
1623 2011-06-20 02:59:46 <Titanium123> yes
1624 2011-06-20 02:59:47 <lianj> lol
1625 2011-06-20 02:59:48 <NxTitle> not a good idea, it's a roadblock for people wanting to join in
1626 2011-06-20 02:59:51 kratosk has quit (Ping timeout: 260 seconds)
1627 2011-06-20 03:00:01 <Titanium123> its an option for extra secutity, not required at all
1628 2011-06-20 03:00:02 <kunnis> he said it would be optional...
1629 2011-06-20 03:00:12 <NxTitle> oh, missed that
1630 2011-06-20 03:00:13 gsathya has joined
1631 2011-06-20 03:00:14 <Titanium123> but cannot ever be removed from one account
1632 2011-06-20 03:00:17 <kgo> Anther hack to prevent DoS... The iterations double for each attempt from the same IP with only one attempt at a time per IP.
1633 2011-06-20 03:00:25 <erek> vrs: so you think only about 1000 usd was lost?
1634 2011-06-20 03:00:28 <jgarzik> IP whitelisting. IP whitelisting. IP whitelisting!!
1635 2011-06-20 03:00:30 * jgarzik says it for the cheap seats
1636 2011-06-20 03:00:31 commonlisp has joined
1637 2011-06-20 03:00:32 <NxTitle> well, there's other ways too, such as 2 factor authentication
1638 2011-06-20 03:00:33 <vrs> NxTitle: more like, hey there's a handy tool named "bitcoin client" that signs transactions, would you use that?
1639 2011-06-20 03:00:35 <Titanium123> much more than $1000 was lost
1640 2011-06-20 03:00:44 <erek> Titanium123: http://forum.bitcoin.org/index.php?topic=19646.0
1641 2011-06-20 03:00:45 <NxTitle> Titanium123: $1000 valued at $5/BTC
1642 2011-06-20 03:00:50 <NxTitle> or less
1643 2011-06-20 03:00:51 <jgarzik> nobody should be accessing my mtgox account from anywhere other than specified IPs
1644 2011-06-20 03:00:56 <Titanium123> i got 600 coins :)
1645 2011-06-20 03:01:01 <samlander> MagicalTux: it will be interesting my first login.. i hope i dont get banned right away
1646 2011-06-20 03:01:07 <jgarzik> other money sites (liberty reserve, pecunix, etc.) offer IP whitelisting
1647 2011-06-20 03:01:09 <jgarzik> just basic security
1648 2011-06-20 03:01:10 <samlander> MagicalTux: but I do access your site from 4 seperate ips
1649 2011-06-20 03:01:11 <NxTitle> *banned for being samlander*
1650 2011-06-20 03:01:14 <kgo> jgarzik, sucks when I have to reboot my comcast modem.
1651 2011-06-20 03:01:23 <NxTitle> samlander: when that happens apparently you just login again
1652 2011-06-20 03:01:23 <jrmithdobbs> jgarzik: fuck that, rsa or ssl cert auth plz ;P
1653 2011-06-20 03:01:24 <vrs> erek: I don't know, I'd say $1000 + BTC<whatever the BTC limit is> + whatever the hackers got out after they noticed there was a transaction limit
1654 2011-06-20 03:01:31 Hal____ has quit (Ping timeout: 240 seconds)
1655 2011-06-20 03:01:53 <erek> vrs: but nothing like all the BTC from everyone is lost such as reported in that thread?
1656 2011-06-20 03:02:02 <jgarzik> jrmithdobbs: I don't want a stolen cert accessed from an IP other than my own.....
1657 2011-06-20 03:02:16 <vrs> how was that bitcoingraph called again?
1658 2011-06-20 03:02:18 <Titanium123> if I withdrew bitcoins, can I withdraw them again once accts are reverted?
1659 2011-06-20 03:02:23 <jrmithdobbs> jgarzik: ok you're right combination of the two
1660 2011-06-20 03:02:44 <jrmithdobbs> jgarzik: but cert/key auth by itself is a huge step up
1661 2011-06-20 03:02:44 <Titanium123> and the hackers were STUPID
1662 2011-06-20 03:02:54 <erek> vrs: http://forum.bitcoin.org/index.php?topic=19646.20
1663 2011-06-20 03:03:06 <jgarzik> frankly, we are fortunate that our hackers have been stupid and lazy so far
1664 2011-06-20 03:03:07 BTCTrader_ has joined
1665 2011-06-20 03:03:10 <vrs> ah, bitcoinmonitor
1666 2011-06-20 03:03:21 <markio> I dont think we're giving them enough credit
1667 2011-06-20 03:03:22 BTCTrader has quit (Read error: Connection reset by peer)
1668 2011-06-20 03:03:24 BTCTrader_ is now known as BTCTrader
1669 2011-06-20 03:03:35 <Titanium123> smart hackers would setup 100 new accounts and place buy orders at like 10 cents on each, then as the main sell went thru they coudl each withdraw 600 coins and bypass the limits and 'hide' the source
1670 2011-06-20 03:03:42 <jlgaddis> i don't think they were stupid at all
1671 2011-06-20 03:03:45 <vrs> erek: we would see those transactions on bitcoinmonitor
1672 2011-06-20 03:03:56 <Titanium123> most hackers are stupid
1673 2011-06-20 03:03:57 <jlgaddis> mark told earlier how they were trying to transfer to different accounts so they could do multiple withdrawals
1674 2011-06-20 03:03:57 <CIA-103> bitcoin:� Jeff Garzik� master� * r2207f5e� �/ (18 files in 9 dirs):�
1675 2011-06-20 03:03:57 <CIA-103> bitcoin:� Merge pull request #331 from TheBlueMatt/translatefix
1676 2011-06-20 03:03:57 <CIA-103> bitcoin:� Update translations and remove obsolete translations. - http://bit.ly/mBssyT
1677 2011-06-20 03:03:57 <midnightmagic> Whoah, security auditor was the data release vector?!
1678 2011-06-20 03:04:02 <Titanium123> like deer in the headlights
1679 2011-06-20 03:04:06 freeminer has quit (Ping timeout: 252 seconds)
1680 2011-06-20 03:04:09 plutonic has joined
1681 2011-06-20 03:04:11 <samlander> i think the whole point of that was to force the market to crash so they could buy up using 'legitimate'accounts
1682 2011-06-20 03:04:13 <midnightmagic> Titanium123: crackers, you mean.
1683 2011-06-20 03:04:16 <erek> midnightmagic: apparently
1684 2011-06-20 03:04:17 <vrs> erek: blockexplorer link?
1685 2011-06-20 03:04:19 <nuthin> I agree, I think they could get away with this easily if they spent a bit more time on it
1686 2011-06-20 03:04:19 <Titanium123> yes
1687 2011-06-20 03:04:22 <Titanium123> sorry
1688 2011-06-20 03:04:23 <samlander> if anything i dont think they considered the possability of a rollback
1689 2011-06-20 03:04:27 <erek> vrs: all i have is that thread
1690 2011-06-20 03:04:27 <Blitzboom> jgarzik: next time we wonât be so lucky
1691 2011-06-20 03:04:29 <erek> vrs: heh
1692 2011-06-20 03:04:30 <Blitzboom> you can bet on that
1693 2011-06-20 03:04:33 <jgarzik> Blitzboom: agreed
1694 2011-06-20 03:04:44 <midnightmagic> If it's from a company (like, say McAfee) then THAT company is now responsible.
1695 2011-06-20 03:04:51 <Optimo> bitcoincharts removed the ones that were stuck eh
1696 2011-06-20 03:04:52 <bulletbill> who is the other interview he has to do?
1697 2011-06-20 03:04:54 hallowworld has joined
1698 2011-06-20 03:04:57 <nuthin> samlander: ahh, yeah .. that makes sense
1699 2011-06-20 03:05:02 <Herodes> hm. if that holder of the 500K account is a genuine individual, guess his shock when he learned what happened.
1700 2011-06-20 03:05:09 <Titanium123> also they woudl start at near midnight so they can get a second withdraw done after the clock ticks over
1701 2011-06-20 03:05:13 <CIA-103> bitcoin:� Jeff Garzik� master� * r04e4420� �/ (5 files):�
1702 2011-06-20 03:05:13 <CIA-103> bitcoin:� Merge pull request #332 from shanew/master
1703 2011-06-20 03:05:13 <CIA-103> bitcoin:� Include missing Boost header - http://bit.ly/lLoAfI
1704 2011-06-20 03:05:17 <midnightmagic> Titanium123: doesn't work like that.
1705 2011-06-20 03:05:18 <lianj> samlander: {"date"=>1308505876, "price"=>0.01, "amount"=>261383.763, "tid"=>"221858"} nope
1706 2011-06-20 03:05:23 <Titanium123> aww
1707 2011-06-20 03:05:27 <Titanium123> its a 24 hr timer?
1708 2011-06-20 03:05:29 <midnightmagic> yeah
1709 2011-06-20 03:05:44 cgmc_ has left ()
1710 2011-06-20 03:05:45 <Titanium123> i was gona wait 6 hrs and withdraw the rest of mine :)
1711 2011-06-20 03:05:47 <vrs> erek: currenty trades we see, but no big "real" bitcoin transactions
1712 2011-06-20 03:05:50 <Herodes> the interesting thing is to know how much and if any of that btc traded at 0.01 was immediately transferred OUT of mtgox?
1713 2011-06-20 03:05:51 <Titanium123> i woudl ahve been dissapointed
1714 2011-06-20 03:05:54 <midnightmagic> Are you able to log in, Titanium123 ?
1715 2011-06-20 03:05:57 <samlander> herodes: i dont think there was a legitimate owner of the 500k
1716 2011-06-20 03:06:02 <Titanium123> is it up?
1717 2011-06-20 03:06:14 <Herodes> samlander: what do you think?
1718 2011-06-20 03:06:15 airfox has quit (Remote host closed the connection)
1719 2011-06-20 03:06:22 <Titanium123> herodes at least 600 btc from personal experience :)
1720 2011-06-20 03:06:23 <samlander> Herodes: my theory is that the database got leaked to whoever was responsible a few days ago, they cracked the passwords and forward a shit ton of coins into the one account
1721 2011-06-20 03:06:23 <lianj> Herodes: most of the btc under 1.0$ got to the above trade
1722 2011-06-20 03:06:31 <midnightmagic> Titanium123: You stated a specific number of hours you were going to wait, but as far as I can tell there is no set comeback time for MtGox
1723 2011-06-20 03:06:44 <Titanium123> the thing happened at liek 18:00
1724 2011-06-20 03:06:54 mmoya has joined
1725 2011-06-20 03:06:55 <samlander> midnightmagic: the site says 8:00 am gmt
1726 2011-06-20 03:06:57 <Titanium123> i was going to withdraw the rest of my coins at 24:01
1727 2011-06-20 03:07:20 <Titanium123> hmmm
1728 2011-06-20 03:07:25 <midnightmagic> "Service will not be back before June 20th 11:00am (JST, 02:00am GMT). This may be delayed depending on what is found during the investigation."
1729 2011-06-20 03:07:39 <samlander> â¢Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.
1730 2011-06-20 03:07:44 <Titanium123> so how do I sell the coins I made?
1731 2011-06-20 03:07:51 <Titanium123> do I do it by mail?
1732 2011-06-20 03:07:54 <samlander> as sof : [Update - 2:06 GMT]
1733 2011-06-20 03:08:03 <midnightmagic> bah, stupid cached copy.
1734 2011-06-20 03:08:17 <samlander> Titanium123: you can sell them in otc
1735 2011-06-20 03:08:18 <midnightmagic> oh, no, I see. it's in the update I was reading.
1736 2011-06-20 03:08:20 <ZOP> Titanium123: botcoin-otc ... direct paypal, or one of the other exchanges perhaps.
1737 2011-06-20 03:08:21 <samlander> Titanium123: pit
1738 2011-06-20 03:08:28 <Herodes> Titanium123: if you made bitcoins from this, you are no better than a thief really.
1739 2011-06-20 03:08:32 <Titanium123> i cant get in otc :(
1740 2011-06-20 03:08:35 <Herodes> You should contact mtGox and return those coins.
1741 2011-06-20 03:08:39 <samlander> Herodes: i dont agree with you there
1742 2011-06-20 03:08:43 <dehuman> Herodes: i dont see why
1743 2011-06-20 03:08:47 <samlander> Herodes: after tux puts in the new security method
1744 2011-06-20 03:08:48 <dehuman> he had the foresight to buy them
1745 2011-06-20 03:08:50 <dehuman> and then move them
1746 2011-06-20 03:08:55 <Herodes> It's the only right thing to do.
1747 2011-06-20 03:08:55 <samlander> Herodes: it's up the users to secure their acct
1748 2011-06-20 03:08:58 <luke-jr> Herodes: nonsense
1749 2011-06-20 03:09:02 <Titanium123> its just a game guys
1750 2011-06-20 03:09:08 <midnightmagic> hey, douchebag who's sending me tradehill spam. fuck you.
1751 2011-06-20 03:09:08 <samlander> Titanium123: to you
1752 2011-06-20 03:09:09 <Titanium123> i did the same all the time in EvE
1753 2011-06-20 03:09:11 <dehuman> Herodes: Titanium123 didn't do anything
1754 2011-06-20 03:09:16 <dehuman> except what you are supposed to do
1755 2011-06-20 03:09:20 <dehuman> buy low
1756 2011-06-20 03:09:22 <dehuman> sell high
1757 2011-06-20 03:09:22 <luke-jr> midnightmagic: I motion that their referral code sohuld be voided
1758 2011-06-20 03:09:22 <OneFixt> midnightmagic: just report them all for spam
1759 2011-06-20 03:09:30 <Titanium123> i put up orders at all kinds of values to catch someone selling a lot
1760 2011-06-20 03:09:37 <Titanium123> referral is already gone
1761 2011-06-20 03:09:40 <Herodes> well he did, absolutely. Perhaps he tought the trade was legit immediately, but know he know that those coins are not supposed to be his.
1762 2011-06-20 03:09:43 commonlisp has quit (Quit: This computer has gone to sleep)
1763 2011-06-20 03:09:47 <luke-jr> Titanium123: you're TradeHill?
1764 2011-06-20 03:09:50 <Titanium123> no
1765 2011-06-20 03:09:54 <dehuman> Herodes: why arent they supposed to be his?
1766 2011-06-20 03:09:56 <samlander> Herodes: the whole point is this:
1767 2011-06-20 03:10:06 <luke-jr> Herodes: I bought coins fair and square.
1768 2011-06-20 03:10:13 <dehuman> Herodes: whats different from a legit selloff or a compromised selloff?
1769 2011-06-20 03:10:16 <dehuman> the market doesnt care
1770 2011-06-20 03:10:20 <samlander> Herodes: if i leave my bank card with my pin number scratched on it on a bench somewhere, should i expect the bank to pay me back when my account is inevitably ripped off?
1771 2011-06-20 03:10:29 <dehuman> personally the right thing to do
1772 2011-06-20 03:10:35 <dehuman> is MagicalTux eat all the losses
1773 2011-06-20 03:10:35 plutonic has quit (Quit: plutonic)
1774 2011-06-20 03:10:36 <luke-jr> samlander: yes
1775 2011-06-20 03:10:40 <midnightmagic> luke-jr: seconded. all in favour? motion carried.
1776 2011-06-20 03:10:42 <samlander> Herodes: should i expect them to undo a fuckton of transactions to save me from my own stupidity? NO
1777 2011-06-20 03:10:46 gsathya has quit (Quit: gsathya)
1778 2011-06-20 03:10:54 <Herodes> because a hacker sold coins that were not his. So that selloff is done with malicious intent and was never approved by the account owner afaik.
1779 2011-06-20 03:10:58 <samlander> Herodes: i think it is mighty fine that tux is doing it THIS ONCE. but he should NEVER have to do it again
1780 2011-06-20 03:11:02 <luke-jr> samlander: also, nobody left their password out there
1781 2011-06-20 03:11:10 Nachtwind has joined
1782 2011-06-20 03:11:12 Titanium123_ has joined
1783 2011-06-20 03:11:17 <luke-jr> Herodes: that's not my problem
1784 2011-06-20 03:11:18 <Optimo> hashrate up tonight..
1785 2011-06-20 03:11:19 <samlander> Herodes: if people want to be fucking retards and use password123 or their OWN GOD DAMN USERNAME as their password they deserve whatever they get.
1786 2011-06-20 03:11:22 <Titanium123_> this is better than EvE online :)
1787 2011-06-20 03:11:24 <jrmithdobbs> Herodes: but the resulting trades are still all binding contracts
1788 2011-06-20 03:11:27 <dehuman> i mean if mtgox feels like someone was wronged by their breach of security, the onus is completely on mtgox to make up the difference
1789 2011-06-20 03:11:32 <dehuman> its not on Titanium123_ to fix it
1790 2011-06-20 03:11:34 <luke-jr> samlander: MtGox's password database was leaked
1791 2011-06-20 03:11:35 <dehuman> he didnt do anything wrong
1792 2011-06-20 03:11:37 <dehuman> mtgox did
1793 2011-06-20 03:11:42 <jrmithdobbs> Herodes: just because the market moved due to fraud does not invalidate the sale contracts that occurred after
1794 2011-06-20 03:11:44 <samlander> luke: no shit
1795 2011-06-20 03:11:47 <hmmmm> i don't get it
1796 2011-06-20 03:11:52 <jrmithdobbs> he better have consulted his lawyers about this revert
1797 2011-06-20 03:11:53 <hmmmm> what's this talk about "10000 iterations"?
1798 2011-06-20 03:11:57 <samlander> luke: and if people used proper protocol for their passwords they never would have been cracked
1799 2011-06-20 03:11:57 <jrmithdobbs> or he's in for a world of pain
1800 2011-06-20 03:12:00 <Herodes> samlander: apparently what happened was that the password hash was oringally retrieved off mtGox, and then cracked with brute force or rainbow table. So mtGox did not have good enough security.
1801 2011-06-20 03:12:01 <midnightmagic> dehuman: actually it's on the security auditor's company. If that's McAfee or something similar, then full reparations should come from them. Usually they're bonded.
1802 2011-06-20 03:12:04 <Titanium123_> the point of bitcoin was to get away from super regulated and big brothered markets
1803 2011-06-20 03:12:09 <jrmithdobbs> (specifically, pain in is rectum over the next 25-life)
1804 2011-06-20 03:12:12 <hmmmm> also, how could any of this have real-world consequences?
1805 2011-06-20 03:12:16 <Herodes> it still is no excuse to behave unethical by anyone else.
1806 2011-06-20 03:12:19 <jgarzik> https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
1807 2011-06-20 03:12:20 <samlander> Herodes: hm
1808 2011-06-20 03:12:20 <dehuman> i mean technically the transaction history should stand, and those wronged should take their claim up with mtgox
1809 2011-06-20 03:12:21 <hmmmm> none of it is protected by law
1810 2011-06-20 03:12:30 <hmmmm> none of it is recognized as currency by governments
1811 2011-06-20 03:12:32 <samlander> Herodes: you're saying that all the passwords were salted with the same salt and the salt was cracked?
1812 2011-06-20 03:12:39 <Titanium123_> it does nto matter
1813 2011-06-20 03:12:42 <luke-jr> Titanium123_: maybe that's *your* reason for using Bitcoinâ¦
1814 2011-06-20 03:12:45 <Herodes> samlander: no
1815 2011-06-20 03:13:06 <vrs> samlander: "hey i would've profited from that crash don't you dare take away my profits"
1816 2011-06-20 03:13:10 <jrmithdobbs> luke-jr: seriously, he better have talked to lawyers
1817 2011-06-20 03:13:10 <Titanium123_> I like the idea of being able to transfer money without letting all kinds of companies and governments (including foreign) know
1818 2011-06-20 03:13:13 gentz has joined
1819 2011-06-20 03:13:15 Juggie has joined
1820 2011-06-20 03:13:18 <jrmithdobbs> luke-jr: i don't think he understands the consequences of his actions
1821 2011-06-20 03:13:25 <jrmithdobbs> luke-jr: and he shrugs it off every time it's brought up
1822 2011-06-20 03:13:26 <samlander> vrs: im arguing for no more rollbacks after this one
1823 2011-06-20 03:13:29 <Herodes> What I am saying is that whoever bought bitcoins at a low price, and holding onto them after this incident are nothing better than tiefes.
1824 2011-06-20 03:13:44 <dehuman> jrmithdobbs: eh its pretty risky position to be in
1825 2011-06-20 03:13:46 <Titanium123_> THey will all go into mining :)
1826 2011-06-20 03:13:49 <dehuman> i'm not envious
1827 2011-06-20 03:13:50 <vrs> samlander: i'm arguing for no more hacks after this one
1828 2011-06-20 03:13:50 filmhtedue has joined
1829 2011-06-20 03:13:52 airfox has joined
1830 2011-06-20 03:13:53 <jrmithdobbs> dehuman: hence: lawyers
1831 2011-06-20 03:13:54 <luke-jr> Herodes: and that's why you're an idiot âº
1832 2011-06-20 03:13:56 <samlander> Herodes: wrong
1833 2011-06-20 03:14:01 <samlander> Herodes: if i see a low price im going to buy
1834 2011-06-20 03:14:03 <dehuman> jrmithdobbs: for certain
1835 2011-06-20 03:14:07 <samlander> Herodes: how that price got there is not of my concern
1836 2011-06-20 03:14:17 <samlander> Herodes: unless i actively participated.. in which case you're right
1837 2011-06-20 03:14:18 <jrmithdobbs> dehuman: but i'm pretty sure that he has no authority to negate contracts of sale
1838 2011-06-20 03:14:22 Titanium123 has quit (Ping timeout: 252 seconds)
1839 2011-06-20 03:14:22 <Herodes> luke-jr: In fact I just graduated as a computer engineer with top grades in programming. Not an idiot at all. But I have a strong sense of ethics and I care about other people.
1840 2011-06-20 03:14:29 <dehuman> jrmithdobbs: not even courts have that authority generally
1841 2011-06-20 03:14:30 <samlander> Herodes: but since i would never participate in a fraud, not my problem.
1842 2011-06-20 03:14:31 <Titanium123_> i bet the guy that sold them made a typo and claimed it was hacked
1843 2011-06-20 03:14:33 <Optimo> edward yang has good timing
1844 2011-06-20 03:14:35 <jrmithdobbs> dehuman: unless japanese law works completely different than all of us/eu/etc
1845 2011-06-20 03:14:37 <dehuman> jrmithdobbs: not if the contract is valid
1846 2011-06-20 03:14:37 enquire has joined
1847 2011-06-20 03:14:42 <luke-jr> Herodes: I've had my buy order in at 0.40 USD for months.
1848 2011-06-20 03:14:47 <luke-jr> Herodes: and someone was willing to sell.
1849 2011-06-20 03:14:50 <jrmithdobbs> dehuman: right and all those contracts except the initial fraudulant sale were valid
1850 2011-06-20 03:14:52 <dehuman> a valid contract is literally the law, even government cant change them, at least in US
1851 2011-06-20 03:14:55 <luke-jr> Herodes: those bitcoins are now my property
1852 2011-06-20 03:15:02 <fiverawr> Herodes: Top grades? Did you get a C++?
1853 2011-06-20 03:15:05 <Titanium123_> i had like $50 tied up in low price orders
1854 2011-06-20 03:15:09 <jrmithdobbs> dehuman: imho the safe thing to do is revert the fraudulant sales and leave the rest
1855 2011-06-20 03:15:10 <samlander> luke-jr: damn right
1856 2011-06-20 03:15:11 <Herodes> luke-jr: I don't doubt you had it in there for months hoping to get lucky.
1857 2011-06-20 03:15:12 <jrmithdobbs> tbqh
1858 2011-06-20 03:15:14 <samlander> luke-jr: HOWEVER
1859 2011-06-20 03:15:17 bobd0bb has quit (Quit: life's a bitch and then ya' die..)
1860 2011-06-20 03:15:18 N8{afk} has quit (Ping timeout: 244 seconds)
1861 2011-06-20 03:15:18 <Titanium123_> i barely graduated myself :)
1862 2011-06-20 03:15:20 <dehuman> jrmithdobbs: i agree
1863 2011-06-20 03:15:22 <Herodes> fiverawr: Straight A in C++ QT GUI programming for ince.
1864 2011-06-20 03:15:25 <Herodes> for once yes.
1865 2011-06-20 03:15:25 <dehuman> jrmithdobbs: and eat the claims as they come
1866 2011-06-20 03:15:27 <luke-jr> Herodes: actually, it was a very common price at the time I added it
1867 2011-06-20 03:15:27 <samlander> luke-jr: given everything that went on, i agree a rollback is appropriate JUST THIS ONCE
1868 2011-06-20 03:15:28 <jrmithdobbs> dehuman: and I wasn't anywhere near a computer when this was going on, so I'm not going to gain anything
1869 2011-06-20 03:15:32 <dehuman> if someone wants to sue for the orders they placed jrmithdobbs
1870 2011-06-20 03:15:33 <dehuman> let them
1871 2011-06-20 03:15:34 <fiverawr> Herodes: QT GUI? That's like VB programming.
1872 2011-06-20 03:15:37 <Herodes> but that's of no concern for what we're discussing at the moment.
1873 2011-06-20 03:15:37 <Titanium123_> my c class was awesome tho, i wasent comp-sci
1874 2011-06-20 03:15:44 <dehuman> they entered into the contract on their own accord jrmithdobbs
1875 2011-06-20 03:15:45 <samlander> luke-jr: but after the new password policy is in effect... game on
1876 2011-06-20 03:15:46 <gmaxwell> reverting exchanges is not at all unheard of.
1877 2011-06-20 03:15:50 <samlander> luke-jr: if it happens again.. fucke me
1878 2011-06-20 03:15:52 <jrmithdobbs> dehuman: yup
1879 2011-06-20 03:15:52 <samlander> fuck em
1880 2011-06-20 03:15:58 <Herodes> fiverawr: in other subjects too if it would be of any concern to you, but that's unrelated to this.
1881 2011-06-20 03:16:01 <dehuman> it'd be trivial to prove in court that they had no knowledge of fraud
1882 2011-06-20 03:16:05 <luke-jr> Herodes: also, jumping through the hoops of college makes you more likely an idiot, not less likely
1883 2011-06-20 03:16:07 <dehuman> and as such it didn't contribute to their order
1884 2011-06-20 03:16:12 <jrmithdobbs> gmaxwell: by exchanges that have specific licensing/authority to allow them to do so
1885 2011-06-20 03:16:13 <dehuman> and further mtgox isn't liable
1886 2011-06-20 03:16:16 <dehuman> QED
1887 2011-06-20 03:16:17 <jrmithdobbs> gmaxwell: p sure he does not.
1888 2011-06-20 03:16:18 <fiverawr> Herodes: I just be trollin'
1889 2011-06-20 03:16:20 <Titanium123_> in my C class I had to 'compile' into assembly a page long program, by hand
1890 2011-06-20 03:16:22 <samlander> luke-jr: that depends on whether or not it is tempered with experience
1891 2011-06-20 03:16:24 <luke-jr> fiverawr: all GUIs should be Qt
1892 2011-06-20 03:16:26 <dehuman> jrmithdobbs: that about jive?
1893 2011-06-20 03:16:30 <Titanium123_> it was 4 pages of code
1894 2011-06-20 03:16:31 <samlander> luke-jr: im a huge supporter of university in your 30's
1895 2011-06-20 03:16:34 <NxTitle> dehuman: they're suing their auditors
1896 2011-06-20 03:16:34 <Herodes> luke-jr: What's up with you. You run a pool. Behave like a man. Not like a cry baby.
1897 2011-06-20 03:16:35 <jrmithdobbs> dehuman: ?
1898 2011-06-20 03:16:36 <Titanium123_> *assembly
1899 2011-06-20 03:16:38 <fiverawr> luke-jr: I don't think GUIs should exist :P
1900 2011-06-20 03:16:40 <dehuman> thats what i would say if i was a lawyer, i just play one on the internet
1901 2011-06-20 03:16:55 <NxTitle> fiverawr: only the elite should use computars
1902 2011-06-20 03:17:06 <nuthin> so anyone know of any good papers on bcrypt?
1903 2011-06-20 03:17:07 <Titanium123_> I play Bitcoin like I play EvE
1904 2011-06-20 03:17:10 <samlander> luke: what software do you use as the backend on your pool?
1905 2011-06-20 03:17:13 <Herodes> Seems like I hit the nail perfectly on its head with all these angry people around.
1906 2011-06-20 03:17:14 <hmmmm> how is anybody liable for this...?
1907 2011-06-20 03:17:16 <NxTitle> too bad the internet is for porn
1908 2011-06-20 03:17:18 <nuthin> the ones that says bcrypt is not that great ...
1909 2011-06-20 03:17:22 <BaltarNZ> the roll back of these transactions is the only option.
1910 2011-06-20 03:17:24 <luke-jr> Herodes: I made $1000 on the market today fairly. Yet the revert would punish me for somethign I had nothing to do with.
1911 2011-06-20 03:17:24 <Titanium123_> I made 10s of B of isk in EvE with no cheats
1912 2011-06-20 03:17:25 <dehuman> jrmithdobbs: i'd say 'look i'm not reverting any but the hacked account. the rest of you had no idea it was a hack, you acted on the market, for all practical purposes it could have been organic movement and it wouldnt have mattered. you placed the orders'
1913 2011-06-20 03:17:35 <luke-jr> samlander: custom
1914 2011-06-20 03:17:35 <BaltarNZ> the other option is to close the door and everyone loses.
1915 2011-06-20 03:17:42 <samlander> Titanium123_: eve?
1916 2011-06-20 03:17:43 <Titanium123_> I made 1200 bitcoins, but only got to withdraw 600
1917 2011-06-20 03:17:44 <dehuman> nah why roll back transactions?
1918 2011-06-20 03:17:45 <Herodes> luke-jr: I never accused you of anything, and I do not know the details of your trades.
1919 2011-06-20 03:17:46 <dehuman> those are legit
1920 2011-06-20 03:17:46 rrix has joined
1921 2011-06-20 03:17:46 <Titanium123_> EvE
1922 2011-06-20 03:17:48 <jrmithdobbs> dehuman: except the whole "it was just one hacked account thing" was a lie, but ya basically
1923 2011-06-20 03:17:52 <FarmerGreene> How do you feel this will affect the Bitcoin currency, Long term?
1924 2011-06-20 03:17:54 <samlander> what is eve
1925 2011-06-20 03:17:56 <dehuman> when people made those transactions they wanted to buy or wanted to sell
1926 2011-06-20 03:17:59 Zarutian has quit (Quit: Zarutian)
1927 2011-06-20 03:18:02 <Titanium123_> EvE is like the flyign spaceship game with no rules
1928 2011-06-20 03:18:05 <FarmerGreene> It comes on the heels of the $500k wallet theft and the bitcoin trojan..
1929 2011-06-20 03:18:05 <jrmithdobbs> dehuman: but they better keep towing that line now or they're going to create further legal troubles
1930 2011-06-20 03:18:14 <Titanium123_> and 30,000 people usually in one workd at once
1931 2011-06-20 03:18:21 <Titanium123_> of 400k subscribers
1932 2011-06-20 03:18:25 <NxTitle> dehuman: he'd have to reverse all transactions or none. reversing only part of them means mtgox would have to pay out of their own pockets
1933 2011-06-20 03:18:26 <Titanium123_> fun times
1934 2011-06-20 03:18:34 <dehuman> NxTitle: thats the right thing to do
1935 2011-06-20 03:18:35 <samlander> how do you make btc in eve?
1936 2011-06-20 03:18:36 <jgarzik> <shrug>
1937 2011-06-20 03:18:38 <Herodes> even some trades on NYSE have been reversed.
1938 2011-06-20 03:18:40 <dehuman> pay out of your own pocket for your own fuck up
1939 2011-06-20 03:18:41 <jrmithdobbs> NxTitle: that's the risk he takes running an exchange
1940 2011-06-20 03:18:41 <Herodes> This is nothing new.
1941 2011-06-20 03:18:43 <jgarzik> people are relearning old security lessons
1942 2011-06-20 03:18:44 <jgarzik> sad
1943 2011-06-20 03:18:45 <dehuman> seems fitting doesn't it NxTitle ?
1944 2011-06-20 03:18:46 <lfm> samlander: its a game with electronic currency you can freely trade for real money
1945 2011-06-20 03:18:49 <dehuman> you fuck up you pay for it?
1946 2011-06-20 03:18:57 <NxTitle> dehuman: you obviously don't realize just how much money that is, then
1947 2011-06-20 03:18:58 <Titanium123_> yep
1948 2011-06-20 03:19:03 <BaltarNZ> dehuman you can only get what he has
1949 2011-06-20 03:19:08 <jrmithdobbs> NxTitle: he should have insurance
1950 2011-06-20 03:19:09 bulletbill has quit (Quit: Leaving.)
1951 2011-06-20 03:19:09 Cyde has joined
1952 2011-06-20 03:19:13 <samlander> oh, so no different then trading lindens
1953 2011-06-20 03:19:14 <samlander> got it
1954 2011-06-20 03:19:14 <jrmithdobbs> NxTitle: if he doesn't that's his own fault.
1955 2011-06-20 03:19:17 <luke-jr> jgarzik: my security wasn't compromised, but if the last 24 hours are reverted, I lose $1k
1956 2011-06-20 03:19:18 <BaltarNZ> and likely it would close the doors and a trustee would come in.
1957 2011-06-20 03:19:27 <andyfletcher> MagicalTux, Sorry to disturb you now, but I've been receiving all sorts of crap including a mail claiming to be from mtgox containing a .exe as a supposed site certificate. It may be worth adding a warning to the website about opening these files
1958 2011-06-20 03:19:27 <dehuman> NxTitle: but thats the right thing
1959 2011-06-20 03:19:28 <Herodes> dehuman: if you had your account compromized without it being your fault, i think you might have been feeling differently about it.
1960 2011-06-20 03:19:31 sgornick has quit (Quit: Leaving.)
1961 2011-06-20 03:19:33 <Blitzboom> luke-jr: have you managed to withdraw coins?
1962 2011-06-20 03:19:38 <Blitzboom> before mtgox went down
1963 2011-06-20 03:19:39 <dehuman> Herodes: dude i'
1964 2011-06-20 03:19:40 <luke-jr> Blitzboom: no
1965 2011-06-20 03:19:40 <samlander> oh for fucks sake
1966 2011-06-20 03:19:41 <dehuman> d sue
1967 2011-06-20 03:19:43 <Blitzboom> i have read that some people did
1968 2011-06-20 03:19:45 <luke-jr> Blitzboom: I didn't think it was necessary.
1969 2011-06-20 03:19:48 <Blitzboom> how can you revert that?
1970 2011-06-20 03:19:48 <samlander> andyfletcher: scammers are having a fucking hayday
1971 2011-06-20 03:19:50 <dehuman> Herodes: i'd fucking hold mtgox accountable, not other traders
1972 2011-06-20 03:19:50 <MagicalTux> andyfletcher: we will never send any rar or anything
1973 2011-06-20 03:19:52 <MagicalTux> never open those
1974 2011-06-20 03:19:56 <NxTitle> oh well, I wasn't in mtgox, sucks to be you
1975 2011-06-20 03:19:59 <samlander> andyfletcher: how much you want to be that .exe steals wallets
1976 2011-06-20 03:20:00 <Titanium123_> i withdrew the max lol,
1977 2011-06-20 03:20:01 <Herodes> andyfletcher: who's stupid enough to run an .exe they recieve through e-mail. Oh, I guess it would be a few..
1978 2011-06-20 03:20:02 <Blitzboom> MagicalTux: did people withdraw coins they bought during the selloff?
1979 2011-06-20 03:20:04 <dehuman> Herodes: you want to hold everyone accountable that just did what they were supposed to do - trade
1980 2011-06-20 03:20:08 <jrmithdobbs> so who's up for starting the canspam class action?
1981 2011-06-20 03:20:11 <dehuman> i dont see how thats far at all
1982 2011-06-20 03:20:16 <Titanium123_> yes I bought 1200 and withdrew 600
1983 2011-06-20 03:20:16 <jrmithdobbs> seeing as he disclosed contact info without optin
1984 2011-06-20 03:20:19 <MagicalTux> Blitzboom: they tried to, but didn't manage to withdraw before I stopped apache
1985 2011-06-20 03:20:23 <andyfletcher> Herodes, exactly.
1986 2011-06-20 03:20:24 <jrmithdobbs> to a trusted 3rd party
1987 2011-06-20 03:20:26 <jrmithdobbs> who then leaked it
1988 2011-06-20 03:20:27 <samlander> Titanium123_: sounds like you're coming out ahead
1989 2011-06-20 03:20:28 <hmmmm> you can't sue people for this you derp
1990 2011-06-20 03:20:31 <Blitzboom> so Titanium123_ is lying?
1991 2011-06-20 03:20:32 <Herodes> dehuman: Yes, mtGox should be held accountable.
1992 2011-06-20 03:20:33 <Titanium123_> a bit
1993 2011-06-20 03:20:35 <Titanium123_> no
1994 2011-06-20 03:20:46 <Blitzboom> well, either Titanium123_ or MagicalTux is
1995 2011-06-20 03:20:47 <quiznor> so.. "auditor" story is quite a whopper
1996 2011-06-20 03:20:48 <luke-jr> jrmithdobbs: what law does that violate?
1997 2011-06-20 03:20:49 <Titanium123_> they ar ein my wallet right now
1998 2011-06-20 03:20:53 <jrmithdobbs> luke-jr: CANSPAM
1999 2011-06-20 03:20:53 <quiznor> seriously guys
2000 2011-06-20 03:20:54 <Titanium123_> want proof
2001 2011-06-20 03:20:55 <dehuman> hmmmm: on the $$$ side you can
2002 2011-06-20 03:20:55 <Blitzboom> and i trust MagicalTux more atm :P
2003 2011-06-20 03:20:56 * andyfletcher didn't open the file but bets loads of people will
2004 2011-06-20 03:20:56 <Titanium123_> ???
2005 2011-06-20 03:20:57 <NxTitle> "In order to keep yourself secure, we recommend downloading this shiny exe file that is most definitely not a trojan. Love, Mt.Gox"
2006 2011-06-20 03:21:01 <quiznor> no one believes this auditor stuff
2007 2011-06-20 03:21:03 <dehuman> hmmm: only half of mtgox is funny money
2008 2011-06-20 03:21:04 <hmmmm> dehuman, i really find that hard to believe
2009 2011-06-20 03:21:06 <Titanium123_> someone pick a 6 digit number
2010 2011-06-20 03:21:06 <samlander> Titanium123_: as i said, sounds like you came out ahead
2011 2011-06-20 03:21:07 <jrmithdobbs> luke-jr: requires double opt-in to release contact info to *any* 3rd party
2012 2011-06-20 03:21:11 <dehuman> hmmm: the other half is USD thats actionable
2013 2011-06-20 03:21:13 <dehuman> fraud is fraud y0
2014 2011-06-20 03:21:21 <NxTitle> wait, we got spam with an exe in it? o.O
2015 2011-06-20 03:21:21 <hmmmm> then bitcoin itself is fraud
2016 2011-06-20 03:21:25 <jrmithdobbs> luke-jr: that results in marketing/etc use
2017 2011-06-20 03:21:31 <hmmmm> you get nothing for real USD
2018 2011-06-20 03:21:32 <jrmithdobbs> luke-jr: which it has due to their release to a third party
2019 2011-06-20 03:21:33 <luke-jr> jrmithdobbs: and you're sure MtGox doesn't have that in their privacy policy?
2020 2011-06-20 03:21:35 <samlander> hmmmm: go away
2021 2011-06-20 03:21:40 <lfm> Herodes: it mtgox fault people use stupid passwords?
2022 2011-06-20 03:21:46 <MagicalTux> NxTitle: some yep, the exe will steal your wallet.dat and other data (saved passwords, etc) and mail them
2023 2011-06-20 03:21:47 <jrmithdobbs> luke-jr: can't check right now obviously, but pretty sure, yes
2024 2011-06-20 03:21:49 <hmmmm> as long as it's not recognized by the government as currency, it's 'nothing'
2025 2011-06-20 03:21:51 <Titanium123_> someone pick a 6 digit number
2026 2011-06-20 03:21:52 <hmmmm> you can't sue over it
2027 2011-06-20 03:21:56 <hmmmm> nobody is liable
2028 2011-06-20 03:21:58 <samlander> hmmmm: if you want to rant about something pick up a sign and go to the street corner derpa derpa
2029 2011-06-20 03:22:02 <dehuman> lfm: yes
2030 2011-06-20 03:22:06 <hmmmm> ...
2031 2011-06-20 03:22:07 <jrmithdobbs> luke-jr: anyways, being in the privacy policy isn't enough, hence the "double" part of "double opt-in"
2032 2011-06-20 03:22:07 KuDeTa has quit (Quit: KuDeTa)
2033 2011-06-20 03:22:10 <Titanium123_> il prove I got money :)
2034 2011-06-20 03:22:18 <jrmithdobbs> luke-jr: at least one of the opt-ins must be *explicit*
2035 2011-06-20 03:22:21 <hmmmm> samlander, o.k., go waste your time and effort trying to sue mtgox then
2036 2011-06-20 03:22:22 <lfm> dehuman: I hope you're being sarcastic
2037 2011-06-20 03:22:39 <dehuman> lfm: its only your fault for usign a stupid password if someone just happens along your account and logs in without triggering max fail login attempts
2038 2011-06-20 03:22:40 <NxTitle> damn, my friend loves reverse engineering malware
2039 2011-06-20 03:22:50 <jrmithdobbs> luke-jr: he's publically stated they were released through a 3rd party he provided them to
2040 2011-06-20 03:22:52 <hmmmm> i seriously get the idea that these people are trolling
2041 2011-06-20 03:22:55 <luke-jr> jrmithdobbs: is nitpicking a Bitcoin exchange really something you want to encourage?
2042 2011-06-20 03:22:55 <jrmithdobbs> luke-jr: it's an open and shut case
2043 2011-06-20 03:22:56 <dehuman> its most certainly not your fault for using a stupid password if they got it from the site's database with hashes
2044 2011-06-20 03:22:58 <Titanium123_> most maleware is boring cookie utter stuff
2045 2011-06-20 03:23:08 <jrmithdobbs> luke-jr: for this type of security breach? yes.
2046 2011-06-20 03:23:15 <dehuman> lfm: big difference
2047 2011-06-20 03:23:15 <Herodes> lfm: no
2048 2011-06-20 03:23:19 <Titanium123_> dehuman, that is exactly the case wher eit is the user's fault and the user's fault alone
2049 2011-06-20 03:23:23 <Blitzboom> MagicalTux: if people managed to withdraw any coins they bought, the revert will bring major issues. i hope youâre right
2050 2011-06-20 03:23:31 <NxTitle> MagicalTux: so what was this whole auditing fiasco? was it a group you hired, or was it forced by a government or other entity?
2051 2011-06-20 03:23:34 <luke-jr> Blitzboom: even if they didn't.
2052 2011-06-20 03:23:45 <luke-jr> jrmithdobbs: also, MtGox is Japan, not US
2053 2011-06-20 03:23:46 <dehuman> if i guess some moron's gmail password cause its 'god' thats a big difference from me getting supposed to be secure password hashes from site in question and cracking them
2054 2011-06-20 03:23:49 <dehuman> get it right
2055 2011-06-20 03:23:58 <hmmmm> anyway, just something i'd like to point out, iterated hashing 30000000000000000000000 times won't help matters much
2056 2011-06-20 03:23:59 <jrmithdobbs> luke-jr: doesn't matter, the contact info was provided to parties in the us
2057 2011-06-20 03:23:59 <dehuman> the hash is insecure primarily, the password secondarily in that case
2058 2011-06-20 03:24:04 <jrmithdobbs> luke-jr: making him liable
2059 2011-06-20 03:24:05 <luke-jr> jrmithdobbs: irrelevant
2060 2011-06-20 03:24:10 <hmmmm> if it's a word in the dictionary, it's going to be cracked rather quickly
2061 2011-06-20 03:24:13 <hmmmm> there's no way around that
2062 2011-06-20 03:24:14 <Herodes> NxTitle: wonder who needed access to a live system with a lot of sensitive information, unless they were hired to work with stuff like that.
2063 2011-06-20 03:24:16 <jrmithdobbs> luke-jr: it is relevant. japanese gov just wont cooperate
2064 2011-06-20 03:24:22 <lfm> dehuman: sorry, I dont see it. you're saying it ok to ignore all the advice in the world about not using simple passwords and if you do you can sue someone else about it.
2065 2011-06-20 03:24:24 <jrmithdobbs> because they're bitches about this type of thing
2066 2011-06-20 03:24:37 <jrmithdobbs> luke-jr: it's relevant for the same reason he's following KYC/etc
2067 2011-06-20 03:24:46 <luke-jr> jrmithdobbs: Japan has KYC
2068 2011-06-20 03:24:55 <dehuman> lfm: you dont see the distinction of a security compromise leading to confidential password hashes being different than someone just guessing someone's weak password?
2069 2011-06-20 03:24:58 <jrmithdobbs> luke-jr: doing business with parties in the US makes you accountable to US laws
2070 2011-06-20 03:25:02 <MagicalTux> hmmmm: we won't allow users to set weak passwords anymore
2071 2011-06-20 03:25:05 <jrmithdobbs> in relation to the business transactions
2072 2011-06-20 03:25:08 <dehuman> you dont see an obvious negligence on the part of the site lfm?
2073 2011-06-20 03:25:09 <hmmmm> jrmithdobbs, how much did you lose exactly?
2074 2011-06-20 03:25:13 <jrmithdobbs> hmmmm: 0
2075 2011-06-20 03:25:14 <NxTitle> dehuman: I hope you understand how hashes work, and that making them "secure" against being usable kinda makes them useless
2076 2011-06-20 03:25:19 <hmmmm> then wtf are you so bitter for?
2077 2011-06-20 03:25:21 <dehuman> lfm: with hashes in hand it really doesnt matter what your password is
2078 2011-06-20 03:25:24 <dehuman> its just a matter of time
2079 2011-06-20 03:25:24 <hmmmm> shut up already
2080 2011-06-20 03:25:25 <jrmithdobbs> hmmmm: principle.
2081 2011-06-20 03:25:31 <lfm> dehuman: if you have a decent password it doesnt matter what hases are exposed
2082 2011-06-20 03:25:35 <luke-jr> I only lose if it's reverted. :/
2083 2011-06-20 03:25:37 <lfm> hashes
2084 2011-06-20 03:25:43 <upb> heh great day today
2085 2011-06-20 03:25:53 <Titanium123_> i win if its reverted, or if it isnt :)
2086 2011-06-20 03:25:54 <gmaxwell> dehuman: it does, e.g. if your password is 16 totally random characters you're fine for eons.
2087 2011-06-20 03:25:55 <dehuman> lfm: sure it is, md5 for instance
2088 2011-06-20 03:26:02 <NxTitle> eh, when you tell a person to set a capital letter, number and symbol, they will set "Password1!"
2089 2011-06-20 03:26:03 <dehuman> say what? 12 character salt? 12 character password?
2090 2011-06-20 03:26:07 <dehuman> how long does that really take?
2091 2011-06-20 03:26:08 <Optimo> the hashes aren't to protect from brute force it's to protect your secure password from prying eyes
2092 2011-06-20 03:26:12 FarmerGreene has quit (Quit: Page closed)
2093 2011-06-20 03:26:13 Teslah has quit (Quit: Leaving)
2094 2011-06-20 03:26:17 <Titanium123_> hashing method really really does nto matter
2095 2011-06-20 03:26:18 <Cyde> Optimo: ???
2096 2011-06-20 03:26:22 <nuthin> Optimo: wut?
2097 2011-06-20 03:26:25 <lfm> dehuman: in fact you SHOULD expect the hases to be leaked sooner or later, it always happens
2098 2011-06-20 03:26:27 <dehuman> Titanium123_: with regard to speed of cracking it does
2099 2011-06-20 03:26:33 <Cyde> I think he's talking about echo characters on password entry text boxes?
2100 2011-06-20 03:26:34 <dehuman> lfm: are you listening to yourself?
2101 2011-06-20 03:26:41 <Titanium123_> as long as its MD5 or better there is no problem
2102 2011-06-20 03:26:44 <gmaxwell> dehuman: mtgox was using 1000x md5. It's plenty slow, and perfectly fine.
2103 2011-06-20 03:26:44 <luke-jr> MtGox could always tell you your password and not allow changing it ;p
2104 2011-06-20 03:26:47 <dehuman> you should expect your confidential login credentials to be leaked lfm?
2105 2011-06-20 03:27:00 <lfm> dehuman: no one broke any 12 char passwords
2106 2011-06-20 03:27:03 <Titanium123_> yes you should expect hashes to be leaked
2107 2011-06-20 03:27:05 <nuthin> dehuman: you should prepare for it
2108 2011-06-20 03:27:09 <lfm> unless they were in a dictionary
2109 2011-06-20 03:27:13 <dehuman> lfm: yet
2110 2011-06-20 03:27:19 <dehuman> that you know of
2111 2011-06-20 03:27:22 <NxTitle> dehuman: i agree with lfm. it's better to keep security within your own hands rather than trusting someone else with it, no matter how trustworthy
2112 2011-06-20 03:27:24 <Herodes> well, anyone who got cheap bitcoins from this incident and swiftly withdrew their bitcoins (this action alone could indicate that you somehow anticipated something could be wrong with the trade) and then not contactingt mtGox and returning them after knowing the truth about the incident are plainly nothing but egoistical greedy bastards, and needs to be exposed as such creatures.
2113 2011-06-20 03:27:32 <dehuman> NxTitle: i'm not saying it isn't
2114 2011-06-20 03:27:32 <Blitzboom> what does this thing mean @gmail? http://i.imgur.com/eENNI.png
2115 2011-06-20 03:27:33 <jrmithdobbs> dehuman: noone has broken any *good* 12 char passwords from this dump yet
2116 2011-06-20 03:27:33 <lfm> dehuman: no one broke any 9 char passwords if they were decent
2117 2011-06-20 03:27:36 <gmaxwell> E.g. a few years ago ameritrade was compromised all over. As in the case, no one managed to make off with a ton of money.
2118 2011-06-20 03:27:38 <Blitzboom> is that downloading anything?
2119 2011-06-20 03:27:39 <jrmithdobbs> dehuman: it is impossible to have done so
2120 2011-06-20 03:27:39 <dehuman> i'm saying in the specific case of a site intrusion
2121 2011-06-20 03:27:50 <Blitzboom> itâs in the corner right bottom
2122 2011-06-20 03:27:58 <dehuman> where the site is compromised and credentials are used to nefarious ends, it kind of absolves you of cupability
2123 2011-06-20 03:27:58 <Blitzboom> anyone got an explanation?
2124 2011-06-20 03:28:04 RobboNZ has joined
2125 2011-06-20 03:28:06 <NxTitle> ever heard of "hope for the best but prepare for the worst"?
2126 2011-06-20 03:28:07 <nuthin> where can you check if your password has been broken jrmithdobbs ?
2127 2011-06-20 03:28:12 <dehuman> NxTitle: i do
2128 2011-06-20 03:28:13 <luke-jr> Herodes: admittedly, my trade involved no work on my part, so I'm not *too* upset by losing it
2129 2011-06-20 03:28:17 scott` has joined
2130 2011-06-20 03:28:18 <Cyde> I don't always hash my passwords, but when I do, I expect them to be compromised.
2131 2011-06-20 03:28:23 <Titanium123_> herodes, I withdrew 600 and left 300 in mtgox and sold 200 in case the value of bitcoins tanked, or soared or the site just plain died and lost my transactions, I woudl be okay
2132 2011-06-20 03:28:25 <dehuman> but i dont expect that the sites i use will lose there hashes
2133 2011-06-20 03:28:25 <luke-jr> Herodes: but what about the daytraders who skillfully made a nice profit?
2134 2011-06-20 03:28:26 <quiznor> MagicalTux is cool
2135 2011-06-20 03:28:31 <jlgaddis> Blitzboom: it means scrolls down, you have more mail in that thread
2136 2011-06-20 03:28:31 <dehuman> i use strong passwords cause its the right thing to do
2137 2011-06-20 03:28:34 <luke-jr> Herodes: they wasted their time?
2138 2011-06-20 03:28:41 <jrmithdobbs> luke-jr: completely agreed
2139 2011-06-20 03:28:43 <Titanium123_> dehuman you better start expecting that
2140 2011-06-20 03:28:43 <dehuman> its just a sad state if you expect all your sites to get hacked
2141 2011-06-20 03:28:47 Lachesis has quit (Ping timeout: 260 seconds)
2142 2011-06-20 03:28:50 <dehuman> i dont need to expect that
2143 2011-06-20 03:28:52 karnac_ has joined
2144 2011-06-20 03:28:58 <Blitzboom> jlgaddis: ok, so i donât have to be worried as long as i donât open any exes
2145 2011-06-20 03:28:59 <Titanium123_> then you wil get hacked a lot
2146 2011-06-20 03:28:59 <NxTitle> I don't always hash my passwords, but when I do, I save 15 percent or more on my car insurance by switching to Geico
2147 2011-06-20 03:29:03 <dehuman> Titanium123_: never once
2148 2011-06-20 03:29:06 <jrmithdobbs> luke-jr: and like I said, i made 0 money positive or negative off this
2149 2011-06-20 03:29:11 <lfm> dehuman: so if you use a stupid password from a dictionary and just wait for the hashes to be leaked, PAYDAY! then you can sue?
2150 2011-06-20 03:29:13 <jrmithdobbs> luke-jr: this whole situation is just completely unacceptable
2151 2011-06-20 03:29:15 <Titanium123_> personally I have had my hash posted on the internet 3 times
2152 2011-06-20 03:29:18 <Herodes> It's just my opinion. And I asume not everyone agree.
2153 2011-06-20 03:29:20 <Herodes> :)
2154 2011-06-20 03:29:23 <Titanium123_> thsi is the 3rd
2155 2011-06-20 03:29:26 karnac_ has quit (Read error: Connection reset by peer)
2156 2011-06-20 03:29:32 <dehuman> lfm: sure
2157 2011-06-20 03:29:41 karnac_ has joined
2158 2011-06-20 03:29:43 <dehuman> lfm: if the site password policy didnt prevent you from using stupid password
2159 2011-06-20 03:29:46 <dehuman> its still there fault
2160 2011-06-20 03:29:46 <Titanium123_> a torrent site I was on got hacked once, and a cool forum too
2161 2011-06-20 03:29:58 <Titanium123_> its you fault for pickign a password that cah be brute forced
2162 2011-06-20 03:30:03 <Cyde> Titanium123_: Let me put it this way, I'm glad that I followed the advice to use a different password for every site and to have it be alphanumeric and punctuation and over a dozen characters.
2163 2011-06-20 03:30:10 <nuthin> dehuman: if you don't expect it, then why not store the passwords in plain text
2164 2011-06-20 03:30:15 karnac has quit (Read error: Connection reset by peer)
2165 2011-06-20 03:30:27 <Herodes> but for sure there should be safeguards in place. If one users frequently logs in from say London, and then 30mins later he logs in from Hong Kong, there should at least be some trigger in the system that alerts the account owner, perhaps through an sms.
2166 2011-06-20 03:30:29 <Titanium123_> just put it in a text file on ur decktop, thats 1,000,000 (1 000 000) times more secure than using a dictionary word
2167 2011-06-20 03:30:37 <dehuman> nuthin: cause as a site operator i dont want to know your password
2168 2011-06-20 03:30:38 <lfm> dehuman: well you have a different veiw of responsibility than most, you must be from usa where stupidity is rewarded
2169 2011-06-20 03:30:40 <hmmmm> how was the 500,000 bitcoin account targeted exactly?
2170 2011-06-20 03:30:42 <dehuman> or my employers nuthin
2171 2011-06-20 03:30:44 <hmmmm> just curious
2172 2011-06-20 03:30:58 <dehuman> lfm: from a business pov, i would be remiss if i didnt consider my responsibilities to my users
2173 2011-06-20 03:31:07 <dehuman> all these are simple solutions
2174 2011-06-20 03:31:11 <quiznor> bonjour!!
2175 2011-06-20 03:31:16 <nuthin> dehuman: yes, so what's stopping you or your employers from trying to figure out the hash?
2176 2011-06-20 03:31:17 <dehuman> as a site operator force password complexity and aging
2177 2011-06-20 03:31:24 <dehuman> the user only does waht the user is allowed to do
2178 2011-06-20 03:31:25 <dehuman> remember that
2179 2011-06-20 03:31:25 <luke-jr> dehuman: nobody has a responsibility for you to choose a sane password, other than you
2180 2011-06-20 03:31:31 <dehuman> sure they do luke-jr
2181 2011-06-20 03:31:32 jivvz has quit (Quit: Lämnar)
2182 2011-06-20 03:31:35 <hmmmm> let me get the timeline of events straight: auditor gets compromised, exports CSV of logins, cracks the password on the 500k bitcoin guy, then wash trades everything to lower the value, then withdrawls everything out
2183 2011-06-20 03:31:35 <dehuman> if i want to conduct a reputable business
2184 2011-06-20 03:31:38 <hmmmm> right?
2185 2011-06-20 03:31:39 <dehuman> say a currency exchange
2186 2011-06-20 03:31:41 <Titanium123_> your hash is probably stolen from most sites by at least an employee
2187 2011-06-20 03:31:44 <dehuman> i have a responsibility to secure passwords
2188 2011-06-20 03:31:44 <lfm> dehuman you cant make stupid people smart
2189 2011-06-20 03:31:51 <dehuman> else i put my business and everyone elses' business at risk
2190 2011-06-20 03:31:55 <dehuman> because i didnt want to protect my users
2191 2011-06-20 03:31:56 <Titanium123_> hmmm correct
2192 2011-06-20 03:31:57 <Herodes> lfm: true
2193 2011-06-20 03:32:01 <dehuman> you guys need to think out of the box
2194 2011-06-20 03:32:11 <luke-jr> dehuman: no, you need to take responsibiltiy for your own actiomns
2195 2011-06-20 03:32:17 <dehuman> it most certainly is a business or site owners responsibility to enforce a minimum security policy
2196 2011-06-20 03:32:18 <lfm> dehuman and you cant save stupid people from reaping the rewards of their stupidity
2197 2011-06-20 03:32:19 <gmaxwell> Well, I think it should have enforced less sucky passwords.
2198 2011-06-20 03:32:22 <luke-jr> if YOU set the password, it's YOUR responsibility
2199 2011-06-20 03:32:23 <dehuman> i say this as a businessman and site operator
2200 2011-06-20 03:32:27 <dehuman> jeez
2201 2011-06-20 03:32:31 manifold_ has joined
2202 2011-06-20 03:32:37 <nuthin> dehuman: right, so what we're saying is you secure them as best you can
2203 2011-06-20 03:32:41 <Cryo> you can't nerf the world because some idiot needs a helmet.
2204 2011-06-20 03:32:41 <Titanium123_> dehuman some people really could nt care less if someone steals the $1 in their account so thye use a crappy password
2205 2011-06-20 03:32:45 <dehuman> i wouldnt want some idiot users to set easily cracked passwords to destabilize the market my busienss depends on
2206 2011-06-20 03:32:46 <Optimo> it can be debated. some are more security concerned than others
2207 2011-06-20 03:32:48 <gmaxwell> I mean... 26 people with the password ..password... er.
2208 2011-06-20 03:32:55 <dehuman> its on my to ensure the security of my business, not the idiot users
2209 2011-06-20 03:33:06 <dehuman> i ahve the power as the site administrator to enforce a minimum level of security
2210 2011-06-20 03:33:11 <luke-jr> dehuman: sure, you *can* enforce strict rules for passwords
2211 2011-06-20 03:33:16 <luke-jr> but that doesn't make it your duty
2212 2011-06-20 03:33:26 <Titanium123_> the users are causing your password hash table in ur db to be a valueable target
2213 2011-06-20 03:33:26 <dehuman> i can deny the users' own stupidity a say in fucking up my business, my community, my bitcoin exchange
2214 2011-06-20 03:33:29 <minixking> and havent been accessed in over 2 months?
2215 2011-06-20 03:33:29 <dehuman> jeez
2216 2011-06-20 03:33:35 <minixking> what a load of shit
2217 2011-06-20 03:33:35 <dehuman> im all for repsonsible users
2218 2011-06-20 03:33:39 <Titanium123_> without those users noone woudl care to steal the file cuase its useless
2219 2011-06-20 03:33:41 <dehuman> but not for letting site operators off the hook
2220 2011-06-20 03:33:43 <dehuman> it takes 2
2221 2011-06-20 03:33:47 <Optimo> shame on us all for trusting a website and database with a securit you know nothing about
2222 2011-06-20 03:33:58 <dehuman> and i'm sorry as a creator of security policies in the work place it absolutely is your fault
2223 2011-06-20 03:34:03 <Cryo> put a condom on your btc
2224 2011-06-20 03:34:14 <Titanium123_> you create those stupid policies I have to follow
2225 2011-06-20 03:34:17 <bk128> luke-jr: I was using your pool for a while but was getting tons of rejected blocks and timeouts. is that common?
2226 2011-06-20 03:34:19 <Titanium123_> I loathe you
2227 2011-06-20 03:34:26 kika_ has quit (Quit: Page closed)
2228 2011-06-20 03:34:27 <dehuman> they arent stupid Titanium123_
2229 2011-06-20 03:34:37 <dehuman> they prevent massive fuckups like you just witnessed
2230 2011-06-20 03:34:39 <Cryo> they're annoying, but necessary.
2231 2011-06-20 03:34:40 <midnightmagic> lol stupid 32-bit opencl implementation in john the ripper anyway. :)
2232 2011-06-20 03:34:41 Blitzboom_ has joined
2233 2011-06-20 03:34:44 <luke-jr> bk128: Eligius enables newer advanced features, and some miners don't implement them correctly.
2234 2011-06-20 03:34:46 <dehuman> personally i like fips 181
2235 2011-06-20 03:34:47 <Titanium123_> let me frigging have my wireless on when connected to the DMZ so I cna ge tto corporate sites
2236 2011-06-20 03:34:51 <luke-jr> bk128: #Eligius to discuss it further tho âº
2237 2011-06-20 03:34:53 <dehuman> automated password generator
2238 2011-06-20 03:34:55 <minixking> it says on mtgox
2239 2011-06-20 03:34:56 <Titanium123_> i knwo how to secure my pc
2240 2011-06-20 03:34:58 <Optimo> dehuman: competition will be good
2241 2011-06-20 03:35:05 magn3ts has left ("Leaving")
2242 2011-06-20 03:35:07 <dehuman> apg (1) - generates several random passwords
2243 2011-06-20 03:35:08 <minixking> that its only users that are "idle and havent been active for 2 months"
2244 2011-06-20 03:35:14 <minixking> which is going to damage their word
2245 2011-06-20 03:35:17 <luke-jr> anyhow, the scammer stole money. and there are 3 possibly parties to take the hit for it:
2246 2011-06-20 03:35:18 <Titanium123_> and I want to watch tv in the datacenter, let me use the plugs that are sitting there
2247 2011-06-20 03:35:19 <luke-jr> 1. MtGox
2248 2011-06-20 03:35:21 <dehuman> Squemdys9 (Squem-dys-NINE)
2249 2011-06-20 03:35:23 <luke-jr> 2. the victims
2250 2011-06-20 03:35:25 <Optimo> now we might pick an exchanged based on their security
2251 2011-06-20 03:35:28 <dehuman> random pronouncable passwords
2252 2011-06-20 03:35:33 <dehuman> thats weak tho
2253 2011-06-20 03:35:34 <luke-jr> 3. the legitimate traders
2254 2011-06-20 03:35:43 Blitzboom has quit (Ping timeout: 263 seconds)
2255 2011-06-20 03:35:43 <luke-jr> IMO, #3 is the worst possible chocie
2256 2011-06-20 03:35:48 <dehuman> luke-jr: i agree
2257 2011-06-20 03:35:51 <upb> yep
2258 2011-06-20 03:35:52 <dehuman> since its a trading market
2259 2011-06-20 03:35:53 <minixking> its not true in the least that entire post they have on thier site right now
2260 2011-06-20 03:35:53 <midnightmagic> luke-jr: 4: the-security-auditor -who-leaked-it's company.
2261 2011-06-20 03:35:58 <luke-jr> midnightmagic: true
2262 2011-06-20 03:36:00 <Cryo> how do you tell a legitimate trader?
2263 2011-06-20 03:36:01 <dehuman> its pretty clearly anti its own busineess model luke-jr
2264 2011-06-20 03:36:07 <midnightmagic> My vote is #4.
2265 2011-06-20 03:36:08 <Cryo> versus a legitimate traitor?
2266 2011-06-20 03:36:14 <dehuman> to make the traders take the hit is basically sabatoging your own business
2267 2011-06-20 03:36:18 <jrmithdobbs> luke-jr: especially seeing as this compromise resulted from actions taken directly by mtgox
2268 2011-06-20 03:36:19 <dehuman> cause they will leave
2269 2011-06-20 03:36:20 <Titanium123_> those are not ramdom!!!!!!!!!!!!
2270 2011-06-20 03:36:21 <Titanium123_> https://www.fourmilab.ch/hotbits/secure_generate.html
2271 2011-06-20 03:36:24 <Titanium123_> these are random
2272 2011-06-20 03:36:25 <dehuman> and you will not ever see .65%
2273 2011-06-20 03:36:27 <Titanium123_> srsly
2274 2011-06-20 03:36:30 backwardation25 has quit (Remote host closed the connection)
2275 2011-06-20 03:36:34 <Gekz> I'd have to asy
2276 2011-06-20 03:36:34 <jrmithdobbs> luke-jr: namely, giving a "financial auditor" access to the user tables in the first place
2277 2011-06-20 03:36:37 <Gekz> what shits me the most about this dump
2278 2011-06-20 03:36:38 dbasch has quit (Quit: dbasch)
2279 2011-06-20 03:36:44 <Gekz> is that my fucking email address is getting hammered with bitcoin spam
2280 2011-06-20 03:36:51 <Titanium123_> well, I hash the random data with a salt just to be sure
2281 2011-06-20 03:36:53 <Gekz> I don't give a shit about hashed password loss
2282 2011-06-20 03:36:59 <Gekz> why is my email address plaintext.
2283 2011-06-20 03:36:59 <dehuman> anyway i'm so sick to death of the 'choose a better password arguement'
2284 2011-06-20 03:37:01 <nuthin> giving the financial auditor access to the database at all
2285 2011-06-20 03:37:02 <Titanium123_> i never gave them an email so im safe
2286 2011-06-20 03:37:04 <jrmithdobbs> luke-jr: and if it wasn't a financial auditor but another kind of auditor that he's trying to prevent having to name (read: law enforcement) he's publically lieing
2287 2011-06-20 03:37:07 <luke-jr> jrmithdobbs: IMO, whether MtGox, the auditor, or the victims take the hit, depends on details we don't know yet
2288 2011-06-20 03:37:08 <B0g4r7> mine to�o
2289 2011-06-20 03:37:08 <B0g4r7> o
2290 2011-06-20 03:37:10 <jrmithdobbs> luke-jr: either way, mtgox should take the hit
2291 2011-06-20 03:37:16 <luke-jr> jrmithdobbs: I'm just rather sure it *shouldn't* be the legit traders
2292 2011-06-20 03:37:31 <luke-jr> Titanium123_: the people without emails are the MOST at risk
2293 2011-06-20 03:37:38 <Titanium123_> why?
2294 2011-06-20 03:37:39 <dehuman> its about time we get onto the 'enforce a better passsword' arguement cause its already proven time and time again users wont 'choose a better password'
2295 2011-06-20 03:37:51 <jrmithdobbs> luke-jr: if it resulted from a 3rd party legitimately authorized by mtgox to have the access they had it falls on mtgox to cover it
2296 2011-06-20 03:37:54 <jrmithdobbs> imho
2297 2011-06-20 03:38:01 <gmaxwell> dehuman: well, they'll write down whatever they end up with
2298 2011-06-20 03:38:05 <gmaxwell> which would actually be okay.
2299 2011-06-20 03:38:16 <dehuman> yah its fine
2300 2011-06-20 03:38:22 <minixking> how could they post such a blatant lie to try and cover their fuckup
2301 2011-06-20 03:38:24 <minixking> seriously
2302 2011-06-20 03:38:30 <dehuman> very few people like me willing to steal passwords with shirtmasks and maglights
2303 2011-06-20 03:38:32 <Titanium123_> luke-jr, I already withdrew my money so my account is useless to me now
2304 2011-06-20 03:38:33 <Cryo> this argument has been... hashed... over since 1993.
2305 2011-06-20 03:38:33 <midnightmagic> no, many outside auditors are bonded specifically for this reason.
2306 2011-06-20 03:38:37 <jrmithdobbs> luke-jr: and that is what they're claiming
2307 2011-06-20 03:38:40 random_cat has quit (Remote host closed the connection)
2308 2011-06-20 03:38:45 <gmaxwell> minixking: what lie?
2309 2011-06-20 03:38:47 <jrmithdobbs> luke-jr: so I don't see how they can justify the revert
2310 2011-06-20 03:38:48 <dehuman> midnightmagic: yah i'd just make them eat it
2311 2011-06-20 03:38:49 <B0g4r7> How much was stolen?
2312 2011-06-20 03:38:49 <luke-jr> Titanium123_: because there's no way to confirm the account is yours
2313 2011-06-20 03:38:59 <jrmithdobbs> luke-jr: theey need to be contacting their insurance not penalizing everyone else.
2314 2011-06-20 03:39:03 <nuthin> minixking: how do you know they're lying?
2315 2011-06-20 03:39:04 <midnightmagic> B0g4r7: $1000 worth of bitcoins.
2316 2011-06-20 03:39:11 <Titanium123_> my acct will have no money
2317 2011-06-20 03:39:15 <B0g4r7> $1000 USD?
2318 2011-06-20 03:39:16 <luke-jr> jrmithdobbs: good point, actually-- something like MtGox *should* have insurance for this kind of thing
2319 2011-06-20 03:39:17 * Gekz starts changing passwords all over the place
2320 2011-06-20 03:39:17 <Titanium123_> I have it all in my bitcoin wallet
2321 2011-06-20 03:39:19 <B0g4r7> That's nothing.
2322 2011-06-20 03:39:20 <Titanium123_> http://xkcd.com/386/
2323 2011-06-20 03:39:22 <johnlockwood> 100-200 BTC
2324 2011-06-20 03:39:25 <johnlockwood> was stolen
2325 2011-06-20 03:39:26 <minixking> nuthin: i am in the hashed password list released
2326 2011-06-20 03:39:34 <jrmithdobbs> luke-jr: in the us they are required by law to, not sure about japan
2327 2011-06-20 03:39:37 <minixking> nuthin: and i was on yesterday, the day before, etc etc
2328 2011-06-20 03:39:39 <dD0T> Gekz: Your email is in there because you entered it there. There are quite a few entries in there without email.
2329 2011-06-20 03:39:40 <Titanium123_> lol I withdrew 600 myself, didnt others?
2330 2011-06-20 03:39:44 <nuthin> minixking: and?
2331 2011-06-20 03:39:47 Cablesaurus has quit (Quit: Make it idiot proof and someone will make a better idiot.)
2332 2011-06-20 03:39:49 <gmaxwell> minixking: you're misreading it.
2333 2011-06-20 03:39:54 <Gekz> dD0T: this is true, but I thought it was a required field at the time.
2334 2011-06-20 03:39:56 <midnightmagic> holy crap, lookit all the "mtgox" passwords..
2335 2011-06-20 03:39:57 <Herodes> if someone makes an error when trading, pushing the wrong button, or inputting wrong numbers. That is the account holders fault. However if someone has a password like say "Jim_771980" and that password gets cracked because some hacker gets access to the password hash from the site in question, I can't see how that is the Users fault. He did not tell his password to anyone and as far as we know it was not stolen from his computer.
2336 2011-06-20 03:39:57 <Herodes> Then the only left to blame in this case is mtGox for not having good enough security.
2337 2011-06-20 03:39:58 <gmaxwell> minixking: it's saying the only the old accounts were unsalted.
2338 2011-06-20 03:40:21 <dehuman> Herodes: either way regardless of the password security in question
2339 2011-06-20 03:40:24 hallowworld has quit (Quit: asdf)
2340 2011-06-20 03:40:26 <dehuman> said site controls its own security policy
2341 2011-06-20 03:40:31 <dehuman> and allowed weak password
2342 2011-06-20 03:40:32 <Titanium123_> do people still type in passwords? srsly?
2343 2011-06-20 03:40:34 <Titanium123_> copy paste
2344 2011-06-20 03:40:35 <B0g4r7> gox would be a fool not to cover the loss(es).
2345 2011-06-20 03:40:40 <gmaxwell> Titanium123_++
2346 2011-06-20 03:40:41 <dD0T> Gekz: Be glad to have an event that makes you change them. Having the same password in multiple places is a bad idea anyway and you'll be safer thereafter
2347 2011-06-20 03:40:42 <Titanium123_> its 2010 for heavens sake
2348 2011-06-20 03:40:43 <johnlockwood> It looks like the plan was to crash the price, buy back a bunch and withdrawal the accounts $ limit at th�e� lower p�rice/BTC,
2349 2011-06-20 03:40:44 <Herodes> So what do you people suggest other than a rollbakc. If this was a mistake by the account holder, mt could check if it was from the usual ip. But if it was from another ip in another country, the likelyhood of it being a hacker is much larger.
2350 2011-06-20 03:40:49 <Cryo> the answer always ends up that users will always be stupid and use poor passwords and safety measures to protect their data. That companies will always use young, cheap, inexperienced "hackers" to write their now exploited software in the hopes of making money to hire someone with a good clue later on to fix it before the walls come down or a breach occurs.
2351 2011-06-20 03:40:57 <midnightmagic> B0g4r7: you mean "The auditor, if he was a security auditor, would be a fool not to cover the losses."
2352 2011-06-20 03:41:03 <Titanium123_> at least save ut passwords in a passwords.txt file on desktop,
2353 2011-06-20 03:41:06 <minixking> nothin: my password was released on a site.
2354 2011-06-20 03:41:10 <minixking> nothin: unhashed
2355 2011-06-20 03:41:11 paxos has joined
2356 2011-06-20 03:41:24 <dehuman> minixking: was mine?
2357 2011-06-20 03:41:30 <dehuman> er what site i mean ;)
2358 2011-06-20 03:41:30 <erek> http://buttcoin.org/lionhat-security-taking-claim-for-mt-gox-hack-and-database-dump-taunts-owners-and-promises-next-black-friday
2359 2011-06-20 03:41:31 <johnlockwood> Or maybe they used another account as a buyer
2360 2011-06-20 03:41:32 <dehuman> mine was easy
2361 2011-06-20 03:41:33 <B0g4r7> Was it a good password?
2362 2011-06-20 03:41:40 <dehuman> no
2363 2011-06-20 03:41:46 <Gekz> dD0T: oh, no, I mean it finally spurned me to change my password in other places
2364 2011-06-20 03:41:48 <dehuman> but i didnt have anything in bitcoin
2365 2011-06-20 03:41:55 <minixking> B0g4r7: it was faily decent
2366 2011-06-20 03:41:57 <erek> hey apparently lionhat has comprimised something else, but are waiting to take action for a crash that won't be reversible this time
2367 2011-06-20 03:41:58 <dehuman> and i purposefully changed it to a bad password
2368 2011-06-20 03:42:04 <dehuman> my password was 'bitcrack'
2369 2011-06-20 03:42:17 <Herodes> i don't touch that buttcoin site with a 10 feet long pole.
2370 2011-06-20 03:42:22 <jgarzik> I would avoid buttcoin
2371 2011-06-20 03:42:27 <jgarzik> they were stealing shit through CSRF
2372 2011-06-20 03:42:28 <Herodes> for all we know he can have 0-day exploits running from his web server.
2373 2011-06-20 03:42:41 <jgarzik> erek: ^^
2374 2011-06-20 03:42:44 <erek> hey guys.. a team called lionhat is taking responsibility for the mtgox hack, and say they actually have access to something even bigger that won't be able to be reversed
2375 2011-06-20 03:42:46 <lianj> jgarzik: curl it
2376 2011-06-20 03:42:46 <Cryo> Herodes, not necessarily... the point of BitCoin was to be anonymous... which smart people would use TOR or onion or some other proxy method to avoid being fingerprinted.
2377 2011-06-20 03:42:53 <Herodes> He must be mentally disturbed (if run by an individual alone). What's up with all that hate towards bitcoin?
2378 2011-06-20 03:43:01 <gmaxwell> jgarzik: er, why the hell is the site still up then?
2379 2011-06-20 03:43:08 <vrs> http://buttcoin.org/lionhat-security-taking-claim-for-mt-gox-hack-and-database-dump-taunts-owners-and-promises-next-black-friday hah why didn't I have this idea
2380 2011-06-20 03:43:15 <minixking> erek: where are you getting this info?
2381 2011-06-20 03:43:17 <midnightmagic> Cryo: that's not necessary for a large-enough network. You don't know where a message originated.
2382 2011-06-20 03:43:19 <Herodes> Cryo: yes.
2383 2011-06-20 03:43:24 <vrs> >take claim >acquire bitcoins
2384 2011-06-20 03:43:28 <erek> minixking: the link by vrs
2385 2011-06-20 03:43:28 <Eremes> its so gay that company like MTGOX got hacked
2386 2011-06-20 03:43:30 <Eremes> lol
2387 2011-06-20 03:43:36 <jrmithdobbs> gmaxwell: because i'm the only one that bothers to contact abuse departments instead of whine
2388 2011-06-20 03:43:37 <Eremes> they must be stingy on security
2389 2011-06-20 03:43:39 <jgarzik> gmaxwell: because I don't have takedown powers for random sites on the internet?
2390 2011-06-20 03:43:45 <midnightmagic> Eremes: They didn't. An outside auditor leaked the database.
2391 2011-06-20 03:43:46 <vrs> Eremes: anybody could've written that
2392 2011-06-20 03:43:47 <jrmithdobbs> gmaxwell: and i haven't contacted their provider yet.
2393 2011-06-20 03:43:56 <vrs> err, erek
2394 2011-06-20 03:43:58 <gmaxwell> erek: tell them they are full of shit and if not tell them to forward it to a blackhole address.
2395 2011-06-20 03:43:59 <Titanium123_> use noscript and addblock at a MINIMUM
2396 2011-06-20 03:44:00 <midnightmagic> Eremes: thanks for your helpful contribution.
2397 2011-06-20 03:44:04 <Herodes> right. Only mt knows the truth, and we can only know what he says.
2398 2011-06-20 03:44:11 <Titanium123_> then u dotn get viruses 99.999%
2399 2011-06-20 03:44:15 <Herodes> What was the name of this auditor for instance, can he be reached?
2400 2011-06-20 03:44:15 <Titanium123_> I havent gotten a virus in 3 years
2401 2011-06-20 03:44:19 <Titanium123_> at least
2402 2011-06-20 03:44:22 <B0g4r7> "An outside auditor leaked the database." -- What is the source of this info?
2403 2011-06-20 03:44:23 <Titanium123_> and before that 4 years
2404 2011-06-20 03:44:24 <gmaxwell> Whats that 111111 blackhole address with the valid checksum?
2405 2011-06-20 03:44:25 <B0g4r7> 3
2406 2011-06-20 03:44:28 <gmaxwell> B0g4r7: MagicalTux
2407 2011-06-20 03:44:29 <vrs> so sure about that Titanium123_?
2408 2011-06-20 03:44:32 <Herodes> I am sure a lot of news papers would be interested in calling this auditor.
2409 2011-06-20 03:44:32 <Eremes> I never heard google got hacked
2410 2011-06-20 03:44:32 <Cryo> midnightmagic, that doesn't account for locally fingerprinting, or ISP
2411 2011-06-20 03:44:33 <jrmithdobbs> jgarzik: i do. i got walletinspector.info converted to a static png. twice. with a threat from his provider that if he changes it to anything else again while it's on their service they will pull it.
2412 2011-06-20 03:44:35 <midnightmagic> B0g4r7: uh.. go read the support site dude.
2413 2011-06-20 03:44:37 <vrs> B0g4r7: MT
2414 2011-06-20 03:44:49 <jrmithdobbs> jgarzik: and terminate all of his service.
2415 2011-06-20 03:44:57 <B0g4r7> supporters site?
2416 2011-06-20 03:45:10 <Herodes> just go to mtgox.com
2417 2011-06-20 03:45:13 <Eremes> our maybe this case just to make bitcoin more popular and sky-rocketing the price =)
2418 2011-06-20 03:45:20 <B0g4r7> :loading:
2419 2011-06-20 03:45:24 <vrs> Eremes: hardly
2420 2011-06-20 03:45:31 <midnightmagic> Herodes: Why would MtGox damage the rep of the auditor unless he was specifically aiming to do damage?
2421 2011-06-20 03:45:35 <hmmmm> who wants to bet that some members of this "lionhat security" are lurking right here, right now
2422 2011-06-20 03:45:38 <hmmmm> --
2423 2011-06-20 03:45:45 <jrmithdobbs> midnightmagic: cover up sql injection exploit?
2424 2011-06-20 03:45:49 <B0g4r7> asshat sec
2425 2011-06-20 03:45:58 Joric has quit ()
2426 2011-06-20 03:46:01 edmonds has joined
2427 2011-06-20 03:46:16 <jrmithdobbs> midnightmagic: who's to say they're even doing it on purpose? could just be *assuming* the auditor was the attack vector
2428 2011-06-20 03:46:30 <Cryo> that's a big assumption
2429 2011-06-20 03:46:31 <midnightmagic> jrmithdobbs: Why would MtGox lie about SQL injection?
2430 2011-06-20 03:46:32 <minixking> you know what
2431 2011-06-20 03:46:40 <jrmithdobbs> midnightmagic: market faith
2432 2011-06-20 03:46:41 blishchrot has joined
2433 2011-06-20 03:46:44 <upb> to cover up the lousy security :)
2434 2011-06-20 03:46:44 <erek> minixking: you've had enough, haven't you?
2435 2011-06-20 03:46:46 <minixking> that lie on the mtgox site cannot be left there
2436 2011-06-20 03:46:50 <midnightmagic> jrmithdobbs: Also, anything beyond the MtGox statement is conspiracy theory.
2437 2011-06-20 03:46:55 <erek> minixking: what lie
2438 2011-06-20 03:46:56 dfc_ has joined
2439 2011-06-20 03:47:04 karnac_ has quit (Quit: karnac_)
2440 2011-06-20 03:47:14 <jrmithdobbs> midnightmagic: just like the statement they made saying they ensured the csrf exploit wasn't ever used by verifying server logs
2441 2011-06-20 03:47:26 <Herodes> here is a writeup on the events.
2442 2011-06-20 03:47:28 <Herodes> worth a read
2443 2011-06-20 03:47:29 <Herodes> http://blog.zorinaq.com/?e=55
2444 2011-06-20 03:47:30 <minixking> that the unsalted passwords in the wild are from non current users
2445 2011-06-20 03:47:32 <jrmithdobbs> midnightmagic: which is *impossible to have done with a well executed csrf* that's why csrf is so bad in the first place.
2446 2011-06-20 03:47:35 <B0g4r7> mtgox assumed there was not a compromise at first, aside from one account.
2447 2011-06-20 03:47:37 <grndzero> everything is a conspircy these days, including the real truth
2448 2011-06-20 03:47:39 <B0g4r7> A false assumption.
2449 2011-06-20 03:47:41 <midnightmagic> jrmithdobbs: Do you have specific evidence that disproves that?
2450 2011-06-20 03:47:48 <jrmithdobbs> midnightmagic: which is *impossible to have done with a well executed csrf* that's why csrf is so bad in the first place.
2451 2011-06-20 03:47:54 <midnightmagic> jrmithdobbs: And what kind of logs do you think they keep?
2452 2011-06-20 03:47:56 <BTCTrader> jgarzik: they were stealing shit through CSRF source?
2453 2011-06-20 03:48:03 <midnightmagic> what, simple apache logs?
2454 2011-06-20 03:48:13 <Herodes> http://forum.bitcoin.org/index.php?topic=19619.0
2455 2011-06-20 03:48:16 <jrmithdobbs> midnightmagic: http, probably with referrer, which doesn't prove ANYTHING since csrf gets executed through the victim's browser
2456 2011-06-20 03:48:18 <midnightmagic> they keep enough logs to roll back the entire exchange to a prior date.
2457 2011-06-20 03:48:27 <gmaxwell> erek: give the lionhat this address: 1111111111111111111114oLvT2
2458 2011-06-20 03:48:31 <B0g4r7> db logs
2459 2011-06-20 03:48:34 <jrmithdobbs> midnightmagic: hence, it is *not povable* that it never occurred
2460 2011-06-20 03:48:37 <gmaxwell> erek: they can send their billion stolen bitcoin there
2461 2011-06-20 03:48:37 <quiznor> so lionhat hacked bitcoin? interesting
2462 2011-06-20 03:48:38 <midnightmagic> jrmithdobbs: Dude. You're assuming they keep fewer logs than necessary to make that statement without any evidence.
2463 2011-06-20 03:48:44 <gmaxwell> erek: and then no one can ever spend it again.
2464 2011-06-20 03:48:48 <Herodes> "He understands the rollback won't be popular with people who were able to pick up coins for .10 or whatever but none of those trades were legitimate so mtgox has a legal obligation to reverse the trades."
2465 2011-06-20 03:48:55 <jrmithdobbs> midnightmagic: no, I'm saying there are no logs they could have kept to make that statement with confidence
2466 2011-06-20 03:49:22 <jrmithdobbs> midnightmagic: big difference
2467 2011-06-20 03:49:29 <midnightmagic> jrmithdobbs: Unless they were talking about a specific CSRF found in the wild.
2468 2011-06-20 03:49:33 <Herodes> anyone can claim they hacked mtGox. And only a fucking fool would take credit for it. A real hacker would tell nobody.
2469 2011-06-20 03:49:33 <upb> i was wondering about that the other day aswell
2470 2011-06-20 03:49:37 <gmaxwell> jrmithdobbs: auditor logging in from HK at 3am and select * from users; ?
2471 2011-06-20 03:49:42 <midnightmagic> jrmithdobbs: Which I seem to recal was a GET.
2472 2011-06-20 03:49:48 manifold_ has quit (Remote host closed the connection)
2473 2011-06-20 03:50:04 karnac has joined
2474 2011-06-20 03:50:20 <jrmithdobbs> gmaxwell: i'm talking about the csrf denial
2475 2011-06-20 03:50:23 <alystair> http://www.youtube.com/watch?v=4YyEdny5rh8
2476 2011-06-20 03:50:25 Tim-7967 has quit (Read error: Operation timed out)
2477 2011-06-20 03:50:50 <jrmithdobbs> midnightmagic: they were talking about the two that were posted about on the forum on friday
2478 2011-06-20 03:51:02 <B0g4r7> I think a rollback is the right thing to do.
2479 2011-06-20 03:51:10 <Herodes> i agree with that one.
2480 2011-06-20 03:51:19 <samlander> aly: no shit
2481 2011-06-20 03:51:19 <Herodes> I have seen it on other markets before.
2482 2011-06-20 03:51:24 <Herodes> It is never popular though.
2483 2011-06-20 03:51:33 <gmaxwell> BlueMattBot: Tell bluemat that the wallet encryption code is insecure and to read the forum thread.
2484 2011-06-20 03:51:36 <Herodes> Esp. not among those who "got a good deal".
2485 2011-06-20 03:51:49 <B0g4r7> indeed.
2486 2011-06-20 03:52:06 <jrmithdobbs> midnightmagic: there is no way to "prove" that it was not exploited in the wild via "server logs" as he claimed in his response after fixing the issue
2487 2011-06-20 03:52:16 <BlueMattBot> gmaxwell did you mean me? Unknown command 'Tell'
2488 2011-06-20 03:52:17 <BlueMattBot> Use 'BlueMattBot: help' to get help!
2489 2011-06-20 03:52:22 arima has joined
2490 2011-06-20 03:52:24 <jrmithdobbs> midnightmagic: because the requests would have lookd like any other request from that same user.
2491 2011-06-20 03:52:29 <jrmithdobbs> midnightmagic: this is why csrf is so bady.
2492 2011-06-20 03:52:33 nanotube is now known as ninja-
2493 2011-06-20 03:52:33 <jrmithdobbs> s/bady/bad/
2494 2011-06-20 03:52:38 <midnightmagic> jrmithdobbs: unless the nature of the specific CSRF in question had specific characteristics.
2495 2011-06-20 03:52:52 sabalabas has joined
2496 2011-06-20 03:52:54 <jrmithdobbs> midnightmagic: what would these characterizations be?
2497 2011-06-20 03:52:59 ninja- is now known as nanotube
2498 2011-06-20 03:53:05 <jrmithdobbs> midnightmagic: the exploit let you reset their email (one of them)
2499 2011-06-20 03:53:33 <lfm> jrmithdobbs: unless he did figure out how it was done
2500 2011-06-20 03:53:49 <midnightmagic> jrmithdobbs: beats me. I'm just saying you're doing the same thing you claim mtgox is doing, which is making blanket statements about something you have no actual information about.
2501 2011-06-20 03:53:54 <BlueMattBot> Project Bitcoin build #59: STILL FAILING in 46 min: http://www.bluematt.me/jenkins/job/Bitcoin/59/
2502 2011-06-20 03:53:54 \LoveBeads\ has quit (Remote host closed the connection)
2503 2011-06-20 03:53:55 <BlueMattBot> * matt: Update translations and remove obsolete translations.
2504 2011-06-20 03:53:56 <BlueMattBot> * shane-github: Fix missing includes needed for Boost 1.46.
2505 2011-06-20 03:54:05 paxos has quit (Ping timeout: 258 seconds)
2506 2011-06-20 03:54:20 <jrmithdobbs> midnightmagic: no, my statements are based in experience based on ~10 years experience fixing/diagnosing this shit for clients
2507 2011-06-20 03:54:42 <jrmithdobbs> midnightmagic: there is no way to confirm a well-executed csrf was not taken advantage of based on server logs
2508 2011-06-20 03:54:54 <midnightmagic> jrmithdobbs: Do you have access to MtGox servers?
2509 2011-06-20 03:54:57 <jrmithdobbs> there are ways to confirm *it was* but not that *it was not*
2510 2011-06-20 03:55:12 <lfm> jrmithdobbs: so do you tell your clients "it must have been csrf because we have absolutly no evidence"?
2511 2011-06-20 03:55:28 <Herodes> jrmithdobbs is a man who is full of it. He talks just shit about mtGox and MagicalTux. Never trust a single word that comes from this irc-user.
2512 2011-06-20 03:55:33 <jrmithdobbs> brick wall
2513 2011-06-20 03:55:35 <jrmithdobbs> i swear
2514 2011-06-20 03:55:42 <jrmithdobbs> lfm: obviously not
2515 2011-06-20 03:55:42 * midnightmagic sighs.
2516 2011-06-20 03:55:58 <midnightmagic> dammit Herodes you're not helping.
2517 2011-06-20 03:56:04 <jrmithdobbs> Herodes: says the man who's been in the channel a whole 4 hours
2518 2011-06-20 03:56:08 <Herodes> so is not jrmithdobbs
2519 2011-06-20 03:56:21 <lfm> jrmithdobbs: it seems like you are trying to tell us tjust that
2520 2011-06-20 03:56:39 edmonds has quit (Quit: leaving)
2521 2011-06-20 03:56:42 <midnightmagic> jrmithdobbs: The point is, there is a reality in which MT's statements are true and internally consistent.
2522 2011-06-20 03:56:47 <jrmithdobbs> lfm: i'm saying that when a *confirmed csrf problem* existed there is no way to prove that it *was never used*
2523 2011-06-20 03:56:49 paxos has joined
2524 2011-06-20 03:56:54 <jrmithdobbs> lfm: the exploit was confirmed by multiple sources
2525 2011-06-20 03:57:01 <midnightmagic> jrmithdobbs: What was the nature of the second CSRF?
2526 2011-06-20 03:57:05 <jrmithdobbs> lfm: we *know* the attack vector existed.
2527 2011-06-20 03:57:23 <jrmithdobbs> lfm: with that criteria, based on server logs, there is *no way* to prove it was never used
2528 2011-06-20 03:57:30 <gentz> If bitcoi transactions are rolled back then doesn't that mean bitcoin is being regulated by a central authority?
2529 2011-06-20 03:57:31 <jrmithdobbs> which is exactly what he claimed to do
2530 2011-06-20 03:57:38 <midnightmagic> jrmithdobbs: Only if the nature of the CSRF is non-deterministic.
2531 2011-06-20 03:57:44 <lfm> jrmithdobbs: so one of those "confirmers" finally released the fruits of their "test"?
2532 2011-06-20 03:57:58 <quiznor> gentz: bitcoin isn't being rolled back
2533 2011-06-20 03:58:05 <Herodes> gentz: only mtGox bitcoin transactions can be rolled back. bitcoin transactions on the live network cannot be rolled back.
2534 2011-06-20 03:58:12 <Gekz> what does CSRF stand for
2535 2011-06-20 03:58:14 <jrmithdobbs> midnightmagic: no
2536 2011-06-20 03:58:14 <Gekz> I have forgotten
2537 2011-06-20 03:58:17 <quiznor> cross site request forgery
2538 2011-06-20 03:58:20 <Herodes> the "bitcoin transactions" on mtgox are just numbers being shuffled in a database.
2539 2011-06-20 03:58:23 <Gekz> that's it
2540 2011-06-20 03:58:35 <gentz> Then will the price return to normal after the roll back?
2541 2011-06-20 03:58:46 <jrmithdobbs> midnightmagic: if the csrf is exploited properly there is no way to tell it was done THATS WHY CSRF IS SUCH A BAD THING
2542 2011-06-20 03:58:47 <minixking> gentz: the price is fine
2543 2011-06-20 03:58:51 <midnightmagic> jrmithdobbs: If the CSRF retrieves, specifically, 20.00001 ฿ and that never happened, then you've just chown that a specific CSRF as found in the wild DID NOT happen. And you can correlate logs for that.
2544 2011-06-20 03:59:00 <jrmithdobbs> midnightmagic: that's not what it did.
2545 2011-06-20 03:59:03 <midnightmagic> jrmithdobbs: See, that's your caveat: "exploited properly"
2546 2011-06-20 03:59:07 <minixking> gentz: the price should still be at 17.25ish a coin
2547 2011-06-20 03:59:08 <quiznor> MagicalTux: how many chix did you bukkake in japan
2548 2011-06-20 03:59:08 <lfm> gentz: mtgox sez the price will return to $17 or so, no telling what will happen after that
2549 2011-06-20 03:59:16 <Herodes> MagicalTux stated that the CSRF issues is fixed, and if you want to protect yourself from it, install for instance another browser and use only that for mtgox.com and for nothing else (low tech fix).
2550 2011-06-20 03:59:18 <jrmithdobbs> midnightmagic: yes, as in, resets or blanks the referrer
2551 2011-06-20 03:59:32 <midnightmagic> jrmithdobbs: What, specifically, did it do?
2552 2011-06-20 03:59:34 UberCookies has joined
2553 2011-06-20 03:59:42 <MagicalTux> Herodes: anyway you shouldn't browse to other sites while being logged in on a site with thousands of $ on your account
2554 2011-06-20 03:59:43 FellowTraveler has left ()
2555 2011-06-20 03:59:43 <midnightmagic> dammit, where's the thread now..
2556 2011-06-20 03:59:48 <jrmithdobbs> midnightmagic: reset the user's email was one
2557 2011-06-20 03:59:52 <Herodes> MagicalTux: I agree.
2558 2011-06-20 04:00:01 Taveren93HGK has joined
2559 2011-06-20 04:00:02 Beccara_ has joined
2560 2011-06-20 04:00:05 <MagicalTux> we set a logout delay quite short, which people have been complaining about
2561 2011-06-20 04:00:07 <minixking> magical: incogneto in chrome
2562 2011-06-20 04:00:14 <MagicalTux> minixking: yep, CtrlShiftN
2563 2011-06-20 04:00:17 <quiznor> MagicalTux is a cool guy
2564 2011-06-20 04:00:26 Beccara has quit (Quit: Leaving)
2565 2011-06-20 04:00:30 <quiznor> yes.. definitely use a separate browser session for your banking
2566 2011-06-20 04:00:31 <upb> he doesnt afraid of anything )
2567 2011-06-20 04:00:33 <jrmithdobbs> midnightmagic: it would literally look just like the user legitimately resetting their password on the server side
2568 2011-06-20 04:00:42 <jrmithdobbs> err s/password/email/
2569 2011-06-20 04:00:43 <minixking> and for all those idiots that used the same pass on all thier sites shame on you
2570 2011-06-20 04:00:44 <minixking> SHAME
2571 2011-06-20 04:01:05 <lfm> minixking: or worse
2572 2011-06-20 04:01:11 <minixking> you deserve to be marked as a crack smoker on your facebook
2573 2011-06-20 04:01:13 <Cryo> that's 99.999996% of the Intardweb
2574 2011-06-20 04:01:14 <bk128> same username :(
2575 2011-06-20 04:01:20 slux has quit (Ping timeout: 252 seconds)
2576 2011-06-20 04:01:21 <bk128> different pass though
2577 2011-06-20 04:01:27 <minixking> and the fake msg's to your parents saying you like to fuck animal is all on you
2578 2011-06-20 04:01:27 <quiznor> blaming the victim minixking?
2579 2011-06-20 04:01:31 <quiznor> why not say shame on the hacker?
2580 2011-06-20 04:01:43 <Cryo> yeh, the login/password being the same on other sites is gonna suck for a lot.
2581 2011-06-20 04:01:52 <midnightmagic> jrmithdobbs: minus the fact that it's all happening within a fraction of a second, or it's resetting to a specific email, or resetting within a period of inactivity, or, or or..
2582 2011-06-20 04:01:53 <minixking> he isnt doing something that is mentally retarded
2583 2011-06-20 04:01:58 <Herodes> minixking: It is a problem that never will be solved, honestly. Most people prefer convenience over security. Most of the general public is not concerned about security at all. So for the masses, the web site operators must enforce rules to avoid theft.
2584 2011-06-20 04:02:02 <Herodes> There is no other way.
2585 2011-06-20 04:02:11 <jrmithdobbs> midnightmagic: once again
2586 2011-06-20 04:02:17 <Herodes> You can make as many guidelines and advice as much as you want, people will be lazy and stupid anyway.
2587 2011-06-20 04:02:18 <upb> minixking: fraction of a second of what ?
2588 2011-06-20 04:02:23 Maged has quit (Remote host closed the connection)
2589 2011-06-20 04:02:24 <upb> erm midnightmagic
2590 2011-06-20 04:02:25 <jrmithdobbs> midnightmagic: there are ways to tell that *it was* eploited
2591 2011-06-20 04:02:26 <quiznor> oh pls minixking... anyone can get hacked / mugged regardless of their security protocol. even the highest security systems like RSA were hacked
2592 2011-06-20 04:02:28 <dfc_> nits not convienence over security. its usability over security
2593 2011-06-20 04:02:32 <lfm> midnightmagic: does it work with ht5tps too?
2594 2011-06-20 04:02:34 <jrmithdobbs> midnightmagic: there is no way to confirm that *it was not*
2595 2011-06-20 04:02:34 <Cryo> people go out of their way to be stupid... not just lazy.
2596 2011-06-20 04:02:39 <lfm> midnightmagic: does it work with https too?
2597 2011-06-20 04:03:01 dbasch has joined
2598 2011-06-20 04:03:06 <dfc_> the neat question is if you had that many bitcoins how would you launder it?
2599 2011-06-20 04:03:09 <Herodes> quiznor: right, even pentagon have been hacked, and other high profile insitutions.
2600 2011-06-20 04:03:09 kratosk has joined
2601 2011-06-20 04:03:10 <bitsnbytes> 4h19
2602 2011-06-20 04:03:13 Lenovo01 has joined
2603 2011-06-20 04:03:13 <bitsnbytes> <MagicalTux> vrs: they started moving funds to randomly created accounts, but I stop mtgox before they actually withdraw anything
2604 2011-06-20 04:03:20 <midnightmagic> lfm: beats me.
2605 2011-06-20 04:03:21 <minixking> quiz: true, but if you use seperate passwords for your seperate interests, you are not owned
2606 2011-06-20 04:03:25 Speeder has quit (Read error: Connection reset by peer)
2607 2011-06-20 04:03:45 erek has quit (Remote host closed the connection)
2608 2011-06-20 04:04:05 <luke-jr> minixking: until MtGox owns you
2609 2011-06-20 04:04:05 <dfc_> bitsnbytes: was that in response to me?
2610 2011-06-20 04:04:09 <paxos> a virus hacked my immune system last week ~ really sucked
2611 2011-06-20 04:04:23 <bitsnbytes> no, wrong channel
2612 2011-06-20 04:04:29 <midnightmagic> jrmithdobbs: Dude, look. I comprehend what you're saying. It's the spaghetti monster, no evidence thing. That's not what I'm arguing; stop and think a moment, and if you really want to verify this, we go back to the CSRF details themselves, or if we don't have them, then you're doing EXACTLY the same thing by claiming MT couldn't have legit' made that statement.
2613 2011-06-20 04:04:29 <idnar> paxos: yours too, eh
2614 2011-06-20 04:04:35 <grndzero> did they actually get cash out? I saw somewhere that they withdrew the $1000 limit, or was that a possible loss?
2615 2011-06-20 04:04:38 <idnar> paxos: we obviously need better antivirus hardware
2616 2011-06-20 04:04:45 <quiznor> midnightmagic: ?
2617 2011-06-20 04:04:59 min0r has quit (Ping timeout: 252 seconds)
2618 2011-06-20 04:04:59 Maged has joined
2619 2011-06-20 04:05:13 <jrmithdobbs> midnightmagic: i was one of th people who confirmed the exploit in the thread about it. it existed. it was exploitable in an undetectable way.
2620 2011-06-20 04:05:23 <quiznor> the thief stole a bunch of coin.. the heist will probably net him around $80K
2621 2011-06-20 04:05:26 <jrmithdobbs> midnightmagic: go ask the others in the thread that confirmed.
2622 2011-06-20 04:05:31 <quiznor> not bad for a hack...
2623 2011-06-20 04:05:38 <bk128> antivirus hardware what?
2624 2011-06-20 04:05:42 <midnightmagic> jrmithdobbs: Link the thread, lemme see those details, specifically.
2625 2011-06-20 04:05:43 <minixking> has this hit main stream media yet?
2626 2011-06-20 04:05:44 marc0polo has joined
2627 2011-06-20 04:05:57 karnac_ has joined
2628 2011-06-20 04:06:01 f33x has quit (Ping timeout: 250 seconds)
2629 2011-06-20 04:06:08 <jrmithdobbs> midnightmagic: what details do you want? it's a classic csrf, there were no special steps to execute. just simple lack of a magic token
2630 2011-06-20 04:06:12 f33x has joined
2631 2011-06-20 04:06:17 <minixking> wtf is that ipv6?
2632 2011-06-20 04:06:17 <Cryo> main stream doesn't even understand bitcoin :)
2633 2011-06-20 04:06:20 <quiznor> http://pastebin.com/4NPemHfz
2634 2011-06-20 04:06:23 karnac has quit (Read error: Connection reset by peer)
2635 2011-06-20 04:06:26 <quiznor> that was from the 14th
2636 2011-06-20 04:06:31 <luke-jr> minixking: what? you're still using IPv4?
2637 2011-06-20 04:06:31 <quiznor> "buttsec" claimed to have hacked gox
2638 2011-06-20 04:06:32 <midnightmagic> jrmithdobbs: Where? Which site? Was it a link? Javascript? What, specifically, were the details.
2639 2011-06-20 04:06:34 <jrmithdobbs> midnightmagic: reset referrer autosubmit form with javascript
2640 2011-06-20 04:06:40 <lfm> mainstream == slashdot??
2641 2011-06-20 04:06:41 <quiznor> lets face it.. the site has been compromised for weeks, possibly months
2642 2011-06-20 04:06:45 <jrmithdobbs> midnightmagic: end of exploit
2643 2011-06-20 04:06:50 <gentz> Will bitcoin recover or is it done with afte rhits mtgov?
2644 2011-06-20 04:06:50 <quiznor> lots of ppl said their accounts were broken into prior to today
2645 2011-06-20 04:07:05 <midnightmagic> jrmithdobbs: Details. What email address, where, any delays, what interface did it use?
2646 2011-06-20 04:07:18 BTCTrader has quit (Read error: Connection reset by peer)
2647 2011-06-20 04:07:22 <phantomcircuit> http://forum.insidepro.com/viewtopic.php?p=65092&sid=d23fbc6d37e592c825f5126e201747e7
2648 2011-06-20 04:07:23 <phantomcircuit> the hash for superbitcoin uid 13 is on that forum
2649 2011-06-20 04:07:24 <jrmithdobbs> midnightmagic: i did not confirm a website in the wild was using it, I confirmed that the exploit was possible.
2650 2011-06-20 04:07:27 <kratosk> why did people keep using mtgox if they saw this coming?
2651 2011-06-20 04:07:27 <phantomcircuit> dated may 9th
2652 2011-06-20 04:07:50 <jrmithdobbs> phantomcircuit: nice.
2653 2011-06-20 04:08:00 <midnightmagic> jrmithdobbs: Ah.. THAT is different. Entirely. Now what, specifically, was MT commenting on in the thread?
2654 2011-06-20 04:08:01 <quiznor> phantomcircuit: smoking gun
2655 2011-06-20 04:08:06 <minixking> http://t.co/RYlObuM
2656 2011-06-20 04:08:12 <minixking> thats the whole list
2657 2011-06-20 04:08:17 <minixking> why do people only post half lists
2658 2011-06-20 04:08:22 <jrmithdobbs> midnightmagic: he specifically said "i have reviewed the server logs and this was never exploited"
2659 2011-06-20 04:08:26 <Herodes> hm.. so that insidepro.com is basically a place where people give password hashes and ask people to crack them ?
2660 2011-06-20 04:08:34 <gentz> where can i buy bitcoins besides mtgox?
2661 2011-06-20 04:08:35 <Herodes> and stuff likeit?
2662 2011-06-20 04:08:39 <jrmithdobbs> midnightmagic: which cannot possibly be a truthful statement since such confirmation is impossible
2663 2011-06-20 04:08:41 <phantomcircuit> Herodes, yes
2664 2011-06-20 04:08:43 <jrmithdobbs> phantomcircuit: where's your damned thread from friday
2665 2011-06-20 04:08:52 <midnightmagic> jrmithdobbs: Dude, at this point you're asking me to take your word on it. You understand why I'm interested in the thread itself?
2666 2011-06-20 04:08:54 <phantomcircuit> jrmithdobbs, he edited his comments
2667 2011-06-20 04:08:55 <upb> wow 9th
2668 2011-06-20 04:09:02 <jrmithdobbs> phantomcircuit: lol
2669 2011-06-20 04:09:14 <midnightmagic> bah
2670 2011-06-20 04:09:17 <jrmithdobbs> midnightmagic: sounds like you'll have to get theymos to pull forum backups to get the proof
2671 2011-06-20 04:09:28 <midnightmagic> I'm really not that interested.
2672 2011-06-20 04:09:28 <jrmithdobbs> midnightmagic: hence: mtgox not trustworthy.
2673 2011-06-20 04:09:32 <quiznor> yeah like i said.. the site has been compromised for weeks if not months in the latest round of hacks.. all those reports of ppl's accounts being hacked were true
2674 2011-06-20 04:09:45 <Herodes> Would there be any legitimate use for such a site? I guess it would be impossible to control anyway.. There would always be markets or forums dealing with stuff like that, and there probably are lots of them, I am not just into that "scene".
2675 2011-06-20 04:09:53 <midnightmagic> Are you certain he wasn't talking about the CSRF on the buttcoins site?
2676 2011-06-20 04:09:58 <upb> phantomcircuit: now would have been interesting to know since what time did this claimed 'auditor' have access to mtgox production db
2677 2011-06-20 04:10:09 <gmaxwell> phantomcircuit: are hashes for other users on that forum?
2678 2011-06-20 04:10:19 <quiznor> accountants dont log into mysql... they work on csvs
2679 2011-06-20 04:10:21 <quiznor> or excel
2680 2011-06-20 04:10:22 <jrmithdobbs> midnightmagic: he was specifically replying to a thread reporting a csrf that had not been located on any specific website
2681 2011-06-20 04:10:28 <quiznor> the auditor is false
2682 2011-06-20 04:10:38 <phantomcircuit> upb, he said yesterday...
2683 2011-06-20 04:10:39 <Herodes> so, then most hacks are most likely not CSRF, but rahter the leaked user info file having a password being cracked one by one.
2684 2011-06-20 04:10:39 <midnightmagic> jrmithdobbs: If I were truly that interested, I'd be bugging MT. But your statement is also incorrect if he were being earnest at the time.
2685 2011-06-20 04:10:45 <upb> phantomcircuit: so there we go ;)
2686 2011-06-20 04:10:54 <upb> bs
2687 2011-06-20 04:11:00 <jrmithdobbs> midnightmagic: if he were being earnest then he doesn't understand how csrfs work
2688 2011-06-20 04:11:07 <phantomcircuit> gmaxwell, i didn't check, and afaik that particular hash hasn't been cracked yet, so it's probably not a common password
2689 2011-06-20 04:11:09 <jrmithdobbs> midnightmagic: which is a *bigger* problem
2690 2011-06-20 04:11:10 <gmaxwell> phantomcircuit: yes.
2691 2011-06-20 04:11:15 <gmaxwell> uid 7 is there too
2692 2011-06-20 04:11:17 <Herodes> and how on earth did this not get noticed earlier?
2693 2011-06-20 04:11:17 <midnightmagic> jrmithdobbs: Or there was a miscommunication. Why are you blaming him for it?
2694 2011-06-20 04:11:28 <gmaxwell> phantomcircuit: and uid 9
2695 2011-06-20 04:11:32 <quiznor> hacksack
2696 2011-06-20 04:11:34 <phantomcircuit> gmaxwell, yeah
2697 2011-06-20 04:11:49 <dfc_> what is the csrf argument all about? it was obviously a sql injection. grep hehehe from the db
2698 2011-06-20 04:11:50 <jrmithdobbs> midnightmagic: blaming? I'm just saying i can't trust him without specific proof on anything he says in relation to issues with his site
2699 2011-06-20 04:11:53 <Herodes> that auditor should now be in severe trouble. If I was the owner of mtGox I wouldn't got lightly on him.
2700 2011-06-20 04:12:01 <quiznor> dfc_ hehehe ?
2701 2011-06-20 04:12:21 <midnightmagic> jrmithdobbs: You're saying that x is a *bigger* problem as though he misunderstands the concept itself rather than simply misunderstanding your words.
2702 2011-06-20 04:12:22 BTCTrader has joined
2703 2011-06-20 04:12:26 <upb> 783,imanikin,im@anikin.us,3a56c5b25c8c35312a645be82587f5b9
2704 2011-06-20 04:12:27 <upb> this
2705 2011-06-20 04:12:30 <quiznor> dfc_: ermm those look like ppl attempting to sql inject... but i agree it was probably an inject
2706 2011-06-20 04:12:32 <jrmithdobbs> midnightmagic: they weren't my words
2707 2011-06-20 04:12:40 <dfc_> quiznor: hehehe is the answer
2708 2011-06-20 04:12:41 <midnightmagic> jrmithdobbs: whosever words.
2709 2011-06-20 04:12:48 <Herodes> dfc_: it is claimed by mt that is was a direct read only access to the database because an auditors password to the db was compromised.
2710 2011-06-20 04:12:53 <dfc_> yeah that data should not have made it into a sql table
2711 2011-06-20 04:12:59 <upb> 2699,Scarecrow,the.scarecrow@tiscali.co.uk,32b226ea72fecea16405acd29a7a36e1
2712 2011-06-20 04:13:00 <upb> this
2713 2011-06-20 04:13:05 <midnightmagic> what's the thread? I still want to read it.
2714 2011-06-20 04:13:08 <jrmithdobbs> midnightmagic: his words were "I have reviewed the server logs and confirmed that this was never exploited"
2715 2011-06-20 04:13:13 <upb> 638,auto385916@hushmail.com,auto385916@hushmail.com,b1d875a482b179f03ba280862b63fa0e
2716 2011-06-20 04:13:13 <gmaxwell> phantomcircuit: http://www.webcitation.org/5zZdNvd65 < snapshotted.
2717 2011-06-20 04:13:16 <upb> this
2718 2011-06-20 04:13:20 <jrmithdobbs> midnightmagic: or therabouts, so, he's either lieing or doesn't understand csrf
2719 2011-06-20 04:13:22 <minixking> upb: what are you doing?
2720 2011-06-20 04:13:25 <jrmithdobbs> midnightmagic: take your choice
2721 2011-06-20 04:13:26 <Herodes> upb, yes that pwd hash right there is at http://forum.insidepro.com/viewtopic.php?p=65092&sid=d23fbc6d37e592c825f5126e201747e7
2722 2011-06-20 04:13:33 <upb> yes all those
2723 2011-06-20 04:13:35 <gmaxwell> So this is smoking proof that the passwords were compromised by May 9th!
2724 2011-06-20 04:13:36 <midnightmagic> jrmithdobbs: Dude, you're asking me to take your word on it. Why would I do that?
2725 2011-06-20 04:13:40 <Herodes> posted fri jun 17
2726 2011-06-20 04:13:43 <Herodes> that's 3 days ago.
2727 2011-06-20 04:13:56 <jrmithdobbs> midnightmagic: i can't help that smf doesn't keep change history on posts and doesn't show that a user edited their post
2728 2011-06-20 04:13:57 <phantomcircuit> midnightmagic, which thread?
2729 2011-06-20 04:14:01 <minixking> it also isnt just "idle" accounts
2730 2011-06-20 04:14:03 <dfc_> hashes are hashes they dont prove a timeline
2731 2011-06-20 04:14:03 <Herodes> gmaxwell: at least by that date.
2732 2011-06-20 04:14:11 <gmaxwell> Herodes: I said by!
2733 2011-06-20 04:14:15 <midnightmagic> phantomcircuit: the one where the csrf was discussed, even though there was a comment edit.
2734 2011-06-20 04:14:17 <minixking> a trade site has to be able to be trusted
2735 2011-06-20 04:14:21 <Herodes> gmaxwell: unless it is an elaborate framing scheme, but I don't find that so likely.
2736 2011-06-20 04:14:34 <phantomcircuit> midnightmagic, http://forum.bitcoin.org/index.php?topic=18709.0;topicseen
2737 2011-06-20 04:14:40 <minixking> A) no security B) false comforting statements
2738 2011-06-20 04:14:41 <gmaxwell> Herodes: but the framer had to have the passwords!
2739 2011-06-20 04:14:57 <midnightmagic> phantomcircuit: thank you for giving me in an instant what I've been asking for for the entire time buddy's been arguing with me about nothing.
2740 2011-06-20 04:15:18 <genewitch> anyone else get an email from 1CWSjov2N7ix41bZ8bJfHXkdLLbkUsG9Y7
2741 2011-06-20 04:15:22 <BTCTrader> http://pastebin.com/ui0nusuZ
2742 2011-06-20 04:15:24 <Herodes> gmaxwell: have you checked the corresponding entries in the leaked user info if those accounts are new or old?
2743 2011-06-20 04:15:29 <Herodes> i will check it.
2744 2011-06-20 04:15:53 <genewitch> fromA Bitcoin Supporter Bitcoin@unknown.com <--- emails i am getting with referral codes to tradehill
2745 2011-06-20 04:16:00 <minixking> https://uloadr.com/u/CF.txt
2746 2011-06-20 04:16:07 <minixking> thats a series of unhashed passes
2747 2011-06-20 04:16:20 marc0polo has quit (Quit: Page closed)
2748 2011-06-20 04:16:57 <Herodes> "gmaxwell> Herodes: but the framer had to have the passwords!" 3a56c5b25c8c35312a645be82587f5b9 belongs to user 783. So it is a very old user.
2749 2011-06-20 04:17:04 <Herodes> So it seems like a genuine hack yes.
2750 2011-06-20 04:17:10 bwr has joined
2751 2011-06-20 04:17:41 <Herodes> only other way somebody could have it was it they created all those accounts themselves. but i think it is very unlikely.
2752 2011-06-20 04:17:46 <jrmithdobbs> midnightmagic: if you scroll up you'll see i asked him for the link to his thread, i could not find it again, i was not withholding it from you
2753 2011-06-20 04:17:56 <midnightmagic> jrmithdobbs: I know you weren't.
2754 2011-06-20 04:18:02 <gmaxwell> Can someone contact forum.insidepro.com and tell them to retain logs connected to that user for use in a criminal investigaiton?
2755 2011-06-20 04:18:06 <Cryo> what would be interesting is if the auditor's machine was windows-based, and http://forum.insidepro.com/search.php?search_author=georgeclooney the NTLM one is the initial attack vector
2756 2011-06-20 04:18:10 <bk128> yeah, anyone from tradehill �here?
2757 2011-06-20 04:18:19 RazielZ has joined
2758 2011-06-20 04:18:23 <quiznor> yeah the auditor doesn't exist
2759 2011-06-20 04:18:34 <genewitch> bk128: why, cause the hackers are trying to get referrals to tradehill?
2760 2011-06-20 04:18:36 <quiznor> someone hacked the database via an sql injection / host attack
2761 2011-06-20 04:18:36 <Herodes> gmaxwell: i will fire them an e-mail and cc mtgox
2762 2011-06-20 04:18:45 <bk128> if tradehill ever wants at least a chance at getting my business, they'll ban the fuck who is spamming everyone that referrer code
2763 2011-06-20 04:18:47 <bk128> genewitch: yeah
2764 2011-06-20 04:19:02 <minixking> http://pastebin.com/1at49uLy
2765 2011-06-20 04:19:06 <minixking> that is a much cooler list
2766 2011-06-20 04:19:16 <BTCTrader> quiznor, evidence?
2767 2011-06-20 04:19:25 <gmaxwell> minixking: whats that?
2768 2011-06-20 04:19:29 <iz> could it also just be that those happen to be common passwords.. and since it's not salted.. it's just matching a few?
2769 2011-06-20 04:19:55 <jrmithdobbs> midnightmagic: i think he opened his own thread to respond as im not seeing any response from him in that thread
2770 2011-06-20 04:19:58 <BTCTrader> holy shit minixking
2771 2011-06-20 04:20:00 <Cryo> these from the login/passwords?
2772 2011-06-20 04:20:03 <genewitch> it pisses me off that the database got jacked
2773 2011-06-20 04:20:07 <bk128> minixking: is that from the gox attack?
2774 2011-06-20 04:20:13 <genewitch> how hard is it to secure a database?
2775 2011-06-20 04:20:14 <quiznor> according to the hackers who took credit: "maybe you shouldnât have trusted an 18 year old whose credentials include an iphone soundboard app with your offsite servers"
2776 2011-06-20 04:20:15 <johnlockwood> bk128: I saw a post of an email response saying they at least removed all referals for that account
2777 2011-06-20 04:20:15 <minixking> yes
2778 2011-06-20 04:20:17 <quiznor> who's this 18 year old?
2779 2011-06-20 04:20:24 <minixking> that is people getting owned as a result of gox
2780 2011-06-20 04:20:24 <bk128> johnlockwood: ok thanks
2781 2011-06-20 04:20:24 <gentz> Where can I sell my bitcoins
2782 2011-06-20 04:20:37 <wasabi1> Am I right that 'target' returned by getwork is simply backwards?
2783 2011-06-20 04:20:38 <gmaxwell> minixking: ah
2784 2011-06-20 04:20:38 <jrmithdobbs> midnightmagic: anyways, to prove my point look for cuddlefish's thread about general CSRF warnings, he called out bitoption.com (iirc) and they responded professionally and appropriately and fixed the issue and notified users
2785 2011-06-20 04:20:44 <midnightmagic> jrmithdobbs: looks like he was quoted in an email (unverifiable) and the IRC quote was a paraphrase or an actual quote on #bitcoin-otc.. upb paraphrased it and the paraphrase was quoted in the thread.
2786 2011-06-20 04:20:45 <bk128> minixking: I'm not in that list :)
2787 2011-06-20 04:20:46 <wasabi1> Or are the hashes reversed?
2788 2011-06-20 04:21:00 <genewitch> jrmithdobbs: he found a lot more than just bitoption
2789 2011-06-20 04:21:03 <minixking> bk128: guessing you didnt use the same pass on every site
2790 2011-06-20 04:21:09 <quiznor> csrf's are low hanging fruit
2791 2011-06-20 04:21:11 <jrmithdobbs> midnightmagic: also refer to my post about clearcoin, gavin's response was appropriate and professional
2792 2011-06-20 04:21:11 <johnlockwood> ooh another idiot spammer with th referals
2793 2011-06-20 04:21:30 <enquire> learning about password managers, keepass for example - i should install it on every computer i login?
2794 2011-06-20 04:21:36 <jrmithdobbs> midnightmagic: no he posted another thread, let me keep looking for it
2795 2011-06-20 04:21:40 <gmaxwell> johnlockwood: fucking trade hill. I've had a dozen of those messages. I will not do business with those losers.
2796 2011-06-20 04:21:43 <midnightmagic> jrmithdobbs: I thought we were arguing about whether MT was knowingly claiming a negative proof?
2797 2011-06-20 04:21:45 erik__ has quit (Quit: Page closed)
2798 2011-06-20 04:21:47 <enquire> not convenient and not secure :(
2799 2011-06-20 04:22:05 <jrmithdobbs> midnightmagic: what I'm saying is, I have no reason to be lieing about his response or i'd lie about gavin's earlier as well for instance
2800 2011-06-20 04:22:20 <midnightmagic> jrmithdobbs: No, I know you aren't lying either.
2801 2011-06-20 04:22:41 <Cryo> http://192.168.10.1:admin:5409551991
2802 2011-06-20 04:22:43 <jrmithdobbs> midnightmagic: tux on the other hand, has every reason to be obtuse and obscure the facts and has been doing so
2803 2011-06-20 04:22:44 <Cryo> lol
2804 2011-06-20 04:22:48 <bk128> minixking: will they eventually get all the passwords? even if mine is 9 char upper case, lower case, numbers and symbols mixed?
2805 2011-06-20 04:22:55 <genewitch> gmaxwell: tradehill isn't spamming they wouldn't need referral codes
2806 2011-06-20 04:22:56 <bk128> or just common passes
2807 2011-06-20 04:23:01 kgo has left ("Leaving")
2808 2011-06-20 04:23:04 <midnightmagic> jrmithdobbs: But I'm kind of wittgensteinian about communication and miscommunication. I am 100% certain that a huge and unknown percentage of all communication is miscommunication.
2809 2011-06-20 04:23:11 <genewitch> bk128: https://www.grc.com/haystack.htm
2810 2011-06-20 04:23:14 <gmaxwell> genewitch: I know it's not tradehill, they're only _paying_ for the spamming.
2811 2011-06-20 04:23:17 <genewitch> bk128: that'll tell you
2812 2011-06-20 04:23:20 <nuthin> bk128: will probably get everyone in time
2813 2011-06-20 04:23:26 <nuthin> at least if it's only 9 chars
2814 2011-06-20 04:23:27 <midnightmagic> jrmithdobbs: I personally think, at the moment, that's being a little harsh on him.
2815 2011-06-20 04:23:28 <gmaxwell> nuthin: nah..
2816 2011-06-20 04:23:30 <genewitch> gmaxwell: well that can only hurt tradehill, so what's the problem
2817 2011-06-20 04:23:32 <wasabi1> I finally have a sha algo that works. gosh.
2818 2011-06-20 04:23:42 <gmaxwell> 9 is somewhat bad if they target you specifically
2819 2011-06-20 04:23:58 <gmaxwell> but even then not really.
2820 2011-06-20 04:24:12 <minixking> bk128: whats you name in the file, i will target you specifically, unhash it and post it.
2821 2011-06-20 04:24:12 <genewitch> a password like The/Black/Baron/$ is nearly impossible to crack
2822 2011-06-20 04:24:13 <quiznor> i am from france
2823 2011-06-20 04:24:13 <jrmithdobbs> midnightmagic: considering user password hashes are being found from the dump posted as far back as may 9th on public forums, I think taking everything he says about these issue with a grain of salt is advisable
2824 2011-06-20 04:24:22 <gmaxwell> We were assuming you needed 10 to be safe but we were also assuming 35 billion hps and thats actually not a good number.
2825 2011-06-20 04:24:25 <Cryo> business is ruthless... why would it surprise anyone that tradehill would spam mtgox users?
2826 2011-06-20 04:24:31 <genewitch> even the-big-dog. is nearly impossible to crack
2827 2011-06-20 04:24:36 <quiznor> tradehill is loving this
2828 2011-06-20 04:24:42 <quiznor> they have a strong financial incentive to take out gox
2829 2011-06-20 04:24:45 <bk128> minixking: bk128
2830 2011-06-20 04:24:46 <genewitch> Cryo: THEY'RE NOT
2831 2011-06-20 04:24:48 <gmaxwell> because whitepixel does 1x md5 cracking, not 1000x and it gets a lot of speedup by being able to undo the last ~20x rounds of md5.
2832 2011-06-20 04:24:55 <quiznor> "blame the affiliates?" lol
2833 2011-06-20 04:24:57 <midnightmagic> jrmithdobbs: he hasn't said any dates that are incorrect, has he?
2834 2011-06-20 04:24:59 <quiznor> thats like "blame the auditor!"
2835 2011-06-20 04:25:01 <quiznor> BS!
2836 2011-06-20 04:25:01 <genewitch> Cryo: they wouldn't use referral codes. if anything it's the second link in the email that is the real culprit
2837 2011-06-20 04:25:09 <bk128> minixking: can you not post it publicly :)
2838 2011-06-20 04:25:12 <midnightmagic> jrmithdobbs: are you perhaps implying that he knew about it much earlier?
2839 2011-06-20 04:25:17 <gmaxwell> genewitch: they're just paying the spammers by having the referal system in the first place.
2840 2011-06-20 04:25:33 <genewitch> gmaxwell: that only hurts them, and that's if they pay out to spammers, which i doubt
2841 2011-06-20 04:25:41 <gmaxwell> jrmithdobbs: not may 9th.
2842 2011-06-20 04:25:45 * midnightmagic votes to kick quiznor for his bukkake statement earlier.
2843 2011-06-20 04:25:56 <gmaxwell> jrmithdobbs: thats when the account was created. first it asked about NTLM hashes.
2844 2011-06-20 04:25:56 nocreativenick1 has quit (Read error: Connection reset by peer)
2845 2011-06-20 04:25:58 * Gekz votes for more bukkake
2846 2011-06-20 04:26:01 <phantomcircuit> jrmithdobbs, i was wrong about the date, it was posted may 17th
2847 2011-06-20 04:26:06 <jrmithdobbs> gmaxwell: ah
2848 2011-06-20 04:26:09 <phantomcircuit> jrmithdobbs, i mistakenly looked at his join date
2849 2011-06-20 04:26:09 <gmaxwell> jrmithdobbs: PostPosted: Fri Jun 17, 2011 5:21 am Post subject:
2850 2011-06-20 04:26:10 <jrmithdobbs> phantomcircuit: close enough
2851 2011-06-20 04:26:15 Blitzboom_ is now known as Blitzboom
2852 2011-06-20 04:26:22 Blitzboom has quit (Changing host)
2853 2011-06-20 04:26:22 Blitzboom has joined
2854 2011-06-20 04:26:26 nocreativenick1 has joined
2855 2011-06-20 04:26:28 <gmaxwell> phantomcircuit: June.
2856 2011-06-20 04:26:30 <minixking> http://pastebin.com/1at49uLy
2857 2011-06-20 04:26:31 <bk128> minixking: says 2.5 months offline fast attack scenario
2858 2011-06-20 04:26:35 <minixking> damn paste
2859 2011-06-20 04:26:38 <phantomcircuit> gmaxwell, er yeah
2860 2011-06-20 04:26:39 <jrmithdobbs> midnightmagic: i'm saying, not implying, that his analysis of the situation is incomplete/incompetant at best and dishonest at worst.
2861 2011-06-20 04:26:49 <phantomcircuit> gmaxwell, <-- needs to sleep but cant
2862 2011-06-20 04:26:51 <iz> gmaxwell: how many of the unsalted password hashes matched? it could just be those are common passwords, right?
2863 2011-06-20 04:26:59 <RobboNZ> this bitcoin market is completely mad
2864 2011-06-20 04:27:03 <phantomcircuit> iz, definitely not
2865 2011-06-20 04:27:08 <gmaxwell> iz: I checked 6.
2866 2011-06-20 04:27:10 <midnightmagic> jrmithdobbs: But you don't know his analysis; all you see is what I can see, and what I can see is incomplete.
2867 2011-06-20 04:27:13 paupau has joined
2868 2011-06-20 04:27:17 <iz> hmm.. 6 is a lot
2869 2011-06-20 04:27:20 <gmaxwell> iz: seems really unlikely.
2870 2011-06-20 04:27:31 <iz> well.. if they are unsalted and common passwords
2871 2011-06-20 04:27:40 <gmaxwell> iz: and they aren't common or they would have been reversed.
2872 2011-06-20 04:27:41 Cusipzzz has quit (Quit: KVIrc 4.0.2 Insomnia http://www.kvirc.net/)
2873 2011-06-20 04:27:44 <quiznor> what about vaginacoin.. who's mining them
2874 2011-06-20 04:27:46 <gmaxwell> iz: and see the replies.
2875 2011-06-20 04:27:49 <quiznor> and when will hookers start accepting it
2876 2011-06-20 04:27:50 <iz> ah, yeah
2877 2011-06-20 04:27:53 * midnightmagic sighs.
2878 2011-06-20 04:27:53 <gmaxwell> can we +b quiznor ?
2879 2011-06-20 04:28:00 <midnightmagic> jgarzik? can you op me or something?
2880 2011-06-20 04:28:01 <quiznor> ban gmaxwell for being a pussy
2881 2011-06-20 04:28:18 <minixking> i have been told that more than half has been reversed
2882 2011-06-20 04:28:26 <minixking> i trust the source
2883 2011-06-20 04:28:30 <gmaxwell> minixking: of the mtgox passwords? very very unlikely.
2884 2011-06-20 04:28:33 * midnightmagic points jgarzik at quiznor.
2885 2011-06-20 04:28:37 <gmaxwell> minixking: maybe of the unhashed ones
2886 2011-06-20 04:28:47 B0g4r7_ has joined
2887 2011-06-20 04:28:50 <genewitch> quiznor: no one in here
2888 2011-06-20 04:28:53 <gmaxwell> minixking: but the hashed ones. Not a chance.
2889 2011-06-20 04:29:01 <bk128> minixking: get mine yet? :p
2890 2011-06-20 04:29:15 <minixking> bk: bongz come first
2891 2011-06-20 04:29:16 lessPlastic has joined
2892 2011-06-20 04:29:20 <bk128> okay
2893 2011-06-20 04:29:24 <minixking> im just enjoying the chaos
2894 2011-06-20 04:29:33 <minixking> throwing in a few logs when the fire dies down
2895 2011-06-20 04:29:43 <quiznor> midnightmagic - go blow gmaxwell you pussy!
2896 2011-06-20 04:29:44 <bk128> haha
2897 2011-06-20 04:30:40 <midnightmagic> brutal.. where's an op when you need him.
2898 2011-06-20 04:30:49 B0g4r7 has quit (Ping timeout: 250 seconds)
2899 2011-06-20 04:30:49 B0g4r7_ is now known as B0g4r7
2900 2011-06-20 04:30:55 <quiznor> yes. i demand an op to kick this flaming piece of shit known as midnightmagic
2901 2011-06-20 04:31:15 <elnato> just in time! http://techland.time.com/2011/06/17/japan-criminalizes-cybercrime-make-a-virus-get-three-years-in-jail/
2902 2011-06-20 04:31:16 <elnato> lol
2903 2011-06-20 04:31:24 <jrmithdobbs> midnightmagic: FOUND IT
2904 2011-06-20 04:31:28 <jrmithdobbs> fuck smf's search capabilities
2905 2011-06-20 04:31:29 <jrmithdobbs> ugh
2906 2011-06-20 04:31:30 <jrmithdobbs> midnightmagic: http://forum.bitcoin.org/index.php?topic=18858.msg236952#msg236952
2907 2011-06-20 04:31:31 bk128 has left ()
2908 2011-06-20 04:31:32 <ne0futur> /msn chanserv access #bitcoin-dev list
2909 2011-06-20 04:31:37 <ne0futur> to find an op
2910 2011-06-20 04:31:37 <midnightmagic> yeah, smf seach bites.
2911 2011-06-20 04:31:38 paxos has quit (Quit: Leaving.)
2912 2011-06-20 04:31:40 <genewitch> so if i am on that mtgox list, and i know my password, can i figure out the salt and get everyone else's password?
2913 2011-06-20 04:31:46 <midnightmagic> thanks for link
2914 2011-06-20 04:31:46 <Herodes> I hope these idiotic hacker teenagers or whoever they are get to serve som real jail time.
2915 2011-06-20 04:31:47 <jrmithdobbs> "There was indeed a CSRF vulnerability in the "change email" and "send funds" features, however we verified the logs of the webserver and could confirm neither were ever exploited, except by the people who discovered it."
2916 2011-06-20 04:31:54 <csshih> nope genewitch
2917 2011-06-20 04:32:06 <jrmithdobbs> midnightmagic: :)
2918 2011-06-20 04:32:51 <midnightmagic> ne0futur: none of them are reading at the moment, or it would've been corrected by now
2919 2011-06-20 04:33:39 <upb> yeah the more correct wording would have been 'and could not confirm that either were exploited' ;)
2920 2011-06-20 04:33:45 hahuang65 has quit ()
2921 2011-06-20 04:33:49 <genewitch> Herodes: doubtful, no one's caught the PSN hackers and that alledgedly caused 51 million in damages
2922 2011-06-20 04:34:03 trocko has joined
2923 2011-06-20 04:34:05 <ne0futur> midnightmagic: tell them to recruit more ops . . . we have like 30 ops on -otc
2924 2011-06-20 04:34:06 <genewitch> what's a bunch of fake money to a DA
2925 2011-06-20 04:34:16 <quiznor> yeah seriously
2926 2011-06-20 04:34:23 <quiznor> when is midnightmagic gonna be banned for being a pussy?
2927 2011-06-20 04:34:25 <ne0futur> with big channels, 700 users . . .
2928 2011-06-20 04:34:32 <genewitch> most are bots
2929 2011-06-20 04:34:35 <ne0futur> you need ops in every timezone
2930 2011-06-20 04:34:35 <quiznor> this is absurd. everyone /ignore midnightmagic
2931 2011-06-20 04:34:38 <jrmithdobbs> midnightmagic: that post indicates a misunderstanding of how csrfs work to me, combined with the fact that it took phantomcircuit almost a week to get ahold of him to report it and ended up having to *post it on the forums* to get a response smells fishy to me.
2932 2011-06-20 04:34:39 <quiznor> this guy's a punk
2933 2011-06-20 04:34:50 <trocko> ./ignore midnightmagic
2934 2011-06-20 04:35:38 <genewitch> XX01XX: did you get in trouble :-(
2935 2011-06-20 04:35:54 <upb> 'As a reminder we assume no responsibility should your funds be stolen by someone using your own password.'
2936 2011-06-20 04:35:55 Hachima has joined
2937 2011-06-20 04:35:58 <upb> :D
2938 2011-06-20 04:36:01 blaupunk has joined
2939 2011-06-20 04:36:27 ^1bitc0inplz has left ()
2940 2011-06-20 04:36:29 <jrmithdobbs> midnightmagic: i'm not screaming "6/19 WAS AN INSIDE JOB" froom the rooftops or anything, but right this moment it is my belief that tux is either actively spreading misinformation or honestly does not understand these issues he is faced with.
2941 2011-06-20 04:36:51 <jrmithdobbs> midnightmagic: neither of which is acceptable in someone running a service such as this.
2942 2011-06-20 04:36:52 xinx has quit (Remote host closed the connection)
2943 2011-06-20 04:36:54 <midnightmagic> jrmithdobbs: the other possibility is that English is not dude's first language, or it was a mis-speak. I don't think there's enough evidence to ascribe it to conspiracy just yet.
2944 2011-06-20 04:36:54 <quiznor> gox never responded to all the claims of accounts being hacked over the past few weeks on the forums. what more direct evidence do you need that the site has been compromised for a long time?
2945 2011-06-20 04:37:04 bmwiedemann has joined
2946 2011-06-20 04:37:15 <quiznor> a conspiracy of one? lol
2947 2011-06-20 04:37:32 <Cryo> jrmithdobbs, what I found odd about that thread was the MD5 part, with the assumption that in the other thread it was mentioned (it wasn't). so how did man from the future know it was md5?
2948 2011-06-20 04:37:40 <paupau> Also he never deined beating his wife.
2949 2011-06-20 04:37:43 <paupau> denied*
2950 2011-06-20 04:37:45 <midnightmagic> jrmithdobbs: I know you're not doing that. I just think he's being vague and incomplete, and honestly, it's more than we'd get from any other company, including places like Google or Sony.
2951 2011-06-20 04:37:58 Netto has quit (Ping timeout: 246 seconds)
2952 2011-06-20 04:38:11 <Taveren93HGK> guys i'm curious - how is it that when i logged into deepbit it warned me that i should change my password because i had used the same one at mtgox; i thought the mtgox passwords were hashed?
2953 2011-06-20 04:38:13 gribble has joined
2954 2011-06-20 04:38:14 <jrmithdobbs> midnightmagic: combined with his claim earlier today on the support page that claimed "it was only one compromised account" after people have been reporting possibly compromised accounts for over a week ....
2955 2011-06-20 04:38:14 <enquire> genewitch: you don't need this, salt is in plain text - all characters before the second $
2956 2011-06-20 04:38:20 <quiznor> paupau: someone accused him of beating his wife? lol
2957 2011-06-20 04:38:20 <jrmithdobbs> midnightmagic: the whole thing smells fishy to me
2958 2011-06-20 04:38:25 <Yahovah> Taveren93HGK: They are being reversed.
2959 2011-06-20 04:38:27 <nanotube> ;;op midnightmagic
2960 2011-06-20 04:38:27 <minixking> atleast some people are changing their passwords
2961 2011-06-20 04:38:29 <genewitch> enquire: so you have the password already?
2962 2011-06-20 04:38:38 <jrmithdobbs> midnightmagic: ESPECIALLY since he didn't respond AT ALL publically until after phantomcircuit posted the previously mentioned thread.
2963 2011-06-20 04:38:38 <minixking> cant login to everyones facebook listed still
2964 2011-06-20 04:38:46 <Taveren93HGK> Yahovah - i'm not sure what you're saying
2965 2011-06-20 04:38:52 <Cryo> you used teh same password on different exchanges?
2966 2011-06-20 04:38:56 JakeMates has left ()
2967 2011-06-20 04:38:59 <jrmithdobbs> midnightmagic: when doing so would have been in his best interest.
2968 2011-06-20 04:39:02 <enquire> genewitch: i cracked some passwords ... mine is strong enough i guess )
2969 2011-06-20 04:39:07 <Taveren93HGK> no, i used the same password on a mining pool as an exchange that had no money in it
2970 2011-06-20 04:39:08 lessPlastic has quit (Quit: lessPlastic)
2971 2011-06-20 04:39:11 <paupau> Screw you guys. I'm going to start my own exchange. Blackjack only.
2972 2011-06-20 04:39:14 <Yahovah> Taveren93HGK: You can reverse a one-way-hash by brute forcing input into the hash function.
2973 2011-06-20 04:39:17 Pinion has joined
2974 2011-06-20 04:39:34 <Cryo> they might be trying to be proactive.
2975 2011-06-20 04:39:40 <Cryo> (but failing)
2976 2011-06-20 04:39:47 <genewitch> enquire: i went through and put in 12 char passwords on everything important
2977 2011-06-20 04:39:53 <samlander> Yahovah: the salt is problematical
2978 2011-06-20 04:39:59 <samlander> Yahovah: but not impossible
2979 2011-06-20 04:40:07 TheZimm has quit (Quit: When will we learn?)
2980 2011-06-20 04:40:08 <bmwiedemann> rainbow tables can reverse unsalted MD5 rather quickly. and mtgox wrote that old accounts still had that.
2981 2011-06-20 04:40:09 <Taveren93HGK> i assumed as much
2982 2011-06-20 04:40:12 <genewitch> lol pretty awesome midnightmagic
2983 2011-06-20 04:40:26 <StephenFalken> human nature at its worse
2984 2011-06-20 04:40:27 StephenFalken has left ()
2985 2011-06-20 04:40:49 <dude65535> All accounts with an unsalted hash were idle for over 2 months
2986 2011-06-20 04:40:50 lessPlastic has joined
2987 2011-06-20 04:40:53 <paupau> Lol moving to SHA-512
2988 2011-06-20 04:41:02 <copumpkin> BIG NUMBERS MUST BE SECURE
2989 2011-06-20 04:41:04 <paupau> Just use bcrypt goddammit
2990 2011-06-20 04:41:05 <copumpkin> EVERYONE KNOWS THAT
2991 2011-06-20 04:41:07 <genewitch> why is the salt stored in the same table as the password
2992 2011-06-20 04:41:19 grndzero has left ()
2993 2011-06-20 04:41:27 <jrmithdobbs> genewitch: that is not a problem
2994 2011-06-20 04:41:29 <midnightmagic> genewitch: too much?
2995 2011-06-20 04:41:30 <paupau> the salt is not for secrecy
2996 2011-06-20 04:41:34 <jrmithdobbs> the point of the salt isn't to be secret
2997 2011-06-20 04:41:39 <paupau> you could have the salt table on a public-facing website
2998 2011-06-20 04:41:50 <genewitch> doesn't sound like it
2999 2011-06-20 04:41:54 <paupau> and the security wouldn't be affected
3000 2011-06-20 04:41:58 <B0g4r7> By keeping the salt secret things could be made more difficlud for an attacker.
3001 2011-06-20 04:42:12 <enquire> i'm thinking of keepass but it seems even less secure
3002 2011-06-20 04:42:17 <B0g4r7> But there's a lot of "could have"s
3003 2011-06-20 04:42:18 <jrmithdobbs> B0g4r7: but anything that needs the hash needs the salt so you accomplish nothing by splitting up storage
3004 2011-06-20 04:42:30 <jrmithdobbs> B0g4r7: so anything that can read the hash can read the salt
3005 2011-06-20 04:42:32 <enquire> i should carry all my passwords everywhere, even on untrusted computers
3006 2011-06-20 04:42:35 <paupau> Theoretically I guess, but in that case the data isn't really acting like a salt but like an encryption key
3007 2011-06-20 04:42:42 <jrmithdobbs> so anything that would have compromised the hash WOULD HAVE STILL COMPROMISED THE SALT
3008 2011-06-20 04:42:45 <jrmithdobbs> catching on?
3009 2011-06-20 04:42:47 <paupau> you could use it for both possibly SOMEHOW probably
3010 2011-06-20 04:42:57 <paupau> but that confuses the nature of what a salt does
3011 2011-06-20 04:43:05 <genewitch> what good is the salt then
3012 2011-06-20 04:43:13 <paupau> the salt is to protect against rainbow tables
3013 2011-06-20 04:43:14 <paupau> that's it
3014 2011-06-20 04:43:14 <Cryo> makes food taste better]
3015 2011-06-20 04:43:15 lessPlastic has quit (Client Quit)
3016 2011-06-20 04:43:17 <jrmithdobbs> genewitch: prevents parallelizing brute force attacks
3017 2011-06-20 04:43:23 <paupau> er that too
3018 2011-06-20 04:43:29 <genewitch> what? how
3019 2011-06-20 04:43:36 <enquire> genewitch: you can't use pregenerated rainbow tables
3020 2011-06-20 04:43:40 <jrmithdobbs> genewitch: eg, you must focus on one specific hash and work done to brute force that hash will not apply to the other hashes stored in the same place
3021 2011-06-20 04:43:52 <genewitch> brute force is just trying passwords
3022 2011-06-20 04:43:55 <B0g4r7> (or stored in different places)
3023 2011-06-20 04:43:58 <dude65535> There is a diffrent salt for each password so you must brute force eash seperatly
3024 2011-06-20 04:44:04 <genewitch> rainbow tables aren't brute force
3025 2011-06-20 04:44:10 <jrmithdobbs> genewitch: yes they are
3026 2011-06-20 04:44:13 <copumpkin> they were generated by brute force
3027 2011-06-20 04:44:18 <paupau> same difference
3028 2011-06-20 04:44:20 <jrmithdobbs> they're precomputed bruteforce
3029 2011-06-20 04:44:22 <bmwiedemann> with unsalted hashes, you do echo -n abc123| md5sum and can find the hash on google :)
3030 2011-06-20 04:44:24 <paupau> they are functionally equivalent
3031 2011-06-20 04:44:33 <B0g4r7> rainbow tables implement a time/memory tradeoff
3032 2011-06-20 04:44:34 <minixking> if you just require some kind of server+client side security certificate, then problem solved, i wish they had a protocol for that.
3033 2011-06-20 04:44:42 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3034 2011-06-20 04:44:42 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3035 2011-06-20 04:44:42 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3036 2011-06-20 04:44:42 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3037 2011-06-20 04:44:45 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3038 2011-06-20 04:44:45 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3039 2011-06-20 04:44:45 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3040 2011-06-20 04:44:45 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3041 2011-06-20 04:44:48 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3042 2011-06-20 04:44:48 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3043 2011-06-20 04:44:48 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3044 2011-06-20 04:44:48 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3045 2011-06-20 04:44:49 <copumpkin> o.O
3046 2011-06-20 04:44:50 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3047 2011-06-20 04:44:50 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3048 2011-06-20 04:44:50 <trocko> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3049 2011-06-20 04:44:50 <trocko> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3050 2011-06-20 04:44:52 trocko is now known as hahahah
3051 2011-06-20 04:44:53 <hahahah> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3052 2011-06-20 04:44:54 <hahahah> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3053 2011-06-20 04:44:54 <hahahah> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3054 2011-06-20 04:44:54 <hahahah> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3055 2011-06-20 04:44:55 <paupau> okay.jpg
3056 2011-06-20 04:44:56 hahahah is now known as hahah4
3057 2011-06-20 04:44:56 <Cryo> god, really
3058 2011-06-20 04:44:58 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3059 2011-06-20 04:44:58 <hahah4> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3060 2011-06-20 04:44:58 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3061 2011-06-20 04:44:58 <hahah4> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3062 2011-06-20 04:44:58 <jrmithdobbs> this guy again
3063 2011-06-20 04:45:00 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3064 2011-06-20 04:45:00 <hahah4> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3065 2011-06-20 04:45:00 <hahah4> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3066 2011-06-20 04:45:00 RevolutionMasta_ has joined
3067 2011-06-20 04:45:01 * copumpkin sighs
3068 2011-06-20 04:45:02 hahah4 is now known as youlose
3069 2011-06-20 04:45:03 <Cryo> welcome to 1994
3070 2011-06-20 04:45:05 <paupau> HERP
3071 2011-06-20 04:45:05 <jrmithdobbs> midnightmagic: c'mon now
3072 2011-06-20 04:45:07 youlose is now known as suckers
3073 2011-06-20 04:45:11 suckers is now known as hootay
3074 2011-06-20 04:45:12 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3075 2011-06-20 04:45:12 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3076 2011-06-20 04:45:12 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3077 2011-06-20 04:45:12 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3078 2011-06-20 04:45:13 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3079 2011-06-20 04:45:14 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3080 2011-06-20 04:45:14 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3081 2011-06-20 04:45:14 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3082 2011-06-20 04:45:16 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3083 2011-06-20 04:45:16 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3084 2011-06-20 04:45:16 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3085 2011-06-20 04:45:16 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3086 2011-06-20 04:45:17 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3087 2011-06-20 04:45:18 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3088 2011-06-20 04:45:18 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3089 2011-06-20 04:45:18 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3090 2011-06-20 04:45:21 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3091 2011-06-20 04:45:22 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3092 2011-06-20 04:45:22 <hootay> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3093 2011-06-20 04:45:22 <hootay> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3094 2011-06-20 04:45:22 <copumpkin> that's pretty creepy
3095 2011-06-20 04:45:28 <B0g4r7> what, no flood protection bot��s?
3096 2011-06-20 04:45:29 <copumpkin> nanotube: that sucks
3097 2011-06-20 04:45:38 <Optimo> this happened before too
3098 2011-06-20 04:45:41 bittymcbit has quit (Ping timeout: 252 seconds)
3099 2011-06-20 04:45:45 <nanotube> happened before
3100 2011-06-20 04:45:47 <nanotube> haha
3101 2011-06-20 04:45:50 * midnightmagic shrugs.
3102 2011-06-20 04:45:50 <genewitch> copumpkin: that his parents live in PA or what
3103 2011-06-20 04:45:50 <jrmithdobbs> copumpkin: that is all publically available information. nanotube doesn't care.
3104 2011-06-20 04:45:58 <copumpkin> still creepy as hell
3105 2011-06-20 04:45:59 <midnightmagic> hi Daniel, nice to meet you.
3106 2011-06-20 04:46:04 Tabmow has joined
3107 2011-06-20 04:46:05 <nanotube> howdy midnightmagic :)
3108 2011-06-20 04:46:05 <copumpkin> me? :P
3109 2011-06-20 04:46:08 <copumpkin> oh wait, that daniel
3110 2011-06-20 04:46:16 <midnightmagic> ;-)
3111 2011-06-20 04:46:16 <Optimo> lol
3112 2011-06-20 04:46:16 <nameless> !~root@weowntheinter.net|SO, uh, while I was at work, what happened with bitcoins tat the internet is exploding over?
3113 2011-06-20 04:46:17 <nanotube> Tabmow: hey, you missed out on some nice trollspam ;)
3114 2011-06-20 04:46:20 <Cryo> ECOMMONNAME
3115 2011-06-20 04:46:22 <csshih> o.o
3116 2011-06-20 04:46:32 <paupau> EHERPEDSOHARD
3117 2011-06-20 04:46:38 <Keefe> nameless|: see mtgox.com
3118 2011-06-20 04:46:40 hahahaa has joined
3119 2011-06-20 04:46:41 <jrmithdobbs> nameless|: mtgox compromised
3120 2011-06-20 04:46:41 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3121 2011-06-20 04:46:42 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3122 2011-06-20 04:46:42 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3123 2011-06-20 04:46:42 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3124 2011-06-20 04:46:43 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3125 2011-06-20 04:46:43 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3126 2011-06-20 04:46:43 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3127 2011-06-20 04:46:43 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3128 2011-06-20 04:46:44 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3129 2011-06-20 04:46:44 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3130 2011-06-20 04:46:44 <hahahaa> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3131 2011-06-20 04:46:45 <hahahaa> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3132 2011-06-20 04:46:45 hahahaa is now known as loool
3133 2011-06-20 04:46:52 loool has joined
3134 2011-06-20 04:46:53 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3135 2011-06-20 04:46:53 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3136 2011-06-20 04:46:53 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3137 2011-06-20 04:46:53 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3138 2011-06-20 04:46:54 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3139 2011-06-20 04:46:54 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3140 2011-06-20 04:46:54 <loool> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3141 2011-06-20 04:46:54 <loool> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3142 2011-06-20 04:46:56 loool is now known as j2hj3h
3143 2011-06-20 04:46:56 <j2hj3h> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3144 2011-06-20 04:46:57 <genewitch> Oh man i smell a G-Line
3145 2011-06-20 04:47:03 <paupau> Oh baby
3146 2011-06-20 04:47:05 sharks has joined
3147 2011-06-20 04:47:06 <csshih> hawt
3148 2011-06-20 04:47:06 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3149 2011-06-20 04:47:06 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3150 2011-06-20 04:47:06 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3151 2011-06-20 04:47:06 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3152 2011-06-20 04:47:07 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3153 2011-06-20 04:47:07 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3154 2011-06-20 04:47:07 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3155 2011-06-20 04:47:07 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3156 2011-06-20 04:47:08 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3157 2011-06-20 04:47:08 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3158 2011-06-20 04:47:19 <seventoes> -_-
3159 2011-06-20 04:47:19 sharks has joined
3160 2011-06-20 04:47:20 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3161 2011-06-20 04:47:20 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3162 2011-06-20 04:47:20 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3163 2011-06-20 04:47:20 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3164 2011-06-20 04:47:21 <copumpkin> why not just ban the mask?
3165 2011-06-20 04:47:21 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3166 2011-06-20 04:47:21 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3167 2011-06-20 04:47:21 <sharks> nanotube opped midnightmagic so he could ban me, so i'll drop his dox i guess. nanotube is Daniel Folkinshteyn (dfolkins@temple.edu, dfolkins@gmail.com, nanotube@gmail.com, daniel.folkinshteyn@yale.edu [class of 02, Biology]) 215-204-8108, 267-468-8360. linkedin: http://www.linkedin.com/pub/daniel-folkinshteyn/0/5b3/884
3168 2011-06-20 04:47:21 <sharks> Parents: Galina & Leo - 3555 Ridge Rd., Perkasie, PA 18944 e-mail logs of nanotube's non-stop insanity sent to his advisor and dept. chair @ temple. good times... enjoy explaining that shit nanoboob. looool
3169 2011-06-20 04:47:23 <Gekz> just op me so I can ban him right?
3170 2011-06-20 04:47:24 <Gekz> lol
3171 2011-06-20 04:47:26 <bikcmp> just ban it
3172 2011-06-20 04:47:26 <midnightmagic> lol
3173 2011-06-20 04:47:26 <bikcmp> god
3174 2011-06-20 04:47:28 <csshih> someone is butthurt
3175 2011-06-20 04:47:29 <Gekz> there we go.
3176 2011-06-20 04:47:29 <seventoes> Op me so I can ban him
3177 2011-06-20 04:47:32 <Gekz> you ops are terrible.
3178 2011-06-20 04:47:35 <csshih> nono seventoes
3179 2011-06-20 04:47:41 <csshih> you're supposed to say
3180 2011-06-20 04:47:47 <csshih> oper me so I can kline him
3181 2011-06-20 04:47:47 <seventoes> We should all be OP'd and we can ban him together
3182 2011-06-20 04:47:49 * nameless !~root@weowntheinter.net|isn't in a good mood
3183 2011-06-20 04:47:52 Gekz has joined
3184 2011-06-20 04:47:53 <csshih> oper nao
3185 2011-06-20 04:47:54 <csshih> >_>
3186 2011-06-20 04:47:57 <Gekz> grow the fuck up.
3187 2011-06-20 04:48:00 <minixking> im calling
3188 2011-06-20 04:48:05 <genewitch> Gekz: you're sort of stupid
3189 2011-06-20 04:48:23 <nanotube> heh bonus points for linkedin connection requests :)
3190 2011-06-20 04:48:29 <genewitch> my six year old does that
3191 2011-06-20 04:48:46 <copumpkin> lol
3192 2011-06-20 04:48:54 <midnightmagic> lol stupid xchat is showing up whois in a random other window, so my bans are slow and manual.
3193 2011-06-20 04:48:56 <Cryo> someone should order pizza for Mag�icalTux
3194 2011-06-20 04:49:04 <jrmithdobbs> nameless|: would you fix the ban so he wont just rejoin in 10 seconds please
3195 2011-06-20 04:49:09 <paupau> so Mt.Gox is PHP eh
3196 2011-06-20 04:49:15 <Optimo> can't trust pizza guy might be a spy
3197 2011-06-20 04:49:16 <genewitch> jrmithdobbs: most people don't know how to change their username
3198 2011-06-20 04:49:18 <Cryo> eww php
3199 2011-06-20 04:49:18 KedP has quit (Quit: Leaving)
3200 2011-06-20 04:49:25 <jrmithdobbs> genewitch: he does, obviously
3201 2011-06-20 04:49:34 <nameless> !~root@weowntheinter.net|jrmithdobbs: I'd prefer to not ban all of comcast
3202 2011-06-20 04:49:35 <genewitch> jrmithdobbs: his nick, not his username
3203 2011-06-20 04:49:59 <copumpkin> I like that quiznor is still online
3204 2011-06-20 04:50:00 hamush1 has quit (Ping timeout: 276 seconds)
3205 2011-06-20 04:50:01 <copumpkin> and in the foyer
3206 2011-06-20 04:50:04 <copumpkin> real clever
3207 2011-06-20 04:50:13 <genewitch> I once got all of so cal SBC DSL G-lined from dalnet and efnet
3208 2011-06-20 04:50:18 <sblinda> did they reverse the malicious transactions?
3209 2011-06-20 04:50:20 <bikcmp> genewitch: how?
3210 2011-06-20 04:50:27 dbasch has quit (Quit: dbasch)
3211 2011-06-20 04:50:35 <genewitch> bikcmp: gigabit flooding every op
3212 2011-06-20 04:50:38 <genewitch> IRCop
3213 2011-06-20 04:50:39 f33x has quit (Ping timeout: 250 seconds)
3214 2011-06-20 04:50:53 <genewitch> I was moving out of state and someone offended my delicate sensibilities
3215 2011-06-20 04:50:59 hamush1 has joined
3216 2011-06-20 04:51:20 <genewitch> i was hoping for a K-line
3217 2011-06-20 04:51:23 <genewitch> but got a G
3218 2011-06-20 04:51:56 f33x has joined
3219 2011-06-20 04:52:01 <bikcmp> klines ftw
3220 2011-06-20 04:52:24 jburkle has quit (Remote host closed the connection)
3221 2011-06-20 04:52:31 <jrmithdobbs> genewitch: i got telocity glined from efenet for a bit once
3222 2011-06-20 04:52:36 <jrmithdobbs> genewitch: didn't even have to ddos
3223 2011-06-20 04:52:49 <jrmithdobbs> genewitch: just proved dianora wrong about semantics in #c ;P
3224 2011-06-20 04:53:38 <jrmithdobbs> genewitch: had part of comcast in texas glined from freenode for /notic'ing lilo for /noticing me about giving him money too
3225 2011-06-20 04:53:57 <Cryo> :( lilo
3226 2011-06-20 04:54:01 <jrmithdobbs> fuck that guy
3227 2011-06-20 04:54:02 <hmmmm> jrmithdobbs, you're on #C?
3228 2011-06-20 04:54:04 <bikcmp> i've never met lilo
3229 2011-06-20 04:54:07 <bikcmp> what was he like?
3230 2011-06-20 04:54:11 <Cryo> horrible way to die.
3231 2011-06-20 04:54:12 <jrmithdobbs> asshat
3232 2011-06-20 04:54:49 RenaKunisaki has quit (Remote host closed the connection)
3233 2011-06-20 04:54:57 <jrmithdobbs> Cryo: no loss
3234 2011-06-20 04:54:58 <bikcmp> jrmithdobbs: really?
3235 2011-06-20 04:55:07 <bikcmp> i've heard mixed things.
3236 2011-06-20 04:55:13 <paupau> my gline is thiiiiiis big
3237 2011-06-20 04:55:22 RenaKunisaki has joined
3238 2011-06-20 04:55:26 <bikcmp> actual size?
3239 2011-06-20 04:55:30 <paupau> you know it
3240 2011-06-20 04:55:36 <paupau> you might have to fiddle with the zoom controls
3241 2011-06-20 04:55:38 <bikcmp> i'm sorry for you.
3242 2011-06-20 04:55:44 <jrmithdobbs> i pissed him off enough times to actually get my chanserv nick locked and taken away
3243 2011-06-20 04:55:45 <paupau> well, I try.
3244 2011-06-20 04:55:47 <jrmithdobbs> heh
3245 2011-06-20 04:55:58 <jrmithdobbs> fuck that guy ;P
3246 2011-06-20 04:56:09 <jercos> and his couch
3247 2011-06-20 04:56:20 RenaKunisaki has quit (Max SendQ exceeded)
3248 2011-06-20 04:56:39 <midnightmagic> who the hell is lilo?
3249 2011-06-20 04:56:41 * nameless !~root@weowntheinter.net|eyes jercos
3250 2011-06-20 04:56:57 * jercos legs nameless|
3251 2011-06-20 04:57:04 <Cryo> I guess I was never a dick to him
3252 2011-06-20 04:57:12 * paupau dicks Cryo
3253 2011-06-20 04:57:18 RenaKunisaki has joined
3254 2011-06-20 04:57:22 <midnightmagic> LOL
3255 2011-06-20 04:57:22 <nameless> !~root@weowntheinter.net|Anyway, as it seems the spamfest is over, I'm going to go back to studying
3256 2011-06-20 04:57:22 sigwins has joined
3257 2011-06-20 04:58:03 RenaKunisaki has quit (Max SendQ exceeded)
3258 2011-06-20 04:58:33 AStove has joined
3259 2011-06-20 04:58:39 RenaKunisaki has joined
3260 2011-06-20 04:58:57 <upb> lilo is the most rooted ircop in history :P
3261 2011-06-20 04:58:57 dfc_ has quit (Quit: leaving)
3262 2011-06-20 04:59:09 <copumpkin> nameless|: studying what?
3263 2011-06-20 04:59:14 xert has quit (Read error: Connection reset by peer)
3264 2011-06-20 04:59:22 delpes has quit (Quit: Page closed)
3265 2011-06-20 04:59:23 <nameless> !~root@weowntheinter.net|copumpkin: For my pilots license
3266 2011-06-20 04:59:28 <copumpkin> oh cool
3267 2011-06-20 04:59:42 <nameless> !~root@weowntheinter.net|yup, I'm almost done with it, like 5 hours of flight left
3268 2011-06-20 04:59:54 <copumpkin> wow
3269 2011-06-20 04:59:57 <copumpkin> I've wanted to do that for a while
3270 2011-06-20 05:00:06 <jrmithdobbs> nameless|: awesome
3271 2011-06-20 05:00:10 <nameless> !~root@weowntheinter.net|It's expensive
3272 2011-06-20 05:00:11 <copumpkin> my dad flies gliders
3273 2011-06-20 05:00:12 <jrmithdobbs> nameless|: buddy of mine got a stearman recently
3274 2011-06-20 05:00:15 <nameless> !~root@weowntheinter.net|I wish I had BTC to finance it
3275 2011-06-20 05:00:22 mmoya has quit (Ping timeout: 260 seconds)
3276 2011-06-20 05:00:24 <nameless> !~root@weowntheinter.net|copumpkin: Gliders are amazing!
3277 2011-06-20 05:00:25 <jrmithdobbs> nameless|: had to recertify to be able to fly it home ;P
3278 2011-06-20 05:00:32 <nameless> !~root@weowntheinter.net|I plan on getting a gliding endorsement after I get my license
3279 2011-06-20 05:00:36 <copumpkin> cool
3280 2011-06-20 05:00:39 <copumpkin> yeah, he tells me they're great
3281 2011-06-20 05:00:42 <copumpkin> I've never been up with him
3282 2011-06-20 05:00:45 <nameless> !~root@weowntheinter.net|jrmithdobbs: That's not that hard though :p
3283 2011-06-20 05:00:54 <nameless> !~root@weowntheinter.net|copumpkin: They are, it's like
3284 2011-06-20 05:01:03 <nameless> !~root@weowntheinter.net|I don't even know how to describe it
3285 2011-06-20 05:01:09 <denisx> the worst thing about the mtgox thing is the .exe spam I now get ;(
3286 2011-06-20 05:01:09 <nameless> !~root@weowntheinter.net|It's loud, even though there's no engine
3287 2011-06-20 05:01:12 <jrmithdobbs> nameless|: it is when you've never flown a biplane with no instruments ;P
3288 2011-06-20 05:01:13 <bikcmp> i wonder
3289 2011-06-20 05:01:17 <bikcmp> is bitcoin completely p2p?
3290 2011-06-20 05:01:23 <bikcmp> aside from initial briding.
3291 2011-06-20 05:01:26 <copumpkin> bikcmp: if you ignore exchanges
3292 2011-06-20 05:01:31 <bikcmp> copumpkin: exchanges?
3293 2011-06-20 05:01:33 xert has joined
3294 2011-06-20 05:01:35 <nameless> !~root@weowntheinter.net|And you can easily pull 2+G's in a thermal
3295 2011-06-20 05:01:36 <bikcmp> i'm new to bitcoin crap. :)
3296 2011-06-20 05:01:47 <nameless> !~root@weowntheinter.net|jrmithdobbs: what country?
3297 2011-06-20 05:01:56 <jrmithdobbs> nameless|: us
3298 2011-06-20 05:01:59 <jercos> bikcmp: bitcoin itself is p2p. exchanges that convert fiat moneys to and from bitcoin are not.
3299 2011-06-20 05:02:10 <nameless> !~root@weowntheinter.net|jrmithdobbs: No insturements you say?
3300 2011-06-20 05:02:19 bit_monger has quit (Quit: ChatZilla 0.9.87 [Firefox 3.6.17/20110420140830])
3301 2011-06-20 05:02:19 <Cryo> bitcoins are magical unicorn blood
3302 2011-06-20 05:02:24 <bikcmp> jercos: how much is 5 bitcoins worth?
3303 2011-06-20 05:02:26 <bikcmp> out of curiousity.
3304 2011-06-20 05:02:28 <nameless> !~root@weowntheinter.net|jrmithdobbs: That was probably the biggest hassle, he had to get a waiver from the flight standards office most likely
3305 2011-06-20 05:02:30 <jrmithdobbs> nameless|: radio is the only thing electronic in the thing
3306 2011-06-20 05:02:34 <jrmithdobbs> nameless|: yup.
3307 2011-06-20 05:02:52 <nameless> !~root@weowntheinter.net|that's not recertifying :p
3308 2011-06-20 05:02:53 <jercos> bikcmp: however much you decide it's worth. Some exchangers would give you about $100 for that.
3309 2011-06-20 05:02:54 <jrmithdobbs> nameless|: he actually flies by iphone gps in it
3310 2011-06-20 05:03:04 <bikcmp> what?
3311 2011-06-20 05:03:06 <bikcmp> 5?
3312 2011-06-20 05:03:07 <jrmithdobbs> nameless|: he had to recertify as well because it'd been ~15-20 years
3313 2011-06-20 05:03:14 <bikcmp> for 5 freaking bitcoins? what
3314 2011-06-20 05:03:14 <bikcmp> lol
3315 2011-06-20 05:03:16 <jrmithdobbs> nameless|: ps don't tell faa re: iphone ;P
3316 2011-06-20 05:03:33 vragnaro1a has joined
3317 2011-06-20 05:03:38 <nameless> !~root@weowntheinter.net|jrmithdobbs: :3
3318 2011-06-20 05:04:30 <nameless> !~root@weowntheinter.net|jrmithdobbs: Well, uh, yeah, lets see, bianual flight review for starters
3319 2011-06-20 05:04:36 RevolutionMasta_ has left ()
3320 2011-06-20 05:04:48 <jrmithdobbs> nameless|: fucker's still not taken me up in it
3321 2011-06-20 05:04:55 <jrmithdobbs> heh
3322 2011-06-20 05:05:01 legion050 has left ()
3323 2011-06-20 05:05:14 doofus2 has quit ()
3324 2011-06-20 05:05:29 vragnaroda has quit (Ping timeout: 250 seconds)
3325 2011-06-20 05:05:37 <nameless> !~root@weowntheinter.net|jrmithdobbs: that sucks, what state you live in?
3326 2011-06-20 05:05:42 <bikcmp> nameless|: think you can do me a favor?
3327 2011-06-20 05:05:45 <jrmithdobbs> nameless|: tx
3328 2011-06-20 05:05:47 <nameless> !~root@weowntheinter.net|bikcmp: perhaps
3329 2011-06-20 05:05:53 <bikcmp> nameless|: link me directly to a windows binary for bitcoin
3330 2011-06-20 05:05:57 <nameless> !~root@weowntheinter.net|jrmithdobbs: Oh, you're on the other side of that oceany thingy
3331 2011-06-20 05:05:58 <bikcmp> i'm on a REALLY slow machine.
3332 2011-06-20 05:06:04 <bikcmp> 40 mhz.
3333 2011-06-20 05:06:04 <bikcmp> lol
3334 2011-06-20 05:06:06 <bikcmp> iirc.
3335 2011-06-20 05:06:10 <jrmithdobbs> nameless|: fl?
3336 2011-06-20 05:06:16 <nameless> !~root@weowntheinter.net|jrmithdobbs: yeah
3337 2011-06-20 05:06:19 sdfasd has joined
3338 2011-06-20 05:06:23 <nameless> !~root@weowntheinter.net|http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-win32-setup.exe/download
3339 2011-06-20 05:06:24 <copumpkin> oh, I go to florida regularly
3340 2011-06-20 05:06:30 <nameless> !~root@weowntheinter.net|copumpkin: what part?
3341 2011-06-20 05:06:32 <copumpkin> tampa
3342 2011-06-20 05:06:37 <copumpkin> my gf lives there
3343 2011-06-20 05:06:42 <nameless> !~root@weowntheinter.net|that's like, not my part
3344 2011-06-20 05:06:42 <bikcmp> nameless|: direct enough
3345 2011-06-20 05:06:43 <bikcmp> thanks
3346 2011-06-20 05:06:48 <copumpkin> nameless|: ah well :)
3347 2011-06-20 05:06:50 theymos has quit (Remote host closed the connection)
3348 2011-06-20 05:06:53 <copumpkin> damn hot all over
3349 2011-06-20 05:07:22 RenaKunisaki has quit (Ping timeout: 276 seconds)
3350 2011-06-20 05:07:33 vragnaro1a is now known as vragnaroda
3351 2011-06-20 05:07:53 <nameless> !~root@weowntheinter.net|copumpkin: yup
3352 2011-06-20 05:07:55 <nameless> !~root@weowntheinter.net|98 today
3353 2011-06-20 05:08:00 <nameless> !~root@weowntheinter.net|and then it rained
3354 2011-06-20 05:08:08 <copumpkin> mmm humidity
3355 2011-06-20 05:08:09 <copumpkin> :P
3356 2011-06-20 05:08:26 phunction has quit (Ping timeout: 252 seconds)
3357 2011-06-20 05:08:46 grnbrg has left ("Leaving")
3358 2011-06-20 05:09:43 Atterall has joined
3359 2011-06-20 05:10:09 piperdude has joined
3360 2011-06-20 05:10:59 DaQatz has quit (Read error: Connection reset by peer)
3361 2011-06-20 05:11:11 sblinda has quit (Quit: Leaving.)
3362 2011-06-20 05:11:14 DaQatz has joined
3363 2011-06-20 05:11:17 Sangheili has quit (Read error: Connection reset by peer)
3364 2011-06-20 05:11:21 Juffo-Wup has quit (Read error: Connection reset by peer)
3365 2011-06-20 05:11:52 hallowworld has joined
3366 2011-06-20 05:12:02 slux has joined
3367 2011-06-20 05:12:16 samlander has quit (Read error: Connection reset by peer)
3368 2011-06-20 05:12:25 samlander has joined
3369 2011-06-20 05:12:34 <gentz> When is mtgox gonna do the rollback and be back up and trading?
3370 2011-06-20 05:12:40 Juffo-Wup has joined
3371 2011-06-20 05:12:48 s13013 has quit (Read error: Operation timed out)
3372 2011-06-20 05:12:49 Pinion has quit (Read error: Connection reset by peer)
3373 2011-06-20 05:12:59 Pinion has joined
3374 2011-06-20 05:13:02 glassresistor has quit (Ping timeout: 260 seconds)
3375 2011-06-20 05:13:08 s13013 has joined
3376 2011-06-20 05:13:09 <jrmithdobbs> gentz: last estimate was 1 hr from now
3377 2011-06-20 05:13:44 Sangheili has joined
3378 2011-06-20 05:14:27 <jlgaddis> 0800 utc at the earliest
3379 2011-06-20 05:14:30 Sangheili has quit (Read error: Connection reset by peer)
3380 2011-06-20 05:15:49 minixking has quit (Ping timeout: 276 seconds)
3381 2011-06-20 05:15:49 skeledrew has quit (Ping timeout: 255 seconds)
3382 2011-06-20 05:16:38 nevezen has left ()
3383 2011-06-20 05:16:49 dbasch has joined
3384 2011-06-20 05:17:56 kreal- has joined
3385 2011-06-20 05:17:58 sigwins has quit (Ping timeout: 252 seconds)
3386 2011-06-20 05:18:01 Saab- has quit (Quit: Saab-)
3387 2011-06-20 05:19:00 Ademan has joined
3388 2011-06-20 05:19:01 * nameless !~root@weowntheinter.net|looks up to see that the channel is still spam free
3389 2011-06-20 05:19:10 <paupau> yo
3390 2011-06-20 05:19:12 <paupau> fgsfds.
3391 2011-06-20 05:19:12 <copumpkin> amazing, eh
3392 2011-06-20 05:19:13 phunction has joined
3393 2011-06-20 05:19:25 <copumpkin> I can spam haskell propaganda if you'd like
3394 2011-06-20 05:19:31 * nameless !~root@weowntheinter.net|detaches and goes back to studying
3395 2011-06-20 05:19:34 <nameless> !~root@weowntheinter.net|You do that
3396 2011-06-20 05:19:36 OVerLoRDI_ is now known as OVerLoRDI
3397 2011-06-20 05:19:41 OVerLoRDI has quit (Changing host)
3398 2011-06-20 05:19:41 OVerLoRDI has joined
3399 2011-06-20 05:19:45 <nameless> !~root@weowntheinter.net|And you'll find yourself staring at a nast mode +b in your name :p
3400 2011-06-20 05:19:47 <copumpkin> :(
3401 2011-06-20 05:19:48 <Ademan> does anyone else get a segfault running bitcoind from the latest head ( the only config option I'm worried about was disabling miniupnp)? the backtrace points at EC_POINT_point2oct
3402 2011-06-20 05:19:58 * copumpkin was just about to start telling everyone how awesome it was
3403 2011-06-20 05:20:06 <paupau> LAZY EVALUATION IS COMMUNISM
3404 2011-06-20 05:20:19 <copumpkin> the worst insult ever in the US!
3405 2011-06-20 05:20:21 * copumpkin faints
3406 2011-06-20 05:20:23 phunction has quit (Client Quit)
3407 2011-06-20 05:20:34 <paupau> the US, right
3408 2011-06-20 05:23:52 piperdude has left ()
3409 2011-06-20 05:26:29 markio has quit ()
3410 2011-06-20 05:27:58 lessPlastic has joined
3411 2011-06-20 05:28:26 sdfasd has quit (Quit: Leaving)
3412 2011-06-20 05:28:58 jpierre has joined
3413 2011-06-20 05:29:11 NOTAL has quit (Read error: Connection reset by peer)
3414 2011-06-20 05:29:38 glassresistor has joined
3415 2011-06-20 05:30:25 Beccara_ has quit (Read error: Connection reset by peer)
3416 2011-06-20 05:30:54 Beccara_ has joined
3417 2011-06-20 05:31:16 filmhtedue has quit (Quit: Page closed)
3418 2011-06-20 05:31:22 <jrmithdobbs> ;;bc,blocks
3419 2011-06-20 05:31:23 <gribble> 131990
3420 2011-06-20 05:32:40 ThomasV has joined
3421 2011-06-20 05:33:26 jpierre has quit (Client Quit)
3422 2011-06-20 05:35:23 bitcoiner has quit (Quit: ChatZilla 0.9.87 [Firefox 3.6.17/20110420140830])
3423 2011-06-20 05:35:33 hahuang65 has joined
3424 2011-06-20 05:35:41 celm has joined
3425 2011-06-20 05:35:52 mmoya has joined
3426 2011-06-20 05:36:40 netsky has joined
3427 2011-06-20 05:36:47 OVerLoRDI has quit (Quit: Leaving)
3428 2011-06-20 05:36:55 Beccara_ has quit (Ping timeout: 264 seconds)
3429 2011-06-20 05:37:13 doofus2 has joined
3430 2011-06-20 05:38:45 <jgarzik> ;;bc,stats
3431 2011-06-20 05:38:48 <gribble> Current Blocks: 131991 | Current Difficulty: 877226.66666667 | Next Difficulty At Block: 133055 | Next Difficulty In: 1064 blocks | Next Difficulty In About: 5 days, 5 hours, 1 minute, and 12 seconds | Next Difficulty Estimate: 1245131.67718153
3432 2011-06-20 05:40:52 err0r^ has joined
3433 2011-06-20 05:41:04 err0r^ has left ()
3434 2011-06-20 05:46:23 Lenovo01 has quit (Quit: Leaving)
3435 2011-06-20 05:51:21 <jrmithdobbs> this pretty much sums up my feelings on all the calls (and concession to) the trade reverts
3436 2011-06-20 05:51:22 glitch-mod has quit (Ping timeout: 255 seconds)
3437 2011-06-20 05:51:29 <jrmithdobbs> https://twitter.com/#!/virgiltexas/status/82584695879122944
3438 2011-06-20 05:51:34 <jrmithdobbs> lol
3439 2011-06-20 05:51:42 fimp has joined
3440 2011-06-20 05:53:36 Beccara has joined
3441 2011-06-20 05:53:38 lessPlastic has quit (Quit: lessPlastic)
3442 2011-06-20 05:53:46 nefario has joined
3443 2011-06-20 05:55:14 d1234 has quit (Remote host closed the connection)
3444 2011-06-20 05:58:06 Beccara has quit (Read error: Connection reset by peer)
3445 2011-06-20 05:58:29 g37 has joined
3446 2011-06-20 05:58:53 <csshih> trolololo
3447 2011-06-20 05:59:34 wolfspraul has quit (Quit: leaving)
3448 2011-06-20 05:59:40 <paupau> aww shit I just got troll'd
3449 2011-06-20 06:00:00 <paupau> I ain't even not mad
3450 2011-06-20 06:00:39 <hmmmm> >suggesting we care
3451 2011-06-20 06:00:51 bitcoinbulletin has quit (Remote host closed the connection)
3452 2011-06-20 06:01:55 lessPlastic has joined
3453 2011-06-20 06:02:24 MetaV has joined
3454 2011-06-20 06:02:52 Geebus has joined
3455 2011-06-20 06:03:12 ThomasV has quit (Ping timeout: 260 seconds)
3456 2011-06-20 06:05:19 larsivi has quit (Ping timeout: 255 seconds)
3457 2011-06-20 06:11:06 bitcoinbulletin has joined
3458 2011-06-20 06:12:32 <paupau> FUCK I MAD
3459 2011-06-20 06:16:03 anddam has joined
3460 2011-06-20 06:16:04 <anddam> hello
3461 2011-06-20 06:16:12 syke has joined
3462 2011-06-20 06:16:21 notallhere has left ()
3463 2011-06-20 06:17:31 f33x has quit (Quit: f33x)
3464 2011-06-20 06:17:32 kreal- has quit (Read error: Operation timed out)
3465 2011-06-20 06:18:05 Atterall has quit (Quit: Page closed)
3466 2011-06-20 06:19:43 celm has quit (Quit: Page closed)
3467 2011-06-20 06:20:07 hamush1 has quit (Ping timeout: 260 seconds)
3468 2011-06-20 06:22:13 <Kireji> ;;bc,mtgox
3469 2011-06-20 06:22:16 <gribble> '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\n<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">\n\n<head>\n <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>\n <title>\n Huge Bitcoin sell off due to a compromised account - rollback : Mt.Gox\n </title>\n <link rel=\'shortcut icon\' (6 more messages)
3470 2011-06-20 06:22:32 <Kireji> sry
3471 2011-06-20 06:22:38 anddam has quit (Quit: anddam)
3472 2011-06-20 06:22:49 lessPlastic has quit (Quit: lessPlastic)
3473 2011-06-20 06:22:50 wasabi1 is now known as wasabii
3474 2011-06-20 06:23:44 wasabii is now known as wasabiii
3475 2011-06-20 06:24:04 paul0 has joined
3476 2011-06-20 06:24:20 wasabiii is now known as wasabii
3477 2011-06-20 06:25:47 fimp has quit (Quit: This computer has gone to sleep)
3478 2011-06-20 06:26:33 Blitzboom_ has joined
3479 2011-06-20 06:26:42 mmoya has quit (Ping timeout: 260 seconds)
3480 2011-06-20 06:28:43 Blitzboom has quit (Ping timeout: 255 seconds)
3481 2011-06-20 06:29:27 djoot has quit (Ping timeout: 276 seconds)
3482 2011-06-20 06:29:41 <gentz> Is the market gonna plummet for a few days or what
3483 2011-06-20 06:29:44 BTCTrader has quit (Quit: BTCTrader)
3484 2011-06-20 06:30:05 <phantomcircuit> gentz, nobody knows
3485 2011-06-20 06:31:24 Beccara has joined
3486 2011-06-20 06:32:25 slux has quit (Ping timeout: 258 seconds)
3487 2011-06-20 06:32:34 kreal- has joined
3488 2011-06-20 06:32:58 eianpsego has quit ()
3489 2011-06-20 06:33:49 Georgyo has quit (Ping timeout: 246 seconds)
3490 2011-06-20 06:33:57 Georgyo has joined
3491 2011-06-20 06:35:24 Skinnner has quit (Quit: http://irc2go.com/)
3492 2011-06-20 06:37:20 Lenovo01 has joined
3493 2011-06-20 06:38:38 <wasabii> Okay. I have one final question. When you generate a SHA hash, should it END or BEGIN with a 0x00000000? Most of the code I see checks position [7] of the state variable for 0.
3494 2011-06-20 06:38:51 <wasabii> But my understanding is that is the end of the hash. Most of the stuff I see in block explorer begins with a 0...
3495 2011-06-20 06:39:57 IncitatusOnWater has quit (Ping timeout: 250 seconds)
3496 2011-06-20 06:40:04 <wasabii> And my sha algorithm is good enough now that I can run it against some real test cases... so I know it's not generating stuff backwards.
3497 2011-06-20 06:40:46 SimmyD has joined
3498 2011-06-20 06:41:43 sgornick has joined
3499 2011-06-20 06:42:32 SimmyD has quit (Client Quit)
3500 2011-06-20 06:43:41 humana has quit (Quit: Leaving)
3501 2011-06-20 06:43:47 <denisx> wasabi: I think nobody can answer that! ;)
3502 2011-06-20 06:43:51 <phantomcircuit> wasabi, the sha256 hash is interpreted little endian uint256
3503 2011-06-20 06:43:52 SimmyD has joined
3504 2011-06-20 06:43:59 <denisx> this little/big endian stuff is a mess
3505 2011-06-20 06:44:08 <denisx> you need to try until it fits
3506 2011-06-20 06:44:21 <phantomcircuit> denisx, no he doesn't, i already have
3507 2011-06-20 06:44:23 <phantomcircuit> (
3508 2011-06-20 06:44:25 <phantomcircuit> :(
3509 2011-06-20 06:44:26 ThomasV has joined
3510 2011-06-20 06:45:00 sabalabas has quit (Quit: Leaving)
3511 2011-06-20 06:46:17 cereal7802 has quit ()
3512 2011-06-20 06:48:47 paupau has quit (Quit: bye)
3513 2011-06-20 06:51:52 Kurtov has quit (Read error: Connection reset by peer)
3514 2011-06-20 06:51:57 mmoya has joined
3515 2011-06-20 06:52:18 neurochasm has joined
3516 2011-06-20 06:52:18 BGL has quit (Ping timeout: 244 seconds)
3517 2011-06-20 06:52:31 m86 has joined
3518 2011-06-20 06:52:51 EPiSKiNG- has joined
3519 2011-06-20 06:53:14 kallestrop has left ()
3520 2011-06-20 06:53:47 slux has joined
3521 2011-06-20 06:54:24 Beccara_ has joined
3522 2011-06-20 06:55:02 <wasabii> Well, I have finally managed to generate a hash, and figure out the encoding of the header.
3523 2011-06-20 06:55:06 <wasabii> That took awhile.
3524 2011-06-20 06:55:40 <wasabii> little endian uint256. 256bit int?
3525 2011-06-20 06:55:45 <wasabii> So the entire hash is in fact reversed?
3526 2011-06-20 06:56:07 Beccara_ has quit (Client Quit)
3527 2011-06-20 06:56:52 gsathya has joined
3528 2011-06-20 06:56:58 Beccara has quit (Ping timeout: 240 seconds)
3529 2011-06-20 06:59:19 paul0 has quit (Quit: paul0)
3530 2011-06-20 06:59:43 bmwiedemann has quit (Quit: Leaving.)
3531 2011-06-20 07:00:05 <wasabii> So it ain't just hasing the header, then hashing that, with a standard algorithm, and the hex output being what I see online.
3532 2011-06-20 07:00:48 djoot has joined
3533 2011-06-20 07:02:03 <wasabii> I'm not really sure comparing the thing to the target is even worth it at this point
3534 2011-06-20 07:02:20 <wasabii> If the last byte is 0, let it go. Server won't mind.
3535 2011-06-20 07:03:24 Faraday has joined
3536 2011-06-20 07:04:32 red_dawn_ has quit (Read error: Connection reset by peer)
3537 2011-06-20 07:07:57 hallowworld has quit (Ping timeout: 260 seconds)
3538 2011-06-20 07:08:17 hmmmm has quit (Quit: Just according to keikaku)
3539 2011-06-20 07:08:42 Storagewars has quit ()
3540 2011-06-20 07:08:48 SimmyD has quit (Quit: leaving)
3541 2011-06-20 07:08:59 torsthaldo has joined
3542 2011-06-20 07:10:01 dissipate has joined
3543 2011-06-20 07:11:16 Herodes has quit (Ping timeout: 246 seconds)
3544 2011-06-20 07:12:53 lorenzoIT has joined
3545 2011-06-20 07:14:23 larsivi has joined
3546 2011-06-20 07:14:35 somuchwin has quit (Ping timeout: 252 seconds)
3547 2011-06-20 07:15:20 somuchwin has joined
3548 2011-06-20 07:15:47 Nexus7 has joined
3549 2011-06-20 07:17:55 <EskimoBob> MagicalTux: thanx for the update, but can you please use date when you write "We are going to push our relaunch time to 2:00am GMT ***tomorrow*** ...." :)
3550 2011-06-20 07:18:36 Lenovo01 has quit (Quit: Leaving)
3551 2011-06-20 07:20:00 MartianW has joined
3552 2011-06-20 07:21:33 <SerajewelKS> hmm
3553 2011-06-20 07:21:42 <phantomcircuit> wasabi, what are you writting?
3554 2011-06-20 07:23:22 <denisx> wasabi: no, if the last byte is NOT null let it go
3555 2011-06-20 07:23:33 <denisx> actually it is an int32
3556 2011-06-20 07:24:04 rrix has left ("Konversation terminated!")
3557 2011-06-20 07:25:38 djoot has quit (Ping timeout: 246 seconds)
3558 2011-06-20 07:26:23 dissipate has quit (Remote host closed the connection)
3559 2011-06-20 07:26:55 roconnor has quit (Remote host closed the connection)
3560 2011-06-20 07:28:18 Herodes has joined
3561 2011-06-20 07:28:28 dissipate has joined
3562 2011-06-20 07:28:50 Zefir has joined
3563 2011-06-20 07:28:52 <wasabii> Hmm?
3564 2011-06-20 07:29:02 eoss has quit (Remote host closed the connection)
3565 2011-06-20 07:29:03 MartianW has quit (Quit: Bye all.)
3566 2011-06-20 07:29:06 <wasabii> If it's not null, send it to the server?
3567 2011-06-20 07:29:34 <wasabii> phantomcircuit: A miner. In C#.
3568 2011-06-20 07:30:22 lvnyk has joined
3569 2011-06-20 07:31:20 <denisx> wasabi: image the hash is a number, and if it is too big it is not valid
3570 2011-06-20 07:31:28 <wasabii> I know.
3571 2011-06-20 07:31:41 <denisx> and it must have at least 4 bytes zero in the beginning
3572 2011-06-20 07:31:46 <wasabii> I know all that. But what direction is the hash pointing?
3573 2011-06-20 07:32:04 <wasabii> Most of the miners I've read check for 0x00 on the 7th byte of the hash, before doing a full test.
3574 2011-06-20 07:32:18 <wasabii> But the 7th byte is the end, not the beginning.
3575 2011-06-20 07:32:25 <denisx> wasabi: I think this is optimizing already
3576 2011-06-20 07:32:31 <wasabii> Huh?
3577 2011-06-20 07:32:38 <denisx> so they do not need to convert it
3578 2011-06-20 07:33:09 <wasabii> You'd get a wildly different hash if their SHA2 state wasn't facing the right way.
3579 2011-06-20 07:33:23 <wasabii> So I don't think they're producing backwards results. I could be wrong I guess.
3580 2011-06-20 07:33:26 lvnyk has left ()
3581 2011-06-20 07:33:48 mmoya has quit (Ping timeout: 260 seconds)
3582 2011-06-20 07:35:40 <fpgaminer> Miners are checking that the 32 Most Significant Bits are equal to zero.
3583 2011-06-20 07:36:14 <phantomcircuit> wasabii, lol why
3584 2011-06-20 07:36:17 <wasabii> How do you define "significant bites" on a SHA-2 HASH?
3585 2011-06-20 07:36:32 <wasabii> Since it's actually just a string of 8 integers.
3586 2011-06-20 07:36:33 dissipate has quit (Read error: Connection reset by peer)
3587 2011-06-20 07:36:49 <fpgaminer> In terms of SHA2 that's H
3588 2011-06-20 07:36:51 <phantomcircuit> wasabii, like i said, little endian
3589 2011-06-20 07:36:51 <wasabii> That's the question. It has an answer. It's either at the beginning, or the end. :)
3590 2011-06-20 07:37:06 asynkritus has left ()
3591 2011-06-20 07:37:07 <wasabii> okay, little endian, so least significant bites are on the left.
3592 2011-06-20 07:37:09 <phantomcircuit> wasabii, most significant bits are last
3593 2011-06-20 07:37:19 <phantomcircuit> er
3594 2011-06-20 07:37:21 <phantomcircuit> first?
3595 2011-06-20 07:37:26 <fpgaminer> :P
3596 2011-06-20 07:37:31 <wasabii> Err
3597 2011-06-20 07:37:38 <phantomcircuit> no
3598 2011-06-20 07:37:44 <wasabii> Yeah. Little. Least first.
3599 2011-06-20 07:37:50 <wasabii> Err, no most first.
3600 2011-06-20 07:37:57 <fpgaminer> So fantastically confusing
3601 2011-06-20 07:37:58 <wasabii> No, least. Final answer.
3602 2011-06-20 07:38:01 <phantomcircuit> First Bytelittle least significant
3603 2011-06-20 07:38:03 hallowworld has joined
3604 2011-06-20 07:38:09 doofus2 has quit ()
3605 2011-06-20 07:39:06 <wasabii> Okay, and in terms of matching a hash to a target, you'd want to check it's most significant values for the fast check.
3606 2011-06-20 07:39:13 TommyBoy3G has quit ()
3607 2011-06-20 07:39:14 <wasabii> Since they are most significant, after all.
3608 2011-06-20 07:39:19 <fpgaminer> indeed
3609 2011-06-20 07:39:25 <fpgaminer> H == 0 for Difficult == 1
3610 2011-06-20 07:39:53 <denisx> difficulty-1 means 32 bits are 0
3611 2011-06-20 07:40:03 <wasabii> H0 is the first byte I'm outputting.
3612 2011-06-20 07:40:05 <denisx> difficulty 33 bits and so on
3613 2011-06-20 07:40:15 DaQatz has quit (Read error: Connection reset by peer)
3614 2011-06-20 07:40:18 Qatz has joined
3615 2011-06-20 07:40:18 <denisx> difficulty-2 33 bits and so on
3616 2011-06-20 07:40:48 arima has quit (Ping timeout: 260 seconds)
3617 2011-06-20 07:41:02 <wasabii> Sometimes also known as 'a'... out of 'a' through 'e'.
3618 2011-06-20 07:41:14 <wasabii> err, h.
3619 2011-06-20 07:41:17 <wasabii> Oh. H. I get you.
3620 2011-06-20 07:41:19 <fpgaminer> :P
3621 2011-06-20 07:41:30 <wasabii> There's an array the nist standard uses called H.
3622 2011-06-20 07:41:38 <denisx> actually it is even more complicated since the difficulty is linear
3623 2011-06-20 07:41:40 <wasabii> Do you mean that, or the last output byte of the transform function?
3624 2011-06-20 07:41:41 Geebus has quit (Ping timeout: 252 seconds)
3625 2011-06-20 07:41:42 guest9 has joined
3626 2011-06-20 07:41:55 danbri has quit (Remote host closed the connection)
3627 2011-06-20 07:42:29 combo has joined
3628 2011-06-20 07:42:42 <wasabii> phantomcircuit: ANd I'm doing this for a) lulz b) learning c) So I can easily customize it and deploy it around the office computers. :)
3629 2011-06-20 07:43:10 syke has quit (Read error: Connection reset by peer)
3630 2011-06-20 07:43:14 <denisx> wasabi: you will not get far with cpu mining ;)
3631 2011-06-20 07:43:16 <wasabii> https://github.com/wasabii/BitMaker
3632 2011-06-20 07:43:21 <wasabii> I know. It'll have GPU support.
3633 2011-06-20 07:43:31 abragin has joined
3634 2011-06-20 07:43:31 abragin has quit (Changing host)
3635 2011-06-20 07:43:31 abragin has joined
3636 2011-06-20 07:43:49 <wasabii> Automatically enumerate all the available GPUs, and use the CPU, multithreaded.
3637 2011-06-20 07:44:02 <wasabii> So I can push it around to a bunch of desktops with unknown hardware.
3638 2011-06-20 07:44:07 arima has joined
3639 2011-06-20 07:44:15 <denisx> wasabi: sounds like a botnet! ;)
3640 2011-06-20 07:44:48 <midnightmagic> hey it's fpgaminer. hi fpgaminer !
3641 2011-06-20 07:44:50 TommyBoy3G has joined
3642 2011-06-20 07:44:52 <wasabii> The CPU code I wrote is actually running faster than I thought it would.
3643 2011-06-20 07:45:00 <fpgaminer> Hey it's midnightmagic!
3644 2011-06-20 07:45:14 <wasabii> 650 khash/s
3645 2011-06-20 07:45:17 Pinion has quit (Quit: Colloquy for iPad - http://colloquy.mobi)
3646 2011-06-20 07:45:21 <midnightmagic> fpgaminer: did you hear about those intriguing comments re: the LX150?
3647 2011-06-20 07:45:33 <fpgaminer> mignightmagic: recently?
3648 2011-06-20 07:45:46 <midnightmagic> fpgaminer: Few days ago I guess. Art was talking about them.
3649 2011-06-20 07:46:00 <fpgaminer> midnightmagic: No, I guess not. What were they? That the routing sucks? :P
3650 2011-06-20 07:46:15 <midnightmagic> fpgaminer: Ah, surprisingly, he did mention router congestion of some sort.
3651 2011-06-20 07:46:42 moe1111 has quit (Ping timeout: 250 seconds)
3652 2011-06-20 07:46:47 <midnightmagic> fpgaminer: He's reporting 190MH/s on a double-pipelined bitcoin hash engine on an LX150.
3653 2011-06-20 07:47:04 <fpgaminer> midnightmagic: Very nice
3654 2011-06-20 07:47:27 <fpgaminer> midnightmagic: I was expecting 160 our of it, but had so much trouble with P&R
3655 2011-06-20 07:47:45 <midnightmagic> fpgaminer: I don't know what to believe with him anymore. But it's certainly a lovely thought to not have to figure out how to do mosis all by myself.
3656 2011-06-20 07:48:08 <fpgaminer> midnightmagic: It's a shame he doesn't work open-source
3657 2011-06-20 07:48:40 dbasch has quit (Quit: dbasch)
3658 2011-06-20 07:48:42 <midnightmagic> fpgaminer: but kind of understandable. perhaps he'll be more inclined to do that once he makes enough money that he feels comfortable with his account balance. :)
3659 2011-06-20 07:48:46 <wasabii> I'd sure like a sample getwork request with a known hash
3660 2011-06-20 07:48:56 <wasabii> that'd make testing this crap eaiser.
3661 2011-06-20 07:49:14 guest9 has quit (Quit: Page closed)
3662 2011-06-20 07:49:19 <fpgaminer> midnightmagic: Is he really aiming for a commericial product? For 190MH/s on an LX150 he could certianly do it (those chips are $130 each)
3663 2011-06-20 07:49:19 <midnightmagic> fpgaminer: competitive advantage and all that. he was talking about breaking the DES cracking record with some kind of LX150 array he's put together.
3664 2011-06-20 07:49:34 <midnightmagic> fpgaminer: no, I suspect just a personal competitive advantage for himself and his investors.
3665 2011-06-20 07:49:44 larsivi has quit (Ping timeout: 250 seconds)
3666 2011-06-20 07:49:46 <fpgaminer> midnightmagic: heh, go figure
3667 2011-06-20 07:50:08 <midnightmagic> fpgaminer: he seems to release the stuff one or two generations behind his best
3668 2011-06-20 07:50:18 <fpgaminer> midnightmagic: Well I guess I gotta step up my efforts with my LX150 and get a working design out there
3669 2011-06-20 07:50:57 <midnightmagic> fpgaminer: =] may I ask you a recommendation for a devboard, and your thoughts on whether there's a better chip than LX150 to be doing this on?
3670 2011-06-20 07:51:14 <midnightmagic> fpgaminer: (Also, are you using the webpack?)
3671 2011-06-20 07:51:20 <fpgaminer> midnightmagic: Devboard for the LX150?
3672 2011-06-20 07:51:32 <midnightmagic> fpgaminer: yeah, the devboard in digikey are $4k.
3673 2011-06-20 07:51:45 <fpgaminer> midnightmagic: That's weird. I got my dev-board for $1K
3674 2011-06-20 07:51:58 <fpgaminer> one sec....
3675 2011-06-20 07:52:03 <sivu> omg digikey rips people
3676 2011-06-20 07:52:07 <midnightmagic> fpgaminer: and Xilinx lists some cheap ones for like $225. haven't the foggiest where to get them though
3677 2011-06-20 07:52:27 <midnightmagic> sivu: not always. sometimes the volume stuff is okay. but.. do you have a good alternative?
3678 2011-06-20 07:52:27 <fpgaminer> midnightmagic: This is what I bought: http://www.xilinx.com/products/boards-and-kits/AES-S6DEV-LX150T-G.htm
3679 2011-06-20 07:52:42 <fpgaminer> midnightmagic: But, again, I've had a terrible time with P&R on Xilinx devices
3680 2011-06-20 07:53:04 <fpgaminer> midnightmagic: And no, I don't use webpack. The devkit comes with a device-locked license for something a step above that
3681 2011-06-20 07:53:05 <sivu> midnightmagic, actually i've found that digikey is one of the cheapest atleast when compared to farnell or mouser
3682 2011-06-20 07:53:06 <midnightmagic> fpgaminer: ah, that's for an LX-150T. that's with the PCI-e endpoint on it? or was the T for the gE?
3683 2011-06-20 07:53:14 somuchwin has quit (Ping timeout: 240 seconds)
3684 2011-06-20 07:53:47 <fpgaminer> midnightmagic: It has PCI-e, sure, but I don't use it for that :P And T means the chip has transceivers on it, which aren't needed for strictly mining
3685 2011-06-20 07:53:47 dude65535 has quit (Ping timeout: 252 seconds)
3686 2011-06-20 07:53:48 somuchwin has joined
3687 2011-06-20 07:53:58 Artifex_ has joined
3688 2011-06-20 07:54:25 <fpgaminer> midnightmagic: Anyway, that's really the only LX150 board I could actually find. I'd be glad to know if there's something cheaper out there.
3689 2011-06-20 07:54:38 <midnightmagic> fpgaminer: I recently learned that ISE allows gate-level design, and I became happier. I haven't the foggiest re: verilog/VHDL but gate-level design work is something I did a lot of in college.
3690 2011-06-20 07:55:03 <midnightmagic> sivu: thanks for the note.
3691 2011-06-20 07:55:10 <fpgaminer> midnightmagic: Sounds hardcore :)
3692 2011-06-20 07:55:29 <fpgaminer> midnightmagic: Altera also lets you do gate and block level design
3693 2011-06-20 07:55:49 <midnightmagic> fpgaminer: I.. LOVED.. it. Loved it. We designed a full computer, gate by gate, right from scratch.. never built anything (we were poor students) but it was fun simulating it in logicworks.
3694 2011-06-20 07:56:06 <sivu> midnightmagic, we order a lot of volume stuff (altough very low volumes. <1-5k pcs) and digikey prices scale very well. farnell tried to sell us 500pcs of one microcontroller for the same price as 1
3695 2011-06-20 07:56:08 <fpgaminer> midnightmagic: That ... actually does sound like fun :D
3696 2011-06-20 07:56:17 <midnightmagic> sivu: ouch :)
3697 2011-06-20 07:56:18 <fpgaminer> midnightmagic: Verilog has spoiled me
3698 2011-06-20 07:56:43 <sivu> midnightmagic, which was something like ~7euros. digikey prices were <2eur for 500pcs
3699 2011-06-20 07:56:46 <denisx> I have here ca. 40 XC2VP50 lying around
3700 2011-06-20 07:57:11 <sivu> and, farnell said that they will only sell us 100 max
3701 2011-06-20 07:57:34 <midnightmagic> sivu: nice. every once in a while, digikey really sucks.. but on the whole I've been pretty happy with their atmel supplies.
3702 2011-06-20 07:58:29 <sivu> midnightmagic, yep. i'm handling mostly atmel also
3703 2011-06-20 07:59:00 moe1111 has joined
3704 2011-06-20 07:59:05 <midnightmagic> fpgaminer: well, if I do end up with a devkit as I plan, would you mind if I asked you the odd question for bootstrapping my brain into the process?
3705 2011-06-20 07:59:17 g37 has quit (Ping timeout: 252 seconds)
3706 2011-06-20 07:59:19 <sivu> msp430 stuff comes directly from ti
3707 2011-06-20 08:00:02 <fpgaminer> midnightmagic: Feel free :) I'm not always on IRC, so you can PM me on the forums or email me fpgaminer ..at... bitcoin-mining.com
3708 2011-06-20 08:00:42 newark73 has joined
3709 2011-06-20 08:01:01 <midnightmagic> fpgaminer: I'd really appreciate it. And of course I tend to pay it forward when people help, so, I'm not a knowledge dead-end type.
3710 2011-06-20 08:01:20 <fpgaminer> midnightmagic: I just like the spread the FPGA love :)
3711 2011-06-20 08:01:21 larsivi has joined
3712 2011-06-20 08:01:27 <fpgaminer> like to spread*
3713 2011-06-20 08:02:21 Gonzago has quit (Read error: Operation timed out)
3714 2011-06-20 08:02:29 <midnightmagic> fpgaminer: :-) much obliged, again. ah who knows, maybe nothing will come of it, but I do have some vacation coming up and this seems like a great diversion.
3715 2011-06-20 08:02:55 <sivu> speaking of dev, i think the wallet code should be made so that its easy to split accounts into multiple files
3716 2011-06-20 08:03:11 <midnightmagic> sivu: and merge them back again, the same way gpg does.
3717 2011-06-20 08:03:15 <fpgaminer> midnightmagic: Heh, nothing like a little FPGA deving vacation ;)
3718 2011-06-20 08:03:31 <sivu> midnightmagic, yeah.
3719 2011-06-20 08:03:46 <midnightmagic> fpgaminer: I have a very understanding wife who likes the fact that bitcoins have replaced her salary.
3720 2011-06-20 08:03:47 <fpgaminer> midnightmagic: Anyway, thank you for letting me know about ArtForz's progress. I hope I too can squeeze 190MH/s out of this chip :) I'm off to bed for now, though
3721 2011-06-20 08:03:58 <midnightmagic> fpgaminer: night
3722 2011-06-20 08:04:00 <sivu> it could be a tree like structure where each branch could be in its own file
3723 2011-06-20 08:04:29 fpgaminer has quit ()
3724 2011-06-20 08:04:45 <sivu> so you could attach a savings branch, move coins, detach savings and put the file back in the safe
3725 2011-06-20 08:06:11 <sivu> it would also benefit online 'banks' by having each user in its own branch, encrypted with user key
3726 2011-06-20 08:07:07 ThomasV has quit (Read error: Operation timed out)
3727 2011-06-20 08:07:38 wasabii is now known as wasabi2
3728 2011-06-20 08:08:34 Bossland_ has joined
3729 2011-06-20 08:09:49 weinerk has joined
3730 2011-06-20 08:10:13 weinerk has quit (Changing host)
3731 2011-06-20 08:10:13 weinerk has joined
3732 2011-06-20 08:10:19 slux has quit (Ping timeout: 252 seconds)
3733 2011-06-20 08:10:24 danbri has joined
3734 2011-06-20 08:11:51 ColdHardMetal has left ()
3735 2011-06-20 08:12:02 Bossland has quit (Ping timeout: 240 seconds)
3736 2011-06-20 08:12:53 Tritonio has joined
3737 2011-06-20 08:13:16 oneohoneohfive has joined
3738 2011-06-20 08:15:26 hahuang65 has quit ()
3739 2011-06-20 08:18:19 Slober has joined
3740 2011-06-20 08:22:34 btc4beer has quit (Ping timeout: 276 seconds)
3741 2011-06-20 08:24:42 testuser444 has joined
3742 2011-06-20 08:26:49 gsathya has quit (Ping timeout: 240 seconds)
3743 2011-06-20 08:27:37 btc4beer has joined
3744 2011-06-20 08:27:44 hamush1 has joined
3745 2011-06-20 08:30:06 testuser444 has quit (Remote host closed the connection)
3746 2011-06-20 08:31:30 gsathya has joined
3747 2011-06-20 08:31:33 RAM2012 has joined
3748 2011-06-20 08:38:32 <denisx> MagicalTux: mtgox runs on freebsd you said? was it always freebsd?
3749 2011-06-20 08:41:04 <tuoppi> [Update - 6:30 GMT] Still here. Still working hard to get things online.
3750 2011-06-20 08:41:04 <tuoppi> SHA-512 multi-iteration salted hashing is in enabled and ready for when we get users reactivating their accounts
3751 2011-06-20 08:41:04 <tuoppi> We are going to push our relaunch time to 2:00am GMT tomorrow so we have time to launch a our new backend and withdraw passwords.
3752 2011-06-20 08:41:04 <tuoppi> Thanks to everyone sending the supportive emails and our extremely patient users.
3753 2011-06-20 08:41:15 <tuoppi> what does that mean exactly?
3754 2011-06-20 08:41:26 <tuoppi> do we have to wait like 15 hours from now on or just 5
3755 2011-06-20 08:41:36 <tuoppi> i mean 5 or 17
3756 2011-06-20 08:41:41 Geebus has joined
3757 2011-06-20 08:41:46 <Artifex_> 17 i think
3758 2011-06-20 08:41:54 <kinlo> 17 indeed
3759 2011-06-20 08:41:55 <tuoppi> geez
3760 2011-06-20 08:41:58 <tuoppi> kinda long wait
3761 2011-06-20 08:42:45 combo has quit (Ping timeout: 258 seconds)
3762 2011-06-20 08:44:16 Herodes has quit (Quit: Leaving)
3763 2011-06-20 08:49:21 LightRider is now known as LightRider|afk
3764 2011-06-20 08:49:46 <sipa> i prefer having it down for longer than that they have to rush things
3765 2011-06-20 08:49:51 IncitatusOnWater has joined
3766 2011-06-20 08:49:51 Joric has joined
3767 2011-06-20 08:50:00 gjs278 has joined
3768 2011-06-20 08:50:05 triplex has joined
3769 2011-06-20 08:50:18 oneohoneohfive has left ("bye")
3770 2011-06-20 08:52:07 f33x has joined
3771 2011-06-20 08:52:37 <epscy> yeah, if they want to rebuild trust they need to do this properly
3772 2011-06-20 08:52:41 d1234 has joined
3773 2011-06-20 08:53:18 larsivi has quit (Quit: No Ping reply in 180 seconds.)
3774 2011-06-20 08:53:36 larsivi has joined
3775 2011-06-20 08:53:42 ionspin has quit (Remote host closed the connection)
3776 2011-06-20 08:59:36 entertheb_ has joined
3777 2011-06-20 09:00:52 xert has quit (Read error: Connection reset by peer)
3778 2011-06-20 09:01:00 entertheb_ has quit (Client Quit)
3779 2011-06-20 09:01:30 f33x_ has joined
3780 2011-06-20 09:01:51 AnatolV has joined
3781 2011-06-20 09:02:58 xert has joined
3782 2011-06-20 09:04:10 f33x has quit (Ping timeout: 250 seconds)
3783 2011-06-20 09:04:11 f33x_ is now known as f33x
3784 2011-06-20 09:08:26 ionspin has joined
3785 2011-06-20 09:10:46 neurochasm has quit (Ping timeout: 250 seconds)
3786 2011-06-20 09:11:11 IncitatusOnWater has quit (Ping timeout: 255 seconds)
3787 2011-06-20 09:11:40 f33x has quit (Quit: f33x)
3788 2011-06-20 09:15:23 Sebastan has joined
3789 2011-06-20 09:15:53 Sebastan has quit (Read error: Connection reset by peer)
3790 2011-06-20 09:16:05 pogden has quit (Remote host closed the connection)
3791 2011-06-20 09:16:28 slux has joined
3792 2011-06-20 09:18:21 abragin has quit ()
3793 2011-06-20 09:19:06 abragin has joined
3794 2011-06-20 09:19:06 abragin has quit (Changing host)
3795 2011-06-20 09:19:06 abragin has joined
3796 2011-06-20 09:21:30 <Nachtwind> may someone give me a hint for the RPC commands?
3797 2011-06-20 09:21:55 <Nachtwind> i try to use bitcoind with php and want to connect a sender's address to one of the payments
3798 2011-06-20 09:22:01 <Nachtwind> is that with just RPC possible at all?
3799 2011-06-20 09:22:37 <sipa> that's not possible in general
3800 2011-06-20 09:22:47 <sipa> bitcoin transactions do not have a clearly definable from address
3801 2011-06-20 09:23:15 <sipa> and you definitely shouldn't rely on it - if you want a chargeback address or so, ask the customer
3802 2011-06-20 09:23:21 <Nachtwind> ok.. figured that out already.. but in case i know the senders address - can i somehow connect that to transactions?
3803 2011-06-20 09:23:32 <sipa> in general, not
3804 2011-06-20 09:23:35 <Nachtwind> no i just want to see wether someone paid or not
3805 2011-06-20 09:23:41 <sipa> don't
3806 2011-06-20 09:23:50 <sipa> use a separate receive address for each payment
3807 2011-06-20 09:24:45 <Nachtwind> lets say someone enters an amount on my page and his return address - how do i know that a transaction i get belongs to this person?
3808 2011-06-20 09:25:07 <Nachtwind> i mean, i have seen this kind of thing on a lot of pages - so it should be doable.. yet i dont see how
3809 2011-06-20 09:25:18 <sipa> you generate a new address every time you need someone to pay you
3810 2011-06-20 09:25:35 <doublec> Nachtwind: listreceivedbyaddress
3811 2011-06-20 09:25:50 <doublec> Nachtwind: look at that and you'll see payments made to an address
3812 2011-06-20 09:25:55 <doublec> Nachtwind: you can poll it
3813 2011-06-20 09:26:04 <doublec> Nachtwind: or use a half node and monitor transactions
3814 2011-06-20 09:26:10 <Nachtwind> oi... now i see...
3815 2011-06-20 09:26:29 <Nachtwind> i have to store the receivers address and have to rely on a unique address for every transaction and check for that?
3816 2011-06-20 09:26:31 <doublec> Nachtwind: you can also use getreceivedbyaddress
3817 2011-06-20 09:26:38 <doublec> Nachtwind: yes
3818 2011-06-20 09:26:50 <Nachtwind> ohhh.. thank you
3819 2011-06-20 09:26:53 neurochasm has joined
3820 2011-06-20 09:26:58 <Nachtwind> have been biting my teeth out on that already
3821 2011-06-20 09:27:40 gsathya has quit (Ping timeout: 250 seconds)
3822 2011-06-20 09:28:21 Mender has joined
3823 2011-06-20 09:28:52 hallowworld has quit (Ping timeout: 276 seconds)
3824 2011-06-20 09:29:26 hallowworld has joined
3825 2011-06-20 09:30:33 Keefe has quit (Ping timeout: 246 seconds)
3826 2011-06-20 09:30:51 sherpishoru has quit (Quit: Page closed)
3827 2011-06-20 09:31:35 echelon has quit (Remote host closed the connection)
3828 2011-06-20 09:31:44 echelon_ has joined
3829 2011-06-20 09:32:50 sipa has quit (Changing host)
3830 2011-06-20 09:32:50 sipa has joined
3831 2011-06-20 09:32:52 neurochasm has quit (Ping timeout: 250 seconds)
3832 2011-06-20 09:34:40 Diablo-D3 has joined
3833 2011-06-20 09:36:18 jimpsson has quit (Quit: o/)
3834 2011-06-20 09:38:46 <gjs278> ;;bc,mtgox
3835 2011-06-20 09:38:52 <gribble> timed out
3836 2011-06-20 09:39:16 lorenzoIT has quit (Quit: Sto andando via)
3837 2011-06-20 09:39:20 DukeOfURL has quit (Ping timeout: 264 seconds)
3838 2011-06-20 09:39:25 rusty has quit (Quit: Leaving.)
3839 2011-06-20 09:40:25 kv39 has joined
3840 2011-06-20 09:40:34 DukeOfURL has joined
3841 2011-06-20 09:40:37 Sebastan has joined
3842 2011-06-20 09:41:06 pyro_ has quit (Ping timeout: 250 seconds)
3843 2011-06-20 09:41:27 pyro_ has joined
3844 2011-06-20 09:42:20 anarchyx has quit (Ping timeout: 264 seconds)
3845 2011-06-20 09:43:04 RealBorg has left ("Leaving")
3846 2011-06-20 09:43:12 nFvF6vtT6m has joined
3847 2011-06-20 09:43:39 <d1234> ;;bc,stats
3848 2011-06-20 09:44:06 <gribble> Error: invalid syntax (<string>, line 1)
3849 2011-06-20 09:45:37 Kurtov has joined
3850 2011-06-20 09:45:38 germanMNY has joined
3851 2011-06-20 09:45:53 <phantomcircuit> ;;bc,gen 300000
3852 2011-06-20 09:46:04 <gribble> Error: invalid syntax (<string>, line 1)
3853 2011-06-20 09:46:10 <phantomcircuit> ;;bc,calc 300000
3854 2011-06-20 09:46:21 <gribble> Error: invalid syntax (<string>, line 1)
3855 2011-06-20 09:46:24 <phantomcircuit> wat
3856 2011-06-20 09:48:36 <ne0futur> nanotube: !!!
3857 2011-06-20 09:48:40 Daviey has quit (Remote host closed the connection)
3858 2011-06-20 09:50:50 ChuckSchumer has joined
3859 2011-06-20 09:51:04 jimpsson has joined
3860 2011-06-20 09:51:56 Sebastan has quit (Ping timeout: 246 seconds)
3861 2011-06-20 09:51:57 pyro_ has quit (Disconnected by services)
3862 2011-06-20 09:52:44 jimpsson has quit (Client Quit)
3863 2011-06-20 09:52:45 kish has quit (Read error: Connection reset by peer)
3864 2011-06-20 09:53:03 Daviey has joined
3865 2011-06-20 09:53:04 kish has joined
3866 2011-06-20 09:55:42 pyro__ has joined
3867 2011-06-20 09:56:24 triplex has quit (Quit: Page closed)
3868 2011-06-20 09:57:01 <denisx> there are 100 keys in the wallet, right?
3869 2011-06-20 09:57:01 BlueMattBot has quit (Ping timeout: 252 seconds)
3870 2011-06-20 09:57:28 <nuthin> doesn't that depend on the number of adresses?
3871 2011-06-20 09:57:45 lumos has joined
3872 2011-06-20 09:57:51 <denisx> sure, but you start with 100
3873 2011-06-20 09:57:51 <mtrlt> one key per address
3874 2011-06-20 09:58:19 <denisx> I thinking about a backup solution which prints the keys as qr-codes
3875 2011-06-20 09:58:23 viggi has quit (Read error: Connection reset by peer)
3876 2011-06-20 09:58:37 pmazur_ has joined
3877 2011-06-20 09:59:53 exstntlstfrtn has joined
3878 2011-06-20 10:00:29 torsthaldo_ has joined
3879 2011-06-20 10:01:29 torsthaldo has quit (Ping timeout: 240 seconds)
3880 2011-06-20 10:02:00 d1g1t4l has joined
3881 2011-06-20 10:02:49 karnac_ has quit (Ping timeout: 240 seconds)
3882 2011-06-20 10:02:49 <D0han> d1g1t4l: paint it on wall
3883 2011-06-20 10:02:58 <D0han> denisx: ^
3884 2011-06-20 10:03:10 viggi has joined
3885 2011-06-20 10:03:14 <d1g1t4l> ?
3886 2011-06-20 10:03:22 <D0han> miss tab, nvm d1g1t4l
3887 2011-06-20 10:03:35 <d1g1t4l> heh ok
3888 2011-06-20 10:03:49 <denisx> too much to paint
3889 2011-06-20 10:04:08 <denisx> and for qr-codes there is already scanning solution available
3890 2011-06-20 10:04:22 <mtrlt> how would you store the codes?
3891 2011-06-20 10:04:38 <mtrlt> in a secure vault 1km deep in the ground?
3892 2011-06-20 10:04:59 jaybny has joined
3893 2011-06-20 10:05:01 <denisx> no, but I trust printed paper more than two disks
3894 2011-06-20 10:05:07 <mtrlt> true
3895 2011-06-20 10:05:31 <mtrlt> but you still have to store them safely :p
3896 2011-06-20 10:05:40 IncitatusOnWater has joined
3897 2011-06-20 10:05:58 <[7]> midnightmagic: http://pastie.org/private/yfna2z4don44t1tm6dcf0a
3898 2011-06-20 10:06:01 danbri has quit (Remote host closed the connection)
3899 2011-06-20 10:06:13 <jaybny> everytime i try to join bitcoin-otc.. it brings me to the foyer
3900 2011-06-20 10:06:15 aristidesfl has joined
3901 2011-06-20 10:06:22 f33x has joined
3902 2011-06-20 10:06:23 Blitzboom_ is now known as Blitzboom
3903 2011-06-20 10:06:29 Blitzboom has quit (Changing host)
3904 2011-06-20 10:06:29 Blitzboom has joined
3905 2011-06-20 10:07:57 <jaybny> ;;letmein
3906 2011-06-20 10:09:53 stamit has quit (Remote host closed the connection)
3907 2011-06-20 10:12:50 abragin has quit ()
3908 2011-06-20 10:14:19 BlueMattBot has joined
3909 2011-06-20 10:16:57 <Diablo-D3> ;;bc,mtgox
3910 2011-06-20 10:17:03 <gribble> timed out
3911 2011-06-20 10:17:07 <Diablo-D3> ;;bc,mtgox
3912 2011-06-20 10:17:13 <gribble> timed out
3913 2011-06-20 10:17:16 <Diablo-D3> goddanmit
3914 2011-06-20 10:21:31 qwebirc91214 has joined
3915 2011-06-20 10:23:02 Atterall has joined
3916 2011-06-20 10:26:06 <d1234> ;;bc,stats
3917 2011-06-20 10:26:19 EskimoBob has left ("WeeChat 0.3.5")
3918 2011-06-20 10:26:32 <gribble> Error: invalid syntax (<string>, line 1)
3919 2011-06-20 10:28:11 nFvF6vtT6m has quit (Quit: 123)
3920 2011-06-20 10:30:11 Keefe has joined
3921 2011-06-20 10:32:30 coderrr is now known as coderrr`brb
3922 2011-06-20 10:32:48 kW_ has joined
3923 2011-06-20 10:35:40 AntiVigilante has joined
3924 2011-06-20 10:36:45 oozyburglar has joined
3925 2011-06-20 10:36:52 Keefe has quit (Changing host)
3926 2011-06-20 10:36:52 Keefe has joined
3927 2011-06-20 10:36:58 oozyburglar has quit (Read error: Connection reset by peer)
3928 2011-06-20 10:37:11 coderrr`brb is now known as coderrr
3929 2011-06-20 10:37:13 DELTA9 has joined
3930 2011-06-20 10:37:15 oozyburglar has joined
3931 2011-06-20 10:38:48 Atterall has left ()
3932 2011-06-20 10:40:09 LoveBeads has joined
3933 2011-06-20 10:42:59 jogis has joined
3934 2011-06-20 10:44:17 newark73 has quit (Quit: newark73)
3935 2011-06-20 10:44:32 Lachesis has joined
3936 2011-06-20 10:44:55 kW_ has quit (Remote host closed the connection)
3937 2011-06-20 10:47:11 o_0oo has joined
3938 2011-06-20 10:48:02 KuDeTa has joined
3939 2011-06-20 10:48:03 arima has quit (Ping timeout: 260 seconds)
3940 2011-06-20 10:49:41 DELTA9 has quit (Quit: leaving)
3941 2011-06-20 10:53:53 Lachesis has quit (Ping timeout: 260 seconds)
3942 2011-06-20 10:54:31 BlueMatt has joined
3943 2011-06-20 11:02:38 amod has quit (Ping timeout: 252 seconds)
3944 2011-06-20 11:07:01 <[Tycho]> ;;bc,stats
3945 2011-06-20 11:07:27 <gribble> Error: invalid syntax (<string>, line 1)
3946 2011-06-20 11:07:28 underBit has joined
3947 2011-06-20 11:07:51 <pyro__> were can I download the stolen list?
3948 2011-06-20 11:09:02 <BlueMatt> stolen list of...?
3949 2011-06-20 11:09:37 <underBit> did ur grandmother tutor you in theft?
3950 2011-06-20 11:10:30 <pyro__> the usernames and e-mail email adresses of mtgox
3951 2011-06-20 11:10:49 <sivu> from the internet
3952 2011-06-20 11:10:59 Sylph has quit (Ping timeout: 240 seconds)
3953 2011-06-20 11:11:06 <underBit> look inside ur grandmother for the list
3954 2011-06-20 11:12:10 <BlueMatt> pyro__: you realize that was a rumor and not true...?
3955 2011-06-20 11:12:50 danbri has joined
3956 2011-06-20 11:13:17 <sivu> bluematt, so what was that accounts.csv then?
3957 2011-06-20 11:13:47 <ius> pictures of unicorns and cute kittens
3958 2011-06-20 11:14:52 <sivu> one of the lines matched the name and email i used in mtgox and nowhere else. but that just might be a coincidence
3959 2011-06-20 11:15:20 Nachtwind has left ()
3960 2011-06-20 11:15:52 <ius> Wish it was.
3961 2011-06-20 11:16:06 Sylph has joined
3962 2011-06-20 11:17:10 qwebirc91214 has quit (Quit: Page closed)
3963 2011-06-20 11:17:12 Bossland__ has joined
3964 2011-06-20 11:17:27 <gjs278> BlueMatt there most definitely is a list of them somewhere with hashes
3965 2011-06-20 11:17:50 <dsg> The list is real, as evidenced by the inordinate amount of bitcoin-related spam in my inbox (to a single-use email address for mtgox).
3966 2011-06-20 11:18:37 BlueMatt has quit (Ping timeout: 250 seconds)
3967 2011-06-20 11:20:19 Atterall has joined
3968 2011-06-20 11:20:42 Bossland_ has quit (Ping timeout: 258 seconds)
3969 2011-06-20 11:21:54 underBit has quit (Quit: Page closed)
3970 2011-06-20 11:24:18 gjs278 has quit (Read error: Connection reset by peer)
3971 2011-06-20 11:25:30 Juice2 has joined
3972 2011-06-20 11:26:01 <Juice2> Is there a trick to getting OpenCL to run for HD 6900 series cards on Linux?
3973 2011-06-20 11:26:26 gjs278 has joined
3974 2011-06-20 11:26:34 <Juice2> I'm getting a "FATAL kernel error: Failed to load OpenCL kernel!" error despite seeing the cards with aticonfig --list-adapters
3975 2011-06-20 11:26:45 <Juice2> and unpacking the license agreement
3976 2011-06-20 11:26:50 <Raccoon> interesting. ICANN plans on releasing HUNDREDS of new Top Level Domains in 2012. there goes the neighborhood... http://www.theregister.co.uk/2011/06/20/icann_expands_gtlds/
3977 2011-06-20 11:28:27 vokoda has quit (Ping timeout: 255 seconds)
3978 2011-06-20 11:28:32 larsivi has quit (Ping timeout: 246 seconds)
3979 2011-06-20 11:30:38 Atterall has quit (Quit: Changing server)
3980 2011-06-20 11:30:40 skeledrew has joined
3981 2011-06-20 11:32:19 hallowworld has quit (Read error: Operation timed out)
3982 2011-06-20 11:32:57 skeledrew has quit (Client Quit)
3983 2011-06-20 11:35:48 skeledrew has joined
3984 2011-06-20 11:36:32 AStove has quit (Read error: Operation timed out)
3985 2011-06-20 11:36:37 BlueMatt has joined
3986 2011-06-20 11:36:54 AStove has joined
3987 2011-06-20 11:37:42 <BlueMatt> until someone who has even a tiny bit of trust in the community has seen the contents of any kind of accounts.csv or smth, its just a rumor, and probably not true
3988 2011-06-20 11:38:09 <Juice2> which part is a rumor?
3989 2011-06-20 11:38:18 <tcatm> BlueMatt: do I count as "tiny bit of trust"? :)
3990 2011-06-20 11:38:23 smart990 has joined
3991 2011-06-20 11:38:34 DukeOfURL has quit (Quit: ChatZilla 0.9.87 [Firefox 4.0.1/20110413222027])
3992 2011-06-20 11:38:34 <BlueMatt> tcatm: youve seen the contents of this file?
3993 2011-06-20 11:38:42 <iera> BlueMatt: i have the file, and my account is valid
3994 2011-06-20 11:38:43 <Juice2> I have
3995 2011-06-20 11:38:51 <tcatm> Got it on my harddrive, found my two accounts in it.
3996 2011-06-20 11:38:51 <BlueMatt> hm, well that sucks
3997 2011-06-20 11:38:53 <Juice2> so is mine
3998 2011-06-20 11:39:10 <denisx> mine too
3999 2011-06-20 11:39:18 <BlueMatt> is it possible to login with that file, or are the passwords just hashed?
4000 2011-06-20 11:39:23 <iera> hashed
4001 2011-06-20 11:39:26 <denisx> hashed
4002 2011-06-20 11:39:27 <BlueMatt> and are they salted?
4003 2011-06-20 11:39:39 <tcatm> yes
4004 2011-06-20 11:39:40 <Wuked> supposedly
4005 2011-06-20 11:39:45 <jaybny> i have the file
4006 2011-06-20 11:39:57 <tcatm> except for some old accounts that never logged in after the salt was added
4007 2011-06-20 11:40:02 <jaybny> accounts.csv ... its all over the place
4008 2011-06-20 11:40:04 larsivi has joined
4009 2011-06-20 11:40:07 <cut> guesses: 1518 time: 0:11:23:48 1.46% (2) (ETA: Fri Jul 22 07:22:59 2011) c/s: 6184 trying: steph1 - stocks
4010 2011-06-20 11:40:14 <dirtyfilthy> hashed
4011 2011-06-20 11:40:37 <BlueMatt> well, that sucks
4012 2011-06-20 11:40:44 hallowworld has joined
4013 2011-06-20 11:41:21 <cut> 1835,BlueMatt,mtgox@bluematt.me,$1$eBPPP3Vz$c0Zqsnpwjy1IrSxPzHWQS0
4014 2011-06-20 11:41:26 <ius> BlueMatt: crypt, md5
4015 2011-06-20 11:41:34 <BlueMatt> well that sucks
4016 2011-06-20 11:41:53 <ius> understatement
4017 2011-06-20 11:42:01 inktri has left ()
4018 2011-06-20 11:42:06 <BlueMatt> well they are salted pw's
4019 2011-06-20 11:42:34 <BlueMatt> if people are smart it wont effect anyone...but people are never smart, I would agree that mt should force everyone to use a new pw
4020 2011-06-20 11:42:42 <BlueMatt> plus phishing
4021 2011-06-20 11:42:43 <cut> theres a couple hundred that arent salted that have already been released
4022 2011-06-20 11:42:44 <vegard> BlueMatt: did you just wake up or something? :-P the leak is real.
4023 2011-06-20 11:42:59 <BlueMatt> vegard: Ive been on vacation for the past couple weeks so...yea
4024 2011-06-20 11:43:07 <iera> BlueMatt: fyi i got a mtgox_client.exe on my mtgox address :p
4025 2011-06-20 11:43:18 <ducki2p> BlueMatt: 3% wasn't salted
4026 2011-06-20 11:43:31 <BlueMatt> well that sucks really bad for those people
4027 2011-06-20 11:43:47 <tcatm> the accounts that were not salted we're inactive anyway. thould have been converted after the next login
4028 2011-06-20 11:43:48 <vegard> mtgox is the real loser here
4029 2011-06-20 11:44:38 <jogis> vegard: no, the people whose transactions will be reversed are the real losers
4030 2011-06-20 11:44:51 <jogis> unless they transferred the btc out of mtgox, that is
4031 2011-06-20 11:44:58 Stellar has quit (Ping timeout: 246 seconds)
4032 2011-06-20 11:45:13 <picci> jogis: grats to who actually made it in time
4033 2011-06-20 11:45:32 <jogis> yeah, grats from me to them as well :)
4034 2011-06-20 11:45:33 <vegard> I tend to disagree
4035 2011-06-20 11:45:51 Stove has joined
4036 2011-06-20 11:45:53 <jogis> vegard: but then you are assuming that making profit is not good for you :>
4037 2011-06-20 11:45:56 AStove has quit (Ping timeout: 252 seconds)
4038 2011-06-20 11:46:24 <vegard> whatever gains they had were based on an illegal transaction
4039 2011-06-20 11:46:49 <vegard> or, no, it wasn't even illegal
4040 2011-06-20 11:47:11 <vegard> whatever they earned was somehow not theirs to win in the first place, I guess
4041 2011-06-20 11:47:21 hallowworld has quit (Ping timeout: 244 seconds)
4042 2011-06-20 11:48:26 <jogis> :?
4043 2011-06-20 11:49:01 <jogis> well, as a legit user of mtgox, i assume to be able to conduct business all the time when the site is up
4044 2011-06-20 11:49:21 <jogis> and the fact that some scriptkiddies did something wrong
4045 2011-06-20 11:49:28 <jogis> is none of mine problem
4046 2011-06-20 11:49:58 xert has quit (Read error: Connection reset by peer)
4047 2011-06-20 11:50:06 <picci> basically yes, and if i had the chance to get 1k btc for 0.01 i probably would've... too bad i was afk
4048 2011-06-20 11:50:39 <picci> and if i had the chance to cash those out and sell them a week later for 10kusd.. it would've been stupid not to take them in the first place
4049 2011-06-20 11:50:46 <jogis> i did get like 5 btc for 5$ each
4050 2011-06-20 11:50:53 <picci> i wish i did :(
4051 2011-06-20 11:50:53 anarchyx has joined
4052 2011-06-20 11:51:01 anarchyx has quit (Changing host)
4053 2011-06-20 11:51:01 anarchyx has joined
4054 2011-06-20 11:51:02 <jogis> but i was stupid enought to trust mtgox and not transfer my coins away
4055 2011-06-20 11:51:02 <vegard> jogis: and if you lost 400k btc because mtgox was hacked, wouldn't you say the trade should be reversed?
4056 2011-06-20 11:51:20 <picci> so... since i didn't... i would like the roll back... but i know that's just cause i didn't get any
4057 2011-06-20 11:51:24 <jogis> vegard: and it happen to whom?
4058 2011-06-20 11:51:38 <jogis> damn, my english sux badly
4059 2011-06-20 11:51:50 <jogis> vegard: are you argueing this has happened to somebody?
4060 2011-06-20 11:51:52 Bossland_ has joined
4061 2011-06-20 11:51:58 <picci> basically, i do want the rollback, cause i didn't make any $ on the whole thing that happened...
4062 2011-06-20 11:52:06 <jogis> :)))
4063 2011-06-20 11:52:08 <ducki2p> jogis: do you plan to continue to use mtgox after it comes back up?
4064 2011-06-20 11:52:14 <picci> i do
4065 2011-06-20 11:52:22 <ius> jogis: obviously someone lost 400k+
4066 2011-06-20 11:52:35 <jogis> ducki2p: i do, since i see no other alternative thus far
4067 2011-06-20 11:52:36 <picci> iusd. that could be the mtgox wallet with e1's coins in it :)
4068 2011-06-20 11:52:44 <picci> *ius
4069 2011-06-20 11:52:53 xert has joined
4070 2011-06-20 11:53:04 <jogis> ius: i think nobody lost >9000 BTC due to mtgox being hacked
4071 2011-06-20 11:53:10 airfox has quit (Quit: Leaving...)
4072 2011-06-20 11:53:18 <jogis> somebody got a trojan installed and lost his wallet
4073 2011-06-20 11:53:38 <jogis> and then the evil hax0r just tried to cash out using mtgox in some strange way
4074 2011-06-20 11:53:52 <jtaylor> that would be stupid
4075 2011-06-20 11:53:52 <jogis> by performing a no-limit trade
4076 2011-06-20 11:54:00 <jtaylor> why risk the value of the goods he's stolen
4077 2011-06-20 11:54:08 <jtaylor> just cash out slowly over the next few month
4078 2011-06-20 11:54:19 <picci> jtaylor: 4thelulz
4079 2011-06-20 11:54:25 kreal- has quit (Read error: Operation timed out)
4080 2011-06-20 11:54:37 airfox has joined
4081 2011-06-20 11:54:38 <picci> and... to cashout 100kbtc at a time, since withdraw limit was 1kusd and btc's were down to 0.01
4082 2011-06-20 11:54:40 <jogis> jtaylor: if you have a more coherent picture, i would be very happy to know it
4083 2011-06-20 11:54:42 Bossland__ has quit (Ping timeout: 252 seconds)
4084 2011-06-20 11:54:54 <jtaylor> I don't but your theory makes less sense than mtgox story
4085 2011-06-20 11:55:05 <jogis> but that *is* the mtgox story
4086 2011-06-20 11:55:09 <jogis> isin't it? :/
4087 2011-06-20 11:55:20 <jtaylor> they never said anything about a stolen wallet
4088 2011-06-20 11:55:38 <picci> jtaylor: w/d limit is 1k usd WORTH OF COINS, so if you take the value down, you can withdraw more.
4089 2011-06-20 11:55:49 <picci> makes sense ?
4090 2011-06-20 11:55:54 <jtaylor> assuming mtgox admins are stupid and didn't see that possiblity
4091 2011-06-20 11:56:02 <ius> The database was compromised, they claim it was using MySQL credentials the attacker obtained.
4092 2011-06-20 11:56:07 <vegard> jogis: you know that the database was leaked, right?
4093 2011-06-20 11:56:08 <Diablo-D3> jtaylor: singular
4094 2011-06-20 11:56:11 <jogis> jtaylor: they write that one account was compromised, but they don't point out explicitly, if it was on the user side, or the server side
4095 2011-06-20 11:56:16 <jogis> vegard: sure
4096 2011-06-20 11:56:22 <Diablo-D3> mtgox is ran by ONE person
4097 2011-06-20 11:56:44 <tcatm> wrong. mtgox is run by a company
4098 2011-06-20 11:56:44 nefario has left ()
4099 2011-06-20 11:56:51 <jtaylor> Diablo-D3: one person when implementing the cashout limit should immediatly see the flaw when using the current price
4100 2011-06-20 11:56:54 <picci> jogis: mtgox will never come back if they lost the 400kbtc
4101 2011-06-20 11:56:59 <jtaylor> I can't imagine anyone would be so dumb
4102 2011-06-20 11:57:10 <vegard> jogis: I think it's more likely that the people who got hacked did so because the database was out (doesn't justify weak passwords, however)
4103 2011-06-20 11:57:11 <picci> jtaylor: welcome to mtgox
4104 2011-06-20 11:57:12 <jtaylor> but its worrying that it has not been denied yet
4105 2011-06-20 11:57:14 <ius> jogis: fyi that was his first newspost, trying to cover it up by saying it was a single account being compromised
4106 2011-06-20 11:57:22 <ius> then the db leaked
4107 2011-06-20 11:57:30 <picci> jtaylor: they were using md5 as well... could you imagine anyone being so dumb as wel ?
4108 2011-06-20 11:57:45 <jtaylor> well thats not as bad
4109 2011-06-20 11:57:50 <jtaylor> most where at least salted
4110 2011-06-20 11:58:05 <picci> lol, as if that helps with all the gpu's people have here..
4111 2011-06-20 11:58:09 <ius> either he knew the db was compromised and he held his mouth shut, or he didn't know his db was compromised and he failed to audit his logs
4112 2011-06-20 11:58:27 <picci> the db was compromised FRIDAY from what i figured out yesterday
4113 2011-06-20 11:58:32 <jogis> vegard: well, if the person with 500k BTC in the account was using a weak password/has not logged in for 2 months (that's the condition for unsalted pws, right?), then it is sort-of a user side problem, i think
4114 2011-06-20 11:58:34 <jtaylor> it helps when the users ahve good apsswords, also multi round sha does not help against weak passwords
4115 2011-06-20 11:58:37 devon_hillard has joined
4116 2011-06-20 11:58:45 <picci> a user who put his email in on friday, didn't have his email in the db, meaning the db leak was pre FRIDAY
4117 2011-06-20 11:58:46 <Diablo-D3> [07:56:03] <jtaylor> Diablo-D3: one person when implementing the cashout limit should immediatly see the flaw when using the current price
4118 2011-06-20 11:58:51 <Diablo-D3> jtaylor: he didnt write the software.
4119 2011-06-20 11:59:03 <jtaylor> hm thats bad
4120 2011-06-20 11:59:20 <picci> they had the db before friday... so they had time to crack the hashes...
4121 2011-06-20 11:59:23 <denisx> I think the 400k was put away by mtgox itself to safe place
4122 2011-06-20 11:59:24 <jtaylor> But I still have enough faith in human intelligence, to hope that did not happen
4123 2011-06-20 11:59:31 <denisx> someone this morning said so
4124 2011-06-20 11:59:32 <picci> denisx: he never said that
4125 2011-06-20 11:59:42 <ius> He did
4126 2011-06-20 11:59:44 rm99 has joined
4127 2011-06-20 11:59:46 <ducki2p> jogis: so if you dont use a service for 2 months, its your own fault if you lose access?
4128 2011-06-20 11:59:48 <picci> denisx: if that's the case, why didn't he tell everyone and sign it ?
4129 2011-06-20 11:59:52 <jtaylor> there is no proof of it being true or false, so its just speculation at this point
4130 2011-06-20 11:59:56 <picci> ius: he said "some transfers" where his
4131 2011-06-20 11:59:58 <picci> not the 400k ones.
4132 2011-06-20 11:59:59 <ius> picci: People asked him to prove it
4133 2011-06-20 12:00:06 <picci> yeh, and he didnt...
4134 2011-06-20 12:00:12 <ius> I think he also claimed ownership of the large 400k transfer, but never proved it
4135 2011-06-20 12:00:18 <jogis> ducki2p: well, if you store 500k BTC and forget them, i think so
4136 2011-06-20 12:00:19 <picci> exactly.
4137 2011-06-20 12:00:23 <ius> Just like I do not believe there wasn't SQLi involved ;)
4138 2011-06-20 12:00:28 <jaybny> yes the 400k transfer was mtgox internal transfer
4139 2011-06-20 12:00:30 <gjs278> http://img801.imageshack.us/img801/3892/screenshotrzw.png
4140 2011-06-20 12:00:33 <picci> ius: i agree with you.
4141 2011-06-20 12:00:35 <jogis> ducki2p: but you have a point here, i agree
4142 2011-06-20 12:00:37 <gjs278> I can't wait to get like
4143 2011-06-20 12:00:42 <gjs278> hundreds of these emails now
4144 2011-06-20 12:00:44 <upb> 20 14:36 <@BlueMatt> until someone who has even a tiny bit of trust in the community has seen the contents of any kind of accounts.csv or smth, its just a rumor, and probably not true
4145 2011-06-20 12:00:48 <upb> lol
4146 2011-06-20 12:00:52 <gjs278> lol indeed
4147 2011-06-20 12:01:05 <jogis> ;)))
4148 2011-06-20 12:01:08 Faraday has quit (Read error: Connection reset by peer)
4149 2011-06-20 12:01:19 <ducki2p> jogis: its always convenient to blame the user, but at some point it is the responsibility of mtgox
4150 2011-06-20 12:01:27 <BlueMatt> hell dont blame the person who's been seeing those rumors for the past 6 months and didnt bother to read the forums
4151 2011-06-20 12:01:32 <BlueMatt> and is on vacation
4152 2011-06-20 12:01:42 <ducki2p> even though you didn't write the code yourself; he bought it and he operated it.
4153 2011-06-20 12:01:55 Faraday has joined
4154 2011-06-20 12:01:55 <jogis> ducki2p: agreed.
4155 2011-06-20 12:01:57 <jaybny> is the $1000 limit based on last mtgox price? does anyone know how many BTCs hack�er was able to withdraw?
4156 2011-06-20 12:02:05 <gjs278> they were able to draw
4157 2011-06-20 12:02:06 <gjs278> $1000
4158 2011-06-20 12:02:13 <picci> which has a limit of 100kbtc
4159 2011-06-20 12:02:13 <jaybny> hoe mant BTCs?
4160 2011-06-20 12:02:18 <picci> at 0.01usd/btc
4161 2011-06-20 12:02:25 <picci> max: 100kbtc/withdraw
4162 2011-06-20 12:02:27 <ius> ducki2p: That's what I honestly don't understand either. Apparantly he's BUSY BUSY BUSY and making quite some cash, yet refuses to hire some people?
4163 2011-06-20 12:02:35 <jogis> BlueMatt: that's not a rumour, the accounts.csv is floating out there somewhere (was upped to rapidshare and ifile), and it is legit (my pw checks)
4164 2011-06-20 12:02:40 <picci> ius: more money for him...
4165 2011-06-20 12:02:43 <jaybny> picci question is what price was used to calulate the max!
4166 2011-06-20 12:02:49 <upb> < vegard> jogis: and if you lost 400k btc because mtgox was hacked, wouldn't you say the trade should be reversed?
4167 2011-06-20 12:02:50 <BlueMatt> jogis: yes, Ive seen that if you read scrollback :)
4168 2011-06-20 12:02:52 <ius> It's irresponsible..
4169 2011-06-20 12:02:54 <ducki2p> hiring good people is hard though
4170 2011-06-20 12:02:59 Atterall has joined
4171 2011-06-20 12:03:02 <picci> jaybny: well, worst case scenario is .01
4172 2011-06-20 12:03:06 <jogis> picci: are you even sure there was a limit on btc withdrawals?
4173 2011-06-20 12:03:08 <tcatm> can you move the non-dev discussion to #bitcoin?
4174 2011-06-20 12:03:08 <ducki2p> especially when so much money is involved
4175 2011-06-20 12:03:19 <upb> ^- btw there are not just 2 solutions 1) revert trades (users pay for the error) 2) not revert trades (400k user doesnt get btc back)
4176 2011-06-20 12:03:22 <jaybny> picci.. does anyone know the answer?
4177 2011-06-20 12:03:25 <picci> jogis: that's what MT said.
4178 2011-06-20 12:03:34 <picci> jaybny: dunno
4179 2011-06-20 12:03:36 <upb> there are 3) trades not reverted, mtgox pays this 400k for damages to the user
4180 2011-06-20 12:03:41 <jogis> picci: ok, then the strategy of the hacker makes total sense
4181 2011-06-20 12:03:44 gavinandresen has joined
4182 2011-06-20 12:03:58 <picci> jogis: it does, and it's f**** smart
4183 2011-06-20 12:04:02 <jaybny> trades will be reverted.. end of story
4184 2011-06-20 12:04:03 <cacheson> tcatm: agreed. go away, guys :P
4185 2011-06-20 12:04:18 <gjs278> I'd do it if the ? wasn't tacked on
4186 2011-06-20 12:04:27 <phantomcircuit> gjs278, there are well known and trivially exploitable ways to move more than 1k USD in BTC off of mtgox in 1 day
4187 2011-06-20 12:04:34 <jogis> yeah, we should start #bitcoin-mtgox
4188 2011-06-20 12:04:35 <gjs278> different accounts
4189 2011-06-20 12:04:42 <phantomcircuit> gjs278, yes
4190 2011-06-20 12:04:46 <ducki2p> fair enough, moving to #bitcoin
4191 2011-06-20 12:04:47 xelister has joined
4192 2011-06-20 12:04:54 <cacheson> ducki2p: thank you
4193 2011-06-20 12:04:55 <xelister> THE JUST JUST GOT VERTICAL
4194 2011-06-20 12:04:55 f33x has quit (Quit: f33x)
4195 2011-06-20 12:04:58 <phantomcircuit> intra mtgox trades are not counted towards
4196 2011-06-20 12:04:59 <xelister> THE SHIT JUST GOT VERTICAL
4197 2011-06-20 12:05:25 <xelister> SELL SELL SELL @0.01 mtgox :-}
4198 2011-06-20 12:05:31 nefario has joined
4199 2011-06-20 12:05:37 sirius has quit (Remote host closed the connection)
4200 2011-06-20 12:05:46 <xelister> seriously though, what do you think it has impact on bitcoin economy, will btc not collapse
4201 2011-06-20 12:05:47 <phantomcircuit> xelister, rofl
4202 2011-06-20 12:05:57 <phantomcircuit> xelister, other exchanges are up and trading
4203 2011-06-20 12:05:59 <jogis> xelister: calm down, dude
4204 2011-06-20 12:06:06 <cacheson> xelister: #bitcoin or #bitcoin-otc please
4205 2011-06-20 12:06:17 Phoebus has joined
4206 2011-06-20 12:06:24 <phantomcircuit> he is trolling
4207 2011-06-20 12:06:26 <phantomcircuit> jeez
4208 2011-06-20 12:06:34 <gjs278> yeah take it to #bitcoin-trolling
4209 2011-06-20 12:06:40 <upb> hah
4210 2011-06-20 12:06:41 <phantomcircuit> lollolol
4211 2011-06-20 12:06:49 <xelister> cacheson: nollock please, #bitcoin-dev is always channel for interesting discussion not just actuall development of officiall client
4212 2011-06-20 12:07:07 <upb> jaybny: yeah but whether its fair or not is another q
4213 2011-06-20 12:07:27 <cacheson> xelister: it's for dev talk
4214 2011-06-20 12:07:35 <cacheson> which this is clearly not
4215 2011-06-20 12:07:39 <xelister> guys, seriously now. Do you think this mtgox problem will have serious impact on project development, the PR and in the end the prices
4216 2011-06-20 12:07:49 <jaybny> upb.. all exchanges do it... those were not real orders.. those were fruadulant orders
4217 2011-06-20 12:07:54 jogis has left ()
4218 2011-06-20 12:08:52 Geebus is now known as Coding!b84c0259@gateway/web/freenode/ip.184.76.2.89|Geebus|Away
4219 2011-06-20 12:08:52 Juice2 has quit (Quit: Page closed)
4220 2011-06-20 12:09:10 <xelister> we where about to develop few things for say 500 btc, but heaving lost(?) 500 usd with mtgox and now risk of prices going down it's really a bit of a dark monday.
4221 2011-06-20 12:09:18 agricocb has quit (Quit: Leaving.)
4222 2011-06-20 12:10:27 <sivu> yeah, cloudy, possibly starting to rain
4223 2011-06-20 12:10:40 <sivu> dark
4224 2011-06-20 12:11:37 <upb> jaybny: exchanges or brokers?
4225 2011-06-20 12:11:38 airfox has quit (Remote host closed the connection)
4226 2011-06-20 12:11:46 <jaybny> exchanges
4227 2011-06-20 12:11:52 <upb> eyactly
4228 2011-06-20 12:12:01 <xelister> jaybny: they do what, reverse fraudlet orders?
4229 2011-06-20 12:12:01 airfox has joined
4230 2011-06-20 12:12:11 <upb> and in this case the broker was compromised not exchange
4231 2011-06-20 12:12:27 <jaybny> yes - when there is s fat finger.... or even duringthe flash crash..
4232 2011-06-20 12:12:39 <xelister> well to rollback, mtgox needs to come up with 500,000 usd overnight to cover the losses of the bitcoin that was already taken out
4233 2011-06-20 12:12:40 <jaybny> many stocks went to .01 and back to 50.. trades were reversed
4234 2011-06-20 12:12:53 <jaybny> xelister 500k was not taken out
4235 2011-06-20 12:13:07 <xelister> jaybny: how do you know?
4236 2011-06-20 12:13:16 smart990 has quit (Quit: Page closed)
4237 2011-06-20 12:13:34 <xelister> there was link to blockexplorer block with big fat ~400,000 transaction
4238 2011-06-20 12:13:40 <Diablo-D3> lol xel is back on ignore
4239 2011-06-20 12:13:48 <jaybny> xelister that was mtgox
4240 2011-06-20 12:13:51 <upb> if btc trading bots would drive the price to 0.01 +2 "Ã*= 8& #*)2+4+& 8*2 +9 26+) ()& 9Ã
4241 2011-06-20 12:13:57 <sivu> xelister, that was just mtgox moving their coins to another place
4242 2011-06-20 12:14:02 <Diablo-D3> xchat hates xelister
4243 2011-06-20 12:14:13 <xelister> Diablo-D3: you fail at using irc clients ;)
4244 2011-06-20 12:14:16 <upb> *it would be justified but in this case no
4245 2011-06-20 12:14:21 <Diablo-D3> xelister: not at all
4246 2011-06-20 12:14:24 <Diablo-D3> it just hates you
4247 2011-06-20 12:14:32 <Diablo-D3> I wonder how long its been like that
4248 2011-06-20 12:14:35 <xelister> Diablo-D3: actually it seems to hate YOU ;)
4249 2011-06-20 12:14:40 <Blitzboom> how long has mtgox been online since selloff started?
4250 2011-06-20 12:14:49 <jaybny> anyone that has been trading stocks and futures for many years knows that this wont effect the price of BTCs.. (assuming all news out of mtgox is true)
4251 2011-06-20 12:14:52 <Diablo-D3> Blitzboom: since it happened
4252 2011-06-20 12:15:03 <Blitzboom> Diablo-D3: i mean, how long until it was taken offline
4253 2011-06-20 12:15:05 <Diablo-D3> jaybny: yeah but people suck
4254 2011-06-20 12:15:11 sirius-m has quit (Remote host closed the connection)
4255 2011-06-20 12:15:14 <Diablo-D3> Blitzboom: about an hour or two
4256 2011-06-20 12:15:38 <Blitzboom> 1-2 hours? i donât believe there wouldnât have been any bitcoin withdrawals that were bought during the panic sell
4257 2011-06-20 12:15:43 <Diablo-D3> Blitzboom: it wasnt enough time to start cracking md5s
4258 2011-06-20 12:16:04 <Diablo-D3> he'll probably have to clean up the mess afterwards
4259 2011-06-20 12:16:05 <Blitzboom> which would make a market rollback difficult
4260 2011-06-20 12:16:10 <xelister> Diablo-D3: some idiots used login==password even, and other accounts where also broken in minutes
4261 2011-06-20 12:16:12 <Diablo-D3> but nothing of interest was stolen
4262 2011-06-20 12:16:18 <Diablo-D3> xelister: not quite.
4263 2011-06-20 12:16:20 <jaybny> mtgox will conpensate anyone whos trades get rolled back, but the user withdraw the coins.
4264 2011-06-20 12:16:21 <Blitzboom> well, you canât rollback bitcoin transactions â¦
4265 2011-06-20 12:16:22 <xelister> Diablo-D3: how can you be sure not much was withdrawn
4266 2011-06-20 12:16:24 <Diablo-D3> and yes, there are faggots who used password
4267 2011-06-20 12:16:32 <Diablo-D3> xelister: he thinks less than 500btc was stolen
4268 2011-06-20 12:16:36 <xelister> jaybny: that would be nice, but how much was stolen?
4269 2011-06-20 12:16:39 <Diablo-D3> Blitzboom: you can
4270 2011-06-20 12:16:42 <Blitzboom> jaybny: so a few people get free bitcoins?
4271 2011-06-20 12:16:45 <Diablo-D3> Blitzboom: he'll replace the btc.
4272 2011-06-20 12:16:49 <Blitzboom> Diablo-D3: with 50% of the mining power, blabla
4273 2011-06-20 12:17:08 <jaybny> apparently not much was stolen.. and mtgox has been making $50k a day in comissions..
4274 2011-06-20 12:17:10 RobboNZ has quit (Ping timeout: 240 seconds)
4275 2011-06-20 12:17:18 <Diablo-D3> and hes not even sure if it was stolen
4276 2011-06-20 12:17:33 <xelister> Diablo-D3: why in the world the attacker would NOT take out ALL coins after he dumped thousands of BTC to drive price to 0.01 ? then he could take out tons of BTC, like 1000*100 = 100,000, the rule is "1000 usd WORTH of bitcoins in CURRENT RATE per account per day"
4277 2011-06-20 12:17:34 <Blitzboom> how did he even know?!
4278 2011-06-20 12:17:52 <jtaylor> xelister: probably because he couldn't
4279 2011-06-20 12:17:52 <Blitzboom> how do we know they account with the coins was compromised?
4280 2011-06-20 12:18:02 <Diablo-D3> Blitzboom: it was sent to new addresses and addresses that were linked to multiple accounts
4281 2011-06-20 12:18:13 <Diablo-D3> most likely they're addresses owned by the attacker
4282 2011-06-20 12:18:17 <Gekz> how do you know he wont just chuck a reserve bank and "print more bitcoins"?
4283 2011-06-20 12:18:21 <jaybny> Nobody knows how mtgox calculates the $1000 limit.
4284 2011-06-20 12:18:42 <Diablo-D3> xelister: he can take the coins without the passwords
4285 2011-06-20 12:18:52 <Blitzboom> jaybny: they just take the market rate
4286 2011-06-20 12:19:00 <jaybny> anyways... before a withdraw happens.. mtgox needs to get the coins from their own wallet.. im sure teh software has a hard limit to get human approval.
4287 2011-06-20 12:19:07 <Blitzboom> which is probably why the selloff happened in the first place
4288 2011-06-20 12:19:09 <jaybny> Blitzboom.. are you sure?
4289 2011-06-20 12:19:11 <Diablo-D3> xelister: and easy passwords like "password" are immaterial to the attack... they were easy to guess WITHOUT the hashes.
4290 2011-06-20 12:19:17 <Blitzboom> jaybny: pretty sure
4291 2011-06-20 12:19:23 <jaybny> I heard the opposite
4292 2011-06-20 12:19:33 <Blitzboom> what would be the opposite?
4293 2011-06-20 12:19:43 <BlueMatt> sipa: around?
4294 2011-06-20 12:20:01 <Diablo-D3> this is also why Im not handling authentication locally
4295 2011-06-20 12:20:01 <jaybny> That its not market rate.. but a mrket rate from start of trading day or something
4296 2011-06-20 12:20:08 <Diablo-D3> if something goes wrong, its not going to be in my shit.
4297 2011-06-20 12:20:27 <Blitzboom> hm, hopefully, jaybny
4298 2011-06-20 12:20:44 <xelister> BlueMatt: now would be a good time for bitcoin leaders to make some officiall announcmenet, includig how it is NOT bitcoin's fault, same as it is not paper money's fault if someone robs a bank
4299 2011-06-20 12:20:56 <Diablo-D3> xelister: what leaders?
4300 2011-06-20 12:20:57 <Blitzboom> i blame satoshi
4301 2011-06-20 12:20:58 <sipa> BlueMatt: yes
4302 2011-06-20 12:21:02 <jaybny> all we need to do is find out how many BTC were stolen.. we know it was "only $1000" but that doesnt meen anything w/o an exchange rate
4303 2011-06-20 12:21:07 <Blitzboom> he shouldâve seen this would happen!
4304 2011-06-20 12:21:08 <xelister> Diablo-D3: I had main developers and bitcoin.org maintainers in mind
4305 2011-06-20 12:21:08 <ShadeS> it's the auditors fault
4306 2011-06-20 12:21:13 <Diablo-D3> jaybny: he believes its about 500btc
4307 2011-06-20 12:21:22 <ShadeS> his name should be named
4308 2011-06-20 12:21:26 <Blitzboom> ShadeS: itâs mtgoxâ fault the auditor had access to this shit
4309 2011-06-20 12:21:29 <ShadeS> so people can find him and rough him the hell up
4310 2011-06-20 12:21:31 <Diablo-D3> ShadeS: there is no auditor.
4311 2011-06-20 12:21:38 <xelister> Diablo-D3: how it could be just 500 btc. Hacker obviously had access to manu accounts
4312 2011-06-20 12:21:41 <ShadeS> what do you mean there is no auditor?
4313 2011-06-20 12:21:42 <jaybny> wow.. so it was market at $2 a btc
4314 2011-06-20 12:21:46 <Diablo-D3> xelister: he didnt have the passwords
4315 2011-06-20 12:21:47 <xelister> so many accounts that he dumped enough coins to get price to 0.01
4316 2011-06-20 12:21:52 <Diablo-D3> xelister: only the hashes for the passwords
4317 2011-06-20 12:22:05 <xelister> Diablo-D3: ok but say 50 where idiotic passwords etc
4318 2011-06-20 12:22:10 <jaybny> the selling was 1 big fat order to .01 .. it took 30 minutes to fill that order
4319 2011-06-20 12:22:14 <BlueMatt> sipa: does ecdsa key derivation easily speed up on gpus?
4320 2011-06-20 12:22:15 <Diablo-D3> xelister: yes, but those passwords are immaterial
4321 2011-06-20 12:22:20 <Gekz> it was the CIA.
4322 2011-06-20 12:22:21 <Gekz> Discuss.
4323 2011-06-20 12:22:24 <xelister> he could use say 50 accounts to get out say 50*1000 btc's
4324 2011-06-20 12:22:24 <Diablo-D3> bluematt: no
4325 2011-06-20 12:22:32 germanMNY has quit (Quit: WeeChat 0.3.4)
4326 2011-06-20 12:22:33 <BlueMatt> nice
4327 2011-06-20 12:22:34 <Diablo-D3> xelister: do you know what a password hash looks like?
4328 2011-06-20 12:22:58 <edcba> it looks like a bitcoin address ! :)
4329 2011-06-20 12:23:02 <sipa> BlueMatt: you mean the operation of calculating a public key from a private key?
4330 2011-06-20 12:23:08 <jaybny> it wasnt at .01 for too long.. anyways mtgox was very slow... at the time.. so hacker was an idiot
4331 2011-06-20 12:23:09 <BlueMatt> yes
4332 2011-06-20 12:23:23 <xelister> Diablo-D3: did you read the forum how entier hash + SALT was leaked, how no extra salt (e.g. in source code or anywhere besides main DB) was used, and how people in forum cracked tens of accounts in minuts just for fun with jonny the ripper
4333 2011-06-20 12:23:32 <Diablo-D3> xelister: /me shrugs.
4334 2011-06-20 12:23:41 <Diablo-D3> this is why you dont keep money or coins in mtgox.
4335 2011-06-20 12:23:55 <jaybny> 2 minutes after it hit $0.01 it was at $14
4336 2011-06-20 12:24:00 <sipa> BlueMatt: hmmm, let me think
4337 2011-06-20 12:24:05 <xelister> well Im more concerned about how much coins are in hands of violet hackers
4338 2011-06-20 12:24:13 <Diablo-D3> xelister: Im not
4339 2011-06-20 12:24:24 <sipa> BlueMatt: i don't dare saying
4340 2011-06-20 12:24:27 <Diablo-D3> tux has already said he'd replace any ones that have actually been stolen to the best of his ability
4341 2011-06-20 12:24:30 <xelister> if they have say 50,000 actuall BTC, they can any time drop them on all exchanges, lowering price a lot
4342 2011-06-20 12:24:33 <BlueMatt> sipa: your guess would be?
4343 2011-06-20 12:24:45 <Diablo-D3> xelister: they have about 500.
4344 2011-06-20 12:24:50 <Diablo-D3> anyhow, take it up with tux
4345 2011-06-20 12:24:51 <xelister> Diablo-D3: if 400,000 btc would be stolen, then I doubt he can cover
4346 2011-06-20 12:25:06 <Diablo-D3> xelister: if 400k is stolen, then I need to open the BDIC.
4347 2011-06-20 12:25:09 <xelister> now I think not of our mere 500 usd
4348 2011-06-20 12:25:11 <Diablo-D3> bitcoin deposit insurance company.
4349 2011-06-20 12:25:25 <xelister> but of possible medium term (at least) collapse of btc value
4350 2011-06-20 12:25:32 <sipa> BlueMatt: it uses 256-bit integer arithmetic, i think that's hard to do on gpu's
4351 2011-06-20 12:25:36 <xelister> 1) lost of trust (FUD like "btc is insecure, see?")
4352 2011-06-20 12:25:44 <Diablo-D3> xelister: you know what?
4353 2011-06-20 12:25:48 <Diablo-D3> you're annoying the shit out of people.
4354 2011-06-20 12:25:52 <Diablo-D3> and I have work to do.
4355 2011-06-20 12:25:54 <xelister> 2) hackers quickly dumping lots of btc on all markets, and panicking people doing the same
4356 2011-06-20 12:25:59 <BlueMatt> sipa: ah, ok...so probably not, but dont depend on it, sounds good
4357 2011-06-20 12:25:59 nocreativenick1 has quit (Read error: Connection reset by peer)
4358 2011-06-20 12:26:09 oozyburglar has quit (Ping timeout: 276 seconds)
4359 2011-06-20 12:26:18 kreal- has joined
4360 2011-06-20 12:26:29 nocreativenick1 has joined
4361 2011-06-20 12:26:35 <sipa> BlueMatt: you need to do 256 times the ec point doubling/addition algorithm
4362 2011-06-20 12:26:48 <Zoiah> xelister: those tens of accounts were stupid passwords.
4363 2011-06-20 12:27:00 datagutt has joined
4364 2011-06-20 12:27:17 <Zoiah> xelister: and the majority of the passwords were salted properl. Only some old accounts weren't.
4365 2011-06-20 12:27:42 <xelister> Zoiah: possibly, but how this helps
4366 2011-06-20 12:27:44 <sipa> BlueMatt: maybe you can accelerate on such doubling/adding step on a gpu, and combine the data from the cpu
4367 2011-06-20 12:27:47 <sipa> BlueMatt: why, actually?
4368 2011-06-20 12:28:04 <xelister> anyone knows mroe exactly how much BTC made from fraudlet trades did actually left mtgox then?
4369 2011-06-20 12:28:24 Guest16052 has quit (Quit: I think, therefore I think I am)
4370 2011-06-20 12:28:42 <ersi> xelister: Three million billions
4371 2011-06-20 12:28:47 ducki2p has left ()
4372 2011-06-20 12:28:52 <mtrlt> umm isn't implementing 256 bit integer arithmetic just as hard to do on a GPU as on a CPU? i.e. not hard at all
4373 2011-06-20 12:29:08 <sivu> yes
4374 2011-06-20 12:29:18 <BlueMatt> sipa: gavin suggested one might strip out the constant bits before encrypting on wallet crypto so that to check you need to ecdsa derive, sha256, ripemd160
4375 2011-06-20 12:29:19 <xelister> ersi: if you don't have anything to say, why not stfu?
4376 2011-06-20 12:29:41 <ersi> xelister: Likewise.
4377 2011-06-20 12:29:43 <molecular> sipa, your showwallet patch works nicely... is there a way to remove a privkey from a wallet?
4378 2011-06-20 12:29:49 <sipa> mtrlt: well yes, but it's a long computation
4379 2011-06-20 12:29:49 <BlueMatt> sipa: sounds like a good idea even if you can ecdsa accelerate well on gpus
4380 2011-06-20 12:30:25 <sipa> what do you mean with strip out constant bits?
4381 2011-06-20 12:30:43 <BlueMatt> the constant stuff thats currently encrypted which represents curve and some other crap
4382 2011-06-20 12:30:44 <xelister> ersi: question was can we follow how much coins left mtgox.
4383 2011-06-20 12:30:51 <BlueMatt> (in vchPrivKeys)
4384 2011-06-20 12:31:22 <ersi> xelister: No, not without knowing the transactions
4385 2011-06-20 12:31:24 <mtrlt> sipa: but i'd still assume it's quite a bit faster on a gpu :P
4386 2011-06-20 12:31:29 <ersi> So that's up to Goxers
4387 2011-06-20 12:32:08 anarchyx has quit ()
4388 2011-06-20 12:32:12 <sipa> BlueMatt: so just store the private parameter, like i suggested already a long time ago? :)
4389 2011-06-20 12:32:31 <BlueMatt> exactly, except now there is an actual reason to do it
4390 2011-06-20 12:32:34 <BlueMatt> ;)
4391 2011-06-20 12:32:38 <sipa> but indeed, that's an advantage i didn't think about
4392 2011-06-20 12:32:57 <jaybny> BlueMatt word is 200-300 coins
4393 2011-06-20 12:33:11 <BlueMatt> in any case, Ill do that when I rebase and add random salts
4394 2011-06-20 12:33:16 <BlueMatt> jaybny: tab complete fail?
4395 2011-06-20 12:33:42 kcsrnd has quit (Ping timeout: 255 seconds)
4396 2011-06-20 12:33:59 <xelister> x is not even close to b ;)
4397 2011-06-20 12:34:32 <upb> wouldnt not storing the curve close upgrade path to another one in case its needed?
4398 2011-06-20 12:34:45 <sipa> you would need to store a version number with it
4399 2011-06-20 12:35:01 <sipa> as the address format is currently hardlinked to a specific curve and algorithm too
4400 2011-06-20 12:35:01 <BlueMatt> wallet already has a version number in it, doesnt it?
4401 2011-06-20 12:35:16 <sipa> i wouldn't rely on that
4402 2011-06-20 12:35:35 <xelister> jaybny: you say that 200-300 btc only left mtgox.com due to the heist?
4403 2011-06-20 12:35:36 <vegard> don't you need more than 256 bit integer arithmetic? I thought the private key was 279 bits
4404 2011-06-20 12:35:51 <vegard> hm, wait, no, more. 512 bits
4405 2011-06-20 12:35:51 <sipa> vegard: 279 bytes, with all the clutter
4406 2011-06-20 12:35:57 <BlueMatt> well the point is to not have any constant bits/bytes in the key, so adding version is also worthless
4407 2011-06-20 12:36:22 <sipa> no the point is not having the public key in there
4408 2011-06-20 12:36:32 DukeOfURL has joined
4409 2011-06-20 12:36:32 <BlueMatt> you currently dont
4410 2011-06-20 12:36:37 <sipa> you do
4411 2011-06-20 12:36:48 <BlueMatt> well you need that in unencrypted so you can check, and thats the IV
4412 2011-06-20 12:36:51 <sipa> the 279 byte ecdsa private key representation contains the public key
4413 2011-06-20 12:36:54 <BlueMatt> so you need it with the way its done now
4414 2011-06-20 12:37:01 <BlueMatt> it does?
4415 2011-06-20 12:37:03 <sipa> yes
4416 2011-06-20 12:37:14 <BlueMatt> wait, how many bytes is the pubkey?
4417 2011-06-20 12:37:29 <sipa> serialized pubkey 65 bytes, of which 64 bytes useful
4418 2011-06-20 12:37:34 agricocb has joined
4419 2011-06-20 12:37:40 <sipa> serialized privkey 279 bytes, of which 32 bytes useful
4420 2011-06-20 12:37:56 <BlueMatt> 32 + 64 != 279?
4421 2011-06-20 12:38:02 <BlueMatt> whats the rest?
4422 2011-06-20 12:38:03 <upb> you want to reduce known plaintext? why not store everything thats needed and only encrypt the private portion
4423 2011-06-20 12:38:08 <sipa> BlueMatt: the constant parts
4424 2011-06-20 12:38:14 <sipa> curve and field parameters
4425 2011-06-20 12:38:19 <BlueMatt> wow, no constant isnt that big
4426 2011-06-20 12:38:25 <sipa> it is
4427 2011-06-20 12:38:33 <vegard> oh, it contains the parameters?
4428 2011-06-20 12:38:34 <BlueMatt> I thought it was like first 10-20 bytes?
4429 2011-06-20 12:38:40 <sipa> it's much more
4430 2011-06-20 12:38:52 <BlueMatt> oh, well I suppose Im much mistaken
4431 2011-06-20 12:39:04 <sipa> there are constant parts all over the privkey
4432 2011-06-20 12:39:07 <BlueMatt> so, all you actually need is last 32 bytes and you can regen the rest?
4433 2011-06-20 12:39:17 <BlueMatt> oh, ok its not just first x bytes
4434 2011-06-20 12:39:17 <sipa> not sure it's the last 32 bytes
4435 2011-06-20 12:39:34 <sipa> but you need some 32 bytes from it (my dumpprivkey patch has the code to extract it)
4436 2011-06-20 12:39:42 <sipa> and i would suggest a version byte as well
4437 2011-06-20 12:39:56 <BlueMatt> version byte ruins the whole point
4438 2011-06-20 12:40:00 <sipa> why?
4439 2011-06-20 12:40:31 <sipa> the point is that you need an ec multiplication to find if a decrypted privkey is valid
4440 2011-06-20 12:40:40 <sipa> ... right
4441 2011-06-20 12:40:44 * sipa shuts up
4442 2011-06-20 12:40:50 scott` has quit (Ping timeout: 240 seconds)
4443 2011-06-20 12:41:01 M4v3R has joined
4444 2011-06-20 12:41:31 <sipa> you can put a version byte in the unencrypted part though
4445 2011-06-20 12:41:35 <sipa> or in the key
4446 2011-06-20 12:41:48 <M4v3R> Hello all
4447 2011-06-20 12:41:57 da2ce7 has quit ()
4448 2011-06-20 12:42:17 <M4v3R> Anybody knows if there is any way to get the address of generated coins from bitcoind?
4449 2011-06-20 12:42:17 <upb> thats what i suggested, split the data up, encypt only private key
4450 2011-06-20 12:42:26 <BlueMatt> hm, yea maybe ekey becomes unencrypted version + crypted stuff
4451 2011-06-20 12:42:39 <BlueMatt> upb: thats sort of what already happens
4452 2011-06-20 12:42:40 <tcatm> M4v3R: does listtransactions work?
4453 2011-06-20 12:42:43 <M4v3R> Like the coins that came from Eligius pool
4454 2011-06-20 12:42:45 <xelister> M4v3R: is it in listtransactions
4455 2011-06-20 12:42:46 <upb> oh
4456 2011-06-20 12:42:46 <M4v3R> tcatm: no
4457 2011-06-20 12:43:05 <tcatm> can you pastebin a sample listtransactions entry with a generation tx?
4458 2011-06-20 12:43:10 <sipa> key="ekey"+versionbyte+pubkey, value=aes(privkey)
4459 2011-06-20 12:43:15 <sipa> BlueMatt: good?
4460 2011-06-20 12:43:25 <M4v3R> http://pastebin.com/jK3atM0A
4461 2011-06-20 12:43:46 TommyBoy3G has quit ()
4462 2011-06-20 12:44:14 <tcatm> M4v3R: work around: fetch from bbe http://blockexplorer.com/tx/4831d72522553ecca8d0226a708596f3ce30a3520989ebfa889364a583733000
4463 2011-06-20 12:44:25 <M4v3R> tcatm, it's an ugly workaround
4464 2011-06-20 12:44:36 <tcatm> yep
4465 2011-06-20 12:44:40 <M4v3R> And will all respect to your service, because this is for BitMarket exchange
4466 2011-06-20 12:44:46 <M4v3R> I would like to rely on data from bitcoind
4467 2011-06-20 12:44:52 <M4v3R> And not to rely on external data
4468 2011-06-20 12:45:30 iToast has joined
4469 2011-06-20 12:45:31 <M4v3R> Any other tool to examine block dat files or something
4470 2011-06-20 12:45:31 <iToast> ..
4471 2011-06-20 12:45:33 <M4v3R> To get this?
4472 2011-06-20 12:45:36 <Blitzboom> is bitomat for real?
4473 2011-06-20 12:45:39 <Blitzboom> 40 zloty?
4474 2011-06-20 12:45:46 <M4v3R> Blitzboom: yeah
4475 2011-06-20 12:45:47 <M4v3R> :D
4476 2011-06-20 12:45:52 <iToast> I warned you guys somone would write a bitcoin virus
4477 2011-06-20 12:45:54 <iToast> i was ignored
4478 2011-06-20 12:45:54 <Blitzboom> ok, so thatâs ~14 USD
4479 2011-06-20 12:45:55 <iToast> Brabo
4480 2011-06-20 12:45:57 <M4v3R> tcatm: How do you get this info on bbe?
4481 2011-06-20 12:45:59 * iToast claps for you
4482 2011-06-20 12:46:01 <BlueMatt> sipa: no, key is and always will be, unencrypted, ekey could be key = pubkey value = version+crypted stuff
4483 2011-06-20 12:46:06 <Blitzboom> why the hell is bitcoin not dropping further? :D
4484 2011-06-20 12:46:12 <iToast> Now thousands of bitcoins are geting stolen by a trojan XD
4485 2011-06-20 12:46:13 <copumpkin> Blitzboom: cause it's stuck
4486 2011-06-20 12:46:19 <tcatm> M4v3R: I don't run bbe, but the info is in the blockchain. I'll see whether it's easy to add to listtransactions
4487 2011-06-20 12:46:22 <Blitzboom> no, the trades are recent, copumpkin
4488 2011-06-20 12:46:29 T_X has quit (Ping timeout: 276 seconds)
4489 2011-06-20 12:46:31 <mtrlt> it might be differnet once mtgox gets back online :P
4490 2011-06-20 12:46:35 <copumpkin> Blitzboom: where?
4491 2011-06-20 12:46:40 <M4v3R> tcatm: It's an old problem
4492 2011-06-20 12:46:43 <Blitzboom> see time on http://bitcoincharts.com/markets/
4493 2011-06-20 12:46:51 <Blitzboom> bitomat is recent
4494 2011-06-20 12:46:51 <iToast> hey
4495 2011-06-20 12:46:58 <iToast> So how do you mine bitcoin blocks
4496 2011-06-20 12:47:01 <iToast> Like how does that work?
4497 2011-06-20 12:47:07 <M4v3R> Many ppl got confused when for example they pointer their eligius workers to mybitcoin.com or other services
4498 2011-06-20 12:47:11 <iToast> Trace processing power for bitcoins?
4499 2011-06-20 12:47:17 anarchyx has joined
4500 2011-06-20 12:47:23 anarchyx has quit (Changing host)
4501 2011-06-20 12:47:23 anarchyx has joined
4502 2011-06-20 12:47:23 <M4v3R> We can't handle these transactions because bitcoind doesn't give us the address of generation
4503 2011-06-20 12:47:55 <iToast> ...
4504 2011-06-20 12:47:57 <M4v3R> Blitzboom: Now the polish exchange are setting the price
4505 2011-06-20 12:47:58 <M4v3R> :D
4506 2011-06-20 12:48:02 <M4v3R> *exchanges
4507 2011-06-20 12:48:06 <M4v3R> brb
4508 2011-06-20 12:48:27 <iToast> How do bitcoins work
4509 2011-06-20 12:48:28 <iToast> Like the mining
4510 2011-06-20 12:48:30 karnac has joined
4511 2011-06-20 12:48:36 <iToast> Is it trading processing power for coins?
4512 2011-06-20 12:48:44 <iToast> and were goes all this processing power go..
4513 2011-06-20 12:48:51 Faraday has quit ()
4514 2011-06-20 12:48:52 TommyBoy3G has joined
4515 2011-06-20 12:49:13 GuitarJJ has joined
4516 2011-06-20 12:49:13 <xelister> bikcmp: bitomat is polish \o/
4517 2011-06-20 12:49:16 oozyburglar has joined
4518 2011-06-20 12:49:17 <xelister> Blitzboom: ^
4519 2011-06-20 12:49:18 polakmaly has joined
4520 2011-06-20 12:49:33 <sipa> BlueMatt: with 'key=' i mean the first part of the key-value-pair in the database, not the type of record used
4521 2011-06-20 12:49:38 BubbleBoy has joined
4522 2011-06-20 12:49:52 weinerk has quit (Quit: #bitcoin-watch)
4523 2011-06-20 12:50:08 <Blitzboom> MTGOX Y U LET THIS HAPPEN
4524 2011-06-20 12:50:24 <Blitzboom> all of this is pretty depressing, because it had to happen
4525 2011-06-20 12:50:27 iToast has quit (Quit: Page closed)
4526 2011-06-20 12:50:32 <BlueMatt> sipa: I prefer version to be in value before crypted stuff
4527 2011-06-20 12:50:40 <BlueMatt> sipa: not hard to strip one byte off
4528 2011-06-20 12:50:45 weinerk has joined
4529 2011-06-20 12:50:51 GuitarJJ has quit (Client Quit)
4530 2011-06-20 12:51:08 weinerk has quit (Changing host)
4531 2011-06-20 12:51:08 weinerk has joined
4532 2011-06-20 12:51:08 <xelister> Blitzboom: yeah this is a huge wtf. Actually we're talking at #bitcoin >_>
4533 2011-06-20 12:51:21 <BlueMatt> sipa: but it doesnt really matter, either way
4534 2011-06-20 12:51:28 <sipa> indeed
4535 2011-06-20 12:51:32 kish_ has joined
4536 2011-06-20 12:51:52 kish has quit (Read error: Operation timed out)
4537 2011-06-20 12:51:57 da2ce7 has joined
4538 2011-06-20 12:52:01 abragin has joined
4539 2011-06-20 12:52:01 abragin has quit (Changing host)
4540 2011-06-20 12:52:01 abragin has joined
4541 2011-06-20 12:52:17 cronopio has joined
4542 2011-06-20 12:53:17 Rictoo has joined
4543 2011-06-20 12:54:14 polakmaly has quit (Quit: Page closed)
4544 2011-06-20 12:54:35 Diablo-D3 has quit (Quit: do coders dream of sheep()?)
4545 2011-06-20 12:54:52 Diablo-D3 has joined
4546 2011-06-20 12:55:21 polakmaly has joined
4547 2011-06-20 12:55:25 Gonzago has joined
4548 2011-06-20 12:56:39 flykoko has joined
4549 2011-06-20 12:57:18 molecular has quit (Ping timeout: 258 seconds)
4550 2011-06-20 12:57:21 Diablo-D3 has quit (Client Quit)
4551 2011-06-20 12:57:22 BitCashier has joined
4552 2011-06-20 12:57:26 ezl has quit (Ping timeout: 246 seconds)
4553 2011-06-20 12:58:08 minimoose has joined
4554 2011-06-20 12:58:11 Diablo-D3 has joined
4555 2011-06-20 13:00:45 <M4v3R> tcatm: it would be great if you dropped me a note if you find something on this generated address thing :)
4556 2011-06-20 13:01:03 <sipa> M4v3R: which information do you need?
4557 2011-06-20 13:01:40 Breign has joined
4558 2011-06-20 13:02:23 <sipa> BlueMatt: so, in total: user provides passphrase, which is passed to EVP to generate an AES private key, with which used to encrypt a master wallet key M, and the data in the wallet is stored as tuples ("ekey"+pubkeyN,version+AES(key=M,iv=hash(pubkey),data=privkeyN)
4559 2011-06-20 13:02:52 <sipa> +)
4560 2011-06-20 13:03:22 <M4v3R> sipa: I need information about how to get generation address from bitcoind
4561 2011-06-20 13:03:32 <M4v3R> Right now bitcoind doesn't show this anywhere
4562 2011-06-20 13:03:32 glassresistor has quit (Quit: Lost terminal)
4563 2011-06-20 13:03:48 <M4v3R> *address for generated coins, that come from pools like Eligius
4564 2011-06-20 13:03:49 <sipa> which generated address?
4565 2011-06-20 13:03:53 <sipa> oh i see
4566 2011-06-20 13:03:57 arima has joined
4567 2011-06-20 13:04:02 lolak has joined
4568 2011-06-20 13:04:08 <sipa> give me a second
4569 2011-06-20 13:04:39 Tritonio has quit (Quit: Leaving)
4570 2011-06-20 13:04:47 scott`_ has joined
4571 2011-06-20 13:04:51 <BlueMatt> sipa: wayyy too complicated
4572 2011-06-20 13:05:02 <sipa> BlueMatt: huh?
4573 2011-06-20 13:05:27 <sipa> ah, it's without master key
4574 2011-06-20 13:05:29 <sipa> right
4575 2011-06-20 13:05:36 <BlueMatt> just p/w generates key via EVP then that encrypts privkeys with pubkey as IV
4576 2011-06-20 13:05:44 <BlueMatt> +random salt
4577 2011-06-20 13:05:58 lolak has left ("Leaving")
4578 2011-06-20 13:06:04 <BlueMatt> well have to go, but thats the idea, any problems?
4579 2011-06-20 13:06:09 <BlueMatt> leave them with ;;later tell
4580 2011-06-20 13:06:13 BlueMatt has quit (Quit: Ex-Chat)
4581 2011-06-20 13:06:27 <sipa> M4v3R, tcatm: based on https://github.com/bitcoin/bitcoin/pull/295/files it should be trivial to add
4582 2011-06-20 13:07:17 <sipa> M4v3R, tcatm: hmm, i just realize, it is only using the first txout of a transaction
4583 2011-06-20 13:07:23 <M4v3R> sipa: you mean that I can use this pull request to do this?
4584 2011-06-20 13:07:30 <M4v3R> hm...
4585 2011-06-20 13:07:37 Qatz is now known as DaQatz
4586 2011-06-20 13:08:05 <Wuked> ;;bc,calc 25 * 1024 * 1024
4587 2011-06-20 13:08:06 <M4v3R> sipa: http://blockexplorer.com/block/0000000000000ba4dec1698ec492cf0c579de1bdf0743108a38f7aa1c031e5bf
4588 2011-06-20 13:08:16 <gribble> Error: invalid syntax (<string>, line 1)
4589 2011-06-20 13:08:18 <M4v3R> Here's an example block that is showing this
4590 2011-06-20 13:08:46 weinerk has quit (Ping timeout: 252 seconds)
4591 2011-06-20 13:09:34 <Atterall> sourcing some of the precusors is a bitch
4592 2011-06-20 13:09:54 Phoebus has quit (Quit: Leaving)
4593 2011-06-20 13:10:04 <Diablo-D3> https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
4594 2011-06-20 13:10:10 Nexus7 has quit (Read error: Connection reset by peer)
4595 2011-06-20 13:10:15 <dsockwell> Atterall: you must have one hell of a cold
4596 2011-06-20 13:11:00 <Atterall> just a runny nose
4597 2011-06-20 13:11:41 Obehsh has joined
4598 2011-06-20 13:11:46 <Atterall> wrong channel = P
4599 2011-06-20 13:12:20 Nexus7 has joined
4600 2011-06-20 13:12:21 <M4v3R> So, MtGox will resume tomorrow?
4601 2011-06-20 13:12:34 gsathya has joined
4602 2011-06-20 13:12:38 <Gonzago> Is there a way to cancel a transaction sitting at 0 confirmations?
4603 2011-06-20 13:12:48 <xelister> M4v3R: it should. Man I hope really just < 1000 usd was actually transferred out of mtgox
4604 2011-06-20 13:13:08 <M4v3R> xelister: it would suck if they didn't
4605 2011-06-20 13:13:15 assassindrake has quit (Quit: assassindrake)
4606 2011-06-20 13:13:17 <tcatm> M4v3R: try gettransaction TXID. it should show the account
4607 2011-06-20 13:13:30 <M4v3R> tcatm: no, it doesn't
4608 2011-06-20 13:13:36 <tcatm> actually, listtransaction shows it, too
4609 2011-06-20 13:13:38 <M4v3R> http://pastebin.com/jK3atM0A
4610 2011-06-20 13:13:41 <sipa> generations are treated specially
4611 2011-06-20 13:13:42 <tcatm> M4v3R: 0.3.23?
4612 2011-06-20 13:13:49 <M4v3R> um, I run 0.3.22 though
4613 2011-06-20 13:13:58 <sipa> doesn't matter
4614 2011-06-20 13:13:59 samlande has joined
4615 2011-06-20 13:14:10 <sipa> generations are always assigned to the "" account
4616 2011-06-20 13:14:14 <M4v3R> yeah
4617 2011-06-20 13:14:17 Artifex_ has quit (Ping timeout: 252 seconds)
4618 2011-06-20 13:14:20 karnac_ has joined
4619 2011-06-20 13:14:21 <tcatm> wasn't there a pull request to fix that?
4620 2011-06-20 13:14:27 <M4v3R> but BBE knows the address
4621 2011-06-20 13:14:28 <sipa> yes, the one i just mentioned
4622 2011-06-20 13:14:38 <sipa> but even that is not compatible with multiple txouts in a generation
4623 2011-06-20 13:14:40 karnac has quit (Ping timeout: 244 seconds)
4624 2011-06-20 13:14:44 <M4v3R> meh
4625 2011-06-20 13:14:47 <s13013> M4v3R: http://forum.bitcoin.org/?topic=724.0 how about this patch
4626 2011-06-20 13:15:11 samlander has quit (Disconnected by services)
4627 2011-06-20 13:15:18 samlande is now known as samlander
4628 2011-06-20 13:15:18 <M4v3R> I know we could just say to our users that they should not use our deposit address in Eligius
4629 2011-06-20 13:15:22 <sipa> that'd be useful, but you'd still need code to extract an address from a pubkeyscript
4630 2011-06-20 13:15:41 <M4v3R> But I want to do this right
4631 2011-06-20 13:15:44 <polakmaly> how to have access to #bitcoin ?
4632 2011-06-20 13:15:52 <sipa> /join #bitcoin
4633 2011-06-20 13:16:10 <polakmaly> #bitcoin Cannot join channel (+r) - you need to be identified with services
4634 2011-06-20 13:16:19 <xelister> polakmaly: /msg chanserv register
4635 2011-06-20 13:16:20 <sipa> talk to nickserv
4636 2011-06-20 13:16:28 <xelister> polakmaly: /msg nickserv register
4637 2011-06-20 13:16:36 sipa has left ()
4638 2011-06-20 13:16:37 <M4v3R> sipa: how one could extract the address from pubkeyscript?
4639 2011-06-20 13:17:35 <edcba> it's not 'extracted'
4640 2011-06-20 13:17:52 <edcba> M4v3R: can't you read c++ ?
4641 2011-06-20 13:18:14 <Diablo-D3> https://github.com/speedygonzalez/OptDiabloMinerII/
4642 2011-06-20 13:18:15 <Diablo-D3> wee
4643 2011-06-20 13:18:20 <Diablo-D3> I noticed the DMCA worked
4644 2011-06-20 13:18:35 <M4v3R> edcba: sipa: that'd be useful, but you'd still need code to extract an address from a pubkeyscript
4645 2011-06-20 13:20:29 assassindrake has joined
4646 2011-06-20 13:20:55 <upb> the code exists in bitcoin
4647 2011-06-20 13:21:39 <upb> bool ExtractPubKey(const CScript& scriptPubKey, bool fMineOnly, vector<unsigned char>& vchPubKeyRet)
4648 2011-06-20 13:22:06 <samlander> anyword on the gox happenenings?
4649 2011-06-20 13:22:22 clarkbox has quit (Read error: Connection reset by peer)
4650 2011-06-20 13:22:37 <iz> samlander: http://mtgox.com has updated info about the mtgox happenings.. ...
4651 2011-06-20 13:22:55 <upb> whoa, they have unit tests
4652 2011-06-20 13:23:15 <upb> i wonder how that works when executing an order at 0.01 takes 40 minutes :)
4653 2011-06-20 13:23:28 <jrmithdobbs> M4v3R: there is no address coinbase though it uses hash160 ... i thought
4654 2011-06-20 13:23:29 AStove has joined
4655 2011-06-20 13:23:39 <iz> what's the best way to include 0tx fee transactions ONLY in the block you are trying to mine?
4656 2011-06-20 13:23:41 <jrmithdobbs> err s/address/address in/
4657 2011-06-20 13:24:11 Stove has quit (Ping timeout: 276 seconds)
4658 2011-06-20 13:24:31 Stellar has joined
4659 2011-06-20 13:24:36 <M4v3R> Still, I need to somehow access the scriptpubkey
4660 2011-06-20 13:24:39 <M4v3R> For that tx
4661 2011-06-20 13:24:44 <upb> yep
4662 2011-06-20 13:24:51 <M4v3R> bitcoind won't let me to afaik
4663 2011-06-20 13:25:24 <iz> is there an easy way to keep those 0tx fee transactions from getting sent to other nodes?
4664 2011-06-20 13:26:15 kermit has quit (Quit: Leaving.)
4665 2011-06-20 13:26:33 kermit has joined
4666 2011-06-20 13:27:16 <M4v3R> upb: Do you think it would be feasible to patch rpc.c to print the address of these generate txes?
4667 2011-06-20 13:27:20 larsivi has quit (Read error: Connection reset by peer)
4668 2011-06-20 13:27:38 <M4v3R> Using the function you pointed out
4669 2011-06-20 13:28:17 larsivi has joined
4670 2011-06-20 13:31:23 hellais has joined
4671 2011-06-20 13:31:37 pnicholson has joined
4672 2011-06-20 13:32:35 mmoya has joined
4673 2011-06-20 13:34:08 viggi has quit (Quit: leaving)
4674 2011-06-20 13:34:10 <jrmithdobbs> M4v3R: sipa's showwallet branch will do it
4675 2011-06-20 13:34:22 copumpkin has quit (Quit: Computer has gone to sleep.)
4676 2011-06-20 13:34:45 <jrmithdobbs> M4v3R: but you'd have to dump ALL of them, filter out the keypool and known ones
4677 2011-06-20 13:35:55 <M4v3R> Meh
4678 2011-06-20 13:36:35 <M4v3R> It seems that we'd just have to let our users know that they should not use our deposit address in Eligius
4679 2011-06-20 13:37:04 * nameless !~root@weowntheinter.net|is happy to see that there is no more spammers
4680 2011-06-20 13:37:07 viggi has joined
4681 2011-06-20 13:39:24 hachque has quit (Ping timeout: 260 seconds)
4682 2011-06-20 13:42:53 droud has left ()
4683 2011-06-20 13:43:00 Nexus7 has quit (Ping timeout: 255 seconds)
4684 2011-06-20 13:43:23 ramontayag has joined
4685 2011-06-20 13:43:24 Kurtov has quit (Quit: Leaving)
4686 2011-06-20 13:43:52 <ramontayag> Is there a sandbox version of bitcoind, for development/testing purposes? for example, if I ask that locally running daemon it will act pretty much like a normal bitcoind client, except it doesn't talk to the network
4687 2011-06-20 13:44:23 <dsockwell> ramontayag: you can put it on the testnet
4688 2011-06-20 13:44:39 <ramontayag> dsockwell, is there documentation regarding this? i'm not familiar with testnet
4689 2011-06-20 13:44:52 Joric is now known as TradehillRules
4690 2011-06-20 13:45:18 <dsockwell> https://en.bitcoin.it/wiki/Testnet
4691 2011-06-20 13:45:27 <dsockwell> first result for 'bitcoin testnet' on google, btw
4692 2011-06-20 13:45:53 <ramontayag> dsockwell, oh sorry. and thanks :)
4693 2011-06-20 13:46:35 flykoko2 has quit (Quit: Leaving)
4694 2011-06-20 13:48:34 glassresistor has joined
4695 2011-06-20 13:48:34 glassresistor has quit (Changing host)
4696 2011-06-20 13:48:34 glassresistor has joined
4697 2011-06-20 13:48:57 kcsrnd has joined
4698 2011-06-20 13:49:07 ezl has joined
4699 2011-06-20 13:50:12 <dsockwell> :|
4700 2011-06-20 13:50:25 <dsockwell> does bitcoin really need to do synchronous writes all the time?
4701 2011-06-20 13:50:29 knightrage has quit (Ping timeout: 260 seconds)
4702 2011-06-20 13:52:05 Gonzago has quit ()
4703 2011-06-20 13:52:17 hmmmm has joined
4704 2011-06-20 13:54:27 <dsockwell> it seems like whenever i pull incoming transactions through the API, bitcoin hoses my disks with writes
4705 2011-06-20 13:54:31 <dsockwell> very inconvenient
4706 2011-06-20 13:55:44 ezl has quit (Ping timeout: 252 seconds)
4707 2011-06-20 13:55:58 <dsockwell> and it's all writes, it seems like. very strange for what should be a read operation.
4708 2011-06-20 13:56:11 weinerk has joined
4709 2011-06-20 13:56:20 <dsockwell> does anyone else get this behavior?
4710 2011-06-20 13:56:29 <slush> dsockwell: yes, it's pretty common
4711 2011-06-20 13:56:33 <slush> buy SSD :)
4712 2011-06-20 13:56:33 weinerk has quit (Changing host)
4713 2011-06-20 13:56:33 weinerk has joined
4714 2011-06-20 13:56:43 <dsockwell> no, fix software
4715 2011-06-20 13:56:52 ericmock has quit (Quit: ericmock)
4716 2011-06-20 13:57:07 <tcatm> dsockwell: help us :)
4717 2011-06-20 13:57:24 <dsockwell> where do i start
4718 2011-06-20 13:57:31 <dsockwell> do you have a bugtracker?
4719 2011-06-20 13:57:37 <tcatm> https://github.com/bitcoin/bitcoin
4720 2011-06-20 13:58:00 <dsockwell> is there a reason bitcoin needs to do 1k tps?
4721 2011-06-20 13:58:06 weinerk has quit (Read error: Connection reset by peer)
4722 2011-06-20 13:58:17 <tcatm> dsockwell: probably not
4723 2011-06-20 13:58:24 weinerk has joined
4724 2011-06-20 13:58:39 AnatolV has quit (Remote host closed the connection)
4725 2011-06-20 13:59:01 joecool has quit (Ping timeout: 260 seconds)
4726 2011-06-20 14:00:02 weinerk has quit (Changing host)
4727 2011-06-20 14:00:02 weinerk has joined
4728 2011-06-20 14:00:39 ThomasV has joined
4729 2011-06-20 14:00:46 copumpkin has joined
4730 2011-06-20 14:00:52 <dsockwell> i imagine what i'm looking for is in or near wallet.cpp ?
4731 2011-06-20 14:01:36 <tcatm> likely
4732 2011-06-20 14:02:24 MetaV has quit (Quit: Leaving)
4733 2011-06-20 14:02:52 airfox has quit (Quit: Leaving...)
4734 2011-06-20 14:04:02 Clipse has quit (Quit: Clipse)
4735 2011-06-20 14:04:16 airfox has joined
4736 2011-06-20 14:05:30 aristidesfl has quit (Ping timeout: 255 seconds)
4737 2011-06-20 14:06:06 dude65535 has joined
4738 2011-06-20 14:07:22 polakmaly has quit (Quit: Page closed)
4739 2011-06-20 14:10:49 davro has joined
4740 2011-06-20 14:11:07 <dsockwell> http://stackoverflow.com/questions/3825022/optimizing-put-performance-in-berkeley-db
4741 2011-06-20 14:12:07 aristidesfl has joined
4742 2011-06-20 14:12:07 <dsockwell> we are dealing with berkeleydb right?
4743 2011-06-20 14:12:29 <ramontayag> i got testnet to work, thanks. is there a way to keep things offline? running my tests won't work if I'm not connected to the internet.
4744 2011-06-20 14:12:37 knightrage has joined
4745 2011-06-20 14:12:48 <Sthebig> https://sourceforge.net/projects/bitcoin/files/Bitcoin/testnet-in-a-box/
4746 2011-06-20 14:13:23 karnac_ has quit (Quit: karnac_)
4747 2011-06-20 14:13:30 <ramontayag> cool thanks Sthebig
4748 2011-06-20 14:13:49 <Sthebig> That was linked from dsockwell's wiki link earlier
4749 2011-06-20 14:13:54 <upb> ramontayag: i needed the same thing, ended up running with -noirc, deleting the addresses from db and disabling the code with hardcoded seed nodes
4750 2011-06-20 14:14:15 <ramontayag> upb, looks like Sthebig's link is the answer
4751 2011-06-20 14:15:21 <upb> yeah if youre ok with linux i guess :)
4752 2011-06-20 14:16:46 <luke-jr> people use something else?
4753 2011-06-20 14:17:55 Nexus7 has joined
4754 2011-06-20 14:18:17 <upb> i wanted to debug it in visual studio :)
4755 2011-06-20 14:18:22 <upb> much better than gdb imo
4756 2011-06-20 14:18:58 <lfm> too bad
4757 2011-06-20 14:19:33 slux has quit (Ping timeout: 264 seconds)
4758 2011-06-20 14:20:01 <upb> too good, since it succeeded :))
4759 2011-06-20 14:20:39 larsivi has quit (Ping timeout: 252 seconds)
4760 2011-06-20 14:21:11 <lfm> so you found the bug?
4761 2011-06-20 14:21:24 Zarutian has joined
4762 2011-06-20 14:22:54 jivvz has joined
4763 2011-06-20 14:23:26 dude65535 has quit (Quit: Page closed)
4764 2011-06-20 14:24:17 <upb> yes but there is a slight complication, it requires a preimage attack on the hash
4765 2011-06-20 14:24:18 Ademan has quit (Quit: leaving)
4766 2011-06-20 14:24:20 <upb> :D
4767 2011-06-20 14:24:36 Obehsh has quit (Remote host closed the connection)
4768 2011-06-20 14:24:46 <upb> which makes it pretty pointless
4769 2011-06-20 14:24:50 <dsockwell> so, re: sync writes, is it really the end of the world if a peer loses a transaction during a crash?
4770 2011-06-20 14:25:10 <dsockwell> i don't want to break the network over performance
4771 2011-06-20 14:25:33 <upb> lfm: its in this code
4772 2011-06-20 14:25:33 <upb> while (mapOrphanBlocks.count(pblock->hashPrevBlock))
4773 2011-06-20 14:25:33 <upb> pblock = mapOrphanBlocks[pblock->hashPrevBlock];
4774 2011-06-20 14:25:50 <upb> if you introduce a loop in orphan blocks, it will not finish
4775 2011-06-20 14:26:18 couponmen has joined
4776 2011-06-20 14:26:28 couponmen has left ()
4777 2011-06-20 14:27:21 <dsockwell> right now my hypothesis is that this line could include a nosync flag:
4778 2011-06-20 14:27:26 <dsockwell> ./db.h: int ret = pdb->put(GetTxn(), &datKey, &datValue, (fOverwrite ? 0 : DB_NOOVERWRITE));
4779 2011-06-20 14:27:51 <lfm> upb how could you do that? You need the hash of all prev beofre you could make a hash of the curr
4780 2011-06-20 14:28:07 KaosMcRage has joined
4781 2011-06-20 14:28:44 <upb> exactly
4782 2011-06-20 14:28:57 <lfm> ok so its not a bug
4783 2011-06-20 14:29:16 <upb> it is, if there would be a preimage attack on the hash
4784 2011-06-20 14:29:24 <upb> but you could do worse things with that
4785 2011-06-20 14:29:35 <dsockwell> the only instance of nosync in the whole project is ./db.h: int ret = dbenv.txn_begin(GetTxn(), &ptxn, DB_TXN_NOSYNC);
4786 2011-06-20 14:29:48 <dsockwell> does that set nosync globally?
4787 2011-06-20 14:29:50 <lfm> well if you could do that the hash would be broken for other things too Id expect
4788 2011-06-20 14:30:13 <upb> lfm: you can introduce blockA (prev = hash(blockB)) and blockB (prev = hash(blockA))
4789 2011-06-20 14:30:25 <upb> if you can do that, there is an endless loop remote DoS
4790 2011-06-20 14:30:25 KaosMcRage has left ()
4791 2011-06-20 14:30:42 <lfm> upb I thot we just agreed you cant
4792 2011-06-20 14:31:09 <upb> right at this time, yes
4793 2011-06-20 14:31:13 <upb> since there isnt such an attack
4794 2011-06-20 14:31:21 <lfm> maybe in 30 years huh?
4795 2011-06-20 14:31:24 <upb> :)
4796 2011-06-20 14:31:24 <mtrlt> but that requires considerable computation power :P
4797 2011-06-20 14:31:29 <upb> doesnt mean its not a bug
4798 2011-06-20 14:31:30 lars100 has joined
4799 2011-06-20 14:31:44 <lfm> when is a bug not a bug
4800 2011-06-20 14:32:03 <lfm> if it will NEVER happen
4801 2011-06-20 14:32:37 <mtrlt> how do you know :-)
4802 2011-06-20 14:32:42 <mtrlt> it's unlikely but it still might
4803 2011-06-20 14:33:07 <iz> haha
4804 2011-06-20 14:33:14 <lfm> I am far more worried about meteorites hitting me on the head
4805 2011-06-20 14:33:17 Obehsh has joined
4806 2011-06-20 14:33:46 <iz> heisenbug
4807 2011-06-20 14:34:32 <lfm> ya when you get you improbability engin working come back and let us know
4808 2011-06-20 14:35:10 <lfm> and we can start watching for petunias falling outa the sky
4809 2011-06-20 14:35:18 noot has left ()
4810 2011-06-20 14:36:16 <iz> actually, i define that as a bug that is only there when debugging is turned off
4811 2011-06-20 14:36:16 <upb> heh
4812 2011-06-20 14:36:17 joepie91 has joined
4813 2011-06-20 14:36:19 <UukGoblin> gribbol is not reporting bitomat trades again
4814 2011-06-20 14:36:22 DiSTANT187 has quit ()
4815 2011-06-20 14:36:30 <upb> a bug is exploitable given some conditions X,Y
4816 2011-06-20 14:36:42 Stove has joined
4817 2011-06-20 14:36:44 <upb> if condition Y doesnt exist, doesnt mean the bug doesnt, just that its not exploitable
4818 2011-06-20 14:36:58 AStove has quit (Ping timeout: 258 seconds)
4819 2011-06-20 14:37:12 <lfm> upb if the condition doesnt exist then it doesnt exist.
4820 2011-06-20 14:37:40 <dsockwell> it seems I need to set up a build environment
4821 2011-06-20 14:37:53 <dsockwell> are there any tricks I should know about?
4822 2011-06-20 14:37:56 <lfm> you might just as well check every 2+2 is really equal to 3 + 1
4823 2011-06-20 14:38:34 <lfm> you never know when you might have a bad bit, far more likely than what you proopose
4824 2011-06-20 14:38:53 pmazur_ has quit (Ping timeout: 258 seconds)
4825 2011-06-20 14:39:39 joepie91 has quit (Ping timeout: 260 seconds)
4826 2011-06-20 14:40:10 gsathya has quit (Quit: gsathya)
4827 2011-06-20 14:41:06 phungus has joined
4828 2011-06-20 14:41:51 emock has joined
4829 2011-06-20 14:41:54 syke has joined
4830 2011-06-20 14:42:12 Nexus_7 has joined
4831 2011-06-20 14:43:25 <dsockwell> tcatm: i have an idea re: the disk usage, can you give me a hand testing it on linux? is there an introduction to the proejct I should be reading?
4832 2011-06-20 14:44:12 IncitatusOnWater has quit (Ping timeout: 255 seconds)
4833 2011-06-20 14:44:13 <lfm> dsockwell: did you read Satoshi's white paper?
4834 2011-06-20 14:44:57 <dsockwell> no
4835 2011-06-20 14:45:06 <lfm> well thats a good place to start
4836 2011-06-20 14:45:11 <dsockwell> ok
4837 2011-06-20 14:45:15 phearful has joined
4838 2011-06-20 14:45:19 Nexus7 has quit (Ping timeout: 260 seconds)
4839 2011-06-20 14:46:00 davex___ has joined
4840 2011-06-20 14:46:00 Nexus7 has joined
4841 2011-06-20 14:46:54 Nexus_7 has quit (Ping timeout: 255 seconds)
4842 2011-06-20 14:47:00 IncitatusOnWater has joined
4843 2011-06-20 14:47:01 <davex___> anyone listening to Donald Norman on Peter Schiff show?
4844 2011-06-20 14:47:04 aristidesfl has quit (Max SendQ exceeded)
4845 2011-06-20 14:47:12 <davex___> he just bombed the store of value, intrinsic value question.
4846 2011-06-20 14:47:18 <davex___> need to get Kiba on there.
4847 2011-06-20 14:47:21 <dsockwell> lfm: thanks, i had been meaning to find out where all this theory was coming from.
4848 2011-06-20 14:48:10 <lfm> dsockwell: yup, the bibliography there could make you an expert if you understand it all
4849 2011-06-20 14:48:32 <dsockwell> i'd love to jump in and try a patch to try to stop bitcoin from chewing up my i/o, is there a list of libraries i should be using?
4850 2011-06-20 14:49:09 M4v3R has quit (Ping timeout: 255 seconds)
4851 2011-06-20 14:49:19 <dsockwell> i.e. how is bitcoin formed
4852 2011-06-20 14:49:24 <lfm> dsockwell: huh? have you got the complete block chain yet?
4853 2011-06-20 14:49:57 <dsockwell> lfm: i'll start at the beginning, i have an rpc client pulling transactions out of a bitcoind, and the client is thrashing my disks with sync writes
4854 2011-06-20 14:50:05 <dsockwell> er, bitcoind is
4855 2011-06-20 14:50:26 aristidesfl has joined
4856 2011-06-20 14:50:27 Zefir has quit (Ping timeout: 276 seconds)
4857 2011-06-20 14:50:30 <dsockwell> I think that if i can put the berkeley db into NOSYNC mode that it will get better
4858 2011-06-20 14:50:36 <lfm> oh, ya, I spoze thats due to bdb database syncs
4859 2011-06-20 14:50:38 <dsockwell> How can I build the bitcoin client to test it?
4860 2011-06-20 14:51:22 <lfm> kinda depends what you're doing via rpc calls too Id expect
4861 2011-06-20 14:51:48 <dsockwell> i have an external database that i'm trying to keep updated with received transactions
4862 2011-06-20 14:51:54 <lfm> worst case maybe you need a ssd
4863 2011-06-20 14:52:16 <dsockwell> what version of bdb is bitcoin built with?
4864 2011-06-20 14:52:24 DukeOfURL has quit (Ping timeout: 276 seconds)
4865 2011-06-20 14:52:29 <dsockwell> should I get the latest wxwidgets or will 2.8 do?
4866 2011-06-20 14:52:41 <lfm> dsockwell: look for file unix.build
4867 2011-06-20 14:52:49 <upb> its listen in some readme there in the tgz
4868 2011-06-20 14:52:52 <upb> listed
4869 2011-06-20 14:53:04 <lfm> or build.unix or whatever it is
4870 2011-06-20 14:53:09 <ius> dsockwell: 2.9
4871 2011-06-20 14:53:17 <ius> and not the latest bdb iirc
4872 2011-06-20 14:53:17 <dsockwell> thanks lfm
4873 2011-06-20 14:53:18 <davex___> wow. who the fuck is donald norman? sucks
4874 2011-06-20 14:54:16 <lfm> davex__* no shortage or bitcoin experts coming outa the woods these days. some are good some arnt
4875 2011-06-20 14:54:35 <mtrlt> no expert is ever good
4876 2011-06-20 14:54:39 <mtrlt> :P
4877 2011-06-20 14:54:40 <davex___> yeah... he's not the guy that should be explaining this to Schiff.
4878 2011-06-20 14:54:56 <davex___> i can't even listen to this.
4879 2011-06-20 14:55:04 <dsockwell> do i need wxwidgets to build the headless client?
4880 2011-06-20 14:55:08 <lfm> mtrlt: thats your expert opinion eh?
4881 2011-06-20 14:55:15 <mtrlt> lfm: naturally
4882 2011-06-20 14:55:26 <ius> dsockwell: You can't build it without wx atm iirc
4883 2011-06-20 14:55:32 <dsockwell> ok
4884 2011-06-20 14:55:51 lars100 has left ()
4885 2011-06-20 14:56:01 <lfm> you can build bitcoind without wx
4886 2011-06-20 14:56:23 <lfm> thats all you need for most things
4887 2011-06-20 14:56:41 karnac has joined
4888 2011-06-20 14:56:53 <dsockwell> yeah i'm not modifying the gui so I'd rather not deal with wx2.9
4889 2011-06-20 14:57:29 <lfm> should be fine just "make -f makefile.unix bitcoind"
4890 2011-06-20 14:57:53 <dsockwell> installing other deps now
4891 2011-06-20 14:58:09 <dsockwell> ius: do you happen to know if there's a good reason for bitcoin to run bdb in sync mode?
4892 2011-06-20 14:58:10 <lfm> ya you still need boost, ssl and bdb
4893 2011-06-20 14:58:26 <ius> No I wouldn't know
4894 2011-06-20 14:58:30 aFK-[u] has joined
4895 2011-06-20 14:58:32 <dsockwell> ok
4896 2011-06-20 14:58:56 <lfm> to save you from power failure?
4897 2011-06-20 14:59:03 <ius> Perhaps to maintain integrity in case the process is somehow killed?
4898 2011-06-20 14:59:18 <ius> Yeah, that sounds fair.
4899 2011-06-20 14:59:21 ThomasV has quit (Quit: Leaving)
4900 2011-06-20 14:59:24 Superbest has joined
4901 2011-06-20 14:59:30 <dsockwell> yeah there's that
4902 2011-06-20 14:59:35 viggi has quit (Changing host)
4903 2011-06-20 14:59:35 viggi has joined
4904 2011-06-20 14:59:58 <lfm> considering there is money at stake
4905 2011-06-20 15:00:16 <dsockwell> i wonder how bitcoin would recover from something like that, would it go to the network to replay the failed transaction?
4906 2011-06-20 15:00:22 <dsockwell> yeah, my $60 for an ssd ;)
4907 2011-06-20 15:00:58 SerajewelKS has left ()
4908 2011-06-20 15:00:59 bitsnbytes has quit (Remote host closed the connection)
4909 2011-06-20 15:01:18 lumos has quit (Ping timeout: 255 seconds)
4910 2011-06-20 15:02:08 <lfm> dsockwell: if its just the block chain you can restart that. if its the wallet.dat you need a backup
4911 2011-06-20 15:02:29 Superbest has quit (Max SendQ exceeded)
4912 2011-06-20 15:02:29 <ius> lfm: I guess you can force it to sync though..
4913 2011-06-20 15:02:30 neversleepy has joined
4914 2011-06-20 15:03:04 <lfm> ius not sure you can, databases need to be synced at the right place
4915 2011-06-20 15:03:52 <Optimo> gavinandresen: thanks for patching up clearcoin
4916 2011-06-20 15:04:17 exstntlstfrtn has quit (Ping timeout: 252 seconds)
4917 2011-06-20 15:04:30 slux has joined
4918 2011-06-20 15:05:31 <dsockwell> build-unix doesn't mention whatever upnp lib y'all are using
4919 2011-06-20 15:05:54 <dsockwell> disregard, it would help if i read the file
4920 2011-06-20 15:06:03 <lfm> hehe
4921 2011-06-20 15:06:09 never_sleep has quit (Ping timeout: 252 seconds)
4922 2011-06-20 15:06:50 <dsockwell> well
4923 2011-06-20 15:07:09 <dsockwell> the operation i'm seeing the bad behavior on isn't supposed to be a write
4924 2011-06-20 15:07:14 <lfm> dsockwell: you can build without upnp too with a small edit to the makefile
4925 2011-06-20 15:07:16 <dsockwell> at least i don't think it should be
4926 2011-06-20 15:08:07 musp3r_ has joined
4927 2011-06-20 15:08:50 sipa has joined
4928 2011-06-20 15:09:20 <dsockwell> if this doesn't work out i'll put my client into a ramfs and then everyone will be sorry :<
4929 2011-06-20 15:10:56 <dsockwell> 'there i fixed it'
4930 2011-06-20 15:11:39 <sipa> gmaxwell: you're right that with the current suggested encryption, if you have a table of the keys derived from many likely passwords, the work to crack is a single aes decryption per wallet and per passphrase
4931 2011-06-20 15:12:10 Tiraspol has left ()
4932 2011-06-20 15:12:12 <sipa> essentially removing the improvement EVP brings
4933 2011-06-20 15:12:40 <o_0oo> does the amount of memory a GFX card has make any difference, or is it only the GPU, or both?
4934 2011-06-20 15:12:51 <o_0oo> for mining bitcoins
4935 2011-06-20 15:12:52 <sipa> o_0oo: memory doesn't matter
4936 2011-06-20 15:13:04 <o_0oo> thanks sipa - good to know
4937 2011-06-20 15:13:05 <lfm> o_0oo: for bitcoin mining the memory is not used
4938 2011-06-20 15:13:15 lumos has joined
4939 2011-06-20 15:13:28 <sipa> clocking down memory can in some cases improve mining speed
4940 2011-06-20 15:13:29 draaglom has quit (Ping timeout: 252 seconds)
4941 2011-06-20 15:14:07 <lfm> and certainly improve power usage
4942 2011-06-20 15:15:22 LoveBeads has quit ()
4943 2011-06-20 15:15:26 <denisx> with memory downclocking you have more voltage left for overclocking
4944 2011-06-20 15:15:48 <lfm> hehe I dont think thats it
4945 2011-06-20 15:16:04 <o_0oo> does amazon only offer NVIDIA GPU instances?
4946 2011-06-20 15:16:56 <o_0oo> I'll google that one :) thanks guys
4947 2011-06-20 15:17:09 Obehsh has quit (Remote host closed the connection)
4948 2011-06-20 15:17:39 wasabi has quit (Quit: Leaving.)
4949 2011-06-20 15:17:50 wasabi has joined
4950 2011-06-20 15:18:01 jargon has joined
4951 2011-06-20 15:18:01 jargon has quit (Changing host)
4952 2011-06-20 15:18:01 jargon has joined
4953 2011-06-20 15:19:09 TheAncientGoat has joined
4954 2011-06-20 15:19:51 <gmaxwell> sipa: Yea... meh.
4955 2011-06-20 15:22:07 macbook-air has joined
4956 2011-06-20 15:22:12 <gmaxwell> I still question the wisdom of using an strenghtening scheme that our project's users own GPUs largely moot, but it should at least not be completely ineffective.
4957 2011-06-20 15:24:38 weinerk` has joined
4958 2011-06-20 15:24:45 never_sleep has joined
4959 2011-06-20 15:24:51 <TheAncientGoat> Sooo, anyone mind giving me a recap of the last 24 hours?
4960 2011-06-20 15:25:16 <davro> ;;bc;stats
4961 2011-06-20 15:25:17 <gribble> Error: "bc;stats" is not a valid command.
4962 2011-06-20 15:25:24 p0s has joined
4963 2011-06-20 15:25:28 p0s has quit (Changing host)
4964 2011-06-20 15:25:28 p0s has joined
4965 2011-06-20 15:25:34 xert has quit (Read error: Connection reset by peer)
4966 2011-06-20 15:25:36 dbasch has joined
4967 2011-06-20 15:25:54 <d1234> ;;bc,stats
4968 2011-06-20 15:25:58 <gribble> Current Blocks: 132087 | Current Difficulty: 877226.66666667 | Next Difficulty At Block: 133055 | Next Difficulty In: 968 blocks | Next Difficulty In About: 4 days, 16 hours, 56 minutes, and 0 seconds | Next Difficulty Estimate: 1259995.61155052
4969 2011-06-20 15:26:02 <CIA-103> bitcoin:� Chris Howie� * reeba06226681� mining-proxy�/htdocs/index.php:� Convert work_data.data column values to lowercase during inserts and queries (fixes issue #16) http://tinyurl.com/3jr8bz8
4970 2011-06-20 15:26:16 <edcba> ser.
4971 2011-06-20 15:26:26 <edcba> damn mouse
4972 2011-06-20 15:26:37 licutis has left ()
4973 2011-06-20 15:26:41 weinerk` has quit (Remote host closed the connection)
4974 2011-06-20 15:26:58 weinerk` has joined
4975 2011-06-20 15:28:16 neversleepy has quit (Read error: Operation timed out)
4976 2011-06-20 15:28:47 XertroV has joined
4977 2011-06-20 15:29:17 Clipse has joined
4978 2011-06-20 15:29:26 <sipa> gmaxwell: it's actually quite simple to make sure each and every attempt requires 1) iterated key strengthening 2) AES decryption 3) EC point multiplication 4) SHA256+RIPEMD160 hashing
4979 2011-06-20 15:30:06 IncitatusOnWater has quit (Ping timeout: 255 seconds)
4980 2011-06-20 15:30:17 <sipa> do you agree that would be enough to protect against most cracking power the bitcoin network can conjure up?
4981 2011-06-20 15:31:10 <citiz3n> how can that be measured?
4982 2011-06-20 15:31:22 <citiz3n> it's been increasing each week by 20-30% and sometimes more
4983 2011-06-20 15:31:38 weinerk`` has joined
4984 2011-06-20 15:31:40 <gmaxwell> sipa: Yep. (assuming each and every means no multi-wallet speedup). I still think more iterations than 1000 are kind of a no brainer, but it's less of a issue if you put the rest in the loop.
4985 2011-06-20 15:31:41 p0s has quit (Quit: Konversation terminated!)
4986 2011-06-20 15:31:50 IncitatusOnWater has joined
4987 2011-06-20 15:31:56 p0s has joined
4988 2011-06-20 15:32:08 <sipa> gmaxwell: i'm writing out a more concrete proposal on the forum
4989 2011-06-20 15:33:02 weinerk` has quit (Remote host closed the connection)
4990 2011-06-20 15:33:28 Nexus7 has quit ()
4991 2011-06-20 15:34:51 <gmaxwell> I think the sha512 password hashes my fedora deskop uses runs 5000 rounds by default.
4992 2011-06-20 15:35:09 <sipa> why not make it dynamic
4993 2011-06-20 15:35:23 <sipa> store the number of iterations in the wallet as well
4994 2011-06-20 15:35:46 <sipa> and do it dynamically by eg. using 0.1s of hashing on the user's system
4995 2011-06-20 15:36:00 <CIA-103> bitcoin:� Chris Howie� * r2c96a9fbaa72� mining-proxy�/ (README.markdown htdocs/.htaccess):� Set allow_url_fopen per issue #14, and document the proxy's requirements http://tinyurl.com/3k5xcrr
4996 2011-06-20 15:36:05 <CIA-103> bitcoin:� Chris Howie� * rac85366fbcc7� mining-proxy�/htdocs/index.php:� Fix PHP notice mentioned in issue #14 http://tinyurl.com/3fyzv8z
4997 2011-06-20 15:36:25 weinerk`` has left ()
4998 2011-06-20 15:36:43 echelon_ has quit (Remote host closed the connection)
4999 2011-06-20 15:36:43 dbitcoin has quit (Remote host closed the connection)
5000 2011-06-20 15:36:46 <vegard> TheAncientGoat: http://blog.zorinaq.com/?e=55
5001 2011-06-20 15:36:50 <gmaxwell> sipa: yea, I suggsted that on the forum.
5002 2011-06-20 15:36:54 <p0s> there is a much better solution than insane amounts of paranoia: look at the password length table, chose a password with reasonable entropy: http://en.wikipedia.org/wiki/Password_strength ...
5003 2011-06-20 15:37:16 echelon_ has joined
5004 2011-06-20 15:37:21 <gmaxwell> p0s: common password advice actually results in pretty bad choices, fwiw.
5005 2011-06-20 15:37:22 dbitcoin has joined
5006 2011-06-20 15:37:34 <gmaxwell> And to get the herd immunity we can't count on users being smart, because they won't be.
5007 2011-06-20 15:37:44 <p0s> gmaxwell: "common password advice"?
5008 2011-06-20 15:37:59 mmo1 has joined
5009 2011-06-20 15:38:02 <p0s> gmaxwell: just show the user PROPER password advice when he is about to set one
5010 2011-06-20 15:38:21 <gmaxwell> p0s: e.g. "use at least 8 characters with at least one character from each of Upper/Lower/Number/Symbol"
5011 2011-06-20 15:38:44 <gmaxwell> an you end up with "Pa55word!" as the password.
5012 2011-06-20 15:38:44 <samlander> 12 is better
5013 2011-06-20 15:38:59 anu has joined
5014 2011-06-20 15:39:04 <p0s> gmaxwell: i'd just compute a 96 bit or 128bit entropy random password and show it to the user and suggest to use that one...
5015 2011-06-20 15:39:14 <gmaxwell> "Pa55\/\/ord!" < 12.
5016 2011-06-20 15:39:43 joepie91 has quit (2!~joepie91@s514735fe.adsl.wanadoo.nl|Quit: KVIrc 4.0.4 Insomnia http://www.kvirc.net/)
5017 2011-06-20 15:39:53 copumpkin has quit (Ping timeout: 252 seconds)
5018 2011-06-20 15:39:56 soossii has quit (Ping timeout: 250 seconds)
5019 2011-06-20 15:40:22 <gmaxwell> p0s: yes, though there is a fine line here. Wallet loss is probably a more serious threat than wallet theft. We've done our users no favor if we make them more likely to lose their coins because we pushed them into a password they can't remember.
5020 2011-06-20 15:41:09 copumpkin has joined
5021 2011-06-20 15:41:25 <UukGoblin> in kde, you can try to talk to the wallet
5022 2011-06-20 15:41:30 weinerk` has joined
5023 2011-06-20 15:41:30 krekbwoy has quit (Ping timeout: 260 seconds)
5024 2011-06-20 15:41:37 <p0s> gmaxwell: for example lets consider a 15 character random password with 96bit of entropy... trivially assuming that our current concept of hashes/sec which bitcoin uses applies to cracking the passwordl.... assuming the whole network would try to crack it... ((2^96) / (8*1000*1000*1000*1000)) / (60*60*24) ...
5025 2011-06-20 15:41:45 <p0s> = 114624077711.60928471288187259259 days
5026 2011-06-20 15:41:57 <UukGoblin> in windows... well... there should be a big popup in windows saying "microsoft already has your wallet!"
5027 2011-06-20 15:42:07 <p0s> = 314038569 years
5028 2011-06-20 15:42:14 SkiesAreRed has joined
5029 2011-06-20 15:42:29 weinerk` has quit (Remote host closed the connection)
5030 2011-06-20 15:42:42 <samlander> gmaxwell: you joke about Pa55\/\/ord! but that is a pretty good password
5031 2011-06-20 15:42:47 neurochasm has joined
5032 2011-06-20 15:42:54 <jtaylor> no its not
5033 2011-06-20 15:42:58 <jtaylor> its probably in every dictionary
5034 2011-06-20 15:43:01 <gmaxwell> samlander: no it's not, the standard mangling rules will convert password into that.
5035 2011-06-20 15:43:07 <samlander> ah
5036 2011-06-20 15:43:19 <UukGoblin> samlander, john the ripper knows that s can be spelled 5
5037 2011-06-20 15:43:19 * samlander changes his pas55Word!
5038 2011-06-20 15:43:21 joepie91 has joined
5039 2011-06-20 15:43:35 <UukGoblin> and does applies rules like that on all dictionary words
5040 2011-06-20 15:43:39 <UukGoblin> s/does //
5041 2011-06-20 15:43:40 <samlander> it's been awhile since i've done any sort of dictionary attack.. they werent that smart back then
5042 2011-06-20 15:43:51 <p0s> 80 bit password... 13 characters (full ASCII printable).... ((2^80) / (8*1000*1000*1000*1000)) / (60*60*24*365) = 4791 years
5043 2011-06-20 15:43:51 <gmaxwell> UukGoblin: there is a set of mangling rules based on the "rockyou" passwords that knows w = \/\/ too.
5044 2011-06-20 15:44:09 <jrmithdobbs> samlander: most publically available ones are that smart or smarter at this point
5045 2011-06-20 15:44:23 <samlander> im just going to use unicode for my pw :P
5046 2011-06-20 15:44:28 <UukGoblin> pwgen pwnz
5047 2011-06-20 15:44:36 <AntiVigilante> I walk the keyboard
5048 2011-06-20 15:44:42 <vegard> it's not just about being, smart, though. you'll soon have a combinatorial explosion if you want to try all combinations of possible replacements
5049 2011-06-20 15:44:58 <AntiVigilante> i can remember it and have pretty security
5050 2011-06-20 15:45:10 joecool has joined
5051 2011-06-20 15:45:10 <gmaxwell> vegard: yes, but people are predictable.
5052 2011-06-20 15:45:23 <vegard> I guess.
5053 2011-06-20 15:45:23 DukeOfURL has joined
5054 2011-06-20 15:45:31 <gmaxwell> AntiVigilante: like 1qaz2wsx ?
5055 2011-06-20 15:45:46 <AntiVigilante> similar
5056 2011-06-20 15:46:04 <gmaxwell> AntiVigilante: yea, 21 mtgox users liked that one. There are JTR rules for common walks.
5057 2011-06-20 15:46:08 mmo1 has left ()
5058 2011-06-20 15:46:21 <CIA-103> bitcoin:� Icy2k� * r6fbde02e9ea2� mining-proxy�/htdocs/admin/index.php:� Fixed for display order issue on dashboard. http://tinyurl.com/6gc9gu5
5059 2011-06-20 15:46:22 <UukGoblin> :->
5060 2011-06-20 15:46:23 <CIA-103> bitcoin:� Chris Howie� * r4c4c84d999d1� mining-proxy�/htdocs/admin/index.php:� Merge pull request #11 from Icy2k/patch-1 http://tinyurl.com/6esphlf
5061 2011-06-20 15:46:29 <AntiVigilante> mine rotates
5062 2011-06-20 15:46:46 <AntiVigilante> and deals with odds and evens
5063 2011-06-20 15:47:05 <UukGoblin> pwgen is really cool for good passwords
5064 2011-06-20 15:47:08 Mononofu has joined
5065 2011-06-20 15:47:10 macbook-air has quit (Quit: macbook-air)
5066 2011-06-20 15:47:15 <Cryo> 1password ftw.
5067 2011-06-20 15:47:18 <UukGoblin> and after typing them about 10 times you can easily remember them
5068 2011-06-20 15:47:24 XertroV has quit (Ping timeout: 240 seconds)
5069 2011-06-20 15:47:37 <UukGoblin> Cryo, yeah, master password is what I use for a lot of things
5070 2011-06-20 15:47:42 pirrr has joined
5071 2011-06-20 15:47:44 netsky has quit (Read error: Connection reset by peer)
5072 2011-06-20 15:47:56 <gmaxwell> AntiVigilante: Really, if the length isn't limited you'd be better of with "My mother told me I was the best! Alam0." or something not actually hard looking but long.
5073 2011-06-20 15:47:57 krekbwoy has joined
5074 2011-06-20 15:48:12 <Cryo> the interfacing with browsers is really where it shines
5075 2011-06-20 15:48:27 <gmaxwell> (of course, best off with something actually random)
5076 2011-06-20 15:48:34 neurochasm has quit (Quit: Leaving)
5077 2011-06-20 15:48:44 <Cryo> dictionary words? really?
5078 2011-06-20 15:48:46 <AntiVigilante> gmaxwell I have a nutritionally exacerbated memory problem
5079 2011-06-20 15:49:20 <gmaxwell> Cryo: doesn't matter if its long enough.
5080 2011-06-20 15:49:37 Storagewars has joined
5081 2011-06-20 15:49:45 <AntiVigilante> Cryo you can always take the first letter and then rotate around the keyboard
5082 2011-06-20 15:49:50 <Cryo> that's what she said
5083 2011-06-20 15:50:17 <AntiVigilante> stop playing with her distributor cap
5084 2011-06-20 15:50:31 <Cryo> spin me right round
5085 2011-06-20 15:52:31 <nomit> is any BTC market open? gribble doesn't report anything
5086 2011-06-20 15:53:21 d1234 has quit (Remote host closed the connection)
5087 2011-06-20 15:53:51 <lfm> nomit: prolly not
5088 2011-06-20 15:54:13 kratosk has quit (Ping timeout: 240 seconds)
5089 2011-06-20 15:54:17 cenuij has quit (Remote host closed the connection)
5090 2011-06-20 15:54:27 Nesetalis has quit (Read error: Connection reset by peer)
5091 2011-06-20 15:54:32 MartianW has joined
5092 2011-06-20 15:54:32 MartianW has quit (Changing host)
5093 2011-06-20 15:54:32 MartianW has joined
5094 2011-06-20 15:54:50 Nesetalis has joined
5095 2011-06-20 15:54:53 Titanium123_ has quit (Ping timeout: 252 seconds)
5096 2011-06-20 15:55:05 MartianW has quit (Client Quit)
5097 2011-06-20 15:55:37 cl909 has quit (Ping timeout: 252 seconds)
5098 2011-06-20 15:57:06 antgly20 has joined
5099 2011-06-20 15:57:11 antgly20 has left ()
5100 2011-06-20 15:59:35 <Katapult> nomit: cavirtex.com still seems open, never used them though so can't comment on their service
5101 2011-06-20 15:59:46 danbri has quit (Ping timeout: 264 seconds)
5102 2011-06-20 16:00:05 <sipa> gmaxwell: http://forum.bitcoin.org/index.php?topic=8728.msg250739
5103 2011-06-20 16:00:32 never_sleep has quit (Ping timeout: 244 seconds)
5104 2011-06-20 16:00:34 <sipa> http://forum.bitcoin.org/index.php?topic=8728.msg250739#msg250739
5105 2011-06-20 16:00:43 never_sleep has joined
5106 2011-06-20 16:02:08 ThomasV has joined
5107 2011-06-20 16:04:09 sanchaz has quit ()
5108 2011-06-20 16:04:29 <gmaxwell> sipa: Very good. I'm not sure about making it depend on particular transactions to verify because it shouldn't be too incompatible with pruning old things from the wallet.
5109 2011-06-20 16:04:51 <UukGoblin> gribble is still b0rk3d :-[
5110 2011-06-20 16:05:21 aFK-[u] is now known as BGL
5111 2011-06-20 16:05:45 triplex has joined
5112 2011-06-20 16:06:01 <sipa> gmaxwell: i'm not suggesting that
5113 2011-06-20 16:06:23 <WildSoil> "Withdrawing EUR is unfortunately not supported at this time. If you'd like to help us support this currency please consider becoming a TradeHill Partner." what is this ?? no support europeans?
5114 2011-06-20 16:06:24 <sipa> but it may be written in a confusing way
5115 2011-06-20 16:06:59 phearful has quit (Ping timeout: 260 seconds)
5116 2011-06-20 16:07:13 <sipa> if you use identifiers in ekey's KEYs, i suggest adding a checksum-based verification on top, but otherwise it becomes too hard to check a legitimate access attempt is valid
5117 2011-06-20 16:07:21 Titeuf_87 has joined
5118 2011-06-20 16:08:33 jargon has quit (Ping timeout: 246 seconds)
5119 2011-06-20 16:08:37 flykoko2 has joined
5120 2011-06-20 16:08:59 darnold has joined
5121 2011-06-20 16:09:43 jargon has joined
5122 2011-06-20 16:10:15 <gmaxwell> sipa: got it.
5123 2011-06-20 16:10:53 BlueMatt has joined
5124 2011-06-20 16:12:59 notallhere has joined
5125 2011-06-20 16:14:12 <jrmithdobbs> sipa: isn't it a safe assumption that anyone attacking would have at least some of the addresses in the wallet pre-computed?
5126 2011-06-20 16:14:45 <jrmithdobbs> so the ripemd16(sha256()) addition to computer time isn't all that helpful?
5127 2011-06-20 16:15:03 <jrmithdobbs> err, nm, you have no way of associating a pre-computed address with the correct key
5128 2011-06-20 16:15:16 <BlueMatt> sipa: any further suggestions for wallet crypto?
5129 2011-06-20 16:15:20 <BlueMatt> or anyone else?'
5130 2011-06-20 16:15:25 <sipa> BlueMatt: yes, see the forum thread
5131 2011-06-20 16:16:20 jargon has quit (Ping timeout: 250 seconds)
5132 2011-06-20 16:16:26 PI_314 has joined
5133 2011-06-20 16:17:29 <K_F> the question is if a pure encryption will work, as you'd presume that the attacker would've had access to a keylogger and henche the password
5134 2011-06-20 16:17:38 Sylph has quit (Ping timeout: 250 seconds)
5135 2011-06-20 16:18:04 <K_F> would it be a possibility to make e.g. gpg optional so that it'd be possible to use a smartcard as an added token?
5136 2011-06-20 16:18:15 <sacarlson> BlueMatt I just use luks encrypted partitions, but maybe windows needs something else https://sites.google.com/site/remotekeyencrypt/files/remote_key_encrypt.pdf?attredirects=0&d=1
5137 2011-06-20 16:18:31 <gmaxwell> K_F: It doesn't help if the attacker has a keylogger. Doesn't fix everything, alas.
5138 2011-06-20 16:18:48 <jrmithdobbs> K_F: yes wallet encryption does nothing to mitigate those types of scenario
5139 2011-06-20 16:19:02 <PI_314> there are still client certificates (http://cs.uccs.edu/~cs526/secureWebAccess/secureWebAccess.htm)
5140 2011-06-20 16:19:02 <BlueMatt> sacarlson: well having it in bitcoin makes it >9k x better for noobs
5141 2011-06-20 16:19:13 <jrmithdobbs> i disagree
5142 2011-06-20 16:19:27 <jrmithdobbs> i still think that adding wallet crypto does more harm than good
5143 2011-06-20 16:19:36 <jrmithdobbs> false sense of security etc
5144 2011-06-20 16:19:37 <BlueMatt> K_F: true, but it could help in many other cases. Especially servers where you dont want to be able to send coins but want to accept them
5145 2011-06-20 16:19:43 <gmaxwell> K_F: also, if you assume a keylogger you can assume that they could pull the keys out of memory when you use your smartcard to decrypt them... so the marginal improvement there isn't fantastic.
5146 2011-06-20 16:19:53 T_X has joined
5147 2011-06-20 16:20:01 <jrmithdobbs> BlueMatt: you don't need to have a client online *at all* to accept them so that's a worthless use case
5148 2011-06-20 16:20:02 <AntiVigilante> jrmithdobbs: there are a variety of scenarios
5149 2011-06-20 16:20:06 karnac has quit (Ping timeout: 258 seconds)
5150 2011-06-20 16:20:13 <BlueMatt> if someone has access to run whatever the hell they want on your machine when you are sending coins, you are screwed...period
5151 2011-06-20 16:20:16 <gmaxwell> BlueMatt: the server case is addressed better by the type-2 determinstic wallets I proposed.
5152 2011-06-20 16:20:29 <emock> well, hopefully, people will realize that encrypting wallet doesn't remove the need to back it up
5153 2011-06-20 16:20:41 phearful has joined
5154 2011-06-20 16:20:52 <sipa> emock: on the contrary... encrypted wallets make backups a lot more feasable
5155 2011-06-20 16:21:02 <jrmithdobbs> and *more* necessary
5156 2011-06-20 16:21:03 <AntiVigilante> someone stealing your flash disk
5157 2011-06-20 16:21:09 <BlueMatt> gmaxwell: you mean deterministic calculation of all the keys you will ever have in your wallet...I really disagree with that
5158 2011-06-20 16:21:17 <BlueMatt> gmaxwell: then they dont even need your wallet, just the pw
5159 2011-06-20 16:21:21 <jrmithdobbs> BlueMatt: no not what he means at all
5160 2011-06-20 16:21:22 <gmaxwell> BlueMatt: No. Jesus.
5161 2011-06-20 16:21:31 <emock> yea, I'm just saying that 'safe' wallet needs at least encryption and backup
5162 2011-06-20 16:21:34 <gmaxwell> BlueMatt: http://forum.bitcoin.org/index.php?topic=19137.0 I know I'm wordy, but this isn't long.
5163 2011-06-20 16:21:36 <BlueMatt> oh, sorry well where did you post this
5164 2011-06-20 16:22:02 <emock> and I worry that people might think the client is now making their wallet 'safe'
5165 2011-06-20 16:22:21 <gmaxwell> ^there. I don't agree with purely password based determinstic wallets. But stored blob based ones should be fine.
5166 2011-06-20 16:22:21 vorlov has joined
5167 2011-06-20 16:22:32 <sacarlson> BlueMatt: I can't argue that and it can't be too hard to add something at least as an option, I had some simple encryption methods I used in ruby just to have passwords kept safe
5168 2011-06-20 16:22:34 Mookman288 has joined
5169 2011-06-20 16:22:54 da2ce7 has quit (Read error: Connection reset by peer)
5170 2011-06-20 16:22:58 Sylph has joined
5171 2011-06-20 16:23:00 <pasky> Hmm, I had a 0.16 balance on one account, so I did 0.16 transaction to different address, and now that account shows balance -0.01 since apparently, bitcoind decided to automatically throw in 0.01 transaction fee. What happens now? Will the transaction go through? How can the balance go to negative numbers? If the transaction will not go through, how to repair this?
5172 2011-06-20 16:23:19 da2ce7 has joined
5173 2011-06-20 16:23:30 <gmaxwell> pasky: accounts can go negative, because they are just bookkeeping.
5174 2011-06-20 16:23:32 <Cryo> format your harddrive, you aren't allowed on the Internet any more
5175 2011-06-20 16:23:34 <BlueMatt> gmaxwell: well I still disagree with that, if you wallet is stolen, and then a year later the attacker goes back and sees if you have new coins, you are fucked...currently you are fine
5176 2011-06-20 16:23:50 Mookman288 has left ()
5177 2011-06-20 16:23:51 <jrmithdobbs> gmaxwell: your type-2 example is still pretty damned awesome ;p
5178 2011-06-20 16:24:03 <pasky> gmaxwell: Ok, but the transaction is for -0.16 + -0.01 on account that has just -0.16, won't my peers reject that?
5179 2011-06-20 16:24:16 <pasky> gmaxwell: or will it be simply considered as if there would be no fee?
5180 2011-06-20 16:24:29 hwolf has quit ()
5181 2011-06-20 16:24:29 krekbwoy has quit (Read error: Connection reset by peer)
5182 2011-06-20 16:24:36 <gmaxwell> BlueMatt: Yes, thats the tradeoff. I think thats a smaller risk. Also, you _could_ create a determinstic wallet that rotated itself every time you hit backup. (though you'd lose the small size advantage)
5183 2011-06-20 16:24:36 <Cryo> ah, qr-code.. excellent idea.
5184 2011-06-20 16:24:37 terracotta has quit (Ping timeout: 240 seconds)
5185 2011-06-20 16:24:38 <UukGoblin> pasky, it'd get rejected
5186 2011-06-20 16:24:47 <pasky> (eh, the s/account that has just -0.16/address that had just 0.16/)
5187 2011-06-20 16:25:00 <BlueMatt> UukGoblin: stop trolling
5188 2011-06-20 16:25:01 <jrmithdobbs> BlueMatt: i think that attack scenario is contrived
5189 2011-06-20 16:25:01 <dsockwell> well i compiled with the nosync flags, it doesn't seem to be any better
5190 2011-06-20 16:25:05 <gmaxwell> pasky: it didn't just send from one address.
5191 2011-06-20 16:25:07 <BlueMatt> also pasky support chan is #bitcoin ;)
5192 2011-06-20 16:25:11 <jrmithdobbs> BlueMatt: if your wallet is stolen you will most likely know fairly quickly.
5193 2011-06-20 16:25:25 <UukGoblin> BlueMatt, lol sorry ;-]
5194 2011-06-20 16:25:26 rasengan has quit (Quit: <3)
5195 2011-06-20 16:25:41 <jrmithdobbs> BlueMatt: once it's known that the wallet is stolen the *reasonable* thing to do is to immediately create a new wallet and send all funds to it anyways
5196 2011-06-20 16:25:43 <nameless> !~root@weowntheinter.net|Truth be told, wallet.dat is very insecure
5197 2011-06-20 16:25:48 triplex has quit (Quit: Page closed)
5198 2011-06-20 16:26:02 <pasky> BlueMatt: that one is so hopelessly off-topic with mtgox discussions though
5199 2011-06-20 16:26:05 <gmaxwell> jrmithdobbs: I don't know. He's right that its the compromise. But I think users are already far more likely to lose coins via inadequate backup than theft. Moreover, wallet encryption will drastically reduce the exposure from theft.
5200 2011-06-20 16:26:07 <BlueMatt> nameless|: thats why web-based wallets would be much better
5201 2011-06-20 16:26:11 syke has quit ()
5202 2011-06-20 16:26:16 <nameless> !~root@weowntheinter.net|I've often thought what the implications on bitcoin would be if someone wrote a virus or a worm that stole wallet.dat
5203 2011-06-20 16:26:17 <BlueMatt> pasky: well every bitcoin chan usually is
5204 2011-06-20 16:26:41 jivvz has quit (Quit: Lämnar)
5205 2011-06-20 16:26:41 <gmaxwell> BlueMatt: Ahem. Mtgox was, in most relevant ways, a web based wallet.
5206 2011-06-20 16:26:46 BTCTrader has joined
5207 2011-06-20 16:26:48 <nameless> !~root@weowntheinter.net|Or create a rouge installer witha clause in the EULA that the licensing fee for the program is all wallet.dat files on the system
5208 2011-06-20 16:26:49 <copumpkin> next up on sensationalist news website: "two #bitcoin-dev ops agree: bitcoin is destined to fail because of security issues"
5209 2011-06-20 16:26:53 <pasky> gmaxwell: I'm sorry, I don't understand.
5210 2011-06-20 16:26:57 <BlueMatt> jrmithdobbs: yea, but I just dont know; it could make sense for some people, but for the majority I just dont think it is the best way
5211 2011-06-20 16:27:04 jivvz has joined
5212 2011-06-20 16:27:05 <TradehillRules> nameless|, http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours
5213 2011-06-20 16:27:07 <nameless> !~root@weowntheinter.net|copumpkin: nah
5214 2011-06-20 16:27:10 <copumpkin> :)
5215 2011-06-20 16:27:12 BTCTrader is now known as Guest43775
5216 2011-06-20 16:27:15 <BlueMatt> gmaxwell: well, the need for more secure bitcoin web-based wallets...
5217 2011-06-20 16:27:28 sytse has quit (Read error: Connection reset by peer)
5218 2011-06-20 16:27:30 <gmaxwell> pasky: I know, and I'm sorry. but I'd like to finish this other conversation before I go explaining it to you. :) If you can hang around a bit I will.
5219 2011-06-20 16:27:35 fimp has joined
5220 2011-06-20 16:27:38 <pasky> sure
5221 2011-06-20 16:27:44 <sipa> BlueMatt: what do you think about my last post in the thread?
5222 2011-06-20 16:27:50 <jrmithdobbs> BlueMatt: i think combined with properly implemented wallet encryption it reduces backup headaches enough to outweigh that unlikely attack scenario
5223 2011-06-20 16:28:09 <jrmithdobbs> gmaxwell: it's definitely a risk but: what I just said
5224 2011-06-20 16:28:13 <sipa> (i suppose you'll say "too complicated", but i believe this is something that should be done right)
5225 2011-06-20 16:28:14 <nameless> !~root@weowntheinter.net|TradehillRules: Well damn, I've been beat to my idea
5226 2011-06-20 16:28:24 <AntiVigilante> gmaxwell: how does Type 2 fare in preventing someone from accusing you of something you didn't do
5227 2011-06-20 16:28:33 zelyony has joined
5228 2011-06-20 16:28:34 abragin has quit (Ping timeout: 264 seconds)
5229 2011-06-20 16:28:43 <K_F> I wonder how many will loose their coins because of missed passwords in an encrypted wallet
5230 2011-06-20 16:28:47 <gmaxwell> BlueMatt: So anyways, on the determinstic wallets: Don't you think that the encryption mostly closes the delayed theft risk? Does my point re: more likely to lose due to inadequate backups vs theft make sense to you?
5231 2011-06-20 16:28:52 <K_F> in a "mass-user scenario"
5232 2011-06-20 16:28:55 <gmaxwell> K_F: probably more than due to theft. But ::shrugs::.
5233 2011-06-20 16:29:07 <emock> I suspect most people won't know their wallet was stolen until their coins are gone
5234 2011-06-20 16:29:16 <K_F> gmaxwell: exactly.. :)
5235 2011-06-20 16:29:21 <gmaxwell> Users would rather have failures they control (forgetting) than failures someone else controls (theft).
5236 2011-06-20 16:29:32 <jrmithdobbs> agreed
5237 2011-06-20 16:29:40 <BlueMatt> sipa: well the passphrase stuff isnt theoretically dangerous as it doesnt commit until after its all done anyway...I still prefer individual encryption because Im lazy and dont feel like coding more
5238 2011-06-20 16:29:44 abragin has joined
5239 2011-06-20 16:29:53 <AntiVigilante> however forgetting is harder to reverse than theft
5240 2011-06-20 16:29:54 zelyony has left ()
5241 2011-06-20 16:29:55 sytse has joined
5242 2011-06-20 16:29:57 <K_F> indeed, but a proper use case might be to have a non-encrypted wallet stored off somewhere very safe before encrypting it on the day-to-day device
5243 2011-06-20 16:30:13 <jrmithdobbs> BlueMatt: your current passphrase "hardening" is deterministic and parallelizable
5244 2011-06-20 16:30:16 <K_F> so an encryption scheme probably shouldn't disallow that behavior
5245 2011-06-20 16:30:18 <BlueMatt> jrmithdobbs: most users dont backup so...
5246 2011-06-20 16:30:24 <AntiVigilante> how many coins are lost to backup over malfunction
5247 2011-06-20 16:30:35 <emock> but users are accustomed to blaming themselves for forgetting a password
5248 2011-06-20 16:30:45 <gmaxwell> AntiVigilante: Hm. I'm not seeing the risk there. The primary risk of type-2 is that someone can steal the address generating keys and find out what addresses of yours are connected.
5249 2011-06-20 16:30:55 <UukGoblin> emock, they still expect a "Forgot your password?" link though ;-]
5250 2011-06-20 16:31:01 <gmaxwell> emock: also accustomed to recovery.
5251 2011-06-20 16:31:03 <BlueMatt> gmaxwell: encryption closes delayed-theft: no, I dont see how if they also got a pw, and I didnt see a backup vs theft argument?
5252 2011-06-20 16:31:19 IncitatusOnWater has quit (Ping timeout: 255 seconds)
5253 2011-06-20 16:31:27 <jrmithdobbs> BlueMatt: backup vs theft argument is in the thread he linked
5254 2011-06-20 16:31:30 <BlueMatt> jrmithdobbs: yep, and that will be changed eventually
5255 2011-06-20 16:31:39 <BlueMatt> arg I didnt read that far
5256 2011-06-20 16:31:46 <jrmithdobbs> BlueMatt: eventually needs to be before pull/push
5257 2011-06-20 16:31:48 <BlueMatt> eventually meaning before merge
5258 2011-06-20 16:31:50 PI_314 has left ()
5259 2011-06-20 16:31:55 <gmaxwell> BlueMatt: I think people are already more likely to lose their coins due to insufficient backups / hardware failures than due to theft. Certantly encryption shifts the balance away from theft.
5260 2011-06-20 16:31:57 TradehillRules is now known as Joric
5261 2011-06-20 16:32:01 csshih has quit (Ping timeout: 240 seconds)
5262 2011-06-20 16:32:13 <sipa> and the public eyes are definitely on theft now
5263 2011-06-20 16:32:23 <jrmithdobbs> and secure backups
5264 2011-06-20 16:32:29 <Joric> did anyone try to use mybitcoin merchant service?
5265 2011-06-20 16:32:35 <gmaxwell> BlueMatt: also, type-2 allows complete seperation of the private key data from a front end web server that only accepts payments.
5266 2011-06-20 16:32:37 <sipa> BlueMatt: even just for having the ability (not necessarily implemented right now) to have a function for adding additional passphrases later (unlocking codes, ...), is worth it to me
5267 2011-06-20 16:32:51 <sipa> BlueMatt: and i don't think laziness is an excuse, sorry
5268 2011-06-20 16:33:03 <midnightmagic> i wonder how much of the theft stuff is going to act as a feedback loop to encourage more theft.
5269 2011-06-20 16:33:08 <BlueMatt> its not, but it means Im not gonna write it...if you want to have fun though
5270 2011-06-20 16:33:13 <jrmithdobbs> midnightmagic: quite a bit
5271 2011-06-20 16:33:24 <jrmithdobbs> midnightmagic: it's scarily profitable
5272 2011-06-20 16:33:30 <gmaxwell> midnightmagic: this is why I've talked about herd immunity too.
5273 2011-06-20 16:33:41 <Joric> is it possible to reskin mybitcoin forms or get rid of them completely?
5274 2011-06-20 16:33:57 <jrmithdobbs> midnightmagic: with so little effort. Sit on irc bootstrap channel. Watch for connecting nodes. Run nessus. Rinse. Repeat.
5275 2011-06-20 16:34:00 <emock> thoughts on integrating wallet password with OS keychains?
5276 2011-06-20 16:34:06 <BlueMatt> sipa: thats also an interesting idea, but Im not so sure about doing that *in* bitcoin...that might be something that could be done in the wallet file format, but only in an advanced form of client imo
5277 2011-06-20 16:34:10 <jrmithdobbs> midnightmagic: whole thing can be automated trivially with a huge payoff.
5278 2011-06-20 16:34:18 <midnightmagic> jrmithdobbs: nessus is still the current top-open-source dog?
5279 2011-06-20 16:34:24 <sipa> BlueMatt: sure, i'm talking about the possibility
5280 2011-06-20 16:34:28 <jrmithdobbs> midnightmagic: just an example
5281 2011-06-20 16:34:28 da2ce7 has quit (Ping timeout: 255 seconds)
5282 2011-06-20 16:34:41 <midnightmagic> i use -noirc so I guess that specific vector doesn't apply to me.
5283 2011-06-20 16:34:47 <BlueMatt> sipa: hm, well that is a cool idea...
5284 2011-06-20 16:34:57 krekbwoy has joined
5285 2011-06-20 16:35:00 <gmaxwell> jrmithdobbs: arguably the wallet file name should be changed to secret_wallet_do_not_share.dat
5286 2011-06-20 16:35:04 <jrmithdobbs> midnightmagic: fine. Sit on p2p network. Wait for addr broadcasts. <see above>
5287 2011-06-20 16:35:09 <emock> specifically, should I include storing password in OSX keychain in my client?
5288 2011-06-20 16:35:27 <midnightmagic> that's why I said "specific"
5289 2011-06-20 16:35:30 <BlueMatt> sipa: well I suppose if Im gonna do random salt, it would fall in around the same class of stuff anyway...
5290 2011-06-20 16:35:34 <jrmithdobbs> midnightmagic: it's less trivial in that the p2p protocol does not have good external implementations, but that is slowly changing.
5291 2011-06-20 16:35:50 <Cryo> gmaxwell, excellent article
5292 2011-06-20 16:35:54 <gmaxwell> BlueMatt: Did you see sipa's proposal on the forums? I think it's pretty good.
5293 2011-06-20 16:36:00 <BlueMatt> sipa: arg, fine...Ill store it as a setting with the salt then too...this amount of work is just piling up
5294 2011-06-20 16:36:15 <jrmithdobbs> BlueMatt: it's not a trivial thing to do properly
5295 2011-06-20 16:36:18 <jrmithdobbs> you knew this going in
5296 2011-06-20 16:36:27 <Joric> did anyone stumble upon merchant service that doesn't need VPS? hate mybitcoin forms
5297 2011-06-20 16:36:46 <BlueMatt> jrmithdobbs: well aside from the random salt stuff, it pretty much is already properly done
5298 2011-06-20 16:36:59 <sipa> actually, i just realize a weakness
5299 2011-06-20 16:37:00 <BlueMatt> jrmithdobbs: the multi-key idea is a feature, and by no means a requirement
5300 2011-06-20 16:37:02 <jrmithdobbs> Joric: at this time, i cannot in good conscience recomend any web-based apis
5301 2011-06-20 16:37:16 <gmaxwell> pasky: okay. Hello! The accounts in the client are just for book keeping. When you send out it can use coins in any of the accounts/addresses your wallet has access to.
5302 2011-06-20 16:37:37 <sipa> some public keys are stored directly (not hashed) in the wallet
5303 2011-06-20 16:37:38 <BlueMatt> jrmithdobbs: and multi-key isnt something that is required to do it "right"
5304 2011-06-20 16:37:44 <Joric> jrmithdobbs because there's none
5305 2011-06-20 16:37:52 never_sleep has quit (Read error: Operation timed out)
5306 2011-06-20 16:37:56 <gmaxwell> pasky: so the only reason that balance could go negative was because you had positive balances in other accounts.
5307 2011-06-20 16:37:59 <jrmithdobbs> Joric: mtgox ;P
5308 2011-06-20 16:38:01 vragnaroda has quit (Disconnected by services)
5309 2011-06-20 16:38:02 <jrmithdobbs> lol
5310 2011-06-20 16:38:07 <sipa> that would remove the need for the ripemd160(sha256(pubkey)) to be done by an attacker to verify correctness
5311 2011-06-20 16:38:22 <midnightmagic> jrmithdobbs: i would say it's relatively trivial, all you have to do is patch the address grokker and have it write out individual IPs, or I guess just grep the debug.log when you first connect.
5312 2011-06-20 16:38:29 <gmaxwell> sipa: feh!
5313 2011-06-20 16:38:32 <sipa> now that's a minor part, as ec point, aes, and key strengthening remain
5314 2011-06-20 16:38:33 KillGuta has joined
5315 2011-06-20 16:38:35 <BlueMatt> sipa: yep, as it currently is all keys are stored as such
5316 2011-06-20 16:38:37 JamesBoo has joined
5317 2011-06-20 16:38:41 <jrmithdobbs> midnightmagic: good point
5318 2011-06-20 16:38:42 <JamesBoo> HAHAHHAHAHAH, did you guys see the CNBC article??????? They say Bitcoins are MORE PRONE TO INFLATION than the U.S. Dollar
5319 2011-06-20 16:38:44 <sipa> BlueMatt: in my proposal they aren't
5320 2011-06-20 16:38:45 <JamesBoo> Im still laughing, i read the article 35 minutes ago
5321 2011-06-20 16:38:53 <Joric> jrmithdobbs, no kidding, i was thinking about mtgox, but it delays transaction for a while
5322 2011-06-20 16:38:55 <sipa> and i know they currently are
5323 2011-06-20 16:38:57 <jrmithdobbs> JamesBoo: that's a personal blog of a cnbc reporter
5324 2011-06-20 16:39:04 <JamesBoo> hahahhhahah
5325 2011-06-20 16:39:08 never_sleep has joined
5326 2011-06-20 16:39:10 <JamesBoo> MORE PRONE TO INFLATION THAN THE US DOLLAR
5327 2011-06-20 16:39:11 <jrmithdobbs> Joric: i can't in good conscience recomend mtgox for *anything* right now
5328 2011-06-20 16:39:11 <gmaxwell> jrmithdobbs: well more are being "printed" right now than dollars, I suppose!
5329 2011-06-20 16:39:13 <BlueMatt> sipa: I see nothing about public keys in that post?
5330 2011-06-20 16:39:14 <JamesBoo> HAHAHAHAHHAHA
5331 2011-06-20 16:39:17 <jrmithdobbs> Joric: *especially* merchant services.
5332 2011-06-20 16:39:17 <JamesBoo> MORE PRONE TO INFLATION THAN THE US DOLLAR
5333 2011-06-20 16:39:19 <bobke> http://www.cnbc.com/id/43464477
5334 2011-06-20 16:39:21 <sipa> BlueMatt: but i'm talking about pubkeys inside txout scripts and keypool
5335 2011-06-20 16:39:22 <bobke> i think that is the article
5336 2011-06-20 16:39:38 ghtdak has joined
5337 2011-06-20 16:39:50 <BlueMatt> wait, am I reading a different post?
5338 2011-06-20 16:39:52 <Joric> i want some of those http://media.cnbc.com/i/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__COMPANY_IMAGES/B/bitcoin_candy_200.jpg
5339 2011-06-20 16:39:54 <BlueMatt> oh, I am
5340 2011-06-20 16:39:56 <BlueMatt> damn
5341 2011-06-20 16:40:02 <sipa> BlueMatt: http://forum.bitcoin.org/index.php?topic=8728.msg250739#msg250739
5342 2011-06-20 16:40:11 <BlueMatt> yea, I hadnt scrolled all the way down
5343 2011-06-20 16:40:19 <jrmithdobbs> sipa: oh good point, i guess my earlier thoughts about pre-computing ripemd160(sha256()) do actually apply
5344 2011-06-20 16:40:49 <midnightmagic> jrmithdobbs: I can recommend them. Given the completely lack of communication on the part of my bank when my details are divulged, I would say MT's got a pretty good track record.
5345 2011-06-20 16:40:58 davex___ has quit (Quit: Ex-Chat)
5346 2011-06-20 16:41:18 <ius> sipa: jumping in, might've missed stuff, but deriving AES IV using RIPEMD160(SHA256()) looks a bit silly to me - one hash should suffice?
5347 2011-06-20 16:41:21 davex__ has quit (Remote host closed the connection)
5348 2011-06-20 16:41:21 <Joric> damn, why they mention symantec stocks went up )
5349 2011-06-20 16:41:22 <jrmithdobbs> midnightmagic: fine by me. I can't. ;P
5350 2011-06-20 16:41:38 <emock> crazy thought (from a naive person): how about some kind of proof of work to access your coins?
5351 2011-06-20 16:41:41 <Joric> i can't in good conscience recomend symantec )
5352 2011-06-20 16:41:43 davex__ has joined
5353 2011-06-20 16:41:47 jargon has joined
5354 2011-06-20 16:41:47 jargon has quit (Changing host)
5355 2011-06-20 16:41:47 jargon has joined
5356 2011-06-20 16:41:55 <sipa> ius: of course one hash suffices, but you need to know the IV in advance
5357 2011-06-20 16:41:59 <midnightmagic> jrmithdobbs: You should! MT's success is the primary driver of btc's success in the last few months
5358 2011-06-20 16:41:59 <jrmithdobbs> emock: no, makes them unusable for their intended purpose
5359 2011-06-20 16:42:05 <gmaxwell> sipa: meh. just make the EVP harder and salted, and call it done. Forcing the rest to be in loop is nice, but its only worth it if its trivial.
5360 2011-06-20 16:42:07 mosimo has joined
5361 2011-06-20 16:42:26 <emock> jrmithdobbs: the coins unusable?
5362 2011-06-20 16:42:29 <jrmithdobbs> midnightmagic: not willing to overlook incompetence even in light of personal gain.
5363 2011-06-20 16:42:36 gjs278 has quit (Remote host closed the connection)
5364 2011-06-20 16:42:45 <jrmithdobbs> emock: yes. how do you propes doing proof of work for point of sale transactions, for instance.
5365 2011-06-20 16:42:55 <jrmithdobbs> propose
5366 2011-06-20 16:43:03 <sipa> gmaxwell: the reason for the ripemd160(sha256()) part is not actually for security, but to be able to map addresses to public key records
5367 2011-06-20 16:43:12 <ius> sipa: 'in advance'? How's that related? Just double hashing looks a bit useless. Doesn't add any significant security, and it's just an IV, as long as it's unpredictable it's fine
5368 2011-06-20 16:43:13 <sipa> gmaxwell: and that you can use it as IV is a nice shortcut
5369 2011-06-20 16:43:22 <jrmithdobbs> emock: requiring proof of work for spending is fine if you never want to see bitcoin used for anything but speculation.
5370 2011-06-20 16:43:37 <ius> oh
5371 2011-06-20 16:43:41 <jrmithdobbs> emock: but anything outside of that proof of work req for spending coins destroys bitcoin
5372 2011-06-20 16:43:41 <gmaxwell> sipa: ...Yea, I think we're desynced I'm not disagreeing with that.
5373 2011-06-20 16:43:47 <emock> jrmithdobbs: not sure⦠that's why it was a crazy idea. but people are smart and could probably figure something out
5374 2011-06-20 16:43:54 <sipa> gmaxwell: i'm not disagreeing with you either
5375 2011-06-20 16:43:55 JamesBoo has quit (Quit: Page closed)
5376 2011-06-20 16:44:28 <BlueMatt> sipa: how often does the client search through mapKeys not after a search of mapPubKeys?
5377 2011-06-20 16:45:19 <jrmithdobbs> emock: right, I was telling you why it wouldn't work ;)
5378 2011-06-20 16:45:40 <midnightmagic> jrmithdobbs: You haven't convinced me of any incompetence on MT's part. Your evidence is a single note that may or may not suggest MT completely groks both the concept of an absence of evidence *and* is able to convey that specific knowledge to others in a way that satisfies your concept of how he should be demonstrating it. About the only thing I've seen that should be improved is the site's reliance on outside contractor's to d
5379 2011-06-20 16:45:40 <midnightmagic> o their jobs without giving everyone's passwords away.
5380 2011-06-20 16:45:41 Mononofu has quit (Read error: Operation timed out)
5381 2011-06-20 16:45:51 <sacarlson> jrmithdobbs: that's why some people have thought of alternative crypto-currencies like http://forum.bitcoin.org/index.php?topic=9493.msg138247#msg138247
5382 2011-06-20 16:45:53 <emock> jrmithdobbs: but maybe it's just that we can't think of a way to make it work /at the moment/
5383 2011-06-20 16:46:02 gjs278 has joined
5384 2011-06-20 16:46:02 Kebert has joined
5385 2011-06-20 16:46:10 <jrmithdobbs> midnightmagic: i don't want to start this argument again. I stated an opinion. Clearly said it was such. The end.
5386 2011-06-20 16:46:21 <gmaxwell> meh. just make the EVP harder and salted, and call it done. Forcing the rest to be inside a bruteforcing loop is nice, but its only worth it if its trivial. Even with it the system is still vulnerable to brute forcing on FPGAs (which was why I was advocating scrypt), so it's not that big of an improvement over just setting the EVP rounds well.
5387 2011-06-20 16:47:18 <BlueMatt> sipa: so you are saying the client never needs the full public key, and thus we shouldnt bother storing it, just pull out the address so we know that when we need to look up privkey to sign and such?
5388 2011-06-20 16:47:37 <emock> i.e. proof of work could have a lifetime⦠and if you forgot to do the work before going shopping it would be like you forgot your 'real' wallet now-a-days
5389 2011-06-20 16:47:56 <midnightmagic> jrmithdobbs: I wouldn't even be mentioning it again if you didn't keep going on at length about how much you can't recommend the site and by extension, neither should anyone else.
5390 2011-06-20 16:47:59 <sipa> BlueMatt: actually, no
5391 2011-06-20 16:48:22 <sipa> wait
5392 2011-06-20 16:48:32 <BlueMatt> so...just do the ripemd160+sha for the hell of it to make it harder to brute?
5393 2011-06-20 16:48:33 <jrmithdobbs> midnightmagic: someone asked a specific question about merchant apis. It was relevant. I stated my opinion. which knight for tux somewhere else.
5394 2011-06-20 16:48:35 <ionspin> Somebody should start implementing secure wallets for mobile phones, i always feel like i forgot my money at home when i go to work :)
5395 2011-06-20 16:48:42 <jrmithdobbs> s/which/white/
5396 2011-06-20 16:48:45 <ionspin> and actually i did :)
5397 2011-06-20 16:48:48 <sipa> BlueMatt: the ripem160+sha is not for security
5398 2011-06-20 16:48:56 <sipa> it doesn't add anything really
5399 2011-06-20 16:48:57 <BurningToad> why does bitcoind getinfo show a different difficulty than bitcoinwatch, etc
5400 2011-06-20 16:49:00 <ius> midnightmagic: For example, what MT did not tell you was that they patched up a SQLi hole. _ANY_ organization practising sane security would inform their clients and take appropriate measures
5401 2011-06-20 16:49:04 <BlueMatt> sipa: so...why?
5402 2011-06-20 16:49:17 <sipa> BlueMatt: to be able to do a lookup of a key if you only have the address
5403 2011-06-20 16:49:18 <gmaxwell> BurningToad: because bitcoin watch is using an old bitcoind which was wrong.
5404 2011-06-20 16:49:22 <sipa> BlueMatt: for now, no issue
5405 2011-06-20 16:49:25 <midnightmagic> jrmithdobbs: lol So you can black knight without a challenge?
5406 2011-06-20 16:49:26 <midnightmagic> gimme a break
5407 2011-06-20 16:49:30 <sipa> BlueMatt: if you want to change it, go ahead
5408 2011-06-20 16:49:37 <jrmithdobbs> midnightmagic: see what ius just said for yet another example
5409 2011-06-20 16:49:38 <ius> midnightmagic: Look at Lastpass' proactive approach recently, imo they did pretty well by informing their users even though there was little compromised in the end
5410 2011-06-20 16:49:39 <BurningToad> ah ok, so mine is right, thanks!
5411 2011-06-20 16:49:52 <BlueMatt> I mean if we just do away with mapKeys+mapPubKeys and just do a mapKeys which goes from address -> privkey, fine, otherwise I see no huge advantage?
5412 2011-06-20 16:49:54 <midnightmagic> ius: How did this information come to light?
5413 2011-06-20 16:50:03 <BlueMatt> (Im not sure that that would be entirely hard)
5414 2011-06-20 16:50:09 <jrmithdobbs> midnightmagic: ius is the one who reported and worked with tux to confirm it was fixed.
5415 2011-06-20 16:50:13 <BlueMatt> probably wouldnt be too much work
5416 2011-06-20 16:50:32 <midnightmagic> ius: Any evidence of it being exploited?
5417 2011-06-20 16:50:33 <jrmithdobbs> ius: next time save us all the questioning and disclose fully immediately instead please ;P
5418 2011-06-20 16:50:39 <sipa> BlueMatt: i'm quite sure that is possible yes, to only have a address -> privkey map
5419 2011-06-20 16:50:40 <ius> midnightmagic: And it is still NOT impossible for an attacker to obtain a MySQL account via SQL injection - rather I'd say it's much more probably than his 'auditor' being compromised (nice scapegoat)
5420 2011-06-20 16:50:48 <ius> jrmithdobbs: ;)
5421 2011-06-20 16:50:54 <jrmithdobbs> midnightmagic: doesn't matter if there's proof it was exploited
5422 2011-06-20 16:51:03 <sipa> you only need the pubkey when verifying signatures, really
5423 2011-06-20 16:51:05 <midnightmagic> jrmithdobbs: I said "evidence", not "proof"
5424 2011-06-20 16:51:08 <jrmithdobbs> midnightmagic: tux has said REPEATEDLY over the last 24 hours that there was never an sqli exploit
5425 2011-06-20 16:51:16 <gmaxwell> presumably ius found it by exploiting it.
5426 2011-06-20 16:51:20 <sipa> and when you are, the pubkey is always stored in the scripts anyway
5427 2011-06-20 16:51:21 <BlueMatt> sipa: so...after all this it sounds like the best way is to start over on wallet class and do a recode
5428 2011-06-20 16:51:24 <ius> midnightmagic: No, but the SQLi scenario is much more probable than the auditor being compromised, given that it's not publically known who the party even is
5429 2011-06-20 16:51:33 <emock> jrmithdobbs be damned, I'm kinda liking this proof-of-work to unlock your wallet idea ;-)
5430 2011-06-20 16:51:51 linagee has quit (Ping timeout: 240 seconds)
5431 2011-06-20 16:52:02 <gmaxwell> emock: it's normally called strenghtening in the context of passwords.
5432 2011-06-20 16:52:06 <jrmithdobbs> emock: work out a more complete proposal, you may be on to something with pre-computed POW but i'm not sure that doesn't defeat the purpose ;P
5433 2011-06-20 16:52:26 <midnightmagic> ius: You appear to be doing the same thing jrmithdobbs is. Do you have specific knowledge of what brought MT to think an outside auditor was the leak based on faulty evidence?
5434 2011-06-20 16:52:27 <emock> yea, thinking it through better now...
5435 2011-06-20 16:52:28 <jrmithdobbs> gmaxwell: he's talking network-based pof req for spending coins
5436 2011-06-20 16:52:32 <BlueMatt> well...I suppose Ive got an hour now, might as well go get started...:(
5437 2011-06-20 16:52:34 <ius> Unless some attacker randomly stumbled upon the auditor's PC and found the MySQL credentials, I suspect it might be just be used as an excuse to blame another party
5438 2011-06-20 16:52:38 ionspin has quit (Quit: Leaving)
5439 2011-06-20 16:52:39 <gmaxwell> s/strenghtening/strengthening/
5440 2011-06-20 16:52:43 <lfm> ius: actually its more probable you are mistaken than MT is
5441 2011-06-20 16:52:46 <ius> midnightmagic: He stated so
5442 2011-06-20 16:52:46 <sipa> BlueMatt: that's up to you how to implement it
5443 2011-06-20 16:52:51 <jrmithdobbs> midnightmagic: no because he discloses nothing, ever, until publically ridiculed
5444 2011-06-20 16:53:21 <gmaxwell> jrmithdobbs: more likely that he knows nothing until publically ridiculed
5445 2011-06-20 16:53:24 linagee has joined
5446 2011-06-20 16:53:31 <midnightmagic> ius: Did he state specifically, "We know it was the auditor because we found X on his machine and Y evidence in the logs," or are you basing your conclusion SOLELY on the press release?
5447 2011-06-20 16:53:34 <gmaxwell> Assuming dishonesty is a greater assumption than ignorance.
5448 2011-06-20 16:53:35 <sipa> BlueMatt: if i were to do it, i guess i'd start on wallet class, and as a first step make implement a system where private keys can be unavailable (no new address generatable, ...)
5449 2011-06-20 16:53:53 <ius> lfm: Why? Failure to inform his users of the closed vuln does not inspire much confidence...
5450 2011-06-20 16:53:55 <jrmithdobbs> gmaxwell: trying to avoid explicitly stating my assumption of his incompetence in relation to this discussion ;P
5451 2011-06-20 16:54:20 <sipa> BlueMatt: then i guess you can modify CKeyStore to be in a 'locked' or 'unlocked' state
5452 2011-06-20 16:54:21 tixtax has joined
5453 2011-06-20 16:54:28 <lfm> ius cuz I dont know you as well
5454 2011-06-20 16:54:30 <ius> midnightmagic: Press release.
5455 2011-06-20 16:54:31 <midnightmagic> jrmithdobbs: So it's speculation, in other words.
5456 2011-06-20 16:54:34 <ius> "It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised"
5457 2011-06-20 16:54:50 <midnightmagic> ius: Yeah, so how do we know what he based his claim on? We know nothing. It's speculation.
5458 2011-06-20 16:54:57 <jrmithdobbs> gmaxwell: also it doesn't matter if it's incopetence vs dishonesty in this case, both are equally bad
5459 2011-06-20 16:54:58 <gmaxwell> ius: he said more about that in IRC as well, but didn't give details.
5460 2011-06-20 16:55:13 <ius> lfm: Are you questioning my claim of the site having been vulnerable to SQL injection? You may of course doubt me, that's fine. I would understand if you would trust MT more than me..
5461 2011-06-20 16:55:14 <sipa> BlueMatt: containing encrypted CPrivKey's, decrypting them on the fly when possible, failing otherwise
5462 2011-06-20 16:55:23 <gmaxwell> jrmithdobbs: I didn't say incompetence. You don't need to be incompent to not know when someone has copied your password table
5463 2011-06-20 16:55:27 neversleepy has joined
5464 2011-06-20 16:55:29 istat has joined
5465 2011-06-20 16:55:36 <dD0T> gmaxwell: I like stretching better ;-) It's not like the password itself gets stronger....
5466 2011-06-20 16:55:37 <ius> midnightmagic: Yeah that's why I think it's not the full story, but yet he said 'no SQLi was used'
5467 2011-06-20 16:55:48 <BlueMatt> sipa: yep, Ill go get started (for the third time)
5468 2011-06-20 16:55:55 peck has quit (Read error: Connection reset by peer)
5469 2011-06-20 16:55:55 <jrmithdobbs> gmaxwell: you need to be incompetant to give financial auditors access to user tables though
5470 2011-06-20 16:56:04 <sipa> BlueMatt: in any case, many thanks for wanting to do this
5471 2011-06-20 16:56:06 <jrmithdobbs> user *auth* tables
5472 2011-06-20 16:56:11 <ius> Off for dinner now, apparantly 'the guy who transfered the 500k' will be on that bitcoin show, hope that has anything new
5473 2011-06-20 16:56:13 <gmaxwell> jrmithdobbs: even if thy are auditing for market manipulation via sock accounts?
5474 2011-06-20 16:56:19 <lfm> ius: so did you access his passwords file?
5475 2011-06-20 16:56:21 <BlueMatt> sipa: meh, wtf else am I gonna waste my time on?
5476 2011-06-20 16:56:23 <jrmithdobbs> gmaxwell: auth tables
5477 2011-06-20 16:56:35 <sipa> BlueMatt: haha
5478 2011-06-20 16:56:41 <jrmithdobbs> gmaxwell: and if your auth and acct data tablesa re the same that's just a different type of incompetence ;P
5479 2011-06-20 16:56:44 <dD0T> jrmithdobbs: If the guy says "I need access to all of the data" and someone clicks "all" in his phpmyadmin...
5480 2011-06-20 16:56:45 <gmaxwell> BlueMatt: you could argue with idiots on irc instead?
5481 2011-06-20 16:56:46 vokoda has joined
5482 2011-06-20 16:57:06 <BlueMatt> gmaxwell: coding is a ton more fun in that case...
5483 2011-06-20 16:57:09 <Cryo> erf phpmyadmin ftl
5484 2011-06-20 16:57:13 <ius> lfm: I only confirmed that it was injectable, I'm /assuming/ it had at least access to the full frontend database
5485 2011-06-20 16:57:28 <gmaxwell> ius: where was it injectable?
5486 2011-06-20 16:57:34 <lfm> ius oh so you dont know either
5487 2011-06-20 16:57:45 <ius> gmaxwell: Some claims page.. mtgox.com/claim?token=<inj>
5488 2011-06-20 16:58:11 <gmaxwell> ius: makes sense that it would have auth table access from there, I guess.
5489 2011-06-20 16:58:14 <ius> lfm: It's a reasonable assumption for it to have access to all tables, especially since it was looking for an email address
5490 2011-06-20 16:58:19 <jrmithdobbs> midnightmagic: ps: here's some fun results from site:pastebin.com magicaltux
5491 2011-06-20 16:58:19 never_sleep has quit (Ping timeout: 260 seconds)
5492 2011-06-20 16:58:24 <jrmithdobbs> midnightmagic: http://pastebin.com/8utWDqaY
5493 2011-06-20 16:58:30 * jgarzik wakes up
5494 2011-06-20 16:58:31 <dD0T> ius: Not to users tables
5495 2011-06-20 16:58:31 <ius> Anyway, dinner.
5496 2011-06-20 16:58:36 <jrmithdobbs> midnightmagic: http://pastebin.com/vr36QvX0
5497 2011-06-20 16:58:47 <lfm> ius yup, you're assuming, just like you're accusing someone else of assuming
5498 2011-06-20 16:58:51 <dD0T> ius: That would just be pure fail. Would've had to run as root to be that open
5499 2011-06-20 16:59:01 sherpishoru has joined
5500 2011-06-20 16:59:35 <ius> dD0T: Could be
5501 2011-06-20 16:59:41 <Wuked> any forum admins about ?
5502 2011-06-20 17:00:05 <ius> lfm: Yes, SQli being used is an assumption on my part - not going to deny that
5503 2011-06-20 17:00:16 Obehsh has joined
5504 2011-06-20 17:00:37 <ius> lfm: But he didn't disclose the vuln and his response suggested he wasn't really taking things serious
5505 2011-06-20 17:02:01 Mononofu has joined
5506 2011-06-20 17:02:11 <ius> lfm: For example, reasoning that the users being compromised was not his fault cause the correct password was used to login
5507 2011-06-20 17:02:43 p0s has left ("Konversation terminated!")
5508 2011-06-20 17:03:18 <ius> Doesn't tell you much if your DB /could/ have leaked via SQLi. Fact is there was a hole, and unless he had full request/response logs you can't tell whether or not info leaked
5509 2011-06-20 17:03:51 <ius> As said before, I 'hope' the guy who was playing with the funds is the same guy who compromised the DB, so we can hear his part of the story
5510 2011-06-20 17:04:26 peck has joined
5511 2011-06-20 17:04:36 kika_ has joined
5512 2011-06-20 17:04:59 <kika_> does anyone know how diffie hellman key exchange is used?
5513 2011-06-20 17:05:08 dukeleto has quit (Excess Flood)
5514 2011-06-20 17:05:16 <Juggie> can this exchange be trusted again though.
5515 2011-06-20 17:05:25 <upb> ius: wow where is it going to be ?
5516 2011-06-20 17:05:32 <ius> dD0T: re: users tables - correct, but don't you agree the external auditor being compromised is an improbable vector too?
5517 2011-06-20 17:05:34 <Guest43775> kikia_ http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
5518 2011-06-20 17:05:41 dukeleto has joined
5519 2011-06-20 17:05:42 <ius> upb: http://onlyonetv.com/ - Bruce's show
5520 2011-06-20 17:05:45 <upb> ah thx
5521 2011-06-20 17:05:47 <ius> In 55min apparantly
5522 2011-06-20 17:05:47 <dD0T> gmaxwell: wtf @ http://forum.bitcoin.org/index.php?topic=8728.40 ...please tell me you could convince them via some other channel.
5523 2011-06-20 17:06:04 <kika_> Guest43775: yes i already readed it
5524 2011-06-20 17:06:27 DrewSJ has joined
5525 2011-06-20 17:06:27 d1g1t4l has quit (Remote host closed the connection)
5526 2011-06-20 17:07:19 gsathya has joined
5527 2011-06-20 17:07:47 * emock thinks MagicalTux handled the fallout pretty well considering. If MtGox dies he might have a career in PR.
5528 2011-06-20 17:08:01 <jgarzik> jrmithdobbs: boy that's a whole lot of genjix hyperventilating + pimping his exchange softwares :)
5529 2011-06-20 17:08:10 <gmaxwell> dD0T: I think sipa convinced BlueMatt in this channel to go work on it. At least we'll get stretching.
5530 2011-06-20 17:08:18 <emock> jgarzik: my thoughts exactly
5531 2011-06-20 17:08:31 <gmaxwell> er salted stretching..
5532 2011-06-20 17:08:41 mrtnt1 has joined
5533 2011-06-20 17:08:44 joecool has quit (Remote host closed the connection)
5534 2011-06-20 17:09:15 <BlueMatt> gmaxwell dD0T well I had already said yesterday or the day before that I would do salt stuff when I get around to it after rebase
5535 2011-06-20 17:09:29 <upb> kika_: in a few words it is used to agree on a secret key over a channel that doesnt provide confidentiality :)
5536 2011-06-20 17:09:30 <emock> having those kinds of discussions on irc where what people type can be interpreted in so many ways is just stupid
5537 2011-06-20 17:09:38 Speeder has joined
5538 2011-06-20 17:09:39 <dD0T> gmaxwell: Good... BlueMatt == TheBlueMatt from the patch?
5539 2011-06-20 17:09:45 <BlueMatt> and Matt Corallo
5540 2011-06-20 17:09:56 <dD0T> I see
5541 2011-06-20 17:10:21 <kika_> upb: yes but im wondering how you prevent man in the middle attack, i mean how do you know that the other party is who you expect it to be? using PKI right?
5542 2011-06-20 17:10:24 <kika_> upb: and signatures?
5543 2011-06-20 17:10:31 <gmaxwell> dD0T: Though I won't hold my breath on getting a better iteration count, and it sounds like gpu/fpga resistant is right out. Though if it codes a keying type, I'll do a patch for swapping out the EVP with scrypt.
5544 2011-06-20 17:10:32 fimp has quit (Quit: This computer has gone to sleep)
5545 2011-06-20 17:10:39 <midnightmagic> jrmithdobbs: Where did those logs come from?
5546 2011-06-20 17:10:40 lessPlastic has joined
5547 2011-06-20 17:10:54 joecool has joined
5548 2011-06-20 17:11:11 <upb> kika_: yes the dh-kex itself doesnt provide that
5549 2011-06-20 17:11:14 <BlueMatt> gmaxwell: it? in any case, if you disagree that scrypt is better than EVP, reopen that debate as I said, otherwise EVP it is
5550 2011-06-20 17:11:25 <sipa> gmaxwell, BlueMatt: well i suppose it's possible to add some "derivation type" field to mkey's VAL as well
5551 2011-06-20 17:11:42 <midnightmagic> jrmithdobbs: nevermind, I see the channel name now.
5552 2011-06-20 17:11:52 gim has joined
5553 2011-06-20 17:11:54 <sipa> satoshi has version numbers and bytes all over the place, and rightfully so, i think
5554 2011-06-20 17:11:56 <gmaxwell> BlueMatt: I don't think there is any dispute about it being better, the only thing to dispute is if its worth the additional code size.
5555 2011-06-20 17:11:58 <sipa> maybe we should do the same
5556 2011-06-20 17:12:10 <kika_> upb: so to provide that i need to sign the numbers exchanged for diffie hellman by using a signature algoritm, right?
5557 2011-06-20 17:12:22 <midnightmagic> jrmithdobbs: is that log from you or from someone like genjix?
5558 2011-06-20 17:12:23 <BlueMatt> gmaxwell: and the EVP is more established for common use than scrypt thing
5559 2011-06-20 17:12:37 <BlueMatt> gmaxwell: new software is the opposite of security, no matter how cool it looks
5560 2011-06-20 17:12:42 chaord has left ()
5561 2011-06-20 17:12:49 <sipa> personally, i'm not sure if scrypt is worth it *right now*
5562 2011-06-20 17:12:59 <sipa> but next year we may be convinced otherwise
5563 2011-06-20 17:13:04 <kika_> upb: do you know what can provide me that?
5564 2011-06-20 17:13:10 jargon has quit (Ping timeout: 255 seconds)
5565 2011-06-20 17:13:29 <midnightmagic> i will guess genjix is the source of that log.
5566 2011-06-20 17:13:53 Guest43775 is now known as BTCTrader
5567 2011-06-20 17:14:24 <gmaxwell> I'm not advancing it as "cool", I'm advancing it because 1000 iterations of sha-256 is _clearly_ not enough, especially since our project has resulted in fast gpu code that can give a nice 100x speedup on that algorithim.
5568 2011-06-20 17:14:31 <BlueMatt> in any case, if random salts + privkey constant removal is done, then using scrypt provides little advantage as brute force is already slow as hell
5569 2011-06-20 17:15:25 gsathya has quit (Ping timeout: 255 seconds)
5570 2011-06-20 17:15:27 <BlueMatt> no, bitcoin sha256 is highly optimized in a specific case, not a general one
5571 2011-06-20 17:15:35 <BlueMatt> so the optimizations (or most of them) dont apply here
5572 2011-06-20 17:15:36 <sipa> gmaxwell: right, but unless you can get the ec and aes parts in the parallel hardware as well, you want be much with your 6 Thash/s sha256 cracker
5573 2011-06-20 17:15:40 <sipa> won't be
5574 2011-06-20 17:15:42 <gmaxwell> ...
5575 2011-06-20 17:15:53 <gmaxwell> BlueMatt: Thats why I said 100x and not 300x.
5576 2011-06-20 17:16:13 <BlueMatt> not even close to that much
5577 2011-06-20 17:16:23 <sipa> no point in arguing about this
5578 2011-06-20 17:16:25 <gmaxwell> sipa: the EC point multiply takes about 3400 xors.
5579 2011-06-20 17:16:29 zzz04 has joined
5580 2011-06-20 17:16:53 zzz04 has left ()
5581 2011-06-20 17:17:00 kreal- has quit (Ping timeout: 260 seconds)
5582 2011-06-20 17:17:05 <sipa> gmaxwell: a lot more, i believe
5583 2011-06-20 17:17:10 <gmaxwell> BlueMatt: yes, that much, the only speedup the miner code gets is on the inital expansion and on cutting a few rounds off the end. And it's 300MH on a gpu vs 1MH on a cpu.
5584 2011-06-20 17:17:23 <sipa> but that's not really the point
5585 2011-06-20 17:17:44 <sipa> gmaxwell is absolutely right that bitcoin has already shown that hardware assisted sha cracking is very feasible
5586 2011-06-20 17:17:46 <pasky> gmaxwell: Ok, I can see it in http://blockexplorer.com/tx/4e3779b9f66a6dde0151ff408ffec6d49e39027c1e5e26e5cc9b8131c6be048a now - apparently, even if I did sendfrom <accountname>, bitcoind happily pulled out the missing balance from address in different account _and_ paid a fee even though I did not configure bitcoind to pay any fees - ain't both strange?
5587 2011-06-20 17:17:55 <upb> kika_: better look at how TLS does it
5588 2011-06-20 17:18:03 <sipa> and we should take that into account
5589 2011-06-20 17:18:07 <midnightmagic> jrmithdobbs: that is a fucking brutal set of logs if true.
5590 2011-06-20 17:18:15 <gmaxwell> pasky: I explained that the accounts are just for local bookeeping, it did what it was supposted to do.
5591 2011-06-20 17:18:18 kreal- has joined
5592 2011-06-20 17:18:31 <midnightmagic> jrmithdobbs: Did you just see those now or have you known about those for longer?
5593 2011-06-20 17:18:40 <pasky> gmaxwell: ok, so if i want to keep my funds truly separated i should use separate wallets?
5594 2011-06-20 17:18:52 <gmaxwell> sipa: right, the exact numbers aren't really relevant. It's a big speedup.
5595 2011-06-20 17:18:55 <gmaxwell> pasky: right.
5596 2011-06-20 17:19:14 <sipa> but i'm just not sure if scrypt is currently the right thing to do
5597 2011-06-20 17:19:20 <gmaxwell> sipa: I buy that.
5598 2011-06-20 17:19:30 <gmaxwell> sipa: It should be possible to change it in the future however.
5599 2011-06-20 17:19:34 <sipa> gmaxwell: agree
5600 2011-06-20 17:19:43 <pasky> gmaxwell: hmh... one more motivation to start implementing my own bitcoin client then :)
5601 2011-06-20 17:19:51 <pasky> gmaxwell: thanks for help!
5602 2011-06-20 17:19:56 <sipa> i would already feel better if it wasn't sha256 used right now for key strengthening
5603 2011-06-20 17:19:59 <gmaxwell> (without having hideous rewriting logic)
5604 2011-06-20 17:20:17 <slush> pasky: rika se tomu 'coin selection' a pozadavek na manualni ovlivneni algoritmu je tady celkem casto
5605 2011-06-20 17:20:34 <slush> pasky: lepsi by bylo naprgat to do oficialniho klienta nez delat vlastniho ;)
5606 2011-06-20 17:20:34 lessPlastic has quit (Quit: lessPlastic)
5607 2011-06-20 17:20:49 <BlueMatt> fair enough, yea version/key derivation int will be included, but scrypt is definitely not the right choice atm
5608 2011-06-20 17:20:50 <pasky> slush: kdyz on je ten oficialni klient desna prasarna na hodne urovnich
5609 2011-06-20 17:20:53 <gmaxwell> sipa: yes. Using the hash our own project has result in good GPU code for, but not actually being able to use that code for normal users is... very unfortunate.
5610 2011-06-20 17:21:01 <slush> hmm
5611 2011-06-20 17:21:56 <gmaxwell> BlueMatt: Also, when you do thatâ code the iteration count for the EVP. Even if you don't feel like doing the benchmarking and autosetting part on your own, it would be a simple patch which someone else will do. (e.g. me)
5612 2011-06-20 17:21:58 <pasky> slush: ale asi by bylo produktivnejsi zacit cleanupovat nez prepisovat
5613 2011-06-20 17:21:59 <BlueMatt> sending is already slow, making one do 10k EVP rounds instead of 1k would slow it down too much
5614 2011-06-20 17:22:14 <gmaxwell> BlueMatt: have you benchmarked it?
5615 2011-06-20 17:22:19 <BlueMatt> but yea, round count can be in there
5616 2011-06-20 17:22:23 <sivu> is the contract support being worked on into the client?
5617 2011-06-20 17:22:27 <BlueMatt> only in regular usage, never manually
5618 2011-06-20 17:22:37 <sipa> BlueMatt, gmaxwell: in jgarzik's scratchoff patch there was a very nice sha512 based derivation function
5619 2011-06-20 17:22:44 <BlueMatt> ie never real benchmark
5620 2011-06-20 17:22:47 <sipa> which Hal called good but overkill
5621 2011-06-20 17:23:01 <BlueMatt> overkill is always good
5622 2011-06-20 17:23:10 <slush> pasky: narazis na velky odpor lidi, kteri maji panicky strach ze zmen v kodu, nepokryteho 100% testy :) jo a asi neni slusny bavit se tady cesky ;)
5623 2011-06-20 17:23:11 soap has quit (Ping timeout: 240 seconds)
5624 2011-06-20 17:23:17 <BlueMatt> as is over-conservative
5625 2011-06-20 17:23:33 <pasky> slush: tys zacatl ;)
5626 2011-06-20 17:23:36 joecool has quit (Remote host closed the connection)
5627 2011-06-20 17:23:37 <sipa> run that for 0.2s, and store the resulting iteration count
5628 2011-06-20 17:23:39 <gmaxwell> BlueMatt: I'm measuring sha256 here and getting 500k full runs per second on my laptop. I don't see 10k in evp being a big issue.
5629 2011-06-20 17:23:47 <slush> pasky: ok, let's continue in english ;)
5630 2011-06-20 17:24:01 pensan has joined
5631 2011-06-20 17:24:03 <pasky> slush: perhaps then the code not 100% covered by tests should go away :)
5632 2011-06-20 17:24:03 maikmerten has joined
5633 2011-06-20 17:24:22 <slush> pasky: then rm -rf bitcoin/
5634 2011-06-20 17:24:26 fujiwos has joined
5635 2011-06-20 17:24:58 <gmaxwell> sipa: http://yyz.us/bitcoin/patch.bitcoin-scratch-card
5636 2011-06-20 17:25:02 DiSTANT187 has joined
5637 2011-06-20 17:25:12 <gmaxwell> it's 2x SHA-256, 1x SHA-512 per round.
5638 2011-06-20 17:25:20 <sipa> gmaxwell: that's the one i mean, yes
5639 2011-06-20 17:25:23 <gmaxwell> and he was doing 108333 rounds. :)
5640 2011-06-20 17:25:31 <gmaxwell> I like that.
5641 2011-06-20 17:25:51 <BlueMatt> sipa: sha512 108333 times?
5642 2011-06-20 17:25:59 <gmaxwell> BlueMatt: the issue with send speed is why I suggested two parts. One part is slow and saved in memory so it only fires off on the first time you send.
5643 2011-06-20 17:26:14 <sipa> BlueMatt: have a look at the function in the patch
5644 2011-06-20 17:26:38 ionspin has joined
5645 2011-06-20 17:26:46 <sipa> somehow i would expect the salt to appear inside the loop as well
5646 2011-06-20 17:26:54 <sipa> anyone know why not?
5647 2011-06-20 17:27:03 <BlueMatt> gmaxwell: which suggestion is this?
5648 2011-06-20 17:27:31 <pasky> slush: oh, okay :)
5649 2011-06-20 17:27:39 <gmaxwell> BlueMatt: when I was suggesting scrypt on the forum:
5650 2011-06-20 17:27:39 <gmaxwell> I'd suggest instead that it be changed to use
5651 2011-06-20 17:27:39 <gmaxwell> A = scrypt(salt||password, 4 seconds)
5652 2011-06-20 17:27:39 <gmaxwell> key = scrypt(A||password, 10ms)
5653 2011-06-20 17:27:40 <gmaxwell> and simply save A in mlocked memory so that the high delay only happens the first send during a bitcoin session. (the second step could just as easily be BytesToKey if you want... it's just there to make searching memory of long running daemons unprofitable)
5654 2011-06-20 17:27:53 <gmaxwell> but this could be done with EVP or jgarzik's function or whatever.
5655 2011-06-20 17:28:29 <sipa> 4s is a bit much, but i like the time-based iterating
5656 2011-06-20 17:28:50 <gmaxwell> The point is that you have a really expensive function which only nails you once. Then its output is saved in memory. You still need to provide the key per send but it only takes 10ms per send after the first.
5657 2011-06-20 17:28:56 <sipa> also, that sha512 based function gives you 512 bits output -> 256 bit key, 256 bit IV
5658 2011-06-20 17:29:14 <gmaxwell> sipa: I picked a crazy number just so someone could be more reasonable and argue for half that. :)
5659 2011-06-20 17:29:20 kish_ has quit (Remote host closed the connection)
5660 2011-06-20 17:29:27 <sipa> gmaxwell: right, but each time you open your wallet, it would be 4s
5661 2011-06-20 17:29:32 <WildSoil> For a more secure alternative to Mt Gox, the community appears to be moving to TradeHill. So this is no reason to lose faith in Bitcoin itself. It must be seen as a warning that not every website can be trusted with your data however! Their link is http://www.tradehill.com/?r=TH-R15683 (Note: You can remove the Referral Code when registering if you want!) This is certainly not the only website where you can exchange Bitcoins, als
5662 2011-06-20 17:29:33 <gmaxwell> Rather than suggesting 1 seonds and having someone argue for 250ms.
5663 2011-06-20 17:29:37 kish has joined
5664 2011-06-20 17:29:42 <WildSoil> Tradehill is somekind of scam site ?
5665 2011-06-20 17:29:55 <jgarzik> no
5666 2011-06-20 17:29:58 <mtrlt> dunno but they sure are annoying :p
5667 2011-06-20 17:30:04 <sipa> gmaxwell: i'm still arguing for 0.2s :)
5668 2011-06-20 17:30:05 <phantomcircuit> lol
5669 2011-06-20 17:30:10 <fujiwos> spam, not scam :)
5670 2011-06-20 17:30:11 <phantomcircuit> this is why you dont use referral codes
5671 2011-06-20 17:30:25 <gmaxwell> sipa: fine fine, make it 500ms. Point being you can take 500ms on only one send, while later ones are fast. And people who care about send speed will mostly have long running daemons.
5672 2011-06-20 17:30:28 <sivu> tradehill doesnt support sepa
5673 2011-06-20 17:30:33 <luke-jr> WildSoil: TradeHill voided the referral codes âº
5674 2011-06-20 17:30:42 <phantomcircuit> gmaxwell, pdbkb2jfjeiwhatevritis then a stream cipher
5675 2011-06-20 17:30:51 <sipa> gmaxwell: at each 'unlocking your wallet' step
5676 2011-06-20 17:30:58 <phantomcircuit> gmaxwell, shazam, expensive set followed by an endless stream of priv keys
5677 2011-06-20 17:31:06 <ionspin> gmaxwell, on first glance, i like your approach
5678 2011-06-20 17:31:09 <gmaxwell> sipa: no, see what I proposed?
5679 2011-06-20 17:31:14 <sipa> maybe not
5680 2011-06-20 17:31:31 <gmaxwell> sipa: split the streaching operation into two parts. One is very expensive and you save it in memory.
5681 2011-06-20 17:31:41 <sipa> right, sure
5682 2011-06-20 17:31:47 <gmaxwell> The other is cheap and you redo it every unlock.
5683 2011-06-20 17:31:53 <BlueMatt> gmaxwell: well that is no different than just a weaker algorithm in some cases. For the majority of cat wallet.dat | email stuff, yea its great, but the other attack to protect against is a bitcoind merchant-run server which never sends except on rare occasions and just accepts...if that were to be hacked, you would still be safe as long as you realize you've been hacked before you next send from it
5684 2011-06-20 17:31:53 <BlueMatt> gmaxwell: and in your suggestions, you might as well just use the weak algorithm for that case
5685 2011-06-20 17:31:54 <BlueMatt> hence...I disagree with that idea
5686 2011-06-20 17:31:54 <gmaxwell> 'cheap'
5687 2011-06-20 17:32:48 <gmaxwell> BlueMatt: meh. Pick the strongest EVP you can tolerate for all txn. Great. Say it's 10,000 iterations.
5688 2011-06-20 17:33:03 <sipa> 10000 sounds good
5689 2011-06-20 17:33:08 <sipa> time-based is also good
5690 2011-06-20 17:33:14 <sipa> sha512 is ok
5691 2011-06-20 17:33:19 <gmaxwell> BlueMatt: my proposal lets you make the first one 1,000,000 iterations. so it's strictly superior so long as you can wait a bit longer on the first one.
5692 2011-06-20 17:33:21 <sipa> scrypt is ok too, but maybe not now
5693 2011-06-20 17:33:30 danbri has joined
5694 2011-06-20 17:33:35 <sipa> i would avoid pure sha256 though
5695 2011-06-20 17:33:41 [Zusje] has quit (Quit: Leaving)
5696 2011-06-20 17:34:00 <ionspin> bcrypt should be slow. Is it slow and secure enough?
5697 2011-06-20 17:34:33 <BlueMatt> who the hell defaced the topic?
5698 2011-06-20 17:34:42 <gmaxwell> BlueMatt: I think it's reasonable to say that people can tolerate more iterations once per daemon launch then they can in every send.
5699 2011-06-20 17:34:51 TommyBoy3G has quit (Remote host closed the connection)
5700 2011-06-20 17:34:58 <gmaxwell> BlueMatt: so you put the most work in each of those that users can tolerate.
5701 2011-06-20 17:35:02 TommyBoy3G has joined
5702 2011-06-20 17:35:08 <sipa> BlueMatt: anyway, i'd say: add a version string/number/byte in there, and implement it now using EVP or whatever you like
5703 2011-06-20 17:35:16 <sipa> it's a detail
5704 2011-06-20 17:35:23 kish has quit (Ping timeout: 252 seconds)
5705 2011-06-20 17:35:24 dvide has quit ()
5706 2011-06-20 17:35:56 <BlueMatt> sipa: well, no matter how many people make "better" encryption algos, they wont be used much unless they are in main client, so main client needs to have the strongest algo for average people
5707 2011-06-20 17:36:24 karnac has joined
5708 2011-06-20 17:36:54 <sipa> sure, but if it can be changed easily in the future, i don't care if it's the "most likely very good, but not best" or "very best, but not that tested though"
5709 2011-06-20 17:37:14 <BlueMatt> gmaxwell: I would agree that people might tolerate more, but I just dont like the idea of doing a huge calc on first send because its only actually better in the cat wallet.dat | mail then brute force thing, which can be fought in better ways
5710 2011-06-20 17:37:18 SkiesAreRed has quit (Read error: Connection reset by peer)
5711 2011-06-20 17:37:43 <sipa> so, if could choose: the sha512 based function in the scratchoff patch, and run it for 0.2s, and store the number of iteration
5712 2011-06-20 17:37:46 <sipa> s
5713 2011-06-20 17:37:53 <emock> http://www.tarsnap.com/scrypt/scrypt-slides.pdf slide 6 is awesome
5714 2011-06-20 17:38:18 danbri has quit (Ping timeout: 252 seconds)
5715 2011-06-20 17:38:39 <sivu> hmm. so the transaction fee cannot be set per account?
5716 2011-06-20 17:38:57 <K_F> emock: :)
5717 2011-06-20 17:39:11 <BlueMatt> emock: xkcd is wonderful
5718 2011-06-20 17:39:15 denisx has quit (Quit: denisx)
5719 2011-06-20 17:39:30 <emock> yea, and I wish he'd have included the full URL on the slide
5720 2011-06-20 17:41:25 ZOP has quit (Read error: Connection reset by peer)
5721 2011-06-20 17:41:32 vorlov has quit (Quit: vorlov)
5722 2011-06-20 17:41:40 <K_F> emock: http://xkcd.com/538/
5723 2011-06-20 17:41:49 <pasky> How can I remove an account in bitcoind?
5724 2011-06-20 17:43:39 <sipa> ;;bc,blocks
5725 2011-06-20 17:43:41 <gribble> 132111
5726 2011-06-20 17:43:42 MetaV has joined
5727 2011-06-20 17:45:31 * BlueMatt feels really bad about how he handled gmaxwell's suggestion...though I disagree, it was rudely disagreed with...
5728 2011-06-20 17:45:53 xchatclient has joined
5729 2011-06-20 17:45:59 <gmaxwell> Don't worry about it.
5730 2011-06-20 17:45:59 <dD0T> gmaxwell: Only problem I see with that scheme is that you require the password on startup without actually wanting to use the keys
5731 2011-06-20 17:46:01 kish has joined
5732 2011-06-20 17:46:10 <gmaxwell> dD0T: Just defer until the first use.
5733 2011-06-20 17:46:15 molecular has joined
5734 2011-06-20 17:46:32 <dD0T> gmaxwell: Then you have the wait time before the first transaction per run which isn't to great a user experience either
5735 2011-06-20 17:46:47 <dD0T> gmaxwell: Though I guess whether it is a problem depends on the use-case
5736 2011-06-20 17:47:17 <gmaxwell> BlueMatt: sipa FWIW, jgarzik's function does 10833300 in 17.871 seconds for me.. or 606k iterations per second. And it's running sha256x2 and sha512 in every iteration.
5737 2011-06-20 17:47:20 <dD0T> e.g. does the normal user which does << 1 transaction per run care about a 1s delay before his transaction
5738 2011-06-20 17:47:34 <dD0T> I guess he wouldn't....
5739 2011-06-20 17:47:43 <gmaxwell> dD0T: maybe. But he cares less than someone who does hundreds of sends.
5740 2011-06-20 17:48:10 <BlueMatt> gmaxwell: cpu?
5741 2011-06-20 17:48:11 <dD0T> gmaxwell: Definitely.
5742 2011-06-20 17:48:11 dbasch has quit (Quit: dbasch)
5743 2011-06-20 17:48:17 <sipa> normal user experience rules say you should react within 0.1s, no?
5744 2011-06-20 17:48:22 <gmaxwell> BlueMatt: one core of
5745 2011-06-20 17:48:23 <gmaxwell> model name : Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
5746 2011-06-20 17:48:54 lyspooner has joined
5747 2011-06-20 17:49:54 <ionspin> supa: if i remember well 0.2 is not noticable, but i didnt pay much attention at UI class :/ i'll check
5748 2011-06-20 17:49:56 <ionspin> sipa*
5749 2011-06-20 17:50:09 <dD0T> sipa: Well. If it takes a while to aknowledge a password or seems busy after you entered it that might actually give a sense of security ;-) User experience is a strange business ;-)
5750 2011-06-20 17:50:15 vonnieda has left ()
5751 2011-06-20 17:50:27 <phantomcircuit> gmaxwell, just use a stream cipher...
5752 2011-06-20 17:51:29 <sipa> yeah, a nice animation of a lock being opened during 0.5s is a lot better than just stalling for 0.2s :)
5753 2011-06-20 17:51:54 <ionspin> sipa: ~0.1
5754 2011-06-20 17:52:49 <ionspin> dD0T, i agree, user should know that i takes time to decrypt his/her wallet access key
5755 2011-06-20 17:52:53 <gmaxwell> BlueMatt: in any case, I don't have that strong a preference for jgarzik's code vs evp. I think the EVP with seed. plus enough iteratons (e.g. more like 100k than 1k). Alsoâ with iteration count stored we could just make it configurable, and someone who needs high throughput sends can just set it to something small.
5756 2011-06-20 17:52:58 <ius> by the way, I do believe (as stated in the topic by others) that it's really important to think about the interface as well
5757 2011-06-20 17:53:08 <ionspin> and if using gmaxwell's method, a two different messages would be appropriate
5758 2011-06-20 17:53:10 <ius> Need to do everything to get the user to choose a secure password
5759 2011-06-20 17:53:38 TD has joined
5760 2011-06-20 17:53:46 <gmaxwell> ius: yea, this time would probably be better spent on anti-stupdity UI.
5761 2011-06-20 17:53:49 <ionspin> ius, i find this calculator nice http://askthegeek.us/pwd_meter/index.htm
5762 2011-06-20 17:53:55 <Cryo> then you will hear the bitching about forgotten password
5763 2011-06-20 17:54:07 <ionspin> ius, of course in a abridged version for this purpose
5764 2011-06-20 17:54:12 IO- has quit (Quit: changing servers)
5765 2011-06-20 17:54:24 soap has joined
5766 2011-06-20 17:54:24 soap has quit (Changing host)
5767 2011-06-20 17:54:24 soap has joined
5768 2011-06-20 17:54:33 <gmaxwell> Cryo: right, crypto shouldn't cause more loss due to forgetting than theft. That would suck.
5769 2011-06-20 17:54:39 <Cryo> I had $80M in my wallet and you made my password use characters I don't normally type and it's not my dog's name, and it's your fault!
5770 2011-06-20 17:54:41 <ius> Something has to be big, red, and perhaps even flashing (well scrap that) ;)
5771 2011-06-20 17:54:42 <ionspin> Cryo, i bitch when i lose paper money/wallet :)
5772 2011-06-20 17:54:57 <gmaxwell> Cyde: however, making passwords be at least 8 characters, for example, shouldn't screw too many people.
5773 2011-06-20 17:55:04 <ius> Cryo: Good, at least the funds are secure then
5774 2011-06-20 17:55:06 freakazoid has joined
5775 2011-06-20 17:55:18 <ionspin> gmaxwell: 88888888 :)
5776 2011-06-20 17:55:23 <Cryo> I'm not disagreeing, just pointing out the hell I go through with my own users who can't remember their passwords
5777 2011-06-20 17:55:29 <gmaxwell> ionspin: can't save everyone.
5778 2011-06-20 17:55:30 <sipa> gmaxwell: only reason i would not use EVP is the fact that it doesn't allow you to give time instead of iteration count
5779 2011-06-20 17:55:36 <ionspin> gmaxwell, yeah
5780 2011-06-20 17:55:42 <ius> gmaxwell: I wouldn't object to simply rejecting everything below a certain threshold, and bells & whistles if it's not complex
5781 2011-06-20 17:55:49 <Cryo> I have helpdesk tickets from a customer who can't even be bothered to look at their old tickets for the password they keep forgetting.
5782 2011-06-20 17:55:54 Geebus has quit (Away!b84c0259@gateway/web/freenode/ip.184.76.2.89|Ping timeout: 252 seconds)
5783 2011-06-20 17:55:55 <gmaxwell> sipa: measure it yourself then carry around the iteration count.
5784 2011-06-20 17:56:03 <ius> ionspin: Nice tool btw
5785 2011-06-20 17:56:10 BlueMatt has quit (Ping timeout: 264 seconds)
5786 2011-06-20 17:56:36 <ionspin> ius, simplified it could be a design model for a tool implemented into bitcoin
5787 2011-06-20 17:56:45 <K_F> ionspin: 3 x 8 less and you'd have a nick leeson error account :p
5788 2011-06-20 17:56:57 <ionspin> ius, but i think this is not an engineering prolem, but a psyhological problem
5789 2011-06-20 17:57:14 <dD0T> gmaxwell: Call it a passphrase instead and give the user some examples how they could derive theirs. Though I'm not sure the average user wouldn't be intimidated by that...I'm sure someone looked into that before....
5790 2011-06-20 17:57:16 <gmaxwell> sipa: on new password set you run 10k iterations of evp, time it, convert to number of iterations for $acceptable_time, clamp that (1000,1000000]. Done.
5791 2011-06-20 17:57:18 <phantomcircuit> sha256*sha512*1million(email+password) ->
5792 2011-06-20 17:57:32 robin has joined
5793 2011-06-20 17:57:40 <sipa> 21.28s for 10M iterations here
5794 2011-06-20 17:57:42 freakazoid has quit (Remote host closed the connection)
5795 2011-06-20 17:57:44 <ius> Reminder: http://onlyonetv.com/?page_id=178 supposed to have fresh MtGox compromise details
5796 2011-06-20 17:57:45 IO- has joined
5797 2011-06-20 17:57:52 freakazoid has joined
5798 2011-06-20 17:58:01 robin is now known as Guest80059
5799 2011-06-20 17:58:03 <sipa> = 47k iterations for 0.1s
5800 2011-06-20 17:58:24 <Cryo> still not as amusing as "Does your mouse have a red light on the bottom of it?" "yes." "Ok, turn your mouse over and run the light over your eyeball, and you'll be able to login."
5801 2011-06-20 17:58:25 <ius> dD0T: I agree, passphrase sounds more elaborate/important
5802 2011-06-20 17:58:37 <ius> ;)
5803 2011-06-20 17:58:48 <gmaxwell> sipa: yea, the EVP should be much faster too.. thats why I was flipping out at 1000 iterations.
5804 2011-06-20 17:58:51 <ionspin> hmmm, how about hash(salt, bcrypt(password,Dna()) Dna = someone comes at your door takes a blood sample for dna sequencing. :P
5805 2011-06-20 17:59:00 <ionspin> damn those 99.something DNA test accuracy!
5806 2011-06-20 17:59:02 galaxyAbstractor has quit (Read error: Connection reset by peer)
5807 2011-06-20 17:59:12 <Cryo> bcrypt vs scrypt still?
5808 2011-06-20 17:59:13 tixtax has quit (Quit: Page closed)
5809 2011-06-20 17:59:38 <ionspin> Cryo, im just using bcrypt as an example, i have to look into scrypt first :)
5810 2011-06-20 17:59:48 <Cryo> only if the person can use an icepick to extract it from your forehead.
5811 2011-06-20 17:59:59 <dD0T> ius: The ticking on that stream/page drives me nuts....
5812 2011-06-20 18:00:14 <ionspin> Cryo: but this is a nice sha512 vs bcrypt answer on stackover.. http://stackoverflow.com/questions/1561174/sha512-vs-blowfish-and-bcrypt
5813 2011-06-20 18:00:15 <K_F> dD0T: you can turn off the sound in bottom right of chat
5814 2011-06-20 18:00:26 galaxyAbstractor has joined
5815 2011-06-20 18:00:28 <gmaxwell> ionspin: we're not talking about "sha512" in any case.
5816 2011-06-20 18:00:37 <dD0T> K_F: Ahhh. Didn't see that. Small screen ;-)
5817 2011-06-20 18:00:37 <ionspin> ok
5818 2011-06-20 18:00:52 <phantomcircuit> gmaxwell, in all seriousness using sha512 iterations to basically create our own stream cipher is not a good idea
5819 2011-06-20 18:00:55 <gmaxwell> ionspin: we're talking about an iterated hash for the same reasons that bcrypt is good.
5820 2011-06-20 18:01:24 galaxyAbstractor has quit (Read error: Connection reset by peer)
5821 2011-06-20 18:01:48 <gmaxwell> phantomcircuit: Yes, I never argued for that. I only benched jeff's code because it was easy to rip out and bench, and on my screen already. :)
5822 2011-06-20 18:02:09 ionspin has quit (Read error: Operation timed out)
5823 2011-06-20 18:02:21 bulletbill has joined
5824 2011-06-20 18:02:43 galaxyAbstractor has joined
5825 2011-06-20 18:02:53 <phantomcircuit> gmaxwell, lol
5826 2011-06-20 18:03:14 galaxyAbstractor has quit (Remote host closed the connection)
5827 2011-06-20 18:03:24 BlueMatt has joined
5828 2011-06-20 18:03:27 <phantomcircuit> gmaxwell, btw the only proper stream cipher that's currently available is aes-256-ctr with known plain text
5829 2011-06-20 18:03:35 <gmaxwell> phantomcircuit: my arguments have been: to salt the stretching (which will happen now), to use scrypt for (gpu/hardware attack resistance) which is not going to happen now, and to up the stretching iteation count.
5830 2011-06-20 18:04:17 <phantomcircuit> well with actual scratch offs that's easy to implement in the scratch off itself
5831 2011-06-20 18:04:18 <gmaxwell> phantomcircuit: there are well established special functions for key stretching, e.g. PBKDF2 (which I think EVP is basically equal to).
5832 2011-06-20 18:04:21 <phantomcircuit> which afaict it is
5833 2011-06-20 18:04:41 <jrmithdobbs> midnightmagic: i've known about them longer
5834 2011-06-20 18:04:42 stuhood has joined
5835 2011-06-20 18:04:49 stuhood has left ()
5836 2011-06-20 18:04:49 <jrmithdobbs> midnightmagic: but was waiting for them to actually show up on google
5837 2011-06-20 18:04:52 redshark1802 has joined
5838 2011-06-20 18:04:57 <gmaxwell> phantomcircuit: yea, topic of discussion was wallet crypto the scratch off just got brought up as another example.
5839 2011-06-20 18:05:29 <jrmithdobbs> midnightmagic: (went to lunch) and knew about the general contents of them before i saw the logs themselves
5840 2011-06-20 18:05:36 xtalmath has joined
5841 2011-06-20 18:05:38 bulletbill has left ()
5842 2011-06-20 18:05:46 <phantomcircuit> gmaxwell, i still think that PBKDF2(email+password) as the key for a stream cipher is the proper way to go
5843 2011-06-20 18:05:48 bgupta__ has joined
5844 2011-06-20 18:05:50 ionspin has joined
5845 2011-06-20 18:05:54 <jrmithdobbs> midnightmagic: i think my harshness is a little bit more understandable in light of that, eh?
5846 2011-06-20 18:05:55 galaxyAbstractor has joined
5847 2011-06-20 18:06:01 bgupta__ has quit (Client Quit)
5848 2011-06-20 18:06:18 Obehsh has quit (Remote host closed the connection)
5849 2011-06-20 18:06:21 <gmaxwell> phantomcircuit: what, to generate all keys? Thats yucky.
5850 2011-06-20 18:06:29 torsthaldo has joined
5851 2011-06-20 18:06:39 <xtalmath> can I connect my bitcoin client simultaneously through tor proxy and through transparent normal internet?
5852 2011-06-20 18:06:57 <gmaxwell> phantomcircuit: if we had that today I, er I mean evil-gmaxwell, would have owned up dozens of wallets after the mtgox hack.
5853 2011-06-20 18:07:17 hahuang65 has joined
5854 2011-06-20 18:07:21 <phantomcircuit> gmaxwell, it's beautiful, assuming users aren't fucktarded
5855 2011-06-20 18:07:23 <phantomcircuit> ;)
5856 2011-06-20 18:07:34 hahuang65 has quit (Client Quit)
5857 2011-06-20 18:07:38 galaxyAbstractor has quit (Read error: Connection reset by peer)
5858 2011-06-20 18:07:41 flok has quit (Quit: ZNC - http://znc.sourceforge.net)
5859 2011-06-20 18:07:47 <gmaxwell> phantomcircuit: bad assumption, come onâ you know lots of people would use the same password on mtgox.
5860 2011-06-20 18:07:49 torsthaldo_ has quit (Ping timeout: 258 seconds)
5861 2011-06-20 18:07:55 <xtalmath> I think we all saw it coming what happened to mt gox...
5862 2011-06-20 18:07:58 <gmaxwell> phantomcircuit: and their email addresses were right there.
5863 2011-06-20 18:07:59 <phantomcircuit> gmaxwell, sure but i wouldn't
5864 2011-06-20 18:08:03 <sipa> phantomcircuit: a work of art - flawless, sublime, equalled only by its monumental failure?
5865 2011-06-20 18:08:17 <phantomcircuit> and it would be nice peace of mind for me knowing that i can only lose my coins if i become a vegetable
5866 2011-06-20 18:08:21 <phantomcircuit> and then who cares? :P
5867 2011-06-20 18:08:23 <gmaxwell> phantomcircuit: yea great, so bitcoin gets horible press when lots of people lose all their coin. Not good for you either.
5868 2011-06-20 18:08:48 Clipse has quit (Read error: Connection reset by peer)
5869 2011-06-20 18:08:51 <gmaxwell> phantomcircuit: whereas if you add 128 bytes of $STORED_RANDOM to your above formula then it's trivial to backup, so you still won't lose it.
5870 2011-06-20 18:08:56 <phantomcircuit> yeah i guess it would have to be well hidden and default to generating a key
5871 2011-06-20 18:08:59 <phantomcircuit> er
5872 2011-06-20 18:09:00 freakazoid has quit (Quit: Computer has gone to sleep.)
5873 2011-06-20 18:09:02 <phantomcircuit> generating a key file
5874 2011-06-20 18:09:06 <xtalmath> So can a normal standard bitcoin client connect through vidalia/tor and openly through normal net connection? if not, who relays blocks from one domain to the other?
5875 2011-06-20 18:09:17 <gmaxwell> phantomcircuit: http://forum.bitcoin.org/index.php?topic=19137.0 < see that
5876 2011-06-20 18:09:28 <phantomcircuit> xtalmath, yes if you setup a proxy with tor
5877 2011-06-20 18:09:37 <gmaxwell> xtalmath: you can make it go if you setup a proxy and addnode the proxy.
5878 2011-06-20 18:09:46 <xtalmath> the fact that I am getting the blocks behind tor means there must be a bridge, but can any client be setup as a bridge and how?
5879 2011-06-20 18:09:49 <phantomcircuit> all i see is a loading bar
5880 2011-06-20 18:09:49 <phantomcircuit> :P
5881 2011-06-20 18:10:00 flok has joined
5882 2011-06-20 18:10:26 <gmaxwell> xtalmath: when you run a client behind tor you're connecting to bitcoin nodes on the public internet
5883 2011-06-20 18:10:27 <xtalmath> but the menu lets you *toggle* between proxy or no proxy, I dont see how to have both at same time...
5884 2011-06-20 18:10:39 <gmaxwell> (via tor)
5885 2011-06-20 18:10:47 <xtalmath> or will addnode= nontoradress ip still work behind tor
5886 2011-06-20 18:10:49 <gmaxwell> Bitcoin doesn't yet support connecting to tor hidden services.
5887 2011-06-20 18:10:51 <midnightmagic> jrmithdobbs: those logs are pretty brutal.. they're hinting at some relationships that I have no knowledge of, and there is some pretty nasty (IMO unnecessary) posturing going on too that's hard to read through.
5888 2011-06-20 18:10:53 echelon_ is now known as echelon
5889 2011-06-20 18:11:07 <phantomcircuit> midnightmagic, what logs?
5890 2011-06-20 18:11:12 <xtalmath> gmaxwell: I connect to a tor adress with my client
5891 2011-06-20 18:11:26 <gmaxwell> xtalmath: What?
5892 2011-06-20 18:11:37 <phantomcircuit> jrmithdobbs, same question, what logs?
5893 2011-06-20 18:11:43 <gmaxwell> xtalmath: you're just telling it to use tor as a proxy. It's still connecting to the public internet.
5894 2011-06-20 18:11:47 <xtalmath> i.e. I dont give any ip just ./bitcoin -proxy=127.0.0.1:9050 -addnode=iy6ni3wkqazp4ytu.onion
5895 2011-06-20 18:11:52 <midnightmagic> phantomcircuit: jrmithdobbs found some pastebins of #bitcoin-backroom which I'm *guessing* were released by genjix
5896 2011-06-20 18:11:55 <CIA-103> bitcoin:� Pieter Wuille� master� * r98705aa� �/ (src/keystore.h src/script.cpp src/wallet.cpp src/wallet.h):�
5897 2011-06-20 18:11:55 <CIA-103> bitcoin:� Bugfixes walletclass
5898 2011-06-20 18:11:55 <CIA-103> bitcoin:� Some problems found by ius:
5899 2011-06-20 18:11:55 <CIA-103> bitcoin:� * compiler complains with no return after critical section block
5900 2011-06-20 18:11:55 <CIA-103> bitcoin:� * CKeyStore::GetPrivKey(key) was undefined for unknown key
5901 2011-06-20 18:11:55 <CIA-103> bitcoin:� * missing return statement in GetChange() - http://bit.ly/mxnMDX
5902 2011-06-20 18:11:56 <CIA-103> bitcoin:� Pieter Wuille� master� * r1179257� �/ (src/keystore.h src/script.cpp src/wallet.cpp src/wallet.h):�
5903 2011-06-20 18:11:56 <CIA-103> bitcoin:� Merge pull request #334 from sipa/walletclass
5904 2011-06-20 18:11:56 sabalaba has joined
5905 2011-06-20 18:11:57 <CIA-103> bitcoin:� Bugfixes walletclass - http://bit.ly/kh2TwK
5906 2011-06-20 18:12:18 <phantomcircuit> midnightmagic, link?
5907 2011-06-20 18:12:20 <xtalmath> (and my bitcoin.conf doesnt have other addnode ips in it)
5908 2011-06-20 18:12:38 <jrmithdobbs> 11:58 < jrmithdobbs> midnightmagic: http://pastebin.com/8utWDqaY
5909 2011-06-20 18:12:39 <jrmithdobbs> 11:58 < jrmithdobbs> midnightmagic: http://pastebin.com/vr36QvX0
5910 2011-06-20 18:12:43 <jrmithdobbs> those
5911 2011-06-20 18:13:18 <gmaxwell> xtalmath: yes, and it happily learns about and connects to bitcoin on the public internet (via tor)
5912 2011-06-20 18:13:27 TommyBoy3G has quit ()
5913 2011-06-20 18:13:32 <jrmithdobbs> midnightmagic: i have no idea who put them up there, they show up on googles for site:pastebin.com magicaltux *shrug*
5914 2011-06-20 18:13:41 djgriffiths has joined
5915 2011-06-20 18:13:45 <xtalmath> gmaxwell: how does it do that if I dont supply an ip adress? it connects to irc through tor?
5916 2011-06-20 18:14:08 <xtalmath> or it learns it from the onion adress node?
5917 2011-06-20 18:14:12 <xtalmath> which?
5918 2011-06-20 18:14:35 <jrmithdobbs> midnightmagic: and yes there's quite a bit of hyperventilating in them but the interesting parts to me are tux's lack of responses and obvious misunderstanding of both the vulns in his site and pgp
5919 2011-06-20 18:14:53 <jrmithdobbs> and his backpedaling from "I read every email!!!11111one" to "oh i didn't bother to read that email because it was encrypted"
5920 2011-06-20 18:15:13 TommyBoy3G has joined
5921 2011-06-20 18:15:15 <gmaxwell> 18:57 < MagicalTux> he got the database yesterday
5922 2011-06-20 18:15:23 <gmaxwell> ^ wow, well we know that isn't true.
5923 2011-06-20 18:15:30 <jrmithdobbs> yup
5924 2011-06-20 18:15:33 <phantomcircuit> jrmithdobbs, midnightmagic one of those is obviously not irc
5925 2011-06-20 18:16:00 <sipa> BlueMatt: i made a little change to keystore.h - HaveKey() is now for checking whether we own a key (so it should return true for a key that you have in encrypted form), and GetPrivKey is for retrieving it (which should fail for your own keys, if you don't have the passphrase)
5926 2011-06-20 18:16:05 <gmaxwell> xtalmath: bitcoin nodes forward IPs of other nodes.
5927 2011-06-20 18:16:10 <jrmithdobbs> phantomcircuit: i'm not going to speculate on their source but the combination of the two make it fairly unlikely that either was fabricated in full
5928 2011-06-20 18:16:11 <ionspin> bitcoinj is backed by google?
5929 2011-06-20 18:16:25 <xtalmath> gmaxwell: and also tor adresses of other nodes?
5930 2011-06-20 18:16:28 <phantomcircuit> jrmithdobbs, neither of those appears to be fabricated at all
5931 2011-06-20 18:16:29 <xelister> ionspin: google did written some java app for bitcoin thing
5932 2011-06-20 18:16:30 <gmaxwell> ionspin: no, it's just a personal project of someone who happens to know there.
5933 2011-06-20 18:16:32 dbasch has joined
5934 2011-06-20 18:16:32 guest9 has joined
5935 2011-06-20 18:16:35 <jrmithdobbs> phantomcircuit: agreed.
5936 2011-06-20 18:16:41 <gmaxwell> xtalmath: no, I don't believe it can forward onion addresses.
5937 2011-06-20 18:16:49 <ionspin> oh
5938 2011-06-20 18:16:53 <gmaxwell> (in fact, I'm pretty sure it can't)
5939 2011-06-20 18:16:54 <jrmithdobbs> phantomcircuit: you'd be a more reliable source n that since you're in both iirc
5940 2011-06-20 18:16:56 <phantomcircuit> i would really like to know the address of the stolen btc from mtgox so i can trace any user who tries to send it to britcoin
5941 2011-06-20 18:17:04 <phantomcircuit> but so far i haven't gotten an answer to my question
5942 2011-06-20 18:17:11 <ius> Who is Kevin? :)
5943 2011-06-20 18:17:17 <Georgyo> gmaxwell: xtalmath: Yea, I doubt it can forward onion addresses
5944 2011-06-20 18:17:18 darnold has quit (Quit: Lost terminal)
5945 2011-06-20 18:17:25 <jrmithdobbs> phantomcircuit: tux, to my knowledge, still hasn't even done anything to publically prove he's still in possession of the coins
5946 2011-06-20 18:17:34 <jrmithdobbs> phantomcircuit: and ignores all such requests
5947 2011-06-20 18:17:43 djsxxx has joined
5948 2011-06-20 18:17:45 <gmaxwell> It should gain the ability to do that, and also be smart enough to use tor for .onions even if the node isn't mostly using tor.
5949 2011-06-20 18:18:04 <djsxxx> agh so much spam mail!! check out the latest - http://pastebin.com/UqMsJMSp
5950 2011-06-20 18:18:08 pharno has quit (Read error: Connection reset by peer)
5951 2011-06-20 18:18:09 <phantomcircuit> gmaxwell, p2p protocol would need to be extended to support hostnames in addr
5952 2011-06-20 18:18:33 <gmaxwell> phantomcircuit: v6 too...
5953 2011-06-20 18:18:41 <jrmithdobbs> gmaxwell: already has padding to support v6
5954 2011-06-20 18:19:06 <gmaxwell> oh then we could be awful and pack onions into it.
5955 2011-06-20 18:19:07 <jrmithdobbs> gmaxwell: v4 addresses are actually stored as ipv6->ipv4 mapped space
5956 2011-06-20 18:19:11 <gmaxwell> because they are only 80 bits.
5957 2011-06-20 18:19:13 <jrmithdobbs> gmaxwell: believe it or not
5958 2011-06-20 18:19:13 <BlueMatt> jrmithdobbs: wow those logs are sooo shady, Im sorry but xelister is very wrong in this case
5959 2011-06-20 18:19:21 <BlueMatt> afaict, mt is right there
5960 2011-06-20 18:19:34 <phantomcircuit> gmaxwell, it actually does support v6 already
5961 2011-06-20 18:19:50 <phantomcircuit> gmaxwell, ipv4 addresses are actually sent over p2p as ipv6 mapped ipv4
5962 2011-06-20 18:19:54 <jrmithdobbs> gmaxwell: none of the rest of the code supports it but at least the protocol has that in mind
5963 2011-06-20 18:20:01 <gmaxwell> phantomcircuit: then it could support onion via hideous hack, map them into v6
5964 2011-06-20 18:20:29 Leo_II has quit (Remote host closed the connection)
5965 2011-06-20 18:20:32 <phantomcircuit> the onion namespace is too large iirc
5966 2011-06-20 18:20:34 <xtalmath> if tux is in possession he could simply sign a message with the key of the adress holding the coins...
5967 2011-06-20 18:20:36 <gmaxwell> it's 80 bits.
5968 2011-06-20 18:20:46 Leo_II has joined
5969 2011-06-20 18:20:52 <jrmithdobbs> xtalmath: and keeps refusing to do so.
5970 2011-06-20 18:20:54 <phantomcircuit> oh then it would fit nicely
5971 2011-06-20 18:21:26 <gmaxwell> phantomcircuit: see onioncat
5972 2011-06-20 18:21:29 <jrmithdobbs> could just pack them as link-local addresses
5973 2011-06-20 18:21:30 IoWn3rU has joined
5974 2011-06-20 18:21:41 <jrmithdobbs> since it shouldn't ever bei broadcasting real link-locals
5975 2011-06-20 18:21:44 <gmaxwell> phantomcircuit: www.cypherpunk.at/ocat/download/Docs/ocat_petcon09_main.pdf
5976 2011-06-20 18:21:45 <xtalmath> so did allinvain, even if it didnt prove his coins were stolen, it would eliminate the possibility of attentionseeker flashing cash
5977 2011-06-20 18:21:54 purrr has joined
5978 2011-06-20 18:22:26 <BlueMatt> xtalmath: really? why does it seem like everyone is insane over mtgox?
5979 2011-06-20 18:22:34 <devon_hillard> any news on the magic-the-gathering-exchange :)
5980 2011-06-20 18:22:44 <Joric> haha magic
5981 2011-06-20 18:22:48 <xelister> BlueMatt: hm? where am I wrong?
5982 2011-06-20 18:22:49 <BlueMatt> who actually believes someone broke into his bitcoind and stole his bitcoins
5983 2011-06-20 18:22:52 <BlueMatt> I mean come on?
5984 2011-06-20 18:23:00 <xtalmath> some opensource tools for exchange would be nice, I also always distrusted how he produces his values for the graphs, its easy to manipulate buy sell behaviour if you can draw curves going up and down...
5985 2011-06-20 18:23:07 <jrmithdobbs> BlueMatt: i'm not willing to discount the idea completely.
5986 2011-06-20 18:23:07 <BlueMatt> xelister: sorry, not you genjix
5987 2011-06-20 18:23:16 <gmaxwell> jrmithdobbs: link local would good. I'm not sure where onion cat got their prefix.
5988 2011-06-20 18:23:32 <gmaxwell> BlueMatt: people have been claiming this and pointing to all kinds of random transactios.
5989 2011-06-20 18:23:33 <BlueMatt> jrmithdobbs: really??? wtf man
5990 2011-06-20 18:23:37 <jrmithdobbs> BlueMatt: because everything he's stated publically so far that *can* be verified has shown to be verifiably FALSE
5991 2011-06-20 18:23:41 * xelister demands of BlueMatt a retributtion of 10 BTC's worth, at @ 0.01, as bankwire >_>
5992 2011-06-20 18:23:56 <jrmithdobbs> BlueMatt: it was not *one compromised account*, the db dump *did not only occur yesterday*, etc
5993 2011-06-20 18:23:59 <jrmithdobbs> err saturday
5994 2011-06-20 18:24:14 <jrmithdobbs> BlueMatt: there HAVE been sqli exploits in mtgox
5995 2011-06-20 18:24:21 <xtalmath> in theory a fast fifo blockchain of bids and asks, where investors can see the open market, and everyone can run his own formulas to deduce values...
5996 2011-06-20 18:24:22 <jrmithdobbs> BlueMatt: the csrf WAS exploited
5997 2011-06-20 18:24:24 <jrmithdobbs> BlueMatt: etc
5998 2011-06-20 18:24:27 <nathan7> Okay, I'm very annoyed
5999 2011-06-20 18:24:29 <xelister> jrmithdobbs: was not not the auditor guy?
6000 2011-06-20 18:24:31 sabalaba has quit (Ping timeout: 252 seconds)
6001 2011-06-20 18:24:35 <BlueMatt> jrmithdobbs: well just reading those logs I dont believe you yet
6002 2011-06-20 18:24:38 <jrmithdobbs> xelister: that cannot be verified
6003 2011-06-20 18:24:38 <xelister> the auditor that leaked the database he was auditing....
6004 2011-06-20 18:24:46 <xelister> hey perhaps someone should had audited that auditor first!
6005 2011-06-20 18:24:48 <BlueMatt> jrmithdobbs: nor can anything you are currently saying?
6006 2011-06-20 18:24:49 <xelister> :o
6007 2011-06-20 18:24:55 <nathan7> This scam email is going too far
6008 2011-06-20 18:25:12 <jrmithdobbs> BlueMatt: we have forum posts of some of the hashes from before tux says the db dump occurred
6009 2011-06-20 18:25:12 Guest80059 has quit (Read error: Connection reset by peer)
6010 2011-06-20 18:25:36 djgriffiths has quit (Ping timeout: 252 seconds)
6011 2011-06-20 18:25:36 <gmaxwell> nathan7: which one?
6012 2011-06-20 18:25:43 <jrmithdobbs> BlueMatt: ius confirms an sqli was reported and patched on the 16th
6013 2011-06-20 18:25:47 <Cryo> just look at it as damage control
6014 2011-06-20 18:25:50 <jrmithdobbs> (he was the reporter)
6015 2011-06-20 18:25:56 <nathan7> gmaxwell: The one that claims that there is a program that can duplicate coins
6016 2011-06-20 18:26:04 <Cryo> information changes as more is learned, but doesn't mean it's updated quickly
6017 2011-06-20 18:26:08 <nathan7> gmaxwell: And then links you to a program that presumably steals your wallet
6018 2011-06-20 18:26:11 <jrmithdobbs> BlueMatt: the rash of stolen funds over the last week is a fairly strong indication that the csrf WAS exploited
6019 2011-06-20 18:26:16 galaxyAbstractor has joined
6020 2011-06-20 18:26:21 <jrmithdobbs> BlueMatt: there's enough to cast doubt if not prove
6021 2011-06-20 18:26:22 <gmaxwell> nathan7: yea, like that one?
6022 2011-06-20 18:26:29 <BlueMattBot> Project Bitcoin build #60: STILL FAILING in 10 min: http://www.bluematt.me/jenkins/job/Bitcoin/60/
6023 2011-06-20 18:26:30 <BlueMattBot> pieter.wuille: Bugfixes walletclass
6024 2011-06-20 18:26:36 <gmaxwell> nathan7: it's really cool that there is one that modified your wallet so it looks like you have extra coins.
6025 2011-06-20 18:26:49 <jrmithdobbs> BlueMatt: and tux is not willingly providing the simple information that would disprove all of this
6026 2011-06-20 18:26:50 flok has quit (Quit: ZNC - http://znc.sourceforge.net)
6027 2011-06-20 18:26:51 <gmaxwell> nathan7: while simultaniously stealing your wallet and your password caches.
6028 2011-06-20 18:26:51 <nathan7> gmaxwell: I don't know, I guess I should get on the mtgox scamming bandwagon q=
6029 2011-06-20 18:27:00 <nathan7> That's.. nice
6030 2011-06-20 18:27:06 <nathan7> That's really well done
6031 2011-06-20 18:27:12 <gmaxwell> nathan7: that existed prior to mtgox too.
6032 2011-06-20 18:27:17 <jrmithdobbs> BlueMatt: which would be in his best interest. the culmination of all of that makes the whole situation VERY fishy.
6033 2011-06-20 18:27:42 <Joric> allivain lost $500k bitcoins, ~10m$ overall at the moment... bummer
6034 2011-06-20 18:27:49 <xtalmath> perhaps allinvain decided to take the law in his own hands?
6035 2011-06-20 18:27:51 <xtalmath> jk
6036 2011-06-20 18:27:52 DrewSJ is now known as SecretSJ
6037 2011-06-20 18:27:55 <sipa> BlueMatt: i can't access your jenkins
6038 2011-06-20 18:27:59 <bobke> he lost 25k bitcoins
6039 2011-06-20 18:28:11 <sipa> BlueMatt: and afaics building works
6040 2011-06-20 18:28:12 <nathan7> *where* is that database?
6041 2011-06-20 18:28:13 <bobke> which at the time was 500k $
6042 2011-06-20 18:28:14 <Joric> sorry really
6043 2011-06-20 18:28:15 <bobke> no?
6044 2011-06-20 18:28:17 <Joric> yeah
6045 2011-06-20 18:28:23 <Cryo> man, every fricking time someone talks about allinvain, the number changes.
6046 2011-06-20 18:28:25 <nathan7> I forgot what password I used for mtgox
6047 2011-06-20 18:28:27 <JFK911> the kind of evidence that jrmithdobbs has led me to conclusively identify the buttcoin guy as jrmithdobbs.
6048 2011-06-20 18:28:37 purrr has quit (Quit: Page closed)
6049 2011-06-20 18:28:37 <xelister> bobke: no
6050 2011-06-20 18:28:42 <xelister> Cryo: well,
6051 2011-06-20 18:28:46 <xtalmath> the only number we should look at is the BTC... exchanging to USD is pure speculation
6052 2011-06-20 18:28:47 <jrmithdobbs> JFK911: nope
6053 2011-06-20 18:28:51 BlueMatt has quit (Ping timeout: 240 seconds)
6054 2011-06-20 18:28:52 <jrmithdobbs> JFK911: verifiably false.
6055 2011-06-20 18:28:56 <xelister> last time allinvain was here on IRC afair he claimed 40,000 was stolen?
6056 2011-06-20 18:28:57 robin has joined
6057 2011-06-20 18:28:59 yorick has joined
6058 2011-06-20 18:29:05 <jrmithdobbs> JFK911: i signed my full disclosure email about clearcoin with my name and gpg key
6059 2011-06-20 18:29:14 flok has joined
6060 2011-06-20 18:29:17 <jrmithdobbs> JFK911: you can verify with whois data on the domain i'm irc'ing from.
6061 2011-06-20 18:29:18 <xelister> no ,wait
6062 2011-06-20 18:29:23 robin is now known as Guest84052
6063 2011-06-20 18:29:31 <Cryo> you could be an imposter.
6064 2011-06-20 18:29:34 <bobke> A user with the handle allinvain found 25,000 BitCoins had been stolen. If the thief were to cash out, he or she would net just about $500,000 at current BitCoin-U.S. dollar exchange rates.
6065 2011-06-20 18:29:38 <jrmithdobbs> JFK911: can't dox me if I dox myself.
6066 2011-06-20 18:29:39 <JFK911> jrmithdobbs: what does that prove about you not being buttcoin
6067 2011-06-20 18:29:40 <xelister> [Tuesday, June 14, 2011] [01:22:54 |am] 25000 <-- allinvain. bobke, Cryo he did in fact said 25k
6068 2011-06-20 18:30:13 BlueMatt has joined
6069 2011-06-20 18:30:19 <Cryo> u hv been d0xed
6070 2011-06-20 18:30:20 <xtalmath> bobke: it could easily be worth more or less, but btc stays btc
6071 2011-06-20 18:30:20 <sipa> BlueMatt: i can't access your jenkins
6072 2011-06-20 18:30:22 <jrmithdobbs> JFK911: think what you will but you have no proof because it's not true.
6073 2011-06-20 18:30:22 knightrage has quit (Ping timeout: 264 seconds)
6074 2011-06-20 18:30:26 <sipa> BlueMatt: and afaics building works
6075 2011-06-20 18:30:29 <BlueMatt> jrmithdobbs: I certainly dont see them
6076 2011-06-20 18:30:30 <bobke> that's why i said 25k btc
6077 2011-06-20 18:30:35 <jrmithdobbs> BlueMatt: ?
6078 2011-06-20 18:30:41 <BlueMatt> sipa: thats because the dns is down as hell (dont ask) try bluemattns.homelinux.com
6079 2011-06-20 18:30:47 rmah has joined
6080 2011-06-20 18:30:51 <bobke> this channel might be too fast for you guys to follow...
6081 2011-06-20 18:30:52 <bobke> lol
6082 2011-06-20 18:30:55 <BlueMatt> <jrmithdobbs> BlueMatt: we have forum posts of some of the hashes from before tux says the db dump occurred
6083 2011-06-20 18:30:55 relix has joined
6084 2011-06-20 18:30:57 wlfsbrg has joined
6085 2011-06-20 18:31:03 galaxyAbstractor has quit (Read error: Connection reset by peer)
6086 2011-06-20 18:31:05 <jrmithdobbs> BlueMatt: not on the bitcoin forums
6087 2011-06-20 18:31:13 LobsterMan has quit (Remote host closed the connection)
6088 2011-06-20 18:31:14 <jrmithdobbs> BlueMatt: uid 17 iirc search for it's hash
6089 2011-06-20 18:31:18 Guest84052 is now known as _robin_
6090 2011-06-20 18:31:24 <xtalmath> who released the db dump anyway? the thief or tux? neither makes sense
6091 2011-06-20 18:31:28 <BTCTrader> anyone else notice bitcoinplus.com is no longer generating coins?
6092 2011-06-20 18:31:44 da2ce7 has joined
6093 2011-06-20 18:31:44 <BlueMatt> jrmithdobbs: that doesnt mean at all that the db was hacked...one user
6094 2011-06-20 18:31:45 <ius> BlueMatt: http://forum.insidepro.com/viewtopic.php?p=65015&highlight=&sid=a15a5e9e2e184c0e025e138d42d33787#65015
6095 2011-06-20 18:31:46 <jrmithdobbs> BlueMatt: and you missed the 5-6 lines after that explaining that it was the culmination, not any single thing, that makes me suspicios
6096 2011-06-20 18:31:57 <nathan7> So, wait, the passwords *were* hashed?
6097 2011-06-20 18:32:05 burp_ has left ()
6098 2011-06-20 18:32:09 <jrmithdobbs> xtalmath: exactly.
6099 2011-06-20 18:32:10 <gmaxwell> nathan7: yes. Why did you think otherwise?
6100 2011-06-20 18:32:18 wlfsbrg has left ("Leaving")
6101 2011-06-20 18:32:18 <ius> BlueMatt: One user, all users? Doesn't matter much if the hash was obviously taken from a database
6102 2011-06-20 18:32:26 galaxyAbstractor has joined
6103 2011-06-20 18:32:30 <gmaxwell> nathan7: most using FreeBSD crypt_md5 which is reasonable secure.
6104 2011-06-20 18:32:34 <BlueMatt> ius: not if the hash in question is an old unsalted one
6105 2011-06-20 18:32:39 <ius> Unless you'd like to suggest the pw was phished, then hashed and posted for others to crack ;)
6106 2011-06-20 18:32:47 <sipa> BlueMatt: http://bluemattns.homelinux.com/jenkins/job/Bitcoin/60/console ... any idea what happened?
6107 2011-06-20 18:32:53 <ius> BlueMatt: Why?
6108 2011-06-20 18:32:53 <nathan7> gmaxwell: A little poking around on the internet learns you that hashed passwords aren't as common as you'd hope
6109 2011-06-20 18:32:58 <BlueMatt> BlueMattBot: status Bitcoin
6110 2011-06-20 18:32:58 <BlueMattBot> Bitcoin: last build: 60 (16 min ago): FAILURE: http://www.bluematt.me/jenkins/job/Bitcoin/60/
6111 2011-06-20 18:33:01 jsnyder has quit (Ping timeout: 240 seconds)
6112 2011-06-20 18:33:12 <jrmithdobbs> BlueMatt: what i said when your internet was screwy was that his lieing about there never being an sqli in mtgox, lieing about csrf being exploited, refusing to sign something to prove he is still in posession of the coins, and refusing to address any of the previously discussed issues publically adds up to something VERY fishy.
6113 2011-06-20 18:33:33 <gmaxwell> jrmithdobbs: incorrect or lying about when the passwords were originally obtained.
6114 2011-06-20 18:33:48 <jrmithdobbs> gmaxwell: ya that too
6115 2011-06-20 18:33:53 _robin_ is now known as __robin__
6116 2011-06-20 18:34:22 knightrage has joined
6117 2011-06-20 18:34:26 <JFK911> jrmithdobbs: how many of your coins does he have
6118 2011-06-20 18:34:30 <BlueMatt> 1. why do you think he has used sqli? 2. you have yet to prove that beyond, "my trustworthy friend said so", 3. I dont know, hes too busy to rebuild his own bitcoin, import the mtgox wallet and sign? wtf does he need to do that?
6119 2011-06-20 18:34:47 __robin__ is now known as __robin
6120 2011-06-20 18:34:50 __robin is now known as __robin__
6121 2011-06-20 18:34:52 <BlueMatt> 4. now I do agree he probably should be much more willing to talk about these things...
6122 2011-06-20 18:35:06 <sipa> afaik he never made any statement about when the dump was obtained?
6123 2011-06-20 18:35:07 <jrmithdobbs> BlueMatt: what does it add up to? we may never know. Suffice it to say, it adds up to enough combined with his demonstrated lack of understanding of basic security principles (csrf/sqli) and software (pgp) makes me unwilling to trust him.
6124 2011-06-20 18:35:15 <BlueMatt> sipa: ah, my branch with win32 makefile isnt being compiled...need to go fix that
6125 2011-06-20 18:35:22 <gmaxwell> BlueMatt: a lot of people are spreading rumors and stating things as fact which are harmful to bitcoin as a whole and mtgox especially that he shoulc shut down.
6126 2011-06-20 18:35:27 <ius> It's only a guess that csrf/sqli were exploited right now, but it sounds plausible to me, and VERY SURE he failed to disclose it to his users
6127 2011-06-20 18:35:31 <JFK911> sipa he did say a database dump was stolen from a machine not connected to the sites production
6128 2011-06-20 18:35:35 <jgarzik> jrmithdobbs: regardless there is --zero-- evidence of SQL injection. Zero. None. Nada.
6129 2011-06-20 18:35:52 <BlueMatt> jrmithdobbs: I have yet to see any kind of even remotely convincing argument on any point from you
6130 2011-06-20 18:35:53 <jrmithdobbs> jgarzik: except that ius reported and helped to verify he fixed it on the 16th
6131 2011-06-20 18:35:54 <jgarzik> jrmithdobbs: so people should not repeat that as anything but a Wild Asses Guess
6132 2011-06-20 18:35:55 <gmaxwell> JFK911: he also says the theft only happened a day before
6133 2011-06-20 18:36:04 <JFK911> on the other hand, nobody can see the web logs except for him
6134 2011-06-20 18:36:05 <jrmithdobbs> jgarzik: he should have publically disclosed so that we wouldn't need to have this argument.
6135 2011-06-20 18:36:17 <gmaxwell> JFK911: but since we see a forum post with the hashes a long time before that he was clearly wrong about the source of the theft.
6136 2011-06-20 18:36:48 <BlueMatt> though, to be fair, if his auditor got hacked, how the hell would mtgox know for sure when it happened...it could very well have been a day or two or three, before his auditor realized the hack had happened
6137 2011-06-20 18:36:49 <Cryo> may not know the info yet.
6138 2011-06-20 18:36:57 <Cryo> still investigating, etc.
6139 2011-06-20 18:37:02 <xtalmath> jgarzik: what about the hehehe entries in the db dump? they definitely look like sql injections
6140 2011-06-20 18:37:04 <gmaxwell> jgarzik: ius found and reported an injection vulnerablity, we just don't know if it was ever used by anyone but him.
6141 2011-06-20 18:37:08 <JFK911> well, only tibanne have the weblogs
6142 2011-06-20 18:37:14 <gmaxwell> xtalmath: Unsuccessful ones.
6143 2011-06-20 18:37:21 <ius> xtalmath: Someone tried, doesn't mean it's succesfull
6144 2011-06-20 18:37:24 <ius> -l
6145 2011-06-20 18:37:27 <xtalmath> right, and succesfull ones would not be saved in the dump
6146 2011-06-20 18:37:36 <BlueMatt> gmaxwell: and did mt not fix it when he heard about it?
6147 2011-06-20 18:37:38 <xtalmath> they would have diverted control flow
6148 2011-06-20 18:37:38 <K_F> BlueMatt: I signed up after first reading about the accounts being taken over, but my user was in the accounts file
6149 2011-06-20 18:37:48 <K_F> BlueMatt: so it was within 18-24 hours before the site went offline
6150 2011-06-20 18:37:58 Tritonio has joined
6151 2011-06-20 18:38:10 <Cryo> may have been being pilfered for a while
6152 2011-06-20 18:38:12 <gmaxwell> BlueMatt: sure but we know now: His claimed compromise path is incorrect. We also know another way it could have happened.
6153 2011-06-20 18:38:19 abragin has quit (Remote host closed the connection)
6154 2011-06-20 18:38:33 <BlueMatt> and thus I think jrmithdobbs is a hypocrite and nothing he says can be taken seriously or believed
6155 2011-06-20 18:38:37 karnac_ has joined
6156 2011-06-20 18:38:42 <ius> gmaxwell: Have to be fair, it's only an assumption. But not an unlikely one imo
6157 2011-06-20 18:38:45 <vigilyn> since when is this the conspiracy theory channel?
6158 2011-06-20 18:38:46 <K_F> granted if it was the auditor's credentials that got taken, the user could've taken a copy at any time
6159 2011-06-20 18:38:46 <BlueMatt> gmaxwell: not at all true
6160 2011-06-20 18:38:54 <jrmithdobbs> BlueMatt: how am I a hypocrite?
6161 2011-06-20 18:39:12 karnac has quit (Read error: Connection reset by peer)
6162 2011-06-20 18:39:22 <BlueMatt> gmaxwell: no, we know a csrf that cannot result in a db dump
6163 2011-06-20 18:39:23 <jrmithdobbs> BlueMatt: at the very least, even assuming the attack vector *was* the auditor as claimed
6164 2011-06-20 18:39:26 <BlueMatt> not even remotely close
6165 2011-06-20 18:39:35 <gmaxwell> BlueMatt: ius found an sql injection bug
6166 2011-06-20 18:39:37 <ius> BlueMatt: But SQLi certainly can.
6167 2011-06-20 18:39:46 abragin has joined
6168 2011-06-20 18:39:53 <jrmithdobbs> BlueMatt: the auditor should have never had access to authentication data and that alone is proof of gross incompetence
6169 2011-06-20 18:39:59 <ius> Albeit blind, plenty of ways to widen the hole.
6170 2011-06-20 18:40:01 <BlueMatt> ius: and did he not fix the sqli when he was told?
6171 2011-06-20 18:40:06 <ius> BlueMatt: Yes he did.
6172 2011-06-20 18:40:07 <JFK911> why wouldnt a sql injector just update his own number of coins and then tx them out?
6173 2011-06-20 18:40:10 <BlueMatt> jrmithdobbs: yes, on the auditors part
6174 2011-06-20 18:40:14 <gmaxwell> BlueMatt: And the password hashes were posted on a public forum Fri Jun 17, 2011 5:21 am, which contradicts the auditors' pc story.
6175 2011-06-20 18:40:19 <JFK911> that seems a LOT easier for the effort
6176 2011-06-20 18:40:20 <ionspin> anyways, what kind of auditor are we talking about? Security auditor? Tax/Law auditor?
6177 2011-06-20 18:40:25 <BlueMatt> ok, then why are you guys claiming he is irresponsible?
6178 2011-06-20 18:40:28 <JFK911> he could then delete the tx out and do it again
6179 2011-06-20 18:40:31 <jrmithdobbs> BlueMatt: no. it was a financial auditor as claimed by tux so they should have never been granted said access PERIOD
6180 2011-06-20 18:40:46 <BlueMatt> gmaxwell: no, *a* hash was, that doesnt mean the auditor story is wrong
6181 2011-06-20 18:40:48 <ius> JFK911: Hard if it's SELECT only - same goes if MT's story is true and the auditor's credentials were stolen
6182 2011-06-20 18:40:49 lessPlastic has joined
6183 2011-06-20 18:40:57 <gmaxwell> BlueMatt: NO. Not _A_ hash. HUNDREDS OF THEM
6184 2011-06-20 18:40:58 <jrmithdobbs> BlueMatt: have you never worked somewhere that's been audited? dbas are paranoid as FUCK (good ones, anyways) about giving out that kind of access
6185 2011-06-20 18:41:02 <jrmithdobbs> for *exactly* this reason
6186 2011-06-20 18:41:05 <tcatm> JFK911: because mtgox has separate DBs for financial stuff and user accounts
6187 2011-06-20 18:41:07 <BlueMatt> jrmithdobbs: oh, by all means I agree, but that isnt gross incompetence
6188 2011-06-20 18:41:14 <jrmithdobbs> BlueMatt: yes. it is.
6189 2011-06-20 18:41:30 <jrmithdobbs> BlueMatt: it's a violation of rule #1 in computer security
6190 2011-06-20 18:41:37 <jrmithdobbs> BlueMatt: least privilege.
6191 2011-06-20 18:41:41 fimp has joined
6192 2011-06-20 18:41:44 <gmaxwell> http://forum.insidepro.com/viewtopic.php?p=65092&sid=d23fbc6d37e592c825f5126e201747e7 < post at "Fri Jun 17, 2011 5:21 am " by georgeclooney contains hundreds of unsalted passwords from the mtgox database.
6193 2011-06-20 18:41:45 <ius> BlueMatt: IMO he should have disclosed the SQLi and csrf issue to his users. It's irresponsible not to (and force a password change due to the SQLi)
6194 2011-06-20 18:41:56 <vigilyn> have any of you guys actually looked at what a financial audit (like PCI, for example) actually requires? there are part about databases, password storage, etc
6195 2011-06-20 18:41:59 LightRider is now known as afk!~LightRide@unaffiliated/lightrider|LightRider
6196 2011-06-20 18:42:02 <BlueMatt> ius: now that I agree with
6197 2011-06-20 18:42:05 <ius> You cannot take risks if there has been a confirmed vuln
6198 2011-06-20 18:42:22 o_0oo has quit (Ping timeout: 264 seconds)
6199 2011-06-20 18:42:36 <xtalmath> yep I can testify theres 60 000 pass hashes in there, and the hash of mine is correct, mine was salted luckily, and unique to mt gox...
6200 2011-06-20 18:42:51 <jrmithdobbs> xtalmath: same
6201 2011-06-20 18:42:56 <jrmithdobbs> on all counts
6202 2011-06-20 18:42:59 <ionspin> in any case he should have had unsalted hashes in db :/ Dealing with money, should mean a level of seriousnes
6203 2011-06-20 18:43:06 maikmerten has quit (Remote host closed the connection)
6204 2011-06-20 18:43:08 <ius> BlueMatt: That's my point atm, that SQLi could've been used is an assumption, and I'm still not sure how 'just' the auditor being compromised would be the full story.
6205 2011-06-20 18:43:15 <jrmithdobbs> ionspin: no having the salts there is fine
6206 2011-06-20 18:43:17 <phantomcircuit> BlueMatt, i dont think anybody broke into his bitcoind, i do however believe that someone stole funds from targeted accounts and then mass withdrew them
6207 2011-06-20 18:43:18 <ius> s/an/another
6208 2011-06-20 18:43:28 <jrmithdobbs> ionspin: anyone who says otherwise doesn't understand the purpose of the salts
6209 2011-06-20 18:44:00 <jrmithdobbs> BlueMatt: he's repeatedly ignored requests to prove he is still in possession of the coins. you're ignoring that part.
6210 2011-06-20 18:44:06 underscor has quit (Ping timeout: 250 seconds)
6211 2011-06-20 18:44:14 <phantomcircuit> ionspin, lets put it this way, linux stores the salt right next to the hash, are you seriously calling into question the security of basic account functions in linux?
6212 2011-06-20 18:44:37 <ionspin> jrmithdobbs, sorry, what i meant to say shouldN'T :/
6213 2011-06-20 18:44:39 <jrmithdobbs> BlueMatt: or provide the addresses the "few" coins he admits were fraudulantly xferred so that other exchanges can block their usage
6214 2011-06-20 18:44:46 knightrage has quit (Ping timeout: 240 seconds)
6215 2011-06-20 18:44:48 <xtalmath> I predicted this would happen, and the same will happen with the address shorteners so that you can send to "lucy" instead of as68549ae1as61fas3a5f6a or smth, theyre centralized websites, and as soon as they notice throughput rise (by correlating clicks with effective transactions) high enough, they will provide their own adresses....
6216 2011-06-20 18:44:51 <BlueMatt> ok, you know what, you can keep throwing your fud around all day, afaict, so far, all you guys have is a vuln he fixed when he was told, and didnt announce (I would agree with you guys here, he should have been more open), and some unsalted hashes supposedly from the mtgdb posted a couple days prior, which I dont see why that is convincing evidence, a. they are the unsalted ones which could very well not be from the db, or could have been as a
6217 2011-06-20 18:44:51 <BlueMatt> result of someone wanting to throw fud by using a phishing scam
6218 2011-06-20 18:44:53 <JFK911> jrmithdobbs: how many of your coins does mtgox have
6219 2011-06-20 18:44:58 <jrmithdobbs> JFK911: zero
6220 2011-06-20 18:45:01 <jgarzik> hum
6221 2011-06-20 18:45:04 <JFK911> jrmithdobbs: so why do you care
6222 2011-06-20 18:45:07 <jgarzik> has this channel been off-topic all weekend?
6223 2011-06-20 18:45:12 <jrmithdobbs> JFK911: he has a little bit of my usd but not enough for me to care
6224 2011-06-20 18:45:16 <BlueMatt> jgarzik: when is this chan on topic?
6225 2011-06-20 18:45:19 <jgarzik> hehe
6226 2011-06-20 18:45:21 <jrmithdobbs> JFK911: principle.
6227 2011-06-20 18:45:21 <gmaxwell> "supposedly from mtgdb" fuck you, BlueMatt
6228 2011-06-20 18:45:23 <JFK911> i'd care about the usd
6229 2011-06-20 18:45:41 <jgarzik> BlueMatt: is anybody working on rebasing wallet crypto?
6230 2011-06-20 18:45:46 <BlueMatt> jgarzik: me
6231 2011-06-20 18:45:48 <jgarzik> BlueMatt: most wallet stuff needs rebasing
6232 2011-06-20 18:45:50 <jgarzik> ok, good
6233 2011-06-20 18:45:53 <BlueMatt> jgarzik: well Im gonna ground up rewrite
6234 2011-06-20 18:46:02 <BlueMatt> jgarzik: and copy/paste ui stuff
6235 2011-06-20 18:46:26 <phantomcircuit> BlueMatt, then why wont he tell me the address of the stolen funds so i can prevent them from being used on britcoin?
6236 2011-06-20 18:46:37 <jgarzik> sipa: are you working on rebasing wallet and key export/import?
6237 2011-06-20 18:46:39 <phantomcircuit> BlueMatt, honestly at this point i think he's trying to set me up
6238 2011-06-20 18:46:41 <BlueMatt> phantomcircuit: now that I dont know
6239 2011-06-20 18:46:48 <ionspin> Anybody read that short article about mtgox hack in pcmag?
6240 2011-06-20 18:46:54 <JFK911> jrmithdobbs: smart move to move most of your value out of mtgox btw
6241 2011-06-20 18:46:55 <BlueMatt> phantomcircuit: and on that count I would agree
6242 2011-06-20 18:46:58 <sipa> jgarzik: yes, already done, but keyio needs some changes anyway
6243 2011-06-20 18:47:02 <JFK911> jrmithdobbs: anyone can tell by looking at it that its "just a website"
6244 2011-06-20 18:47:11 <jgarzik> phantomcircuit: long term, we need a closed bitcoin-sec list for something like this
6245 2011-06-20 18:47:19 <jrmithdobbs> JFK911: i've not had hardly anything in mtgox since it hit 30 and i cashed out
6246 2011-06-20 18:47:22 <jgarzik> phantomcircuit: like Linux's vendor-sec
6247 2011-06-20 18:47:29 <BlueMatt> phantomcircuit: but just because mt tends to not be as communicative as he should doesnt mean people need to spend all this time throwing fud
6248 2011-06-20 18:47:38 <jrmithdobbs> JFK911: i have zero vested interest in this and am merely upset on principle alone.
6249 2011-06-20 18:47:51 <BlueMatt> jgarzik: not hard for you to create...
6250 2011-06-20 18:48:00 <phantomcircuit> BlueMatt, every single thing he has done since this occurred has been suspicious, including outright lying about the timeline
6251 2011-06-20 18:48:04 <jgarzik> BlueMatt: true, but will it be used, if I create it?
6252 2011-06-20 18:48:06 <BlueMatt> jgarzik: just forward to you and gavin and sipa and forward what needs to be
6253 2011-06-20 18:48:18 <BlueMatt> phungus: now that I dont believe you on
6254 2011-06-20 18:48:20 <jrmithdobbs> JFK911: because bitcoin-related web services are boing shown over and over again to be run by amateurs that don't take the simplest of computer security principles into account
6255 2011-06-20 18:48:23 <BlueMatt> phantomcircuit: *
6256 2011-06-20 18:48:29 <BlueMatt> jgarzik: probably
6257 2011-06-20 18:48:31 <jrmithdobbs> JFK911: and I think a huge fucking spotlight needs to be shined on this fact.
6258 2011-06-20 18:48:36 * jgarzik agrees with jrmithdobbs there
6259 2011-06-20 18:48:43 <jgarzik> too many bitcoin websites have suck security
6260 2011-06-20 18:48:52 <dsockwell> agreed
6261 2011-06-20 18:48:53 <JFK911> jrmithdobbs: maybe you can make some cash consulting then
6262 2011-06-20 18:48:56 <xtalmath> and suck transparency
6263 2011-06-20 18:49:00 <ionspin> overall poor quality, not just security
6264 2011-06-20 18:49:00 <BlueMatt> jrmithdobbs: to be fair, mt didnt write the current codebase, though I would agree he really should have changed over long ago
6265 2011-06-20 18:49:17 <BlueMatt> ionspin: yep
6266 2011-06-20 18:49:17 <ius> Closed lists aren't going to help. Responsible disclosure should.
6267 2011-06-20 18:49:24 <jgarzik> I don't mind an ugly website that is functional and secure
6268 2011-06-20 18:49:24 <ius> BlueMatt: He's operating it nonetheless.
6269 2011-06-20 18:49:25 <jrmithdobbs> BlueMatt: he's been in possession for what? 3 months now?
6270 2011-06-20 18:49:39 Clipse has joined
6271 2011-06-20 18:49:40 <ionspin> jgarzik: and stable, which is a rarity in pool/market sphere
6272 2011-06-20 18:49:41 <BlueMatt> jrmithdobbs: yep, hence why I said he should have changed over long ago
6273 2011-06-20 18:49:41 <jrmithdobbs> BlueMatt: 3 months is long enough to have audited for the simple issues reported over the last week
6274 2011-06-20 18:49:53 <jrmithdobbs> so it's not an excuse
6275 2011-06-20 18:49:56 <jgarzik> jrmithdobbs: we've been in possession of the bitcoin codebase for 6 months and it still sucks :)
6276 2011-06-20 18:50:10 <jrmithdobbs> jgarzik: little different
6277 2011-06-20 18:50:11 <jrmithdobbs> ;P
6278 2011-06-20 18:50:16 <BlueMatt> jrmithdobbs: only sort of
6279 2011-06-20 18:50:41 <emock> is there a good thread in the forums about how POS Tx's might be confirmed quickly?
6280 2011-06-20 18:50:42 <ius> Plus, rewriting all queries to parameterized queries should not be impossible, vs. knowingly using a broken code base
6281 2011-06-20 18:50:51 <jrmithdobbs> BlueMatt: i confirmed the csrf phantomcircuit reported with no extra information than the forum post in about 10 minutes, so no, very different.
6282 2011-06-20 18:51:09 <phantomcircuit> and i found it in 70 seconds....
6283 2011-06-20 18:51:15 <ius> Any half-decent programmer could audit some code and spot SQLi/csrf issues
6284 2011-06-20 18:51:17 <BlueMatt> emock: those who tell you its possible arent thinking too well, you could theoretically do it 90%, but you would want insurance from a pool/big-time miner
6285 2011-06-20 18:51:20 <npouillard> is this channel logged?
6286 2011-06-20 18:51:26 <phantomcircuit> npouillard, i think so
6287 2011-06-20 18:51:31 <jrmithdobbs> npouillard: yes.
6288 2011-06-20 18:51:31 <xtalmath> if there was a huge sell off, then there was also a huge buy, perhaps the auditor (or tux, or other) leaked the db, to invest in btc cheaply (if I cant be early ill just crash the value for a while)
6289 2011-06-20 18:51:33 <ius> npouillard: Pretty sure it is
6290 2011-06-20 18:51:38 <jrmithdobbs> npouillard: see /topic
6291 2011-06-20 18:51:45 <emock> BlueMatt: okay, so there really isn't a good proposal for that atm?
6292 2011-06-20 18:51:49 <BlueMatt> npouillard: yes, see topic
6293 2011-06-20 18:51:56 <BlueMatt> emock: nope
6294 2011-06-20 18:52:06 <dsockwell> hey, what dictates the size of wallet.dat? is my file huge because i did 7000 transactions on testnet?
6295 2011-06-20 18:52:16 <sipa> dsockwell: it contains all your transactions
6296 2011-06-20 18:52:20 <jrmithdobbs> phantomcircuit: it took me 10 because i started with the new fors that had been added ;P
6297 2011-06-20 18:52:27 <dinox> I need help with github.. I have searched and cant find anything on the subject. I have a fork of bitcoin/bitcoin
6298 2011-06-20 18:52:28 <jrmithdobbs> s/new fors/newer forms/
6299 2011-06-20 18:52:28 <BlueMatt> dsockwell: tesnet wallet is in a different folder but that could cause large testnet wallet
6300 2011-06-20 18:52:30 <dinox> If I want to try one of BlueMatt's push-req, how do I do?
6301 2011-06-20 18:52:31 <phantomcircuit> dsockwell, all addresses and all transactions involving addresses in the wallet
6302 2011-06-20 18:52:59 <phantomcircuit> jrmithdobbs, yeah you had to find it, i had a feeling immediately on where to look first, instincts bro, i got them
6303 2011-06-20 18:53:00 <phantomcircuit> rofl
6304 2011-06-20 18:53:00 <ionspin> dinox: clone his branch?
6305 2011-06-20 18:53:02 <sipa> dinox: first, find which branch you need
6306 2011-06-20 18:53:03 <BlueMatt> dinox: you dont have to do it in github, just checkout my branch via git locally
6307 2011-06-20 18:53:11 <emock> MagicalTux had to have been in a very awkward situation, and in hindsight may have prioritized things poorly...
6308 2011-06-20 18:53:15 <sipa> dinox: then fetch his repository
6309 2011-06-20 18:53:23 zapnap has quit (Remote host closed the connection)
6310 2011-06-20 18:53:27 <sipa> dinox: then checkout the branch in it
6311 2011-06-20 18:53:30 <BlueMatt> emock: yep
6312 2011-06-20 18:53:32 <emock> awkward even before the weekend
6313 2011-06-20 18:53:38 <ionspin> emo
6314 2011-06-20 18:53:39 <BlueMatt> yep
6315 2011-06-20 18:53:42 <JFK911> maybe he should have hired help
6316 2011-06-20 18:53:48 <JFK911> sounds like hes been trying to do everything on his own
6317 2011-06-20 18:53:48 <BlueMatt> (to emock)
6318 2011-06-20 18:53:51 <ionspin> JFK911, my toughts exactly
6319 2011-06-20 18:53:56 <phantomcircuit> maybe he shouldn't be stretched as thin as he is
6320 2011-06-20 18:54:04 <emock> it's not that easy to just 'hire help'
6321 2011-06-20 18:54:06 sipa has left ()
6322 2011-06-20 18:54:07 <JFK911> right
6323 2011-06-20 18:54:10 <JFK911> it is hard to find someone
6324 2011-06-20 18:54:10 <BlueMatt> JFK911: no, hes been working on hiring help to take over a ton of stuff since he got it)
6325 2011-06-20 18:54:17 <phantomcircuit> yes which is why i didn't say to hire help
6326 2011-06-20 18:54:18 <JFK911> in a small operation you need someone versatile, a knowitall
6327 2011-06-20 18:54:40 <Cryo> I've seen people have nervous breakdowns having things blow up like this.
6328 2011-06-20 18:54:42 <phantomcircuit> BlueMatt, i was always available ;)
6329 2011-06-20 18:54:52 <phantomcircuit> and really dont mind being someplace i dont speak the language
6330 2011-06-20 18:54:53 <emock> and everyone pushing him to make sure it's available for trading⦠and I'm sure he's got to be worried about the financial side of things
6331 2011-06-20 18:54:53 <phantomcircuit> lol
6332 2011-06-20 18:54:53 <JFK911> BlueMatt: oh ive never heard of anyone but mark involved with mtgox
6333 2011-06-20 18:55:13 <BlueMatt> whatever I need to go anyway
6334 2011-06-20 18:55:32 <phantomcircuit> JFK911, the bank account was opened by an american and is in his name, i wonder if he realizes the immense potential liability...
6335 2011-06-20 18:55:38 BlueMatt has quit (Quit: Ex-Chat)
6336 2011-06-20 18:56:12 <phantomcircuit> also i like how people are depositing bitcoins on britcoin
6337 2011-06-20 18:56:12 <JFK911> phantomcircuit: if he is a japan citizen he will have the protection of the japanese government
6338 2011-06-20 18:56:15 <phantomcircuit> confidence bro
6339 2011-06-20 18:56:17 <emock> JFK911: a know-it-all means a know-it-all-shallow
6340 2011-06-20 18:56:17 <phantomcircuit> we haz it
6341 2011-06-20 18:56:41 <JFK911> emock: mostly when they are young
6342 2011-06-20 18:56:46 <phantomcircuit> JFK911, the bank account is owned by an american citizen who has given control of it to mark
6343 2011-06-20 18:56:49 devon_hillard has quit (Read error: Connection reset by peer)
6344 2011-06-20 18:56:54 <spq> one of that InsidePro forum post(dated Fri Jun 17, 2011 5:21 am) has 64 hashes and 61 of them are in the list of unsalted md5sums of the mtgox dbdump... that is a big percentage...
6345 2011-06-20 18:57:03 albert has joined
6346 2011-06-20 18:57:04 <JFK911> phantomcircuit: oh you mean the straw guy for the bank is liable.
6347 2011-06-20 18:57:05 <emock> JFK911: and young means?
6348 2011-06-20 18:57:08 <phantomcircuit> JFK911, ie if shtf he could be completely liable
6349 2011-06-20 18:57:12 <jrmithdobbs> phantomcircuit: the japanese gov has a long demonstrated willingness to refuse extradition even for undeniably just extradition requests for japanese citizens
6350 2011-06-20 18:57:20 <jrmithdobbs> phantomcircuit: they are HORRIBLE global citizens
6351 2011-06-20 18:57:23 <JFK911> emock: less experience
6352 2011-06-20 18:57:26 albert is now known as Guest52181
6353 2011-06-20 18:57:27 <phantomcircuit> jrmithdobbs, plz2read
6354 2011-06-20 18:57:33 badmanu has joined
6355 2011-06-20 18:57:55 <davex__> haha "global citizens"
6356 2011-06-20 18:57:56 <Cryo> the bank account doesn't have to be owned by an american citizen
6357 2011-06-20 18:58:02 <jrmithdobbs> phantomcircuit: got to get him into the country to get an enforcable civil claim
6358 2011-06-20 18:58:19 <Cryo> my c-corp owns its bank account and credit cards
6359 2011-06-20 18:58:19 <jrmithdobbs> phantomcircuit: jap gov will cover his ass otherwise
6360 2011-06-20 18:58:26 <JFK911> no you can try him in absentia but any judgment wont be collectable
6361 2011-06-20 18:58:32 <emock> so, who wants to start up a new exchange now?
6362 2011-06-20 18:58:36 <jrmithdobbs> JFK911: which is what i mean
6363 2011-06-20 18:58:38 knightrage has joined
6364 2011-06-20 18:58:40 <JFK911> he will just keep his assets in jp
6365 2011-06-20 18:58:44 <jrmithdobbs> right
6366 2011-06-20 18:59:03 <gmaxwell> spq: moreover, the people on the forum couldn't crack almost any of them them, so it's not like they are common strings.
6367 2011-06-20 18:59:03 <JFK911> but this is all wacky to discuss before we see what happened
6368 2011-06-20 18:59:24 <phantomcircuit> JFK911, we're talking about an american citizen
6369 2011-06-20 18:59:42 <phantomcircuit> er
6370 2011-06-20 18:59:44 <JFK911> phantomcircuit: you and i are, jrmith and i arent i think
6371 2011-06-20 18:59:44 <phantomcircuit> jrmithdobbs, ^
6372 2011-06-20 18:59:47 <spq> gmaxwell: but the ones who had the db dump had enough time to try it with rainbow tables?
6373 2011-06-20 18:59:53 <gmaxwell> The people asking for proof that mtgox still has the funds aren't just being demanding for the sake of it. There is a real risk that a bitcoin exchange could operate short and just cause effective inflation.
6374 2011-06-20 18:59:55 <phantomcircuit> JFK911, wat
6375 2011-06-20 18:59:56 jsnyder has joined
6376 2011-06-20 18:59:57 <jrmithdobbs> phantomcircuit: you may have a point, if the accounts haven't all been completely moved to japan there may still be means of enforcement
6377 2011-06-20 19:00:15 <phantomcircuit> jrmithdobbs, dwolla will only move funds to us based bank accounts
6378 2011-06-20 19:00:16 <ius> spq: Rainbow tables are useless. Dict/bruteforce however gets you plenty to try
6379 2011-06-20 19:00:19 <JFK911> first lawsuit about stolen bitcoins!
6380 2011-06-20 19:00:25 <gmaxwell> spq: I assume that whoever posted that list had attacked it first, and thats why not all of the unsalted are not there.
6381 2011-06-20 19:00:26 <JFK911> how would btc be valued?
6382 2011-06-20 19:00:27 <jrmithdobbs> phantomcircuit: good to know
6383 2011-06-20 19:00:34 <dD0T> spq: Rt doesn't work on individually salted passwords
6384 2011-06-20 19:00:38 <JFK911> this will go to the appeals courts ten times before any trian
6385 2011-06-20 19:00:41 <JFK911> *trial
6386 2011-06-20 19:00:45 machine1 has quit (Quit: http://FaceFox.com)
6387 2011-06-20 19:00:50 <spq> dD0T: those are only the unsalted ones...
6388 2011-06-20 19:00:52 <gmaxwell> ius: this is the unsalted ones.
6389 2011-06-20 19:01:08 <quellhorst> fucking mtgox
6390 2011-06-20 19:01:13 <dD0T> spq: Sry, didn't read the full backlog
6391 2011-06-20 19:01:15 <quellhorst> i wonder if they will even open back up
6392 2011-06-20 19:01:25 <jrmithdobbs> what it comes down to is this stuff is not FUD
6393 2011-06-20 19:01:39 <jrmithdobbs> this is tux being unwilling to address the aqusations
6394 2011-06-20 19:01:48 <phantomcircuit> JFK911, there are well established rules for identifying the value of a good which has been destroyed, but they're super ridiculous complicated so i couldn't even begin to imagine
6395 2011-06-20 19:01:50 <Cryo> but there's too much fud going around and the press isn't helping.
6396 2011-06-20 19:01:57 <jrmithdobbs> which is extremely fishy when doing so, if he can actually demnstrate what he claims to be true, would be to his advantage
6397 2011-06-20 19:02:04 <JFK911> phantomcircuit: there would be endless arguments
6398 2011-06-20 19:02:25 <phantomcircuit> rofl
6399 2011-06-20 19:02:31 <JFK911> mtgox needs to sleep and fix the site, not address the peanut gallery
6400 2011-06-20 19:02:58 <quellhorst> mtgox needs to let us connect and get our cash out.
6401 2011-06-20 19:03:02 * emock wonders if this will encourage or discourage more exchanges?
6402 2011-06-20 19:03:13 <jrmithdobbs> JFK911: it's track record of communicating with it's customers is *part of the issue*
6403 2011-06-20 19:03:27 <phantomcircuit> JFK911, except he would calm the nerves simply by announcing a future transctions and then making it with the remaining balance on mtgox
6404 2011-06-20 19:03:31 <jrmithdobbs> JFK911: so i would argue that effective commmunication is more important than getting the exchange back up
6405 2011-06-20 19:04:27 dukeleto has quit (Excess Flood)
6406 2011-06-20 19:04:36 IncitatusOnWater has joined
6407 2011-06-20 19:04:58 dukeleto has joined
6408 2011-06-20 19:05:48 fpgaminer has joined
6409 2011-06-20 19:05:53 Fairuser is now known as Fairuser|AWK
6410 2011-06-20 19:05:54 <emock> I think he's rightly being very careful about what he says and does at this point⦠making any quick (without a day or so to think it over) decision could be lethal at this point
6411 2011-06-20 19:06:03 <JFK911> i'd be careful and terse as well
6412 2011-06-20 19:06:13 anu has quit (Read error: Connection reset by peer)
6413 2011-06-20 19:06:15 krekbwoy has quit (Ping timeout: 260 seconds)
6414 2011-06-20 19:06:31 <JFK911> im sure people are angry that he overpromised the opening time
6415 2011-06-20 19:06:45 <JFK911> just a lapse in judgment, nothing malicious
6416 2011-06-20 19:07:12 <emock> not even a lapse in judgment⦠just human nature
6417 2011-06-20 19:07:34 <sivu> is ipv6 support in the plans
6418 2011-06-20 19:07:40 <quellhorst> also, before the crash i asked for money to be taken out via dowall, that still hasn't been confirmed
6419 2011-06-20 19:07:41 <jrmithdobbs> sort of kind of
6420 2011-06-20 19:07:46 <jrmithdobbs> sivu: ^
6421 2011-06-20 19:07:56 <ionspin> he should think more about appearance of his site also. Regular joe wont be buying at a site where owner says something could get screwed
6422 2011-06-20 19:08:02 <echelon> can someone explain how real world bitcoin exchanges would work
6423 2011-06-20 19:08:02 <npouillard> running "DISPLAY=:0 aticonfig --adapter=all --odgt" gives me "ERROR - Could not find library: libatiadlxx.so" any idea?
6424 2011-06-20 19:08:03 <ionspin> id ont mind, but ...
6425 2011-06-20 19:08:05 <sivu> jrmithdobbs, for the client?
6426 2011-06-20 19:08:14 <npouillard> I have two very similar ArchLinux boxes and only one produces this error, and yes /usr/lib/libatiadlxx.so exists
6427 2011-06-20 19:08:17 <jrmithdobbs> sivu: it's planned but no time frame
6428 2011-06-20 19:08:23 <echelon> i know how you can have qr codes with the bitcoin address
6429 2011-06-20 19:08:32 <echelon> but isn't there a high latency?
6430 2011-06-20 19:08:39 <xelister> npouillard: btw, what are you buinding?
6431 2011-06-20 19:08:41 <echelon> for confirmations
6432 2011-06-20 19:08:45 <jrmithdobbs> echelon: #bitcoin
6433 2011-06-20 19:08:55 <echelon> fine -_-
6434 2011-06-20 19:09:15 * nameless !~root@weowntheinter.net|pokes jrmithdobbs
6435 2011-06-20 19:09:15 <emock> no, here
6436 2011-06-20 19:09:25 <iera> npouillard: #bitcoin-mining
6437 2011-06-20 19:09:29 <nameless> !~root@weowntheinter.net|err
6438 2011-06-20 19:09:32 <emock> unless /topic is wrong
6439 2011-06-20 19:09:48 <nameless> !~root@weowntheinter.net|I meant to poke jgarzik
6440 2011-06-20 19:10:02 redshark1802 has quit (Remote host closed the connection)
6441 2011-06-20 19:10:04 <emock> echelon: seems to me that discussion belongs here
6442 2011-06-20 19:10:16 <emock> although, maybe folks are sick of it
6443 2011-06-20 19:10:17 <npouillard> iera: already asked there
6444 2011-06-20 19:10:24 <npouillard> xelister: buinding?
6445 2011-06-20 19:10:27 <echelon> k
6446 2011-06-20 19:11:24 redshark1802 has joined
6447 2011-06-20 19:11:32 pensan has quit (Quit: Leaving)
6448 2011-06-20 19:12:05 <emock> btw, awesome interview: http://gothamist.com/2011/06/20/video_jon_stewart_says_the_times_bi.php
6449 2011-06-20 19:12:12 <jgarzik> nameless|: ?
6450 2011-06-20 19:12:13 dbasch has quit (Quit: dbasch)
6451 2011-06-20 19:12:21 Esli has joined
6452 2011-06-20 19:13:40 <xelister> npouillard: erm, what are you building ;) coding.
6453 2011-06-20 19:13:45 dbasch has joined
6454 2011-06-20 19:14:01 <xelister> npouillard: if you asked about mining, then indeed #bitcoin-mining
6455 2011-06-20 19:15:02 dedeibel has joined
6456 2011-06-20 19:15:02 <nameless> !~root@weowntheinter.net|jgarzik: Can has op in #bitcoin?
6457 2011-06-20 19:15:32 <jgarzik> nameless|: talk to nanotube and gribble and btcd
6458 2011-06-20 19:15:47 <npouillard> xelister: indeed this is about mining but I was tring to get some clues here anyway
6459 2011-06-20 19:15:49 lessPlastic has quit (Quit: lessPlastic)
6460 2011-06-20 19:15:52 * nameless !~root@weowntheinter.net|pokes nanotube
6461 2011-06-20 19:17:04 ZOP has joined
6462 2011-06-20 19:17:28 xtalmath has quit (Ping timeout: 250 seconds)
6463 2011-06-20 19:17:38 <nanotube> nameless|: you got it
6464 2011-06-20 19:18:23 <nameless> !~root@weowntheinter.net|danke
6465 2011-06-20 19:18:53 joecool has joined
6466 2011-06-20 19:20:24 m00p has joined
6467 2011-06-20 19:21:37 <ius> npouillard: ran ldconfig? they're installed to /opt/amdsteam/lib or sth
6468 2011-06-20 19:22:33 lessPlastic has joined
6469 2011-06-20 19:22:49 xenland has joined
6470 2011-06-20 19:25:29 sabalaba has joined
6471 2011-06-20 19:26:59 coderrr is now known as coderrr`brb
6472 2011-06-20 19:27:21 coderrr`brb is now known as coderrr
6473 2011-06-20 19:27:41 coderrr is now known as coderrr`brb
6474 2011-06-20 19:27:52 coderrr`brb is now known as coderrr
6475 2011-06-20 19:27:58 manifold has joined
6476 2011-06-20 19:28:01 TheAncientGoat has quit (Ping timeout: 276 seconds)
6477 2011-06-20 19:28:41 dubious has joined
6478 2011-06-20 19:28:51 Ken` has joined
6479 2011-06-20 19:28:57 dubious has quit (Read error: Connection reset by peer)
6480 2011-06-20 19:29:25 xenland has quit (Remote host closed the connection)
6481 2011-06-20 19:29:39 dubious has joined
6482 2011-06-20 19:32:01 datagutt has quit (Read error: Connection reset by peer)
6483 2011-06-20 19:33:36 dbasch has quit (Read error: Connection reset by peer)
6484 2011-06-20 19:33:57 dbasch has joined
6485 2011-06-20 19:35:29 zapnap has joined
6486 2011-06-20 19:35:46 molecular has quit (Ping timeout: 264 seconds)
6487 2011-06-20 19:35:54 underscor has joined
6488 2011-06-20 19:35:55 molecular has joined
6489 2011-06-20 19:36:01 Guest52181 has quit (Ping timeout: 240 seconds)
6490 2011-06-20 19:37:03 d1g1t4l has joined
6491 2011-06-20 19:38:30 RazielZ has quit (Quit: Leaving)
6492 2011-06-20 19:40:21 DaQatz has quit (Read error: Connection reset by peer)
6493 2011-06-20 19:40:26 DaQatz has joined
6494 2011-06-20 19:40:30 traviscj has joined
6495 2011-06-20 19:40:44 rmah has left ()
6496 2011-06-20 19:40:49 <npouillard> ius: yes /opt/ati-stream-sdk-v2.1-lnx64/lib/x86_64 in a ld.so.conf.d and I ran ldconfig. ldconfig -p show them all
6497 2011-06-20 19:40:57 Tritonio has quit (Quit: Leaving)
6498 2011-06-20 19:42:45 dbasch_ has joined
6499 2011-06-20 19:43:38 [Tycho] has quit (Read error: Connection reset by peer)
6500 2011-06-20 19:44:15 Joric has quit ()
6501 2011-06-20 19:44:27 <ionspin> maybe try ldd python2.7 ./phoenix... that should show exactly the path to lib.
6502 2011-06-20 19:44:47 <ionspin> the requested path to the lib
6503 2011-06-20 19:45:02 [Tycho] has joined
6504 2011-06-20 19:46:41 dbasch has quit (Ping timeout: 260 seconds)
6505 2011-06-20 19:46:41 dbasch_ is now known as dbasch
6506 2011-06-20 19:46:58 <Raccoon> alright.
6507 2011-06-20 19:46:59 <npouillard> ionspin: its when I run aticonfig to get the temperature, mining is working fine
6508 2011-06-20 19:47:17 <Raccoon> i have another theoretical hacking question pertaining to bitcoin address stealing
6509 2011-06-20 19:47:42 redshark1802 has quit (Remote host closed the connection)
6510 2011-06-20 19:47:49 <Raccoon> shouldn't it be statistically possible to steal -a- bitcoin address using, what i'd call a "birthday hack".
6511 2011-06-20 19:47:52 <ionspin> npouillard, i have had some strange output from aticonfig myself, with -odgc not working, and odss working flawlessly
6512 2011-06-20 19:47:55 moe1111 has quit (Read error: Operation timed out)
6513 2011-06-20 19:47:59 brooss has joined
6514 2011-06-20 19:48:05 <ionspin> -odsc*
6515 2011-06-20 19:48:11 <emock> wtf? Apple hid ~/Library in the latest Lion build(s)...
6516 2011-06-20 19:48:14 <Raccoon> that is, if you generate enough bitcoin addresses in your wallet, eventually, you'll collide with someone else's address that already has money in it?
6517 2011-06-20 19:48:18 <brocktice> Raccoon: no
6518 2011-06-20 19:48:20 <emock> oopsâ¦
6519 2011-06-20 19:48:22 <Raccoon> eg
6520 2011-06-20 19:48:23 Speeder has quit (Quit: Speeder)
6521 2011-06-20 19:48:25 <brocktice> Raccoon: I had the same question
6522 2011-06-20 19:48:36 <Raccoon> if you put enough people into a room, eventually you WILL have two people with matching birthdays
6523 2011-06-20 19:48:36 <brocktice> Otherwise the algos involved would be useuless
6524 2011-06-20 19:48:40 <brocktice> *useless
6525 2011-06-20 19:48:42 <emock> but that actually may have some ramifications here⦠can't get to wallet readily from Finder
6526 2011-06-20 19:48:43 <Raccoon> I think it happens around 23 or 25 people
6527 2011-06-20 19:48:48 <Raccoon> so
6528 2011-06-20 19:48:48 <npouillard> Raccoon: no the proba is very low
6529 2011-06-20 19:48:49 <brocktice> Sure, but imagine there were billions of possible birthdays
6530 2011-06-20 19:48:53 <ionspin> npouillard, try ldd /usr/bin/aticonfig (at least that where it is on arch
6531 2011-06-20 19:48:58 <Raccoon> but the probability is compounded
6532 2011-06-20 19:49:00 <brocktice> and you can only fit 10 people in the room
6533 2011-06-20 19:49:01 <gmaxwell> Raccoon: do you come from a place with years that have 2^160 days?
6534 2011-06-20 19:49:05 <Raccoon> with the growth of bitcoin, and every address you create
6535 2011-06-20 19:49:14 <Raccoon> gmaxwell: set asside the rhetoric
6536 2011-06-20 19:49:24 <gmaxwell> Raccoon: ... set aside the math too?
6537 2011-06-20 19:49:30 <brocktice> ;;calc 2^160
6538 2011-06-20 19:49:31 <gribble> 2^160 = 1.46150164 * 10^(48)
6539 2011-06-20 19:49:32 kratosk has joined
6540 2011-06-20 19:49:32 <Raccoon> statistically speaking, every address you generate will cut into those years like a butterknife
6541 2011-06-20 19:49:40 deio has joined
6542 2011-06-20 19:49:52 <Raccoon> you aren't trying to bruteforce any single address
6543 2011-06-20 19:49:58 purrr has joined
6544 2011-06-20 19:50:00 <Raccoon> you are trying to bruteforce ALL of them at once
6545 2011-06-20 19:50:03 <Raccoon> birthday hack
6546 2011-06-20 19:50:04 <gmaxwell> Raccoon: do math, the odds are infinitesmal even if you assume insane address generating rates.
6547 2011-06-20 19:50:25 fimp has quit (Ping timeout: 260 seconds)
6548 2011-06-20 19:50:27 <brocktice> Raccoon: I'm not *saying* you're going to get struck by lightning while simultaneously getting hit by a meteor while flying in an airliner... but it could happen.
6549 2011-06-20 19:50:40 <brocktice> once in a few million yeras
6550 2011-06-20 19:50:41 <Raccoon> gmaxwell, so you are aware of the basic statistics class lesson of a room full of people with birthdays. yes?
6551 2011-06-20 19:50:42 <brocktice> *years
6552 2011-06-20 19:51:02 <gmaxwell> Raccoon: Yes, but apparently you aren't becaus you're failing to actually perform the calculation.
6553 2011-06-20 19:51:03 <lyspooner> raccoon: 100% of people in a room have birthdays
6554 2011-06-20 19:51:05 <brocktice> in other words, not often enough to care about... ever
6555 2011-06-20 19:51:19 <Raccoon> if you put 25 people into a room, 2 people will share a birthday
6556 2011-06-20 19:51:20 <npouillard> Raccoon: with the same reasonning it would happen the same with RSA keys (GPG, ssh, ssl), you can go download most of the ssl certificate and look for conflict
6557 2011-06-20 19:51:24 d1234 has joined
6558 2011-06-20 19:51:31 <Raccoon> even though there are 365 possible birthdays out there
6559 2011-06-20 19:51:42 <Georgyo> Raccoon: 50% chance
6560 2011-06-20 19:51:44 <brocktice> Raccoon: no, they *won't*
6561 2011-06-20 19:51:45 <brocktice> they *may*
6562 2011-06-20 19:52:00 <brocktice> statistics are not deterministic
6563 2011-06-20 19:52:03 <Raccoon> well, the same thing with bitcoin addresses won't apply?
6564 2011-06-20 19:52:04 <brocktice> just ask a solo miner :)
6565 2011-06-20 19:52:10 <brocktice> Raccoon: yes it will
6566 2011-06-20 19:52:24 <brocktice> Raccoon: but the # of addresses necessary for it to occur is astronomical
6567 2011-06-20 19:52:24 <Georgyo> Raccoon: If you put 366 people in a room, at least one will have the same birthday as one other person
6568 2011-06-20 19:52:25 <Raccoon> even if there are a million bitcoin addresses with coins in them?
6569 2011-06-20 19:52:31 <gmaxwell> Raccoon: it does apply, but the numbers are so enormous that it doesn't have a pratical effect.
6570 2011-06-20 19:52:42 kika_ has quit (Quit: Page closed)
6571 2011-06-20 19:52:49 <lyspooner> Georgyo: 367
6572 2011-06-20 19:52:59 <gmaxwell> Even if there are a million bitcoin addresses with coins in them, it's only a factor of a million speedup.
6573 2011-06-20 19:53:36 <Georgyo> lyspooner: Dam them leap years
6574 2011-06-20 19:53:37 * brocktice wonders how fast he can generate addresses
6575 2011-06-20 19:53:57 <Raccoon> also, you cite the bitsize of bitcoin addresses as the working pool
6576 2011-06-20 19:54:09 <Raccoon> but isn't it actually much smaller of a pool than the address bitsize?
6577 2011-06-20 19:54:16 <Raccoon> not every address is cryptographically possible
6578 2011-06-20 19:54:27 Mononofu has left ()
6579 2011-06-20 19:54:50 deio has left ()
6580 2011-06-20 19:54:59 <gmaxwell> Raccoon: lets say there are 10 million worthwhile addresses. You generate new addresses at a rate of one hundred trillion per second...
6581 2011-06-20 19:55:00 <gavinandresen> Raccoon: Finding a collision is really hard with 160 bits; see http://en.wikipedia.org/wiki/Birthday_attack
6582 2011-06-20 19:55:37 TheZimm has joined
6583 2011-06-20 19:55:40 mrtnt1 has quit (Ping timeout: 260 seconds)
6584 2011-06-20 19:55:59 <lebish> any mac gurus around? having probs getting bitcoin to compile -- can't seem to find libboost which was installed using macports in /opt/local
6585 2011-06-20 19:55:59 purrr has left ()
6586 2011-06-20 19:56:06 <gavinandresen> Raccoon: And every attempt at finding a collision you have to generate an ECDSA public/private keypair, which slows you down. It ain't a problem.
6587 2011-06-20 19:56:11 <Georgyo> Raccoon: If it was easy, 128bit SSL would have already been destroyed
6588 2011-06-20 19:56:14 <emock> lebish: I can probably help
6589 2011-06-20 19:56:14 <gmaxwell> 2^160/1e7/1e14/86400/365.25 = 46312192224088743066 years. Even if you toss in a factor for unreachable addresses in the pseudorandomfunction it doesn't matter.
6590 2011-06-20 19:56:30 ariqz has joined
6591 2011-06-20 19:56:54 <lebish> emock: care if i pm you?
6592 2011-06-20 19:57:00 <emock> please
6593 2011-06-20 19:57:07 <Raccoon> the thing with 128bit SSL is, you aren't trying to attack a random packet on the internet anywhere
6594 2011-06-20 19:57:17 <Raccoon> you're trying to find the key to a specific packet.
6595 2011-06-20 19:57:37 <gavinandresen> Raccoon: even if you assume super-duper-awesome-compute power, you're better off putting that super-duper-awesome compute power towards bitcoin mining... so it is not a problem about six different ways
6596 2011-06-20 19:57:45 <Raccoon> considering the number of packets flying around out there, i'm sure there isn't a single packet generated since the birth of SSL that hasn't been collided.
6597 2011-06-20 19:58:01 joecool has quit (Remote host closed the connection)
6598 2011-06-20 19:58:17 <gmaxwell> !
6599 2011-06-20 19:58:38 <gmaxwell> Raccoon: stop foaming at the mouth and pull up a multiprecision calculator and think for a bit.
6600 2011-06-20 19:58:44 <brocktice> gmaxwell: I'm going to have so many bitcoins in 46312192224088743066 years
6601 2011-06-20 19:59:06 kratosk has quit (Ping timeout: 240 seconds)
6602 2011-06-20 19:59:17 <gmaxwell> brocktice: one randomly selected wallet's worth, on average, if you dedicate all the worlds computing power to it!
6603 2011-06-20 20:00:11 <lyspooner> what algorithm does the client use to choose which bitcoins to send from a wallet and which ones to keep? is there a link where i can read more about this process? i'd like to keep virgin minted coins and send out highly circulated ones
6604 2011-06-20 20:00:18 DukeOfURL has quit (Ping timeout: 240 seconds)
6605 2011-06-20 20:00:18 <brocktice> gmaxwell: I'll get right on that, can't wait!
6606 2011-06-20 20:00:24 <Raccoon> and has anyone made any improvments to the SHA-256 hashing used in coin mining?
6607 2011-06-20 20:00:45 <Raccoon> eg, pre-calculating, table matricies, collapsing rounds?
6608 2011-06-20 20:01:01 <gmaxwell> Raccoon: Yes. But why are you asking about that now? You haven't admitted your prior concerns were misplaced yet.
6609 2011-06-20 20:01:07 <Raccoon> knowing when to prematurly abort a nounce?
6610 2011-06-20 20:01:13 dbasch has quit (Quit: dbasch)
6611 2011-06-20 20:01:53 manifold has quit (Read error: Connection reset by peer)
6612 2011-06-20 20:01:56 DukeOfURL has joined
6613 2011-06-20 20:02:01 <ersi> Abortion is nounce murder!
6614 2011-06-20 20:02:22 <Raccoon> nonce
6615 2011-06-20 20:02:30 ariqz is now known as kratosk
6616 2011-06-20 20:02:37 <lyspooner> i am pronounce
6617 2011-06-20 20:03:47 BitCashier has left ()
6618 2011-06-20 20:03:52 <TD> lyspooner: it's only documented in the source code, afaik
6619 2011-06-20 20:04:07 <TD> lyspooner: iirc it tries to use smaller coins first. but coin selection is definitely an area for future work
6620 2011-06-20 20:04:14 dbasch has joined
6621 2011-06-20 20:04:33 <TD> eg, i can imagine clients merging or splitting coins automatically in the background for you, in order to reduce future fees and/or improve privacy
6622 2011-06-20 20:04:45 <lyspooner> TD: i'm not sure smallest coins is optimal for all users
6623 2011-06-20 20:04:56 <TD> probably not. like i said - an area for future work
6624 2011-06-20 20:05:04 <iera> i thought already of a client which shows where coins come from
6625 2011-06-20 20:05:17 <Raccoon> lyspooner: argued similar proposals. it seems there are as many reasons to send specific coins as there are in choosing which to send
6626 2011-06-20 20:05:17 d1234_ has joined
6627 2011-06-20 20:05:57 kreal- has quit (Ping timeout: 244 seconds)
6628 2011-06-20 20:06:01 <Raccoon> eg, sending as few sources as possible to keep cross-contamination down
6629 2011-06-20 20:06:10 d1234 has quit (Ping timeout: 260 seconds)
6630 2011-06-20 20:06:30 * npouillard Yeah! problem solved
6631 2011-06-20 20:06:37 drummer306 has joined
6632 2011-06-20 20:06:52 drummer306 has left ()
6633 2011-06-20 20:07:16 <npouillard> I strace'd aticonfig and the missing file was not libatiadlxx.so but libXinerama.so.1
6634 2011-06-20 20:08:15 hellais has quit (Quit: Leaving.)
6635 2011-06-20 20:08:42 krtek_net has joined
6636 2011-06-20 20:09:24 larsivi has joined
6637 2011-06-20 20:09:41 sherpishoru has quit (Quit: Page closed)
6638 2011-06-20 20:10:15 <ius> Hmm why doesn't github support an easy cherrypick?
6639 2011-06-20 20:10:26 <ionspin> npouillard, strange :)
6640 2011-06-20 20:10:28 <ius> All those single-commit merges kill the commitmsg
6641 2011-06-20 20:11:06 Faraday has joined
6642 2011-06-20 20:11:47 <cosurgi> MagicalTux: while you are fixing site, please check out if you patched the HTTPS vulnerability: http://it.slashdot.org/story/11/06/20/1934231/SSLTLS-Vulnerability-Widely-Unpatched
6643 2011-06-20 20:13:14 kreal- has joined
6644 2011-06-20 20:15:02 Zusje has joined
6645 2011-06-20 20:16:38 slux has quit (Ping timeout: 258 seconds)
6646 2011-06-20 20:20:33 glassresistor has quit (Ping timeout: 246 seconds)
6647 2011-06-20 20:22:30 Teslah has joined
6648 2011-06-20 20:22:38 sanchaz has joined
6649 2011-06-20 20:23:17 <ius> By the way 2'ish: I think https://github.com/bitcoin/bitcoin/pull/282 (-Wall & some -Wno) should be reconsidered
6650 2011-06-20 20:24:36 <ius> There's some warnings which *do* make sense, (although most of it doesn't break anything either)..
6651 2011-06-20 20:25:12 <ius> As I passed -Wall and checked the output I found sipa's small mistakes
6652 2011-06-20 20:25:22 mrtnt1 has joined
6653 2011-06-20 20:25:51 <ius> -Wreturn-type should be useful
6654 2011-06-20 20:26:16 <luke-jr> ius: I disagree about disabling any warnings :P
6655 2011-06-20 20:26:16 nocreativenick1 has quit (Read error: Connection reset by peer)
6656 2011-06-20 20:26:32 TommyBoy3G has quit (Remote host closed the connection)
6657 2011-06-20 20:26:36 nocreativenick1 has joined
6658 2011-06-20 20:26:37 <luke-jr> also the second part of the patch is dumb
6659 2011-06-20 20:26:41 TommyBoy3G has joined
6660 2011-06-20 20:26:45 p0s has joined
6661 2011-06-20 20:26:56 <luke-jr> it should obviously be nLastTime = nNow = std::max(nNow, nLastTime + 1);
6662 2011-06-20 20:27:26 <ius> Yeah I guess that got caught up in there by accident - should really be a separate commit
6663 2011-06-20 20:27:58 <ius> But there's a ton of stuff to fix if you -Wall (esp. -Wsign-compare and -Wunused)
6664 2011-06-20 20:29:33 <ius> luke-jr: Does that evade gcc bitching at you for doing nLastTime = nNow = std::max(nNow, ++nLastTime); ?
6665 2011-06-20 20:29:55 <ius> I don't see the undefined operator in there, but it does bitch at you for some execution order related issue
6666 2011-06-20 20:30:21 <luke-jr> ius: GCC *should* complain for that
6667 2011-06-20 20:30:38 <luke-jr> ius: your replacement behaves differently than the original code
6668 2011-06-20 20:30:51 <luke-jr> at least potentially-- it might be undefined
6669 2011-06-20 20:31:22 <ius> Yeah hence the GCC warning?
6670 2011-06-20 20:31:28 <luke-jr> nLastTime = nNow = std::max(nNow, ++nLastTime); should choose the larger of nNow+1 and nLastTime+1
6671 2011-06-20 20:31:49 <luke-jr> or it could choose the larger of nNow and nLastTime
6672 2011-06-20 20:32:21 <ius> Why not nNow, nLastTime+1? (Not familiar with the C(++) std in depth)
6673 2011-06-20 20:32:34 <luke-jr> ius: I'm assuming that's what the author intended
6674 2011-06-20 20:32:37 <ius> Intuitively I'd expect ++nLastTime to be evaluated first
6675 2011-06-20 20:32:48 <luke-jr> ius: yes, it should be
6676 2011-06-20 20:32:48 mounte has left ()
6677 2011-06-20 20:32:59 <luke-jr> maybe the warning is just because of the useless side effect
6678 2011-06-20 20:33:05 kreal- has quit (Quit: Lost terminal)
6679 2011-06-20 20:33:43 <ius> luke-jr: Oh I see what you mean, actually thinking about the bit of code ;)
6680 2011-06-20 20:34:25 tutiterprofits has joined
6681 2011-06-20 20:34:27 <luke-jr> ius: also, 'var++' is bad practice unless you really really need it :p
6682 2011-06-20 20:34:43 <luke-jr> ius: if var is a non-simple type, that clones the object
6683 2011-06-20 20:35:00 <briareus> If I fire up a new linux version service, and see 8 connections, how long should I see before block counts catch up? (my older version apparently lost connections somewhere in the last week, is many blocks behind)
6684 2011-06-20 20:35:01 kv39 has quit ()
6685 2011-06-20 20:35:25 <briareus> (I haven't seen block count update yet, its been running about 15 minutes or so)
6686 2011-06-20 20:35:53 JackRabiit has joined
6687 2011-06-20 20:36:00 testuser444 has joined
6688 2011-06-20 20:36:13 estoves has joined
6689 2011-06-20 20:36:46 <B0g4r7> Maybe whatever caused it to fall behind is keeping it behind now.
6690 2011-06-20 20:36:57 badmanu has quit (Quit: HydraIRC -> http://www.hydrairc.com <- s0 d4Mn l33t |t'z 5c4rY!)
6691 2011-06-20 20:37:02 JackRabiit has quit (Client Quit)
6692 2011-06-20 20:37:37 <briareus> I'm being told by otherrs to 'rescan' but I don't see such a command option, how do I rescan from linux cli?
6693 2011-06-20 20:38:01 kreal- has joined
6694 2011-06-20 20:38:50 <B0g4r7> I can't say I know about that option...
6695 2011-06-20 20:39:16 <briareus> I've had a few people tell me, but I don't know how its done :) I'll tell you when I learn it :)
6696 2011-06-20 20:39:25 <ionspin> hmm
6697 2011-06-20 20:39:28 <ionspin> ;;bc, block
6698 2011-06-20 20:39:30 <gribble> Error: "bc," is not a valid command.
6699 2011-06-20 20:39:34 krtek_net has quit (Quit: Page closed)
6700 2011-06-20 20:39:37 <ionspin> bleh i don't know the commands
6701 2011-06-20 20:39:44 <B0g4r7> ;;bc,blocks
6702 2011-06-20 20:39:45 <gribble> 132132
6703 2011-06-20 20:39:54 <B0g4r7> heh, it repeats...
6704 2011-06-20 20:39:55 <ionspin> 132132 is stuck for some time
6705 2011-06-20 20:40:01 <ius> luke-jr: Examples of code with undefined behavior are a = a++;, a[n] = b[n++] and a[i++] = i;. Some more complicated cases are not diagnosed by this option, and it may give an occasional false positive result, but in general it has been found fairly effective at detecting this sort of problem in programs.
6706 2011-06-20 20:40:03 <ionspin> and yeah, funny number
6707 2011-06-20 20:40:14 <ius> -Wsequence-point, that is
6708 2011-06-20 20:40:16 <B0g4r7> 120 + 12
6709 2011-06-20 20:40:20 <gavinandresen> In case y'all didn't see the discussion in #bitcoin : http://forum.bitcoin.org/index.php?topic=20185
6710 2011-06-20 20:40:23 <B0g4r7> Another repition.
6711 2011-06-20 20:40:38 <B0g4r7> 11 dozen.
6712 2011-06-20 20:40:42 <ionspin> damn, i need my bitcents confirmed :)
6713 2011-06-20 20:40:55 tutiterprofits has quit (Ping timeout: 252 seconds)
6714 2011-06-20 20:41:07 <casascius> ius: random curiosity question, what does your nick mean
6715 2011-06-20 20:41:23 <ius> casascius: Nothing, it's not taken from latin
6716 2011-06-20 20:41:29 <ius> Just randomly picked it
6717 2011-06-20 20:41:33 pogden has joined
6718 2011-06-20 20:41:43 <casascius> It sounds like the greek for "virus"
6719 2011-06-20 20:41:44 <B0g4r7> You can dl the first 120k blocks from sourceforge if need be.
6720 2011-06-20 20:41:47 <briareus> ionspin: have you heard people say to 'rescan' if your blocks are not up to date? and if so, how is it done? (I don't see such a command in help)
6721 2011-06-20 20:42:00 <Cryo> god dammit, I can't reply, cause I'm a n00b
6722 2011-06-20 20:42:05 <emock> where do I get testnet stats?
6723 2011-06-20 20:42:24 <MetaV> is it just me multiple bitcoin builds and binaries - or is wallet.dat not always compatible accross bitcoin versions ?
6724 2011-06-20 20:42:31 <casascius> greek for virus is "ios". I wonder what people think of iPhone's OS in greece, or if they have another name for it there.
6725 2011-06-20 20:42:36 <ionspin> briareus, no my blocks are up to date at 132132
6726 2011-06-20 20:42:36 <casascius> (iOS)
6727 2011-06-20 20:42:37 <ius> casascius: Interesting, but no, not at all
6728 2011-06-20 20:42:53 <ionspin> briareus, and i haven't heard about rescan
6729 2011-06-20 20:42:55 knightrage has quit (Ping timeout: 260 seconds)
6730 2011-06-20 20:42:58 dbasch has quit (Quit: dbasch)
6731 2011-06-20 20:43:00 <ius> casascius: Is that modern greek? Can't recall it from my (ancient) greek lessons
6732 2011-06-20 20:43:01 <midnightmagic> gavinandresen: Yikes. That's too bad they don't want to cash them in. :(
6733 2011-06-20 20:43:13 <casascius> definitely modern, not sure if ancient too
6734 2011-06-20 20:43:17 <ionspin> briareus, maybe you could add a node manually? someon who has no firewall/nat and is willing to share his ip with you
6735 2011-06-20 20:43:19 <midnightmagic> gavinandresen: I have to wait for the blog post don't I, to know more?
6736 2011-06-20 20:43:41 <ius> gavinandresen: Going to be a tough one, haven't people constantly been trying to drain it?
6737 2011-06-20 20:43:45 <B0g4r7> Teh google seems to indicate that it's a launch arg "-rescan"
6738 2011-06-20 20:43:57 <casascius> I lived a couple years in Athens
6739 2011-06-20 20:44:00 <briareus> B0g4r7: I tried that, but my service just hung.
6740 2011-06-20 20:44:01 dedeibel has quit (Remote host closed the connection)
6741 2011-06-20 20:44:03 <briareus> B0g4r7: thank you :)
6742 2011-06-20 20:44:10 <ius> Although it gets tedious with all the Google accounts (as intended)
6743 2011-06-20 20:44:18 <ius> casascius: ah :)
6744 2011-06-20 20:44:44 dbasch has joined
6745 2011-06-20 20:44:48 <gavinandresen> midnightmagic: executive summary: EFF doesn't want to be in a position where they're in the 'defendant' or 'interested party' role instead of the 'lawyer for the defense' roll. And they dont' want to be seen as endorsing any particular new technology.
6746 2011-06-20 20:45:27 minimoose has quit (Quit: minimoose)
6747 2011-06-20 20:45:29 <gavinandresen> ius: as long as the reward is small enough, scamming isn't a big problem.
6748 2011-06-20 20:45:35 <B0g4r7> "Rescan is for searching the block chain for transactions that are from or to one of your addresses." That doesn't sound like what you need.
6749 2011-06-20 20:45:41 <midnightmagic> gavinandresen: Doh. Thanks for letting the public know.
6750 2011-06-20 20:45:43 <ius> true, guess it'll then just have a steady supply
6751 2011-06-20 20:45:54 <briareus> B0g4r7: thank you
6752 2011-06-20 20:46:11 <briareus> B0g4r7: just gonna let it run a while and see what happens P)
6753 2011-06-20 20:46:14 Wuked has quit (Quit: Leaving.)
6754 2011-06-20 20:46:25 <phungus> werd to the faucet idea
6755 2011-06-20 20:46:31 <casascius> i figured that EFF probably had the foresight to see their support turn to shit for them and hurt their other causes...while others griped about them letting go, i was thinking the whole time, those smart fuckers....and knowing them, they will be right on the bandwagon again if they ever determine it to be their best interest to do so....I know full well they support BTC in their hearts.
6756 2011-06-20 20:46:38 <phungus> that needs to be promoted well
6757 2011-06-20 20:46:45 <phungus> it could turn on a lot of folks
6758 2011-06-20 20:47:12 dbasch_ has joined
6759 2011-06-20 20:47:22 <casascius> gavin, you're not going to DefCon 19 are you?
6760 2011-06-20 20:47:22 <gmaxwell> It probably didn't help that the 9th response to the initial public announcment of bitcoin was an EFF board member going zomg global warming.
6761 2011-06-20 20:47:42 <gmaxwell> http://www.mail-archive.com/cryptography@metzdowd.com/msg10190.html
6762 2011-06-20 20:47:43 <Cryo> eff could just stop being pussies about it... they support TOR.
6763 2011-06-20 20:47:43 <casascius> EFF is typically available (and approachable) at DefCon
6764 2011-06-20 20:47:51 typeastagr has joined
6765 2011-06-20 20:48:00 <phungus> I miss Defcon... so many memories. :-(
6766 2011-06-20 20:48:08 <phungus> so much alcoholic haze
6767 2011-06-20 20:48:15 <Cryo> the OMG SILK ROAD BITCOIN senator magnet.
6768 2011-06-20 20:48:22 <gavinandresen> casascius: no, I� try to avoid conferences....
6769 2011-06-20 20:48:34 <Cryo> the alcohol eliminated most of my defcon memories
6770 2011-06-20 20:48:56 <phungus> I have a bottle rocket scar on the back of my leg from the last one
6771 2011-06-20 20:49:11 <lyspooner> tradehill admins on IRC anywhere?
6772 2011-06-20 20:49:35 <gmaxwell> lyspooner: http://securityforthemasses.blogspot.com/2011/06/someone-offering-tradehill-bitcoin.html ?
6773 2011-06-20 20:49:37 <phungus> I think that was 2000 or 2001
6774 2011-06-20 20:49:38 <phungus> heh
6775 2011-06-20 20:50:05 dbasch has quit (Ping timeout: 255 seconds)
6776 2011-06-20 20:50:05 dbasch_ is now known as dbasch
6777 2011-06-20 20:50:12 <lyspooner> gmaxwell: no, just trying to contact them irc-style
6778 2011-06-20 20:50:36 <briareus> MetaV: I'm wondering that too, since I just fired up a new version and I don't see my old accounts listed. I was careful to stop the service of the old version before I installed the new.
6779 2011-06-20 20:51:40 <MetaV> the phenomenon i mean is bitcoing software is not starting saying db corrupted when only wallet.dat is in datadir
6780 2011-06-20 20:51:42 <briareus> MetaV: oh, nm, I'm waiting on the last few blocks to show up to get caught up anyway.
6781 2011-06-20 20:51:56 <briareus> eeew
6782 2011-06-20 20:52:19 <lyspooner> gavinandresen: send the EFF coins out as tx fees over the next 6 years
6783 2011-06-20 20:52:23 gavinandresen has quit (Quit: gavinandresen)
6784 2011-06-20 20:52:35 hamush1 has quit (Ping timeout: 264 seconds)
6785 2011-06-20 20:53:03 <lyspooner> more honest than the faucet
6786 2011-06-20 20:53:07 AgoristRadio__ has joined
6787 2011-06-20 20:53:17 ChuckSchumer has quit (Quit: Leaving)
6788 2011-06-20 20:53:20 HansMeier has joined
6789 2011-06-20 20:53:26 AgoristRadio__ has quit (Read error: Connection reset by peer)
6790 2011-06-20 20:53:26 <lyspooner> smooths out reward halving in 2012
6791 2011-06-20 20:53:31 ChuckSchumer has joined
6792 2011-06-20 20:53:47 hamush1 has joined
6793 2011-06-20 20:55:04 <briareus> as I understand it from what I read, my blocks have to be up to date before a 'listaccounts' will show the addresses I had used in my old software version, correct?
6794 2011-06-20 20:56:03 Faraday has quit ()
6795 2011-06-20 20:56:33 <lyspooner> nevermind the EFF coins as tx fees thing... that's too central bank icky
6796 2011-06-20 20:59:23 <cosurgi> jgarzik: is there wallet encryption in bitcoind ?
6797 2011-06-20 20:59:30 AntiVigilante has left ("There used to be something ridiculous here until I couldn't stand it anymore")
6798 2011-06-20 21:00:56 <briareus> crap, I think I have a problem. my old software version had lost connections (=0), and ignorant of this, I used getnewaddress for a transaction. block explorer verifies transaction, but I cannot find that address with this newly installed running version of bitcoin. Am I shit out of luck on that transaction?
6799 2011-06-20 21:01:15 KillGuta has quit (Ping timeout: 244 seconds)
6800 2011-06-20 21:03:02 <cosurgi> briareus: do you have the same wallet there?
6801 2011-06-20 21:03:06 <briareus> yes
6802 2011-06-20 21:03:30 <cosurgi> latest version?
6803 2011-06-20 21:03:37 <cosurgi> on each transaction a new address is made
6804 2011-06-20 21:03:47 <briareus> but bitcoin listaccounts does not show the older address that I created with getnewaddress earlier today
6805 2011-06-20 21:03:48 <cosurgi> if that's a copy of wallet before that transaction, then it's bad
6806 2011-06-20 21:03:50 <briareus> yes, 3.23
6807 2011-06-20 21:04:01 <cosurgi> I'm not talking about bitcoin version.
6808 2011-06-20 21:04:05 <cosurgi> but wallet.dat copy
6809 2011-06-20 21:04:37 traviscj has quit (Remote host closed the connection)
6810 2011-06-20 21:04:51 <briareus> I don't know how old the wallet.dat was, all I know is that I executed stop to end the service to install the new bitcoin version
6811 2011-06-20 21:05:07 <briareus> it's the same wallet.dat I've had since I installed that version (3.21)
6812 2011-06-20 21:05:30 purrr has joined
6813 2011-06-20 21:05:41 terracotta has joined
6814 2011-06-20 21:06:24 <cosurgi> ok, I don't understand :)
6815 2011-06-20 21:06:34 <samlander> what's the deal with orders showing up on goxlive?
6816 2011-06-20 21:06:37 <briareus> in that running/borked state, I created a newaddress that a coin was sent to during a transaction, a tx that block explorer verifies occurred.
6817 2011-06-20 21:07:05 <cosurgi> so if you have private key for this addres in you wallet, then you have that coin
6818 2011-06-20 21:07:15 <briareus> cosurgi: how can I tell?
6819 2011-06-20 21:07:40 <briareus> getbalance and listaccounts show neitherr that address nor any coin
6820 2011-06-20 21:07:47 <cosurgi> hmm.. there was a tool for listing all wallet addresses, including those hidden ones.
6821 2011-06-20 21:08:24 <briareus> i'm looking
6822 2011-06-20 21:08:29 <cosurgi> creating an address while offline, and sending to this address coins should work in general.
6823 2011-06-20 21:08:45 <cosurgi> wallets do not need to be connected to p2p.
6824 2011-06-20 21:08:51 purrr has left ()
6825 2011-06-20 21:09:03 <briareus> cosurgi: that's what I thought too, so I wasn't worried wen I discovered it had 0 connections at the time.
6826 2011-06-20 21:09:36 <briareus> i figured the new version would be able to see the old addresses, but its showing only a single address
6827 2011-06-20 21:09:42 <cosurgi> hmm are you sure you didn't delete that wallet, when upgrading bitcoin version?
6828 2011-06-20 21:10:23 <briareus> no I'm not, though I did make a copy. Should I just kill service, replace wallet.dat with copy, restart?
6829 2011-06-20 21:10:25 pogden has quit (Remote host closed the connection)
6830 2011-06-20 21:10:40 slux has joined
6831 2011-06-20 21:10:49 <cosurgi> but don't delete current one.
6832 2011-06-20 21:10:54 <cosurgi> just move it somewhere.
6833 2011-06-20 21:11:08 <cosurgi> in fact, never delete any wallet, always make backups :)
6834 2011-06-20 21:11:27 xtalmath has joined
6835 2011-06-20 21:11:37 <cosurgi> and then replace it with that other one, and check.
6836 2011-06-20 21:11:50 <xtalmath> can I please go to the backroom?
6837 2011-06-20 21:11:57 <cosurgi> lol
6838 2011-06-20 21:12:19 <briareus> sorry, am I asking in the wrong channel? soeone pointed me here
6839 2011-06-20 21:12:27 <briareus> I'll ask elsewhere if that's better
6840 2011-06-20 21:12:36 istat has quit (Quit: Leaving)
6841 2011-06-20 21:12:42 <cosurgi> briareus: no, you are fine :) I'm laughing at xtalmath ;-)
6842 2011-06-20 21:13:05 <briareus> i know, i just thought that might have been what xtalmath meant
6843 2011-06-20 21:13:15 <cosurgi> no.
6844 2011-06-20 21:13:24 <jaromil> anyone has news about the "bitcoin is dead" meme? i'm egetting some whispers, not sure if that is just about the value going down or anything else.
6845 2011-06-20 21:13:34 <cosurgi> just try the other wallet, but don't delete curent one.
6846 2011-06-20 21:13:53 <cosurgi> jaromil: if it's dead I'll take this as an opportunity to buy as much as I can.
6847 2011-06-20 21:13:54 <xtalmath> I would like to be invited to the backroom, but im patient enough
6848 2011-06-20 21:14:08 <jaromil> honestly... it doesn't looks that bad to me. just the hype fading away indeed
6849 2011-06-20 21:14:13 <jaromil> cosurgi: indeed :)
6850 2011-06-20 21:14:29 <Cryo> who needs invitations when people are posting the chats on pastebin
6851 2011-06-20 21:14:42 fujiwos has quit (Quit: ChatZilla 0.9.87 [Firefox 4.0.1/20110413222027])
6852 2011-06-20 21:14:43 <jaromil> ok. fine. code has some probs we can fix and/or fork, however dead is far from it i think
6853 2011-06-20 21:14:56 <briareus> ok now I'm really confused
6854 2011-06-20 21:15:19 traviscj has joined
6855 2011-06-20 21:15:25 <cosurgi> briareus: bitcoin can use only one wallet at a time.
6856 2011-06-20 21:15:39 <briareus> I just stopped bitcoind, swapped wallets, restarted bitcoind, and its still showing only the new address
6857 2011-06-20 21:15:54 <cosurgi> briareus: it seems that you have two of them - a backup before you upgraded to bitcoin version, and current which has no coins in it, right?
6858 2011-06-20 21:16:03 <xtalmath> pastebin is easily forged
6859 2011-06-20 21:16:09 <xtalmath> its designed for it!
6860 2011-06-20 21:16:12 <briareus> yes, but when I run listaccounts they have identical singular address.
6861 2011-06-20 21:16:15 <cosurgi> briareus: is it the same adddres/
6862 2011-06-20 21:16:16 <cosurgi> ?
6863 2011-06-20 21:16:21 <briareus> cosurgi: yes.
6864 2011-06-20 21:16:31 <cosurgi> briareus: hm. on, that's weird.
6865 2011-06-20 21:16:36 <cosurgi> s/on/ok
6866 2011-06-20 21:16:58 <cosurgi> briareus: did you shutdown properly before upgrade? it's flushing wallet data when closing program.
6867 2011-06-20 21:17:04 <Kebert> syntax error
6868 2011-06-20 21:17:20 <briareus> BUT, it is showing a nonzero balance, but NOT the today's transaction balance I'm waiting for, so its chowing the 'correct' older balance--as if today's tx hadn't occurred.
6869 2011-06-20 21:17:41 <briareus> cosurgi: I ran: ./bitcoind stop ...waited for exit, then installed new version
6870 2011-06-20 21:18:10 <cosurgi> briareus: looks fine. are you on lates block? how many blocks ago was this transaction?
6871 2011-06-20 21:18:42 musp3r_ is now known as musp3r
6872 2011-06-20 21:18:59 HansMeier has quit (Remote host closed the connection)
6873 2011-06-20 21:19:22 <cosurgi> briareus: hmmm... well.. you could try to downgrade bitcoin, and check if that will make that wallet address to reappear - if yes, then you have found a bug, and tell jgrazik about that.
6874 2011-06-20 21:19:38 <emock> is https://testnet.freebitcoins.appspot.com/ the best way to get testcoins?
6875 2011-06-20 21:20:18 TheZimm has quit (Quit: When will we learn?)
6876 2011-06-20 21:20:53 <cosurgi> briareus: but of course make sure that you are up to the latest block
6877 2011-06-20 21:20:56 <cosurgi> ;;bc,blocks
6878 2011-06-20 21:20:57 <gribble> 132137
6879 2011-06-20 21:21:09 <cosurgi> ok, got to go.
6880 2011-06-20 21:21:14 <briareus> yes I'm making sure of that now, thank you very much
6881 2011-06-20 21:21:17 testuser444 has quit (Remote host closed the connection)
6882 2011-06-20 21:25:51 TheZimm has joined
6883 2011-06-20 21:27:29 patsir has joined
6884 2011-06-20 21:28:21 scott`_ has quit (Ping timeout: 250 seconds)
6885 2011-06-20 21:29:50 dukeleto has quit (Excess Flood)
6886 2011-06-20 21:30:23 dukeleto has joined
6887 2011-06-20 21:30:46 Mender has quit (Ping timeout: 260 seconds)
6888 2011-06-20 21:30:59 ezl_ has joined
6889 2011-06-20 21:31:23 csshih has joined
6890 2011-06-20 21:32:08 <joepie91> Ok, so I am going to throw a potentially very controversial idea in here. Assume that with "all bitcoin sites" I mean those that participate. What if there were a central database of the first X characters of a hash of every known password that was ever used to sign up for any of these services (linked to a username/email)
6891 2011-06-20 21:32:14 <patsir> juste un petit bonjour en passant... in fresch
6892 2011-06-20 21:32:32 <joepie91> Few enough characters to make sure that you would get an ungodly amount of potential passwords that may result in a hash starting with those chars
6893 2011-06-20 21:32:32 prax has quit (Ping timeout: 258 seconds)
6894 2011-06-20 21:33:03 <joepie91> Any participating site, wehn someone signed up, would then match the first characters of their hash against the central database, and if it matches tell the user to choose a different password.
6895 2011-06-20 21:33:08 <joepie91> This would prevent password reuse.
6896 2011-06-20 21:33:25 ZOP is now known as ZOP21F
6897 2011-06-20 21:33:29 Eisenaxt has joined
6898 2011-06-20 21:33:44 ZOP21F is now known as ZOP
6899 2011-06-20 21:35:41 d1g1t4l has quit (Remote host closed the connection)
6900 2011-06-20 21:35:51 <pierce> joepie91: that would also prevent salted passwords :-)
6901 2011-06-20 21:36:14 <joepie91> not necessarily
6902 2011-06-20 21:36:43 <joepie91> a participating site checks its password before storing it in the database... the only issue is that if someone gets the central database they will have *part* of the hashes
6903 2011-06-20 21:36:52 <joepie91> which is why you would have to find an amount of characters
6904 2011-06-20 21:37:00 <joepie91> where accidental collision is unlikely
6905 2011-06-20 21:37:16 <joepie91> but where you would still get a massive amount of possible passwords that result in a hash starting with that
6906 2011-06-20 21:37:26 <joepie91> so that attempting to bruteforce accounts based on that database would not be worth it.
6907 2011-06-20 21:37:40 <emock> seems like it would just start a mad rush to be the first with a stupid password
6908 2011-06-20 21:38:10 <emock> "sweet!! I got 1234567"
6909 2011-06-20 21:38:28 <joepie91> uh?
6910 2011-06-20 21:38:29 <joepie91> how?
6911 2011-06-20 21:38:43 <joepie91> the saved hash segments would be linked to your username and/or email
6912 2011-06-20 21:38:51 <joepie91> so that two unrelated people can still use the same password
6913 2011-06-20 21:38:59 <joepie91> but one person cannot use the same password on two different sites
6914 2011-06-20 21:39:01 fmetro has joined
6915 2011-06-20 21:39:06 mmoya has quit (Ping timeout: 260 seconds)
6916 2011-06-20 21:39:18 <joepie91> I've had at least 3 people complain to me about their mybitcoin account being cleaned out after the mt gox hack... they reused passwords
6917 2011-06-20 21:39:18 <emock> oh, I gotcha...
6918 2011-06-20 21:39:31 Tim-7967 has joined
6919 2011-06-20 21:39:31 Tim-7967 has quit (Changing host)
6920 2011-06-20 21:39:31 Tim-7967 has joined
6921 2011-06-20 21:39:34 <joepie91> and I think something like this, if properly implemented, may be a serious security measure
6922 2011-06-20 21:39:42 <joepie91> it would also invite people to use things like keepass
6923 2011-06-20 21:39:46 <casascius> Here's a fourth, I sold BTC to someone locally on Craigslist and he reports having lost his on MyBitcoin for having the same password
6924 2011-06-20 21:39:49 <joepie91> since you won't have to remember 232352356235 different passwords
6925 2011-06-20 21:40:09 <joepie91> heh
6926 2011-06-20 21:40:13 <csshih> heh
6927 2011-06-20 21:40:19 <joepie91> but I think that this may be a serious possibility to increase security
6928 2011-06-20 21:40:22 <joepie91> if done well.
6929 2011-06-20 21:40:41 agricocb has quit (Remote host closed the connection)
6930 2011-06-20 21:40:48 tixtax has joined
6931 2011-06-20 21:41:09 <casascius> i think keepass is a flawed idea... i mean if anyone roots your machine and keylogs your keepass pw, you're fucked
6932 2011-06-20 21:41:10 typeastagr has quit (Quit: Page closed)
6933 2011-06-20 21:41:18 <emock> maybe just educating would be good too
6934 2011-06-20 21:41:24 <casascius> keepass is good only on a dedicated offline computer meant for secure ops
6935 2011-06-20 21:41:45 <emock> or, how about just having the site assign you a password and not let you change it
6936 2011-06-20 21:41:49 Donald__ has joined
6937 2011-06-20 21:42:02 AcADIeN- has joined
6938 2011-06-20 21:42:24 VastLite_ has joined
6939 2011-06-20 21:42:29 kish_ has joined
6940 2011-06-20 21:42:35 <joepie91> casascius: keepass supports keyfiles
6941 2011-06-20 21:42:44 <joepie91> and on windows, actual windows logins
6942 2011-06-20 21:42:50 <casascius> joepie91: a person who roots your machine can get at both
6943 2011-06-20 21:43:07 sipa has joined
6944 2011-06-20 21:43:10 Maged has quit (Disconnected by services)
6945 2011-06-20 21:43:14 <joepie91> yes, but if someone roots your machine I think you have more important things to worry about
6946 2011-06-20 21:43:21 Maged_ has joined
6947 2011-06-20 21:43:22 <joepie91> he would be able to keylog all your passwords anyway
6948 2011-06-20 21:43:25 Maged_ is now known as Maged
6949 2011-06-20 21:43:26 <joepie91> to just name something
6950 2011-06-20 21:43:29 skeledrew1 has joined
6951 2011-06-20 21:43:45 vokoda` has joined
6952 2011-06-20 21:43:49 <makomk> I was considering developing a secure hardware wallet for bitcoins, but it'd just be like putting a steel vault door on a straw house at this point.
6953 2011-06-20 21:43:56 <casascius> joepie91: at least he will have only the ones I used, rather than my entire trove of them
6954 2011-06-20 21:44:11 DoomDum has joined
6955 2011-06-20 21:44:15 <casascius> i think a secure hardware wallet is a viable idea and the only way to go
6956 2011-06-20 21:44:39 comboy_ has joined
6957 2011-06-20 21:45:04 jmeller has joined
6958 2011-06-20 21:45:12 harrigan has joined
6959 2011-06-20 21:45:36 <joepie91> with keepass you can make multiple databases
6960 2011-06-20 21:45:38 <joepie91> and switch between them easily
6961 2011-06-20 21:45:41 <joepie91> with different passwords
6962 2011-06-20 21:45:47 <joepie91> so you could easily segment
6963 2011-06-20 21:46:11 jtaylor_ has joined
6964 2011-06-20 21:46:25 Georgyo_ has joined
6965 2011-06-20 21:46:29 ShadeS_ has joined
6966 2011-06-20 21:46:37 jmeller has quit (Remote host closed the connection)
6967 2011-06-20 21:46:43 * emock still thinks that some kind of proof of work to make a trade is something to explore
6968 2011-06-20 21:47:04 pierce1 has joined
6969 2011-06-20 21:47:36 * emock 's gotta ride home before the rain hits...
6970 2011-06-20 21:47:54 dubious1 has joined
6971 2011-06-20 21:48:31 <luke-jr> what's the most the difficulty can grow in a single change?
6972 2011-06-20 21:48:54 <fmetro> luke-jr: all u want, it depends of the generated BTC ...
6973 2011-06-20 21:49:09 B0g4r7 has quit (Ping timeout: 250 seconds)
6974 2011-06-20 21:49:09 <fmetro> luke-jr: the generation BTC follow an exponential math func
6975 2011-06-20 21:49:10 <luke-jr> I thought there was an upper limit of growth
6976 2011-06-20 21:49:13 <lyspooner> luke-jr 4x
6977 2011-06-20 21:49:14 ndeee has joined
6978 2011-06-20 21:49:21 <luke-jr> lyspooner: grumble
6979 2011-06-20 21:49:33 <ionspin> ok, anyone interested in forming this bitcoin-card/key idea into an opesource project, please join http://groups.google.com/group/bitcoincard
6980 2011-06-20 21:49:46 hallowworld has joined
6981 2011-06-20 21:49:48 <lyspooner> grow or shrink
6982 2011-06-20 21:50:14 jaybny_ has joined
6983 2011-06-20 21:50:16 <brocktice> ionspin: you mean like bitbills?
6984 2011-06-20 21:50:31 jtaylor_ has quit (Remote host closed the connection)
6985 2011-06-20 21:50:36 BTCTrader_ has joined
6986 2011-06-20 21:50:39 coblee_ has joined
6987 2011-06-20 21:50:44 jtaylor_ has joined
6988 2011-06-20 21:50:54 B0g4r7 has joined
6989 2011-06-20 21:51:20 coblee_ is now known as coblee
6990 2011-06-20 21:51:21 BTCTrader_ is now known as BTCTrader
6991 2011-06-20 21:51:21 jaybny_ is now known as jaybny
6992 2011-06-20 21:52:09 X-Scale has joined
6993 2011-06-20 21:52:21 Kurtov has joined
6994 2011-06-20 21:52:36 Zarutian has joined
6995 2011-06-20 21:52:36 lessPlastic has joined
6996 2011-06-20 21:52:36 assassindrake has joined
6997 2011-06-20 21:52:36 zapnap has joined
6998 2011-06-20 21:53:24 ewal has joined
6999 2011-06-20 21:54:02 dbasch has joined
7000 2011-06-20 21:54:16 jtaylor_ is now known as jtaylor
7001 2011-06-20 21:55:33 patsir has quit (Quit: Page closed)
7002 2011-06-20 21:57:23 Wuked has joined
7003 2011-06-20 21:58:29 minimoose has joined
7004 2011-06-20 21:58:34 f33x has joined
7005 2011-06-20 21:58:39 oozyburglar has quit (Read error: Connection reset by peer)
7006 2011-06-20 21:58:42 Cyde has joined
7007 2011-06-20 22:00:01 eternal1 has joined
7008 2011-06-20 22:00:08 harrigan has left ()
7009 2011-06-20 22:00:19 ezl_ has joined
7010 2011-06-20 22:00:19 mrenouf has joined
7011 2011-06-20 22:00:19 neversleepy has joined
7012 2011-06-20 22:00:19 pmazur has joined
7013 2011-06-20 22:00:19 vigilyn has joined
7014 2011-06-20 22:00:19 Titeuf_87 has joined
7015 2011-06-20 22:00:19 ox8o has joined
7016 2011-06-20 22:00:19 lumos has joined
7017 2011-06-20 22:00:19 dukeleto has joined
7018 2011-06-20 22:00:19 epscy has joined
7019 2011-06-20 22:00:19 Cyde has joined
7020 2011-06-20 22:00:19 meLon has joined
7021 2011-06-20 22:00:19 knotwork has joined
7022 2011-06-20 22:00:19 Zyrkon has joined
7023 2011-06-20 22:00:19 HEx1 has joined
7024 2011-06-20 22:00:23 troy-- has joined
7025 2011-06-20 22:00:38 <troy--> hello. Are there API's available to integrate bitcoin transactions into webapps?
7026 2011-06-20 22:00:45 evelyn66 has quit (Read error: Connection reset by peer)
7027 2011-06-20 22:01:19 falafell has joined
7028 2011-06-20 22:02:03 ariqz has joined
7029 2011-06-20 22:02:07 lyspooner has quit (Quit: ChatZilla 0.9.87 [Firefox 3.6.17/20110420140830])
7030 2011-06-20 22:02:36 d1234_ has quit (Remote host closed the connection)
7031 2011-06-20 22:03:00 <enki> if anyone is working on a python client implementation
7032 2011-06-20 22:03:11 <enki> let me know. i'd love to contribute
7033 2011-06-20 22:03:12 kratosk has quit (Ping timeout: 240 seconds)
7034 2011-06-20 22:04:25 RobboNZ has joined
7035 2011-06-20 22:05:04 TheZimm has joined
7036 2011-06-20 22:05:04 slush has joined
7037 2011-06-20 22:05:52 larsivi has quit (Ping timeout: 240 seconds)
7038 2011-06-20 22:05:54 ericmock has joined
7039 2011-06-20 22:05:58 guest9 has left ()
7040 2011-06-20 22:06:14 <tcatm> enki: phantomcircuit has something and I have a basic network protocol abstraction
7041 2011-06-20 22:06:26 weinerk has joined
7042 2011-06-20 22:06:32 weinerk has joined
7043 2011-06-20 22:06:51 <enki> tcatm: urls?
7044 2011-06-20 22:06:55 <enki> any lists to coordinate?
7045 2011-06-20 22:07:07 p0s has quit (Remote host closed the connection)
7046 2011-06-20 22:07:17 eianpsego has joined
7047 2011-06-20 22:07:26 <MetaV> what about python bindings for freecoin and pool APIs ?
7048 2011-06-20 22:07:42 <enki> MetaV: no issue with ppl working on that
7049 2011-06-20 22:07:51 sgornick has joined
7050 2011-06-20 22:07:51 DaQatz has joined
7051 2011-06-20 22:07:53 <tcatm> enki: http://pastebin.com/raw.php?i=tL13jVvW
7052 2011-06-20 22:07:58 <enki> i want a full python implementation myself, and would love to contribute to make it happen
7053 2011-06-20 22:08:08 kermit has quit (Quit: Leaving.)
7054 2011-06-20 22:08:27 <phantomcircuit> enki, bitcoin-alt
7055 2011-06-20 22:08:28 arima has quit (Excess Flood)
7056 2011-06-20 22:08:33 <MetaV> enki: get it - im just not that far...
7057 2011-06-20 22:08:33 tixtax has quit (Quit: Page closed)
7058 2011-06-20 22:08:34 arima has joined
7059 2011-06-20 22:08:40 torsthaldo has quit (Excess Flood)
7060 2011-06-20 22:08:45 phearful has quit (Ping timeout: 240 seconds)
7061 2011-06-20 22:09:00 torsthaldo has joined
7062 2011-06-20 22:09:05 <enki> phantomcircuit: alright found the rep
7063 2011-06-20 22:09:07 <enki> will check out
7064 2011-06-20 22:09:07 netxshare has quit (Read error: Operation timed out)
7065 2011-06-20 22:09:23 K_F has quit (Ping timeout: 264 seconds)
7066 2011-06-20 22:09:23 kermit has joined
7067 2011-06-20 22:09:28 <enki> what's needed most right now to move this forward?
7068 2011-06-20 22:09:35 netxshare has joined
7069 2011-06-20 22:09:49 <tcatm> I think a script engine would be useful
7070 2011-06-20 22:09:50 <phantomcircuit> enki, scripting engine
7071 2011-06-20 22:09:59 <phantomcircuit> JYNX YOU OWE ME A SCRIPTING ENGINE
7072 2011-06-20 22:10:03 K_F has joined
7073 2011-06-20 22:10:15 scott`_ has joined
7074 2011-06-20 22:10:17 Titeuf_87 has quit (Quit: Ex-Chat)
7075 2011-06-20 22:10:37 <enki> oh, but that scripting language isn't that complex anyway
7076 2011-06-20 22:10:42 <enki> i'll look into that
7077 2011-06-20 22:11:50 has joined
7078 2011-06-20 22:11:53 netsky has joined
7079 2011-06-20 22:12:31 <tcatm> enki: until you encounter the signing OPs :)
7080 2011-06-20 22:12:53 <enki> tcatm: i'll just make those stubs ;)
7081 2011-06-20 22:13:03 <tcatm> that's cheating :P
7082 2011-06-20 22:13:15 <enki> not if more than 50% of clients do it ;)
7083 2011-06-20 22:13:28 diki has quit ()
7084 2011-06-20 22:13:36 RobboNZ has quit (Ping timeout: 258 seconds)
7085 2011-06-20 22:14:16 Netsniper has quit (Ping timeout: 260 seconds)
7086 2011-06-20 22:15:01 <enki> tcatm: ok, so why is your code separate from phantomcircuit's?
7087 2011-06-20 22:16:15 <jgarzik> cosurgi: not at present. wallet encryption is a pull request.
7088 2011-06-20 22:16:39 <enki> yay, i think phantomcircuit's code is downloading the blockchain on my machine
7089 2011-06-20 22:17:22 <tcatm> enki: my code is mostly based on ArtForz' half-client and older than phantomcircuit's code
7090 2011-06-20 22:17:43 <tcatm> it's more are lib for trying new things on the network than a real client
7091 2011-06-20 22:18:15 <enki> oh god, that client is threaded
7092 2011-06-20 22:18:16 Ken` has left ()
7093 2011-06-20 22:18:23 <enki> what have you done phantomcircuit
7094 2011-06-20 22:19:30 <phantomcircuit> enki, i have done magic
7095 2011-06-20 22:19:34 <phantomcircuit> rofl
7096 2011-06-20 22:19:51 <phantomcircuit> ps the peer logic which is threaded is trivially ported to something else
7097 2011-06-20 22:20:47 <enki> yeah, it's a good start
7098 2011-06-20 22:20:59 phantomcircuit is now known as Donald_
7099 2011-06-20 22:21:23 K_F has quit (Ping timeout: 264 seconds)
7100 2011-06-20 22:21:25 <enki> as long as i got something to speak the protocol
7101 2011-06-20 22:21:48 Donald_ is now known as phantomcircuit
7102 2011-06-20 22:22:04 K_F has joined
7103 2011-06-20 22:22:10 BlueMatt has joined
7104 2011-06-20 22:22:45 wardearia has joined
7105 2011-06-20 22:26:24 pnicholson has quit (Quit: pnicholson)
7106 2011-06-20 22:27:09 glitch-mod has joined
7107 2011-06-20 22:30:29 pettr1 has quit ()
7108 2011-06-20 22:32:02 enquire has quit (Read error: Operation timed out)
7109 2011-06-20 22:32:10 troy-- has left ()
7110 2011-06-20 22:32:12 comboy_ is now known as comboy
7111 2011-06-20 22:36:32 [Tycho] has quit (Ping timeout: 240 seconds)
7112 2011-06-20 22:38:44 Strom has quit (Read error: Connection reset by peer)
7113 2011-06-20 22:39:17 zapnap has quit (Remote host closed the connection)
7114 2011-06-20 22:39:49 DukeOfURL has quit (Quit: ChatZilla 0.9.87 [Firefox 4.0.1/20110413222027])
7115 2011-06-20 22:40:13 Strom has joined
7116 2011-06-20 22:40:32 Lachesis has joined
7117 2011-06-20 22:40:56 mmoya has joined
7118 2011-06-20 22:43:20 abragin has quit ()
7119 2011-06-20 22:45:03 magn3ts_ has joined
7120 2011-06-20 22:45:49 Pinion has joined
7121 2011-06-20 22:46:03 phearful has joined
7122 2011-06-20 22:46:12 <BlueMatt> sipa: there you go, build bot fixed :)
7123 2011-06-20 22:47:28 WakiMiko_ has joined
7124 2011-06-20 22:49:08 <BlueMattBot> Project Bitcoin build #61: STILL FAILING in 9 min 2 sec: http://www.bluematt.me/jenkins/job/Bitcoin/61/
7125 2011-06-20 22:49:25 <BlueMatt> wait...wtf?
7126 2011-06-20 22:49:25 [Tycho] has joined
7127 2011-06-20 22:49:44 ChuckSchumer has quit (Read error: Operation timed out)
7128 2011-06-20 22:49:45 ariqz has quit (Ping timeout: 244 seconds)
7129 2011-06-20 22:49:57 discHead has joined
7130 2011-06-20 22:50:06 T_X1 has joined
7131 2011-06-20 22:50:24 djsxxx has quit (Read error: Connection reset by peer)
7132 2011-06-20 22:50:44 BubbleBoy has quit (Read error: Connection reset by peer)
7133 2011-06-20 22:50:47 T_X has quit (Ping timeout: 264 seconds)
7134 2011-06-20 22:50:47 WakiMiko has quit (Ping timeout: 264 seconds)
7135 2011-06-20 22:51:06 ndeee has quit (Ping timeout: 252 seconds)
7136 2011-06-20 22:51:07 <BlueMatt> damn, forgot to git push, should work now
7137 2011-06-20 22:51:14 discHead has left ()
7138 2011-06-20 22:51:43 discHead has joined
7139 2011-06-20 22:51:59 blaupunk has quit (Ping timeout: 264 seconds)
7140 2011-06-20 22:52:06 discHead has quit (Client Quit)
7141 2011-06-20 22:52:33 discHead has joined
7142 2011-06-20 22:52:59 amiller has quit (Quit: Leaving)
7143 2011-06-20 22:53:11 Cusipzzz has joined
7144 2011-06-20 22:53:16 mosimo has quit (Quit: (� www.nnscript.com ::� NoNameScript 4.22 ::� www.�esnation.com� )�)
7145 2011-06-20 22:53:31 discHead has left ()
7146 2011-06-20 22:53:50 amiller has joined
7147 2011-06-20 22:54:06 discHead has joined
7148 2011-06-20 22:54:44 discHead has left ()
7149 2011-06-20 22:55:03 Kiba has joined
7150 2011-06-20 22:56:14 RenaKunisaki has joined
7151 2011-06-20 22:57:10 somuchwin has quit (Quit: Nettalk6 - www.ntalk.de)
7152 2011-06-20 22:58:16 hamush1 has quit (Ping timeout: 260 seconds)
7153 2011-06-20 22:58:29 Donald__ has quit (Ping timeout: 250 seconds)
7154 2011-06-20 22:58:31 Geebus has joined
7155 2011-06-20 22:58:34 Gonzago has joined
7156 2011-06-20 22:59:47 hamush1 has joined
7157 2011-06-20 22:59:55 vokoda` has quit (Ping timeout: 240 seconds)
7158 2011-06-20 23:01:01 accel has joined
7159 2011-06-20 23:01:01 Donald__ has joined
7160 2011-06-20 23:01:07 pirrr has quit (Read error: Operation timed out)
7161 2011-06-20 23:01:14 musp3r is now known as musp3r_snooze
7162 2011-06-20 23:01:24 <accel> http://news.ycombinator.com/item?id=2676263 <-- is this legit or a troll?
7163 2011-06-20 23:01:58 <BlueMatt> probably troll
7164 2011-06-20 23:02:24 <BlueMatt> but doesnt really matter
7165 2011-06-20 23:02:38 <accel> why not?
7166 2011-06-20 23:02:39 Clipse has joined
7167 2011-06-20 23:02:44 <iera> if yes, sue him http://felter.org/wesley/ this is his profile
7168 2011-06-20 23:02:55 <accel> it seems to effect Mt Gox's reputation quite a bit
7169 2011-06-20 23:03:17 ChuckSchumer has joined
7170 2011-06-20 23:03:42 <ionspin> BlueMatt: Hey, a few fellow bitcoiners and I are starting an open source project called BitCoin Card. The idea is to make an hardware card/dongle/DNA-sqeuncing-retina-scanning-totally-secure-device that supports bitcoin system. The draft/discussion is here, so I would appreciate your input on this.
7171 2011-06-20 23:03:54 <ionspin> http://groups.google.com/group/bitcoincard
7172 2011-06-20 23:03:57 <BlueMatt> accel: ok after reading that, that is just bs
7173 2011-06-20 23:03:59 <ionspin> damn i always forget the link
7174 2011-06-20 23:04:14 <BlueMatt> even if that is the guy his opinions are just way overly biased
7175 2011-06-20 23:04:25 <sipa> BlueMatt: i think it is real
7176 2011-06-20 23:04:25 <BlueMattBot> Yippie, build fixed!
7177 2011-06-20 23:04:26 <BlueMattBot> Project Bitcoin build #62: FIXED in 13 min: http://www.bluematt.me/jenkins/job/Bitcoin/62/
7178 2011-06-20 23:04:36 <BlueMatt> ionspin: wait...wtf?
7179 2011-06-20 23:04:48 <ionspin> :)
7180 2011-06-20 23:04:50 <BlueMatt> sipa: it might be, but his opinions are just kinda wtf?
7181 2011-06-20 23:04:58 <accel> ionspin: are you creating a bitcoin backed credit card?
7182 2011-06-20 23:05:00 <BlueMatt> clearly someone wants his money
7183 2011-06-20 23:05:22 <ionspin> BlueMatt, started from a joke on #bitcoin, and few of us liked the idea, so we started talking about it
7184 2011-06-20 23:05:31 <sipa> BlueMatt: i agree, but i'd like to keep the whole mtgox issue away from this channel
7185 2011-06-20 23:05:34 <copumpkin> [07:03:42 PM] <MagicalTux> he placed his buy order at 0.01 btc ~3 minutes before our hacker placed his sell order
7186 2011-06-20 23:05:35 <ionspin> accel, well, more like a portable wallet
7187 2011-06-20 23:05:39 <BlueMatt> sipa: meh fair enough
7188 2011-06-20 23:05:45 <ionspin> accel, yeah you could call it bitcoin credit card
7189 2011-06-20 23:06:11 TD has quit (Quit: TD)
7190 2011-06-20 23:06:27 <accel> copumpkin: err, that doesn't make him look good, does it?
7191 2011-06-20 23:06:29 <ionspin> the part about dna-sequencing is a joke of course.
7192 2011-06-20 23:06:32 TheZimm has quit (Quit: When will we learn?)
7193 2011-06-20 23:06:34 <ionspin> too expensive at the moment
7194 2011-06-20 23:06:35 <ionspin> :)
7195 2011-06-20 23:06:40 <BlueMatt> ionspin: so its a bitcoin smart card which uses biometric stuff to decrypt
7196 2011-06-20 23:06:43 <BlueMatt> ?
7197 2011-06-20 23:06:45 <fmetro> guys i need help with emergency lol
7198 2011-06-20 23:06:58 <ionspin> no no, it would use a pin, to be on the cheap side
7199 2011-06-20 23:07:05 <sipa> ionspin: put one ecdsa private key hardcoded on it, have one trusted device (your computer) which you can use to charge it (store txouts on it that are useful), and can sign after confirmation using a pin
7200 2011-06-20 23:07:08 <fmetro> When i go to forum :
7201 2011-06-20 23:07:10 <fmetro> Sorry Guest, you are banned from using this forum!
7202 2011-06-20 23:07:10 <fmetro> Spam 8
7203 2011-06-20 23:07:12 <accel> copumpkin: is there a public log of that conversation online anywhere
7204 2011-06-20 23:07:14 <ericmock> copumpkin: what you think about a proof-of-work for taking coins out of your 'vault' and making trades on an exchange?
7205 2011-06-20 23:07:36 <ionspin> at the moment the consensus is that the most cost effective product would be calculator like card with detachable smart card, or other type of communication
7206 2011-06-20 23:07:43 <ionspin> usb/nfc, something
7207 2011-06-20 23:07:44 <copumpkin> ericmock: you mean something where the notion of an exchange is integral to the protocol?
7208 2011-06-20 23:07:46 somuchwin has joined
7209 2011-06-20 23:08:02 <accel> ericmock: what problem ar eyou trying to solve
7210 2011-06-20 23:08:11 <ericmock> copumpkin: not necessarily... and probably not at all
7211 2011-06-20 23:08:12 <ionspin> sipa, that is the way we are thinking right now
7212 2011-06-20 23:08:24 <accel> why is http://bit.ly/cdmwSu, the link above, broken for public channel logs?
7213 2011-06-20 23:08:24 <ericmock> you wouldn't want to change the protocol
7214 2011-06-20 23:08:37 <ionspin> r2k, proposed a hardware draft, but since i suck at hardware i cant explain all of it
7215 2011-06-20 23:08:44 <ericmock> accel: all of them... it's a TOE
7216 2011-06-20 23:08:47 <ionspin> you can see the initial discussion on http://groups.google.com/group/bitcoincard
7217 2011-06-20 23:08:56 mmoya has quit (Ping timeout: 260 seconds)
7218 2011-06-20 23:09:04 <accel> ericmock: what's a TOE?
7219 2011-06-20 23:09:31 <ericmock> oh, forget this isn't a bunch of physicists... a Theory Of Everything
7220 2011-06-20 23:09:50 <sipa> wumpus: present?
7221 2011-06-20 23:09:53 <ionspin> sipa, we actually proposed that the card contains a seperate wallet tha can be charged from the computer, and in case of a reverse transaction the card should provide the address of the main wallet
7222 2011-06-20 23:09:58 <ericmock> anyway, at first I was thinking about protecting wallets
7223 2011-06-20 23:10:13 <ericmock> and then started thinking about doing something similar to make exchanges
7224 2011-06-20 23:10:17 <sipa> ionspin: reverse transaction?
7225 2011-06-20 23:10:32 <ericmock> it's like 1/16-baked at this point...
7226 2011-06-20 23:10:33 <ionspin> sipa, well if you want to charge someone with your card
7227 2011-06-20 23:10:55 <ionspin> sipa, it just a posibility
7228 2011-06-20 23:10:56 <sipa> ionspin: no need for an address, just a txout
7229 2011-06-20 23:11:05 <fmetro> no one could help me with forum ? :(
7230 2011-06-20 23:11:19 <sipa> fmetro: not sure if there are forum admins here
7231 2011-06-20 23:11:45 <fmetro> sipa: yea but could i write an email for this ? i never subscribed and i'm banned it's so weird
7232 2011-06-20 23:12:13 <ericmock> is like practically no one mining on testnet?
7233 2011-06-20 23:12:31 <ionspin> sipa, but i need to prived an address if i want to receive bitcoins? The card should support transactions both ways, withdrawal , and deposit
7234 2011-06-20 23:12:50 <ionspin> provide*
7235 2011-06-20 23:13:13 <sipa> ionspin: i would suggest not seeing the card as a full wallet - the real wallet is a full bitcoin client on a trusted computer
7236 2011-06-20 23:13:24 <sipa> ionspin: and you sync your card with the computer
7237 2011-06-20 23:13:37 <sipa> ionspin: by storing the unredeemed coins to its address on it
7238 2011-06-20 23:13:46 BlueMatt has quit (Ping timeout: 260 seconds)
7239 2011-06-20 23:14:06 <sipa> ionspin: obviously yes the card should have a way for querying its address
7240 2011-06-20 23:14:12 ThomasV has quit (Ping timeout: 252 seconds)
7241 2011-06-20 23:14:18 <fmetro> bby all
7242 2011-06-20 23:14:19 fmetro has left ("Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is")
7243 2011-06-20 23:14:39 accel has quit (Quit: leaving)
7244 2011-06-20 23:14:58 <ionspin> sipa, i think i understand you (i'm really new to bitcoins, haven't had the time to browse the code yet)
7245 2011-06-20 23:15:34 <sipa> ionspin: then again, i believe bitcoin is too young for something like this
7246 2011-06-20 23:15:47 <ionspin> sipa: so in that scenario, the card wouldn't need to contain private key of any kind?
7247 2011-06-20 23:15:54 hallowworld has quit (Ping timeout: 240 seconds)
7248 2011-06-20 23:16:06 <ionspin> sipa: i agree, but if we start early we will have a specification ready when the time comes
7249 2011-06-20 23:16:27 <sipa> ionspin: it would have one hardcoded private key (or several, possibly), otherwise you can't do payments with it
7250 2011-06-20 23:16:50 <ionspin> sipa:ok, now i understand fully, and thats the approach we were takin
7251 2011-06-20 23:17:37 <ionspin> sipa: please have a look at threads (only one thread right now) at http://groups.google.com/group/bitcoincard and provide us with some of your expertize, it will be greatly appreciated
7252 2011-06-20 23:17:38 <sipa> ionspin: and you basically have two api calls to it: one "i want to credit address X with Y BTC, create me a valid transaction that does so", and one "what is your address"
7253 2011-06-20 23:17:58 <ionspin> sipe:yes
7254 2011-06-20 23:18:01 JRWR has joined
7255 2011-06-20 23:18:02 JRWR has quit (Changing host)
7256 2011-06-20 23:18:02 JRWR has joined
7257 2011-06-20 23:18:52 <ionspin> salso heres the bitcoin forum thread http://forum.bitcoin.org/index.php?topic=20224.0 the wiki http://bitcoincard.wikispot.org/Front_Page (currently empty) and github project https://github.com/ionspin/BitCoinCard (also empty at the moment)
7258 2011-06-20 23:18:57 BlueMatt has joined
7259 2011-06-20 23:19:16 <sipa> ionspin: i'll have a look, but not now (need sleep)
7260 2011-06-20 23:19:42 WildSoil has quit (Ping timeout: 252 seconds)
7261 2011-06-20 23:19:52 <ionspin> sipa: mee too, regular work awaits tommorow :) anyways thanks for the help!
7262 2011-06-20 23:19:57 <gim> sipa: hi, I had to fix something in CWallet, could you tell me if this commit is ok? https://github.com/bitcoin/bitcoin/pull/335
7263 2011-06-20 23:19:58 forrestv has quit (Quit: Coyote finally caught me)
7264 2011-06-20 23:20:28 <gim> err nothing urgent of course :)
7265 2011-06-20 23:22:01 forrestv has joined
7266 2011-06-20 23:22:36 <sipa> gim: didn't look at the GUI changes yet, the wallt change looks good (though i'd put line 166 before 164-165)
7267 2011-06-20 23:23:23 <sipa> non-file backed wallets don't exist right now, and would need a lot of changes anyway
7268 2011-06-20 23:23:27 musp3r_snooze has quit (Read error: Operation timed out)
7269 2011-06-20 23:25:21 <pierce1> so is there anyone working on an alternative p2p system for managing nodes in the bitcoin network? Not to rag on the current IRC based model, but it seems that it could be made more robust.
7270 2011-06-20 23:25:25 pierce1 is now known as pierce
7271 2011-06-20 23:25:29 xtalmath has quit (Quit: fizzle :D)
7272 2011-06-20 23:25:35 <gim> ok, thanks!
7273 2011-06-20 23:26:24 devrandom has quit (Remote host closed the connection)
7274 2011-06-20 23:27:02 <sipa> pierce: IRC will probablt be deprecated soon
7275 2011-06-20 23:27:13 <sipa> in favor of DNS seeding or something else
7276 2011-06-20 23:27:19 devrandom has joined
7277 2011-06-20 23:27:50 darin has quit (Disconnected by services)
7278 2011-06-20 23:27:57 <pierce> sipa: interesting is there any code or documentation on alternate ideas?
7279 2011-06-20 23:29:07 <sipa> pierce: dns seeding is already incorporated in the client for some time, just not enabled by default
7280 2011-06-20 23:29:38 <ericmock> how the heck do you use testnet if no one is mining?
7281 2011-06-20 23:29:53 <sipa> ericmock: testnet in a box, or mine yourself
7282 2011-06-20 23:30:02 Sylph has quit (Ping timeout: 240 seconds)
7283 2011-06-20 23:30:13 <ericmock> is testnet mining trivially easy?
7284 2011-06-20 23:30:58 <sipa> you'd find a block every few hours using a CPU i guess
7285 2011-06-20 23:30:59 <pierce> ericmock: no matter how many users are mining, one block is found every ~10 mins :-)
7286 2011-06-20 23:31:20 <sipa> pierce: not with the wild variation of computing power on testnet
7287 2011-06-20 23:31:28 <ericmock> pierce: so why http://blockexplorer.com/testnet
7288 2011-06-20 23:31:46 <BlueMatt> somewhat
7289 2011-06-20 23:31:50 gsathya has joined
7290 2011-06-20 23:31:57 gsathya has quit (Client Quit)
7291 2011-06-20 23:32:01 proximiX has quit (Read error: Connection reset by peer)
7292 2011-06-20 23:32:02 lessPlastic has quit (Quit: lessPlastic)
7293 2011-06-20 23:32:20 <BlueMatt> maybe testnet should adjust more often?
7294 2011-06-20 23:32:34 <pierce> someone is getting testrich
7295 2011-06-20 23:32:38 <ericmock> why not just always make it really easy to mine?
7296 2011-06-20 23:33:06 <BlueMatt> I think someone posted on the forums that they had like 10k testnet coins to give away, though I think they are already gone
7297 2011-06-20 23:33:09 red_dawn_ has joined
7298 2011-06-20 23:33:11 ezl_ has quit (Ping timeout: 240 seconds)
7299 2011-06-20 23:33:23 <ericmock> yea, there's the testnet faucet
7300 2011-06-20 23:33:43 <vegard> it would be easier to double spend/fork the block chain, right? if it was too easy to find a new block.
7301 2011-06-20 23:33:59 ezl_ has joined
7302 2011-06-20 23:34:10 proximiX has joined
7303 2011-06-20 23:34:10 <ericmock> it's /test/net
7304 2011-06-20 23:34:30 <ericmock> or was that a general question?
7305 2011-06-20 23:34:48 ionspin has quit (Quit: Leaving)
7306 2011-06-20 23:35:13 qwebirc89238 has joined
7307 2011-06-20 23:35:32 <qwebirc89238> anyone here
7308 2011-06-20 23:35:37 <fiverawr> I'm confused here. Trying to parse the scripts. Do all of the inputs and outputs scripts of a transaction get joined together?
7309 2011-06-20 23:35:39 <ericmock> no
7310 2011-06-20 23:35:57 <qwebirc89238> can anyone tell me how i can get bitcoins for my paysafecards ?
7311 2011-06-20 23:36:00 <ericmock> fiverawr: that was for you
7312 2011-06-20 23:36:25 <fiverawr> ericmock: Was or wasn't? If it was, you're an incredibly fast reader :P
7313 2011-06-20 23:36:28 kermit has quit (Quit: Leaving.)
7314 2011-06-20 23:36:48 <ericmock> shit, wasn't, sorry
7315 2011-06-20 23:36:51 <fiverawr> :P
7316 2011-06-20 23:37:36 ezl_ has quit (Client Quit)
7317 2011-06-20 23:37:58 <sipa> fiverawr: if you have a txA input N that is trying to spend an output M of txB, eval(txA.input[N].scriptSig + txB.output[M].scriptPubKey) must evaliuate to true
7318 2011-06-20 23:38:03 ezl_ has joined
7319 2011-06-20 23:38:14 <sipa> where '+' represents concatenation
7320 2011-06-20 23:38:39 niekie has quit (Remote host closed the connection)
7321 2011-06-20 23:38:49 niekie has joined
7322 2011-06-20 23:38:51 kratosk has joined
7323 2011-06-20 23:39:13 musp3r_snooze has joined
7324 2011-06-20 23:39:29 kermit has joined
7325 2011-06-20 23:40:14 <midnightmagic> BlueMatt: I have about 200k testnet coins.
7326 2011-06-20 23:40:15 <fiverawr> sipa: Ah, thank you. This makes more sense now :)
7327 2011-06-20 23:40:31 <midnightmagic> someone needs testnet coins?
7328 2011-06-20 23:40:53 musp3r_snooze has quit (Client Quit)
7329 2011-06-20 23:41:03 prax has joined
7330 2011-06-20 23:41:04 prax has quit (Changing host)
7331 2011-06-20 23:41:04 prax has joined
7332 2011-06-20 23:42:44 <ezl_> what is testnet?
7333 2011-06-20 23:44:05 Pinion has quit (Quit: Colloquy for iPad - http://colloquy.mobi)
7334 2011-06-20 23:44:12 unclemantis has joined
7335 2011-06-20 23:46:32 qwebirc89238 has quit (Quit: Page closed)
7336 2011-06-20 23:47:00 enquire has joined
7337 2011-06-20 23:47:06 <unclemantis> Using the command validateaddress to the bitcoin deamon it will return if the address is valid and if it is mine. With my understanding this runs some math on the address. Is there a way to validate if a bitcoin address truly does exist in the wild and not just the lab?
7338 2011-06-20 23:47:40 darin_ has joined
7339 2011-06-20 23:47:48 <BlueMatt> youd have to scan the chain
7340 2011-06-20 23:47:49 <BlueMatt> or bbe
7341 2011-06-20 23:48:32 <jrmithdobbs> unclemantis: all addresses who pass the checksum test "exist" whether someone controls the corresponding private key is another matter.
7342 2011-06-20 23:49:05 <jrmithdobbs> well pass checksum and are the proper length
7343 2011-06-20 23:49:11 casascius has quit (Quit: Page closed)
7344 2011-06-20 23:49:37 <BlueMattBot> Project Bitcoin-Testset build #27: FAILURE in 45 min: http://www.bluematt.me/jenkins/job/Bitcoin-Testset/27/
7345 2011-06-20 23:49:46 <BlueMatt> oh wtf
7346 2011-06-20 23:49:51 <unclemantis> I don't want to send someone money and then have it not get there
7347 2011-06-20 23:50:15 <jrmithdobbs> unclemantis: then don't manually key in the address
7348 2011-06-20 23:50:20 <jrmithdobbs> unclemantis: it's really that simple
7349 2011-06-20 23:50:24 <unclemantis> LOL
7350 2011-06-20 23:50:36 <jrmithdobbs> if they give you the wrong address that's their fault
7351 2011-06-20 23:50:36 ShadeS_ is now known as ShadeS
7352 2011-06-20 23:50:46 <unclemantis> ok
7353 2011-06-20 23:50:57 <jrmithdobbs> unclemantis: just like with bank wire transfers
7354 2011-06-20 23:51:41 enquire has quit (Ping timeout: 260 seconds)
7355 2011-06-20 23:51:55 <unclemantis> can a transaction TIME OUT?
7356 2011-06-20 23:52:11 <jrmithdobbs> not currently
7357 2011-06-20 23:52:11 Jaagu has joined
7358 2011-06-20 23:53:59 <unclemantis> so if someone gives me a VALID ADDRESS and I send money to it. And then i find out that no one owns it, then the transaction will just hang there? So not only is the other guy out money but I am out money too but cause the network is waiting for that ADDRESS to come online.
7359 2011-06-20 23:54:01 <unclemantis> correct?
7360 2011-06-20 23:54:11 <jrmithdobbs> unclemantis: no
7361 2011-06-20 23:54:19 <jrmithdobbs> the transaction will get placed into a block
7362 2011-06-20 23:54:38 <jrmithdobbs> and noone will be able to claim it until they by chance generate a private key capable of doing so
7363 2011-06-20 23:54:47 eoss has joined
7364 2011-06-20 23:55:20 <midnightmagic> ezl_: Another network with reduced difficulty where anybody can mine thousands of coins.
7365 2011-06-20 23:56:20 <JRWR> so, hows the work on encrypted wallets?
7366 2011-06-20 23:56:43 <unclemantis> so i could generate a valid address, send money to it. it gets put into a block. And now it is just hanging there until someone generates the same address?
7367 2011-06-20 23:57:46 Sylph has joined
7368 2011-06-20 23:59:25 ndeee has joined
7369 2011-06-20 23:59:59 TheZimm has joined