1 2013-08-11 00:00:47 dan__ has quit (Read error: Connection reset by peer)
   2 2013-08-11 00:01:38 peetaur2 has quit (Quit: Konversation terminated!)
   3 2013-08-11 00:03:11 hsmiths has quit (Quit: Nettalk6 - www.ntalk.de)
   4 2013-08-11 00:04:12 hsmiths has joined
   5 2013-08-11 00:05:07 datagutt has quit (Quit: Computer has gone to sleep.)
   6 2013-08-11 00:09:54 CodeShark has joined
   7 2013-08-11 00:14:52 dan_ has quit (Remote host closed the connection)
   8 2013-08-11 00:16:37 agricocb has quit (Remote host closed the connection)
   9 2013-08-11 00:18:55 rdponticelli has joined
  10 2013-08-11 00:24:35 agricocb has joined
  11 2013-08-11 00:28:01 <phantomcircuit> gmaxwell, im sure a lot of people would happily make that trade
  12 2013-08-11 00:28:08 <phantomcircuit> but key management is still x100 more important
  13 2013-08-11 00:31:21 robocoin has quit (Ping timeout: 264 seconds)
  14 2013-08-11 00:31:57 toffoo has joined
  15 2013-08-11 00:33:20 GeorgeJ has quit (Remote host closed the connection)
  16 2013-08-11 00:35:47 Zoo has quit (Ping timeout: 264 seconds)
  17 2013-08-11 00:40:47 btcbtc has joined
  18 2013-08-11 00:40:59 Application has quit (Read error: Connection reset by peer)
  19 2013-08-11 00:41:35 agricocb has quit (Remote host closed the connection)
  20 2013-08-11 00:43:54 MC1984 has quit (Ping timeout: 241 seconds)
  21 2013-08-11 00:45:01 agricocb has joined
  22 2013-08-11 00:48:36 Zoo has joined
  23 2013-08-11 00:54:11 iwilcox has quit (Ping timeout: 264 seconds)
  24 2013-08-11 00:59:57 cap2002 has quit ()
  25 2013-08-11 01:00:10 thrasher` has quit (Changing host)
  26 2013-08-11 01:00:10 thrasher` has joined
  27 2013-08-11 01:00:49 _jps has quit (Quit: _jps)
  28 2013-08-11 01:09:38 Neozonz has joined
  29 2013-08-11 01:09:43 Neozonz has quit (Disc!~Neozonz@198-84-245-103.cpe.teksavvy.com|Changing host)
  30 2013-08-11 01:09:43 Neozonz has joined
  31 2013-08-11 01:13:20 Neozonz has quit (Ping timeout: 276 seconds)
  32 2013-08-11 01:19:31 rdymac has quit (Read error: Connection reset by peer)
  33 2013-08-11 01:20:26 iddo has quit (Ping timeout: 248 seconds)
  34 2013-08-11 01:21:00 iddo has joined
  35 2013-08-11 01:22:54 rdymac has joined
  36 2013-08-11 01:25:57 iddo has quit (Ping timeout: 264 seconds)
  37 2013-08-11 01:26:23 iddo has joined
  38 2013-08-11 01:26:28 rdymac has quit (Read error: Connection reset by peer)
  39 2013-08-11 01:27:24 rdymac has joined
  40 2013-08-11 01:28:48 agricocb has quit (Ping timeout: 246 seconds)
  41 2013-08-11 01:31:08 agricocb has joined
  42 2013-08-11 01:35:47 AusBitBank__ has joined
  43 2013-08-11 01:36:14 AusBitBank_ has quit (Read error: Connection reset by peer)
  44 2013-08-11 01:37:16 catcow has quit (Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)
  45 2013-08-11 01:37:37 catcow has joined
  46 2013-08-11 01:37:37 catcow has quit (Changing host)
  47 2013-08-11 01:37:37 catcow has joined
  48 2013-08-11 01:39:58 gritball_ has quit (Read error: Connection reset by peer)
  49 2013-08-11 01:40:26 gritball has joined
  50 2013-08-11 01:40:46 uinogota has quit (Read error: Connection reset by peer)
  51 2013-08-11 01:41:01 uinogota has joined
  52 2013-08-11 01:41:16 melvster has quit (Ping timeout: 240 seconds)
  53 2013-08-11 01:42:50 Application has joined
  54 2013-08-11 01:45:17 Applicat_ has joined
  55 2013-08-11 01:46:36 rethaw has quit (Quit: Out)
  56 2013-08-11 01:47:11 Application has quit (Ping timeout: 264 seconds)
  57 2013-08-11 01:54:32 rawdr has quit (Read error: Connection reset by peer)
  58 2013-08-11 01:56:22 sserrano44 has quit (Quit: Computer has gone to sleep.)
  59 2013-08-11 01:56:48 dust-otc has joined
  60 2013-08-11 01:58:19 btcbtc has quit (Quit: btcbtc)
  61 2013-08-11 01:59:35 chorao2 has quit (Ping timeout: 264 seconds)
  62 2013-08-11 01:59:40 btcbtc has joined
  63 2013-08-11 02:01:34 Zoo has quit (Read error: No route to host)
  64 2013-08-11 02:01:47 Zoo has joined
  65 2013-08-11 02:01:50 Applicat_ has quit (Ping timeout: 256 seconds)
  66 2013-08-11 02:02:34 fanquake_ has joined
  67 2013-08-11 02:03:04 Application has joined
  68 2013-08-11 02:03:19 michagogo has quit (Quit: goodnight)
  69 2013-08-11 02:05:00 fanquake has quit (Ping timeout: 260 seconds)
  70 2013-08-11 02:05:01 fanquake_ is now known as fanquake
  71 2013-08-11 02:19:17 Belkaar has quit (Ping timeout: 240 seconds)
  72 2013-08-11 02:19:20 realazthat has quit (Read error: Connection reset by peer)
  73 2013-08-11 02:20:47 realazthat has joined
  74 2013-08-11 02:20:47 realazthat has quit (Changing host)
  75 2013-08-11 02:20:47 realazthat has joined
  76 2013-08-11 02:23:54 sserrano44 has joined
  77 2013-08-11 02:24:12 Belkaar has joined
  78 2013-08-11 02:25:06 sserrano44 has quit (Client Quit)
  79 2013-08-11 02:25:08 <gmaxwell> ::sigh:: https://bitcointalk.org/index.php?topic=271486.msg2907971;boardseen#new
  80 2013-08-11 02:25:15 Subo1977_ has joined
  81 2013-08-11 02:26:00 <gmaxwell> Of course, if all these wallet apps didn't constantly reuse addresses the exposure here— whatever the root cause— would be much lower.
  82 2013-08-11 02:26:29 <phantomcircuit> gmaxwell, we were discussing that before
  83 2013-08-11 02:26:37 <phantomcircuit> im not sure how that could be screwed up
  84 2013-08-11 02:26:46 <phantomcircuit> SecureRandom is by default initalized from /dev/urandom
  85 2013-08-11 02:26:48 btcbtc has quit (Quit: btcbtc)
  86 2013-08-11 02:27:01 <phantomcircuit> you can call setSeed which overrides the initial value
  87 2013-08-11 02:27:11 <phantomcircuit> but bitcoinj which they're both based on doesn't do that
  88 2013-08-11 02:27:28 <gwillen> that is ... very interesting
  89 2013-08-11 02:27:33 <phantomcircuit> so possibly there is something really broken with /dev/urandom on some android phones?
  90 2013-08-11 02:27:51 <phantomcircuit> samsung has a history of pretty hilarious patches
  91 2013-08-11 02:27:52 <gmaxwell> phantomcircuit: possibly, or some crazy bitflips in crappy hardware.
  92 2013-08-11 02:28:06 <gwillen> phantomcircuit: completely batshit insane patches, you mean
  93 2013-08-11 02:28:14 realazthat has quit (Max SendQ exceeded)
  94 2013-08-11 02:28:16 <gmaxwell> or some crazy libc or java IO race condition that causes some read to get read twice.
  95 2013-08-11 02:28:21 <gwillen> what if it was a first-random-after-boot issue
  96 2013-08-11 02:28:29 <phantomcircuit> gwillen, well i found them hilarious cause i broke into my friends phone and made it do weird stuff
  97 2013-08-11 02:28:31 <phantomcircuit> heh
  98 2013-08-11 02:28:33 <gwillen> if the phones in question always produce the same first random number at boot
  99 2013-08-11 02:28:41 <gwillen> that could produce this an arbitrary amount of time apart
 100 2013-08-11 02:28:42 Subo1977 has quit (Ping timeout: 240 seconds)
 101 2013-08-11 02:28:51 <gwillen> and it's the same thing that caused the crackable ssl keys on routers
 102 2013-08-11 02:29:12 <Cusipzzz> ugly
 103 2013-08-11 02:29:14 <gwillen> it would be incredibly stupid for them not to save the seed.......... unless the phone crashed
 104 2013-08-11 02:29:16 realazthat has joined
 105 2013-08-11 02:29:19 <gwillen> and saves the seed on shutdown
 106 2013-08-11 02:29:23 <gwillen> so it came up again with the same seed
 107 2013-08-11 02:29:40 <phantomcircuit> gwillen, it's not like a phone has any lack of high quality entropy
 108 2013-08-11 02:29:48 <phantomcircuit> but that doesn't mean it's being captured
 109 2013-08-11 02:29:52 <gwillen> yeah
 110 2013-08-11 02:30:00 <gwillen> and like, if you just booted, and you don't have a net connection yet...
 111 2013-08-11 02:30:03 <gwillen> you have a fucking realtime clock though
 112 2013-08-11 02:30:06 <gwillen> which you should be using
 113 2013-08-11 02:30:17 <gwillen> but that ought to 100% prevent the whole thing, so.
 114 2013-08-11 02:30:22 <phantomcircuit> i guess the android apps should start collecting randomness from users and combining with /dev/random and calling setSeed
 115 2013-08-11 02:30:25 <gmaxwell> gwillen: a recommended practice is to generate the nonce for signing through something like SHA256(message being signed || privkey || random), so even if your random is bad you won't reuse the same value.
 116 2013-08-11 02:30:33 * gwillen nods
 117 2013-08-11 02:30:40 <Luke-Jr> gwillen: even if you don't have a net connection, just dump random crap from the radio..
 118 2013-08-11 02:30:41 <gwillen> does bitcoinj follow the recommended practice?
 119 2013-08-11 02:30:41 <gmaxwell> gwillen: the reference client signing does something like that.
 120 2013-08-11 02:30:44 <gwillen> or does it use random directly?
 121 2013-08-11 02:30:51 <gwillen> (since you say they are both based on bitcoinj)
 122 2013-08-11 02:30:54 <gmaxwell> I don't know what bitcoinj/bouncycastle does.
 123 2013-08-11 02:30:57 <gwillen> (or IIRC someone said that)
 124 2013-08-11 02:31:03 <phantomcircuit> gmaxwell, they just call SecureRandom
 125 2013-08-11 02:31:07 <phantomcircuit> iirc
 126 2013-08-11 02:31:10 <gwillen> ding.
 127 2013-08-11 02:31:12 <phantomcircuit> let me check
 128 2013-08-11 02:31:33 <gwillen> how many of these signatures have we seen?
 129 2013-08-11 02:31:52 <Luke-Jr> on the bright side, now we have a real example of address reuse resulting in coin loss
 130 2013-08-11 02:32:29 <gwillen> Luke-Jr: because without address reuse, the vulnerable keys would not have been in the chain to crack?
 131 2013-08-11 02:32:37 <SomeoneWeird> what, really?
 132 2013-08-11 02:33:00 <gwillen> SomeoneWeird: non-reuse of addresses would not have prevented the generation of bad keys
 133 2013-08-11 02:33:13 <SomeoneWeird> i mean what Luke-Jr said, i'm just chiming in
 134 2013-08-11 02:33:13 <gwillen> but it would prevent the bad keys from just sitting there in the blockchain waiting to be cracked
 135 2013-08-11 02:33:20 <gwillen> only their hashes would be in the chain
 136 2013-08-11 02:33:23 <gwillen> if I'm understanding right
 137 2013-08-11 02:33:48 <gwillen> although all it really does is reduce the race window, since a transaction to _spend_ from an address does reveal its private key
 138 2013-08-11 02:33:58 <gwillen> so if you see such a transaction cross the wire you can start cracking at that point, if you want
 139 2013-08-11 02:34:02 <Luke-Jr> gwillen: isn't this only a problem because the same key was used in 2 signatures with the same k?
 140 2013-08-11 02:34:05 <gmaxwell> gwillen: no, if there were no address reuse here they'd be fine.
 141 2013-08-11 02:34:22 <gwillen> oh, because the same key would never be used in two signatures
 142 2013-08-11 02:34:23 <gwillen> I see
 143 2013-08-11 02:34:28 <gmaxwell> Right.
 144 2013-08-11 02:34:38 <gwillen> yeah, fair enough
 145 2013-08-11 02:34:42 <gmaxwell> though whatever the root cause here would probably also cause weak keys too.
 146 2013-08-11 02:34:48 <gwillen> yeah.
 147 2013-08-11 02:34:53 <gwillen> I was assuming these _were_ weak keys.
 148 2013-08-11 02:35:03 <gmaxwell> gwillen: nah, the reports appear to be nonce reuse.
 149 2013-08-11 02:35:15 <SomeoneWeird> who'd this happen to?
 150 2013-08-11 02:35:22 <Cusipzzz> this happened before with the original android wallet
 151 2013-08-11 02:35:24 <gwillen> SomeoneWeird: users of two android wallet clients
 152 2013-08-11 02:35:28 <gwillen> Cusipzzz: !!!
 153 2013-08-11 02:35:36 <gmaxwell> worse, I think we knew months ago that there was evidence of nonce reuse in android wallet.
 154 2013-08-11 02:35:37 <gwillen> ok, that seems to _strongly_ implicate android's RNG
 155 2013-08-11 02:35:59 <Cusipzzz> gmaxwell: yes, saw this months ago, thought a new version of the app was pushed
 156 2013-08-11 02:36:33 <gmaxwell> We identified a whole bunch of nonce-reuse transactions and tracked down their sources. Some were custom mining software, some were a particular "hardware wallet", some looked like android wallet.
 157 2013-08-11 02:36:48 <SomeoneWeird> interesting
 158 2013-08-11 02:36:57 <Cusipzzz> gmaxwell: right, that bitcoin card wallet too
 159 2013-08-11 02:37:04 <gwillen> I will bet a decent amount that this issue is something like this: the phone crashes and fails to save the seed
 160 2013-08-11 02:37:09 <gwillen> so it comes back up with the same seed as last boot
 161 2013-08-11 02:37:15 <gwillen> and someone happened to do a transaction just after coming up last boot
 162 2013-08-11 02:37:15 sserrano44 has joined
 163 2013-08-11 02:37:18 <gwillen> and another just after coming up this boot
 164 2013-08-11 02:37:36 <CodeShark> so the moral of the story is write your own RNG seeder if you're implementing an android wallet? :)
 165 2013-08-11 02:37:39 <gwillen> ok, let me downgrade that from 'a decent amount' to 'a small amount' because it does require a lot of coincidence
 166 2013-08-11 02:37:46 <gwillen> and I don't know how often this actually happened
 167 2013-08-11 02:37:51 <gwillen> but it sounds like more frequently than that would suggest
 168 2013-08-11 02:38:48 <gmaxwell> gwillen: seems somewhat unlike to me though... because the kernel stirs in randomness from the timer interupt... it would mean that it came up before no randomness was added, and that there had been no other reads...
 169 2013-08-11 02:39:03 <gmaxwell> er unlikely
 170 2013-08-11 02:39:40 <gmaxwell> so unless there is also a urandom weakness added by vendor patches to the kernel, I would still rate faulty hardware corrupting memory above that.
 171 2013-08-11 02:39:52 * gwillen nods
 172 2013-08-11 02:39:56 <gwillen> OTOH if it's a samsung device
 173 2013-08-11 02:40:07 <gwillen> then you can bet money on security holes being added by vendor patches
 174 2013-08-11 02:40:11 <gwillen> probably hundreds of them
 175 2013-08-11 02:40:14 <gwillen> one in the RNG would not shock me
 176 2013-08-11 02:40:35 <gwillen> my device has a world-writable /dev/mem
 177 2013-08-11 02:40:40 <gwillen> so my expectations are low
 178 2013-08-11 02:40:51 <Luke-Jr> lol
 179 2013-08-11 02:41:22 <Cusipzzz> they need to switch to Ubuntu<r>Phone, clearly
 180 2013-08-11 02:41:29 <gwillen> didn't that fail to get enough funding
 181 2013-08-11 02:41:41 <Cusipzzz> i thought they are going ahead with it
 182 2013-08-11 02:41:50 <gmaxwell> (I do note, that RNG weaknesses are one of the reasons that determinstic wallets are a little more concerning than they might otherwise be...)
 183 2013-08-11 02:42:01 <Luke-Jr> I'd have invested in that if they 1) added a keyboard and 2) guaranteed it was GPL compliant including kernel modules
 184 2013-08-11 02:42:06 <gwillen> gmaxwell: because you might generate a bad root key?
 185 2013-08-11 02:42:11 <gwillen> and you keep dying?
 186 2013-08-11 02:42:27 <gwillen> Luke-Jr: well it probably supports bluetooth/USB keyboards
 187 2013-08-11 02:42:32 <gwillen> since that's all in stock android now
 188 2013-08-11 02:42:32 <Luke-Jr> gmaxwell: eh, wouldn't HD wallets be *more* secure, provided the original seed was good?
 189 2013-08-11 02:42:40 <Luke-Jr> gwillen: not the same!
 190 2013-08-11 02:42:43 * gwillen nod
 191 2013-08-11 02:42:43 <gmaxwell> gwillen: yea, vs perhaps only getting some fraction of your keys vulnerable.
 192 2013-08-11 02:42:56 <gwillen> gmaxwell: but like, standard wallets are mostly _just_ as brittle
 193 2013-08-11 02:43:06 <gwillen> because you frequently, by the change mechanism, send LOTS of coins aroind for no reason
 194 2013-08-11 02:43:11 <gwillen> in otherwise-trivial transactions
 195 2013-08-11 02:43:28 <gwillen> I have very carefully made sure that my coins are not all in one txout, because of this sort of thing
 196 2013-08-11 02:43:37 <gwillen> they are in txouts of no more than 50 BTC, IIRC, which may still be too much
 197 2013-08-11 02:44:01 <Luke-Jr> a reasonably diverse wallet should do that on its own
 198 2013-08-11 02:44:01 <gmaxwell> gwillen: hm? typical users have a LOT of txouts, so change is seldom bigger than the actual output.
 199 2013-08-11 02:44:13 <gwillen> sure, but you can easily get unlucky
 200 2013-08-11 02:44:17 <gwillen> like, if you switched wallets
 201 2013-08-11 02:44:26 <gwillen> you just sent youself one big txout of 1000 coins or whatever
 202 2013-08-11 02:44:29 * Luke-Jr intentionally uses coin control for every tx
 203 2013-08-11 02:44:33 <gwillen> (which is what I very carefully did not do)
 204 2013-08-11 02:44:34 <gmaxwell> you could, indeed, but it is a reason that determinstic can be a little more brittle.
 205 2013-08-11 02:44:37 * gwillen nods
 206 2013-08-11 02:44:38 <gwillen> agreed
 207 2013-08-11 02:45:01 <gwillen> Luke-Jr: does -qt have coin control?
 208 2013-08-11 02:45:06 <Luke-Jr> gwillen: next-test does
 209 2013-08-11 02:45:19 <gmaxwell> gwillen: you can use raw transactions to do the same thing. Thats how I transact.
 210 2013-08-11 02:45:27 <gwillen> eugh.
 211 2013-08-11 02:45:30 <Luke-Jr> using raw txs would be ugly
 212 2013-08-11 02:45:35 <gwillen> I fear raw transactions more than I fear large txouts
 213 2013-08-11 02:45:38 <gmaxwell> well, I'm not recommending it for everyone. :P
 214 2013-08-11 02:45:40 <Cusipzzz> gwillen: ++
 215 2013-08-11 02:45:40 <BFXBOT> gwillen is on the rise! (Karma: 1)
 216 2013-08-11 02:45:45 <gwillen> hehe
 217 2013-08-11 02:45:45 <Luke-Jr> …
 218 2013-08-11 02:45:58 macboz has joined
 219 2013-08-11 02:46:29 Neozonz is now known as Disc!~Neozonz@unaffiliated/neozonz|Neozonz
 220 2013-08-11 02:46:48 <Luke-Jr> gwillen: FWIW, the latest next-test has some annoying (but bearable) bugs, but the one before that is pretty stable
 221 2013-08-11 02:46:57 <gmaxwell> gwillen: only particular risk with raw transactions is sending all your pretty coins to change... pretty easy to avoid that. I have script that prints the change amount.
 222 2013-08-11 02:47:47 CheckDavid has quit (Quit: Leaving)
 223 2013-08-11 02:48:41 <Luke-Jr> gmaxwell: petertodd has memorized transaction format well enough to hand-write them now <.<
 224 2013-08-11 02:49:10 <gmaxwell> Luke-Jr: yea, I can hand write them too, I think I mentioned this the other day. though converting addresses to hash 160 isn't something I can do in my head. :P
 225 2013-08-11 02:49:22 <gmaxwell> s/the other day/like four months ago/
 226 2013-08-11 02:49:28 <phantomcircuit> gmaxwell, with a piece of paper though...
 227 2013-08-11 02:49:37 <Cusipzzz> there is a user-friendly interface for raw-txns in .9 ?
 228 2013-08-11 02:49:45 <gmaxwell> the base conversion is a pita. I wouldn't be willing to do that on paper.
 229 2013-08-11 02:49:45 <Luke-Jr> Cusipzzz: no
 230 2013-08-11 02:49:59 <Luke-Jr> is it even possible to have a user-friendly interface for raw txns? O.o
 231 2013-08-11 02:50:00 <gmaxwell> Cusipzzz: I'm not sure what "user-friend" even could be there, it's sort of fundimentally not user friendly.
 232 2013-08-11 02:50:07 <gmaxwell> hah what luke said.
 233 2013-08-11 02:50:10 <Luke-Jr> XD
 234 2013-08-11 02:50:38 <Luke-Jr> Klik & Play transactions?
 235 2013-08-11 02:50:49 <Cusipzzz> well, i imagine a list of 'coins'/amounts that can be selected, a little click n drag with a visual showing of where everything goes :)
 236 2013-08-11 02:51:03 <Luke-Jr> Cusipzzz: that's just coin control
 237 2013-08-11 02:51:10 <Luke-Jr> I don't know why it isn't merged yet.
 238 2013-08-11 02:51:20 chorao has joined
 239 2013-08-11 02:51:21 <Cusipzzz> yes, that. not fully raw
 240 2013-08-11 02:51:57 <gmaxwell> Luke-Jr: because so far the implementations have been kinda crappy.
 241 2013-08-11 02:52:17 <Luke-Jr> gmaxwell: the current one has been working great
 242 2013-08-11 02:52:27 <gmaxwell> like abusing jgarzik's txout masking stuff for that is awful.
 243 2013-08-11 02:52:54 <gmaxwell> having no interactive display of fees/priority stinks, etc.
 244 2013-08-11 02:53:21 <Luke-Jr> gmaxwell: that's all there..
 245 2013-08-11 02:54:00 <gmaxwell> hm. it must have gained all that since I tried it out.
 246 2013-08-11 02:54:16 <gmaxwell> Luke-Jr: does it compute the sizes without signing in order to compute the priority/fee?
 247 2013-08-11 02:54:31 <Luke-Jr> gmaxwell: it computes some size at least
 248 2013-08-11 02:54:45 AusBitBank__ has quit (Ping timeout: 276 seconds)
 249 2013-08-11 02:55:16 <gmaxwell> hm. Yea, it's not hard to check if the key in question is compressed and then compute the conservative upper bound on the signature size, but it didn't do that originally. Cool if it does now. Pointer to the patch?
 250 2013-08-11 02:55:37 <Luke-Jr> https://github.com/bitcoin/bitcoin/pull/2343
 251 2013-08-11 02:57:44 <Luke-Jr> http://luke.dashjr.org/tmp/code/screenshots/snapshot107.png
 252 2013-08-11 02:57:46 <Luke-Jr> err
 253 2013-08-11 02:57:48 <Luke-Jr> http://luke.dashjr.org/tmp/screenshots/snapshot107.png
 254 2013-08-11 02:59:18 AusBitBank__ has joined
 255 2013-08-11 02:59:48 <gmaxwell> #@$@ stupid qt qmake stuff can't seem to handle manually setting BDB_LIB_PATH
 256 2013-08-11 03:00:00 Goonie has joined
 257 2013-08-11 03:00:39 <gmaxwell> oh there it goes.
 258 2013-08-11 03:01:21 Goonie_ has quit (Ping timeout: 264 seconds)
 259 2013-08-11 03:02:59 dzyk has joined
 260 2013-08-11 03:03:04 <gmaxwell> <3
 261 2013-08-11 03:03:06 dzyk has left ()
 262 2013-08-11 03:03:09 <gmaxwell> this is much better than the old stuff.
 263 2013-08-11 03:03:18 <Luke-Jr> it's been sitting like this for months :P
 264 2013-08-11 03:04:03 <gmaxwell> +                nBytesInputs += 148; // in all error cases, simply assume 148 here
 265 2013-08-11 03:04:15 <gmaxwell> that should probably assume much larger if it can't figure it out... but thats a minor nit.
 266 2013-08-11 03:04:30 <Luke-Jr> if it can't figure it out, it should do something so we're aware of a bug <.<
 267 2013-08-11 03:04:39 <Luke-Jr> but what exactly, not sure
 268 2013-08-11 03:05:36 <gmaxwell> We need to make a pass through the code and remove every case where the string "ERROR" gets logged where we don't want people showing up on IRC telling us about it.
 269 2013-08-11 03:06:10 <gmaxwell> then we need to copy off all the remaining errors into a seperate ERROR log, and when it has things in it, tell users to send the error log to the developers.
 270 2013-08-11 03:06:21 <gmaxwell> (maybe even have a button to review the content and submit it)
 271 2013-08-11 03:06:43 <gmaxwell> then stuff like that could just log something.
 272 2013-08-11 03:07:17 <Luke-Jr> maybe the size should just read "ERROR" in red for this
 273 2013-08-11 03:08:18 <gmaxwell> yea or "Unknown" in red.
 274 2013-08-11 03:14:10 <gmaxwell> Luke-Jr: I think it's kinda weird that the coin control stuff is above the outputs. Don't you want to put the outputs in first?
 275 2013-08-11 03:14:34 <Luke-Jr> gmaxwell: maybe.
 276 2013-08-11 03:15:16 <gmaxwell> kinda tempted to make this have a red (previously used) if you tell it a custom change address that you already have outputs to. Or a red (not in this wallet) if you don't know it at all.
 277 2013-08-11 03:15:58 <gmaxwell> Probably a fee/priority change that encourages sweeping should be merged in the same release as this, I'd hate to see more people being encouraged to not sweep by the red size when it goes over 10k.
 278 2013-08-11 03:16:43 <Luke-Jr> that sounds like a good improvement - although not necessarily for this pullreq
 279 2013-08-11 03:17:17 <gmaxwell> yea, sure sure.
 280 2013-08-11 03:17:30 <Luke-Jr> keep in mind people *can't* really sweep right now
 281 2013-08-11 03:17:39 <Luke-Jr> at least being able to is an improvement
 282 2013-08-11 03:22:49 CodeShark has quit (Remote host closed the connection)
 283 2013-08-11 03:30:10 TheSeven has quit (Disconnected by services)
 284 2013-08-11 03:30:18 [7] has joined
 285 2013-08-11 03:33:21 hellome has joined
 286 2013-08-11 03:34:29 ahbritto_ has quit (Quit: Ex-Chat)
 287 2013-08-11 03:35:03 rethaw has joined
 288 2013-08-11 03:41:23 yubrew has quit (Remote host closed the connection)
 289 2013-08-11 03:42:40 yubrew has joined
 290 2013-08-11 03:47:41 Zoo has quit (Read error: Connection reset by peer)
 291 2013-08-11 03:48:35 Zoo has joined
 292 2013-08-11 03:48:48 freewil has joined
 293 2013-08-11 03:56:42 Someguy123 has quit (Ping timeout: 248 seconds)
 294 2013-08-11 04:01:06 Neozonz has quit (Read error: Connection reset by peer)
 295 2013-08-11 04:01:53 dust-otc has quit (Remote host closed the connection)
 296 2013-08-11 04:09:24 Someguy123 has joined
 297 2013-08-11 04:12:06 AusBitBank__ has quit (Ping timeout: 276 seconds)
 298 2013-08-11 04:15:35 chorao2 has joined
 299 2013-08-11 04:16:23 joepie91 has quit (Quit: Nettalk6 - www.ntalk.de)
 300 2013-08-11 04:16:26 AusBitBank__ has joined
 301 2013-08-11 04:18:09 chorao has quit (Ping timeout: 264 seconds)
 302 2013-08-11 04:18:19 joepie91 has joined
 303 2013-08-11 04:25:25 Eleuthria has joined
 304 2013-08-11 04:26:11 yubrew has quit (Remote host closed the connection)
 305 2013-08-11 04:27:28 yubrew has joined
 306 2013-08-11 04:28:19 Eleuthria has left ()
 307 2013-08-11 04:28:21 ralphtheninja has quit (Ping timeout: 264 seconds)
 308 2013-08-11 04:35:45 agricocb has quit (Remote host closed the connection)
 309 2013-08-11 04:37:43 agricocb has joined
 310 2013-08-11 04:39:57 dermoth has quit (home!~thomas@dsl-216-221-60-246.mtl.aei.ca|Ping timeout: 260 seconds)
 311 2013-08-11 04:40:47 yubrew has quit (Remote host closed the connection)
 312 2013-08-11 04:45:03 agricocb has quit (Remote host closed the connection)
 313 2013-08-11 04:50:08 macboz has quit (Ping timeout: 256 seconds)
 314 2013-08-11 04:51:36 macboz has joined
 315 2013-08-11 04:52:16 agricocb has joined
 316 2013-08-11 04:55:55 BTCOxygen has joined
 317 2013-08-11 04:55:55 BTCOxygen has quit (Killed (cameron.freenode.net (Nickname regained by services)))
 318 2013-08-11 04:55:55 BTCOxygen is now known as 1!~BTCOxygen@unaffiliated/oxygen|BTCOxygen
 319 2013-08-11 05:00:00 thrasher` has quit (Remote host closed the connection)
 320 2013-08-11 05:00:19 thrasher` has joined
 321 2013-08-11 05:02:04 macboz_ has joined
 322 2013-08-11 05:02:40 thrasher`` has joined
 323 2013-08-11 05:03:17 macboz has quit (Ping timeout: 260 seconds)
 324 2013-08-11 05:05:00 thrasher` has quit (Ping timeout: 264 seconds)
 325 2013-08-11 05:09:55 dermoth has joined
 326 2013-08-11 05:11:01 t1488t has joined
 327 2013-08-11 05:11:38 MCM-Mike has quit (Ping timeout: 268 seconds)
 328 2013-08-11 05:14:17 altamic has joined
 329 2013-08-11 05:14:34 altamic has left ()
 330 2013-08-11 05:16:03 t1488t has quit (Ping timeout: 240 seconds)
 331 2013-08-11 05:18:02 rdponticelli has quit (Ping timeout: 240 seconds)
 332 2013-08-11 05:19:36 rdponticelli has joined
 333 2013-08-11 05:21:38 dan_ has joined
 334 2013-08-11 05:22:57 AusBitBank__ has quit (Ping timeout: 276 seconds)
 335 2013-08-11 05:23:42 rdponticelli has quit (Ping timeout: 240 seconds)
 336 2013-08-11 05:24:00 AusBitBank__ has joined
 337 2013-08-11 05:25:43 dan_ has quit (Ping timeout: 240 seconds)
 338 2013-08-11 05:26:24 mrkent has joined
 339 2013-08-11 05:30:50 BFXBOT has joined
 340 2013-08-11 05:34:55 paracyst has quit ()
 341 2013-08-11 05:36:14 robocoin has joined
 342 2013-08-11 05:36:53 t1488t has joined
 343 2013-08-11 05:37:29 dermoth_ has joined
 344 2013-08-11 05:38:34 dermoth has quit (home!~thomas@dsl-66-36-142-135.mtl.aei.ca|Ping timeout: 248 seconds)
 345 2013-08-11 05:39:50 <Luke-Jr> btw, in case anyone was wondering, git fails almost as bad as bitcoin when its repositories get corrupt, and after a few GB that seems to happen pretty often :\
 346 2013-08-11 05:40:17 altamic has joined
 347 2013-08-11 05:40:30 altamic has left ()
 348 2013-08-11 05:41:04 t1488t has quit (Ping timeout: 240 seconds)
 349 2013-08-11 05:43:36 grau has joined
 350 2013-08-11 05:46:13 agricocb has quit (Ping timeout: 260 seconds)
 351 2013-08-11 05:46:50 BFXBOT has quit (Remote host closed the connection)
 352 2013-08-11 05:46:59 dzyk has joined
 353 2013-08-11 05:47:03 BFXBOT has joined
 354 2013-08-11 05:56:32 dzyk has left ()
 355 2013-08-11 05:58:38 t1488t has joined
 356 2013-08-11 06:04:59 AusBitBank_ has joined
 357 2013-08-11 06:05:12 AusBitBank__ has quit (Ping timeout: 276 seconds)
 358 2013-08-11 06:06:51 freewil has quit (Ping timeout: 248 seconds)
 359 2013-08-11 06:08:14 freewil has joined
 360 2013-08-11 06:10:04 twmz has joined
 361 2013-08-11 06:11:10 agnostic98 has quit (Remote host closed the connection)
 362 2013-08-11 06:11:12 altamic has joined
 363 2013-08-11 06:11:39 agnostic98 has joined
 364 2013-08-11 06:11:47 altamic has left ()
 365 2013-08-11 06:16:05 agnostic98 has quit (Ping timeout: 260 seconds)
 366 2013-08-11 06:16:08 owowo has quit (Quit: dead)
 367 2013-08-11 06:17:55 freewil has quit (Quit: Leaving)
 368 2013-08-11 06:19:23 agnostic98 has joined
 369 2013-08-11 06:19:25 mrkent has quit (Ping timeout: 240 seconds)
 370 2013-08-11 06:21:04 grau has quit (Remote host closed the connection)
 371 2013-08-11 06:29:16 maaku has quit (Remote host closed the connection)
 372 2013-08-11 06:31:14 maaku has joined
 373 2013-08-11 06:31:38 maaku is now known as Guest9869
 374 2013-08-11 06:32:38 Lolcust has quit (Remote host closed the connection)
 375 2013-08-11 06:35:43 Lolcust has joined
 376 2013-08-11 06:36:09 Coincide_ has quit (Remote host closed the connection)
 377 2013-08-11 06:40:10 sserrano44 has quit (Quit: Computer has gone to sleep.)
 378 2013-08-11 06:40:44 Guest9869 has left ()
 379 2013-08-11 06:41:09 maaku has joined
 380 2013-08-11 06:43:59 grau has joined
 381 2013-08-11 06:46:00 sserrano44 has joined
 382 2013-08-11 06:52:52 grau has quit (Remote host closed the connection)
 383 2013-08-11 06:54:26 peetaur2 has joined
 384 2013-08-11 06:57:16 realazthat has quit (Read error: Connection reset by peer)
 385 2013-08-11 06:59:08 realazthat has joined
 386 2013-08-11 07:00:28 Coincidental has joined
 387 2013-08-11 07:00:58 Coincide_ has joined
 388 2013-08-11 07:05:00 Coincidental has quit (Ping timeout: 276 seconds)
 389 2013-08-11 07:06:56 grau has joined
 390 2013-08-11 07:19:26 melvster has joined
 391 2013-08-11 07:20:45 agnostic98 has quit (Remote host closed the connection)
 392 2013-08-11 07:21:12 agnostic98 has joined
 393 2013-08-11 07:22:56 Insti has joined
 394 2013-08-11 07:25:32 agnostic98 has quit (Ping timeout: 240 seconds)
 395 2013-08-11 07:38:47 debiantoruser has quit (Ping timeout: 264 seconds)
 396 2013-08-11 07:38:54 debiantoruser has joined
 397 2013-08-11 07:44:39 <random_cat> what os/distro, luke-jr?
 398 2013-08-11 07:44:57 <Luke-Jr> random_cat: Gentoo
 399 2013-08-11 07:45:10 <Luke-Jr> not that it matters O.o
 400 2013-08-11 07:47:23 <random_cat> amd64?
 401 2013-08-11 07:47:38 <Luke-Jr> x86
 402 2013-08-11 07:48:43 <Luke-Jr> my shell script that runs git fsck in a loop and scp-s corrupt/missing objects has been running for like a week, because git fsck is sloooooooow
 403 2013-08-11 07:49:06 <sipa> heh
 404 2013-08-11 07:49:49 <Luke-Jr> I should probably set up a cron job to do it :/
 405 2013-08-11 07:49:59 <Luke-Jr> it's got a year's worth of corruption to deal with
 406 2013-08-11 07:50:17 <Luke-Jr> since that's how long since I last gc'd
 407 2013-08-11 07:50:23 <sipa> wow
 408 2013-08-11 07:52:02 <petertodd> Luke-Jr: you ever run memtest86 on that machine?
 409 2013-08-11 07:53:34 btcbtc has joined
 410 2013-08-11 07:53:57 saulimus has joined
 411 2013-08-11 07:54:09 debiantoruser has quit (Ping timeout: 264 seconds)
 412 2013-08-11 07:54:31 <Luke-Jr> petertodd: probably
 413 2013-08-11 07:54:38 agnostic98 has joined
 414 2013-08-11 07:54:52 <Luke-Jr> it crashes occasionally, I'd hope it's related to those times
 415 2013-08-11 07:54:56 mapppum has joined
 416 2013-08-11 07:55:00 <Luke-Jr> and the git repo receives a push about every minute
 417 2013-08-11 07:55:17 <petertodd> sounds about right - I've never seen git get corrupted on working hardware
 418 2013-08-11 07:55:36 <petertodd> had to replace some ram sticks on my box recently because they were bad
 419 2013-08-11 07:55:48 debiantoruser has joined
 420 2013-08-11 07:55:48 <petertodd> noticed the same corruption issues with git
 421 2013-08-11 07:57:10 <Luke-Jr> hmm
 422 2013-08-11 07:57:16 <Luke-Jr> that's odd. the git repo is only 6.7 GB now
 423 2013-08-11 07:57:21 <Luke-Jr> I was sure it was bigger
 424 2013-08-11 07:57:54 <petertodd> heh, what's the repo for?
 425 2013-08-11 07:58:16 <Luke-Jr> my maildir
 426 2013-08-11 07:58:23 <Luke-Jr> yeah, it was 65 GB when I started trying to fix it
 427 2013-08-11 07:58:31 <Luke-Jr> maybe it's packing as it fscks O.o
 428 2013-08-11 07:58:44 agnostic98 has quit (Ping timeout: 240 seconds)
 429 2013-08-11 07:58:44 <petertodd> ah, maybe you screwed that up somewhere...
 430 2013-08-11 07:58:57 mappum has quit (Ping timeout: 264 seconds)
 431 2013-08-11 07:59:01 <Luke-Jr> nah, 6.7 GB sounds about normal for the post-gc size
 432 2013-08-11 07:59:10 <Luke-Jr> it's crazy how much compression helps git
 433 2013-08-11 07:59:19 <petertodd> heh, git annex is even better
 434 2013-08-11 08:00:03 mappum has joined
 435 2013-08-11 08:00:39 <Luke-Jr> petertodd: new?
 436 2013-08-11 08:00:59 <petertodd> ?
 437 2013-08-11 08:01:52 jeewee has joined
 438 2013-08-11 08:03:02 <Luke-Jr> hmm, separate from git
 439 2013-08-11 08:03:11 <petertodd> kinda, built into git
 440 2013-08-11 08:03:12 mapppum has quit (Ping timeout: 264 seconds)
 441 2013-08-11 08:03:21 <petertodd> http://git-annex.branchable.com/
 442 2013-08-11 08:03:26 <gmaxwell> I wish git had xz compression, alas.
 443 2013-08-11 08:03:29 <petertodd> but yeah, it's an addon
 444 2013-08-11 08:05:28 grau has quit (Remote host closed the connection)
 445 2013-08-11 08:07:13 <warren> phantomcircuit: how small are the txo's in the problematic wallet?  If you apply litecoin's mininput patch then rescan, it will just ignore the useless dust and make the wallet usable again.
 446 2013-08-11 08:08:03 o3u has quit (Ping timeout: 276 seconds)
 447 2013-08-11 08:08:15 <warren> phantomcircuit: https://github.com/litecoin-project/litecoin/commit/2db43142bc9d4febd7946488489fd3fa0e1590f2  that might even work as-is
 448 2013-08-11 08:08:38 <warren> phantomcircuit: set the threshold to just above the size of the dust
 449 2013-08-11 08:09:58 <sipa> that sounds like a sure way to blow up the UTXO set...
 450 2013-08-11 08:10:22 <warren> sipa: no, it only ignores them from input selection
 451 2013-08-11 08:10:27 <warren> they're still spendable
 452 2013-08-11 08:11:10 <gmaxwell> not pratically so.
 453 2013-08-11 08:11:38 <gmaxwell> you should at least couple that with a patch to broadcast out ANYONE_CAN_PAY|NONE transactions with those dust bits so other people can collect them in big grooming transactions.
 454 2013-08-11 08:13:13 <Luke-Jr> petertodd: something tells me this won't work as a rootfs thing, let alone as a  maildir store :\
 455 2013-08-11 08:13:41 <warren> -minput parameter lets users set it smaller all the way to 1 satoshi if they want to combine inputs, but we have very few coins that small due to the multiplicative per-dust fee
 456 2013-08-11 08:14:24 <petertodd> Luke-Jr: ? what exactly are you doing there? I use git annex on my mail myself.
 457 2013-08-11 08:14:36 <warren> only a few wallets hold the ~10M 1-satoshi attacks, and we plan on just declaring that unspendable in a future 95% miner vote fork in order to shrink the UTXO set to almost nothing.
 458 2013-08-11 08:14:42 macboz_ has quit (Quit: This computer has gone to sleep)
 459 2013-08-11 08:14:47 <Luke-Jr> petertodd: on a mail server?
 460 2013-08-11 08:14:55 <petertodd> Luke-Jr: yup
 461 2013-08-11 08:15:09 <Luke-Jr> petertodd: if git annex makes everything into symlinks, won't that confuse procmail and/or courier-imapd?
 462 2013-08-11 08:15:26 <petertodd> Luke-Jr: doesn't seem to bother it, and there is a non-symlink mode in newer git-annex anyway
 463 2013-08-11 08:15:45 K1773R has quit (Read error: Operation timed out)
 464 2013-08-11 08:15:49 <Luke-Jr> oh
 465 2013-08-11 08:16:49 <warren> gmaxwell: coblee did consider the ANYONE_CAN_PAY solution, but I think sipa/petertodd came up with the miner vote unspendable solution
 466 2013-08-11 08:17:19 <gmaxwell> that doesn't help you on going. and uh... is .. miners taking away people's outputs politically viable?
 467 2013-08-11 08:17:35 <warren> Yes.  Almost nobody has these outputs.
 468 2013-08-11 08:17:37 <petertodd> warren: ...and for the record then I pointed out that the UTXO set isn't in memory, so it could be a lot of fuss over nothing.
 469 2013-08-11 08:17:47 <warren> petertodd: that's fine.
 470 2013-08-11 08:19:09 grau has joined
 471 2013-08-11 08:19:17 grau has quit (Remote host closed the connection)
 472 2013-08-11 08:19:22 <warren> gmaxwell: the ANYONE_CAN_PAY solution would mean several hundred megabytes of blockchain growth in order to reincorporate 0.1 LTC of value back into circulation.  Probably most of those wallets were discarded, or owned by coblee and others who don't care about it anyway.
 473 2013-08-11 08:19:57 <gmaxwell> warren: okay, still doesn't help you going forward.
 474 2013-08-11 08:20:06 <warren> shrug, doesn't harm either.
 475 2013-08-11 08:20:28 <petertodd> Sets a precident that you will consider destroying outputs - I'd call that rather harmful.
 476 2013-08-11 08:20:52 <warren> It's a proposal in the public right now.  Not a priority proposal.
 477 2013-08-11 08:21:31 <petertodd> Keep it in mind anyway... I mean, sure I'd love to see an alt-coin try it out, just to see what the process looked like, but I wouldn't want to see a coin I was heavily invested in do it.
 478 2013-08-11 08:21:35 <gmaxwell> Just saying, regardless of what you do there, having stuff to do ANYONE_CAN_PAY|NONE would probably be good to go along with the non-spendable dust.
 479 2013-08-11 08:23:24 <warren> If you care, respond to the proposal and suggest that.   Nobody in the public seems to care.
 480 2013-08-11 08:23:33 <petertodd> gmaxwell: It's interesting how with OP_RETURN/anyone-can-spend outputs as standard you could have a mechanism where you just broadcast such tx's and people have code watching for them and grabbing them.
 481 2013-08-11 08:23:50 <petertodd> gmaxwell: Useful against deanonymization dust,.
 482 2013-08-11 08:24:02 <Luke-Jr> petertodd: it's too bad ext4 didn't add a copy-on-write hardlink
 483 2013-08-11 08:24:10 K1773R has joined
 484 2013-08-11 08:24:42 <petertodd> Luke-Jr: heh, everyone says such things, but they have ugly security/quotat accounting problems in some cases
 485 2013-08-11 08:25:36 <Luke-Jr> meh, problems with obvious solutions
 486 2013-08-11 08:25:45 Eiii has quit ()
 487 2013-08-11 08:26:01 <gmaxwell> petertodd: right thats why I was talking about this the other day, using it to give away deanonymization dust.
 488 2013-08-11 08:26:17 <gmaxwell> which would hopefully end the deanonmization attacks.
 489 2013-08-11 08:26:22 <gmaxwell> (well dust based ones)
 490 2013-08-11 08:26:45 <petertodd> gmaxwell: Oh, another fun one would be to have a threshold where any change less than a certain amount would be sent to a random address you pick from a recently observed tx that wasn't yours.
 491 2013-08-11 08:26:56 <gmaxwell> just have some setting ("give away all payments less than [0.00001] BTC") and it produces a ANYONE_CAN_PAY|NONE signature for any of those and broadcasts it.
 492 2013-08-11 08:27:07 <warren> Would that require child pays for 0-conf parent?
 493 2013-08-11 08:27:33 <gmaxwell> warren: why would it? for ANYONE_CAN_PAY|NONE you'd teach miners to automatically merge and steal those outputs.
 494 2013-08-11 08:27:54 <gmaxwell> e.g. you'c collect up all the ANYONE_CAN_PAY|NONEs you see and make a single OP_RETURN transaction and take them all as fees.
 495 2013-08-11 08:27:59 <petertodd> warren: Make the scriptSig have zero value and be an empty OP_RETURN
 496 2013-08-11 08:28:22 <warren> oh... that's quite nice.
 497 2013-08-11 08:28:47 <gmaxwell> with some not very complicated code you'd order the ANYONE_CAN_PAY|NONE by size, and the mining code would tell you how much room is left in the block.. and you'd just produce the largest sweeping txn you have room for.
 498 2013-08-11 08:29:24 <warren> miners would need to decide if that's worth the extra orphan risk?
 499 2013-08-11 08:29:31 <warren> bigger block
 500 2013-08-11 08:29:41 <gmaxwell> yea, thats up to them, indeed.
 501 2013-08-11 08:29:55 <petertodd> warren: mining code already isn't written well with regard to that: you really should be computing orphan risk on a per Tx bases based on fees
 502 2013-08-11 08:30:02 <petertodd> fees+subsidy in the block already
 503 2013-08-11 08:30:13 <warren> indeed
 504 2013-08-11 08:30:22 <warren> I wonder if some pools already did that.
 505 2013-08-11 08:30:31 whizter has joined
 506 2013-08-11 08:30:31 <petertodd> warren: I set my p2pool node to do no free tx's at all and with a minfee of 0.001/kb myself along those lines.
 507 2013-08-11 08:30:49 <petertodd> warren: ASICminer is kinda like that apparently - they output fairly small blocks.
 508 2013-08-11 08:31:27 <warren> petertodd: isn't orphan risk not a huge concern with p2pool due to the tx pre-forwarding?
 509 2013-08-11 08:31:49 <warren> If other pools were smart, they'd have their own huge network of pre-forwarding nodes everywhere to do the same.
 510 2013-08-11 08:31:51 <petertodd> warren: less of a concern, but it's still not zero
 511 2013-08-11 08:32:05 <gmaxwell> more of a concern for p2pool is that big mempools make getblocktemplate slow.
 512 2013-08-11 08:32:11 <warren> ahh
 513 2013-08-11 08:32:11 macboz_ has joined
 514 2013-08-11 08:32:23 <gmaxwell> p2pool has basically zero orphans. There was one a week ago, I think it was the first one in three months.
 515 2013-08-11 08:32:25 <petertodd> gmaxwell: although with the 30s share time that's not as much of an issue
 516 2013-08-11 08:33:04 <petertodd> gmaxwell: I also accept non-std tx's, which pose an orphan risk again to the pool, so the high minfee helps mitigate that
 517 2013-08-11 08:37:24 robocoin has quit (Quit: .)
 518 2013-08-11 08:38:58 robocoin has joined
 519 2013-08-11 08:40:40 toffoo has quit ()
 520 2013-08-11 08:41:02 jeewee has quit (Quit: Leaving.)
 521 2013-08-11 08:46:16 thrasher`` has quit (Changing host)
 522 2013-08-11 08:46:16 thrasher`` has joined
 523 2013-08-11 08:48:47 agnostic98 has joined
 524 2013-08-11 08:49:50 btcbtc has quit (Quit: btcbtc)
 525 2013-08-11 08:50:57 ericmuyser has quit (Remote host closed the connection)
 526 2013-08-11 08:53:47 agnostic98 has quit (Ping timeout: 264 seconds)
 527 2013-08-11 08:54:19 Prattler has quit (Ping timeout: 248 seconds)
 528 2013-08-11 08:54:59 Prattler has joined
 529 2013-08-11 09:10:39 thrasher`` is now known as thrasher`
 530 2013-08-11 09:22:22 razorfishsl has joined
 531 2013-08-11 09:22:24 thrasher` has quit (Ping timeout: 264 seconds)
 532 2013-08-11 09:27:13 Coincide_ has quit (Remote host closed the connection)
 533 2013-08-11 09:28:40 robocoin has quit (Read error: Operation timed out)
 534 2013-08-11 09:29:11 knotwork__ has quit (Read error: Connection reset by peer)
 535 2013-08-11 09:35:56 mapppum has joined
 536 2013-08-11 09:39:10 mappum has quit (Ping timeout: 246 seconds)
 537 2013-08-11 09:43:27 razorfishsl has quit (Remote host closed the connection)
 538 2013-08-11 09:44:15 Zoo has quit (Read error: Connection reset by peer)
 539 2013-08-11 09:44:38 jeewee has joined
 540 2013-08-11 09:44:46 Zoo has joined
 541 2013-08-11 09:47:30 Namworld has quit (Read error: Connection reset by peer)
 542 2013-08-11 09:50:38 agnostic98 has joined
 543 2013-08-11 09:58:44 agnostic98 has quit (Ping timeout: 240 seconds)
 544 2013-08-11 09:59:18 mrkent has joined
 545 2013-08-11 10:09:18 bmcgee has joined
 546 2013-08-11 10:12:24 altamic has joined
 547 2013-08-11 10:14:53 altamic has left ()
 548 2013-08-11 10:20:24 MiningBuddy has quit (Remote host closed the connection)
 549 2013-08-11 10:25:39 agnostic98 has joined
 550 2013-08-11 10:28:09 bmcgee_ has joined
 551 2013-08-11 10:29:55 agnostic98 has quit (Ping timeout: 246 seconds)
 552 2013-08-11 10:30:20 bmcgee has quit (Ping timeout: 240 seconds)
 553 2013-08-11 10:30:20 bmcgee_ is now known as bmcgee
 554 2013-08-11 10:31:56 danda__ has joined
 555 2013-08-11 10:34:02 one_zero has joined
 556 2013-08-11 10:34:30 michagogo has joined
 557 2013-08-11 10:34:57 danda_ has quit (Ping timeout: 276 seconds)
 558 2013-08-11 10:39:14 altamic has joined
 559 2013-08-11 10:43:36 chmod755 has joined
 560 2013-08-11 10:48:26 uinogota has quit ()
 561 2013-08-11 10:48:52 uinogota has joined
 562 2013-08-11 10:51:40 m00p has joined
 563 2013-08-11 10:56:36 agnostic98 has joined
 564 2013-08-11 10:58:38 datagutt has joined
 565 2013-08-11 11:01:19 Application has quit (Ping timeout: 256 seconds)
 566 2013-08-11 11:02:15 agnostic98 has quit (Ping timeout: 276 seconds)
 567 2013-08-11 11:04:17 Application has joined
 568 2013-08-11 11:05:18 <JyZyXEL> if you changed the blockchain from 10 minute targets to 5 minute targets, would that mean you would now need to wait for 12 confirmations instead of 6 to get the same security?
 569 2013-08-11 11:06:21 <gmaxwell> JyZyXEL: against some threat patterns yes, potentally more depending on network characteristics,  against some threat patterns somewhat less though also highly subject to network characteristics.
 570 2013-08-11 11:06:38 ralphtheninja has joined
 571 2013-08-11 11:09:48 daybyter has joined
 572 2013-08-11 11:10:52 <michagogo> Will a node relay a block that it gets that's an orphan from a couple blocks back, or will it only relay what it considers the best change?
 573 2013-08-11 11:11:07 <michagogo> (erm, not sure "orphan" is the right word here)
 574 2013-08-11 11:11:15 <gmaxwell> michagogo: it will only relay what it considers the best chain.
 575 2013-08-11 11:11:42 <michagogo> Hmm.
 576 2013-08-11 11:12:40 <JyZyXEL> the whitepaper says if the attacker trying to generate an alternate blockchain is 6 blocks behind the probability of him succeeding is 0.0002428, would that hold true for both 10 minute and 5 minute targeting difficulty?
 577 2013-08-11 11:12:44 <gmaxwell> JyZyXEL: basically, against attacks that deal with pure computation bulk (like someone buying a large burst of computing power to finny or reorg a bit), what matters is sheer computation (and its costs) and not block times.
 578 2013-08-11 11:12:56 saulimus has quit (Quit: saulimus)
 579 2013-08-11 11:13:00 jeewee has quit (Quit: Leaving.)
 580 2013-08-11 11:13:52 <gmaxwell> For attacks which instead redirect existing hashpower and hope to get ahead by chance, then count matters more, but it's offset by convergence dillution, which generally works in the favor of large attackers.
 581 2013-08-11 11:15:16 <gmaxwell> JyZyXEL: for a simple thought expirement, imagine the network with one nanosecond block times. Blocks would happen far far faster than they could be communicated between nodes, and all the nodes would spilt off into their own networks mining in isolation, every once in a while you'd finally see a peer a bit ahead and have a huge reorg.
 582 2013-08-11 11:15:40 <gmaxwell> An attacker which isn't split into a bunch of isolated pieces would have an easy time getting ahead of a non-convergent network.
 583 2013-08-11 11:16:43 <gmaxwell> So, e.g. against attacks that purchase a concentration of computing power (e.g. outpacing the network but only for a brief moment), you'd want more blocks maybe— 13 or 14. because of additional dillution.
 584 2013-08-11 11:17:01 <gmaxwell> Vs redirecting the existing network, where you might only want 7 or 8.
 585 2013-08-11 11:18:30 <gmaxwell> though even 6 seems pretty suspect. There are _single_ mining points of control today with 30-40% of the hashpower. they could reorg 6 with fair probablity.
 586 2013-08-11 11:21:41 mrkent has quit (Read error: Operation timed out)
 587 2013-08-11 11:28:14 BFXBOT has quit (Excess Flood)
 588 2013-08-11 11:28:29 BFXBOT has joined
 589 2013-08-11 11:29:57 knotwork has joined
 590 2013-08-11 11:31:35 WisSo[a] has joined
 591 2013-08-11 11:32:15 vigilyn has quit (Quit: Leaving)
 592 2013-08-11 11:34:16 <JyZyXEL> according to the white paper if your probability of finding the next block is 0.3 and you are 20 blocks behind, the probability of catching up would be 0.0024804, so if you had a 10 second blockchain, you would achieve very good security very fast?
 593 2013-08-11 11:35:22 <JyZyXEL> if the only two things that matter are your hashing power versus the networks and the amount of blocks the longest blockchain is ahead of you
 594 2013-08-11 11:36:57 <MoALTz> don't forget distribution time. if someone finds a block then that block has to spread through the p2p network
 595 2013-08-11 11:38:13 altamic has left ()
 596 2013-08-11 11:41:44 <JyZyXEL> how big is the data that needs to be distributed?
 597 2013-08-11 11:42:42 <gmaxwell> JyZyXEL: do you have me on ignore?
 598 2013-08-11 11:42:50 <JyZyXEL> no
 599 2013-08-11 11:42:58 <gmaxwell> Then why did you ignore everything I just said to you?
 600 2013-08-11 11:43:32 <JyZyXEL> im just not getting it
 601 2013-08-11 11:43:34 <gmaxwell> The "only two things that matter are your hashing power versus the networks and the amount of blocks the longest blockchain is ahead of you" is only the case when the time between block is very large compared to the network and validation latency.
 602 2013-08-11 11:44:09 <gmaxwell> And only the case when the attack model can't purchase small bursts of very large amounts of hashpower at basically operating cost.
 603 2013-08-11 11:45:41 CodeShark has joined
 604 2013-08-11 11:46:39 WisSo[a] has quit ()
 605 2013-08-11 11:55:16 <michagogo> Hmm, just thought of something... If you create a transaction, then if you sign it twice the signatures will be different because there's a random number involved, right?
 606 2013-08-11 11:55:45 <CodeShark> if that's not the case then you're doing something very wrong :)
 607 2013-08-11 11:55:47 <michagogo> If the txid is just the hash of the transaction, signing the same transaction twice will result in two different txids for the same tx.
 608 2013-08-11 11:55:55 <CodeShark> correct
 609 2013-08-11 11:56:07 <michagogo> Interesting.
 610 2013-08-11 11:57:04 WisSo[a] has joined
 611 2013-08-11 11:57:12 Prattler has quit (Quit: ZNC - http://znc.in)
 612 2013-08-11 11:57:12 m00p has quit (Ping timeout: 264 seconds)
 613 2013-08-11 11:58:57 agnostic98 has joined
 614 2013-08-11 11:59:00 CheckDavid has joined
 615 2013-08-11 11:59:34 JyZyXEL has quit (Ping timeout: 264 seconds)
 616 2013-08-11 12:01:01 <gmaxwell> CodeShark: well, it could be determinstic without being insecure in some implementations.
 617 2013-08-11 12:01:32 <CodeShark> gmaxwell: it could - but none that I'm aware of do that
 618 2013-08-11 12:01:46 TD has joined
 619 2013-08-11 12:01:56 <Vinnie_win> What's up folks
 620 2013-08-11 12:03:43 <CodeShark> hi vinnie
 621 2013-08-11 12:03:46 agnostic98 has quit (Ping timeout: 264 seconds)
 622 2013-08-11 12:03:57 <Vinnie_win> I'm working on inlining boost into beast using git-subtree
 623 2013-08-11 12:04:20 <Vinnie_win> any bitcoin devs here?
 624 2013-08-11 12:04:25 bmcgee has quit (Quit: bmcgee)
 625 2013-08-11 12:04:37 <michagogo> Vinnie_win: Some, yes.
 626 2013-08-11 12:04:42 <Vinnie_win> hi
 627 2013-08-11 12:04:43 <CodeShark> nah, it's a coincidence this channel is called bitcoin-dev
 628 2013-08-11 12:04:48 <Vinnie_win> I mean awake
 629 2013-08-11 12:05:11 <CodeShark> do you have a specific question?
 630 2013-08-11 12:05:34 <Vinnie_win> Not really
 631 2013-08-11 12:06:09 JyZyXEL has joined
 632 2013-08-11 12:08:35 <CodeShark> gmaxwell: by a deterministic implementation I would imagine something like using an HMAC of the transaction hash as the random input
 633 2013-08-11 12:10:04 m00p has joined
 634 2013-08-11 12:10:14 <CodeShark> k = HMAC(secret, hash to sign)
 635 2013-08-11 12:17:05 <Vinnie_win> https://gist.github.com/vinniefalco/6204632 uint24
 636 2013-08-11 12:17:29 <CodeShark> lol - so much code to represent three bytes :p
 637 2013-08-11 12:17:34 <Vinnie_win> haha
 638 2013-08-11 12:20:32 <CodeShark> wouldn't a simple typecast and copy be faster for from3RawBytes, with a possible bswap?
 639 2013-08-11 12:20:41 <CodeShark> just nitpicking :p
 640 2013-08-11 12:20:50 <Vinnie_win> read my bio on http://opencoin.com
 641 2013-08-11 12:20:50 <CodeShark> it's not likely to make any noticeable difference
 642 2013-08-11 12:20:59 <Vinnie_win> Just hover over my photo, its the last one.
 643 2013-08-11 12:21:02 bmcgee has joined
 644 2013-08-11 12:23:35 chorao2 has quit (Read error: Connection reset by peer)
 645 2013-08-11 12:23:57 chorao has joined
 646 2013-08-11 12:26:28 GordonG3kko has quit (Remote host closed the connection)
 647 2013-08-11 12:27:33 mapppum has quit (Ping timeout: 260 seconds)
 648 2013-08-11 12:29:05 sserrano44 has quit (Quit: Computer has gone to sleep.)
 649 2013-08-11 12:31:06 GordonG3kko has joined
 650 2013-08-11 12:36:10 bloke has joined
 651 2013-08-11 12:38:02 one_zero has quit ()
 652 2013-08-11 12:45:41 davedave has joined
 653 2013-08-11 12:46:15 iddo has quit (Changing host)
 654 2013-08-11 12:46:15 iddo has joined
 655 2013-08-11 12:46:25 <iddo> CodeShark: yes basically k=hash(privkey,message) is secure, you must hash the privkey because if k is known the the privkey can easily be computed
 656 2013-08-11 12:47:04 Lolcust has quit (Quit: Nap time)
 657 2013-08-11 12:47:32 <iddo> was there ever a discussion on switching to deterministic k in the satoshi client?
 658 2013-08-11 12:48:36 <CodeShark> if it's truly secure, why isn't it just part of the ECDSA specification?
 659 2013-08-11 12:48:43 <iddo> s/the the/then the
 660 2013-08-11 12:49:10 Lolcust has joined
 661 2013-08-11 12:49:39 <CodeShark> key generation would still require sufficient entropy for security - but by making k deterministic it would get rid of one more potential implementation security hole
 662 2013-08-11 12:49:53 <iddo> it's not related just to ECDSA but to DSA is general, the generic DSA scheme tried to be as generalized as possible i guess
 663 2013-08-11 12:50:46 <iddo> even if you use a scheme with deterministic k, the verification will pass if someone else created a signature with a random k
 664 2013-08-11 12:50:49 <CodeShark> yeah
 665 2013-08-11 12:50:52 <CodeShark> I was just going to say
 666 2013-08-11 12:50:55 <CodeShark> there's no way to verify
 667 2013-08-11 12:51:12 <CodeShark> so it cannot really be enforced on the receiving end
 668 2013-08-11 12:51:22 <Vinnie_win> I'm tired as hell
 669 2013-08-11 12:51:40 <CodeShark> go to sleep :)
 670 2013-08-11 12:52:05 <iddo> in fact i trying to look for use cases where randomized signatures are helpful
 671 2013-08-11 12:52:19 <iddo> couldn't find any...
 672 2013-08-11 12:52:49 shesek has quit (Quit: Leaving)
 673 2013-08-11 12:53:00 <iddo> (unlike randomized encryption, where semantic security is crucial)
 674 2013-08-11 12:53:00 sacredchao has quit (Remote host closed the connection)
 675 2013-08-11 12:53:13 <CodeShark> right - in this case the message is plaintext
 676 2013-08-11 12:53:26 <CodeShark> so even if the signature differs, anyone can tell it's the same thing being signed
 677 2013-08-11 12:54:03 AusBitBank_ has quit (Ping timeout: 276 seconds)
 678 2013-08-11 12:54:13 <iddo> but i still wonder if randomized signatures can be useful for something
 679 2013-08-11 12:56:56 <iddo> gmaxwell: sipa: was there ever a discussion on switching to deterministic k in the satoshi client?
 680 2013-08-11 12:57:02 <iddo> maybe they will answer later:)
 681 2013-08-11 12:58:25 sacredchao has joined
 682 2013-08-11 12:58:42 shesek has joined
 683 2013-08-11 13:01:13 agnostic98 has joined
 684 2013-08-11 13:05:48 agnostic98 has quit (Ping timeout: 264 seconds)
 685 2013-08-11 13:06:46 melvster has quit (Ping timeout: 264 seconds)
 686 2013-08-11 13:07:16 pecket has quit (Quit: I'm not stupid. I'm just unlucky when I think.)
 687 2013-08-11 13:07:31 <gmaxwell> iddo: no, though there is no particular need to. Our K selection is currently busted RNG proof in any case.
 688 2013-08-11 13:08:11 knotwork has quit (Ping timeout: 248 seconds)
 689 2013-08-11 13:10:22 <michagogo> Hmm. In hindsight, I should have included a fee in https://blockchain.info/tx/e9d64a4737fa2070649e240f7c26185b0907011a20f843ae16239c6353d8ec70
 690 2013-08-11 13:10:32 <michagogo> Well, at least it got relayed
 691 2013-08-11 13:11:15 <iddo> gmaxwell: what happens if someone tries to run the satoshi client on a device that doesn't have enough entropy?
 692 2013-08-11 13:11:23  has joined
 693 2013-08-11 13:12:33 knotwork has joined
 694 2013-08-11 13:13:14 pecket has joined
 695 2013-08-11 13:13:23 <michagogo> The question is, whether it'll actually get mined at some point :-;
 696 2013-08-11 13:13:24 <michagogo> :-/
 697 2013-08-11 13:16:53 <iddo> gmaxwell: out of curiosity, do you know what randomized signatures could be useful for?
 698 2013-08-11 13:18:41 tyn has joined
 699 2013-08-11 13:18:47 <gmaxwell> iddo: nothing happens. our K values are something like H(message||privkey||random)
 700 2013-08-11 13:19:06 <gmaxwell> (I don't recal the exact behavior of openssl but I recall that its something like that)
 701 2013-08-11 13:19:32 tyn has quit (Client Quit)
 702 2013-08-11 13:20:02 <iddo> ahh good, so in the saotshi client it's secure even if no randomness is available
 703 2013-08-11 13:20:29 <gmaxwell> iddo: I don't have any good argument against making them determinstic either, other than some psycho break in the hash function which would also render everything else insecure too)
 704 2013-08-11 13:22:00 <CodeShark> we still would have to assume that signatures from other nodes could be random
 705 2013-08-11 13:22:12 <iddo> yes in terms of security the most conservative option is indeed H(message||privkey||random)
 706 2013-08-11 13:22:33 <sipa> gmaxwell: nah, it's just random()
 707 2013-08-11 13:22:45 <iddo> oh
 708 2013-08-11 13:22:48 <sipa> gmaxwell: openssl very recently got a patch that allows H(message||privkey||random)
 709 2013-08-11 13:22:52 <michagogo> Hmm. Has transaction e9d64a4737fa2070649e240f7c26185b0907011a20f843ae16239c6353d8ec70 reached the nodes over by you guys?
 710 2013-08-11 13:22:57 <sipa> but i don't think it's even in any released version
 711 2013-08-11 13:23:19 <michagogo> (and specifically, those of you who don't connect to 173.242.112.53?)
 712 2013-08-11 13:23:49 <iddo> i'm still interested to know if anyone can think of use cases where randomized signatures are actually helpful... i couldn't come up with anything
 713 2013-08-11 13:23:53 daybyter has quit (Quit: Konversation terminated!)
 714 2013-08-11 13:24:48 Elmf has quit (Ping timeout: 264 seconds)
 715 2013-08-11 13:24:59 <iddo> i think that other famous software use deterministic k, for example PGP
 716 2013-08-11 13:25:31 <gmaxwell> sipa: hm! I know I looked at this, because it contributed to the openbsd security advisory I commented on. But perhaps I was just looking at a non-released version.
 717 2013-08-11 13:26:19 <Diablo-D3> >openbsd security advisory
 718 2013-08-11 13:26:23 <Diablo-D3> notthisshitagain.jpg
 719 2013-08-11 13:26:35 <gmaxwell> michagogo: I have it here on a tor-only node.
 720 2013-08-11 13:26:44 <michagogo> Okay, that's a good sign at least.
 721 2013-08-11 13:26:47 <michagogo> Thanks, gmaxwell
 722 2013-08-11 13:26:53 * michagogo hopes it gets mined
 723 2013-08-11 13:27:33 <michagogo> I made it with createrawtransaction to consume 4 dust outputs, but forgot to factor in a fee
 724 2013-08-11 13:28:02 <michagogo> (I guess there are nodes that connect both to tor and to mainnet?)
 725 2013-08-11 13:28:22 <gmaxwell> 4 dust outputs shouldn't have been a problem.
 726 2013-08-11 13:28:28 <nsh> gmaxwell, what obsd advisory was this? on openssl on a bad entropy?
 727 2013-08-11 13:28:35 <iddo> i asked a person who wrote a paper breaking the privkey of routers that use supposedly random k without enough entropy, etc.
 728 2013-08-11 13:28:36 <michagogo> s/mainnet/ipv4net/
 729 2013-08-11 13:28:57 <gmaxwell> nsh: yep.
 730 2013-08-11 13:29:00 <nsh> k
 731 2013-08-11 13:29:10 <michagogo> gmaxwell: I thought a transaction isn't standard if it uses too much dust or something?
 732 2013-08-11 13:29:19 <gmaxwell> michagogo: no, using dust isn't a problem.
 733 2013-08-11 13:29:23 <michagogo> Oh, wait
 734 2013-08-11 13:29:27 * michagogo facepalms
 735 2013-08-11 13:29:30 <sipa> using dust should be encouraged!
 736 2013-08-11 13:29:38 <michagogo> Of course it's not a problem, it's a *good* thing
 737 2013-08-11 13:29:40 <gmaxwell> yep. Using dust is good!
 738 2013-08-11 13:29:41 <michagogo> Right.
 739 2013-08-11 13:29:43 <michagogo> lol
 740 2013-08-11 13:29:48 <iddo> the advice was to use deterministic k, no one appears to know how random k can be useful
 741 2013-08-11 13:29:55 <gmaxwell> yep. don't worry in the discussions a lot of people kept confusing it.
 742 2013-08-11 13:30:01 <michagogo> I guess it's just a matter of waiting up to a day or two :-/
 743 2013-08-11 13:31:18 <gmaxwell> michagogo: are you going to starve waiting for that 0.01 btc to go through? :P
 744 2013-08-11 13:31:24 <michagogo> Nah, lol
 745 2013-08-11 13:31:37 K1773R has quit (Read error: Operation timed out)
 746 2013-08-11 13:32:12 agnostic98 has joined
 747 2013-08-11 13:32:24 CheckDavid has quit (Read error: Connection reset by peer)
 748 2013-08-11 13:35:16 Thepok has joined
 749 2013-08-11 13:37:00 agnostic98 has quit (Ping timeout: 264 seconds)
 750 2013-08-11 13:39:13 K1773R has joined
 751 2013-08-11 13:43:49 Thepok has quit (Ping timeout: 246 seconds)
 752 2013-08-11 13:47:23 Subo1977_ has quit (Ping timeout: 240 seconds)
 753 2013-08-11 13:47:52 Subo1977 has joined
 754 2013-08-11 13:48:38 iwilcox has joined
 755 2013-08-11 13:48:38 iwilcox has quit (Changing host)
 756 2013-08-11 13:48:38 iwilcox has joined
 757 2013-08-11 13:48:49 Neozonz has joined
 758 2013-08-11 13:49:13 knotwork has quit (Ping timeout: 260 seconds)
 759 2013-08-11 13:51:08 knotwork has joined
 760 2013-08-11 13:53:43 volante has joined
 761 2013-08-11 13:53:58 CheckDavid has joined
 762 2013-08-11 13:55:11 dan_ has joined
 763 2013-08-11 14:03:09 agnostic98 has joined
 764 2013-08-11 14:04:46 mrkent has joined
 765 2013-08-11 14:04:48 mrkent has quit (Changing host)
 766 2013-08-11 14:04:48 mrkent has joined
 767 2013-08-11 14:07:45 agnostic98 has quit (Ping timeout: 256 seconds)
 768 2013-08-11 18:07:45 wumpus has joined
 769 2013-08-11 18:07:47 <TD> Goonie: you could check the chain head block timestamp before doing the replay
 770 2013-08-11 18:08:28 <Goonie> Tril: Yeah but that should not matter, because during that time you could not have created txns. Anyway, I will do some testing on my devices and see if I can reproduce your issue.
 771 2013-08-11 18:09:05 m00p has quit (Quit: Leaving)
 772 2013-08-11 18:09:05 <Goonie> TD: In the restore case, the app is empty (e.g. just installed). So there is nothing I can check against. I'd need to save the "high water mark" to the backup, that would help.
 773 2013-08-11 18:10:20 <TD> the phones current clock
 774 2013-08-11 18:10:50 patcon has quit (Remote host closed the connection)
 775 2013-08-11 18:12:06 <Goonie> Hmm ok that might be an idea for the restore case. Will investigate into it later.
 776 2013-08-11 18:13:44 <Tril> Goonies I have another issue now with this app, may I PM you?
 777 2013-08-11 18:14:21 <Goonie> Tril: ok I can reproduce your issue, even with the fix I just wrote
 778 2013-08-11 18:14:27 <Goonie> Tril: sure you can PM me
 779 2013-08-11 18:14:34 o3u has quit (Read error: Connection reset by peer)
 780 2013-08-11 18:17:17 daybyter has joined
 781 2013-08-11 18:18:16 o3u has joined
 782 2013-08-11 18:19:31 rdymac has quit (Read error: Connection reset by peer)
 783 2013-08-11 18:21:29 rdymac has joined
 784 2013-08-11 18:23:32 <Zoop_> http://www.theregister.co.uk/2013/08/09/snowden_nsa_to_sack_90_per_cent_sysadmins_keith_alexander/
 785 2013-08-11 18:23:44 <Zoop_> nsa just went full paranoid
 786 2013-08-11 18:24:30 <TD> i'm not even sure snowden was really a "sysadmin" as they claim. i saw a post that argued quite persuasively he was almost certainly an offensive hacker
 787 2013-08-11 18:25:01 <TD> but then if they're gonna fire sysadmins - perhaps he really was
 788 2013-08-11 18:26:22 <sipa> TD: you mean he was hired as a hacker?
 789 2013-08-11 18:26:28 Ninsei has joined
 790 2013-08-11 18:27:15 <iwilcox> Whatever the problem over the Snowden leaks was, if you're the NSA and you *know* you're doing it for the best, it wasn't what you were doing that was the problem.  Therefore blame must fall somewhere else.
 791 2013-08-11 18:27:23 <TD> mybe
 792 2013-08-11 18:27:31 <TD> he used to work for the CIA remember
 793 2013-08-11 18:27:41 <TD> and he was capable of pulling in 200k per yea
 794 2013-08-11 18:27:49 <TD> that's a hell of a big salary for a sysadmin
 795 2013-08-11 18:27:51 grau has quit (Remote host closed the connection)
 796 2013-08-11 18:28:06 <TD> but it's complicated because he moved jobs once he began planning to leak, specifically to get access to certain material
 797 2013-08-11 18:29:13 grau has joined
 798 2013-08-11 18:29:20 grau has quit (Remote host closed the connection)
 799 2013-08-11 18:29:53 grau has joined
 800 2013-08-11 18:30:45 grau has quit (Remote host closed the connection)
 801 2013-08-11 18:30:48 varcario has quit (Quit: Page closed)
 802 2013-08-11 18:32:35 ericmuyser has joined
 803 2013-08-11 18:35:08 michagogo has quit (Remote host closed the connection)
 804 2013-08-11 18:36:20 michagogo has joined
 805 2013-08-11 18:36:21 ericmuyser has quit (Remote host closed the connection)
 806 2013-08-11 18:37:13 grau has joined
 807 2013-08-11 18:38:20 michagogo has quit (Read error: Connection reset by peer)
 808 2013-08-11 18:38:37 michagogo has joined
 809 2013-08-11 18:39:53 reneg has joined
 810 2013-08-11 18:41:11 asuk has joined
 811 2013-08-11 18:41:52 grau has quit (Ping timeout: 264 seconds)
 812 2013-08-11 18:47:45 viperhr has joined
 813 2013-08-11 18:49:50 FabianB_ has joined
 814 2013-08-11 18:50:52 FabianB has quit (Ping timeout: 264 seconds)
 815 2013-08-11 18:57:40 cypher has quit (Remote host closed the connection)
 816 2013-08-11 18:58:10 cypher has joined
 817 2013-08-11 18:58:31 RoboTeddy has joined
 818 2013-08-11 18:58:55 BFXBOT has quit (Excess Flood)
 819 2013-08-11 18:59:10 BFXBOT has joined
 820 2013-08-11 18:59:34 BFXBOT has quit (Excess Flood)
 821 2013-08-11 18:59:52 BFXBOT has joined
 822 2013-08-11 19:00:35 BFXBOT has quit (Excess Flood)
 823 2013-08-11 19:00:52 BFXBOT has joined
 824 2013-08-11 19:00:56 BFXBOT has quit (Excess Flood)
 825 2013-08-11 19:01:02 ericmuyser has joined
 826 2013-08-11 19:01:12 BFXBOT has joined
 827 2013-08-11 19:01:18 BFXBOT has quit (Excess Flood)
 828 2013-08-11 19:01:34 BFXBOT has joined
 829 2013-08-11 19:01:45 BFXBOT has quit (Excess Flood)
 830 2013-08-11 19:02:01 BFXBOT has joined
 831 2013-08-11 19:02:05 BFXBOT has quit (Excess Flood)
 832 2013-08-11 19:02:23 BFXBOT has joined
 833 2013-08-11 19:02:25 BFXBOT has quit (Excess Flood)
 834 2013-08-11 19:02:28 bloke has left ()
 835 2013-08-11 19:02:41 BFXBOT has joined
 836 2013-08-11 19:02:57 BFXBOT has quit (Excess Flood)
 837 2013-08-11 19:03:14 BFXBOT has joined
 838 2013-08-11 19:03:17 BFXBOT has quit (Excess Flood)
 839 2013-08-11 19:03:35 BFXBOT has joined
 840 2013-08-11 19:03:38 BFXBOT has quit (Excess Flood)
 841 2013-08-11 19:03:55 BFXBOT has joined
 842 2013-08-11 19:03:58 BFXBOT has quit (Excess Flood)
 843 2013-08-11 19:04:15 BFXBOT has joined
 844 2013-08-11 19:04:29 BFXBOT has quit (Excess Flood)
 845 2013-08-11 19:04:45 BFXBOT has joined
 846 2013-08-11 19:04:45 BFXBOT has quit (Excess Flood)
 847 2013-08-11 19:05:00 BFXBOT has joined
 848 2013-08-11 19:05:00 BFXBOT has quit (Excess Flood)
 849 2013-08-11 19:05:23 BFXBOT has joined
 850 2013-08-11 19:05:26 BFXBOT has quit (Excess Flood)
 851 2013-08-11 19:05:45 BFXBOT has joined
 852 2013-08-11 19:06:01 BFXBOT has quit (Remote host closed the connection)
 853 2013-08-11 19:06:15 BFXBOT has joined
 854 2013-08-11 19:06:16 BFXBOT has quit (Excess Flood)
 855 2013-08-11 19:06:33 BFXBOT has joined
 856 2013-08-11 19:07:10 ahbritto_ has joined
 857 2013-08-11 19:07:38 RoboTeddy has quit (Remote host closed the connection)
 858 2013-08-11 19:07:52 BFXBOT has quit (Excess Flood)
 859 2013-08-11 19:08:11 BFXBOT has joined
 860 2013-08-11 19:08:56 BFXBOT has quit (Excess Flood)
 861 2013-08-11 19:09:12 lophie has joined
 862 2013-08-11 19:09:15 BFXBOT has joined
 863 2013-08-11 19:09:44 agnostic98 has joined
 864 2013-08-11 19:11:07 BFXBOT has quit (Excess Flood)
 865 2013-08-11 19:11:26 BFXBOT has joined
 866 2013-08-11 19:11:27 BFXBOT has quit (Excess Flood)
 867 2013-08-11 19:11:39 reneg has quit (Quit: -a- Connection Timed Out)
 868 2013-08-11 19:11:46 BFXBOT has joined
 869 2013-08-11 19:11:47 BFXBOT has quit (Excess Flood)
 870 2013-08-11 19:12:02 BFXBOT has joined
 871 2013-08-11 19:12:03 BFXBOT has quit (Excess Flood)
 872 2013-08-11 19:12:20 BFXBOT has joined
 873 2013-08-11 19:12:23 BFXBOT has quit (Excess Flood)
 874 2013-08-11 19:12:41 BFXBOT has joined
 875 2013-08-11 19:12:43 BFXBOT has quit (Excess Flood)
 876 2013-08-11 19:12:44 toffoo has joined
 877 2013-08-11 19:13:01 BFXBOT has joined
 878 2013-08-11 19:13:03 BFXBOT has quit (Excess Flood)
 879 2013-08-11 19:13:13 catcow has quit (Read error: Connection reset by peer)
 880 2013-08-11 19:13:22 BFXBOT has joined
 881 2013-08-11 19:13:23 BFXBOT has quit (Excess Flood)
 882 2013-08-11 19:13:38 BFXBOT has joined
 883 2013-08-11 19:13:39 BFXBOT has quit (Excess Flood)
 884 2013-08-11 19:13:58 BFXBOT has joined
 885 2013-08-11 19:13:59 BFXBOT has quit (Excess Flood)
 886 2013-08-11 19:14:15 BFXBOT has joined
 887 2013-08-11 19:14:16 BFXBOT has quit (Excess Flood)
 888 2013-08-11 19:14:28 catcow has joined
 889 2013-08-11 19:14:28 catcow has quit (Changing host)
 890 2013-08-11 19:14:28 catcow has joined
 891 2013-08-11 19:14:33 BFXBOT has joined
 892 2013-08-11 19:14:35 BFXBOT has quit (Excess Flood)
 893 2013-08-11 19:14:51 BFXBOT has joined
 894 2013-08-11 19:14:52 BFXBOT has quit (Excess Flood)
 895 2013-08-11 19:15:03 agnostic98 has quit (Ping timeout: 240 seconds)
 896 2013-08-11 19:15:07 BFXBOT has joined
 897 2013-08-11 19:15:10 BFXBOT has quit (Excess Flood)
 898 2013-08-11 19:15:27 BFXBOT has joined
 899 2013-08-11 19:15:28 BFXBOT has quit (Excess Flood)
 900 2013-08-11 19:15:44 BFXBOT has joined
 901 2013-08-11 19:15:46 BFXBOT has quit (Excess Flood)
 902 2013-08-11 19:16:01 BFXBOT has joined
 903 2013-08-11 19:16:02 BFXBOT has quit (Excess Flood)
 904 2013-08-11 19:16:17 BFXBOT has joined
 905 2013-08-11 19:16:18 BFXBOT has quit (Excess Flood)
 906 2013-08-11 19:16:32 BFXBOT has joined
 907 2013-08-11 19:16:33 BFXBOT has quit (Excess Flood)
 908 2013-08-11 19:16:49 BFXBOT has joined
 909 2013-08-11 19:16:50 BFXBOT has quit (Excess Flood)
 910 2013-08-11 19:17:08 BFXBOT has joined
 911 2013-08-11 19:17:09 BFXBOT has quit (Excess Flood)
 912 2013-08-11 19:17:26 BFXBOT has joined
 913 2013-08-11 19:17:27 BFXBOT has quit (Excess Flood)
 914 2013-08-11 19:17:43 BFXBOT has joined
 915 2013-08-11 19:17:44 BFXBOT has quit (Excess Flood)
 916 2013-08-11 19:18:02 BFXBOT has joined
 917 2013-08-11 19:18:03 BFXBOT has quit (Excess Flood)
 918 2013-08-11 19:18:18 BFXBOT has joined
 919 2013-08-11 19:18:19 BFXBOT has quit (Excess Flood)
 920 2013-08-11 19:18:37 BFXBOT has joined
 921 2013-08-11 19:18:38 BFXBOT has quit (Excess Flood)
 922 2013-08-11 19:18:39 reneg has joined
 923 2013-08-11 19:18:55 BFXBOT has joined
 924 2013-08-11 19:18:57 BFXBOT has quit (Excess Flood)
 925 2013-08-11 19:19:11 BFXBOT has joined
 926 2013-08-11 19:19:13 BFXBOT has quit (Excess Flood)
 927 2013-08-11 19:19:29 BFXBOT has joined
 928 2013-08-11 19:19:30 BFXBOT has quit (Excess Flood)
 929 2013-08-11 19:19:47 BFXBOT has joined
 930 2013-08-11 19:19:48 BFXBOT has quit (Excess Flood)
 931 2013-08-11 19:20:04 BFXBOT has joined
 932 2013-08-11 19:20:05 BFXBOT has quit (Excess Flood)
 933 2013-08-11 19:20:22 BFXBOT has joined
 934 2013-08-11 19:20:23 BFXBOT has quit (Excess Flood)
 935 2013-08-11 19:20:38 BFXBOT has joined
 936 2013-08-11 19:20:39 BFXBOT has quit (Excess Flood)
 937 2013-08-11 19:20:56 BFXBOT has joined
 938 2013-08-11 19:20:57 BFXBOT has quit (Excess Flood)
 939 2013-08-11 19:21:14 BFXBOT has joined
 940 2013-08-11 19:21:15 BFXBOT has quit (Excess Flood)
 941 2013-08-11 19:21:30 BFXBOT has joined
 942 2013-08-11 19:21:31 BFXBOT has quit (Excess Flood)
 943 2013-08-11 19:21:48 BFXBOT has joined
 944 2013-08-11 19:21:49 BFXBOT has quit (Excess Flood)
 945 2013-08-11 19:21:51 <Zoop_> http://bitcoin.org/en/alert/2013-08-11-android
 946 2013-08-11 19:21:55 <Zoop_> hmm
 947 2013-08-11 19:22:07 BFXBOT has joined
 948 2013-08-11 19:22:08 BFXBOT has quit (Excess Flood)
 949 2013-08-11 19:22:25 BFXBOT has joined
 950 2013-08-11 19:22:26 BFXBOT has quit (Excess Flood)
 951 2013-08-11 19:22:45 BFXBOT has joined
 952 2013-08-11 19:22:46 BFXBOT has quit (Excess Flood)
 953 2013-08-11 19:22:52 <michagogo> Zoop_: If you use Android Wallet, see https://bitcointalk.org/index.php?topic=271846.msg2911506
 954 2013-08-11 19:23:00 BFXBOT has joined
 955 2013-08-11 19:23:01 BFXBOT has quit (Excess Flood)
 956 2013-08-11 19:23:08 <Zoop_> i don't
 957 2013-08-11 19:24:13 GordonG3kko has quit (Remote host closed the connection)
 958 2013-08-11 19:25:46 CheckDavid has joined
 959 2013-08-11 19:27:13 sserrano44 has joined
 960 2013-08-11 19:29:17 rethaw has quit (Read error: Connection reset by peer)
 961 2013-08-11 19:30:23 saulimus has joined
 962 2013-08-11 19:31:27 GordonG3kko has joined
 963 2013-08-11 19:32:57 rethaw has joined
 964 2013-08-11 19:42:08 agnostic98 has joined
 965 2013-08-11 19:42:49 davedave has quit (Quit: Leaving)
 966 2013-08-11 19:43:02 reneg has quit (Ping timeout: 248 seconds)
 967 2013-08-11 19:43:32 PRab has joined
 968 2013-08-11 19:45:47 EagleTM has joined
 969 2013-08-11 19:46:26 asuk has quit (Quit: asuk)
 970 2013-08-11 19:46:54 agnostic98 has quit (Ping timeout: 264 seconds)
 971 2013-08-11 19:48:48 ericmuyser has quit (Remote host closed the connection)
 972 2013-08-11 19:49:17 Krellan_ has joined
 973 2013-08-11 19:53:09 reneg has joined
 974 2013-08-11 19:54:53 reneg has quit (Read error: Connection reset by peer)
 975 2013-08-11 19:55:12 reneg has joined
 976 2013-08-11 19:55:35 DBordello has joined
 977 2013-08-11 19:56:34 <DBordello> Is there a list of comprimised addresses somewhere?
 978 2013-08-11 19:57:04 <iwilcox> https://gist.github.com/anonymous/6204930
 979 2013-08-11 19:57:25 <DBordello> Perfect, thanks
 980 2013-08-11 19:57:28 <iwilcox> No guarantees that it's exhaustive.
 981 2013-08-11 19:58:18 <DBordello> hmmm, that makes it less useful
 982 2013-08-11 20:00:11 dan_ has joined
 983 2013-08-11 20:00:44 Applicat_ has joined
 984 2013-08-11 20:01:11 <iwilcox> I mean I'm not saying it is, and the anonymous author doesn't say.
 985 2013-08-11 20:01:51 mappum has joined
 986 2013-08-11 20:02:51 Application has quit (Read error: Connection reset by peer)
 987 2013-08-11 20:03:47 Krellan_ has quit (Remote host closed the connection)
 988 2013-08-11 20:04:25 <iwilcox> My understanding, not a recommendation, is that sending coins from your Android wallet to an address generated by a desktop wallet should probably be safe enough.  That's what I did anyway, in case my app address has a reversible key and isn't listed.
 989 2013-08-11 20:04:56 <iwilcox> s/sending coins/sending all coins/
 990 2013-08-11 20:05:06 <gwillen> yes, the 'all' is important
 991 2013-08-11 20:05:14 <gwillen> if you send only some coins, the others can be made vulnerable
 992 2013-08-11 20:06:34 daybyter has quit (Read error: Connection reset by peer)
 993 2013-08-11 20:07:41 <michagogo> Right -- or, if you use Android Wallet, install the fixed version
 994 2013-08-11 20:08:13 <michagogo> The fixed version will also automatically sweep to a new address
 995 2013-08-11 20:08:14 <michagogo> [2013-08-11 20:45:17] <Goonie> Important update of Bitcoin Wallet available: https://bitcointalk.org/index.php?topic=271846.msg2911506#msg2911506
 996 2013-08-11 20:08:49 TD has quit (Quit: TD)
 997 2013-08-11 20:09:06 <iwilcox> Yeah, I didn't go that route simply because I don't know Goonie ;)
 998 2013-08-11 20:09:41 <Goonie> iwilcox: I'm Andreas Schildbach, the main author of Bitcoin Wallet for Android.
 999 2013-08-11 20:10:54 <iwilcox> Ah, not a handle I knew.  No offence intended.
1000 2013-08-11 20:11:05 daybyter has joined
1001 2013-08-11 20:12:46 lophie has quit (Quit: Leaving)
1002 2013-08-11 20:13:10 sserrano44 has quit (Quit: Computer has gone to sleep.)
1003 2013-08-11 20:13:28 agnostic98 has joined
1004 2013-08-11 20:14:16 TD has joined
1005 2013-08-11 20:15:35 <sipa> but anyone can say that!
1006 2013-08-11 20:15:55 saulimus has quit (Quit: saulimus)
1007 2013-08-11 20:18:25 Coincidental has quit (Remote host closed the connection)
1008 2013-08-11 20:18:25 agnostic98 has quit (Ping timeout: 276 seconds)
1009 2013-08-11 20:19:49 <iwilcox> I didn't rush off to install the app the moment he said it. :)  I'll just keep coins off the wallet til an update comes through the normal channels.
1010 2013-08-11 20:20:06 <sipa> sounds safe
1011 2013-08-11 20:21:36 <iwilcox> Still haven't updated my phone with that patch to fix the .apk package signing bug, anyway — really must
1012 2013-08-11 20:24:48 <phantomcircuit> TD, instead of using /dev/urandom, wouldn't it have been better to switch to the strategy bitcoind uses which is to use  the sha256 of tx data plus some randomness
1013 2013-08-11 20:24:49 Application has joined
1014 2013-08-11 20:25:08 <TD> hmm? AFAIK bitcoind just uses openssl
1015 2013-08-11 20:25:45 <TD> longer term the right approach is to implement rfc 6967. however in our case, it would not make any difference. the keys would still need to all change.
1016 2013-08-11 20:27:40 Applicat_ has quit (Ping timeout: 256 seconds)
1017 2013-08-11 20:28:46 TD has quit (Quit: TD)
1018 2013-08-11 20:30:47 sserrano44 has joined
1019 2013-08-11 20:31:38 reneg has quit (Ping timeout: 256 seconds)
1020 2013-08-11 20:32:17 dan_ has quit (Remote host closed the connection)
1021 2013-08-11 20:32:33 <iddo> why not use deterministic signatures? library like bitcoinj might get used on devices that don't have good source of entropy
1022 2013-08-11 20:32:47 shesek has quit (Ping timeout: 246 seconds)
1023 2013-08-11 20:33:01 <iddo> we discussed it in this channel a few hours ago, no one is aware of reasons why randomized signatures are useful for anything
1024 2013-08-11 20:33:35 grau has joined
1025 2013-08-11 20:33:49 grau has quit (Remote host closed the connection)
1026 2013-08-11 20:33:57 reneg has joined
1027 2013-08-11 20:34:15 reneg has quit (Client Quit)
1028 2013-08-11 20:34:23 grau has joined
1029 2013-08-11 20:34:31 <sipa> iddo: with openssl, it's not generally possible to change how the k signing nonce is obtained
1030 2013-08-11 20:34:43 <sipa> phantomcircuit: bitcoind just uses openssl
1031 2013-08-11 20:35:00 reneg has joined
1032 2013-08-11 20:35:36 <iddo> sipa: but can you use the openssl patch that you mentioned?
1033 2013-08-11 20:35:58 <sipa> in libsecp256k1, all randomness is left to the caller (mostly to reduce dependencies), so there it would be possible to construct it from a hash of message, secret, and potentially extra randomness
1034 2013-08-11 20:36:12 <sipa> iddo: if you build your own, sure
1035 2013-08-11 20:36:50 <sipa> but that also means losing the benefit of os-supploed security updates
1036 2013-08-11 20:37:06 <sipa> (which in our case can be a risk too)
1037 2013-08-11 20:37:07 <EagleTM> I hope Dual_EC_DRBG isn't used...
1038 2013-08-11 20:39:02 bitbitbyte has joined
1039 2013-08-11 20:39:33 <iddo> sipa: what's needed to get that patch pushed to openssl release branch ?
1040 2013-08-11 20:39:49 <iddo> it'd be good if the official bitcoin binaries would use it
1041 2013-08-11 20:39:56 <sipa> iddo: it is
1042 2013-08-11 20:40:05 <iddo> oh
1043 2013-08-11 20:40:14 <sipa> it's just very new
1044 2013-08-11 20:40:40 MiningBuddy has joined
1045 2013-08-11 20:40:40 MiningBuddy has quit (Changing host)
1046 2013-08-11 20:40:40 MiningBuddy has joined
1047 2013-08-11 20:40:50 <iddo> so you will use it in the future for the release version of bitcoin?
1048 2013-08-11 20:41:40 btcbtc has quit (Quit: btcbtc)
1049 2013-08-11 20:41:42 <sipa> i plan to ditch openssl in bitcoin :p
1050 2013-08-11 20:41:54 <iddo> oh
1051 2013-08-11 20:42:00 <iddo> really?
1052 2013-08-11 20:42:17 <sipa> but since that's not likely going to happen soon, i suppose using that mode is the best way
1053 2013-08-11 20:42:28 <sipa> http://rt.openssl.org/m/ticket/show?id=3056
1054 2013-08-11 20:42:38 <iddo> ditch openssl in favor of what?
1055 2013-08-11 20:42:44 asuk has joined
1056 2013-08-11 20:43:05 <sipa> well, not entirely, but for EC stuff
1057 2013-08-11 20:44:20 agnostic98 has joined
1058 2013-08-11 20:45:02 <iddo> ok, so you should consider whether you want deterministic or randomized signatures in your customized EC code
1059 2013-08-11 20:48:19 shesek has joined
1060 2013-08-11 20:48:59 <sipa> i don't think there's any disadvantage to using hash(message+privkey+randomness)
1061 2013-08-11 20:49:11 <sipa> it's as good as randomnesa, if it is good
1062 2013-08-11 20:49:21 <sipa> and it's not worse than deterministic otherwise
1063 2013-08-11 20:49:33 grau has quit (Remote host closed the connection)
1064 2013-08-11 20:50:03 <sipa> (not saying there is any problem with deterministic, but as far as i can see, it's certainly not worse)
1065 2013-08-11 20:50:39 agnostic98 has quit (Ping timeout: 264 seconds)
1066 2013-08-11 20:51:18 <iddo> right, it's obviously not worse in terms of security
1067 2013-08-11 20:53:38 <iddo> or maybe if being pedantic, it's exponentially-negligible worse when the user signs the same message twice
1068 2013-08-11 20:55:22 Application has quit (Remote host closed the connection)
1069 2013-08-11 20:55:56 <iddo> maybe for bitcoind signmessage it would be less confusing for users if they always get the same deterministic signature, but when actually signing transactions they don't notice the signatures
1070 2013-08-11 20:56:38 btcbtc has joined
1071 2013-08-11 20:58:01 asuk has quit (Quit: asuk)
1072 2013-08-11 21:00:02 <iddo> when googling i see RFC on deterministic DSA signatures, not sure why this document is so long for saying hash(message+privkey), http://tools.ietf.org/html/draft-pornin-deterministic-dsa-01
1073 2013-08-11 21:01:18 augustl has joined
1074 2013-08-11 21:01:51 shesek has quit (Ping timeout: 240 seconds)
1075 2013-08-11 21:02:35 <augustl> hey folks. Having problems with "what():  TopUpKeyPool() : writing generated key failed
1076 2013-08-11 21:03:28 <augustl> whoops, newline fail.. Anyway, getting that error when I try to unencrypt with "walletpassphrase". The people in #bitcoin sugested I'd ask here
1077 2013-08-11 21:04:14 t has joined
1078 2013-08-11 21:05:55 <augustl> I haven't been unencrypting for a long time, apparently that's part of the reason. Any suggestions are very welcome :)
1079 2013-08-11 21:07:37 TD has joined
1080 2013-08-11 21:11:23 <sipa> anything in db.log?
1081 2013-08-11 21:11:31 <augustl> sipa: I'll look that up
1082 2013-08-11 21:12:21 <augustl> sipa: yes :)
1083 2013-08-11 21:13:25 <augustl> I'll clear the log and try again so I only get the relevant log entries
1084 2013-08-11 21:13:36 asuk has joined
1085 2013-08-11 21:14:46 <augustl> sipa: https://www.refheap.com/17508
1086 2013-08-11 21:17:02 <sipa> your wallet wasn't closed correctly, it seems
1087 2013-08-11 21:17:11 <sipa> or some other corruption happened
1088 2013-08-11 21:17:40 <augustl> any suggestions on how to fix it? Or should I take it back to #bitcoin? :)
1089 2013-08-11 21:17:42 agnostic98 has joined
1090 2013-08-11 21:17:55 <sipa> -salvagewallet will mlst likely repair it, but it needs to rescan the blockchain, and you lose everything except the keys (address book entries, eg)
1091 2013-08-11 21:17:58 shesek has joined
1092 2013-08-11 21:18:08 <augustl> sipa: I see, thanks
1093 2013-08-11 21:18:48 <shesek> oh fml :-\ I thought I was copying a random private key from brainwallet, but ended up importing the correct horse one
1094 2013-08-11 21:19:13 <shesek> is there a way to remove a private key from a wallet?
1095 2013-08-11 21:19:36 AusBitBank_ has joined
1096 2013-08-11 21:19:41 <shesek> or would I have to create a new one and move the private keys manually?
1097 2013-08-11 21:19:51 <iwilcox> I did that once, and concluded the easiest solution was to restore from backup.
1098 2013-08-11 21:19:54 BTCOxygen has quit (Ping timeout: 264 seconds)
1099 2013-08-11 21:21:09 Lolcust has quit (Quit: Nap time)
1100 2013-08-11 21:21:30 Lolcust has joined
1101 2013-08-11 21:21:49 daybyter has quit (Quit: Konversation terminated!)
1102 2013-08-11 21:22:14 agnostic98 has quit (Ping timeout: 248 seconds)
1103 2013-08-11 21:24:08 CodeShark has joined
1104 2013-08-11 21:25:16 digitalmagus has quit (Remote host closed the connection)
1105 2013-08-11 21:25:27 i2pRelay has quit (Remote host closed the connection)
1106 2013-08-11 21:25:34 digitalmagus has joined
1107 2013-08-11 21:28:15 btcbtc has quit (Quit: btcbtc)
1108 2013-08-11 21:28:23 i2pRelay has joined
1109 2013-08-11 21:28:56 <sipa> shesek: indeed, restore a backup
1110 2013-08-11 21:29:28 <shesek> I'm afraid I don't have one for this wallet
1111 2013-08-11 21:29:46 <shesek> (its not my primary wallet)
1112 2013-08-11 21:30:04 <shesek> I think I'll just export the private key with pywallet and import them into a new wallet
1113 2013-08-11 21:30:12 <sipa> if you run on git head, you can use dumpwallet, remove the offending key, and importwallet it
1114 2013-08-11 21:31:10 <sipa> all your coins are assigned to a single address?
1115 2013-08-11 21:31:22 <sipa> you're aware of how vhange works?
1116 2013-08-11 21:31:24 <sipa> change
1117 2013-08-11 21:31:27 <shesek> nope, multiple ones
1118 2013-08-11 21:31:30 <shesek> yeah, I am aware
1119 2013-08-11 21:31:33 BTCOxygen has joined
1120 2013-08-11 21:31:46 asuk has quit (Quit: asuk)
1121 2013-08-11 21:32:24 <shesek> if I import them manually with importprivkey, can I somehow make it not trigger a rescan for each one?
1122 2013-08-11 21:34:04 peetaur2 has quit (Quit: Konversation terminated!)
1123 2013-08-11 21:38:54 <sipa> yes, put a false behind it
1124 2013-08-11 21:39:04 <sipa> rtfm!
1125 2013-08-11 21:39:16 <sipa> ./bitcoind help importprivkey
1126 2013-08-11 21:39:42 BTCOxygen has quit (Ping timeout: 264 seconds)
1127 2013-08-11 21:40:27 <shesek> yeah, I should have rtfm
1128 2013-08-11 21:40:34 <shesek> thanks tho :)
1129 2013-08-11 21:46:01 nomailing has joined
1130 2013-08-11 21:47:48 whizter has quit ()
1131 2013-08-11 21:48:18 rawdr has joined
1132 2013-08-11 21:48:47 Darwerft has joined
1133 2013-08-11 21:49:09 agnostic98 has joined
1134 2013-08-11 21:50:08 Coincide_ has joined
1135 2013-08-11 21:51:48 TD has quit (Quit: TD)
1136 2013-08-11 21:53:39 agnostic98 has quit (Ping timeout: 264 seconds)
1137 2013-08-11 21:54:15 knotwork has quit (Ping timeout: 240 seconds)
1138 2013-08-11 21:55:13 knotwork has joined
1139 2013-08-11 21:56:30 viperhr has quit (Ping timeout: 264 seconds)
1140 2013-08-11 21:56:53 nomailing has quit (Quit: nomailing)
1141 2013-08-11 22:01:30 Lolcust has quit (Quit: Nap time)
1142 2013-08-11 22:01:45 Lolcust has joined
1143 2013-08-11 22:04:31 datagutt has quit (Quit: Computer has gone to sleep.)
1144 2013-08-11 22:07:31 normanrichards has joined
1145 2013-08-11 22:09:55 reneg has quit (Read error: Connection reset by peer)
1146 2013-08-11 22:10:01 BTCOxygen has joined
1147 2013-08-11 22:10:37 Darwerft has quit (Quit: Soon to be back)
1148 2013-08-11 22:10:59 Darwerft has joined
1149 2013-08-11 22:19:14 imton has joined
1150 2013-08-11 22:20:04 agnostic98 has joined
1151 2013-08-11 22:22:03 runeks_ has left ()
1152 2013-08-11 22:22:42 runeks has joined
1153 2013-08-11 22:22:59 <runeks> Can anyone confirm that this transaction with 5 inputs only has 3 distinct r-values? https://blockchain.info/tx/569af9e1e4d1c6e02b7574ec551d74a2ccaee1f33b4f9b4191a3c5d81aeeb150
1154 2013-08-11 22:23:05 <runeks> Looks like the first two inputs and the last two inputs have the same r-value in their signatures.
1155 2013-08-11 22:24:03 robocoin has quit (Remote host closed the connection)
1156 2013-08-11 22:24:24 agnostic98 has quit (Ping timeout: 240 seconds)
1157 2013-08-11 22:26:05 <Luke-Jr> petertodd: git annex has a ton of deps! :<
1158 2013-08-11 22:26:06 BTCOxygen has joined
1159 2013-08-11 22:26:06 BTCOxygen is now known as Guest70782
1160 2013-08-11 22:26:06 Guest70782 has quit (Killed (pratchett.freenode.net (Nickname regained by services)))
1161 2013-08-11 22:26:06 BTCOxygen is now known as 1!~BTCOxygen@unaffiliated/oxygen|BTCOxygen
1162 2013-08-11 22:26:17 RoboTeddy has joined
1163 2013-08-11 22:26:22 <sipa> runeks: looks like it
1164 2013-08-11 22:27:03 <Luke-Jr> petertodd: none of which are stable on Gentoo :<
1165 2013-08-11 22:27:56 <runeks> sipa: Thanks for confirming. I thought it was only in transactions spaced far apart timewise.
1166 2013-08-11 22:28:40 <sipa> was this tramsaction created by bitcoin wallet for android?
1167 2013-08-11 22:28:40 <runeks> sipa: How do you check the r-values, by the way? I'm using some semi-custom Python code, but I'm wondering if there's a simpler way.
1168 2013-08-11 22:29:09 <sipa> runeks: i've learnt to decode der signatures by now :)
1169 2013-08-11 22:29:16 <Luke-Jr> lol
1170 2013-08-11 22:29:40 <runeks> sipa: Dunno. It's not mine. I just went through all the addresses from which transactions were sent to this address 1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj mentioned in this post: https://bitcointalk.org/index.php?topic=251743.0
1171 2013-08-11 22:29:51 <sipa> ok
1172 2013-08-11 22:30:00 <runeks> sipa: So you just look at the bytes and the numbers pop into your head? :)
1173 2013-08-11 22:30:20 <Luke-Jr> runeks: isn't r in the bytes verbatim?
1174 2013-08-11 22:30:27 <Luke-Jr> just need to find the position..
1175 2013-08-11 22:30:32 <sipa> well there is a 0x02, followed by a length byte, followed by R
1176 2013-08-11 22:30:42 <sipa> then 0x02, length byte, S
1177 2013-08-11 22:31:03 <sipa> and there's a 0x30 and a total-length byte before that
1178 2013-08-11 22:31:37 <sipa> but it's not particularly hard to find a 0x0220 or 0x0221 that marks the start of a number
1179 2013-08-11 22:32:28 <runeks> Luke-Jr, sipa: Oh, right. Of course. I can just look on blockchain.info for that.
1180 2013-08-11 22:32:51 <runeks> 30450220/30450221 and then the r value
1181 2013-08-11 22:33:01 <sipa> yes
1182 2013-08-11 22:33:03 * Luke-Jr facepalms
1183 2013-08-11 22:33:22 <sipa> respectively 32 and 33 bytes of Rrrrr
1184 2013-08-11 22:33:49 santoscork has joined
1185 2013-08-11 22:35:08 michagogo has quit (Quit: goodnight)
1186 2013-08-11 22:36:52 AusBitBank_ has quit (Ping timeout: 276 seconds)
1187 2013-08-11 22:42:42 <phantomcircuit> sipa, lol
1188 2013-08-11 22:44:07 santoscork has quit (Quit: Quiet while I make like a cat)
1189 2013-08-11 22:44:10 Goonie_ has joined
1190 2013-08-11 22:47:35 Thepok has joined
1191 2013-08-11 22:51:40 Goonie_ has quit (Remote host closed the connection)
1192 2013-08-11 22:52:24 <gmaxwell>  It is shown that the over-all entropy of the Android PRNG canbe reduced to 64 bits. Beyond this, multiple weaknesses of entropy collectors arerevealed.
1193 2013-08-11 22:52:27 <gmaxwell> http://www.scribd.com/doc/131955288/Randomly-Failed-The-State-of-Randomness-in-Current-Java-Implementations
1194 2013-08-11 22:52:30 <gmaxwell> :-/
1195 2013-08-11 22:53:08 <gmaxwell> I'm a little concerned by the android wallet plan as posted, /dev/urandom may be broken on some devices.
1196 2013-08-11 22:53:19 <EagleTM> ;( is windows much better? There have been flaws in Windows PRNG as well iirc
1197 2013-08-11 22:54:06 <Goonie> gmaxwell: afaik SecureRandom also uses /dev/urandom, so its at least no regression.
1198 2013-08-11 22:54:17 <gmaxwell> EagleTM: bitcoin-qt is somewhat armored against insecure system randomness.
1199 2013-08-11 22:54:47 <Goonie> gmaxwell: but yes, I'm concerned as well. For example, does QNX (which also runs Android apps) provide /dev/urandom at all?
1200 2013-08-11 22:54:54 <EagleTM> gmaxwell: ok that's good.
1201 2013-08-11 22:55:04 <gmaxwell> Goonie: it may be a regression in that it generates a new key and sends all funds to it. So by chance your prior ones might have been okay enough, and the new one might not be.
1202 2013-08-11 22:55:05 <lianj> gmaxwell: how?
1203 2013-08-11 22:55:32 <gmaxwell> lianj: we maintain our own randomness pool and add additional sources of potential entropy into it.
1204 2013-08-11 22:56:18 BTCOxygen has joined
1205 2013-08-11 22:56:18 BTCOxygen has quit (Killed (calvino.freenode.net (Nickname regained by services)))
1206 2013-08-11 22:56:18 BTCOxygen is now known as 1!~BTCOxygen@unaffiliated/oxygen|BTCOxygen
1207 2013-08-11 22:56:29 <lianj> last i checked it just took openssl RAND
1208 2013-08-11 22:56:30 <Goonie> gmaxwell: it will be same flaky /dev/urandom implementation, unless the user moved keys between devices (which is not supported).
1209 2013-08-11 22:56:47 <gmaxwell> lianj: then you didn't look enough, search the codebase for RandAddSeed.
1210 2013-08-11 22:56:47 <deego> 27189 <- random, 100% guaranteed!
1211 2013-08-11 22:57:16 <EagleTM> it's fairly new code?
1212 2013-08-11 22:57:23 <gmaxwell> EagleTM: no, it's satoshi code.
1213 2013-08-11 22:57:26 <EagleTM> ah ok
1214 2013-08-11 22:57:27 <lianj> gmaxwell: thanks
1215 2013-08-11 22:57:34 <gwillen> Goonie: causing people to make more transactions increases the chance of exposure, I think is the issue
1216 2013-08-11 22:57:43 <gwillen> Goonie: in the event that the new keys/signatures are no less vulnerable then the old
1217 2013-08-11 22:57:46 <gwillen> than*
1218 2013-08-11 22:58:35 <gmaxwell> Goonie: okay, I'm not aware of what the distribution of android kernel level /dev/urandom failure modes might be. If there are many devices that start determinstic but then diverge the resend may still be worse, otherwise its probably no worse, indeed.
1219 2013-08-11 22:59:15 <gwillen> gmaxwell: I had previously been assuming that urandom determinism was indeed the issue
1220 2013-08-11 22:59:30 <gwillen> gmaxwell: until it was revealed to me that apparently it was a SecureRandom bug, as yet undisclosed (at least to me)
1221 2013-08-11 22:59:44 <gwillen> but I don't know what the evidence is either way
1222 2013-08-11 23:00:18 <Goonie> gwillen: its multiple SecureRandom bugs, one of them is disclosed through http://www.scribd.com/doc/131955288/Randomly-Failed-The-State-of-Randomness-in-Current-Java-Implementations
1223 2013-08-11 23:00:42 <gwillen> Goonie: so this is not Android-specific?
1224 2013-08-11 23:00:47 <gwillen> Or at least, not all of them are/
1225 2013-08-11 23:01:20 <iwilcox> I thought it was a Google's-implementation-of-SecureRandom bug
1226 2013-08-11 23:01:29 <Goonie> gmaxwell: ok /dev/urandom is plain Linux for what I know, its all open source so maybe this is a call to start auditing the code
1227 2013-08-11 23:01:31 <gwillen> sorry, I didn't initially see the specific mention of Android in the paper
1228 2013-08-11 23:01:35 <gwillen> it does say 'several including android'
1229 2013-08-11 23:02:11 <Goonie> gwillen: its Apache Harmony specific, although all implementations of javax.security have their share of bugs (see the paper).
1230 2013-08-11 23:02:15 * gwillen nods
1231 2013-08-11 23:02:34 <Goonie> gwillen: and Android uses Apache Harmony.
1232 2013-08-11 23:03:07 <runeks> What's with this transaction? 5a5d8c82a9d32ad2bd8674a20b25d06cd9ab7f206115fc7d55cddd5747feccc0 its scriptSig starts with OP_FALSE. Is that valid?
1233 2013-08-11 23:03:35 <gmaxwell> Goonie: linux's /dev/urandom is usually okay, but (1) vendors patch the kernel, and (2) shortly after startup devices with no inherient sources of randomness (a hardware support question) can return identical data if the OS doesn't reseed /dev/urandom correctly.
1234 2013-08-11 23:04:40 <Goonie> gmaxwell: afaik Android never makes use of a hardware rng, even if its present.
1235 2013-08-11 23:05:00 <lianj> gmaxwell: so for bitcoin-qt its every 10 minutes seed openssl with cpu time once?
1236 2013-08-11 23:05:16 <gmaxwell> If there were some android devices that failed to reseed or patched the kernel rng to suck I wouldn't know, but wouldn't be shocked either.
1237 2013-08-11 23:05:46 <gwillen> gmaxwell: well, a large looming question in my mind is, if I get random numbers on android right after boot, how much entropy do they have and where does it come from
1238 2013-08-11 23:06:09 <gwillen> considerably after boot, once the radio is up, I'd hope they're mixing some good shit in there that will take care of the issue
1239 2013-08-11 23:06:47 <runeks> With all the sensors on a modern smartphone, you'd think it'd be heaven for entropy collection.
1240 2013-08-11 23:06:51 sturles has quit (Ping timeout: 264 seconds)
1241 2013-08-11 23:06:59 <lianj> runeks: true
1242 2013-08-11 23:07:06 sturles has joined
1243 2013-08-11 23:07:23 <runeks> Mix in a little from the light sensor, the gyroscope, a smidge from the radio and so on.
1244 2013-08-11 23:07:29 sturles is now known as Guest42600
1245 2013-08-11 23:07:51 <EagleTM> runeks: no idea, but at least 251526 had a strange tx in it too which crashed the deserialized in electrum-server today :)
1246 2013-08-11 23:07:55 <iwilcox> Some of them have a baseline level of noise that might not be very entropic at all
1247 2013-08-11 23:07:58 <Cusipzzz> runeks: has to be generic enough for the least featured phone. i doubt anyone cared about this use case
1248 2013-08-11 23:08:15 <gmaxwell> lianj: no, iirc, it's called from a number of places and there is the seperate perfmon one, so its a bit more than that esp on windows.
1249 2013-08-11 23:08:39 <gmaxwell> lianj: satoshi's code did even more than that, adding a screenshot of the desktop on startup, and the mouse position.
1250 2013-08-11 23:08:50 <iwilcox> Cusipzzz: This use case being ...?
1251 2013-08-11 23:09:30 <iwilcox> I mean, running VPNs on the VM must have been expected.
1252 2013-08-11 23:10:50 <Cusipzzz> right, but these rng failures being posted globally and scrutinzed. usually they would be less...public.
1253 2013-08-11 23:11:51 * Cusipzzz rolls 6 twice in a row, could be ramdom!1!
1254 2013-08-11 23:12:57 <lianj> gmaxwell: RandAddSeedPerfmon is called multiple times but only seeds every 10 minutes. im not saying there is in issue with that, just trying to understand for myself…
1255 2013-08-11 23:13:00 btcbtc has joined
1256 2013-08-11 23:13:04 <EagleTM> Cusipzzz: well I guess a certain person who got asylum in Russia made people take a deeper look at PRNGs. Incidentily I did today... totally unrelated to bitcoin/android
1257 2013-08-11 23:13:47 <Cusipzzz> EagleTM: true, and that's a good thing
1258 2013-08-11 23:13:59 <gmaxwell> lianj: right and RandAddSeed and RandAddSeedPerfmon() are seperate code.
1259 2013-08-11 23:15:00 <EagleTM> Cusipzzz: For example I still wouldn't trust CryptGenRandom in any Win version, not even a current one
1260 2013-08-11 23:15:04 Eiii has quit ()
1261 2013-08-11 23:16:34 <EagleTM> and Dual_EC_DRBG by "you know who" as a NIST standard is just a nightmare too
1262 2013-08-11 23:20:32 t7 has quit (Quit: Konversation terminated!)
1263 2013-08-11 23:21:31 Application has joined
1264 2013-08-11 23:23:15 Applicat_ has joined
1265 2013-08-11 23:24:38 <gmaxwell> wow, the weakness in the fallback rng of apache harmony looks almost like an intentional flaw it's so contrived.
1266 2013-08-11 23:26:32 <gmaxwell> (reduces the entropy to 31 bits, at most because it inserts a random %128 on bytes .. though the bytes are coming out of glibc random() seeded with the time, so it's not like they were worthwhile to begin with)
1267 2013-08-11 23:26:39 Application has quit (Ping timeout: 264 seconds)
1268 2013-08-11 23:27:19 BTCOxygen has joined
1269 2013-08-11 23:27:22 BTCOxygen is now known as Guest48353
1270 2013-08-11 23:27:22 BTCOxygen is now known as 1!~BTCOxygen@unaffiliated/oxygen|BTCOxygen
1271 2013-08-11 23:27:29 <phantomcircuit> gmaxwell, im not sure i would be entirely surprised if /dev/urandom wasn't standard, but it would be bizarre
1272 2013-08-11 23:27:56 Guest48353 has quit (Ping timeout: 260 seconds)
1273 2013-08-11 23:29:11 <gmaxwell> phantomcircuit: a lot of vendors do crazy monkey patches to the android kernels. Linux /dev/urandom has some problems, e.g. it's slow, it runs out of entropy.  I could easily imagine some android vendor "improving" their user expirence by breaking it.
1274 2013-08-11 23:29:29 <gmaxwell> http://code.google.com/p/android/issues/detail?id=42265 < a motivation for doing something stupid
1275 2013-08-11 23:29:36 <Luke-Jr> gmaxwell: urandom shouldn't run out O.o
1276 2013-08-11 23:29:47 <Luke-Jr> that's why it's urandom
1277 2013-08-11 23:30:07 <gmaxwell> Luke-Jr: well, okay, /dev/random not urandom.
1278 2013-08-11 23:30:27 <gmaxwell> but if you break one you'll break the other, most likely (unless your only change is elimiating the low water mark)
1279 2013-08-11 23:32:45 BTCOxygen has joined
1280 2013-08-11 23:32:45 BTCOxygen is now known as Guest99428
1281 2013-08-11 23:32:46 Guest99428 has quit (Killed (cameron.freenode.net (Nickname regained by services)))
1282 2013-08-11 23:32:46 BTCOxygen is now known as 1!~BTCOxygen@unaffiliated/oxygen|BTCOxygen
1283 2013-08-11 23:32:49 <phantomcircuit> gmaxwell, breaking /dev/random even pretty horribly should mostly not break /dev/urandom because of the way it's rekeyed
1284 2013-08-11 23:34:18 <runeks> Looks like this guy got lucky: 127da3144a02f16e1a5ccb67778a2f5f9924023ce9aa20c1c4d08be576cbb0b9 the same r-value for two inputs, but they happen to redeem outputs to two different addresses.
1285 2013-08-11 23:34:40 <Luke-Jr> runeks: r isn't k, is it?
1286 2013-08-11 23:34:52 <runeks> Luke-Jr: r is derived from k
1287 2013-08-11 23:35:04 <runeks> r is the x-coordinate of k*G
1288 2013-08-11 23:35:24 <runeks> and since G is constant for secp256k1, r will be the same for the same k's
1289 2013-08-11 23:36:05 <Luke-Jr> hmm
1290 2013-08-11 23:37:22 agnostic98 has joined
1291 2013-08-11 23:37:26 robocoin has joined
1292 2013-08-11 23:38:59 ericmuyser has joined
1293 2013-08-11 23:39:42 BTCOxygen has quit (Ping timeout: 264 seconds)
1294 2013-08-11 23:39:46 <runeks> This has the equations: http://www.johannes-bauer.com/compsci/ecc/
1295 2013-08-11 23:40:01 <runeks> Scroll down to "Signing using ECDSA"
1296 2013-08-11 23:45:21 agnostic98 has quit (Read error: Connection reset by peer)
1297 2013-08-11 23:45:33 agnostic98 has joined
1298 2013-08-11 23:53:58 agnostic98 has quit (Read error: Connection reset by peer)
1299 2013-08-11 23:54:17 agnostic98 has joined
1300 2013-08-11 23:55:12 imton_ has joined
1301 2013-08-11 23:57:48 imton has quit (Ping timeout: 260 seconds)
1302 2013-08-11 23:57:48 imton_ is now known as imton
1303 2013-08-11 23:57:59 chax has joined