1 2011-11-05 02:18:08 <Diablo-D3> gmaxwell: I have invented the ultimate audio codec
2 2011-11-05 02:18:33 <Diablo-D3> gmaxwell: it does a lot of cpu intensive shit, and then it outputs utter silence.
3 2011-11-05 02:19:13 <cocktopus> if you are going to use the cpu, then make it mine litecoins
4 2011-11-05 02:19:51 <Diablo-D3> cocktopus: you're an idiot.
5 2011-11-05 02:19:54 <cocktopus> :P
6 2011-11-05 02:20:19 <cocktopus> so is there some reason behind the cpu intensive shit then?
7 2011-11-05 02:20:33 <Diablo-D3> I screwed up the math somewhere
8 2011-11-05 02:20:51 <cocktopus> oh lol i thought you did it on purpose
9 2011-11-05 02:21:06 <Diablo-D3> no, I just thought it was hilarious
10 2011-11-05 02:21:20 <cocktopus> it is!
11 2011-11-05 02:21:23 <cocktopus> release it!
12 2011-11-05 02:21:29 <Diablo-D3> nein
13 2011-11-05 02:36:30 <upb> yes
14 2011-11-05 03:27:20 <luke-jr> [23:18:33] <Diablo-D3> gmaxwell: it does a lot of cpu intensive shit, and then it outputs utter silence. <-- sounds like Pulseaudio
15 2011-11-05 03:27:33 <Diablo-D3> luke-jr: :D :D :D :D :D
16 2011-11-05 03:51:14 <CIA-34> poolserverj:� Prep for building auxblocks internally to allow custom coinbase
17 2011-11-05 03:51:14 <CIA-34> poolserverj:� shadders� * 38a32d0c6d50� r184� �/ (9 files in 5 dirs):�
18 2011-11-05 03:51:15 <CIA-34> poolserverj:� shadders� * bd0c3c652d69� r185� �/poolserverj-main/src/main/java/com/shadworld/poolserver/ (2 files in 2 dirs):�
19 2011-11-05 03:51:16 <CIA-34> poolserverj:� made 'solution' field optional
20 2011-11-05 08:04:38 <sipa> ;;bc,nethash
21 2011-11-05 08:04:39 <gribble> 8514.2790500105857
22 2011-11-05 10:13:05 <ThomasV> is there a forum admin here ?
23 2011-11-05 11:48:14 <Levino> hey guys, i set the paytxfee value of my bitcoind to .0005 but he still pays 0.01 transaction fee
24 2011-11-05 11:48:19 <Levino> is this normal?
25 2011-11-05 11:54:32 <cjdelisle> I think that under certain conditions it will override your settings because there is a danger of having a transaction which miners won't accept, I'm not sure if that's what is happening to you.
26 2011-11-05 11:55:45 <ThomasV> Levino: the tx fee depends on the size
27 2011-11-05 11:56:03 <ThomasV> the fee you set is per kb I think
28 2011-11-05 11:56:10 <lfm> also the age of the input(s) values
29 2011-11-05 11:58:21 <ThomasV> btw, will it be possible to cancel a tx that is in the memory pool for too long, or at least to increase its tx fee?
30 2011-11-05 11:58:26 <Levino> the size of the transaction is 404 bytes
31 2011-11-05 11:58:33 <Levino> http://blockexplorer.com/tx/137ac30768fb699f2d905b76929feddb4a61a1fa359554a39832d827bf0eb71d
32 2011-11-05 11:59:24 <ThomasV> Levino: I guess the client should at least tell you about the fee it has decided to pay :-)
33 2011-11-05 11:59:42 <Levino> where to be found? debug.log?
34 2011-11-05 12:00:06 <ThomasV> no, I mean in the dialog, before you accept :-)
35 2011-11-05 12:01:04 <Levino> i do talk about bitcoind running as server
36 2011-11-05 12:01:09 <Levino> using commandline
37 2011-11-05 12:01:11 <Levino> there is no accept
38 2011-11-05 12:01:23 <ThomasV> heh
39 2011-11-05 12:55:53 <CIA-34> libbitcoin:� genjix� * r31f0a62c915e� �/ (12 files in 3 dirs):� autotools build system.
40 2011-11-05 14:20:59 <CIA-34> libbitcoin:� genjix� * rc519ca8c4960� �/ (Makefile.am configure.ac include/bitcoin/Makefile.am):� Install headers system wide.
41 2011-11-05 14:30:58 <CIA-34> libbitcoin:� genjix� * rba1be241a156� �/ (Makefile development-makefile):� renamed: Makefile -> development-makefile
42 2011-11-05 15:41:00 <CIA-34> libbitcoin:� various� * rdb4d3a..8bb703� �/ (6 files in 3 dirs):� (5 commits)
43 2011-11-05 16:53:05 <eueueu> Hi, the alternatives clients are safe to be used? Bitcoin has any requirement to accept any alternative client as safe?
44 2011-11-05 16:53:36 <copumpkin> you just have to implement the protocol correctly
45 2011-11-05 16:53:45 <nathan7> having read the entire source code means 'safe'
46 2011-11-05 16:53:57 <nathan7> without finding anything you don't trust, that is
47 2011-11-05 16:54:08 <copumpkin> nathan7: you heard of the international underhanded C contest? :D
48 2011-11-05 16:54:15 <nathan7> I have, yes.
49 2011-11-05 16:54:26 <copumpkin> eueueu: keep in mind that buggy clients might mean your coins get lost
50 2011-11-05 16:54:28 <nathan7> for the not truly paranoid but still somewhat paranoid, ask a respected person here
51 2011-11-05 16:54:57 <copumpkin> eueueu: so the usual client is probably the most tested, but there's nothing inherently wrong with using a different client
52 2011-11-05 16:55:10 <nathan7> the long night ahead is long and ahead
53 2011-11-05 16:55:19 <copumpkin> longcat is long!
54 2011-11-05 16:55:45 <nathan7> Well, damnit.
55 2011-11-05 16:55:50 <eueueu> ok
56 2011-11-05 16:55:52 <eueueu> understand
57 2011-11-05 16:58:18 <nathan7> Yum, coffee [=
58 2011-11-05 17:11:04 <CIA-34> libbitcoin:� genjix� * r9b581212f95e� �/examples/ (5 files in 2 dirs):� Moved to a separate repo under the project name subvertx: https://gitorious.org/libbitcoin/subvertx
59 2011-11-05 19:15:40 <CIA-34> libbitcoin:� genjix� * r5a3442f36795� �/ (Makefile.am configure.ac libbitcoin.pc.in):� pkg-config
60 2011-11-05 19:25:45 <CIA-34> libbitcoin:� genjix� * ra69b12b8b470� �/libbitcoin.pc.in:� pkg-config Requires is more problematic than it is useful.
61 2011-11-05 19:37:46 <denisx> luke-jr: does your pushpoold uses libevent or libevent2?
62 2011-11-05 19:38:57 <luke-jr> denisx: 2 I think, but it's jgarzik's&
63 2011-11-05 19:39:29 <eueueue> ThomasV: what this means: leonardo@debian:~/Desktop/electrum$ python electrum /usr/bin/python: can't find '__main__' module in 'electrum'
64 2011-11-05 19:39:54 <denisx> I have a major memleak since a botnet hits on my pool with 1000 conn/sec
65 2011-11-05 19:40:12 <denisx> and valgrind says libevent is the problem
66 2011-11-05 19:40:49 <ThomasV> eueueue: go to the client directory
67 2011-11-05 19:41:03 <MartianW> eueueue, No need to copy the entire thing, just the bit after the $ is sufficient.
68 2011-11-05 19:41:35 <eueueue> I'm on client directory
69 2011-11-05 19:42:14 <ThomasV> eueueue: I assume you downloaded the code from github, right?
70 2011-11-05 19:42:59 <eueueue> ThomasV: from here http://s3.ecdsa.org/electrum.tar.gz
71 2011-11-05 19:43:15 <ThomasV> eueueue: oh that's the binary
72 2011-11-05 19:43:30 <ThomasV> do "cd electrum"
73 2011-11-05 19:43:40 <ThomasV> then ./electrum
74 2011-11-05 19:43:53 <eueueue> ok
75 2011-11-05 19:44:07 <ThomasV> the binary is run without python
76 2011-11-05 19:44:50 <eueueue> ThomasV: leonardo@debian:~/Desktop/electrum$ ./electrum Traceback (most recent call last): File "<string>", line 6, in <module> File "__main__.py", line 128, in <module> File "__main__electrum__.py", line 588, in <module> File "gui.py", line 23, in <module> File "gtk/__init__.py", line 40, in <module> File "gtk/_gtk.py", line 14, in <module> ImportError: /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0: undefined sy
77 2011-11-05 19:45:43 <CIA-34> libbitcoin:� genjix� * r54b4d9579c0c� �/libbitcoin.pc.in:� Added Cflags to pkg-config file.
78 2011-11-05 19:47:11 <ThomasV> eueueue: it's difficult to know what causes that. I think that you should try to install from the source, not the binary. I can help you to do that
79 2011-11-05 19:47:28 <ThomasV> the binary is a bit experimental
80 2011-11-05 19:47:57 <eueueue> ThomasV: I'm newbie, so I think it's better wait for a more stable binary
81 2011-11-05 19:48:23 <eueueue> Maybe it's because my instalation is 64b
82 2011-11-05 19:48:31 <eueueue> the problem
83 2011-11-05 19:48:33 <ThomasV> I created this binary a few hours ago
84 2011-11-05 19:48:36 <eueueue> ?
85 2011-11-05 19:48:48 <eueueue> understand
86 2011-11-05 19:48:54 <ThomasV> no, it's not due to that, it doesn't look so
87 2011-11-05 19:49:04 <eueueue> ha ok
88 2011-11-05 19:49:15 <ThomasV> but your error message is truncated, I cannot read it
89 2011-11-05 19:49:30 <eueueue> I can help with anything?
90 2011-11-05 19:49:46 <eueueue> truncated?
91 2011-11-05 19:49:53 <ThomasV> yes, provide the complete error message
92 2011-11-05 19:50:06 <ThomasV> for example on pastebin
93 2011-11-05 19:50:20 <eueueue> The terminal appear this message: leonardo@debian:~/Desktop/electrum$ ./electrum Traceback (most recent call last): File "<string>", line 6, in <module> File "__main__.py", line 128, in <module> File "__main__electrum__.py", line 588, in <module> File "gui.py", line 23, in <module> File "gtk/__init__.py", line 40, in <module> File "gtk/_gtk.py", line 14, in <module> ImportError: /usr/lib/x86_64-linux-gnu/libgdk_pixb
94 2011-11-05 19:51:18 <ThomasV> eueueue: I cannot read your complete message, the line is too long, irc cuts it
95 2011-11-05 19:51:27 <eueueue> ha ok
96 2011-11-05 19:51:32 <eueueue> i'll paste on patebin
97 2011-11-05 19:51:37 <eueueue> wait
98 2011-11-05 19:52:20 <eueueue> ThomasV: http://pastebin.com/ywuGvDAr
99 2011-11-05 19:53:44 <ThomasV> eueueue: thanks. unfortunately, I don't think it helps...
100 2011-11-05 19:53:55 <eueueue> hum
101 2011-11-05 19:53:59 <eueueue> bad to know
102 2011-11-05 19:54:09 <eueueue> I really would like to test your program
103 2011-11-05 19:54:23 <eueueue> but ok
104 2011-11-05 19:54:43 <ThomasV> well, it is easy to install from the source
105 2011-11-05 19:55:18 <ThomasV> there is no compilation needed, because it is python
106 2011-11-05 19:55:31 <ThomasV> all you need is to install the dependencies
107 2011-11-05 19:55:41 <ThomasV> and I can help you
108 2011-11-05 19:55:51 <CIA-34> libbitcoin:� genjix� * r54b6e7e579e5� �/libbitcoin.pc.in:� C++0x in Cflags for pkg-config
109 2011-11-05 19:56:11 <eueueue> http://ubuntuforums.org/showthread.php?t=1801548
110 2011-11-05 19:56:26 <eueueue> appear to be the same kind of problem
111 2011-11-05 19:57:30 <ThomasV> indeed
112 2011-11-05 19:57:39 <ThomasV> but my box is 64 bits
113 2011-11-05 19:58:26 <eueueue> I'm on debian wehexxy
114 2011-11-05 19:58:29 <eueueue> whezzy
115 2011-11-05 20:05:34 <CIA-34> libbitcoin:� genjix� * rfaf47bfaa7f5� �/libbitcoin.pc.in:� Added libbitcoin to pkg-config Libs
116 2011-11-05 20:15:36 <ThomasV> OMFG
117 2011-11-05 20:15:58 <ThomasV> eueueue: google is fast: http://www.google.com/search?client=ubuntu&channel=fs&q=%2Fusr%2Flib%2Fx86_64-linux-gnu%2Flibgdk_pixbuf-2.0.so.0%3A+undefined+symbol%3A+g_simple_async_result_take_error&ie=utf-8&oe=utf-8
118 2011-11-05 20:39:07 <eueueue> ThomasV: I asked on debian irc about the problem and they said me to write this for you:
119 2011-11-05 20:39:39 <eueueue> first paste the output of "ldd /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0" The result is here: http://pastebin.com/M0H27uXz
120 2011-11-05 20:40:13 <eueueue> show him what you showed us and tell him that the missing symbol is in that libgio
121 2011-11-05 20:40:34 <eueueue> if he cant fix it then, tough luck, i dont know python. I can see that its appearantly not using ld as I just did but probably its own library loader
122 2011-11-05 20:43:09 <ThomasV> eueueue: I don't think that I can fix it, but I can help you install it from source
123 2011-11-05 20:44:05 <eueueue> ThomasV: I chatting with debian irc and they are helping me to find the problem. I think is a missing librasy
124 2011-11-05 20:44:15 <eueueue> will tell you about news
125 2011-11-05 20:44:16 <eueueue> thanks
126 2011-11-05 20:44:51 <ThomasV> eueueue: yes, I suppose that you have a missing shared library
127 2011-11-05 20:52:26 <ThomasV> eueueue: what does "aptitude search python-gtk2" return ?
128 2011-11-05 20:52:54 <eueueue> will see
129 2011-11-05 20:54:01 <eueueue> ThomasV: http://pastebin.com/1SLy9VM1
130 2011-11-05 20:55:36 <ThomasV> eueueue: ok, then it should be easy to use the source. the binary is mostly for people who do not have pygtk
131 2011-11-05 20:56:17 <eueueue> ThomasV: but using the source, how to update the program when a new version be released?
132 2011-11-05 20:56:31 <eueueue> will be easy?
133 2011-11-05 20:56:36 <ThomasV> eueueue: with "git pull"
134 2011-11-05 20:56:50 <ThomasV> very easy
135 2011-11-05 20:56:59 <eueueue> so tell me the steps
136 2011-11-05 20:57:34 <ThomasV> "git clone git://gitorious.org/electrum/electrum.git"
137 2011-11-05 20:58:27 <eueueue> ThomasV: done
138 2011-11-05 20:58:57 <ThomasV> "sudo easy_install ecdsa"
139 2011-11-05 20:59:26 <eueueue> ThomasV: done
140 2011-11-05 20:59:26 <ThomasV> and "sudo easy_install pycrypto"
141 2011-11-05 20:59:45 <eueueue> ThomasV: done
142 2011-11-05 21:00:04 <ThomasV> "python /electrum/client/electrum.py"
143 2011-11-05 21:00:30 <ThomasV> err, sorry
144 2011-11-05 21:00:34 <ThomasV> "python ./electrum/client/electrum.py"
145 2011-11-05 21:01:10 <eueueue> what is seed?
146 2011-11-05 21:01:16 <eueueue> sorry my english
147 2011-11-05 21:01:39 <ThomasV> it is a secret passphrase that you must remember
148 2011-11-05 21:01:58 <eueueue> hum
149 2011-11-05 21:02:20 <eueueue> minimun 20
150 2011-11-05 21:02:21 <eueueue> wow
151 2011-11-05 21:02:55 <ThomasV> eueueue: http://xkcd.com/936/
152 2011-11-05 21:03:35 <eueueue> ThomasV: server
153 2011-11-05 21:03:38 <ThomasV> the seed will be asked only once. it is not your encryption password
154 2011-11-05 21:03:53 <eueueue> ok
155 2011-11-05 21:03:54 <eueueue> ecdsa.org:50000
156 2011-11-05 21:04:00 <ThomasV> oh leave all fields to their default values
157 2011-11-05 21:04:18 <ThomasV> there is no other server at this point :-)
158 2011-11-05 21:04:59 <eueueue> ThomasV: Can i use my walltet of bitcoin?
159 2011-11-05 21:05:06 <ThomasV> eueueue: so you see, it was not too difficult
160 2011-11-05 21:05:20 <eueueue> ThomasV: you are right
161 2011-11-05 21:06:06 <ThomasV> no, you cannot import keys from another wallet. this is not possible, because the key generation is deterministic
162 2011-11-05 21:06:09 <gmaxwell> ThomasV: I hope you're not encouraging people to use this as is. Using password based wallets without considerable key strengthening is very inadvisable, even if you have given it a long minimum length.
163 2011-11-05 21:07:17 <ThomasV> gmaxwell: you mean because people will choose guessable seeds ?
164 2011-11-05 21:07:56 <gmaxwell> ThomasV: because people are _incapable_ of chosing non-guessable seeds.
165 2011-11-05 21:08:21 <gmaxwell> (and because including a bunch of strengthening is a very cheap way to even the playing field a bit)
166 2011-11-05 21:11:18 <gmaxwell> ThomasV: I'm generally opposed to user-key provided wallets. People are really amazingly bad at choosing passwords, and "write down and keep safe this random sequence" isn't all that burdensom. But at least use considerable strengthening... if you must: cache the strenghtened form and use it as a master key to derrive the others.
167 2011-11-05 21:12:07 <ThomasV> gmaxwell: I am not doing this now.
168 2011-11-05 21:12:40 <cjdelisle> People are really amazingly bad at <-- but they are still the boss
169 2011-11-05 21:13:17 <ThomasV> well, people are amazingly bad at doing regular backups of their wallets too
170 2011-11-05 21:13:45 <gmaxwell> ThomasV: sure, I'm not at all opposed to determinstic wallets. I'm opposed to user provided keys, because the user won't provide enough entropy.
171 2011-11-05 21:13:50 <ThomasV> but I agree that some salting could be added
172 2011-11-05 21:13:57 <gmaxwell> (and not just won't, generally _can't_)
173 2011-11-05 21:14:56 <gmaxwell> But none of those backup problems exist for a "here is your wallet code (128 bit number in pgpwords form) if you lose it, all your coin is lost, have fun!"
174 2011-11-05 21:15:25 <ThomasV> yes, except that such a code will not be memorized
175 2011-11-05 21:15:44 <cjdelisle> It could be optional, if people want to use it, why not.
176 2011-11-05 21:16:20 <cjdelisle> The part where it gets evil is when you're corraling people and forcing something down their throat.
177 2011-11-05 21:16:30 <ThomasV> eueueue: is your seed easily guessable ?
178 2011-11-05 21:16:42 <eueueue> yes
179 2011-11-05 21:16:52 <gmaxwell> ThomasV: also you can't generally ask people that. They'll say no, then be shocked.
180 2011-11-05 21:17:33 <ThomasV> heh no, someone just said yes
181 2011-11-05 21:17:40 <gmaxwell> indeed.
182 2011-11-05 21:17:55 <gmaxwell> You basically can't get more than two dozen bits of entopy out of someone, even if they are trying hard to be secure... not with any hope of them remembering it.
183 2011-11-05 21:17:56 <ThomasV> well, I do like the idea of storing the seed in my memory
184 2011-11-05 21:17:58 <eueueue> Tell me: the official bitcoin client will have option to use blockchain of a external server?
185 2011-11-05 21:18:42 <ThomasV> eueueue: I do not know about that
186 2011-11-05 21:18:57 <gmaxwell> cjdelisle: The software shouldn't foot gun the user. If it's not possible for the software to get most of the users to understand the ramifications of a dangerious decision, it shouldn't offer the decision.
187 2011-11-05 21:19:43 <gmaxwell> cjdelisle: also, my first point wrt- strenghtening isn't something the user would even be aware of.
188 2011-11-05 21:19:57 <cjdelisle> What OS do you use?
189 2011-11-05 21:19:57 <ThomasV> gmaxwell: I agree on that
190 2011-11-05 21:20:08 <ThomasV> I mean, on your last point
191 2011-11-05 21:20:16 <gmaxwell> Right.
192 2011-11-05 21:26:57 <gmaxwell> ThomasV: but even with that, you still retain the serious risk from users being unable to produce entropy. There is even a nontrivial risk of accidental collision if the software is widely used� keep in mind that birthday 'paradox' means you half the bits of effective security against chance collisions.
193 2011-11-05 21:27:48 <ThomasV> how so?
194 2011-11-05 21:28:48 <ThomasV> I mean, how is a collision possible with strenghtening?
195 2011-11-05 21:30:41 <gmaxwell> Strenghtening is orthorgonal. It doesn't change the amount of entropy in the users passwords it simply makes an attacker who is trying many in brute force work (a LOT) harder.
196 2011-11-05 21:32:07 <gmaxwell> But two users could, by chance, pick the same password without any brute force just because their passwords have low entropy... and because any user could potentially match any other the chance of this happening to _someone_ is worse than you might expect from the entropy of their passwords.
197 2011-11-05 21:33:01 <ThomasV> wait, are you talking about extending the key with a salt?
198 2011-11-05 21:34:26 <gmaxwell> No, thats not what key strenghtening is.
199 2011-11-05 21:35:07 <ThomasV> that's what bccapi does
200 2011-11-05 21:35:35 <Eliel> gmaxwell: I wonder how much entropy you could reliably get by having the user draw something. That is, repeatable entropy.
201 2011-11-05 21:36:33 <ThomasV> Eliel: very little. they will not be able to recover their drawings
202 2011-11-05 21:37:08 <gmaxwell> Eliel: I spent some time trying to figure out a simpler question that that�
203 2011-11-05 21:37:53 <gmaxwell> Eliel: can you make a series of questions for the user which map to a key where they only have to get any N out of M right, but you're blind when decoding it.
204 2011-11-05 21:38:31 <Eliel> blind? what d oes that mean?
205 2011-11-05 21:39:00 <gmaxwell> Eliel: and after hours of thinking about it, I come up with a simple enough proof that it's not possible (it's hard to explain in text� basically you draw the graph expressing inputs to outputs, then perform a matching and you'll see that with the N-M constraint all subgraphs must be connected� so there can be only one key)
206 2011-11-05 21:39:19 <gmaxwell> Eliel: e.g. you don't have anything other than what the user provides.. no external check value or whatever.
207 2011-11-05 21:40:08 <gmaxwell> I'd hoped to use something like that to create a determinstic wallet that asked you a bunch of personal questions to form your key but didn't require you to actually get all of them right. Alas.
208 2011-11-05 21:40:10 <Eliel> you could perhaps help that a little by having the user memorize a short password.
209 2011-11-05 21:40:43 <Eliel> which wouldn't really be a password but rather error correcting code for the set of questions.
210 2011-11-05 21:40:47 <gmaxwell> Eliel: yes, if you're willing to have the user memorize something then you're fine. Though at that point you could skip the form and have them just remember enough bits to provide real security.
211 2011-11-05 21:41:12 <Eliel> how many bits of entropy would each question get you?
212 2011-11-05 21:41:55 <Eliel> even with questions, you're depending on them remembering the answers.
213 2011-11-05 21:42:03 <gmaxwell> only a few.. consider the sorts of questions you could ask people.
214 2011-11-05 21:42:22 <gmaxwell> Eliel: yes, people already remember many things.
215 2011-11-05 21:42:37 <gmaxwell> ThomasV: "newborn December egghead insurgent goggles maritime slingshot specialist cement bookseller" < is that terribly hard to remember?
216 2011-11-05 21:43:01 <gmaxwell> (especially when for reentery you can complete the words using a list?)
217 2011-11-05 21:43:13 <Eliel> I was thinking to both use what they already remember and the password, which doesn't have to be all correct either if they happen to remember enough questions.
218 2011-11-05 21:43:25 <Eliel> they couldn't choose the password though
219 2011-11-05 21:43:32 <Eliel> if that was to be the case
220 2011-11-05 21:44:02 <ThomasV> gmaxwell: no
221 2011-11-05 21:44:08 <gmaxwell> (Thats 80 bits of real entropy there� not ideal, 128 is the gold standard)
222 2011-11-05 21:44:26 <gmaxwell> http://en.wikipedia.org/wiki/PGP_word_list
223 2011-11-05 21:45:07 <Eliel> gmaxwell: one obvious thing might be to base it on their handwriting. Those should be reasonably stable forms they can repeat.
224 2011-11-05 21:45:45 <Eliel> but it does have the disadvantage that it's relatively easy to get a hold of.
225 2011-11-05 21:45:50 <phantomcircuit> gmaxwell, most people are fully capable of memorizing a 128 bit password
226 2011-11-05 21:45:53 <gmaxwell> Eliel: good luck creating an _efficient_ errorcorrecting code for that. :)
227 2011-11-05 21:45:59 <phantomcircuit> seriously
228 2011-11-05 21:46:15 <gmaxwell> phantomcircuit: They're not capable of making them up.
229 2011-11-05 21:46:42 <Eliel> phantomcircuit: yes, but they're lazy about learning them :)
230 2011-11-05 21:46:46 <phantomcircuit> rbgjg66depu4e2jm568aw9q2vc
231 2011-11-05 21:46:53 <ThomasV> gmaxwell: so you recommend to generate the seed, and then convert it to such a word list?
232 2011-11-05 21:46:56 <phantomcircuit> that is well within the crasp of a human being to memorize
233 2011-11-05 21:47:30 <phantomcircuit> ok that's 131 bits
234 2011-11-05 21:47:32 <phantomcircuit> but still
235 2011-11-05 21:48:12 <Eliel> phantomcircuit: while that is memorizeable, most people won't attempt it without a very heavy reason.
236 2011-11-05 21:48:26 <phantomcircuit> yeah something crazy like securing all their money?
237 2011-11-05 21:48:27 <phantomcircuit> xD
238 2011-11-05 21:48:41 <gmaxwell> ThomasV: Yes sir, and better� also combine it with a password (don't put any burdensom requirements on the password). Save the seed on disk. Use a moderately costly Key derivation to generate the master key you actually use.
239 2011-11-05 21:48:47 <Eliel> phantomcircuit: only if they believe it's really necessary
240 2011-11-05 21:48:52 <terrytibbs> can i make a copy of the blockchain files while bitcoin is running?
241 2011-11-05 21:49:04 <phantomcircuit> terrytibbs, yes but dont
242 2011-11-05 21:49:11 <phantomcircuit> it will *probably* work
243 2011-11-05 21:49:14 <Eliel> phantomcircuit: you'd be surprised how many will refuse to believe they need to remember that much.
244 2011-11-05 21:49:27 <terrytibbs> phantomcircuit: what is the recommended way to make blockchain backups?
245 2011-11-05 21:49:44 <phantomcircuit> terrytibbs, stop the client
246 2011-11-05 21:49:55 <phantomcircuit> there is an rpc call for backing up the wallet
247 2011-11-05 21:49:58 <terrytibbs> darn it
248 2011-11-05 21:50:03 <terrytibbs> yeah, i know about that one
249 2011-11-05 21:51:46 <batouzo> do you think USA might outlaw mining or using btc?
250 2011-11-05 21:51:54 <ThomasV> gmaxwell: I like this idea
251 2011-11-05 21:52:11 <batouzo> one would think it's quite crazy to do so, but so is petting down children on prom by TSA agents
252 2011-11-05 21:52:56 <gmaxwell> batouzo: wrong channel, keep the political speculation someplace else please!
253 2011-11-05 21:53:00 <Mad7Scientist> my poclbm miners keep getting disconnected from bitcoin -server
254 2011-11-05 21:53:09 <Mad7Scientist> I have to restart bitcoin to let them reconnect
255 2011-11-05 21:53:31 <Mad7Scientist> they are just stuck on "Problems communicating with bitcoin RPC"
256 2011-11-05 21:53:37 <batouzo> gmaxwell: oki, perhaps it is not important enough to be here
257 2011-11-05 21:54:24 <gmaxwell> batouzo: Its not a question anyone can answer objectively. All it can do is inspire various politics laden arguments.
258 2011-11-05 21:55:09 <batouzo> we can monitor what is happening and where legislation is going
259 2011-11-05 21:55:40 <batouzo> maybe more on topic question - is there plan what developers should do in such event
260 2011-11-05 21:55:58 <terrytibbs> you cannot stop a peer-to-peer network
261 2011-11-05 21:56:12 <terrytibbs> there is no central point of attack
262 2011-11-05 21:56:23 <gmaxwell> terrytibbs: please don't spread misinformation.
263 2011-11-05 21:56:33 <terrytibbs> please, correct me
264 2011-11-05 21:56:42 <BlueMatt> batouzo: no, if bitcoin were made illegal in the us/eu why bother, its dead anyway
265 2011-11-05 21:57:00 <gmaxwell> Bitcoin is not at all resistant to suppression by governments. As BlueMatt says, why bother?
266 2011-11-05 21:57:18 <gmaxwell> It's also not obvious that bitcoin could be made secure while it was broadly illegal.
267 2011-11-05 21:57:22 <terrytibbs> "suppression"
268 2011-11-05 21:57:34 <batouzo> BlueMatt: it is "dead" then?
269 2011-11-05 21:57:35 <BlueMatt> maybe you could keep the network going, but its not gonna grow if it cant get legitimate support
270 2011-11-05 21:57:37 <batouzo> how?
271 2011-11-05 21:57:40 <gmaxwell> terrytibbs: you block a single port on the internet and the current bitcoin software is over.
272 2011-11-05 21:57:56 <terrytibbs> gmaxwell: right, but did you "stop" bitcoin?
273 2011-11-05 21:58:03 <batouzo> BlueMatt: every big prohibition that comes to my mind, only made given thing bigger
274 2011-11-05 21:58:09 <BlueMatt> heh, not at all
275 2011-11-05 21:58:14 <batouzo> alcohol prohibition increases alcohol and drugs usage x7
276 2011-11-05 21:58:18 <BlueMatt> bitcoin isnt big
277 2011-11-05 21:58:38 <batouzo> banning nutella and alikes spawned torrents with virtually everyone using
278 2011-11-05 21:58:39 <gmaxwell> terrytibbs: you find a miner. You put him on live tv. You shoot him in the head. You say "Who's next? Our power meter auditers are ready"
279 2011-11-05 21:58:47 <batouzo> *gnutella? how was that called ;)
280 2011-11-05 21:58:52 <BlueMatt> bitcoin would have to have HUGE backing for it to resist being made illegal, and then it probably still wouldnt survive as huge backing probably comes from legitimate companies what will pull out
281 2011-11-05 21:58:55 <gmaxwell> terrytibbs: now how can bitcoin be secure in an enviroment like that.
282 2011-11-05 21:59:04 <terrytibbs> gmaxwell: i'm not saying you can't supress bitcoin - i'm saying you can't stop it
283 2011-11-05 21:59:24 <BlueMatt> network-wise maybe, but it wont keep growing, and most of the current developers would drop off
284 2011-11-05 21:59:35 <terrytibbs> i agree
285 2011-11-05 21:59:41 <gmaxwell> terrytibbs: I just described how you stop it. One mining must be done in secret the hash power will be low enough that it becomes trivial to just DOS bitcoin out with blocks of trash.
286 2011-11-05 22:00:05 <batouzo> BlueMatt: many things grow so big while being banned. Or even, because they are banned
287 2011-11-05 22:00:18 <batouzo> dunno maybe btc is too small though
288 2011-11-05 22:00:23 <terrytibbs> gmaxwell: you still haven't stopped the network
289 2011-11-05 22:00:27 <BlueMatt> in a very different set of circumstances, maybe, not bitcoin
290 2011-11-05 22:00:30 <terrytibbs> it might be worthless, but it's still running
291 2011-11-05 22:00:57 <BlueMatt> if eu+us govt tried to block bitcoin all they have to do is go after the devs and bitcoin is gone
292 2011-11-05 22:00:57 <gmaxwell> terrytibbs: well I stopped in in step zero above by globally blocking a single port.
293 2011-11-05 22:01:06 <batouzo> bittorrent (for given files) is illegal.
294 2011-11-05 22:01:09 <batouzo> but people still use it
295 2011-11-05 22:01:18 <BlueMatt> very different case there
296 2011-11-05 22:01:27 <batouzo> why should people listen to some stupid law like that all of a sudden
297 2011-11-05 22:01:42 <terrytibbs> gmaxwell: that's more like a roadblock
298 2011-11-05 22:01:44 <gmaxwell> terrytibbs: of course it _could_ be made more agile than that, but as you admitted� if someone wants to attack it they can make it worthless, so why bother?
299 2011-11-05 22:01:57 <batouzo> about mining... it would just moved to other countries?
300 2011-11-05 22:02:29 <terrytibbs> gmaxwell: i fully agree. i simply reacted to you telling me to stop spreading misinformation
301 2011-11-05 22:02:33 <batouzo> BlueMatt: bitcoin is open source, actually can work without devels
302 2011-11-05 22:02:40 <gmaxwell> terrytibbs: If you're willing to admit changing the software to evade network level blocking then you can say that nothing can be stopped. Block drugs at the border? people figure out how to make a van _out_ of drugs. :)
303 2011-11-05 22:02:57 <terrytibbs> yes, but you can stop paypal
304 2011-11-05 22:03:02 <terrytibbs> you can't stop bitcoin
305 2011-11-05 22:03:06 <gmaxwell> No, just a roadblock...
306 2011-11-05 22:03:08 <batouzo> developers have option to move development to freenet using Mercurial for example. (or just git it)
307 2011-11-05 22:03:18 <terrytibbs> gmaxwell: explain
308 2011-11-05 22:03:33 <gmaxwell> other paypal clones would pop up.. or the paypal opertors could make it available via a hidden service.
309 2011-11-05 22:03:43 <terrytibbs> oh, you're doing that angle
310 2011-11-05 22:03:48 <gmaxwell> They probably _won't_ because that would be silly, but they could!
311 2011-11-05 22:03:57 <batouzo> wait, why we talk about paypal now?
312 2011-11-05 22:04:31 <BlueMatt> batouzo: either its the language barrier, or you are unwilling to accept reality, either way not a useful discussion
313 2011-11-05 22:04:54 <terrytibbs> fine; you cannot take all the money in the bitcoin economy, but you can do the paypal equivalent
314 2011-11-05 22:05:07 <batouzo> gmaxwell: I mean, how can you stop people from developing bitcoin software?
315 2011-11-05 22:05:13 <gmaxwell> terrytibbs: you can make bitcoin _unspendable_
316 2011-11-05 22:05:24 <gmaxwell> batouzo: by putting them in jail when you find them.
317 2011-11-05 22:05:42 <gmaxwell> (in the US prisoners don't get computers :) )
318 2011-11-05 22:05:48 <batouzo> then developers would probably use at least tor?
319 2011-11-05 22:06:03 <gmaxwell> No, they'd find something less risky to do with their time.
320 2011-11-05 22:06:13 <terrytibbs> gmaxwell: i think we're both dancing around each other's questions, let's agree to disagree
321 2011-11-05 22:06:14 <BlueMatt> none of the current devs would be willing to contribute if it represents such a big risk
322 2011-11-05 22:06:53 <batouzo> people did developed stuff like DeCss
323 2011-11-05 22:06:55 <gmaxwell> terrytibbs: I think you're still missing an important point. Once the hash power is low, a wealthy attacker can just process no more transactions. You could start trying to block that, but then it's not bitcoin anymore.
324 2011-11-05 22:07:11 <BlueMatt> batouzo: I said none of bitcoin's current devs, not no devs in the world
325 2011-11-05 22:07:14 <batouzo> actually.. was any software delegalized?
326 2011-11-05 22:07:23 <batouzo> except for cryptography in past
327 2011-11-05 22:07:51 <terrytibbs> gmaxwell: with enough money, you can make bitcoin _almost_ stop processing transactions
328 2011-11-05 22:07:58 <terrytibbs> today!
329 2011-11-05 22:07:59 <gmaxwell> batouzo: no,� software even made crypto more legal.
330 2011-11-05 22:08:04 <batouzo> so development could continue with new people. if at all needed... we do have total backward compatibility
331 2011-11-05 22:08:15 <BlueMatt> if you get a nice case of it happening, bitcoin devs could easily be gone after for money laundering
332 2011-11-05 22:08:29 <gmaxwell> (see Bernstein v. United States)
333 2011-11-05 22:08:59 <batouzo> BlueMatt: that is a possibility too
334 2011-11-05 22:09:04 <gmaxwell> terrytibbs: Indeed, swinging over to my side?
335 2011-11-05 22:09:08 <batouzo> hm. I guess satoshi was wise to remain anon
336 2011-11-05 22:09:09 <batouzo> :)
337 2011-11-05 22:09:24 <cocktopus> trollan
338 2011-11-05 22:09:24 <gmaxwell> Except, with a sprinkle of illegality you could make it completely stop and not too expensively.
339 2011-11-05 22:09:31 <midnightmagic> i think gavin's really put his neck out there doing it in the open
340 2011-11-05 22:09:50 <midnightmagic> i'm not surprised at all that he's been talking to lawyers this whole time.
341 2011-11-05 22:09:57 <terrytibbs> gmaxwell: I guess I was always on your side on that subject, what I meant was that you couldn't _stop_ the network per se
342 2011-11-05 22:10:06 <batouzo> midnightmagic: e.g. Freenet does it by heaving few open developers, as well as some anomymous
343 2011-11-05 22:10:21 <midnightmagic> and i2p appears to be mostly anonymous
344 2011-11-05 22:10:22 <batouzo> I assume if people would opress main developers, there are other people ready to continue
345 2011-11-05 22:10:28 <batouzo> midnightmagic: yeap. Zzz ;)
346 2011-11-05 22:10:33 <midnightmagic> who the hell is duck.. or zzz?
347 2011-11-05 22:10:34 <batouzo> ("zzz" developer)
348 2011-11-05 22:10:42 <midnightmagic> yeah exactly.
349 2011-11-05 22:10:50 <batouzo> actually, bitcoin should has easiest way here. the code is so simple and small
350 2011-11-05 22:11:04 <gmaxwell> terrytibbs: okay, but you admit that when people talk about stopping bitcoin they'd take "worthless and unable to process transactions" as "stopped", no?
351 2011-11-05 22:11:33 <terrytibbs> bitcoin? yes
352 2011-11-05 22:11:35 <batouzo> gmaxwell: nodes can run on TOR right?
353 2011-11-05 22:11:36 <terrytibbs> the network? no
354 2011-11-05 22:11:42 <terrytibbs> i probably misspoke
355 2011-11-05 22:11:51 <midnightmagic> as long as people are philosophically inclined to use something like bitcoin, and maybe open transactions, the software itself is immortal.
356 2011-11-05 22:11:53 <batouzo> the more world would outlaw mining, assuming people would be not able to fight against such ... law
357 2011-11-05 22:12:08 <batouzo> ...the more people mining on TOR are earning more on it (at least from the lower-diff part)
358 2011-11-05 22:12:10 <gmaxwell> batouzo: kind.
359 2011-11-05 22:12:17 <gmaxwell> It doesn't work right on tor alone.
360 2011-11-05 22:12:32 <gmaxwell> Because it can't rumor onion addresses.. you'd have to manually configure all your peers.
361 2011-11-05 22:12:44 <batouzo> gmaxwell: yeah, you have to build darknet
362 2011-11-05 22:12:57 <batouzo> seems like something that can be improved
363 2011-11-05 22:13:19 <batouzo> I think bitcoin would survive technically at least :)
364 2011-11-05 22:13:20 <gmaxwell> It can be, I posted a list of things. And I think it should be improved� but it doesn't make bitcoin outside of the reach of the law.
365 2011-11-05 22:13:26 <terrytibbs> bootstrapping was always a semi-problem
366 2011-11-05 22:13:55 <batouzo> gmaxwell: law is far from perfect
367 2011-11-05 22:13:56 <midnightmagic> you can use namecoin to do lookups that resolve to .onion
368 2011-11-05 22:14:04 <gmaxwell> The reason to make it work better on tor is not to make it survive being outlawed generally� but to discourage small states from outlawing it.
369 2011-11-05 22:14:12 <batouzo> wonder if people would care enough to make some movement to lift bitcoin ban
370 2011-11-05 22:14:50 <midnightmagic> it would be very hard to tailor a law to ban bitcoin itself that doesn't have a pile of collateral damage.
371 2011-11-05 22:14:53 <gmaxwell> E.g. to make it less likely that Saudi Arabia would filter it.
372 2011-11-05 22:16:38 <batouzo> midnightmagic: I guess
373 2011-11-05 22:16:44 <batouzo> midnightmagic: look at recent laws though
374 2011-11-05 22:17:09 <midnightmagic> right and they mostly have significant collateral damage that sweeps up a whole pile of activities into illegality.
375 2011-11-05 22:17:24 <batouzo> yeap
376 2011-11-05 22:17:32 <batouzo> and still they are in place
377 2011-11-05 22:18:04 <midnightmagic> some would argue laws like that are unconstitutional. but unfortunately nobody has the clout nor balls to properly challenge them.
378 2011-11-05 22:18:54 <batouzo> why can't users, citizens, just make sure such laws, as well as all bans and wars on alcohol and everything be stopped? They where able to do it before in USA.. constitution, 4th amendment, fight to legalize [exporting] of crypto... Why now it is not working?
379 2011-11-05 22:19:52 <midnightmagic> because the U.S. is not a democracy, and not even a republic anymore. It is an inverted totalitarian state, but few people realise how far along it is in that direction.
380 2011-11-05 22:19:56 <batouzo> or for many parts of the world too. (EU). Do you think it may be economically based, that people depend on gov?
381 2011-11-05 22:20:16 <BlueMatt> ok, can we stop the political discussion?
382 2011-11-05 22:20:46 <midnightmagic> you have something about bitcoin that needs to be discussed?
383 2011-11-05 22:21:15 <batouzo> BlueMatt: common, this has direct effect on bitcoin. It's not religion talk or something
384 2011-11-05 22:21:27 <ThomasV> gmaxwell: what does the password bring in the seed generation?
385 2011-11-05 22:21:43 <phantomcircuit> batouzo, plz2 #bitcoin
386 2011-11-05 22:21:59 <batouzo> Im there too
387 2011-11-05 22:22:26 <batouzo> midnighmagic, join too :)
388 2011-11-05 22:22:26 <BlueMatt> then discuss it there, its about bitcoin, not bitcoin development
389 2011-11-05 22:22:27 <midnightmagic> nobody has ever off-topic'd #bitcoin-dev directly while I was watching, for the whole time I've been here since last december.
390 2011-11-05 22:22:37 <BlueMatt> midnightmagic: bullshit
391 2011-11-05 22:23:00 <batouzo> wait I remember
392 2011-11-05 22:23:05 <BlueMatt> #bitcoin-dev used to always be off-topic
393 2011-11-05 22:23:08 <batouzo> taht is correct
394 2011-11-05 22:23:10 <BlueMatt> in fact, it often is now adays
395 2011-11-05 22:23:43 <midnightmagic> what I mean is, nobody has ever attempted to force conversation off #bitcoin-dev into another channel by claiming the topic is offtopic.
396 2011-11-05 22:24:30 <gmaxwell> ThomasV: The password would let you save the seed on disk without making the user completely vulnerable to someone who gets access to a copy of their disk.
397 2011-11-05 22:24:53 <ThomasV> oh but that's after
398 2011-11-05 22:24:55 <gmaxwell> midnightmagic: er, I just did a few minutes ago.
399 2011-11-05 22:25:08 <nanotube> midnightmagic: well, it keeps the logs less verbose for people wanting to catch up later, if nothing else :)
400 2011-11-05 22:25:13 <BlueMatt> midnightmagic: people always do if they feel like discussin bitcoin, or otherwise feel like having a quiet chan
401 2011-11-05 22:25:24 <gmaxwell> ThomasV: right, there isn't any need during. Use the best randomness sorce available.
402 2011-11-05 22:25:25 <batouzo> in such case, let's talk in #btc-value too
403 2011-11-05 22:26:01 <ThomasV> gmaxwell: what is the best randomness source?
404 2011-11-05 22:26:59 <gmaxwell> Depends on the operating system. There are platform specific routines for this� typically crypto libraries like openssl provide functions for it that are well respected. In linux (and many other modern unix like systems) you read /dev/random
405 2011-11-05 22:27:42 <iddo> can ask user to move his mouse? truecrypt does that
406 2011-11-05 22:28:41 <gmaxwell> like crypto� its probably best to avoid rolling your own randomness sources.. at least if you can, and if you can't ... combine several (with a cryptographic hash function).
407 2011-11-05 22:29:08 <iddo> how about allow easy password but do lots of scrypt or sha256 iterations on it, then when user wanna retrieve his password he gets prompt that says he needs to wait say 5 hours, but can do merge-mining during these 5 hours to earn some bitcoins?:)
408 2011-11-05 22:29:25 <midnightmagic> /dev/random is built by sources of entropy in the system. on netbsd, /dev/random can be fed by bitstir
409 2011-11-05 22:30:30 <gmaxwell> iddo: you can't merge mining that operation, also, making brute force computationally hard is good� but what if two regular users pick the same easy password? computation suppliments entropy, it doesn't replace it.
410 2011-11-05 22:32:12 <gmaxwell> With enough computation you can probably get away with a lot less true randomness, but not none.
411 2011-11-05 22:32:13 <iddo> ah right cannot merge-mine because no new nonce at each iteration
412 2011-11-05 22:33:08 <gmaxwell> iddo: not just that� its a different problem. There is only one right value for your password because its a cryptographic key. Mining has many right values because any sufficient difficulty solution will suffice.
413 2011-11-05 22:34:05 <iddo> yes i think that's what i meant by no new nonce
414 2011-11-05 22:34:43 <iddo> ok stupid idea:(
415 2011-11-05 22:34:49 <gmaxwell> It would be nice.
416 2011-11-05 22:35:34 <gmaxwell> Actually having a password recovery service that could work with merged mining might be neat. "Go convince 10% of the bitcoin hashpower to work on making you a recovery token, and then we'll give you your password back" :)
417 2011-11-05 22:37:24 <iddo> maybe merge-mining could work if you treat the output of each iteration as the next nonce ?
418 2011-11-05 22:38:53 <gmaxwell> It's just a fundimentally different kind of problem.
419 2011-11-05 22:40:44 <iddo> hmm i guess it cannot work because you cannot derive the first bitcoin block data from the password, because the bitcoin block is different each time
420 2011-11-05 22:43:43 <gmaxwell> You could do some crazy thing where instead of incrementing the normal nonce, you put nonce inside the hardening function and incremnet that. You could merge that but it would save you no effort at all, because you'd have to do four more hashes just to update the bitcoin block.
421 2011-11-05 22:45:46 <iddo> hmm i don't understand, the process that starts from the easy password and does lots of iterations has to be deterministic, so how it can be combined with unknown bitcoin block?
422 2011-11-05 22:45:54 <iddo> what is the hardening function?
423 2011-11-05 22:50:08 <gmaxwell> iddo: :) in that crazy example the hardening function is the bitcoin nonce.
424 2011-11-05 22:50:44 <gmaxwell> so the hardening function runs like normal, and you embed it in the bitcoin pow as the source of the entropy required to 'search'. But as I mentioned, doing that buys you nothing.
425 2011-11-05 22:51:24 <ThomasV> gmaxwell: can I use iterations of sha256 as the hardening function?
426 2011-11-05 22:51:51 <ThomasV> I mean for the key from seed
427 2011-11-05 22:52:26 <ThomasV> I heard scrypt is better, but that's an extra dependency
428 2011-11-05 22:52:48 <gmaxwell> ThomasV: sha512 based PBKDF2 http://en.wikipedia.org/wiki/PBKDF2 perhaps?
429 2011-11-05 22:53:38 <gmaxwell> (plain iterated hashes have some theoretical weaknesses, SHA512 is faster on 64 bit CPUs than SHA256� and doesn't the big installed base of gpu optimization)
430 2011-11-05 22:54:17 <gmaxwell> Yes, scrypt would be better.
431 2011-11-05 22:55:47 <ThomasV> gmaxwell: that wikipedia page mentions a salt?
432 2011-11-05 22:56:09 <iddo> gmaxwell: not sure i understand, only thing i could think of is maybe you could do merge-mining while initially creating the hashed password by combining the iterations with bitcoin blocks, but then you'd need extra storage to save the bitcoin block data you tried in the process, and you don't earn bitcoins when you need to retrieve the password
433 2011-11-05 22:58:17 <gmaxwell> ThomasV: yes? you'd use the random data you're expecting the user to memorize/save there.
434 2011-11-05 22:58:44 <gmaxwell> iddo: It's probably better that you don't understand, it was intentionally silly.
435 2011-11-05 22:59:46 <ThomasV> gmaxwell: well, I thought I'd use it as the "password"
436 2011-11-05 23:02:26 <gmaxwell> ThomasV: well IIRC the only thing PBKDF2 does with the salt is concatinate it as I recall. So if there isn't naturally a salt in your usage, just leave it out.
437 2011-11-05 23:03:07 <ThomasV> ok, so that boils down to iterate over sha512
438 2011-11-05 23:03:32 <ThomasV> what is the number of iterations you recommend?
439 2011-11-05 23:05:20 <iddo> ThomasV: measure cpu speed to determine num of iterations that will take x time, and save that value? that's what bitcoin wallet encryption does i think
440 2011-11-05 23:05:35 <gmaxwell> Well, it's not just iterate over sha512, you keep adding the input back at every step. But yea. You should use as many as the user can reasonably tolerate. It's best if you can save the amount� e.g. bitcoin wallet encryption uses whatever takes your computer 100ms, but you can't. Bitcoin's wallet crypto uses a minimum of 25000 (which is what takes 100ms on some really slow pentium m)
441 2011-11-05 23:06:11 <gmaxwell> iddo: you can't do that for his case, alas, because he doesn't have a great way to store the iteration count.
442 2011-11-05 23:06:44 <ThomasV> yeah, I want to be deterministic
443 2011-11-05 23:07:46 <gmaxwell> one thing thats unfortunate here is that your python mediated implementation might be really slow and cause you to pick a low value... but an attacker is going to use a very fast implementation.
444 2011-11-05 23:07:58 <iddo> what does deterministic have to do with it? it's deterministic is you store both password and iteration count, no?
445 2011-11-05 23:08:12 <iddo> i need to scroll up to understand what's the case here..
446 2011-11-05 23:08:43 <gmaxwell> iddo: he wants the data to be memorizable or at least easily written down.. and bits spent encoding the iterations are bits that could be spent on more randomness.
447 2011-11-05 23:08:48 <ThomasV> gmaxwell: python's hashlib is implemented in python?
448 2011-11-05 23:09:21 <gmaxwell> ThomasV: probably not, but it'll be passing back through python every iteration... go time 25000 and see how long it takes?
449 2011-11-05 23:11:06 <gmaxwell> I think my desktop does something over a million iterations of sha512 per second per core or something like that, with a straight C implementation
450 2011-11-05 23:12:36 <ThomasV> heh, it is slow here
451 2011-11-05 23:12:50 <ThomasV> very slow
452 2011-11-05 23:13:30 <iddo> this is what we're talking about? https://gitorious.org/electrum
453 2011-11-05 23:13:35 <ThomasV> yes
454 2011-11-05 23:13:44 <gmaxwell> ThomasV: :( :(
455 2011-11-05 23:14:07 <ThomasV> gmaxwell: 1 second for 2500, but it does not increase linearly
456 2011-11-05 23:14:58 <iddo> so the idea is not to store any data that the user couldn't retreive just from what he remembers, hmm..
457 2011-11-05 23:15:28 <iddo> why scrypt was ruled out?
458 2011-11-05 23:15:42 <gmaxwell> ThomasV: thats awful! :(
459 2011-11-05 23:16:02 <ThomasV> gmaxwell: indeed
460 2011-11-05 23:16:11 <iddo> i think coblee added scrypt in python for p2pool
461 2011-11-05 23:16:46 <ThomasV> iddo: yes I saw it somewhere
462 2011-11-05 23:17:49 <gmaxwell> iddo: if its actually implemented in python (and isn't a wrapper on C code) it'll be less secure than the iterated sha-512.
463 2011-11-05 23:18:55 <ThomasV> gmaxwell: no, wait, I made a mistake
464 2011-11-05 23:19:01 <iddo> secure in what sense? scrypt should be better from attackers who have gpu ?
465 2011-11-05 23:19:31 <gmaxwell> Scrypt isn't magical pixie dust! This stuff gains its security by making the computation harder for the attacker. Using a slow implementation of a harder function, so that you must do less of it then you are not better off than using a fast implemention of a weaker function.
466 2011-11-05 23:19:49 <iddo> ahh
467 2011-11-05 23:20:34 <ThomasV> I kept adding the seed as a _string_ so its length exploded :-)
468 2011-11-05 23:20:54 <gmaxwell> (and I don't know why people think scrypt is gpu hostile.. it may be if you use large enough memory parameters.. but the scrypt papers don't say anything about GPUs IIRC, their focus was on speedups from asics� some of these scrypt mining coins use very small pools that should fit nicely into gpu caches)
469 2011-11-05 23:21:11 <gmaxwell> ThomasV: ah, ideally you'd want to avoid the coversion to hex. :)
470 2011-11-05 23:22:18 <ThomasV> well, hashlib works on strings
471 2011-11-05 23:22:45 <iddo> i think all scrypt coins use what artforz implemented in cpuminer, not sure if it has parameters?
472 2011-11-05 23:24:05 <ThomasV> gmaxwell: if I avoid adding the seed (thus no hex conversion), 78ms
473 2011-11-05 23:24:31 <ThomasV> (on laptop)
474 2011-11-05 23:25:48 <gmaxwell> Okay, still slow but not uselessly so.
475 2011-11-05 23:26:53 <gmaxwell> iddo: they're using only a very small amount of memory. I'm not _sure_ if it's enough to frustrate the current gpus. But I'm pretty sure it's not enough to frustrate reasonably large FPGAS much.
476 2011-11-05 23:27:26 <gmaxwell> Anyone have an email for him? I'm going to outright ask him if he intentionally picked a function that was FPGA easy for his own benefit.
477 2011-11-05 23:30:04 <ThomasV> gmaxwell: do I gain a lot of extra security by adding the seed back on every step? the point is that it might reduce the number of acceptable iterations
478 2011-11-05 23:31:44 <gmaxwell> ThomasV: can you find a way of doing it that doesn't involve going to hex? e.g. by some bytes function or something? The hash loses entropy as you run it.. so constantly feeding it back without restoring the password is theoretically weak, if not actually a pratical problem.
479 2011-11-05 23:32:36 <ThomasV> that's what I am trying to figure out