1 2014-02-13 00:06:53 <Imbue> does anyone have an address I can use with a ton of pre-pending 0x00 in the binary address?
2 2014-02-13 00:07:19 <Imbue> I want to test my base58 function, it seems to work, but I can only generate a few select examples
3 2014-02-13 00:09:37 <Aaaaand-its-gone> andytoshi: you can also easily calculate that litecoin is equally secure against a 51% after 47.5 minutes of pow than bitcoin after 60 minutes
4 2014-02-13 00:10:51 <Luke-Jr> Aaaaand-its-gone: that's not true either
5 2014-02-13 00:13:16 <Imbue> secure against a 51%? I thought a 51% could outmine starting from the genesis block, given enough time
6 2014-02-13 00:15:52 <Aaaaand-its-gone> well it's true if you have 51% of 1/4
7 2014-02-13 00:16:36 <Aaaaand-its-gone> so 51% of ltc (and bitcoin has difficulty 4x)
8 2014-02-13 00:34:33 <optimator> so, it's not correct to say a transaction hash is mutatable until it's included in a block. It's more correct to say it's mutatable until the blockchain is long enough that a reorg is statistically improbable .
9 2014-02-13 00:35:28 <optimator> 6 confs probably
10 2014-02-13 00:37:09 <gmaxwell> I don't know why you're picking 6, but otherwiseâ sure. Though at one you very nearly require a complicit miner to violate the assumption. Which could happen, indeed, but 6 then is probably not enough. Keep in mind, when you're talking in terms of things that only have denial of service consequences, you don't need as high a bar as in cases where there is a risk of fininical loss.
11 2014-02-13 00:39:15 <optimator> If we're using a low bar, then maybe the length of the longest orphan chain + 1?
12 2014-02-13 00:40:41 <gmaxwell> optimator: you mean like 20 or 75?
13 2014-02-13 00:42:01 <optimator> i don't know the number off hand... I assumed it was lower. but you're right, the number doesn't really matter
14 2014-02-13 00:42:24 <coinz4me> ping
15 2014-02-13 00:42:40 <coinz4me> Woot voiced, now i'll shut up until the current discussion is over.
16 2014-02-13 00:43:16 <gmaxwell> optimator: really getting it to the point where complicit behavior from miners is required is probably a fine standard for a denial of service attack, if miners are willing to DOS they have many tools at their disposal.
17 2014-02-13 00:44:27 <Aaaaand-its-gone> Luke-Jr: you're right, I was wrong, if x is hash power, then ltc is evenly secure after 15 minutes than bitcoin is after 60 minutes, was confused with x/4, that's wrong because it's just x, because you get 4x time
18 2014-02-13 00:45:33 <coinz4me> When someone gets a moment, can they please tell me why this pull request was never incorporated into the mainline? It seems good. https://github.com/bitcoin/bitcoin/pull/3383/files#diff-3b5a9b7d780ff672241548edf2888fcdR359
19 2014-02-13 00:45:43 <Luke-Jr> Aaaaand-its-gone: now you're more wrong ;)
20 2014-02-13 00:46:49 <optimator> @gmaxwell: I was looking at it from a business view. i.e., when can I provide my customer with a txid. but the correct answer is to provide the txid in the longest chain
21 2014-02-13 00:47:43 <coinz4me> It's gotten a little stale I think. I tried to work it in and it was a lot of work and I've got it mostly done, but I'm getting a compile error... class CWalletâ has no member named âSetAddressBook just wondering where that method wandered off too.
22 2014-02-13 00:48:28 <Luke-Jr> coinz4me: it's not useful
23 2014-02-13 00:48:35 <coinz4me> In what way?
24 2014-02-13 00:48:46 <Luke-Jr> coinz4me: find a use case
25 2014-02-13 00:49:27 <coinz4me> Sure, I want to be able to monitor cold storage addresses for unspent tx's and make a decision whether or not to import my privkey and spend.
26 2014-02-13 00:49:31 <Luke-Jr> one that isn't categorised as either 1) doing it wrong; or 2) wrong solution for the problem
27 2014-02-13 00:49:49 <coinz4me> Or a webwallet with no privkeys on board, but people can still check their balances.
28 2014-02-13 00:49:56 <Luke-Jr> coinz4me: you're assuming multiple txs for a single address. that's part of 1) doing it wrong
29 2014-02-13 00:50:07 <Luke-Jr> addresses don't have balances.
30 2014-02-13 00:50:18 <coinz4me> No you're right they have unspent txouts
31 2014-02-13 00:50:35 <Luke-Jr> no
32 2014-02-13 00:50:39 <Aaaaand-its-gone> Luke-Jr: no don't think so :), if x is percentage of hash power, and total amount of hashpower is the same, then it's just x^6=x^6
33 2014-02-13 00:50:40 <Luke-Jr> they receive bitcoins
34 2014-02-13 00:51:06 <Luke-Jr> once
35 2014-02-13 00:51:35 <coinz4me> Luke you talkng to me or Aaaan?
36 2014-02-13 00:51:39 <andytoshi> Aaaaand-its-gone: security against a person with <50% hashpower getting lucky and replacing blocks, is different from the cost to a person with >50% hashpower replacing blocks
37 2014-02-13 00:51:54 <andytoshi> i think you're not distinguishing between those cases
38 2014-02-13 00:52:14 <Luke-Jr> coinz4me: you
39 2014-02-13 00:52:29 <Luke-Jr> Aaaaand-its-gone is just happily confused it sounds like, and totally off-topic
40 2014-02-13 00:52:39 <coinz4me> Ok what you are saying is true in an ideal world... However that's not how people including myself use the software.
41 2014-02-13 00:52:53 <coinz4me> Otherwise why put a donation address in your sig on bitcointalk?
42 2014-02-13 00:53:44 <Luke-Jr> coinz4me: misuse does not justify an overcomplicated feature
43 2014-02-13 00:53:53 <Luke-Jr> coinz4me: especially when a better solution is on the horizon
44 2014-02-13 00:54:05 <coinz4me> It's only usable once right? Only gets coins once right? No, that's just not the truth. It may be what you guys would like to see happen, but it's not the truth of how the product is used in reality.
45 2014-02-13 00:54:13 <coinz4me> What is the better solution luke?
46 2014-02-13 00:54:29 <Luke-Jr> coinz4me: you will be able to make a watch-only copy of a wallet, and it will see new transactions to any address in that wallet
47 2014-02-13 00:54:50 <coinz4me> Which is different from adding a watchonly address how?
48 2014-02-13 00:55:15 <Luke-Jr> it fulfils the use case of people wanting to see wallet activity without privkeys
49 2014-02-13 00:55:34 <Luke-Jr> watchonly address only "does" that when people are misusing bitcoin
50 2014-02-13 00:55:45 <coinz4me> Only if you assume that everyone who might share a privkey would want to share a whole wallet as well.
51 2014-02-13 00:55:47 <Luke-Jr> encouraging broken behaviour
52 2014-02-13 00:56:09 <Luke-Jr> coinz4me: not at all; you will ALSO be able to make a watch-only copy of a subsection of a wallet
53 2014-02-13 00:56:44 <coinz4me> If you had the account feature create a distinct wallet for each account then you might be correct. But a watchonly wallet is just a list of watch only addresses right? I mean how could it be more?
54 2014-02-13 00:57:11 <Luke-Jr> no
55 2014-02-13 00:57:35 <Luke-Jr> the watch-only wallet (or subwallet) is able to monitor infinite addresses
56 2014-02-13 00:58:02 <coinz4me> Either way, having a watchwallet is a lovely idea. In the meantime I'm trying to work through a patch and came in just to ask what happened to CWallet::SetAddressBook did it get changed to something else?
57 2014-02-13 01:00:49 <Luke-Jr> I think it got renamed.
58 2014-02-13 01:00:59 <Luke-Jr> coinz4me: have you looked at Armory?
59 2014-02-13 01:01:10 <Luke-Jr> it has all the features "coming soon" in B-Qt
60 2014-02-13 01:01:12 <coinz4me> Any idea what it got renamed too?
61 2014-02-13 01:01:22 <Luke-Jr> SetAddressBookName IIRC
62 2014-02-13 01:02:28 <coinz4me> Armory doesn't work with altcoins )(AFAIK), I'm putting this patch into a universal webwallet. If/when you guys get the magic wallet feature I'll revert. For now a watch only address is the best solution we could come up with.
63 2014-02-13 01:02:40 <Luke-Jr> coinz4me: this is #BITCOIN-dev
64 2014-02-13 01:02:44 <coinz4me> Thanks luke
65 2014-02-13 01:02:54 <coinz4me> I know and it's bitcoind I'm patching
66 2014-02-13 01:03:10 <coinz4me> Thus the question is/was appropriate.
67 2014-02-13 01:03:59 <coinz4me> I asked why a pull wasn't included and you did a fine job of explaining. I asked what a member function was renamed too and you explained it well. You then asked my why not use armory and explained myself.
68 2014-02-13 01:05:20 <coinz4me> Ok so back to the discussion about immutable tx hashes. Has MtGox finished driving down the price of BTC so they can buy cheaply enough on the open market, or is this actually a serious threat?
69 2014-02-13 01:06:02 <coinz4me> Seems to me the problem stemed from them rolling their own client that didn't work with newer versions and the miners were being kind enough to make the tx valid. Am I missing anything here?
70 2014-02-13 01:07:12 <Luke-Jr> well, their real problem was they were sending people their withdrawls twice, without double spending the retry
71 2014-02-13 01:08:16 <coinz4me> Seems to me the first half of that statement was the only part that mattered.
72 2014-02-13 01:08:36 <Luke-Jr> no, retrying sends is fine as long as you double-spend
73 2014-02-13 01:08:43 <coinz4me> If a withdrawl is not going through shouldn't you just look at the address it was sent to and see if the rest of the tx matches?
74 2014-02-13 01:09:11 <Luke-Jr> that's one option
75 2014-02-13 01:09:20 <coinz4me> Is there a better one?
76 2014-02-13 01:10:06 <Luke-Jr> the most obvious one is to just watch outputs to a given scriptPubKey
77 2014-02-13 01:10:21 <Luke-Jr> this works in all cases (including CoinJoins)
78 2014-02-13 01:10:34 <Luke-Jr> it *does* break with address reuse; I don't consider that a real problem, though
79 2014-02-13 01:11:24 <Luke-Jr> any address reuse safe solution is inherently much more complex
80 2014-02-13 01:13:43 <coinz4me> I dunno Luke something in my gut tells me what you're saying about address reuse is wrong. I mean all you would really have to do is scan the block chain forward from the time the tx was sent looking for one where the inputs match the expected inputs, right? I mean that's what it's all about. You can't spend the same inputs twice.
81 2014-02-13 01:15:01 <coinz4me> I know everyone is on this "you shouldn't reuse an address" trip lately. However the fact is we do all the time. I don't know anyone who doesn't have a donation address that's static. You really going to go through and change your donation address every single time someone sends a donation?
82 2014-02-13 01:15:12 <andytoshi> lately?
83 2014-02-13 01:15:59 <lnovy> can you point me at some discussion on this topic? I don't see a big issue in this too
84 2014-02-13 01:16:02 <andytoshi> coinz4me: as the sender, you can malleate transactions in a lot of ways (increase fees, add other inputs/outputs) while still keeping the original payment (as defined by the destination address and value) intact. so in general that's all you need to/should track
85 2014-02-13 01:16:49 <andytoshi> lnovy: look at the logs on this channel for the last 72 hours. this conversation has happened one thousand times. also look at the bitcoin-development list
86 2014-02-13 01:16:59 <lnovy> thx
87 2014-02-13 01:17:28 <lnovy> anybody knows how to dump window content from irssi if i haven't enabled logging in-front? :D
88 2014-02-13 01:17:31 <coinz4me> Brainwallet and cold storage are other good examples. Say I decided to run an exchange. It would be stupid to keep more than what I needed to cash out my users in a wallet.dat. It would make so much more sense to send all the excess everyday to a single address stored in a safe or something.
89 2014-02-13 01:18:08 <Zarutian> here is the thing. This was WELL KNOWN THREE YEARS AGO! why is this ""suddenly"" such a problem now? Sure some exchange fucked up.
90 2014-02-13 01:18:56 <coinz4me> Agreed
91 2014-02-13 01:19:03 <coinz4me> But this isn't #mtgox
92 2014-02-13 01:19:05 <coinz4me> :)
93 2014-02-13 01:19:29 <andytoshi> lnovy: logs are at http://bitcoinstats.com/, it is in the /topic
94 2014-02-13 01:19:31 <Zarutian> I am just a bit annoyed about how often people come in here OMGing over this.
95 2014-02-13 01:19:42 <lnovy> wow
96 2014-02-13 01:20:04 <lnovy> andytoshi: thanks you very much again good sir
97 2014-02-13 01:20:05 <Luke-Jr> coinz4me: brainwallets are good examples of ways to get robbed.
98 2014-02-13 01:20:18 <Luke-Jr> cold storage is something that only Armory (AFAIK) supports right now
99 2014-02-13 01:20:20 <andytoshi> coinz4me: why in god's name would you use a single address for that?
100 2014-02-13 01:20:25 <coinz4me> Depends on how you structure it.
101 2014-02-13 01:20:36 <Zarutian> andytoshi: not knowing better?
102 2014-02-13 01:20:37 <coinz4me> That was meant at Luke-Jr
103 2014-02-13 01:21:18 <coinz4me> Why would you not use a single address, or even create a multisig with at least one sig in a paper wallet?
104 2014-02-13 01:21:46 <andytoshi> Zarutian: sure, but the hypothetical was "what if i ran an exchange", where "i" is a person who luke has been talking to for 40 minutes about exactly this
105 2014-02-13 01:22:08 <coinz4me> Addresses are supposed to be uber secure. Remember we have a big poster about the sun running out of energy before your private key is cracked.
106 2014-02-13 01:22:18 <andytoshi> coinz4me: use an HD wallet, armory supports them and there is simple math behind them anyway
107 2014-02-13 01:22:20 <Luke-Jr> coinz4me: addresses are not supposed to be uber secure.
108 2014-02-13 01:22:37 <coinz4me> It's posted every single time someone thinks they've found a secret hole in bitcoin.
109 2014-02-13 01:22:38 <Luke-Jr> coinz4me: addresses are supposed to be used to receive once, then never again
110 2014-02-13 01:22:58 <Luke-Jr> the thing about the sun running out of energy before your private key is cracked, only applies if you use it once
111 2014-02-13 01:23:09 <Luke-Jr> if you use it more than once, it no longer is necessarily true
112 2014-02-13 01:23:18 <Zarutian> the addresses are secure. Still you do not want to reuse one much if you do not want to expose the relations between addresses.
113 2014-02-13 01:23:21 <lnovy> I have some friends repeatly trying to convince me to create an exchange with them, I keep explaining them how hard is to do everything properly thinking of myself I know bitcoin pretty well... I had no idea how wrong was I until I started to idle here...
114 2014-02-13 01:23:56 <coinz4me> That might work for an individual luke, but a business is not going to be able to just use an address once and not have 100 million keys to deal with at the end of the year.
115 2014-02-13 01:24:11 <Luke-Jr> coinz4me: once you use a key, you discard it.
116 2014-02-13 01:24:35 <Zarutian> or just archive it in a truecrypt volume or some such
117 2014-02-13 01:24:42 <Luke-Jr> coinz4me: and any serious business *already* uses a unique address per transaction
118 2014-02-13 01:24:53 <lnovy> also you can have the keys on demand generated, keeping the generator separate...
119 2014-02-13 01:24:58 <denisx> even mt.gox
120 2014-02-13 01:24:59 <Luke-Jr> Zarutian: heck, you could safely publish it at that poitn
121 2014-02-13 01:25:02 <coinz4me> Luke-Jr that is only true if you have a way of dynamically updating the address.
122 2014-02-13 01:25:22 <Luke-Jr> coinz4me: if you don't, you're not a real business
123 2014-02-13 01:25:45 <xiando> Luke-Jr: You seem to think that every webserver out there should be running a bitcoind and also dynamic scripting of some sort. That's not reality, sorry.
124 2014-02-13 01:25:50 <Zarutian> Luke-Jr: well at least five months confirmations away from the transaction that emptied that address. Sure.
125 2014-02-13 01:25:56 <Luke-Jr> xiando: bitcoind is not needed to give out addresses
126 2014-02-13 01:26:09 <Luke-Jr> xiando: I assume webservers *never* run bitcoind.
127 2014-02-13 01:26:23 <andytoshi> i liked the guy who wanted to have a postit-note pad with a new address on every pad.....and then he was going to run a telephone key escrow service to support them. that was at least creative.
128 2014-02-13 01:26:39 <xiando> Luke-Jr: So if I have a thttpd with a index.html and and address in it, you suggust I change it manually each time I get a donation?
129 2014-02-13 01:26:45 <Zarutian> Luke-Jr: dedicated 'cash register' machine that is ridiculusly hardened?
130 2014-02-13 01:26:54 <Luke-Jr> andytoshi: you mean every page? interesting
131 2014-02-13 01:27:06 <Luke-Jr> xiando: if you're a business, you won't have an index.html
132 2014-02-13 01:27:10 <coinz4me> Luke-Jr I think you and I will likely argue this until the heat death of the universe. The fact is there are reasons for a static key.
133 2014-02-13 01:27:10 <Zarutian> andytoshi: I agree with you there. That is at least creative.
134 2014-02-13 01:27:20 <andytoshi> Luke-Jr: yeah. we told him it'd be easy for customers to just replace the pad with one of their own, and he felt that was insurmountable i think so he left
135 2014-02-13 01:27:22 <Luke-Jr> Zarutian: it doesn't need to be hardened much
136 2014-02-13 01:27:37 <Luke-Jr> coinz4me: if "incompetence" is a reason..
137 2014-02-13 01:27:39 <Zarutian> coinz4me: please enumerate the reasons for a static key.
138 2014-02-13 01:27:53 <coinz4me> LOL you're joking right luke? You can't seriously believe that a business would not have a static index.html when that is the most common type of page for a business to have.
139 2014-02-13 01:28:12 <Luke-Jr> coinz4me: nonsense, name one business that accepts online payments with a html page
140 2014-02-13 01:28:13 <andytoshi> coinz4me: no business in history has received payments through a static index.html page
141 2014-02-13 01:28:22 <Zarutian> aah those brochure websites
142 2014-02-13 01:28:56 <berndj> is/ought problem
143 2014-02-13 01:28:56 <coinz4me> Primarily having a static key means you only need to keep secure a single key. You can track payments to that key easily enough.
144 2014-02-13 01:29:32 <Luke-Jr> coinz4me: having a HD wallet means you only need to keep secure a single seed.
145 2014-02-13 01:29:53 <coinz4me> Does bitcoind support an HD wallet at this time?
146 2014-02-13 01:30:09 <coinz4me> If so I'll shutup and be on my merry, eating my hat along the way.
147 2014-02-13 01:30:15 <Luke-Jr> nope, bitcoind doesn't support anything other than limited online personal use
148 2014-02-13 01:30:17 <Zarutian> Luke-Jr: HD? High Definition? Hash Deterministic?
149 2014-02-13 01:30:24 <Luke-Jr> Zarutian: Hierarchial Deterministic
150 2014-02-13 01:30:57 <coinz4me> Basically you give it a seed and probably a vector and it goes to town making new keys like the deterministic keys in bitmessenger right?
151 2014-02-13 01:31:01 <Luke-Jr> maybe 0.10 will add offline and watch-only wallet capabilities
152 2014-02-13 01:31:11 <Zarutian> ACTION has seen too many OverlyExtenedTwoLetteredAcronyms and OverUsedThreeLetteredAcronyms.
153 2014-02-13 01:31:14 <coinz4me> Sooo um how is that better than a brainwallet?
154 2014-02-13 01:31:26 <Luke-Jr> coinz4me: a human didn't generate the seed
155 2014-02-13 01:31:38 <coinz4me> Especially if you change brain wallet to use 2 factors.
156 2014-02-13 01:31:38 <lnovy> people are stupid, that is the difference
157 2014-02-13 01:31:57 <coinz4me> A machine seed and a really strong password
158 2014-02-13 01:31:57 <Luke-Jr> meh, even smart humans are incapable of entropy
159 2014-02-13 01:31:57 <Zarutian> coinz4me: does hunter2 ring any bells? or even pa55w0rd? ;-Ã
160 2014-02-13 01:32:05 <lnovy> yep
161 2014-02-13 01:32:05 <Luke-Jr> the human brain is anti-entropy.
162 2014-02-13 01:32:13 <coinz4me> Hey how come you guessed my brainwallet? Zaurtian?
163 2014-02-13 01:32:22 <coinz4me> ;)
164 2014-02-13 01:32:49 <lnovy> I've seen a nice test in javascript when you clicked randomly 1 or 0 and the script was guessing what you will click next, I was almost shocked :)
165 2014-02-13 01:33:39 <coinz4me> So yeah, use a single seed and a vector. It's not really any different than a brainwallet comprised of 2 parts that are stored offline. They are functionally identical.
166 2014-02-13 01:33:56 <coinz4me> Oh one reason for a static key. Proof of control of funds.
167 2014-02-13 01:34:07 <jcorgan> lnovy: that's why it is actually possible to win at rock-paper-scissors if you are observant enough
168 2014-02-13 01:34:14 <coinz4me> I know it's not a use case bitcoind was made for, but serious.
169 2014-02-13 01:34:25 <lnovy> jcorgan: meh, stone always wins :)
170 2014-02-13 01:34:40 <Zarutian> lnovy: and people look on me in askance when I use two four side die to generate hex WPA2 keys.
171 2014-02-13 01:34:52 <coinz4me> If I want to know if my accountant is on the take, being able to audit activity against a single address makes life much easier.
172 2014-02-13 01:34:58 <Luke-Jr> coinz4me: a watch-only copy of your HD wallet is just as much proof as anything
173 2014-02-13 01:35:32 <Luke-Jr> coinz4me: spying on people is not really a goal of bitcoin..
174 2014-02-13 01:35:49 <coinz4me> Fine luke and I'm not arguing with you on the point of HD wallets. I solemnly swear the day bitcoind supports it, I will actually and in fact use it.
175 2014-02-13 01:36:36 <coinz4me> Actually Luke it's the primary goal of bitcoin. A public transaction record, consensus and accountabilty based on the mathematical intractability of ecdsa signature forgery.
176 2014-02-13 01:36:49 <andytoshi> why do you need bitcoind to support it? this is simple math and there is software out there which does it for you
177 2014-02-13 01:37:01 <coinz4me> Yes spying on people is actually a primary goal of bitcoin :)
178 2014-02-13 01:37:20 <Zarutian> at least on the transaction of plethora of psueonyms?
179 2014-02-13 01:37:29 <Zarutian> transactions*
180 2014-02-13 01:38:27 <coinz4me> andystoshi My assumption is that if it were really a good idea the folks that build this thing would have incorporated it. If not then there is likely something fundamentally wrong with the idea.
181 2014-02-13 01:38:41 <coinz4me> Why take the risk, I mean honestly?
182 2014-02-13 01:39:13 <coinz4me> At least with a list of static watch only addresses, I already understand the risk and I've deemed it manageable.
183 2014-02-13 01:39:23 <Zarutian> coinz4me: eh? strange way to say: if it wasnae invented yet then it nae good.
184 2014-02-13 01:39:35 <andytoshi> if you can't evaluate these ideas you are not smart enough to be doing payment processing
185 2014-02-13 01:39:37 <coinz4me> Huh? I never said that
186 2014-02-13 01:39:45 <andytoshi> plonk
187 2014-02-13 01:39:47 <Luke-Jr> coinz4me: you understand that you are compromising the privacy of EVERYONE YOU INTERACT WITH?
188 2014-02-13 01:39:56 <coinz4me> It's not the idea it's the implementation of the idea.
189 2014-02-13 01:39:57 <Luke-Jr> coinz4me: and you consider that a decision you have the right to make?
190 2014-02-13 01:40:10 <coinz4me> You're assuming I would have a single static address
191 2014-02-13 01:40:18 <Zarutian> coinz4me: your message that starts with "My assumption is that if it were really a good idea..."
192 2014-02-13 01:40:36 <Zarutian> andytoshi: that drastic eh?
193 2014-02-13 01:40:44 <coinz4me> Hold on I can't talk with all 3 of you at once....
194 2014-02-13 01:40:52 <jcorgan> meh, coinz4me is just trolling
195 2014-02-13 01:41:07 <coinz4me> Here's the deal. You guys all 3 of you are being very short sighted.
196 2014-02-13 01:41:24 <coinz4me> I swear to god I'm not trolling, just because I have a different opinion than you does no make it a troll.
197 2014-02-13 01:41:44 <coinz4me> Which is the main reason I'm asking all 3 of you to bite tongues for a min and let me explain...
198 2014-02-13 01:41:53 <Zarutian> plonk indeed
199 2014-02-13 01:42:14 <andytoshi> Zarutian: yeah, payment processing with a cryptocurrency requires a grade-school understanding of cryptography. if you can't do that then pay someone else to.
200 2014-02-13 01:42:22 <coinz4me> Hash Deterministic or HD wallets are nothing more than a brain wallet when it comes down to it. If it's deterministic then basically if anyone uncovers the algo and seed, you're hosed.
201 2014-02-13 01:42:26 <coinz4me> Argue that please.
202 2014-02-13 01:42:28 <andytoshi> but the plonk was just for the beligerance, he could've been djb and i'd have ignored him
203 2014-02-13 01:42:34 <skinnkavaj> <+Luke-Jr> the thing about the sun running out of energy before your private key is cracked, only applies if you use it once
204 2014-02-13 01:42:35 <skinnkavaj> <+Luke-Jr> if you use it more than once, it no longer is necessarily true
205 2014-02-13 01:42:37 <skinnkavaj> Can you explain this?
206 2014-02-13 01:42:50 <skinnkavaj> Why isn't it true any longer?
207 2014-02-13 01:43:18 <coinz4me> OTOH if I pregen a list of say 100k addresses, stick them in a wallet as watch only, then how is that not MORE secure than luke's idea of an HD wallet?
208 2014-02-13 01:43:34 <andytoshi> skinnkavaj: it might still be true, but there is no security proof of ecdsa so it's a prudent assumption that unnecessary key reuse is bad
209 2014-02-13 01:43:47 <berndj> 100k things are harder to keep secure than 1 thing?
210 2014-02-13 01:43:50 <Luke-Jr> skinnkavaj: because now you're depending on ECDSA, not RIPEMD160+SHA256+ECDSA
211 2014-02-13 01:43:55 <andytoshi> and it's actually easy to screw up ecdsa so that key reuse is fatal, eg the android rng problem
212 2014-02-13 01:44:01 <Zarutian> oh, that Sony fiasco, was it? :D
213 2014-02-13 01:44:42 <coinz4me> I think what luke is saying is that sign you need to show your pubkey
214 2014-02-13 01:44:52 <Luke-Jr> skinnkavaj: ECDSA is pretty strong for a single use, but multiple uses can potentially leak information about the private key (this has happened)
215 2014-02-13 01:44:58 <coinz4me> Thus the ripemd aspect is stripped away.
216 2014-02-13 01:46:10 <coinz4me> I'm still waiting for someone to rebutt my previous statement about pregen 100k non-deterministic keys, put them in as addresses only into a wallet.
217 2014-02-13 01:46:14 <coinz4me> etc
218 2014-02-13 01:46:19 <Luke-Jr> using current best EC practices, you can probably get very strong security with multiple uses, BUT it's always possible someone discovers a new weakness in the future that breaks it retroactively
219 2014-02-13 01:46:32 <Luke-Jr> coinz4me: I actually do that.
220 2014-02-13 01:46:37 <coinz4me> So multisig then?
221 2014-02-13 01:46:41 <Luke-Jr> coinz4me: it works fine, with no patches
222 2014-02-13 01:47:05 <coinz4me> Seriously? I've been trying to add watchonly addresses and it's there already?
223 2014-02-13 01:47:12 <coinz4me> What the heck is the call?
224 2014-02-13 01:47:13 <Luke-Jr> no
225 2014-02-13 01:47:20 <Luke-Jr> there is watch-only wallets, without the HD aspect
226 2014-02-13 01:47:49 <coinz4me> Fine and how is this accomplished because it's the reason I'm trying to patch in the first place, so evidently in my absence a new feature was added.
227 2014-02-13 01:47:54 <lnovy> ACTION loves you guys for BIP32 existence
228 2014-02-13 01:47:59 <Billdr> Is there a torrent of a testnet chain somewhere?
229 2014-02-13 01:47:59 <Luke-Jr> you just copy the wallet, encrypt it to an impossibly long strong-entropy secret, and discard the secret
230 2014-02-13 01:48:13 <coinz4me> Huh?
231 2014-02-13 01:48:18 <Luke-Jr> an encrypted wallet without a known secret is watch-only.
232 2014-02-13 01:48:30 <Zarutian> lnovy: what was BIP32 again? Sign to script?
233 2014-02-13 01:48:39 <lnovy> HDW
234 2014-02-13 01:48:42 <Luke-Jr> if you're paranoid, you can also hand-edit the wallet file to remove the encrypted private keys
235 2014-02-13 01:48:43 <coinz4me> Luke that's good but could you add addreses later?
236 2014-02-13 01:49:04 <Luke-Jr> coinz4me: you'd just repeat the copy. the reason to do 10,000 is so you don't need to ;P
237 2014-02-13 01:49:37 <coinz4me> So in otherwords no, you can't add new watch addresses as needed.
238 2014-02-13 01:49:44 <Luke-Jr> you can, it's just a pain
239 2014-02-13 01:49:47 <coinz4me> But the idea itself is sound, that's good to know.
240 2014-02-13 01:50:08 <coinz4me> Lol I can't believe I
241 2014-02-13 01:50:14 <coinz4me> ve burned that much time here.
242 2014-02-13 01:50:28 <coinz4me> I'll shutup now and let others talk I need to get back to this patch.
243 2014-02-13 01:52:40 <coinz4me> Got to admit I hadn't thought about key resuse stripping away the hash and tying a pubkey to an address before.
244 2014-02-13 01:58:19 <skinnkavaj> Luke-Jr: Can you not create HD wallets with bitcoin-qt?
245 2014-02-13 01:59:03 <Luke-Jr> skinnkavaj: not at the moment
246 2014-02-13 01:59:08 <SomeoneWeird> skinnkavaj, i don't think so at the moment
247 2014-02-13 01:59:11 <skinnkavaj> Luke-Jr: Why not?
248 2014-02-13 01:59:20 <skinnkavaj> HD wallets has existed for a while right?
249 2014-02-13 01:59:30 <SomeoneWeird> because it hasn't been implemented? >_>
250 2014-02-13 01:59:31 <SomeoneWeird> read the bip
251 2014-02-13 01:59:34 <skinnkavaj> The idea
252 2014-02-13 01:59:37 <SomeoneWeird> .. i forgot the idea
253 2014-02-13 01:59:40 <skinnkavaj> Yeah but why
254 2014-02-13 01:59:43 <SomeoneWeird> s/idea/number/
255 2014-02-13 01:59:57 <skinnkavaj> If it's in Electrum and Armory
256 2014-02-13 02:00:07 <skinnkavaj> Why not implement it in bitcoin-qt?
257 2014-02-13 02:03:19 <skinnkavaj> Luke-Jr: Why wouldn't gavin get into bitcoin-qt now when it has existed for a long time in other clients?
258 2014-02-13 02:03:32 <coinz4me> I think I've just realize why the idea of one time use addresses doesn't sit right with me... Bare with me a minute while I try to slow my brain down enough to explain it...
259 2014-02-13 02:03:57 <coinz4me> You are essentially placing a bet each time you use a new address that no one else has that same address.
260 2014-02-13 02:04:05 <Imbue> coinz4me: yep
261 2014-02-13 02:04:10 <coinz4me> There are only 160 bits in a bitcoin address right?
262 2014-02-13 02:04:19 <flotsamuel> It's a very good bet, though.
263 2014-02-13 02:04:19 <phantomcircuit> skinnkavaj, because there are issues with HD wallets that are as of yet unsolved
264 2014-02-13 02:04:33 <skinnkavaj> phantomcircuit: What issues? That's exactly what I want to know
265 2014-02-13 02:04:41 <coinz4me> But there are 256 bytes in a pubkey? I could be wrong about that I'm not looking at anything and just pulling from memory.
266 2014-02-13 02:04:53 <Luke-Jr> skinnkavaj: Gavin has limited time, as does everyone else. Bitcoin-Qt is very underfunded.
267 2014-02-13 02:04:58 <Imbue> coinz4me: yes, it's a lossy step
268 2014-02-13 02:05:07 <Imbue> coinz4me: there are many privkeys/pubkeys for each address
269 2014-02-13 02:05:17 <phantomcircuit> skinnkavaj, how would you ever know if I walked your hdwallet public derivation key to the 100,000th node?
270 2014-02-13 02:05:21 <phantomcircuit> you wouldn't
271 2014-02-13 02:05:25 <coinz4me> But in a nutshell you're betting that no one else has that address vs someone evil has found a flaw in the ECDSA curve used to generate the pubkey.
272 2014-02-13 02:05:35 <phantomcircuit> unless you generated 100,000 keys
273 2014-02-13 02:05:47 <Luke-Jr> coinz4me: the former is a much better bet
274 2014-02-13 02:06:15 <phantomcircuit> coinz4me, your grasp on large numbers is not good enough to understand that 2^256 is effectively infinity
275 2014-02-13 02:06:28 <coinz4me> I really do think I want to bet on the curve. If the curve falls someone's going to fix it in a hurry. But if suddenly I've sent all my funds to someone else's address there isn't going to be anyone to help.
276 2014-02-13 02:06:43 <Imbue> coinz4me: why would you send your funds to someone else's address?
277 2014-02-13 02:07:04 <Imbue> coinz4me bear in mind the probability of a collision is roughly (addresses in use)/2^160
278 2014-02-13 02:07:08 <coinz4me> phantomcircuit your grasp on large numbers is evidently not good enough to realize we aren't talking about 2^256 we're dealing with 2^160
279 2014-02-13 02:07:15 <skinnkavaj> phantomcircuit: So that ruins the whole purpose of HD wallets then?
280 2014-02-13 02:07:36 <coinz4me> Also a conversion step from 2^256 to 2^160th an NOT causing a collision?
281 2014-02-13 02:07:47 <phantomcircuit> skinnkavaj, it's a significant implementation challenge, essentially you have to pick how far you want to walk the chain
282 2014-02-13 02:08:00 <phantomcircuit> and iirc even whether you want to walk branches of the chain
283 2014-02-13 02:08:26 <coinz4me> Yes imbue and as addresses in use are probably actually only 1 out of 1000 that are actually generated.
284 2014-02-13 02:08:31 <coinz4me> In time this becomes a real problem.
285 2014-02-13 02:08:52 <coinz4me> Still if there WAS an address collision, no one would do anything.
286 2014-02-13 02:09:03 <coinz4me> OTOH if ECDSA fell, there would be rapid action.
287 2014-02-13 02:09:13 <phantomcircuit> sure it becomes a problem, but several hundred billion years after the earth has been engulfed by the expanding sun
288 2014-02-13 02:09:53 <phantomcircuit> better get ready for it
289 2014-02-13 02:11:06 <coinz4me> I'm not buying it phantomcircuit. It's a non-zero probability and it doesn't change over time. The more addresses in use the higher the likelyhood of a collision. If there is a collision and I happen to be on the wrong side of it, then I've just lost all my coins. OTOH by reusing an address at least once in a while you are less likely to be impacted by an address collision.
290 2014-02-13 02:11:59 <coinz4me> Also by reusing an address at least from time to time, you're betting that a collision is more likely than a flaw.
291 2014-02-13 02:12:30 <coinz4me> Also remember the hash algo could be subject to a flaw that would increase the likelyhood of a collision.
292 2014-02-13 02:12:36 <coinz4me> We might never know.
293 2014-02-13 02:13:12 <Billdr> You laugh now, but when I'm a mostly robotic cyborg living on Europa I'll want Bitcoin to be stable.
294 2014-02-13 02:13:42 <coinz4me> Anyways that's what didn't sit right with me about the idea. Hash algorithms fall all the time. You're betting on no collisions and no flaws.
295 2014-02-13 02:14:07 <Luke-Jr> coinz4me: reusing an address is more vulnerable to hash collisions
296 2014-02-13 02:14:10 <Luke-Jr> not less
297 2014-02-13 02:14:26 <coinz4me> Ok now my curiosity is piqued. Please explain.
298 2014-02-13 02:15:49 <coinz4me> OMG, server split or what?
299 2014-02-13 02:16:05 <Luke-Jr> coinz4me: if someone has a way to get collisions, address reuse allows them to target a single hash
300 2014-02-13 02:16:06 <cysm> my other machine just lagged out ^
301 2014-02-13 02:16:19 <Luke-Jr> whereas multiple addresses would need them to collide multiple
302 2014-02-13 02:16:47 <coinz4me> Ok, fair enough. I stand corrected.
303 2014-02-13 02:18:18 <darsie> Can the exchanges just stop automatic resend of appearently failed withdrawals and continue normally, processing tickets about failed withdrawals manually?
304 2014-02-13 02:18:42 <Luke-Jr> darsie: off-topic
305 2014-02-13 02:18:49 <darsie> sorry
306 2014-02-13 02:19:05 <darsie> #mtgox?
307 2014-02-13 02:19:08 <coinz4me> Hmm netsplit
308 2014-02-13 02:19:24 <Luke-Jr> ACTION kicks freenode
309 2014-02-13 02:19:32 <Billdr> #bitcoin is probably an okay place to talk about it as it impacts more than one exchange.
310 2014-02-13 02:19:45 <darsie> k
311 2014-02-13 02:22:20 <Billdr> There is no testnet blockchain torrent, then?
312 2014-02-13 02:24:32 <coinz4me> So the question I have is, if someone went to the trouble of implementing HD wallets, would it even be accepted into the mainline? I mean weren't there pull requests that added this in the past?
313 2014-02-13 02:25:07 <Luke-Jr> coinz4me: there have not been, no
314 2014-02-13 02:25:18 <Luke-Jr> coinz4me: accepting anything into mainline requires testing and review
315 2014-02-13 02:25:28 <Luke-Jr> not just "I used it, it works" testing, real automated unit tests
316 2014-02-13 02:25:50 <Luke-Jr> there *are* HD wallet code foundations in B-Qt, merged and all
317 2014-02-13 02:25:55 <Luke-Jr> just not a complete wallet
318 2014-02-13 02:27:24 <coinz4me> Or is it really that no one has ever offered up a pull request with it in?
319 2014-02-13 02:29:36 <Luke-Jr> coinz4me: nobody has written the code to finish it yet
320 2014-02-13 02:32:49 <draino> so could a decentralized web of trust system be layered onto bitcoin using deterministic wallets? how would that even work, wallet software just agrees that this new layer makes sense and implement it?
321 2014-02-13 02:42:29 <coinz4me> Anyone know if LogPrintf is old code or new stuff? I'm trying to debug a patch that went badly.
322 2014-02-13 02:42:58 <jgarzik> coinz4me, it is a new name for a facility that has existed for a long time
323 2014-02-13 02:45:24 <coinz4me> Ok just trying to identify if the particular section was inserted by the patch, or if it was there. I'm getting a not defined on it, but I'm working on a heavily forked codebase too.
324 2014-02-13 02:47:25 <coinz4me> So is pwallet->nTimeFirstKey just there to tell the wallet that this is the first time we've seen a key and we need to rescan?
325 2014-02-13 02:48:06 <coinz4me> Or something else? The codebase I'm working on shows it as undefined, but it's included in a patch that I'm trying to apply (line by line) :(
326 2014-02-13 02:49:44 <Zarutian> what is it with freenode lately? Are their IRC servers under DDoS attacks?
327 2014-02-13 02:50:14 <coinz4me> net split maybe?
328 2014-02-13 02:53:50 <coinz4me> Are we done with the netsplit now? Can we have a conversation?
329 2014-02-13 02:54:43 <coinz4me> Is there any particular reason that there isn't support for each account being it's own wallet? Rather than a single wallet.dat wouldn't it just make so much more sense to have alice.dat bob.dat ?
330 2014-02-13 03:00:42 <Luke-Jr> coinz4me: multi-wallet support would be accepted (once tested, etc)
331 2014-02-13 03:01:06 <Luke-Jr> coinz4me: but just because you can, does not mean it's a good idea to have separate wallets for every account
332 2014-02-13 03:01:24 <Luke-Jr> coinz4me: putting multiple accounts into a wallet has few drawbacks, and many advantages
333 2014-02-13 03:01:27 <coinz4me> Explain?
334 2014-02-13 03:01:35 <andytoshi> hi, may i be revoiced?
335 2014-02-13 03:01:54 <Luke-Jr> coinz4me: for example, if each account has its own wallet, sending would need to use only coins in that wallet
336 2014-02-13 03:01:55 <coinz4me> Such as...?
337 2014-02-13 03:02:16 <Luke-Jr> coinz4me: but with A, B, C, and D using the same wallet, the wallet can use coins received by any of them
338 2014-02-13 03:02:37 <Luke-Jr> thus avoiding/reducing transaction fees, improving privacy, etc
339 2014-02-13 03:02:57 <coinz4me> Which is sort of the purpose of an account isn't it? If they want to mix funds then create an account "shared" and move some funds over.
340 2014-02-13 03:03:17 <lianj> Luke-Jr: most important it helps with cold storage
341 2014-02-13 03:03:18 <Luke-Jr> coinz4me: mixing in that sense is likely illegal.
342 2014-02-13 03:03:27 <Luke-Jr> lianj: right, that too; except bitcoind lacks that support :P
343 2014-02-13 03:04:00 <coinz4me> I'm not seeing, the ability to not let my kids spend my bitcoins as being a problem :)
344 2014-02-13 03:04:04 <wyager> Luke-Jr: I'm not sure how that would be illegal. coinz4me seems to be suggesting accounts as an absolute separation of identity, until the user specified otherwise, which I think is reasonable
345 2014-02-13 03:05:01 <coinz4me> OTOH I've also been a huge proponent of implementing real accounts and ACLs on this thing too.
346 2014-02-13 03:05:34 <Luke-Jr> coinz4me: that would be sweet
347 2014-02-13 03:05:35 <coinz4me> Ideally, one copy of the blockchain shared amongst all the accounts on a given box, with each account on it's own wallet.
348 2014-02-13 03:05:38 <lianj> coinz4me: sounds like you need to define what you want it for. if its for you and your kids, it sounds fine. if its so a wallet service with 100s accounts maybe not
349 2014-02-13 03:05:48 <Luke-Jr> coinz4me: ideally all sharing a single wallet.
350 2014-02-13 03:06:04 <Luke-Jr> coinz4me: as long as they're staying on the same computer, there is really no benefit to separating out wallets
351 2014-02-13 03:06:22 <wyager> There is certainly a benefit!
352 2014-02-13 03:06:23 <Luke-Jr> lianj: hey, if he can make it scale to 100s of accounts, more power to him! :P
353 2014-02-13 03:06:28 <wyager> It makes blockchain data mining a lot harder!
354 2014-02-13 03:06:34 <Luke-Jr> wyager: no, it makes it easier
355 2014-02-13 03:06:42 <wyager> That is definitely not the case
356 2014-02-13 03:06:45 <coinz4me> I dunno, let me think about this for awhile. And yes there is a benefit. Little johnny goes off to college he can take his bitcoins with him without any danger of taking mine.
357 2014-02-13 03:06:47 <wyager> we may be imagining different things
358 2014-02-13 03:07:17 <Luke-Jr> wyager: a wallet with a single account is quite simple to trace by default
359 2014-02-13 03:07:19 <lianj> coinz4me: you can send little johnny the coins to his new addresses then
360 2014-02-13 03:07:37 <coinz4me> You're assuming I didn't kick him out.
361 2014-02-13 03:07:38 <Luke-Jr> wyager: a wallet with numerous accounts, on the other hand, is hard to trace since it has an implicit CoinJoin-type thing
362 2014-02-13 03:07:39 <coinz4me> :)
363 2014-02-13 03:08:06 <Luke-Jr> coinz4me: if you kicked him out, then you wouldn't give him his wallet anyway :P
364 2014-02-13 03:08:09 <coinz4me> Point is if each person has a "wallet file" they can carry around with them, it opens up possibilities you may not be seeing.
365 2014-02-13 03:08:11 <wyager> I agree. I thought you were saying the opposite
366 2014-02-13 03:08:25 <Luke-Jr> coinz4me: it's not very wise to carry your money with you :P
367 2014-02-13 03:08:36 <wyager> I thought we were talking about money separation, not wallet file separation
368 2014-02-13 03:08:42 <coinz4me> Still ACLs and real seperation of identity would be a good feature add.
369 2014-02-13 03:08:55 <coinz4me> We're carrying on two conversations that's why you're getting confused.
370 2014-02-13 03:09:14 <coinz4me> 2 different ideas and I'm weighing the pros and cons of each.
371 2014-02-13 03:09:19 <wyager> Gotcha. I think money separation is definitely a great idea, wallet file separation ain't a bad one
372 2014-02-13 03:09:26 <wyager> jm2c ;)
373 2014-02-13 03:10:02 <lianj> coinz4me: are you talking about 5 users or 100?
374 2014-02-13 03:10:16 <coinz4me> I want to add ACLs for bitcoin RPC as well. It would be nice to not effectively give the ability to send all my coins off to someone who might only need to check a balance.
375 2014-02-13 03:10:45 <coinz4me> Lianj, if I did it I would make it for 100s, because that isn't anymore difficult than making it for 5
376 2014-02-13 03:11:28 <lianj> coinz4me: if you make it for 100 you want a hotwallet and a cold one. if each account is seperated that gets hard or impossible
377 2014-02-13 03:12:08 <coinz4me> I think it depends on what you're doing. But I do wonder about bitcoind's ability to keep up with that many.
378 2014-02-13 03:13:03 <lianj> thats why i asked what you intend to do
379 2014-02-13 03:13:13 <coinz4me> I would honestly rather have it just keep each block intact until all funds have been spent. But if I'm reading this right, it actually only pays attention and stores info for keys it currently has. If you add keys later it has to rescan the whole dang block chain.
380 2014-02-13 03:13:16 <coinz4me> Well....
381 2014-02-13 03:13:48 <coinz4me> I intend to bounce the idea around in my head for a few weeks, see if anyone makes any progress on the idea then come back in and claim it was all my idea in the first place.
382 2014-02-13 03:13:53 <coinz4me> :)
383 2014-02-13 03:14:37 <coinz4me> In otherwords I don't know I need time to think. In my case I'm not just talking about work on bitcoind.
384 2014-02-13 03:14:44 <coinz4me> There are other systems involved.
385 2014-02-13 03:14:48 <lianj> you haven't define what you want to solve with that idea. to sum it up, you want to build a service ontop of that or use it inside the family context
386 2014-02-13 03:15:05 <coinz4me> Both
387 2014-02-13 03:15:18 <lianj> both have different solutions then.
388 2014-02-13 03:15:29 <coinz4me> So build for the large and scale down. Always easier than building for the small and trying to scale up.
389 2014-02-13 03:15:39 <coinz4me> bbiab
390 2014-02-13 03:24:18 <coinz4me> Well I have a fully functional watch wallet, so thanks for the help guys!
391 2014-02-13 04:35:37 <freewil> how can i fix my wallet that has a stuck outgoing tx (i assume because it used unconfirmed change from a tx that was muted)
392 2014-02-13 04:36:31 <helo> is it true that ltc developers have been helping with bitcoin development?
393 2014-02-13 04:49:51 <dust-otc> +helo: I think i've seen Warren contribute some to bitcoin
394 2014-02-13 05:29:39 <maaku> helo: protocol developers don't necessarily wear hats. litecoin has been funding some developers to work on generally applicable tech
395 2014-02-13 06:39:23 <gmaxwell> http://www.reddit.com/r/Bitcoin/comments/1xqh51/new_mycelium_wallet_feature_confirmations_within/