--- Log opened Fri Jan 09 00:00:17 2015
00:04 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
00:04 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
00:12 -!- MoALTz_ [~no@user-109-243-165-112.play-internet.pl] has quit [Quit: Leaving]
00:22 -!- lclc is now known as lclc_bnc
00:23 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]
00:24 -!- Dizzle [~Dizzle@2605:6000:1018:c04a:a87c:587:9965:90b] has quit [Quit: Leaving...]
00:36 -!- adam3us [~Adium@c31-67.i07-8.onvol.net] has joined #bitcoin-wizards
00:41 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
00:43 -!- SubCreative is now known as Sub|zzz
00:47 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards
00:47 -!- lclc_bnc is now known as lclc
00:47 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
00:59 -!- bendavenport [~bpd@c-50-131-42-132.hsd1.ca.comcast.net] has quit [Quit: bendavenport]
01:05 -!- andy-logbot [~bitcoin--@wpsoftware.net] has quit [Remote host closed the connection]
01:05 -!- andy-logbot [~bitcoin--@wpsoftware.net] has joined #bitcoin-wizards
01:05  * andy-logbot is logging
01:08 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
01:09 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
01:19 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:709c:9bb5:57c1:18d6] has quit [Ping timeout: 265 seconds]
01:20 -!- moa [~kiwigb@opentransactions/dev/moa] has quit [Quit: Leaving.]
01:22 -!- hashtagg [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has quit [Ping timeout: 252 seconds]
01:22 -!- hashtagg [~hashtagg_@CPE-69-23-213-3.wi.res.rr.com] has joined #bitcoin-wizards
01:35 -!- lclc is now known as lclc_bnc
01:38 -!- CoinMuncher [~jannes@178.132.211.90] has joined #bitcoin-wizards
01:49 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards
01:56 -!- nullbyte [WW@gateway/vpn/mullvad/x-yljruxuocayzjhei] has quit [Ping timeout: 245 seconds]
01:58 -!- nullbyte [~WW@193.138.219.233] has joined #bitcoin-wizards
01:58 -!- nullbyte [~WW@193.138.219.233] has quit [Changing host]
01:58 -!- nullbyte [~WW@unaffiliated/loteriety] has joined #bitcoin-wizards
02:03 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
02:07 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]
02:08 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
02:17 -!- nullbyte [~WW@unaffiliated/loteriety] has quit [Ping timeout: 265 seconds]
02:19 -!- nullbyte [WW@unaffiliated/loteriety] has joined #bitcoin-wizards
02:19 -!- nullbyte [WW@unaffiliated/loteriety] has quit [Changing host]
02:19 -!- nullbyte [WW@gateway/vpn/mullvad/x-lscqvxvefqmdmafy] has joined #bitcoin-wizards
02:21 -!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has joined #bitcoin-wizards
02:24 -!- lclc_bnc is now known as lclc
02:27 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
02:36 -!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has joined #bitcoin-wizards
02:40 -!- austeritysucks [~AS@unaffiliated/austeritysucks] has quit [Ping timeout: 256 seconds]
02:44 -!- Quanttek [~quassel@ip1f112539.dynamic.kabel-deutschland.de] has joined #bitcoin-wizards
02:48 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
02:56 -!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
02:56 -!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has joined #bitcoin-wizards
03:05 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
03:05 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
03:14 -!- Graftec [~Graftec@gateway/tor-sasl/graftec] has quit [Remote host closed the connection]
03:14 -!- lclc is now known as lclc_bnc
03:14 -!- Graftec [~Graftec@gateway/tor-sasl/graftec] has joined #bitcoin-wizards
03:19 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
03:22 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has joined #bitcoin-wizards
03:27 -!- GAit [~lnahum@enki.greenaddressit.p3.tiktalik.io] has joined #bitcoin-wizards
03:49 -!- nessence [~alexl@178.19.221.38] has joined #bitcoin-wizards
03:52 -!- eudoxia [~eudoxia@r179-25-152-180.dialup.adsl.anteldata.net.uy] has joined #bitcoin-wizards
03:59 -!- Hunger-- [hunger@proactivesec.com] has quit [Ping timeout: 244 seconds]
04:02 -!- Hunger- [hunger@proactivesec.com] has joined #bitcoin-wizards
04:05 -!- thesnark [~michael@unaffiliated/thesnark] has joined #bitcoin-wizards
04:05 -!- thesnark is now known as narwh4l
04:22 -!- lclc_bnc is now known as lclc
04:27 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:b18f:30df:de11:ee9f] has joined #bitcoin-wizards
04:31 -!- jcluck [~cluckj@cpe-24-92-48-18.nycap.res.rr.com] has joined #bitcoin-wizards
04:32 -!- cluckj [~cluckj@cpe-24-92-48-18.nycap.res.rr.com] has quit [Read error: Connection reset by peer]
04:32 -!- jcluck is now known as cluckj
04:37 -!- nessence [~alexl@178.19.221.38] has quit [Remote host closed the connection]
05:00 -!- c0rw1n [~c0rw1n@63.120-67-87.adsl-dyn.isp.belgacom.be] has joined #bitcoin-wizards
05:01 -!- Graftec [~Graftec@gateway/tor-sasl/graftec] has quit [Ping timeout: 250 seconds]
05:02 -!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has joined #bitcoin-wizards
05:03 -!- Graftec [~Graftec@gateway/tor-sasl/graftec] has joined #bitcoin-wizards
05:08 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
05:09 -!- narwh4l [~michael@unaffiliated/thesnark] has quit [Quit: Leaving]
05:13 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
05:13 -!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:8ddf:c65e:b6d3:3462] has quit [Ping timeout: 244 seconds]
05:15 -!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has joined #bitcoin-wizards
05:20 -!- butters [~butters@dslb-178-008-078-133.178.008.pools.vodafone-ip.de] has quit [Ping timeout: 252 seconds]
05:23 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
05:23 -!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:8ddf:c65e:b6d3:3462] has joined #bitcoin-wizards
05:26 -!- waxwing [waxwing@gateway/vpn/mullvad/x-jpybaalwanejsijd] has quit [Ping timeout: 244 seconds]
05:31 -!- wallet42 [~wallet42@unaffiliated/wallet42] has joined #bitcoin-wizards
05:33 -!- austeritysucks [~AS@unaffiliated/austeritysucks] has joined #bitcoin-wizards
05:39 -!- nessence [~alexl@178.19.221.38] has joined #bitcoin-wizards
05:43 -!- waxwing [~waxwing@62.205.214.125] has joined #bitcoin-wizards
05:44 -!- Profreid_ [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has joined #bitcoin-wizards
05:44 < nsh> gmaxwell: "<Barnerd> Anyone know if the 8 new OpenSSL CVE's affect LibreSSL as well?"
05:44 < nsh> what's the simplest advice i can give people to regression test against libsepc256k efficiently?
05:44 < nsh> or however elsewise you'd advise testing
05:45 <@gmaxwell> nsh: I'm not sure of the context.
05:45 -!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has quit [Ping timeout: 252 seconds]
05:45 -!- Profreid_ is now known as Profreid
05:45 < nsh> presumably they want to know if the BN_sqr issue affects libre
05:45 < nsh> and other issues in the disclosure
05:45 < nsh> *advisory
05:46 < nsh> https://www.openssl.org/news/secadv_20150108.txt
05:46 -!- lclc is now known as lclc_bnc
05:47 <@gmaxwell> nsh: almost certantly.
05:47 <@gmaxwell> (and if not, thats even more concerning, perhaps)
05:47  * nsh nods
05:48 < nsh> as a matter of curiosity, i found it (the relevant openssl code) an alarmingly complex a set of assembly and C hodgepodge just for squaring big numbers
05:49 < nsh> is that just a consequence of x86 legacy complexity and compiler complexity?
05:50 < nsh> i doesn't seem, intuitively, that there's very much,mm, scope - mathematically - to make a squaring operation on large numbers that complex to execute
05:50 < sl01> maybe ioccc was setup by the nsa to get ideas for openssl :x
05:51 <@gmaxwell> nsh: well the C code is broken.  And yes, all of openssl is ... uh... right.
05:51  * nsh nods
05:51 < kanzure> "You are in a twisty maze.  You see a broom."
05:52 < nsh> but let's say a coder who had attained the zen, making a BN_sqr implementation, would it be elegant and still performant relative to openssl's?
05:52 < nsh> or is there an < elegance | efficiency > relation due to how computers actually work electronically?
05:52 <@gmaxwell> But really it's often the case that other people's code is opaque.  I am somewhat unconvined by peoples seemingly unsubstantiated expected relation with "code smell" and code correctness. Not that I think smelly code is good, but beautiful code can, and often is wrong.
05:53 <@gmaxwell> nsh: I dunno. Elegant is subjective. There is code I consider elegant that would probably strike you as smelly.
05:53 < kanzure> if i had the choice, i would take highly legible code that i can then apply a random-garbling-magic patch against
05:54 < op_mul> I'd have a switch between them, I think.
05:54 <@gmaxwell> kanzure: sometimes magic hides dragons.
05:54 < kanzure> hey you're the one advocating for smelly magic
05:54 < op_mul> if(insanitymode)
05:54 < nsh> some of the elegance is objective in terms of algorithmic complexity theory
05:54 < kanzure> i would find it difficult to believe that the vast majority of code in openssl /should/ be smelly garbled magic
05:55 < kanzure> surely the vast majority is just boilerplate like everything else
05:55 <@gmaxwell> The purpose of software is to communicate between programmers. But not just any programmers, ... the programmers working on the code in question.
05:55 < nsh> you can rate implementations of algorithms by kolmogorov, but optimizing that almost certainly deoptomizes maintainability
05:55 -!- waxwing [~waxwing@62.205.214.125] has quit [Ping timeout: 255 seconds]
05:56 <@gmaxwell> kanzure: Sure, it shouldn't be. I think people vastly overrate the correlation between smell and incorrectness though. Mostly because we often don't look at code unless its incorrect.
05:56 <@gmaxwell> As a rule programmers don't spend enough time reading.
05:56 < kanzure> eh, in general i would have to agree, but i do try to read other people's code
05:56 < nsh> if we had to re-tell the story to the computer every time
05:56 < kanzure> and i think it's insane that programmers working on the same project don't read all of the other source code
05:56 < nsh> it would do us a lot of good, and we'd probably evolve languages that are more expressively laconic
05:56 < nsh> telling stories is one of the things we're evolutionarily adept at
05:57 < nsh> it's a toss-up between telling stories and endurance hunting
05:57 < kanzure> better language will not make your programmers do their jobs
05:57 < kanzure> i don't know what you're on about
05:57 <@gmaxwell> nsh: hidden behavior is very important though. Clear communications abstracts away details, but that causes doom when the details matter.
05:57 < nsh> right
05:57 <@gmaxwell> kanzure: programmers who do their job may demand better languages, however. :)
05:58 < nsh> the problem is that we're dealing with conceptual models of how the code works that are pretty strongly silo'd in developers' heads
05:58 < nsh> we hope they overlap extensively
05:58 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:58 < nsh> and things like git, increasing the degree of dialectic, can kind of help
06:00 < nsh> none of this helps me understand why squaring multi-limbed numbers should be a byzantine affair
06:00 < nsh> even if processors are weird and freaky
06:00 < kanzure> you're asking "why is a math failure a bad thing"?
06:02 < nsh> am i?
06:02 < kanzure> i was asing you if you were asking that.
06:02 < nsh> maths only fails if you find the godel number that encodes a self-referential proposition concerning its provability
06:03 < nsh> and no-one's ever shown me one so i'm still on the side of maths
06:04 -!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
06:05 < kanzure> implementations of math in physical matter (like our primitive forms of computronium) are not platonic ideals or whatever, they have real failures.... bits flip, sidechannels leak, "optimizations" of algorithms turn out to be wrong in some implementations.
06:06 < kanzure> see "In this case the reason our testing revealed the issue was because we used non-uniform numbers specifically constructed with low transition probability to better trigger improbable branches like carry bugs (https://github.com/bitcoin/secp256k1/blob/master/src/testrand_impl.h#L45). I used the same technique in the development of the Opus audio codec to good effect." ...
06:06 < kanzure> ... http://np.reddit.com/r/programming/comments/2rrc64/openssl_security_advisory_new_openssl_releases/cnilq2w?context=3
06:08 < nsh> the irony is that the mathematic with which we model the indeterminism -- that we attempt (sometimes failingly) to supervene with deterministic logic -- with deterministic platonic equations of noble eternal truth
06:08 < nsh> s/-- with/-- are/
06:08 -!- waxwing [waxwing@gateway/vpn/mullvad/x-qbwjrjikomadlnog] has joined #bitcoin-wizards
06:09 < nsh> although greg egan had this lovely idea in a novella about the laws of physics being determined in the struggle of proposition vs. counterproposition in the great axiomatic big bang or something to that effect
06:10 < nsh> which was nice. i mean, it's a long way up from fundamental color-dynamics until we get arithmetic maybe
06:10 < kanzure> gmaxwell: fwiw i highly recommend linking to git(hub) commits by commit id instead of master branches, so that line anchors always work even after people push commits that would impact those anchors
06:10 -!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has joined #bitcoin-wizards
06:10 < kanzure> yes i was about to recommend that you read more greg egan to get over whatever illness you're currently experiencing
06:10 < kanzure> i'm glad that the generic telepathic link is working correctly today
06:10 -!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has joined #bitcoin-wizards
06:12 < nsh> well, i'm completely materially impoverished now, so i can afford the opulence of undirected intuition
06:12 < nsh> it's quiet liberating
06:16 < nsh> oh another thing that came up recently
06:17 < nsh> .t https://twitter.com/craigstuntz/status/546147453414944768
06:17 < yoleaux> nsh: Sorry, I don't know a timezone by that name.
06:17 < nsh> .tw https://twitter.com/craigstuntz/status/546147453414944768
06:17 < yoleaux> Homomorphic encryption doesn't allow branching on secret data. But that's a feature! Allowing it makes you susceptible to timing attacks. (@craigstuntz)
06:17 -!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has quit [Ping timeout: 264 seconds]
06:17 < nsh> i don't think this is a valid intuition
06:17 < nsh> because you convert any branching computation into a one-pass circuit
06:18 < nsh> and i'd be *very* surprised if this magically eliminated all timing sidechannels
06:18 < nsh> though it may make their exploitation much less convenient than in branching flow
06:27 -!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has joined #bitcoin-wizards
06:30  * jgarzik wonders out loud,
06:31 < jgarzik> What should bitstamp implement, that is better than a hot-wallet-on-a-server?
06:31 -!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has quit [Ping timeout: 255 seconds]
06:31 < jgarzik> e.g. I always imagined a web server would indicate "withdraw X from user Y" to N different remote servers, each of which would examine the withdrawal flow in context, to class it as "abnormal" or "normal"
06:32 < jgarzik> If normal, the N servers all sign a multi-sig enabling the withdrawal.
06:32 < jgarzik> A bit simple-minded, but at least requires attacker to compromise multiple servers which are -not- the web server processing the withdrawal request from the user
06:32 < kanzure> how about not using a hot wallet at all
06:32 < hearn> in theory, the hot wallet concept already does this. the size of the hot wallet defines what "normal" is
06:33 < kanzure> having a hot wallet multiple times the size of your daily turnover is not a great idea
06:33 < jgarzik> single-key hot wallet doesn't do that
06:34 < kanzure> instead of using a hot wallet you could just have very slow withdrawals
06:34 < jgarzik> kanzure, indeed
06:34 < hearn> if we assume that bitstamp sized their hot wallet reasonably for their business (it was sized so when i visited them), it could be that they actually see withdrawals and deposits of such huge amounts of money
06:34 < jgarzik> kanzure, which I think translates into a business cost of "users go elsewhere" given competitive space
06:34 < kanzure> right... arguably you do not want users that are that bad at security.
06:34 < hearn> seems ridiculous i agree, but i've met financial types who didn't think anything of dropping millions on a risky FX bet
06:35 < jgarzik> Large amounts or small amounts, it sounds like the hot wallet was not multi-sig.
06:35 < hearn> they use vanilla Bitcoin Core for everything, so no multisig or even HD
06:35 < hearn> or rather, they did last year
06:35 < kanzure> multisig hot wallets is just an extra layer of indirection
06:36 < kanzure> especially if the threshold number of private keys are available on the same server
06:36 < hearn> but yeah, not clear what multi-sig would do. in most implementations you're gonna get both signers being very similar, running the same code, etc
06:36 < jgarzik> kanzure, it also raises attack difficulty and attacker costs, which is the point
06:36 < jgarzik> kanzure, my scheme as described would not keep N private servers on the same server ;p
06:36 < jgarzik> *private keys
06:36 < kanzure> hard to tell with VMs these days.....
06:36 < hearn> the thing you need is diversity, rather than just having multiple servers.
06:36 < hearn> N identical servers has the same security as one, really
06:36 < op_mul> hearn: they reuse addresses, so it's not bitcoin core wallet.
06:38 < hearn> i don't follow your logic there
06:38 < kanzure> yeah, you can hack bitcoind into doing anything you want, it's software
06:38 < op_mul> bitcoin core doesn't reuse change addresses. it seems unlikely anybody would add that in.
06:39 < kanzure> their transaction creation could be anything and they could still be using bitcoind for all you know
06:39 < hearn> my statement was based on what they were doing about little under a year ago. it might be totally different now
06:39 < op_mul> kanzure: I said not using the core wallet, not bitcoind.
06:41 < op_mul> given how poorly the wallet does under loads it's unlikely anybody would use it at scale.
06:41 < kanzure> jgarzik: at any rate, withdrawals should definitely be on totally separate servers
06:41 < kanzure> jgarzik: and also, they should not run anything connecting t othe p2p bitcoin network on any server or ip address that is associated with their user frontend or company etc
06:42 < jgarzik> yes, which independently examine the withdrawal requests, and put each request in context of an overall fraud framework
06:42 < jgarzik> ie. did 1,000,000 users each request withdrawal of 1 BTC to $same_address?
06:42 < kanzure> yep.. that's something i've been working towards, in part. (there are others. i shouldn't take that much credit!)
06:43 < jgarzik> kanzure, what are you working on, if I may ask?
06:43 < kanzure> pm is okay?
06:43 < jgarzik> kanzure, sure
06:43 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
06:44 < hearn> op_mul: you would be surprised ...
06:45 < hearn> op_mul: there are very few wallet implementations lying around. most of them don't scale well, afaik
06:45 < hearn> fraud risk analysis is ..... tough
06:45 -!- zooko`` [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Remote host closed the connection]
06:45 < hearn> it's very hard to come up with rules that work, unless you have a constant stream of examples
06:45 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
06:46 < hearn> if you're getting hacked frequently enough to iterate on that, well, that's bad news. and if someone hacks your corp infrastructure, they can probably read your code, in which case forget about it
06:48 -!- wallet42 [~wallet42@unaffiliated/wallet42] has quit [Quit: Leaving.]
06:48 < hearn> long term, i fear there is no alternative but just to slowly deflate these huge pools of money by charging deposit fees and the like
06:49 < kanzure> jgarzik: having the private keys anywhere near the infrastructure is quite worrying, even if it is a hot wallet
06:49 < kanzure> jgarzik: that's probably the biggest gain to be had, here
06:50 < jgarzik> agree
06:50 < op_mul> hearn: not storing 21,000 BTC in your hot wallet would be a good start.
06:50 < jgarzik> op_mul, agree.... unless that was their normal flow
06:50 < kanzure> yesterday op_mul showed that it was definitely not their turnover rate
06:51 < hearn> if you have compromised a front end web server or the database, you don't have to compromise the hot wallet.
06:51 < op_mul> s/definitely/probably/ it doesn't justify 21,000 BTC there at any rate.
06:51 < hearn> you can make the system think you're about to do a huge withdrawal and wait for humans to top up the hot wallet to be big enough
06:51 < jgarzik> In general, I think it is clear that exchanges need some published, step-by-step best practices guides to avoid things like this.  Everybody keeps reinventing the wheel, poorly.
06:51 < hearn> just having people in the loop is no panacea.
06:52 < kanzure> hearn: nah, that only works if your withdrawal queue is on those servers or in those databases
06:52 < hearn> one reason banks are slow is they manually review wire transfers
06:52 < op_mul> hearn: having "multisig" application databases might be nice, and have the wallet server verify with both.
06:52 < op_mul> have a third doing sanity checks and physically pulling the plug on failure.
06:53 < hearn> i think it's too early to speculate on what would help, given there is no public info about the exact nature of the hack
06:53 < kanzure> jgarzik: you shouldn't do their work for them, though
06:53 < hearn> i suspect it wasn't as simple as "we grabbed the keys" though
06:53 -!- GAit [~lnahum@enki.greenaddressit.p3.tiktalik.io] has quit [Ping timeout: 255 seconds]
06:53 < hearn> otherwise all the money would have exited the wallet in one go, or within a few minutes
06:53 < jgarzik> multiple withdrawal servers need to act as third parties, independently verifying the withdrawal requests
06:53 < hearn> the public analysis by denno suggests that it took hours and bitstamp was able to actually stop some draining away
06:53 < op_mul> hearn: it wasn't, bitstamp managed to claw back 3000 BTC during the hack.
06:53 < hearn> exactly
06:54 < kanzure> jgarzik: i think the earlier argument a few minutes ago was that withdrawal requests are often stored in the same database, so why would your verifications ever return differently?
06:54 < hearn> so that isn't really consistent with key compromise.
06:54 < op_mul> interestingly both the attacker and bitstamps transactions were 300 BTC each.
06:54 < jgarzik> kanzure, Disagree slightly; at some point, community standards & practices avoid public bitcoin embarrassments like this.  Ultimately we are all in it together.  Sites are competitors, but also we are all learning on-the-fly about how to best secure bitcoins.
06:54 < op_mul> or some of them, at least
06:55 < kanzure> jgarzik: so far i have not seen strong evidence that the existing exchanges have actually taken any of the advice about storing bitcoin. i mean, coinbase mentions something about bank vaults, but they aren't using multisig either...
06:55 < jgarzik> kanzure, even if completely fraudulent withdrawal database traffic, an attacker would be unable to empty the hot wallet rapidly
06:55 < jgarzik> *even with
06:55 < kanzure> the attacker would be unable to do that rapidly with n=1 verifiers though
06:56 < hearn> yeah i think this is looking more like a frontend/db compromise
06:56 < kanzure> i mean, your statement holds for n=1
06:56 < hearn> the 16 hour+ exploit window can be explained by the hot wallet having velocity controls on it
06:56 < jgarzik> Related: multisig address analysis is naive.  Some sites with big wealth use shamir
06:56 < hearn> i.e. the attacker can't get the keys directly, he can't get the wallet directly, but he can keep submitting huge withdrawals that will get processed and empty things out
06:56 < kanzure> jgarzik: good point
06:57 < jgarzik> hearn, yep
06:57 -!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]
06:58 < kanzure> also another thing that is important is if you happen to implement multi-factor authentication then you should definitely not implement multi-factor authentication using the same database or frontend application, since compromising that means you can sidestep that sort of withdrawal verification process
06:58 < jgarzik> kanzure, there are multiple points of compromise.  multiple servers simply prevents a low level key-stealing single server compromise.  defense in depth.  if the withdrawal stream is good but a signing server is bad, or the withdrawal stream is bad but signing servers are good, you still have defenses.
06:58 < kanzure> er, i mean user-based multi-factor, of course
06:58 < jgarzik> spreads out what must be compromised, and how.
06:59 < jgarzik> the goal in security is never "impenetrable" but "better than before"
07:00 -!- CoinMuncher [~jannes@178.132.211.90] has quit [Quit: Leaving.]
07:00 < jgarzik> attacker must compromise M servers to perform low-level key stealing, or manipulate withdrawal request stream to trick signing servers.
07:01 < jgarzik> compromise the db, and signing servers notice odd withdrawal patterns
07:01 < hearn> what i'm worrying about is that the bitstamp hack boils down to something like, "found a code execution exploit in web server/framework, couldn't get further, but it didn't matter" because we don't have any great ideas for what to do about that
07:01 < hearn> it's easy to say "just have better anti fraud logic!" without really knowing what that'd look like
07:01 < hearn> what could help, potentially, is if clients of the exchange were digitally signing their withdrawal requests.
07:01 < hearn> so the exchanges main loop/hot wallet code can check signatures that don't come from frontends.
07:02 < kanzure> that signing verification could still be bypassed if the database is poorly designed
07:02 < hearn> however this would require exchange users to install an app
07:02 < hearn> IOW, users submit signed BIP70 PaymentRequest's that are verified by the exchange core, rather than just via the web. now you have to compromise user keys to withdraw from the exchange.
07:02 < jgarzik> I think that's reasonable for big withdrawals
07:02 < jgarzik> (installing an app)
07:03 < hearn> yeah. i wonder how feasible that is. it wouldn't be very hard to make a nice lighthouse-style tool that used e.g. free Comodo certs as proof of email address.
07:03 < jgarzik> hearn, +1, I like the idea
07:03 < hearn> if you lose your private key, perhaps you have to file a support ticket or go through KYC again.
07:03 < jgarzik> yep
07:03 < jgarzik> _this_ is the sort of best practice we should have in a doc somewhere
07:04 < kanzure> these are all sort of obvious things, though
07:04 < hearn> well, maybe. everything is obvious in hindsight.
07:04 < kanzure> "hindsight" doesn't apply here.. what do i have hindsight over?
07:04 < hearn> also it's easy to assume that exchanges have infinite skilled developer manpower. when i did the bitstamp client/fund reconciliation thing, obviously i asked why they aren't using multisig for their cold wallets
07:04 < kanzure> what did they say?
07:05 < hearn> and the answer was basically, the tools just aren't good enough and they already had a billion things on their plate
07:05 < hearn> so developing their own didn't seem attractive
07:05 < hearn> (at the time copay wasn't really fully launched, i think)
07:05 < kanzure> do they have any developers on their staff that i might know?
07:05 < hearn> doubt it. anyway, i don't want to get into the details of their setup too much, as it's all confidential
07:06 < kanzure> i mean, how did they pick their bitcoin people? just anyone that can setup a bitcoind node?
07:06 < hearn> no, it's not like that.
07:06 < jgarzik> Related:  For the record, copay still has a "beta" label and a warning not to use it for large amounts.
07:07 < hearn> anyway, i'd rather not discuss it. when i was there i wrote a report for their investors exploring many aspects of the business and setup, but it was not public. so i should not discuss further. they can decide what they wish to discuss publicly.
07:07 < jgarzik> Agree w/ hearn.  _In theory_ exchanges should know this stuff.
07:07 < kanzure> hearn: glad to hear that someone was doing due diligence
07:07 < jgarzik> In practice, they are small shops with strained resources and don't necessarily know bitcoin as well as we do.
07:08 < jgarzik> This is not just a bitstamp problem, which is why I kicked off the discussion.
07:08 < hearn> jgarzik, +1
07:08 < jgarzik> White label exchanges will make the problem worse, too
07:08 < hearn> i may contact them and ask if they want to discuss the app idea.
07:08 < hearn> really it should be a feature of wallets, of course, but in the short term a special purpose "withdrawal wallet app" would bridge the gap
07:08 < kanzure> haha will you also do free work for my exchange
07:09 < jgarzik> hearn, RE app, it should be a feature of the wallet indeed
07:09 < hearn> discuss in this context means, discuss a contract ;)
07:09 <@gmaxwell> It would be helpful to know what the failure mode here was. The industry cannot learn when people keep their faults secret.
07:09 < jgarzik> (typing same thing at same time, it seems)
07:09 < jgarzik> I bet we could get copay to do withdrawal signing
07:09 < jgarzik> if there's interest
07:09 < jgarzik> It needs to be in every wallet
07:10 <@gmaxwell> I believe all of the largest loss events actual fault modalities are all secret, there have also been loss events which are completely secret.
07:10 < jgarzik> gmaxwell, agree
07:10 <@gmaxwell> This is going to cause regulatory ire against this industry if we don't fix it.
07:10 <@gmaxwell> Because we cannot learn best practices if we can't even see what failed.
07:10 < jgarzik> gmaxwell, I would be hopeful that we can engineer some stupidity out of exchanges if things like withdrawal signing were general industry practice
07:10 < hearn> yeah. that's an industry wide issue though. i think US regulators are already getting annoyed just at general data breaches being secret.
07:10 <@gmaxwell> All we can do is speculate; and our speculations will be rightfulyl ignored because they are uninformed.
07:11 < hearn> of CC track data, etc
07:11 < jgarzik> e.g. Create a situation where players cannot enter the market unless they support withdrawal signing, "because everyone else does"
07:11 <@gmaxwell> hearn: CC industry has pretty substantial self regulation though; perhaps not enough (as you note) we don't even have that.
07:11 < jgarzik> hmmmmm.
07:11 < jgarzik> I wonder if there's an exchange that is willing to demo withdrawal signing.
07:12 <@gmaxwell> jgarzik: why should e.g.bitstamp listen to our advice when we're totally ignorant as to what ill actually befell them?
07:12 -!- SDCDev [~quassel@unaffiliated/sdcdev] has joined #bitcoin-wizards
07:12 < kanzure> gmaxwell: because i'd be stupid not to listen to you give me free advice?
07:12 < hearn> free advice, worth what you paid for it ;)
07:12 < kanzure> jgarzik: i know at least one that has been cooking such a thing
07:12 < jgarzik> gmaxwell, Make that rhetorical question irrelevant:  If we implement good security practices in the wallets, they follow or get left behind.
07:12 < stonecoldpat> following kanzures earlier comment, you know how to do more than just run bitcoind ;)
07:12 < hearn> the problem with us giving advice is not so much that it'd be worthless or even wrong, but we have no insight into the priority queue and other factors that can be surprising
07:13 < jgarzik> A central problem throughout bitcoin's history is that it is _too easy to use [wrongly / insecurely]_
07:13 <@gmaxwell> hearn: well and we value different things. I don't really give a crap about their market share if the tradeoff is against bitcoin's reputation or user security.
07:13 < hearn> e.g. when i checked the size of their cold wallet, of course i was happy just with them signing some nonces i chose with their keys, why actually move the money?
07:13 < jgarzik> it is too easy for a programmer to write naive bitcoin code
07:13 < jgarzik> and tough for programmers to automatically "know" how to write secure code
07:13 < hearn> and the answer was one i did not expect - the SEC loved being able to see the "audit" (i use the word loosely) on the block chain. it felt like star trek to them.
07:13 < hearn> so, ok, move the money then.
07:14 < op_mul> hearn: moving their 140k BTC in one transaction was just moronic.
07:14 < kanzure> they thought moving money was an audit??
07:14 < hearn> no, they know it's not
07:14 < jgarzik> hearn, that's a tweetable quote if ever there was one
07:14 < hearn> this is a language issue. substitute "proof of reserves" or your term of choice
07:15 < kanzure> haha what... wouldn't signing some other plaintext be a better idea, rather than signing a transaction?
07:15 < hearn> no
07:15 < hearn> put it on the block chain, send government regulators a link to the page on blockchain.info, done
07:15 < hearn> don't put it on the block chain, send a complicated 10 step procedure that they don't understand -> not done
07:16 < petertodd> I'll take "they have to work a bit" over $100 million single point of failure any day
07:16 < op_mul> hearn: did you know that anybody could fake a spendable balance on blockchain.info for years?
07:18 < petertodd> op_mul: ha, that would be an awesome fraud
07:18 < tacotime> the great thing about bitcoin is that we can see when someone stole the money at the very least.
07:19 < hearn> op_mul: never heard that, no
07:19 < kanzure> anyone can still fake blockchain.info data (it's a company and it's run by humans, it's not a truthsource)
07:19 < hearn> bear in mind all the existing financial system boils down to is trusted men/women in fancy suits writing letters to each other
07:19 < kanzure> that's not my fault
07:20 < petertodd> hearn: which works because transactions are revocable...
07:20 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
07:20 < hearn> my point is this - it's easy for armchair developers to say "XYZ thing is obvious and anyone who doesn't do it is insane or dumb", but often there are factors that aren't obvious
07:21 < tacotime> i don't fully understand the 'hotwallet' thing though... can't you just do everything on an offline machine, like sign the tx with an output to the recipient, print it out, walk it over to an online machine with a daemon, scan, and relay? why use hot wallets at all?
07:21 < tacotime> if the theft is internal though (as these seem to be) i guess that solves nothing
07:21 < kanzure> hearn: do you think there's anything obvious (like "use a cryptosystem" or "use a password") that you have to draw the line at?
07:21 < petertodd> tacotime: I've gone through this stuff with an exchange before that I did some consulting for... hotwallet vs. coldwallet isn't as important an issue as you'd think
07:21 < petertodd> tacotime: the real problem is authentication of user intent
07:22 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]
07:22 < kanzure> er, stealing the private key can bypass any authentication of user intent
07:22 < hearn> kanzure: you know the US nuclear launch codes were 00000000, right?
07:22 -!- Profreid [~Profreitt@gateway/vpn/privateinternetaccess/profreid] has quit [Quit: Profreid]
07:22 < kanzure> that's also not my fault. nobody ever asked me for advice about nuclear launches.
07:23 < hearn> nobody is saying it is
07:23 < petertodd> kanzure: it can, but bad authentication of user intent can (nearly) just as easily steal money too
07:23 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
07:23 < kanzure> petertodd: yep, okay
07:23 < tacotime> well. if you have a person actually auditing every outgoing tx that shouldn't happen though.
07:23 < petertodd> kanzure: for instance, they wanted to use multisig, and by the time we were done they needed to essentially write two separate versions of the exchange software, each authenticating the user in a different way
07:24 < petertodd> tacotime: if you put a person in charge of that they get lazy, guaranteed
07:24 < kanzure> petertodd: were they running these two versions simultaneously...?
07:24 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]
07:24 < tacotime> (at least not on a wide scale that would allow theft)
07:24 < tacotime> heh
07:24 < petertodd> kanzure: I haven't spoken to them in a bit, but that was the plan
07:24 < Luke-Jr> kanzure: what would you make the launch code be?
07:24 < ajweiss> gun clicks... "TURN YOUR KEY, SIR!"
07:24 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
07:24 < kanzure> Luke-Jr: i'm not sure a launch code is a good idea
07:25 < stonecoldpat> taxotime: just because a person is handling it - still doesnt authenticate that the person who requested it - really is the person they say, plus it requires a lot more staff than probably affordable
07:25 < Luke-Jr> kanzure: that's dodging the question :D
07:25 < tacotime> stonecoldpat: um, probably no more so than at a bank... and i assume they're making more than a bank, at least before this. and i meant, adding human audit on top of classical auth schemes
07:26 -!- nubbins` [~leel@unaffiliated/nubbins] has joined #bitcoin-wizards
07:26 < kanzure> Luke-Jr: yep..... but really, i don't think any particular 8-digit launch code is a good idea...
07:26 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]
07:27 < tacotime> small scale theft/fraud can be offset easily by revenue... but the most recent theft was anything but that.
07:27 < kanzure> there should definitely be proportional or exponential verification to linearly increasing withdrawal requests
07:27 < kanzure> *withdrawal request amounts
07:28 < hearn> kanzure: so what you're saying is, "do you think there's anything obvious (like "use a cryptosystem" or "use a password") that you have to draw the line at?"    -> no
07:28 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
07:28 < hearn> kanzure: it's rare that things are obvious.
07:28 < hearn> sadly
07:28 < kanzure> hearn: for example, "don't tell every user your single private key" seems ridiculously obvious to me
07:28 < tacotime> yeah. if the theft was anything but internal (of 15k or whatever bitcoins) i'll be really saddened that they decided to have that much online at any given time
07:28 < kanzure> hearn: you have to draw the line somewhere
07:29 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]
07:29 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
07:29 < tacotime> i mean, we rely on debug output to vet our own code and make sure it's not doing something weird.. i don't see why this is any different.
07:29 < stonecoldpat> hot wallets should be okay to use, (its just a till @ a shop at the end of the day), their hot wallet was just a bit too big, but thats always going to be a risk
07:31 < tacotime> btc-e has never had a bitcoin theft as far as i know (though they did have a liberty reserve theft), so this type of security can be done right i think.
07:31 < tacotime> (anyway, kind of OT, sorry)
07:31 < kanzure> what's the physics term for as-fast-as-possible signing of withdrawal requests? there's some limit. might be something about speed of light and number of bits per second. anyway, the hottest possible wallet is probably going to sign more things that you wouldn't want it to have signed, even more than the proportionally more number of requests it can process.
07:32 < kanzure> well, er, i don't have the formalism for that, i'm sure one of you physics junkies knows how to conceptualize a hottest possible wallet
07:32 <@gmaxwell> hahah!
07:32 <@gmaxwell> On the fundimental limits of Bitcoin wallets.
07:33 < kanzure> "or how i learned to expose my private keys to the soft flame of a neutron star"
07:33 -!- nullbyte [WW@gateway/vpn/mullvad/x-lscqvxvefqmdmafy] has quit [Ping timeout: 265 seconds]
07:33 <@gmaxwell> "We construct a Bitcoin wallet from a quark gluon plasma on the basis of a linear model which indicated that Bitcoin users prefer the hottest possible wallets. If our analysis holds, our profits will be in excess of 500 million bitcoins per day."
07:34 <@sipa> "My cold wallet is stored at negative kelvin temperature!" - "You realize that's means it's infinitely hot, right?"
07:34 < kanzure> i even have a snappy name ready to go: big bang wallet
07:35 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards
07:35 -!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has joined #bitcoin-wizards
07:35 -!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has quit [Changing host]
07:35 -!- nullbyte [~WW@unaffiliated/loteriety] has joined #bitcoin-wizards
07:37 < hearn> kanzure: that's a confidence inspiring name if there ever was one
07:37 < helo> QOTD "it's rare that things are obvious" - hearn
07:37 < hearn> "we're using the Big Bang Wallet, what could possibly go wrong?"
07:37 <@gmaxwell> I've thought before that it might be fun to build some orgy of fail product to launch on april first. "Big bang wallet" by "John TotallyNotStealingYourMoney Doe" ... except people would use it. :(
07:37 < hearn> helo: i'm practicing for my next career as a fortune cookie writer
07:37 < hearn> gmaxwell: implemented in Visual Basic for extra safety :)
07:38 <@gmaxwell> hearn: and call it mastercoin?  ...  Too much work. Might as well just take bitcoin-qt, change the name, and add a picture of a dog. oh wait.
07:38 <@sipa> probably in a prl script that generates visual basic code
07:38 < hearn> lol
07:38 < fluffypony> plz, PHP
07:38 <@sipa> *perl
07:38 < fluffypony> DarkTimeKoin
07:39 <@gmaxwell> fluffypony: hehe. I thought that was a joke at first and was really disappointed when there was no references to Cubic Currency or racist rants.
07:40 -!- nullbyte [~WW@unaffiliated/loteriety] has quit [Ping timeout: 244 seconds]
07:40 < fluffypony> lol
07:41 <@sipa> wow, webbtc.com has a script evaluator
07:41 -!- nullbyte [WW@gateway/vpn/mullvad/x-usynqsxfgurymyrl] has joined #bitcoin-wizards
07:41 <@gmaxwell> (context: fluffypony is referring to TikeKoin a very weird PHP altcoin written by one of bitcoin's earliest users who was seemingly losing his mind. And when I saw the post I thought it was a timecube joke.)
07:41 -!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has joined #bitcoin-wizards
07:41 < op_mul> hearn: that's because bc.i doesn't publish when they get owned.
07:41 < fluffypony> *TimeKoin
07:45 -!- skyraider [uid41097@gateway/web/irccloud.com/x-wdrxlnxovczuzorr] has joined #bitcoin-wizards
07:45 -!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]
07:46 < petertodd> gmaxwell: 3716f21538060be06afda4197d00191e2e3b07500187a1e12a0abadfca9158f3 <- not quite a neutron star, but it's to the right audience at least
07:47 -!- roconnor [~roconnor@e120-pool-d89a63c0.brdbnd.voicenetwork.ca] has quit [Quit: Konversation terminated!]
07:49 -!- SDCDev [~quassel@unaffiliated/sdcdev] has quit [Remote host closed the connection]
07:53 < kanzure> hrm it is not little-endian hex
07:53 <@gmaxwell> kanzure: it's a transaction id, follow it
07:53 < petertodd> kanzure: you can tell by the pixels
07:54 -!- hearn [~mike@50-105.77-83.cust.bluewin.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
08:01 < kanzure> whoops, yes
08:01 -!- op_mul [~op_mul@178.62.78.122] has quit [Read error: Connection reset by peer]
08:01 -!- lclc_bnc is now known as lclc
08:04 -!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has joined #bitcoin-wizards
08:10 -!- nullbyte [WW@gateway/vpn/mullvad/x-usynqsxfgurymyrl] has quit [Ping timeout: 264 seconds]
08:12 -!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has joined #bitcoin-wizards
08:12 -!- nullbyte [~WW@cpe-66-68-54-206.austin.res.rr.com] has quit [Changing host]
08:12 -!- nullbyte [~WW@unaffiliated/loteriety] has joined #bitcoin-wizards
08:17 -!- nessence [~alexl@178.19.221.38] has quit [Remote host closed the connection]
08:29 -!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has joined #bitcoin-wizards
08:30 -!- bendavenport [~bpd@64.124.157.148] has joined #bitcoin-wizards
08:31 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has joined #bitcoin-wizards
08:36 -!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has joined #bitcoin-wizards
08:43 -!- eudoxia_ [~eudoxia@r186-50-231-177.dialup.adsl.anteldata.net.uy] has joined #bitcoin-wizards
08:44 -!- eudoxia_ [~eudoxia@r186-50-231-177.dialup.adsl.anteldata.net.uy] has quit [Remote host closed the connection]
08:44 -!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 264 seconds]
08:45 -!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has joined #bitcoin-wizards
08:47 -!- eudoxia [~eudoxia@r179-25-152-180.dialup.adsl.anteldata.net.uy] has quit [Ping timeout: 252 seconds]
08:52 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Remote host closed the connection]
08:57 -!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:8ddf:c65e:b6d3:3462] has quit [Ping timeout: 265 seconds]
08:58 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
09:05 -!- CoinMuncher [~jannes@178.132.211.90] has joined #bitcoin-wizards
09:13 -!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
09:13 -!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has joined #bitcoin-wizards
09:15 -!- OneNomos [~onenomos@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards
09:15 -!- OneNomos is now known as Guest10177
09:16 -!- Guest10177 [~onenomos@pool-71-178-107-61.washdc.east.verizon.net] has quit [Client Quit]
09:16 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards
09:16 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
09:17 -!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards
09:21 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
09:21 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Ping timeout: 264 seconds]
09:28 -!- ryanxcharles [~ryanxchar@162-245-22-162.v250d.PUBLIC.monkeybrains.net] has joined #bitcoin-wizards
09:30 -!- user7779078 [user777907@gateway/vpn/mullvad/x-gwqfioylvyarpatn] has joined #bitcoin-wizards
09:31 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Ping timeout: 265 seconds]
09:32 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has quit [Remote host closed the connection]
09:33 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has joined #bitcoin-wizards
09:35 -!- vmatekole [~vmatekole@f055011083.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
09:36 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards
09:40 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
09:45 -!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has quit [Remote host closed the connection]
09:51 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Read error: Connection reset by peer]
09:52 -!- bit2017 [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
09:53 -!- bit2017 [~linker@bb219-75-53-81.singnet.com.sg] has quit [Max SendQ exceeded]
09:54 -!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
09:55 -!- execut3 [~shesek@77.125.154.211] has joined #bitcoin-wizards
09:55 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
09:58 -!- shesek [~shesek@77.126.229.16] has quit [Ping timeout: 264 seconds]
09:59 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Ping timeout: 240 seconds]
10:02 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has joined #bitcoin-wizards
10:03 -!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has joined #bitcoin-wizards
10:07 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
10:08 -!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has joined #bitcoin-wizards
10:08 -!- coiner [~linker@bb219-75-53-81.singnet.com.sg] has quit [Ping timeout: 265 seconds]
10:10 -!- soundx [~soundx@gateway/tor-sasl/soundx] has joined #bitcoin-wizards
10:20 -!- soundx [~soundx@gateway/tor-sasl/soundx] has quit [Ping timeout: 250 seconds]
10:25 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards
10:36 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
10:36 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards
10:37 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has joined #bitcoin-wizards
10:39 -!- CoinMuncher [~jannes@178.132.211.90] has quit [Quit: Leaving.]
10:43 -!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has quit [Quit: Leaving.]
10:53 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 240 seconds]
11:03 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
11:04 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
11:08 -!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has quit [Ping timeout: 244 seconds]
11:10 -!- execut3 is now known as shesek
11:10 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards
11:11 -!- maaku [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #bitcoin-wizards
11:11 -!- maaku is now known as Guest82541
11:15 -!- Dizzle [~diesel@2605:6000:1018:c04a:350a:f16c:a6d1:9629] has joined #bitcoin-wizards
11:17 -!- nubbins` [~leel@unaffiliated/nubbins] has joined #bitcoin-wizards
11:17 < jgarzik> http://blog.rust-lang.org/2015/01/09/Rust-1.0-alpha.html
11:17 < MRL-Relay> [fluffypony] oh andytoshi will be happy
11:18 <@gmaxwell> I believe that as it matures Rust will turn out to be a uniquely well suited language for general Bitcoin application development.
11:19 <@gmaxwell> It's also, I think, the only language you can say that was created while a bitcoin developer was pestering the crap out of its main contributors.
11:19 < heath> gmaxwell: thoughts on haskell and haskoin?
11:22 < fluffypony> argh altcoins have ruined me - I immediately thought haskoin was an altcoin
11:22 < fluffypony> I also spent 2 minutes today thinking that Picocoin was a stupid name for an altcoin (sorry jgarzik) before realising it wasn't that at all
11:23 < gwillen> gmaxwell: bahaha. Was that bitcoin developer you?
11:24 < jgarzik> heh
11:25 <@sipa> gwillen: andytoshi
11:25 <@gmaxwell> yea.  Well rust is not everything I could possibly want in a language; but there are serious usability tradeoffs; so it's unclear what optimal really is.
11:25 -!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has joined #bitcoin-wizards
11:25  * gwillen nod
11:25 <@gmaxwell> and yea, andytoshi actually contributed some not-totally trivial amount to the compiler.
11:27  * heath proudly holds his best troll today trophy with pride and continues idling
11:27 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
11:28 -!- RoboTedd_ [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
11:31 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]
11:32 -!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]
11:34 -!- jb55 [~jb55@208.98.200.98] has joined #bitcoin-wizards
11:36 < jb55> I work for a record label, could you make a transaction to an address such that you could somehow guarantee commission splits to other addresses. That way when someone buys a track all rights holders get paid appropriately?
11:36 < jb55> I have a feeling this might not be possible...
11:37 <@gmaxwell> on can straightforwardly pay to a multisignature address which lets you achieve "all signers agree on the distribution of the funds, or they don't move at all."
11:37 <@gmaxwell> The payment protocol (BIP70) also allows the invoice to ask parties to pay to a split of multiple outputs.
11:39 < jb55> that sounds exactly what we do already informally. artists all sign a pdf contract before we start distributing funds. If I could encode that into a multisig address it would greatly simplify our payouts in the future...
11:40 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has joined #bitcoin-wizards
11:41 -!- nubbins` [~leel@unaffiliated/nubbins] has joined #bitcoin-wizards
11:42 < jb55> thanks!
11:46 < phantomcircuit> gmaxwell, does the invoice specify how much goes to each output?
11:47 < kanzure> jb55: i've implemented that and have a working pile of code. do you want it?
11:47 < jb55> kanzure: that would be awesome
11:48 -!- nubbins` [~leel@unaffiliated/nubbins] has quit [Quit: Quit]
12:00 -!- luny [~luny@unaffiliated/luny] has quit [Ping timeout: 255 seconds]
12:03 -!- HaltingState [~HaltingSt@unaffiliated/haltingstate] has joined #bitcoin-wizards
12:07 -!- luny [~luny@unaffiliated/luny] has joined #bitcoin-wizards
12:11 <@andytoshi> fluffypony: hooray! i'm gonna spend the rest of today working on updating my code (i couldn't keep up with the changes over the last couple months so there is extreme bitrot)
12:11 < fluffypony> :)
12:12 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 244 seconds]
12:13 -!- lclc is now known as lclc_bnc
12:19 -!- Dizzle [~diesel@2605:6000:1018:c04a:350a:f16c:a6d1:9629] has quit [Quit: Leaving...]
12:25 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has quit [Ping timeout: 244 seconds]
12:25 -!- TechGhost420 [~kvirc@69.80.108.70] has joined #bitcoin-wizards
12:26 -!- belcher [~belcher-s@unaffiliated/belcher] has joined #bitcoin-wizards
12:27 -!- MoALTz [~no@user-109-243-165-112.play-internet.pl] has joined #bitcoin-wizards
12:35 -!- Dizzle [~diesel@70.114.207.41] has joined #bitcoin-wizards
12:39 -!- orik [~orik@75.149.169.53] has joined #bitcoin-wizards
12:42 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
12:45 -!- nsh [~lol@wikipedia/nsh] has quit [Excess Flood]
12:45 -!- nsh [~lol@2001:41d0:8:c2da::1337] has joined #bitcoin-wizards
12:45 -!- nsh [~lol@2001:41d0:8:c2da::1337] has quit [Changing host]
12:45 -!- nsh [~lol@wikipedia/nsh] has joined #bitcoin-wizards
12:58 -!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has joined #bitcoin-wizards
13:00 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
13:04 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has joined #bitcoin-wizards
13:05 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Client Quit]
13:05 -!- TechGhost420 [~kvirc@69.80.108.70] has quit [Ping timeout: 245 seconds]
13:06 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
13:10 -!- torsthaldo [~torsthald@unaffiliated/torsthaldo] has joined #bitcoin-wizards
13:13 -!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards
13:14 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has quit [Quit: Reconnecting]
13:15 -!- skyraider [uid41097@gateway/web/irccloud.com/x-wdrxlnxovczuzorr] has quit [Quit: Connection closed for inactivity]
13:15 -!- justanotheruser [~Justan@unaffiliated/justanotheruser] has joined #bitcoin-wizards
13:17 -!- justanot1eruser [~Justan@unaffiliated/justanotheruser] has quit [Client Quit]
13:18 -!- aburan28 [~ubuntu@static-108-45-93-73.washdc.fios.verizon.net] has quit [Ping timeout: 244 seconds]
13:24 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards
13:31 -!- Burrito [~Burrito@unaffiliated/burrito] has joined #bitcoin-wizards
13:39 -!- d1ggy_ is now known as d1ggy
13:40 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 244 seconds]
13:53 -!- wyager [~wyager@cpe-24-160-153-232.satx.res.rr.com] has quit [Quit: wyager]
13:54 -!- TechGhost420 [~kvirc@207.207.22.127] has joined #bitcoin-wizards
13:55 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards
14:07 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
14:07 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards
14:28 -!- catlasshrugged [~satoshi-u@208-58-112-15.c3-0.upd-ubr1.trpr-upd.pa.cable.rcn.com] has quit [Read error: Connection reset by peer]
14:30 -!- siervo [uid49244@gateway/web/irccloud.com/x-gvzyiswpiuzokovm] has joined #bitcoin-wizards
14:31 < kanzure> attacks on ecdsa signatures with single-bit nonce bias http://www.irisa.fr/celtique/zapalowicz/papers/asiacrypt2014.pdf
14:32 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
14:33 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards
14:36 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
14:36 <@gmaxwell> kanzure: yep, fortunately the mechenism they use to get a single bit bias is not applicable to our curve.
14:36 <@gmaxwell> (not that there aren't other ways to screw up... :( )
14:36 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has joined #bitcoin-wizards
14:36 <@andytoshi> gmaxwell: you mean this GLV mechanism is not applicable to the curve, or do you mean something more specific?
14:36 <@gmaxwell> They focus on a bias created by not correctly handling that the curve order is much smaller than a power of two.
14:37 <@gmaxwell> oh maybe I'm confusing the paper.
14:37 <@andytoshi> i'm aware that libsecp256k1 does not do anything like this k1 + λk2 thing, but it's not obvious to me that we couldn't if we wanted to
14:37 <@andytoshi> i don't have a clue what openssl does :)
14:37 <@gmaxwell> oh it's the right paper but I'm only remembering part of it.
14:38 <@gmaxwell> andytoshi: no one else does. AFAICT no public implementation except secp256k1 has use of the endomorphism. (you can google for the constant)
14:39 -!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has joined #bitcoin-wizards
14:40 <@andytoshi> ah, i see that this is not applicable ... because our entire group has prime order there are no interesting prime subgroups worth decomposing into
14:40 <@andytoshi> s/interesting/proper/
14:40 <@gmaxwell> I can't load the URL.
14:41 <@andytoshi> kk i will rehost it, one sec
14:41 < kanzure> http://diyhpl.us/~bryan/papers2/security/cryptography/Attacks%20on%20ECDSA%20signatures%20with%20single-bit%20nonce%20bias.pdf
14:42 <@gmaxwell> if it's the paper talks I'm thinking about about two things, one is getting a bias from doing an endomorphism split k1 + lambda*k2, which is one reason we wouldn't bother doing generation that way ... so I misspoke, secp256k1 would happily befall that, it's just its a kind of stupid optimization; the other thing it talks about is handling the order mod incorrectly
14:42 -!- vmatekole [~vmatekole@f055163212.adsl.alicedsl.de] has quit [Ping timeout: 264 seconds]
14:42 <@andytoshi> it definitely talks about the first; i've only read the first 2 pages so not sure about the second
14:43 <@andytoshi> would it be an optimization even? we'd be using endomorphisms of the whole group (as opposed to a subgroup whose elements are smaller)
14:43 -!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has quit [Remote host closed the connection]
14:44 <@andytoshi> (i totally don't know what i'm talking about btw)
14:44 <@gmaxwell> yes. but not really. Because for signing you always compute kG with constant point G then you do not need the endomorphism to split your number.
14:46 <@gmaxwell> andytoshi: basically on GLV curves there is a magic beta number such that  P.x*beta,P.y = lambda*P    and lambda is helpfully large enough that one can split some secret k, like  k =  k1 + lambda*k2   such that k1, k2 are both 128 bit numbers (instead of 256 bit numbers).
14:47 <@andytoshi> ah, yes, i think sipa explained this to me out of band a few months ago (or was it you?)
14:47 <@gmaxwell> And then you can go about computing kG  as  k1G + k2*lambda*G with reduced operations via multi-exponentiation because the scalars are half the size.
14:48 <@sipa> andytoshi: i believe i did
14:48 <@andytoshi> gotcha. i misread the paper to think that you only got the size-halving by restricting the endomorphism to a small subgroup
14:49 <@gmaxwell> now some 'genius' signing implementation might think it could skip the splitting step by just randomly picking k1,k2 ... but the result is non-uniform. And I really doubt anyone has ever done this without knowing it was non-uniform, but maybe they thought it was acceptable.
14:49 <@gmaxwell> But if G is a constant there is no need to use the endormorphism for this.   You can just precompute 2^128*G, and then do your split on a power of two boundary and your splitting is free.
14:50 -!- siervo [uid49244@gateway/web/irccloud.com/x-gvzyiswpiuzokovm] has quit []
14:50 <@gmaxwell> In fact, you can carry that to its logical conclusion of precomputing every power of two. Or even ever window of 4 bits.. and have no doubling at all in your multiply by G; and this is what libsecp256k1 does for signing.
14:51 <@gmaxwell> so I don't see any reason you'd ever use the endomorphism in signing... You basically can't save memory using it even, since the beta constant takes almost as much memory as another precomputed point. (well okay you might save 32 bytes)
14:51 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Ping timeout: 264 seconds]
14:51 <@andytoshi> ah, yes, this part is what sipa explained to me
14:55 <@gmaxwell> hm, okay actually, for large amounts of memory you could halve your memory usage.
14:55 <@gmaxwell> so maybe someone would actually want to do that.
14:56 <@gmaxwell> e.g. you build a great big table for the first 128 bits, and then use the beta to get you a table for the next 128 bits. So the saving is only large if your table is large relative to one entry.
15:02 -!- op_mul [~op_mul@178.62.78.122] has joined #bitcoin-wizards
15:05 -!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards
15:06 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has joined #bitcoin-wizards
15:14 -!- Burrito [~Burrito@unaffiliated/burrito] has quit [Quit: Leaving]
15:19 -!- Guyver2 [~Guyver2@guyver2.xs4all.nl] has quit [Remote host closed the connection]
15:19 -!- treehug88 [~treehug88@static-96-239-100-47.nycmny.fios.verizon.net] has quit []
15:21 -!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has quit [Read error: Connection reset by peer]
15:21 -!- vmatekole [~vmatekole@e180176249.adsl.alicedsl.de] has joined #bitcoin-wizards
15:24 -!- PaulCapestany [~PaulCapes@204.28.124.82] has quit []
15:25 -!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards
15:31 -!- PaulCapestany [~PaulCapes@204.28.124.82] has quit []
15:32 -!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has joined #bitcoin-wizards
15:33 -!- PaulCapestany [~PaulCapes@204.28.124.82] has joined #bitcoin-wizards
15:34 -!- vmatekole [~vmatekole@e180176249.adsl.alicedsl.de] has quit [Ping timeout: 255 seconds]
15:34 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards
15:35 -!- siervo [uid49244@gateway/web/irccloud.com/x-jmcdfapfnwqryuyi] has joined #bitcoin-wizards
15:35 -!- catlasshrugged [~catlasshr@ec2-54-149-141-214.us-west-2.compute.amazonaws.com] has joined #bitcoin-wizards
15:37 -!- vmatekol_ [~vmatekole@e180176249.adsl.alicedsl.de] has quit [Ping timeout: 245 seconds]
15:37 -!- siervo [uid49244@gateway/web/irccloud.com/x-jmcdfapfnwqryuyi] has quit [Client Quit]
15:37 -!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has joined #bitcoin-wizards
15:37 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has quit [Ping timeout: 264 seconds]
15:41 -!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
15:47 -!- maraoz [~maraoz@43-161-16-190.fibertel.com.ar] has quit [Ping timeout: 264 seconds]
15:47 -!- orik [~orik@75.149.169.53] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
15:49 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has quit [Quit: Leaving]
15:59 -!- gsdgdfs [Transisto@213.179.213.75] has joined #bitcoin-wizards
15:59 -!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 255 seconds]
16:18 -!- hearn [~mike@84-75-198-85.dclient.hispeed.ch] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
16:21 -!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Quit: Leaving]
16:21 -!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has joined #bitcoin-wizards
16:23 -!- dgenr8 [~dgenr8@unaffiliated/dgenr8] has quit [Client Quit]
16:23 -!- zooko [~user@c-75-70-204-109.hsd1.co.comcast.net] has quit [Ping timeout: 245 seconds]
16:28 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
16:29 -!- mortale [~mortale@gateway/tor-sasl/mortale] has quit [Ping timeout: 250 seconds]
16:29 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]
16:33 -!- mortale [~mortale@gateway/tor-sasl/mortale] has joined #bitcoin-wizards
16:33 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
16:37 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]
16:40 -!- TechGhost420 [~kvirc@207.207.22.127] has quit [Ping timeout: 264 seconds]
16:41 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:b18f:30df:de11:ee9f] has quit [Ping timeout: 265 seconds]
16:43 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
16:43 -!- DougieBot5000 [~DougieBot@unaffiliated/dougiebot5000] has joined #bitcoin-wizards
16:43 -!- jb55_ [~jb55@208.98.200.98] has joined #bitcoin-wizards
16:47 -!- Guest8623 is now known as amiller
16:47 -!- amiller [~socrates1@li175-104.members.linode.com] has quit [Changing host]
16:47 -!- amiller [~socrates1@unaffiliated/socrates1024] has joined #bitcoin-wizards
16:47 -!- jb55 [~jb55@208.98.200.98] has quit [Ping timeout: 252 seconds]
16:48 -!- jb55_ [~jb55@208.98.200.98] has quit [Ping timeout: 245 seconds]
16:52 -!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has joined #bitcoin-wizards
16:53 -!- Dizzle [~diesel@70.114.207.41] has quit [Quit: Leaving...]
16:55 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
16:58 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
16:58 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]
17:00 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
17:01 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Ping timeout: 244 seconds]
17:04 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards
17:07 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
17:09 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
17:10 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
17:11 -!- ryanxcharles [~ryanxchar@162-245-22-162.v250d.PUBLIC.monkeybrains.net] has quit [Ping timeout: 245 seconds]
17:19 -!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has quit [Remote host closed the connection]
17:21 -!- torsthaldo [~torsthald@unaffiliated/torsthaldo] has quit [Read error: Connection reset by peer]
17:23 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards
17:26 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has joined #bitcoin-wizards
17:29 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
17:34 -!- user7779_ [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards
17:37 -!- narwh4l [~michael@unaffiliated/thesnark] has joined #bitcoin-wizards
17:38 -!- user7779078 [user777907@gateway/vpn/mullvad/x-gwqfioylvyarpatn] has quit [Ping timeout: 264 seconds]
17:43 -!- NewLiberty [~NewLibert@2602:304:cff8:1580:b18f:30df:de11:ee9f] has joined #bitcoin-wizards
17:47 -!- Guest79176 [~Pan0ram1x@095-096-084-122.static.chello.nl] has quit [Ping timeout: 264 seconds]
17:53 -!- Pan0ram1x [~Pan0ram1x@095-096-084-122.static.chello.nl] has joined #bitcoin-wizards
17:53 -!- Pan0ram1x is now known as Guest7999
17:55 -!- nuke_ [~nuke@46-217-253.adsl.cyta.gr] has joined #bitcoin-wizards
17:59 -!- nuke1989 [~nuke@46-161-92.adsl.cyta.gr] has quit [Ping timeout: 244 seconds]
18:02 -!- d1ggy_ [~d1ggy@dslb-092-076-003-073.092.076.pools.vodafone-ip.de] has joined #bitcoin-wizards
18:03 -!- jtimon [~quassel@238.pool85-59-137.dynamic.orange.es] has quit [Ping timeout: 256 seconds]
18:04 -!- bendavenport [~bpd@64.124.157.148] has quit [Ping timeout: 252 seconds]
18:05 -!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has joined #bitcoin-wizards
18:05 -!- gsdgdfs [Transisto@213.179.213.75] has quit [Ping timeout: 240 seconds]
18:06 -!- d1ggy [~d1ggy@dslc-082-082-157-078.pools.arcor-ip.net] has quit [Ping timeout: 244 seconds]
18:07 -!- Sub|zzz is now known as SubCreative
18:12 -!- user7779_ [~user77790@ool-4354b720.dyn.optonline.net] has quit [Remote host closed the connection]
18:13 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has joined #bitcoin-wizards
18:16 -!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has joined #bitcoin-wizards
18:19 -!- bbrittain [~bbrittain@172.245.212.12] has quit [Ping timeout: 245 seconds]
18:22 -!- narwh4l [~michael@unaffiliated/thesnark] has quit [Remote host closed the connection]
18:32 -!- nuke_ [~nuke@46-217-253.adsl.cyta.gr] has quit [Read error: Connection reset by peer]
18:32 -!- belcher [~belcher-s@unaffiliated/belcher] has quit [Quit: Leaving]
18:34 -!- Dr-G3 [~Dr-G@gateway/tor-sasl/dr-g] has joined #bitcoin-wizards
18:35 -!- Dr-G2 [~Dr-G@gateway/tor-sasl/dr-g] has quit [Ping timeout: 250 seconds]
18:37 -!- DoctorBTC [~DoctorBTC@unaffiliated/doctorbtc] has quit [Ping timeout: 244 seconds]
18:38 -!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has joined #bitcoin-wizards
18:39 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
18:39 -!- DoctorBTC [~DoctorBTC@unaffiliated/doctorbtc] has joined #bitcoin-wizards
18:42 -!- RoboTeddy [~roboteddy@c-67-180-192-179.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
18:42 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has joined #bitcoin-wizards
18:44 -!- nuke_ [~nuke@178-11-134.dynamic.cyta.gr] has joined #bitcoin-wizards
18:47 -!- RoboTeddy [~roboteddy@2601:9:3483:2400:c81c:a250:4391:d1b0] has quit [Ping timeout: 265 seconds]
18:57 -!- TechGhost420 [~kvirc@rrcs-71-43-208-2.se.biz.rr.com] has quit [Ping timeout: 264 seconds]
19:06 -!- RoboTeddy [~roboteddy@c-67-188-40-206.hsd1.ca.comcast.net] has joined #bitcoin-wizards
19:10 -!- TechGhost420 [~kvirc@209.99.2.222] has joined #bitcoin-wizards
19:10 -!- NomosOne [~NomosOne@pool-71-178-107-61.washdc.east.verizon.net] has quit [Remote host closed the connection]
19:15 < kanzure> if there was a way to hash the set of consensus rules, it would be interesting to vanity grind on those rules until the hash function spits out a string that starts with bitcoin
19:16 < kanzure> er, just as an amusing way to communicate your intent when you talk about a consensus rule set, instead of just saying "bitcoin" you would be communicating the exact rule set you are specifically referring to, at least in as much as collisions haven't been found or might be difficult to create through that scheme
19:16 <@gmaxwell> kanzure: hah, I've joked before that the consensus rules should be hashed and we should have named the system the hash.
19:17 <@gmaxwell> :P
19:17 < kanzure> i stumbled into this idea over dinner with andytoshi so he might have primed me and you might have primed him
19:17 < kanzure> so this might be your idea....
19:19 <@gmaxwell> A better version, I don't think that I considered grinding it.
19:19 < kanzure> well also, what exactly would be hashed? :\
19:19 < kanzure> if this was cellular automata perhaps the answer would be more obvious
19:19 <@gmaxwell> One might observe that the hash of the genesis block is considerably lower than one would expect for the threshold difficiulty.
19:20 <@gmaxwell> kanzure: the bytecode of the consensus rules. I've previously proposed we should be moving all the consensus rules into a bytecode with a very simple interpeter.
19:20 <@gmaxwell> This is part of where the interest in moxie comes from.
19:21 < kanzure> but what about things like highest block picking rules
19:21 < kanzure> surely that is important enough to go into the hash thing?
19:21 <@gmaxwell> that could be inside it as well.
19:21 <@andytoshi> i was thinking to vanity-grind some moxie no-ops, but actually changing the rules is a neat idea
19:22 < kanzure> i'm also not sure what to do about updates and bugfixes. you could grind some more until you hit on some bogus rules or no-ops that allow you to get "BITCOIN" but then what... just because it says "BITCOIN" does not mean this variant is bitcoin compatible or a good idea at all :)
19:24 < kanzure> i guess the ultimate dream is some proof of bitcoin compatibility, and then any statement that can be proven is (by definition of the proof system) definitely bitcoin-compatible?
19:24 < kanzure> and then you grind on those statements
19:24 <@gmaxwell> obviously one must define the hash function such that the first version says bitcoin trivially, and future versions can only be hashed by asking the prior version to hash them, and the prior version only lets them hash to bitcoin if you burned a lot of bitcoin to create then new version.
19:24 < kanzure> hah proof of burn. okay.
19:27 <@gmaxwell> e.g. it's a certitifcate chain where each version authenticates its successor.
19:29 < kanzure> so you can only reduce bitcoin-compatibility going forward?
19:30 < kanzure> huh i don't know why i asked that. i had a good reason to think there was some sort of "convergence", but i've lost it.
19:30 -!- roconnor [~roconnor@e120-pool-d89a63c0.brdbnd.voicenetwork.ca] has joined #bitcoin-wizards
19:30 < kanzure> also what about competing forks where both same-depth versions had same BTC amounts burned and are both valid ?
19:31 -!- atgreen [~user@CPE687f74122463-CM84948c2e0610.cpe.net.cable.rogers.com] has quit [Read error: Connection reset by peer]
19:31 <@gmaxwell> well I wasn't saying that such a mechenism was sufficient.
19:31 -!- atgreen [~user@CPE687f74122463-CM84948c2e0610.cpe.net.cable.rogers.com] has joined #bitcoin-wizards
19:33 < kanzure> anyway yes i agree that instead of going for "BITCOIN" it should just be whatever the original hash turns out to be
19:49 -!- waxwing [waxwing@gateway/vpn/mullvad/x-qbwjrjikomadlnog] has quit [Quit: Leaving]
19:51 -!- MoALTz_ [~no@user-109-243-165-112.play-internet.pl] has joined #bitcoin-wizards
19:52 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
19:54 -!- MoALTz [~no@user-109-243-165-112.play-internet.pl] has quit [Ping timeout: 265 seconds]
19:58 -!- eslbaer_ [~eslbaer@p548A4B5D.dip0.t-ipconnect.de] has joined #bitcoin-wizards
20:01 -!- eslbaer [~eslbaer@p579E9D7B.dip0.t-ipconnect.de] has quit [Ping timeout: 256 seconds]
20:08 -!- tacotime [~mashkeys@198.52.200.63] has quit [Ping timeout: 264 seconds]
20:12 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has quit [Ping timeout: 265 seconds]
20:13 -!- TheSeven [~quassel@rockbox/developer/TheSeven] has joined #bitcoin-wizards
20:25 -!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has quit [Quit: Leaving.]
20:30 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
20:32 -!- yamamushi [~yamamushi@opentransactions/dev/yamamushi] has joined #bitcoin-wizards
20:34 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
20:38 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]
20:40 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
20:44 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]
20:45 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
20:46 < nullbyte> 
20:46 -!- thrasher` [~thrasher@27-33-27-140.static.tpgi.com.au] has joined #bitcoin-wizards
20:51 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
20:53 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has joined #bitcoin-wizards
20:54 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has quit [Ping timeout: 250 seconds]
20:56 -!- orik [~orik@50-46-132-219.evrt.wa.frontiernet.net] has quit [Client Quit]
20:56 -!- adlai [~Adlai@gateway/tor-sasl/adlai] has joined #bitcoin-wizards
20:57 -!- devrandom [~devrandom@gateway/tor-sasl/niftyzero1] has quit [Quit: leaving]
20:58 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
21:00 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
21:15 -!- faraka [49cc4c7f@gateway/web/freenode/ip.73.204.76.127] has joined #bitcoin-wizards
21:17 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
21:20 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
21:21 -!- gsdgdfs [Transisto@213.179.213.145] has joined #bitcoin-wizards
21:23 -!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has quit [Ping timeout: 255 seconds]
21:23 -!- koshii [~0@node-9x6.pool-101-108.dynamic.totbb.net] has joined #bitcoin-wizards
21:24 -!- koshii [~0@node-9x6.pool-101-108.dynamic.totbb.net] has quit [Client Quit]
21:27 -!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has quit [Remote host closed the connection]
21:27 -!- nullbits [32737ea5@gateway/web/freenode/ip.50.115.126.165] has joined #bitcoin-wizards
21:30 -!- tacotime [~mashkeys@198.52.200.63] has joined #bitcoin-wizards
21:34 -!- TechGhost420 [~kvirc@209.99.2.222] has quit [Quit: KVIrc 4.2.0 Equilibrium http://www.kvirc.net/]
21:35 -!- copumpkin [~copumpkin@unaffiliated/copumpkin] has joined #bitcoin-wizards
21:38 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
21:40 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
21:40 -!- faraka [49cc4c7f@gateway/web/freenode/ip.73.204.76.127] has quit [Ping timeout: 246 seconds]
21:50 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
21:52 -!- Transisto [~Trans@modemcable026.188-59-74.mc.videotron.ca] has joined #bitcoin-wizards
21:53 -!- gsdgdfs [Transisto@213.179.213.145] has quit [Ping timeout: 244 seconds]
22:24 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
22:28 -!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has joined #bitcoin-wizards
22:29 -!- bendavenport [~bpd@c-50-131-42-132.hsd1.ca.comcast.net] has joined #bitcoin-wizards
22:29 -!- drawingthesun [~drawingth@106-68-79-97.dyn.iinet.net.au] has joined #bitcoin-wizards
22:29 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
22:30 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
22:33 -!- drawingthesun [~drawingth@106-68-79-97.dyn.iinet.net.au] has quit [Client Quit]
22:36 -!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has quit [Ping timeout: 252 seconds]
22:40 -!- eslbaer_ [~eslbaer@p548A4B5D.dip0.t-ipconnect.de] has quit [Ping timeout: 264 seconds]
22:47 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
22:47 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
23:19 -!- nullbits [32737ea5@gateway/web/freenode/ip.50.115.126.165] has quit [Ping timeout: 246 seconds]
23:20 -!- user7779078 [~user77790@ool-4354b720.dyn.optonline.net] has quit [Remote host closed the connection]
23:21 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Quit: bvu]
23:24 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
23:28 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Client Quit]
23:33 -!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has joined #bitcoin-wizards
23:38 -!- vmatekole [~vmatekole@e180174225.adsl.alicedsl.de] has quit [Ping timeout: 264 seconds]
23:39 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
23:41 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has quit [Client Quit]
23:42 -!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:f902:fc51:6034:a88c] has joined #bitcoin-wizards
23:43 -!- bvu [~bvu@cpepool9cmts2-62.sanbrunocable.com] has joined #bitcoin-wizards
23:49 -!- ryanxcharles [~ryanxchar@2601:9:4680:dd0:f902:fc51:6034:a88c] has quit [Ping timeout: 265 seconds]
23:53 -!- paveljanik [~paveljani@unaffiliated/paveljanik] has joined #bitcoin-wizards
23:58 -!- eslbaer_ [~eslbaer@p548A4B5D.dip0.t-ipconnect.de] has joined #bitcoin-wizards
--- Log closed Sat Jan 10 00:00:18 2015