Search content
Sort by
Showing 17 of 17 results by BitFanatic
Re: Goldman Sachs Involved in project Ethereum... ARE YOU F... KIDDING ME
So what is a couple of their developers worked at Goldman Sachs?
Goldman Sachs hires some of the most talented folk in the industry and so having them on board with Ethereum now is a big win.
Goldman's are almost certainly not involved in this project - just some of their ex employees.
Goldman Sachs hires some of the most talented folk in the industry and so having them on board with Ethereum now is a big win.
Goldman's are almost certainly not involved in this project - just some of their ex employees.
Re: Neo EasyCoin Official - Buy BTC With Cash [UK,USA,Russia,Denmark,Sweden,Norway]
Not at all. Easy coin never had exclusivity.
So what EasyCoin had if not exclusivity? Whats left?
Our operations hinge in no way on one payment processor. EasyCoin hopes to provide the widest choice of top-up methods and selection of crypto currencies.
Would you be able to expand on the relationship you do have with ZipZap and other payment processors?
Re: Neo EasyCoin Official - Buy BTC With Cash [UK,USA,Russia,Denmark,Sweden,Norway]
EasyCoin is still undergoing the BETA phase of testing in some jurisdictions as we continue to add payment options for varying jurisdictions.
EasyCoin will have a delayed roll out in the US, this is due to awaiting the written clarification from FinCEN with regards to the basis of license requirements for our specific operation. This is unfortunate in the short term, however having these clarifications in writing will benefit the long term operations.
Availability in the UK will be online once the payment service provider goes online there, the same applies for Norway, Denmark, Sweden and Russia. We are working closely with other payment service providers to enable the platform to become available in other jurisdictions throughout Europe and the Rest of the World.
We offer apologies to those BETA testers and the wider public who are awaiting the commencement of operations in the US.
EasyCoin will have a delayed roll out in the US, this is due to awaiting the written clarification from FinCEN with regards to the basis of license requirements for our specific operation. This is unfortunate in the short term, however having these clarifications in writing will benefit the long term operations.
Availability in the UK will be online once the payment service provider goes online there, the same applies for Norway, Denmark, Sweden and Russia. We are working closely with other payment service providers to enable the platform to become available in other jurisdictions throughout Europe and the Rest of the World.
We offer apologies to those BETA testers and the wider public who are awaiting the commencement of operations in the US.
With ZipZaps recent release of cashcoin (http://cashcoin.zipzapinc.com/) what is happening with easycoin now?
Has your involvement with ZipZap been lost?
Re: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key
Thanks for your responses and all your work on bitaddress.org.
I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?
I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?
There are no dependencies so you'll only need the html file.
Thanks for the response -- can pointbiz confirm this?
Single out the html file on your own and run it in your browser and you'll see that it still works the same
Re: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key
Thanks for your responses and all your work on bitaddress.org.
I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?
I'm getting ready to generate a batch of public-private key pairs for long term cold storage. If I boot my system to an Ubuntu LiveCD, can I just use the bitaddress.org .html file by itself, or do I need to include the other java-related files to generate functional, secure key pairs?
There are no dependencies so you'll only need the html file.
Re: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key
I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?
Why would it be? Entropy is not 'used up'. Recreating the object won't save you if you don't have enough entropy.
In fact in bitaddress.org a small amount entropy is constantly added with every mouse move, mouse click and key press.
Code:
edit3: On further inspection I've found this is not true. Even though seedTime() is invoked, the entropy is not added to the PRNG used to create private keys. There is a TODO in the source about reseeding so the author has this in mind.
Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:
while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
t = Math.floor(65536 * Math.random());
sr.pool[sr.pptr++] = t >>> 8;
sr.pool[sr.pptr++] = t & 255;
}
What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.
Thanks!
while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
t = Math.floor(65536 * Math.random());
sr.pool[sr.pptr++] = t >>> 8;
sr.pool[sr.pptr++] = t & 255;
}
What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.
Thanks!
It's pretty clear to me that the code is like this to extract two bytes from each call of Math.random()
So the first line in that loop creates a random number in the range [0, 65536) which is the standard 16 bit range.
The next line with the right shift by 8 adds the upper 8 bits to the sr.pool array, the line after that adds the lower 8 bits to the sr.pool array.
I'm not too sure why the author doesn't extract one byte at a time. Although I'm pretty confident it won't steal your bitcoins doing it either way.
Code:
while (sr.pptr < sr.poolSize) {
sr.pool[sr.pptr++] = Math.floor(256 * Math.random());
}
sr.pool[sr.pptr++] = Math.floor(256 * Math.random());
}
Soon enough, all these fears can be rested when something like this is added. I imagine a nice text entry box where the user can type in anything they like. I'll be extracting randomness from /dev/random on my LiveCD and copypasting the result into the text entry box.
Other paranoid people might be taking a photo with their hand covering the camera, since the fluctuations on the CCDs are a good source of randomness. Others might even download from random.org
edit: needless to say you could do that now by modifying the source. Add this to the code right after sr.seedInt(window.screenY); when sr is initialised.
Code:
secret_seed = "372f7e2fd2d01ce2a1d71dc072acbba4c6fd25a1087cd7f153f4ec0ce37e1ede"
for (t = 0; t < secret_seed.length; ++t) {
sr.pool[sr.pptr++] ^= secret_seed.charCodeAt(t) & 255;
if (sr.pptr >= sr.poolSize) sr.pptr -= sr.poolSize;
}
for (t = 0; t < secret_seed.length; ++t) {
sr.pool[sr.pptr++] ^= secret_seed.charCodeAt(t) & 255;
if (sr.pptr >= sr.poolSize) sr.pptr -= sr.poolSize;
}
Then put whatever you want into secret_seed and that entropy will be added to the RNG.
I'm not responsible for any loss of bitcoins. Peer review of my code happily accepted.
edit2: for completeness I'd run this on the terminal to obtain 16 bytes (128 bits) of entropy.
Code:
cat /dev/random | head -c 16 | sha256sum
This is extremely helpful. Thanks for clearing this up yakov, I have sent you a little donation
I don't understand the code well enough to answer your specific concern.
My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.
Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.
I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/
My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.
Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.
I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/
Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas?
I replied this same info on the main bitaddress.org thread about 12 hours ago but am yet to get a response.
Disclaimer: I am no expert especially with Javascript.
I have been digging through the bitaddress.org code and I have a couple of concerns in generating the paper wallet addresses.
I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?
Let me show this with screenshot.
http://i.imgur.com/96ppaNM.jpg
So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?
Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:
while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
t = Math.floor(65536 * Math.random());
sr.pool[sr.pptr++] = t >>> 8;
sr.pool[sr.pptr++] = t & 255;
}
What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.
Thanks!
Disclaimer: I am no expert especially with Javascript.
I have been digging through the bitaddress.org code and I have a couple of concerns in generating the paper wallet addresses.
I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?
Let me show this with screenshot.
http://i.imgur.com/96ppaNM.jpg
So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?
Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:
while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
t = Math.floor(65536 * Math.random());
sr.pool[sr.pptr++] = t >>> 8;
sr.pool[sr.pptr++] = t & 255;
}
What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.
Thanks!
Re: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key
Disclaimer: I am no expert especially with Javascript.
I have been digging through the bitaddress.org code and I have a couple of concerns in generating the paper wallet addresses.
I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?
Let me show this with screenshot.
http://i.imgur.com/96ppaNM.jpg
So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?
Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:
while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
t = Math.floor(65536 * Math.random());
sr.pool[sr.pptr++] = t >>> 8;
sr.pool[sr.pptr++] = t & 255;
}
What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.
Thanks!
I have been digging through the bitaddress.org code and I have a couple of concerns in generating the paper wallet addresses.
I've noticed that on the paper wallet page you have the option to choose how many wallets you wish to create. The problem is that the "random" secureRandom object is used for ALL of the wallets which you create on that page. Why is the object not refreshed on each wallet creation?
Let me show this with screenshot.
http://i.imgur.com/96ppaNM.jpg
So this random object value is used for ALL of the wallets when creating them in bulk. Surely the secureRandom should be recreated for each wallet?
Also please could somebody explain this bit of logic for randomising the 256 digits in this bit of code:
while (sr.pptr < sr.poolSize) { // extract some randomness from Math.random()
t = Math.floor(65536 * Math.random());
sr.pool[sr.pptr++] = t >>> 8;
sr.pool[sr.pptr++] = t & 255;
}
What is the reasoning of the bitand and the >>> 8? Couldn't this be a bit shift to a different integer? Why 8? Please explain to me.
Thanks!
Great tool - incredibly useful!
I am currently importing a large amount of addresses via csv file.
Are there any stats/info on how long it takes for say every thousand addresses imported?
Thanks I am currently importing a large amount of addresses via csv file.
Are there any stats/info on how long it takes for say every thousand addresses imported?
If you have any comments/suggestions/critics I'd be happy
It would be nice to have some sort of progress bar when executing larger tasks.
I'm still importing the massive csv file - but no idea how much longer it's going to take or if it has frozen.
Edit:
Infact you could add that quite easily - I just checked the dir with wallet.dat and can see that it is still increasing in size which means that the job has not frozen.
wallet.dat is now 80mb - I wonder how big it will get!
Honestly, If you have to post questions all across the internet to learn how to secure your system, then a BitCoin gambling site may not be for you.
If I was programming a bitcoin gambling site I wouldn't share any of my sites inner workings anywhere online.
I would suggest asking specific questions such as, What is the benefits of writing to my database using PDO vs mysqli or mysql?
The other thing you could do is hire a professional to come in and secure your system for you.
Good luck.
If I was programming a bitcoin gambling site I wouldn't share any of my sites inner workings anywhere online.
I would suggest asking specific questions such as, What is the benefits of writing to my database using PDO vs mysqli or mysql?
The other thing you could do is hire a professional to come in and secure your system for you.
Good luck.
Thanks for the comments - I am asking at a high level as I want to make sure that this is as secure as possible.
The advice of hiring a professional is certainly something I am considering but this in itself poses risks!
Posting the questions isn't for learning - but deciding on the best approach. I am not new to computer security but this is my first Bitcoin related project.
Great tool - incredibly useful!
I am currently importing a large amount of addresses via csv file.
Are there any stats/info on how long it takes for say every thousand addresses imported?
I am currently importing a large amount of addresses via csv file.
Are there any stats/info on how long it takes for say every thousand addresses imported?
Well that's simple enough, just take the low-order bits. For your application you may or may not require a salt.
The idea works; whether it is a good idea or not depends on your application.
The idea works; whether it is a good idea or not depends on your application.
It will be coming soon!
It's a gambling based game that I want to be as fair and transparent as possible.
You might want to take the hash of the block and concatenate it with some arbitrary string, then hash it once more to get more randomness. A block hash alone has a bias towards lower numbers.
What's the reason behind the bias to lower numbers with a block hash?
When a new Bitcoin block is mined, a hash of the solution is released.
E.g. Latest block hash: 000000000000007f27d49d588367eee58184bc720e8fcf653b415e808dbe6450
How possible/safe would it be to use these numbers as a secure/verifiable random result?
For example in a raffle type game, could the numbers quite safely be taken from the block hash and be considered random?
Surely unless the SHA-256 hash function broke this would be fine?
Thanks
E.g. Latest block hash: 000000000000007f27d49d588367eee58184bc720e8fcf653b415e808dbe6450
How possible/safe would it be to use these numbers as a secure/verifiable random result?
For example in a raffle type game, could the numbers quite safely be taken from the block hash and be considered random?
Surely unless the SHA-256 hash function broke this would be fine?
Thanks
EDIT: secure implementation decided thanks for the help!
Potential alternative option:
. Lightweight app on web which communicates directly to a database.
. Database holds a big list of readily created "receive addresses" by a wallet held off server.
. Off server process runs on my PC continuously checking the database for "work".
This approach is probably a lot safer and would also remove the need for a dedicated server. The downsides would be having to run a PC 24-7 at home which constantly checks for work. The off server process would create more addresses when needed and add them to the database (remotely). It would also send out bitcoins to winners and transfer the bulk of BTC to an offline wallet.
What would you say is the best approach? Regardless of implementation there will be a "hot wallet" and "cold wallet".
Potential alternative option:
. Lightweight app on web which communicates directly to a database.
. Database holds a big list of readily created "receive addresses" by a wallet held off server.
. Off server process runs on my PC continuously checking the database for "work".
This approach is probably a lot safer and would also remove the need for a dedicated server. The downsides would be having to run a PC 24-7 at home which constantly checks for work. The off server process would create more addresses when needed and add them to the database (remotely). It would also send out bitcoins to winners and transfer the bulk of BTC to an offline wallet.
What would you say is the best approach? Regardless of implementation there will be a "hot wallet" and "cold wallet".
I am a developer currently working on a Bitcoin related project.
I don't want to give full details of the project but it is essentially going to be a gambling/raffle based game.
I'd like full access so that I can receive some advice/guidance on my current security plan.
I want to ensure that everything is as secure as possible!
Thanks
I don't want to give full details of the project but it is essentially going to be a gambling/raffle based game.
I'd like full access so that I can receive some advice/guidance on my current security plan.
I want to ensure that everything is as secure as possible!
Thanks