Transcript for #bitcoin-dev 2017/07/31

01:13 danielmetlitski How does Bitcoin prevent someone modifying the key generation code to pick a specific address to generate a private key for?
01:25 ivan danielmetlitski: https://arstechnica.com/information-technology/2013/10/a-relatively-easy-to-understand-primer-on-...
01:26 ivan (or a better resource, there are a hundred)
01:26 danielmetlitski text wall
01:30 danielmetlitski an offline computer can generate a key
01:31 danielmetlitski that key can be used despite being generated offline
01:32 danielmetlitski and reverse engineering it to generate a private key for a non-random address is impossible??
01:35 danielmetlitski sorry d/c’d for a sec
01:36 danielmetlitski and since sha256 was cracked a long time ago, it still uses sha256?
01:38 achow101 danielmetlitski: sha256 wasn't "cracked"
01:40 danielmetlitski this is sha256, crack this its crackable
01:40 danielmetlitski 59b4dbb11c532b2590032e48a6165f754dab1a7a24f2d50b762e3891b9e2ab1f
01:40 danielmetlitski a surprise awaits
01:40 achow101 what do you mean by "crackable"?
01:41 achow101 preimage attack or collision attack?
01:41 danielmetlitski reverse this
01:41 danielmetlitski 59b4dbb11c532b2590032e48a6165f754dab1a7a24f2d50b762e3891b9e2ab1f
01:41 danielmetlitski i just used an online sha256 generator to make it
01:42 danielmetlitski if you are unable to reverse it, ill show u how
01:42 achow101 show me how
01:42 danielmetlitski https://md5hashing.net/hash
01:42 achow101 a lookup table does not mean that it was cracked
01:43 achow101 it just means that the site has a database of strings and their corresponding hashes
01:43 danielmetlitski my hash wasn’t pre-stored on that website
01:43 achow101 it is in fact not "crackable"
01:45 achow101 crack this then: 34e3a78f0142542197be9d6d9d4aac6e4c18f203e05cfc82c2d516829052942b
01:45 danielmetlitski http://jheusser.github.io/2013/02/03/satcoin.html
01:45 achow101 I bet you can't
01:46 danielmetlitski is it sha 256
01:46 achow101 yes
01:46 achow101 anyways, sha256 is unrelated to key generation
01:46 danielmetlitski what is used for key generation
01:46 achow101 a random number generator
01:47 achow101 and then EC math
01:47 danielmetlitski well the source code is public
01:47 achow101 so?
01:47 danielmetlitski can you change it to be non random
01:47 danielmetlitski say I wanted your wallet
01:47 achow101 sure, but only for one implementation. it isn't a network wide thing
01:47 danielmetlitski what
01:48 achow101 you can change your local implementation, but that won't effect anyone but you
01:48 danielmetlitski you can generate wallets offline that instantly with the bitcoin network
01:48 achow101 instantly _what_ with the bitcoin network?
01:48 danielmetlitski yes
01:49 danielmetlitski like right now, you can generate wallets offline for Bitcoin, the private keys and address are generated offline
01:49 achow101 yes
01:49 achow101 so?
01:49 danielmetlitski if I change my local implementation to choose specific numbers that correspond to a hot wallet
01:50 achow101 you don't know what numbers correspond to a hot wallet
01:50 danielmetlitski what prevents me from reversing it
01:50 achow101 you can't, unless you have compromised the wallet itself
01:50 achow101 how do you plan on reversing it?
01:50 danielmetlitski what do you mean compromised
01:50 danielmetlitski by changing the random number generator
01:51 achow101 the private keys are stored on that wallet. private keys cannot be derived from public keys (yet). public keys cannot be derived from addresses
01:51 achow101 they are all one way functions
01:51 danielmetlitski yes but you can edit functions
01:51 achow101 yes, you can decide to make your wallet choose a specific private key, but how do you know what that private keys is?
01:52 danielmetlitski how is it impossible to change it to generate specific things
01:52 achow101 all of that stuff happens locally wallet side and some of it is network consensus rules
01:52 achow101 so you can't change it unless you have access to the computer or you convince the other person to run software that you have written
01:52 danielmetlitski well the part I don’t understand is, is why is it impossible to reverse engineer this
01:52 danielmetlitski we have all the source code
01:53 achow101 it is impossible to reverse engineer it because the mathematics behind all of the crypto functions makes it so that it is impossible to do
01:53 achow101 it has nothing to do with source code; it's all properties of math
01:53 danielmetlitski I understand it’s “probability” and “encryption” but I want specifics
01:53 achow101 there is no encryption
01:54 danielmetlitski are you a dev achow101?
01:54 achow101 yes-ish
01:54 danielmetlitski cuz you can’t explain specifically what prevents it from being reverse engineered
01:55 danielmetlitski I’m not trying to hack people, I am doing my due dilligence on if bitcoin is a trully secure entity to hold my funds
01:55 achow101 it's cryptography that I don't quite remember the details of. cryptography and code implementation are different things
01:55 achow101 I work on things not related to cryptography
01:55 danielmetlitski grr so you have no clue what you are talking about >.<
01:56 achow101 no, i do, i just don't remember the specifics for ecdsa
01:56 danielmetlitski so what about SAT mining
01:59 danielmetlitski maybe I’ll try SAT mining on my S9’s and see if it’s still possible, has anyone done it yet?
02:08 achow101 danielmetlitski: you can't get private keys from public keys because of the discrete logarithm problem
02:09 danielmetlitski bruh it’s not even real numbers
02:09 achow101 ?
02:10 danielmetlitski The NSA has broken it
02:10 achow101 no. the NSA broke a random number generator that was based on elliptic curves
02:10 achow101 they did not break ECC itself
02:10 danielmetlitski they are able to break much of currency cryptography
02:10 danielmetlitski according 2 this
02:11 danielmetlitski https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
02:11 danielmetlitski u know what the NSA does right
02:11 achow101 diffie hellman is unrelated to this
02:12 danielmetlitski the reason the NSA are able to do it is the reason the US goes after people like Alexander Vinnik
02:13 danielmetlitski he’s gonna get to keep his money, go into witness protection, and work with the NSA to compromise even further
02:13 achow101 and now you're just trolling
02:14 danielmetlitski if you think that the US government doesn’t have the network key to BTC then you are the troll
02:15 achow101 "network key" wtf are you talking about? THere is no "network key". Clearly you don't understand how Bitcoin or cryptography works
02:16 danielmetlitski the source code repository and network alert key
02:16 achow101 the source code is on github
02:16 danielmetlitski he gave it to Gavin Andresen, a CIA operative
02:16 achow101 the alert system was dismantled
02:17 achow101 the alert system no longer works since every single node 0.14.0+ will broadcast to all nodes that still have the alert system (defined by having a certain protocol verison number) a final alert that cannot be overridden
02:17 danielmetlitski Nakamoto is clearly under witness protection, they let him keep his money but made him sell majority stake & hand over project access
02:17 achow101 the alert system doesn't even do anything anyways except display whatever message you want
02:18 achow101 gavin doesn't have access to the project anymore. his commit access was revoked
02:18 achow101 and satoshi was never involved with it on github as the move to github occured long after he left
02:20 danielmetlitski well no doubt but the US just kidnaps a Russian national in Greece who destabilized Bitcoin
02:21 danielmetlitski no vested interest?
18:20 nerdcore bitcoind requires Berkeley DB 4.8 for backward compatibility on wallets, right? What version would have used 4.8? I'd like to know if I need it or not while building a new version
18:20 nerdcore I don't know what bdb version my wallet is. How could I tell?
18:24 arubi `db_verify wallet.dat` will tell you if you have the 'db*-util' package
18:30 nerdcore arubi I do not seem to have a `db_verify` command installed
18:31 nerdcore I'd like to compile the latest code but I don't know whether I need bdb 4.8 or not
18:35 arubi nerdcore, you can use the depends system to build with all the proper libraries
18:36 arubi are you running linux?
18:37 nerdcore ah yes I recall something like that. Yes I am on Debian
18:37 nerdcore (I'm sure I did this correctly last year...)
18:39 arubi okay, so as long as you have these : "build-essential libtool autotools-dev automake pkg-config libssl-dev libevent-dev bsdmainutils" , you can then cd into the depends directory and run `make`
18:40 arubi then cd .. back to the root dir, and you can run something like `./configure --prefix="$PWD/depends/x86_64-pc-linux-gnu"`
18:40 arubi (if that's your "triplet")
18:40 arubi then `make` from the root directory will use the libs from the depends build
18:48 nerdcore riiiiight. thx. Is this documented somewhere? It's not obvious when you untar and the README points you to "doc/build-*.txt"
18:48 nerdcore (IMO)
18:50 arubi it's in build-unix.md and the README.md in ./depends
18:52 arubi yea I agree it's got a bit of "lore" in it. this process isn't described literally
19:04 nerdcore I've fired the depends make job. It'll take a while...
19:05 nerdcore it is a nice fast system but many of its CPU cores are busy folding proteins for dogecoin lol
19:06 arubi hehehe, gl
19:11 nerdcore I'm sure I've done this before, I just always forget to have bitcoind build its own dependencies first :(
19:11 nerdcore then link 'em
19:11 nerdcore thx for the tip
19:12 nerdcore i have an ubuntu 14.04 system where I built against system bdb-4.8 and it worked fine but there was no simple debian 8 pkg
19:13 arubi right, there's either the clean depends way, or add the ppa to apt. really it's great to have everything self contained in depends
19:14 nerdcore seems like this might, by chance, build a more stable binary. but that's just speculation