Mike Perry transcribed 6.0K bytes: > Thomas White: > > Hmmm... appears to be have been upgraded since I last checked then > > (which was only a few weeks ago!). Nicely done oniontip. I stand > > corrected. > > Well, my original ask was for everyone to be able to verify that all > 12.36 BTC that oniontip has received (as of right now) has actually been > distributed how the users have asked. Mike Perry and I took a look at the Oniontip codebase this afternoon. The primary concern was with respect to the `ONIONTIP_BITCOIN_PUBLIC_SEED` in your payment verification script, [0] which is passed to the `bitcoin.electrum_address()` function. [1] The `bitcoin.electrum_address()` function is meant to take what they call a "masterkey". [2] (Check out that `crack_electrum_wallet()` function right beneath it!) It appears as if `electrum_address()` is merely a thin wrapper around `electrum_pubkey()` [3] which generates a new private key with the incremented counter, concatenating it with the "masterkey", taking the sha256 of that, and then generating the key by doing a (really crappily implemented, IMO) elliptic curve scalar multiplication of the (public, in the `bitcoin` module source code [4]) group generator times the private key, then shoving it into `privkey_to_pubkey()` to get the address. [5] Because all of these one-way functions are computable if one knows the original "masterkey" plus the incremented counter, this means that anyone who knows the `ONIONTIP_BITCOIN_PUBLIC_SEED` can generate all your private keys. If you plan to keep using that Electrum API, you should regenerate that `ONIONTIP_BITCOIN_PUBLIC_SEED` and keep it secret. [0]: https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py#L12 [1]: https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py#L30 [2]: https://github.com/vbuterin/pybitcointools/blob/fa9856fede9e601c4b9f5ed75f11f899c02a51a3/bitcoin/deterministic.py#L48 [3]: https://github.com/vbuterin/pybitcointools/blob/fa9856fede9e601c4b9f5ed75f11f899c02a51a3/bitcoin/deterministic.py#L34 [4]: https://github.com/vbuterin/pybitcointools/blob/master/bitcoin/main.py#L20 [5]: https://github.com/vbuterin/pybitcointools/blob/master/bitcoin/main.py#L342 -- ââ isis agora lovecruft _________________________________________________________ GPG: 4096R/A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays