Re: [Bitcoin-development] Proposal to replace BIP0039

2013-11-02 Thread Thomas Voegtlin

Le 31/10/2013 12:18, slush a écrit :
 Oh, I forgot to one practical aspect; the way how the mnemonic is 
 mined in Thomas proposal prevents usage in embedded devices, because 
 difficulty of generating proper mnemonic is simply too high for 
 embedded microcontrollers. Maybe this can be solved somehow by 
 modifying the proposal, but right now it is a showstopper for us.



even if metadata is only 8 bits ? (that's about 256 hashes)


--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Hannu Kotipalo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02.11.2013 15:02, Mike Hearn wrote:
 
 http://pilif.github.io/2008/05/why-is-nobody-using-ssl-client-certificates/

 
Maybe this is a bit off-topic, but the *real* answer to the question
why-is-nobody-using-ssl-client-certificates is that it would force
www pages to be encrypted and would make it a lot more difficult for
NSA to log www-trafic. So they have been made not-user-friendly by
default.

But what you think about this:
White paper on passwordless secure login (based on bitcoin/bitmessage
technology)
https://bitcointalk.org/index.php?topic=323360.0

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJ0+/cACgkQvafo1Ths1Sw5FwCgxdJB/lazDzxRos1ogSfJQo0V
El4AnjyHxWjOXG6qjcTcWvccty+03xRa
=BikE
-END PGP SIGNATURE-

--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Mike Hearn
Guys, identity systems for the web are off-topic for this list. Other than
the anonymous passports/SINs/fidelity bond ideas, Bitcoin doesn't have any
relevance to it.

On Sat, Nov 2, 2013 at 2:19 PM, Hannu Kotipalo hannu.kotip...@iki.fiwrote:

 Maybe this is a bit off-topic, but the *real* answer to the question
 why-is-nobody-using-ssl-client-certificates is that it would force
 www pages to be encrypted and would make it a lot more difficult for
 NSA to log www-trafic.


No, it wouldn't. You can log a user in using SSL and then redirect the user
back to an encrypted page, using cookies for the rest of the session.
Please don't clutter up this list with conspiracy theories. The brutal
reality is that identity is a hard problem.
--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Melvin Carvalho
On 2 November 2013 17:26, Mike Hearn m...@plan99.net wrote:

 Guys, identity systems for the web are off-topic for this list. Other than
 the anonymous passports/SINs/fidelity bond ideas, Bitcoin doesn't have any
 relevance to it.

 On Sat, Nov 2, 2013 at 2:19 PM, Hannu Kotipalo hannu.kotip...@iki.fiwrote:

 Maybe this is a bit off-topic, but the *real* answer to the question
 why-is-nobody-using-ssl-client-certificates is that it would force
 www pages to be encrypted and would make it a lot more difficult for
 NSA to log www-trafic.


 No, it wouldn't. You can log a user in using SSL and then redirect the
 user back to an encrypted page, using cookies for the rest of the session.
 Please don't clutter up this list with conspiracy theories. The brutal
 reality is that identity is a hard problem.


Identity need not be a hard problem.  In my view it is a solved problem.

You have a real world entity translated to a digital format.  Yes that can
be slightly ambiguous at time, naming is hard, and people do get this wrong
frequently.

The most common problem is to name something in a way that does not scale.
The solution to this problem is rather easy, and that is to use a URI to
name something, which makes it global and scalable.

In the case of bitcoin you could have use the bitcion URI scheme

bitcion:1fhdjkfhjksf...




 --
 Android is increasing in popularity, but the open development platform that
 developers love is also attractive to malware creators. Download this white
 paper to learn more about secure code signing practices that can help keep
 Android apps secure.
 http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk
 ___
 Bitcoin-development mailing list
 Bitcoin-development@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/bitcoin-development


--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Jeff Garzik
On Sat, Nov 2, 2013 at 12:52 PM, Melvin Carvalho
melvincarva...@gmail.com wrote:
 Identity need not be a hard problem.  In my view it is a solved problem.


Yes:  https://en.bitcoin.it/wiki/Identity_protocol_v1

--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Johnathan Corgan
On 11/01/2013 10:01 PM, bitcoingr...@gmx.com wrote:

 Server provides a token for the client to sign.

Anyone else concerned about signing an arbitrary string?  Could be a
hash of $EVIL_DOCUMENT, no?  I'd want to XOR the string with my own
randomly generated nonce, sign that, then pass the nonce and the
signature back to the server for verification.

-- 
Johnathan Corgan, Corgan Labs
SDR Training and Development Services
http://corganlabs.com
attachment: johnathan.vcf

signature.asc
Description: OpenPGP digital signature
--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Mark Friedenbach
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Or SIGHASH of a transaction spending those coins or updating the SIN...

On 11/2/13 2:14 PM, Johnathan Corgan wrote: On 11/01/2013 10:01 PM,
bitcoingr...@gmx.com wrote:
 
 Server provides a token for the client to sign.
 
 Anyone else concerned about signing an arbitrary string?  Could be
 a hash of $EVIL_DOCUMENT, no?  I'd want to XOR the string with my
 own randomly generated nonce, sign that, then pass the nonce and
 the signature back to the server for verification.
 
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSdXPaAAoJEAdzVfsmodw4+m8P/1Ce/PwZOYfiFuFJ8pmT2tb2
ro7tw7zSr12RSTvs+qRl7lDzJzQ6BDXOdXZCkcU0Vj3TDm8fdrrXN/iw3iQYU/5Y
3K7hj2mGqQUMovCLw0CbrMWrMvor7FhO6MZsRwe0+VxDV/dDrX5f5vSEhnkR26be
NrzOFU4hqGM3R4eLq8Bmw5rVD/VCrRzKoXXAvJb1EwM1+fQPjKi+bNMJu3reyfXU
5eMbbiM6tUMmPXy9M6vZrN+6ad53x3KUVP6+/hXxsrnfPp57WQzRZlvwTo/qdJ1C
Oxl71m6o2zkXbLTFmg1xmK/A4V1BPTLD6nLDIsw+wTBBfdn22pfDv6Q8d3VRctrd
6x+PMkwysoMjhemmkXCY/7G9GD6AGsrYSqIShSULd9QO5WxAFzRO01ewiRUCUFHi
Dn0LEjy8/R/CWK3jvj9uL3vQh9DLdOtqf/X7cEtjF3LThVP+stFTsmXObhTh/8Ai
YYjpnwOFG5ZtDzRZfP3OCwyhqlsaMlNgN4xnyR4GPaoJRP3a0zllblIbTWzg6nhY
jbON5Ec9N9txGhagYOoAvcQYqGyJdffkBzW82CRUsFYuYYmW2oLUQXPhAGDBIzzj
g/7RjMlM1OEp3qctxMZQlrTj7VJmhD768PRLh2XvEDmEC5Qb8Tcq28Nq5t85/O/6
i3+pzT5rMuiIZWLx7Msv
=tAUY
-END PGP SIGNATURE-

--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Allen Piscitello
This was one of my concerns when implementing a scheme where you sign a
refund transaction before the original transaction is broadcast.  I
originally tried to pass a hash and have the server sign it.  However, I
had no way to know that what I was signing wasn't a transaction that was
spending my coins!  So I changed the code to require sending the full
transaction, not just the hash.  The other way to mitigate this is through
not having any unspent outputs from this key.

For authentication, you could have both a user-generated and
server-generated portion, so that you signed something that clearly had
data from you, so even if the server-data was a hash of $EVIL_DOCUMENT, you
have clear plausible deniability in that your data that is also signed is
ATTEMPTING LOGIN TO XYZ.COM Hash($EVIL_DOCUMENT).


On Sat, Nov 2, 2013 at 4:51 PM, Mark Friedenbach m...@monetize.io wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Or SIGHASH of a transaction spending those coins or updating the SIN...

 On 11/2/13 2:14 PM, Johnathan Corgan wrote: On 11/01/2013 10:01 PM,
 bitcoingr...@gmx.com wrote:
 
  Server provides a token for the client to sign.
 
  Anyone else concerned about signing an arbitrary string?  Could be
  a hash of $EVIL_DOCUMENT, no?  I'd want to XOR the string with my
  own randomly generated nonce, sign that, then pass the nonce and
  the signature back to the server for verification.
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBAgAGBQJSdXPaAAoJEAdzVfsmodw4+m8P/1Ce/PwZOYfiFuFJ8pmT2tb2
 ro7tw7zSr12RSTvs+qRl7lDzJzQ6BDXOdXZCkcU0Vj3TDm8fdrrXN/iw3iQYU/5Y
 3K7hj2mGqQUMovCLw0CbrMWrMvor7FhO6MZsRwe0+VxDV/dDrX5f5vSEhnkR26be
 NrzOFU4hqGM3R4eLq8Bmw5rVD/VCrRzKoXXAvJb1EwM1+fQPjKi+bNMJu3reyfXU
 5eMbbiM6tUMmPXy9M6vZrN+6ad53x3KUVP6+/hXxsrnfPp57WQzRZlvwTo/qdJ1C
 Oxl71m6o2zkXbLTFmg1xmK/A4V1BPTLD6nLDIsw+wTBBfdn22pfDv6Q8d3VRctrd
 6x+PMkwysoMjhemmkXCY/7G9GD6AGsrYSqIShSULd9QO5WxAFzRO01ewiRUCUFHi
 Dn0LEjy8/R/CWK3jvj9uL3vQh9DLdOtqf/X7cEtjF3LThVP+stFTsmXObhTh/8Ai
 YYjpnwOFG5ZtDzRZfP3OCwyhqlsaMlNgN4xnyR4GPaoJRP3a0zllblIbTWzg6nhY
 jbON5Ec9N9txGhagYOoAvcQYqGyJdffkBzW82CRUsFYuYYmW2oLUQXPhAGDBIzzj
 g/7RjMlM1OEp3qctxMZQlrTj7VJmhD768PRLh2XvEDmEC5Qb8Tcq28Nq5t85/O/6
 i3+pzT5rMuiIZWLx7Msv
 =tAUY
 -END PGP SIGNATURE-


 --
 Android is increasing in popularity, but the open development platform that
 developers love is also attractive to malware creators. Download this white
 paper to learn more about secure code signing practices that can help keep
 Android apps secure.
 http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk
 ___
 Bitcoin-development mailing list
 Bitcoin-development@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/bitcoin-development

--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Luke-Jr
On Sunday, November 03, 2013 1:19:51 AM Allen Piscitello wrote:
 I actually had a use case in my case where it was possible, and that was
 the check I used to get around it, just configured it so that I always
 generated a new key when I needed to set up a 2 of 2 Multisig Refund Tx.
  It was either that or making sure I had no unspent outputs.  The use case
 of doing it was laziness in just creating a single key.

Use cases mean an actual use, not mere laziness. Bitcoin as a system has 
always required a unique EC key (and address) for each transaction.

Luke

--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk
___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development


Re: [Bitcoin-development] Message Signing based authentication

2013-11-02 Thread Allen Piscitello
Required vs. strongly recommended is an important distinction.  Satoshi
Dice reuses EC Keys for every single transaction.  Exchanges will have the
same address you deposit in over and over, which gets reused.  This is a
best practice argument rather than a protocol requirement.


On Sat, Nov 2, 2013 at 8:27 PM, Luke-Jr l...@dashjr.org wrote:

 On Sunday, November 03, 2013 1:19:51 AM Allen Piscitello wrote:
  I actually had a use case in my case where it was possible, and that was
  the check I used to get around it, just configured it so that I always
  generated a new key when I needed to set up a 2 of 2 Multisig Refund Tx.
   It was either that or making sure I had no unspent outputs.  The use
 case
  of doing it was laziness in just creating a single key.

 Use cases mean an actual use, not mere laziness. Bitcoin as a system has
 always required a unique EC key (and address) for each transaction.

 Luke

--
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk___
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development