Brute forcing BM addr's

[chan] bitmessage
Jul 8 13:45

I generated 17,000 BM addr's in a couple hours using python. A C program could probably do millions or billions per hour on a GPU or ASIC setup. Are there any C gurus who want a challenge? We could run a CLI bitmessage address and chan generator in pure C, using only C libs, with multi core threading, and switches for every option. A few people running that for a few months might be able to brute force some addresses and get compatible keys. If collisions are not found in a few months of running, we could say the addressing scheme and its keys are presumable very secure. I could never do this with python. You can't brute force 2+2 with snakesoft. I shoulda learned C.

[chan] bitmessage
Jul 8 14:09

A hardware acceleration route may be the best (core) way to go. with carefully tuned bare metal coding for custom processor ops. Because the use of cryptographic grade hash standards and block/streaming ciphers capable of efficiently processing large quantities of wire transmitted data demands a very specific approach. Opposed to the (mis)uses as a chosen standard where highly assymetric time / computational overhead is desirable rather than undesirable All early crypto-coin implementations fall into this trap, to a greater or lesser extent Simply making huge loops of designed-for-efficiency algorithms in core functions is pretty typical until recently.

[chan] bitmessage
Jul 8 14:31

it wouldn't make any sense, because the probability of finding something is very very low but you could try to brute force peoples passphrases, which makes a lot more sense, and might actually work

[chan] bitmessage
Jul 8 14:48

Using a full UTF8 character set rather than legacy ASCII subset is also a game-changer .

Jul 8 15:22

I'm assuming you're using the p\Python vanity generator I wrote. Rewriting it in C won't matter, as I've posted in the past. Most of the processing time is spent in OpenSSL.EC_POINT_mul which is already written in C. The Python overhead surrounding this OpenSSL call is miniscule in comparision. Not worth it at all.

[chan] bitmessage
Jul 8 15:41

I use 160 char base64 passphrases from /dev/urandom. Good luck brute forcing that.

[chan] bitmessage
Jul 8 15:41

Yahamana ... Just a 10 char pwd in full UTF-8 pans out like this: {2^21} ^ {len(pwd)} ----------------------------------------------------- Using a full UTF8 character set rather than legacy ASCII subset is also a game-changer .

[chan] bitmessage
Jul 9 11:23

Watch out for combining them though - especially if using GUI copy paste operations. You'll get reminders about the difference between a code-point and a character when you mic 'em up radically. I'm having an interesting time (in the Chinese sense) with code in python2.7 where odd combinations of ass-backwards UTF8 right to left scripts mix up with regular left to right ones. In python strings and structures. Will probably do most of the final work in C structures anyway.

[chan] bitmessage
Jul 18 13:31

C is easy as fuck bro

[chan] bitmessage
Jul 18 13:34

Being "easy as fuck" doesn't matter when rewriting won't improve anything.

Jul 19 03:13

Assembler (On any target processors, with more than 1 millions of lines coded in my life) and C guru here. Yep. I have been thinking rewritting the whole thing in C but for now it's too much work for me, and it would be useless. The only missing thing that will make BitMessage really more secure and that will be able to truly restore anonymity is using the dedicated open-hardware open-core project, the BitMessage Secure Station.

[chan] bitmessage
Jul 19 03:31

Quit moaning about your hardware bla bla already. Close the curtains, put on your thinfoil hat and don't forget to take your pills

[chan] bitmessage
Jul 19 03:48

Easy to understand; yes; fast to code in; no. I can do a web browser in a couple dozen lines of python. Perhaps 50 thousand lines of C will get you the same thing.

[chan] bitmessage
Jul 19 06:54

Are there not any other crypto libraries that might improve the situation? libsecp56k1?

[chan] bitmessage
Jul 19 07:26

Do you have any arguments against Stman's, other than ad hominem? Assuming there are hidden hardware/flash/bios/etc channels, his idea seems quite reasonable to me, and the only safe and currently doable way to go. Do you have any proof there are no such channels? NB: a negative proof is quite difficult to do in a convincing way. If there aren't any and all of our off-the-shelf hardware is clean, Stman and his comrades will at least learn a lot about hardware while making that station, and that's a huge gain in itself.

[chan] bitmessage
Jul 19 08:38

(Not the original poster) The issue with Stman is, that he sounds like an advertisement stuck in a loop, plastering his project EVERYWHERE, even if it's not in any way related to the original question. The general idea he had, i.e. to design and build a more secure setup for bitmessage, is sound, but when he goes around, trying to smear it in everyone's face, he loses a LOT of credibility. And in this case, it's not even about bitmessage as a running node, but just a program to brute-force addresses, which doesn't profit from being more secure in any way.

Jul 19 11:26

Fuck you. As simple as that. FUCK YOU DEEPLY. You are a fucking crypto-fascist. Point. I will forward my open-hardware open-core project, even if you keep trying to trap me with all your fuckeries with mind control right ? Don't forget the scandal of my "antitrust" patent case. I know on which side you are. You are not only a true fascist, You are a fucking mafia model defender. And stop spying on me motherucker. You wil not win in the end, you will end in jail. ⬇︎

[chan] bitmessage
Jul 19 11:32

You could've done the mature thing and simply ignored his shitpost, but you chose to throw around words like "fascist" and other. This is most likely exactly what the other guy meant with "he loses a LOT of credibility". If your project actually reaches a point where it's usable and well accepted, that would speak for itself. But currently, you're only making yourself look like you just love to call people fascists, mafia and other shit. Concentrate on getting your project rolling, and stop shouting at trolls and making yourself look like a maniac.

Jul 19 11:36

Oh and I know who you are. Exactly. You are LKB. Shall I dox you ? Maybe it's what you want. It's what you deserv indeed. It would mean a true fascist spy less endangering humanity and global peace.

[chan] bitmessage
Jul 19 11:39

Ah, there he goes again, making the trolls laugh their ass off and making himself look like a nutjob.

Jul 19 11:46

You are right, I am loosing my time. I'll stop feeding him and his nazi spy club trolls.

[chan] bitmessage
Jul 19 13:13


[chan] bitmessage
Jul 21 18:23

Very true

Jul 21 18:57

I was also tempted to rewrite everything in C, but it won't fix anything new known. Peter Surda convinced me logicaly & easily it was stupid and energy lost doing so for the moment, as long as it will not solve anything new, but just improve performances a little bit, and current work with python + Qt is ok to me in terms of performance. Getting rid of Qt is another debate (What I have always feared with Qt are the possibility of having Qt Backdoored, but still, I consider Qt the best cross-platform meta-framework available on the market, because there are no performance degradation). Personnaly, my energy is much better spent on working on the BitMessage Secure Station Open-Core Open-Hardware stuff.

[chan] bitmessage
Jul 22 09:58

If you were serious about testing the security by attempting to brute force BM addresses, then it should be set up as a BOINC project. There have been a couple of projects like this in the past, such as HashClash and SHA-1 Collision Search Graz. A properly setup BOINC project would certainly attract several hundred users, and enough computing power to prove whether it is possible to brute force an address and get a compatible key.

[chan] bitmessage
Jul 23 04:22

I can't find where I came across this but there has already been theoretical analysis of address collisions. There are 4 outcomes: - both signing and encryption keys match. The second address is able to read messages for the original and send messages as the original - the signing keys match but the encryption keys don't. The second address can send messages as the original although recipients can detect that the encryption public key is different - the encryption keys match but the signing keys don't. The second address can read messages for the original - neither signing nor encryption keys match. The second address does not compromise the original in any way

[chan] bitmessage
Aug 14 23:12

What is the most rapid way to learn C and get deep into its best techniques?

[chan] bitmessage
Aug 15 07:58

Learning at the same time Assembly Language, but also the basics of digital electronics and architectures of microprocessor based systems.

[chan] bitmessage

Subject Last Count
Tor replacement Nov 18 04:15 3
Alternative Bitmessage port for official assignment with IANA? Nov 18 02:20 1
codewordtest2 Nov 17 21:52 1
bitmessage history Nov 15 08:43 28
stream and pool diagram Nov 12 12:05 21
( ͠° ͟ ʖ ͡°) Nov 10 09:51 2
I'm back. Nov 9 17:55 1
streams and pools Nov 7 01:37 1
How to examine bitmessage objects Nov 7 00:45 5
Tor curve vs bm curve Nov 7 00:45 4
keys.dat values Nov 6 23:16 2
Bitmessage history Nov 6 08:08 9
Pseudo-mailinglist vs chans? Nov 5 21:47 2
bitmessage node rating? Nov 5 21:32 2
can I connect to both onions and standard? Nov 5 19:33 11
Bitmessage won't exit cleanly Nov 4 18:06 2
keys.dat must be encrypted Nov 4 12:09 12
Question Nov 3 20:09 5
It's actually not that hard to de-anonymize someone on bitmessage. Nov 3 19:49 8
It's actually not that hard to de-anonymize someone on Nov 2 14:18 1
Bitmessage snapshots Nov 2 13:14 3
Why chan address? Nov 1 06:26 2
HASH Q Oct 31 21:16 1
bitpetite scam Oct 31 08:34 2
GitHub Supports Islamic Clitoris Removal Oct 31 01:02 14
What exactly is the address of [chan] general? Oct 30 05:29 7
MiNode addr bug Oct 27 11:53 1
Hi, users ! Oct 27 07:18 5
No incoming connections now Oct 26 09:40 33
RE: bitmessage implementation in any other programming language Oct 23 17:01 1
disabled address still working Oct 23 12:47 8
apinotifypath Oct 22 01:11 1 error Oct 21 22:04 3
BM slow suddenly? Oct 21 15:47 9