Brute forcing BM addr's

[chan] bitmessage
Jul 8 13:45

I generated 17,000 BM addr's in a couple hours using python. A C program could probably do millions or billions per hour on a GPU or ASIC setup. Are there any C gurus who want a challenge? We could run a CLI bitmessage address and chan generator in pure C, using only C libs, with multi core threading, and switches for every option. A few people running that for a few months might be able to brute force some addresses and get compatible keys. If collisions are not found in a few months of running, we could say the addressing scheme and its keys are presumable very secure. I could never do this with python. You can't brute force 2+2 with snakesoft. I shoulda learned C.

[chan] bitmessage
Jul 8 14:09

A hardware acceleration route may be the best (core) way to go. with carefully tuned bare metal coding for custom processor ops. Because the use of cryptographic grade hash standards and block/streaming ciphers capable of efficiently processing large quantities of wire transmitted data demands a very specific approach. Opposed to the (mis)uses as a chosen standard where highly assymetric time / computational overhead is desirable rather than undesirable All early crypto-coin implementations fall into this trap, to a greater or lesser extent Simply making huge loops of designed-for-efficiency algorithms in core functions is pretty typical until recently.

[chan] bitmessage
Jul 8 14:31

it wouldn't make any sense, because the probability of finding something is very very low but you could try to brute force peoples passphrases, which makes a lot more sense, and might actually work

[chan] bitmessage
Jul 8 14:48

Using a full UTF8 character set rather than legacy ASCII subset is also a game-changer .

BM-NBKKF1io494ddT3GxwzEebZVEJJ5ULQe
Jul 8 15:22

I'm assuming you're using the p\Python vanity generator I wrote. Rewriting it in C won't matter, as I've posted in the past. Most of the processing time is spent in OpenSSL.EC_POINT_mul which is already written in C. The Python overhead surrounding this OpenSSL call is miniscule in comparision. Not worth it at all.

[chan] bitmessage
Jul 8 15:41

I use 160 char base64 passphrases from /dev/urandom. Good luck brute forcing that.

[chan] bitmessage
Jul 8 15:41

Yahamana ... Just a 10 char pwd in full UTF-8 pans out like this: {2^21} ^ {len(pwd)} ----------------------------------------------------- Using a full UTF8 character set rather than legacy ASCII subset is also a game-changer .

[chan] bitmessage
Jul 9 11:23

Watch out for combining them though - especially if using GUI copy paste operations. You'll get reminders about the difference between a code-point and a character when you mic 'em up radically. I'm having an interesting time (in the Chinese sense) with code in python2.7 where odd combinations of ass-backwards UTF8 right to left scripts mix up with regular left to right ones. In python strings and structures. Will probably do most of the final work in C structures anyway.

[chan] bitmessage
Jul 18 13:31

C is easy as fuck bro

[chan] bitmessage
Jul 18 13:34

Being "easy as fuck" doesn't matter when rewriting won't improve anything.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Jul 19 03:13

Assembler (On any target processors, with more than 1 millions of lines coded in my life) and C guru here. Yep. I have been thinking rewritting the whole thing in C but for now it's too much work for me, and it would be useless. The only missing thing that will make BitMessage really more secure and that will be able to truly restore anonymity is using the dedicated open-hardware open-core project, the BitMessage Secure Station. https://blogs.mediapart.fr/stman/blog/090717/snowdens-dream-bitmessage-secure-station-open-hardware-open-core-project https://blogs.mediapart.fr/stman/blog/090717/torvpn-fingerprinting-family-anonymity-breach-fix-custom-fpga-based-ic

[chan] bitmessage
Jul 19 03:31

Quit moaning about your hardware bla bla already. Close the curtains, put on your thinfoil hat and don't forget to take your pills

[chan] bitmessage
Jul 19 03:48

Easy to understand; yes; fast to code in; no. I can do a web browser in a couple dozen lines of python. Perhaps 50 thousand lines of C will get you the same thing.

[chan] bitmessage
Jul 19 06:54

Are there not any other crypto libraries that might improve the situation? libsecp56k1?

[chan] bitmessage
Jul 19 07:26

Do you have any arguments against Stman's, other than ad hominem? Assuming there are hidden hardware/flash/bios/etc channels, his idea seems quite reasonable to me, and the only safe and currently doable way to go. Do you have any proof there are no such channels? NB: a negative proof is quite difficult to do in a convincing way. If there aren't any and all of our off-the-shelf hardware is clean, Stman and his comrades will at least learn a lot about hardware while making that station, and that's a huge gain in itself.

[chan] bitmessage
Jul 19 08:38

(Not the original poster) The issue with Stman is, that he sounds like an advertisement stuck in a loop, plastering his project EVERYWHERE, even if it's not in any way related to the original question. The general idea he had, i.e. to design and build a more secure setup for bitmessage, is sound, but when he goes around, trying to smear it in everyone's face, he loses a LOT of credibility. And in this case, it's not even about bitmessage as a running node, but just a program to brute-force addresses, which doesn't profit from being more secure in any way.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Jul 19 11:26

Fuck you. As simple as that. FUCK YOU DEEPLY. You are a fucking crypto-fascist. Point. I will forward my open-hardware open-core project, even if you keep trying to trap me with all your fuckeries with mind control right ? Don't forget the scandal of my "antitrust" patent case. I know on which side you are. You are not only a true fascist, You are a fucking mafia model defender. And stop spying on me motherucker. You wil not win in the end, you will end in jail. ⬇︎

[chan] bitmessage
Jul 19 11:32

You could've done the mature thing and simply ignored his shitpost, but you chose to throw around words like "fascist" and other. This is most likely exactly what the other guy meant with "he loses a LOT of credibility". If your project actually reaches a point where it's usable and well accepted, that would speak for itself. But currently, you're only making yourself look like you just love to call people fascists, mafia and other shit. Concentrate on getting your project rolling, and stop shouting at trolls and making yourself look like a maniac.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Jul 19 11:36

Oh and I know who you are. Exactly. You are LKB. Shall I dox you ? Maybe it's what you want. It's what you deserv indeed. It would mean a true fascist spy less endangering humanity and global peace.

[chan] bitmessage
Jul 19 11:39

Ah, there he goes again, making the trolls laugh their ass off and making himself look like a nutjob.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Jul 19 11:46

You are right, I am loosing my time. I'll stop feeding him and his nazi spy club trolls.

[chan] bitmessage
Jul 19 13:13

bull.

[chan] bitmessage
Jul 21 18:23

Very true

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Jul 21 18:57

I was also tempted to rewrite everything in C, but it won't fix anything new known. Peter Surda convinced me logicaly & easily it was stupid and energy lost doing so for the moment, as long as it will not solve anything new, but just improve performances a little bit, and current work with python + Qt is ok to me in terms of performance. Getting rid of Qt is another debate (What I have always feared with Qt are the possibility of having Qt Backdoored, but still, I consider Qt the best cross-platform meta-framework available on the market, because there are no performance degradation). Personnaly, my energy is much better spent on working on the BitMessage Secure Station Open-Core Open-Hardware stuff.

[chan] bitmessage
Jul 22 09:58

If you were serious about testing the security by attempting to brute force BM addresses, then it should be set up as a BOINC project. There have been a couple of projects like this in the past, such as HashClash and SHA-1 Collision Search Graz. A properly setup BOINC project would certainly attract several hundred users, and enough computing power to prove whether it is possible to brute force an address and get a compatible key.

[chan] bitmessage
Jul 23 04:22

I can't find where I came across this but there has already been theoretical analysis of address collisions. There are 4 outcomes: - both signing and encryption keys match. The second address is able to read messages for the original and send messages as the original - the signing keys match but the encryption keys don't. The second address can send messages as the original although recipients can detect that the encryption public key is different - the encryption keys match but the signing keys don't. The second address can read messages for the original - neither signing nor encryption keys match. The second address does not compromise the original in any way

[chan] bitmessage
Aug 14 23:12

What is the most rapid way to learn C and get deep into its best techniques?

[chan] bitmessage
Aug 15 07:58

Learning at the same time Assembly Language, but also the basics of digital electronics and architectures of microprocessor based systems.

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
Building instructions for Windows Sep 24 17:53 13
beamstat.com is being cached by google Sep 24 16:51 1
How to.. Sep 24 16:43 2
BitText XHKhFPCDzj: ultimate bitmessage forum Sep 24 16:36 1
BitText Error Sep 24 16:32 1
BitText LIST Sep 24 16:16 2
HELP Sep 24 15:49 2
BitText ADD confirmation Sep 24 15:34 1
TTL Tweaks Sep 24 15:27 12
turn MiNode into a full client - simple task ! Sep 24 15:12 1
use MiNode py3 app to route a BM via "stream 7" Sep 24 14:07 1
BM GUI via API using monkey studio Sep 23 20:35 26
BM GUI via API using KDevelop Sep 23 18:21 1
Email client integration Sep 23 16:34 10
got green light Sep 23 10:59 3
pyBM eats too many CPU cycles Sep 23 10:36 22
Git pull error Sep 23 08:49 17
What's a status of DevTalk pseudo-mailing list? Sep 23 07:44 7
Kdevelop + qt-designer for python Sep 22 21:47 1
NATO member Turkey boast that Russian S-400 SAMs can take out American B-52s, F-22s and Tomahawks Sep 22 12:24 1
bug? pyBM eats 17% of my 6core CPU cycles SOLVED :-) Sep 22 11:41 1
bug? pyBM eats 17% of my 6core CPU cycles Sep 22 11:37 21
monkey studio Sep 22 11:06 1
MX.forum.cool Sep 22 10:56 2
so stream 7 cannot work ? Then what did I do ? Sep 22 10:44 1
How make new stream? Sep 22 10:29 22
(Qt4 security staus?) Sep 22 10:27 6
Question Sep 22 05:49 8
GUI choice is Good. Ncurses anyone? Sep 22 05:35 6
attitude Sep 22 03:21 2
(Qt4 security status?) Sep 22 02:57 2
Searching for BM address for g1itch/Dmitri Bogomolov Sep 21 15:41 4
QT designer and Monkey GUI builder for pyBM Sep 21 15:39 1
bug report: Connected hosts: 0 -- SOLVED :-) retracted Sep 21 13:35 1
bug report: Connected hosts: 0 -- SOLVED :-) Sep 21 13:32 2
Gabon has teamed up with militant conservation group Sea Shepherd Sep 21 13:17 1
twister micro blogging Sep 21 12:40 6
rating in pybitmessage snapshot build Sep 21 12:38 3
#Assange Sep 21 11:45 4
bug report: Connected hosts: 0 Sep 21 11:09 7
How would you describe the technology behind Bitmessage Sep 21 09:43 4
does anyone get BM over tor to work ? SOLVED :-) Sep 20 22:03 1
does anyone get BM over tor to work ? Sep 20 22:00 12
what needs to be in a real BM GUI via API - web Sep 20 21:55 20
what needs to be in a real BM GUI via API Sep 20 21:52 14
BM GUI via API Sep 20 21:47 1
bot bug: bot keeps sending me a list - ACK is missing Sep 20 21:38 2
get BM over tor to work ( see UBF ) Sep 20 21:32 1
GUI Sep 20 20:38 1
BM future & features Sep 20 16:41 7
Feature Mashup Sep 20 16:40 1
BitMessage Secure Station (Developer Version) open-core open-hardware project PCB routing advancement : 75% Sep 20 16:01 9
py typo-squatting Sep 20 15:41 1
does anyone get BM over tor to work ?? --> poss. solution now? Sep 20 12:09 2
does anyone get BM over tor to work ?? Sep 20 11:17 5
what needs to be in a real BM GUI Sep 20 11:14 27
Is anyone there? Sep 20 07:47 5
Rewarded help needed for scanning old amazon (Or any other website) shipment barcodes (Reward $10 in Bitcoin per scan). Sep 19 22:25 1
Bitmessage noise script Sep 19 00:48 15
BitMessage Secure Station's architecture security review : White Papers & Publications about Designing Secure Hardware and fighting Hardware Backdoors. Sep 19 00:48 4
How to compliment a female cryptographer? (joke) Sep 19 00:47 3
Great article about fighting Hardware Backdoors and how to design secure open-hardware open-core systems (BitMessage Secure Station) Sep 17 11:58 1
Question about curves Sep 16 21:27 10
Streams Sep 16 10:39 4
BitMessage Secure Station open-core open-hardware project news. Sep 15 22:07 8
Tor Browser Sandbox Sep 13 21:39 1
BitMessage Secure Station "version developer" security update Sep 13 20:56 1
ISS Space Station - Augmented Virtual Reality Sep 13 12:41 2
TTL of pubkey requests Sep 13 05:52 2
encryption in BM Sep 12 16:55 20
BM connection security Sep 12 08:26 8
First pictures of the in routing PCB of the BitMessage Secure Station, version developper (Implemented with a PIC 24 Microcontroller, and not a Spartan 6 FPGA) Sep 11 13:37 1
Another Question about curves Sep 11 09:49 3
onion issues/questions? Sep 11 06:53 32
CAN SOMEONE REVERSEENGINEER? Sep 9 15:22 42
bitmessage has forward secrecy? Sep 9 08:35 17
mixmaster / mixminion routing in bitmessage Sep 9 08:23 6
Passphrase encryptsion for keys.dat? Sep 8 20:33 14
Bitmessage Addresses Question Sep 8 09:46 2
FEATURE REQUEST: PGP SIGNING Sep 7 00:55 6
Anatomy of encrypted payload Sep 6 08:24 8
BM / singleWorker.py Sep 6 07:07 6
Bitmessage Mix Routing Sep 6 03:32 1
Unencrypted image Sep 5 20:22 5
Do PoW but don't send the object Sep 5 09:05 2
Question on BM source code Sep 5 08:42 3
ENCRYPTION IN BITMESSAGE Sep 5 08:26 15
What does this mean? Sep 2 05:03 3
Anybody willing to share their xmpp IDs? Sep 1 15:05 1
Short Addresses Sep 1 01:40 35
Bitmessage and Namecoin Aug 31 06:45 3