I hereby claim:
- I am badmofo on github.
- I am lucasryan (https://keybase.io/lucasryan) on keybase.
- I have a public key whose fingerprint is 53F5 97EF EFA7 5435 016E 711C 2B0A 159F 5735 7FF7
To claim this, I am signing this object:
def password_hashes(password): | |
alpha = sum([c * (i + 1) % 9 for i,c in enumerate(password)]) | |
beta = (password[0] + password[-1] + len(password)) % 9 | |
if beta == 0: | |
beta = 20 | |
return alpha, beta | |
def reverse(seq): | |
return seq[::-1] |
from pybitcointools import * # available via pip or https://github.com/vbuterin/pybitcointools | |
from json import dumps | |
# the tx you sent us | |
tx_hex = '0100000001f78c40e4a68a6efaea83dcc954550b0dc08b91c372d749cc0ba17934a6d618d801000000b40047304402206d805c798a0b0ae348332284435f4139aeed4935eb4c1322e8bce7d0d3e57efa0220303e13fa08326fa38143471a121cfb4bece404e1565340888587fb8f69914348814c69522103d6ab84e05bd2a9b36e09f08c43ff46358c0ef9f7bdd52ce6f6c1571de760ef852103c945afbe43b21fc864d933f498f362b682515753e9f89f71252ecb6088cc7a332103c14ed38495f194749c728ff3535f1e0286501d44735de87047ed5ef696ad1f4153aeffffffff0250c30000000000001976a914642421cbce0ac31e039ddead2207dfedd04443e488ac30750000000000001976a914c0f3ddcb9c495085252cccbd1b3e2e42d8907d0f88ac00000000' | |
# example: a 2 of 2 with a valid sig | |
#tx_hex = '01000000016dbce51ca14b5027bc714baed5bfd9218f30a83e8ef5df52cf8d530bd4627cce01000000910047304402200358faad7809a3571c36a4b18c5c47d9b28a42439d4e149725d8799e7993bf6d022073d2702eded20c9441d770b9a14a2d2b351e962f06c9a260c8fa87622af2c |
I hereby claim:
To claim this, I am signing this object:
import scrypt | |
import sys | |
from itertools import count | |
from nacl.secret import SecretBox | |
from nacl.utils import random | |
from nacl.exceptions import CryptoError | |
def kdf(password): | |
N = 16384 | |
r = 1024 |
// Similar in spirit to https://github.com/arttukasvio/deterministic | |
// It's a really bad idea to use this unless you absolutely know what | |
// you are doing. | |
@Grab(group='org.bouncycastle', module='bcpg-jdk15on', version='1.51') | |
import java.security.*; | |
import org.bouncycastle.jce.provider.BouncyCastleProvider; | |
import org.bouncycastle.bcpg.ArmoredOutputStream; | |
import org.bouncycastle.bcpg.HashAlgorithmTags; |
This product is meant for educational purposes only. Any resemblance to real persons, living or dead is purely coincidental. Void where prohibited. Some assembly required. List each check separately by bank number. Batteries not included. Contents may settle during shipment. Use only as directed. No other warranty expressed or implied. Do not use while operating a motor vehicle or heavy equipment. Postage will be paid by addressee. Subject to CAB approval. This is not an offer to sell securities. Apply only to affected area. May be too intense for some viewers. Do not stamp. Use other side for additional listings. For recreational use only. Do not disturb. All models over 18 years of age. If condition persists, consult your physician. No user-serviceable parts inside. Freshest if eaten before date on carton. Subject to change without notice. Times approximate. Simulated picture. No postage necessary if mailed in the United States. Please remain seated until the ride has come to a compl
''' | |
Pure Python Borromean Ring Signatures | |
DEPENDS ON: pip install ecdsa | |
WARNING: THIS IS A PEDAGOGICAL IMPLEMENTATION. | |
PERFORMANCE IS HORRIBLE AND NON-CONSTANT. | |
CORNER CASES ARE NOT PROPERLY CHECKED. | |
FOR THE LOVE OF GOD USE THE CODE FROM THE ELEMENTS PROJECT. | |
https://gist.github.com/badmofo/2d6e66630e4a6748edb7 | |
''' | |
from hashlib import sha256 |
There isn't anything we can do since all communication with Trustedcoin can be MITMed and more trivially malware can simply gank the seed.
Malware will be able to steal the 1/3 extended private key in the wallet upon a spend attempt and use the google authenticator code to sign a different transaction than the one the user entered - one that sweeps the wallet to the attacker's address. If the 2nd factor is able to display the transaction details AND the malware is unable to simultaneously corrupt this 2nd factor AND the user notices the discrepancy then the attack will be thwarted. Otherwise it will be fatal.
from __future__ import print_function | |
import bitcoin | |
privkey = bitcoin.encode_privkey(bitcoin.random_key(), 'wif_compressed') | |
pubkey = bitcoin.privtopub(privkey) | |
print('Private Key: ', privkey) | |
print('Public Key: ', pubkey) |
# Re-enables Trustedcoin after restoring your 2FA Electrum wallet from seed. | |
# Pass your wallet file as the first argument: | |
# python 2fa_restore.py ~/.electrum/wallets/default_wallet | |
import json | |
import sys | |
wallet = json.load(open(sys.argv[1])) | |
assert wallet['wallet_type'] == '2fa' | |
wallet['use_trustedcoin'] = True |