| 01:04:49 | c0rw1n: | c0rw1n is now known as c0rw|sleep |
| 08:05:17 | wilhelm.freenode.net: | topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja |
| 08:05:17 | wilhelm.freenode.net: | Users on #bitcoin-wizards: andy-logbot NewLiberty cbeams_ terpo hashtagg_ lclc wallet42 orik Guyver2 Tiraspol dEBRUYNE hktud0 koshii coiner phiche zooko fanquake SubCreative Emcy b_lumenkraft dgenr8 p15 tcrypt ryanxcharles gsdgdfs bsm117532 DougieBot5000 adam3us1 luktgf jgarzik afk11 spinza lmacken starsoccer HM moa arubi Adlai antgreen dc17523be3 justanotheruser sadoshi prodatalab crescendo Starduster jaromil pollux-bts Anduck Dr-G devrandom LeMiner melvster iddo |
| 08:05:17 | wilhelm.freenode.net: | Users on #bitcoin-wizards: jaekwon_ aakselrod MoALTz_ alferz catlasshrugged bosma d1ggy binaryatrocity sneak ebfull deepcore face Luke-Jr poggy amincd OneFixt Pan0ram1x PRab gielbier cluckj shesek lmatteis SDCDev maaku go1111111 luny bliljerk101 copumpkin amiller raizor cornus_ammonis c-cex-yuriy Chillum jmaurice nsh Madars GibsonA luigi1111w JonTitor szumen yorick kyuupichan Logicwax d9b4bef9 tromp runeks phantomcircuit EasyAt hashtag_ c0rw|sleep cgt_ waxwing helo |
| 08:05:17 | wilhelm.freenode.net: | Users on #bitcoin-wizards: lechuga_ a5m0 luigi11111 isis PaulCapestany nanotube yoleaux gmaxwell andytoshi berndj gavinandresen dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ eordano_ Fistful_of_Coins dardasaba jonasschnelli comboy_ tromp_ stonecoldpat nuke_ afdudley ahmed_ betarigs_admin espes__ pigeons otoburb eric jessepollak airbreather sipa warptangent gribble ryan-c mkarrer_ phedny so |
| 08:05:17 | wilhelm.freenode.net: | Users on #bitcoin-wizards: nuke1989 rustyn adams_ STRML harrow` huseby GreenIsMyPepper forrestv Xzibit17 hguux__ michagogo yrashk mariorz null sl01 kefkius SwedFTP larraboj midnightmagic lnovy Iriez Apocalyptic jcorgan [d__d] NikolaiToryzin petertodd kanzure catcow Muis cfields Zouppen coryfields_ cryptowest_ kinlo wizkid057 wumpus BlueMatt gwillen dasource fenn nickler Alanius sdaftuar Hunger- null_radix epscy Taek smooth artifexd kumavis Krellan platinuum Oizopower |
| 08:05:17 | wilhelm.freenode.net: | Users on #bitcoin-wizards: BrainOverfl0w MRL-Relay azariah btc___ throughnothing @ChanServ brand0 davout NeatBasis mr_burdell CryptOprah leakypat TD-Linux K1773R indolering veox Eliel Graet warren gnusha jbenet mappum Keefe |
| 09:13:58 | lmatteis: | hello. is there a paper somewhere that explains how Namecoin works? |
| 09:19:09 | fluffypony: | lmatteis: #namecoin |
| 09:19:17 | fluffypony: | or #namecoin-dev |
| 09:19:41 | lmatteis: | thanks |
| 09:52:35 | nsh: | .title http://www.reddit.com/r/crypto/comments/30wuxb/anyone_want_to_help_draft_some_cwes_for_elliptic/ |
| 09:52:36 | yoleaux: | Anyone want to help draft some CWEs for Elliptic Curve Crypto? : crypto |
| 09:52:47 | nsh: | (Common Weaknesses and Exposures) |
| 09:59:14 | maaku: | maaku is now known as Guest37590 |
| 10:57:04 | ahmed_: | ahmed_ is now known as Guest27388 |
| 11:07:47 | zz_betarigs_admi: | zz_betarigs_admi is now known as betarigs_admin |
| 11:11:23 | zz_ahmed_: | zz_ahmed_ is now known as ahmed_ |
| 11:12:57 | zz_betarigs_admi: | zz_betarigs_admi is now known as betarigs_admin |
| 12:16:53 | c0rw|sleep: | c0rw|sleep is now known as c0rw1n |
| 13:21:36 | jmaurice: | jmaurice is now known as wiz |
| 14:44:36 | andytoshi: | i think "known weak curve" is probably the only code worth having for curve parameters ... these things change as time ticks by and nobody is introducing known-broken curves to existing systems (are they?) |
| 14:47:28 | pigeons: | the projects i know are scared and just using whatever NaCl supports (Curve25519 i guess) |
| 14:55:46 | gmaxwell: | it's funny, because the NaCL implementation of signing with 25519 is some kind of adhoc, prestandard thing that doesn't match anything published. |
| 14:57:25 | pigeons: | yeah i think its a "nobody got fired for using IBM" sort of thing |
| 14:58:31 | pigeons: | everybody else is doing it, and we can appeal to djb as an authority |
| 15:00:11 | gmaxwell: | DJB is indeed awsome, but he's just one dude; its not like his code has been bugless. And his code is often very hard to review. I suspect people doing that probably haven't completely thought through what happens if things do go wrong; its easy to throw rocks at just using nacl. |
| 15:10:00 | andytoshi: | mmhmm, i recall some "random from [0, .. 2^255-19)" code posted here which was so bitshifty, long and uncommented that i said it was "probably backdoored" ... then we tracked it back to SUPERCOP/ed25519 (meaning djb had written it, and this was also our first clue it was doing modular reduction) and i revised it to "probably not". but tbh i couldn't tell and didn't want to wade through it ... if i |
| 15:10:03 | andytoshi: | was doing code review with him i'd make him add sipa-style invariant comments to every line at least |
| 15:11:15 | andytoshi: | actually maybe it wasn't 2^255-19, it'd be crazy then to not just generate 255 random bits.. |
| 15:18:48 | gmaxwell: | Yes, he writes a lot of code thats very difficulty to review. It's also almost always correct (certantly moreso than anything I write). But not always. :( |
| 15:20:34 | andytoshi: | ah, it was 2^252 + 27742317777372353535851937790883648493 ... the discussion was on the mornintg of 2014-06-06, https://download.wpsoftware.net/bitcoin/wizards/2014-06-06.html starting from 16:08:57 |
| 15:28:38 | gmaxwell: | yea, that function is a doozy. lol |
| 15:28:47 | gmaxwell: | https://github.com/amjuarez/bytecoin/blob/296ae46ed8f8f6e5f986f978febad302e3df231a/src/crypto/crypto-ops.c#L1609 |
| 15:29:42 | fluffypony: | sc_reduce is headache-worthy |
| 15:30:17 | Anduck: | that's sick |
| 15:30:26 | fluffypony: | I love how MRL-0003 reduces that entire thing down to 2 sentences - |
| 15:30:27 | fluffypony: | 4.1.11 sc_reduce |
| 15:30:28 | fluffypony: | Takes a 64-byte integer and outputs the lowest 32 bytes modulo the prime q. This is not a CryptoNote-specific function, but comes from the standard ed25519 library. |
| 15:34:47 | hearn: | it's like he said "magic numbers? i love magic shows!" |
| 15:35:26 | andytoshi: | hehe |
| 15:36:30 | fluffypony: | everyone saw the TrueCrypt report, right? |
| 15:36:32 | fluffypony: | http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html |
| 15:36:39 | fluffypony: | makes for interesting reading |
| 15:37:12 | fluffypony: | tl;dr - TrueCrypt is basically well designed, bar some Windows PRNG issues |
| 15:39:17 | gielbier: | fluffypony haven't seen it yet, thx for the link |
| 15:40:05 | gmaxwell: | I don't think there are any unexplained magic numbers in libsecp256k1, unless you count test vectors. (if you happen to find any, whine.) |
| 15:44:05 | kanzure: | i have been meaning to find an excuse to use https://github.com/Z3Prover/z3 |
| 15:46:13 | gmaxwell: | any more formal analysis on libsecp256k1 would be awesome. |
| 16:45:12 | Guest37590: | Guest37590 is now known as maaku |
| 16:45:40 | gsdgdfs: | gsdgdfs is now known as Transisto |
| 18:32:20 | [1]LeMiner: | [1]LeMiner is now known as LeMiner |
| 21:39:23 | smooth: | smooth is now known as Guest21207 |
| 21:39:28 | TD--Linux: | TD--Linux is now known as TD-Linux |
| 21:39:36 | otoburb: | otoburb is now known as Guest30600 |
| 21:42:14 | mariorz_: | mariorz_ is now known as mariorz |
| 23:29:51 | rusty: | GreenIsMyPepper: why 40 days, BTW? |