01:04:49c0rw1n:c0rw1n is now known as c0rw|sleep
08:05:17wilhelm.freenode.net:topic is: This channel is not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
08:05:17wilhelm.freenode.net:Users on #bitcoin-wizards: andy-logbot NewLiberty cbeams_ terpo hashtagg_ lclc wallet42 orik Guyver2 Tiraspol dEBRUYNE hktud0 koshii coiner phiche zooko fanquake SubCreative Emcy b_lumenkraft dgenr8 p15 tcrypt ryanxcharles gsdgdfs bsm117532 DougieBot5000 adam3us1 luktgf jgarzik afk11 spinza lmacken starsoccer HM moa arubi Adlai antgreen dc17523be3 justanotheruser sadoshi prodatalab crescendo Starduster jaromil pollux-bts Anduck Dr-G devrandom LeMiner melvster iddo
08:05:17wilhelm.freenode.net:Users on #bitcoin-wizards: jaekwon_ aakselrod MoALTz_ alferz catlasshrugged bosma d1ggy binaryatrocity sneak ebfull deepcore face Luke-Jr poggy amincd OneFixt Pan0ram1x PRab gielbier cluckj shesek lmatteis SDCDev maaku go1111111 luny bliljerk101 copumpkin amiller raizor cornus_ammonis c-cex-yuriy Chillum jmaurice nsh Madars GibsonA luigi1111w JonTitor szumen yorick kyuupichan Logicwax d9b4bef9 tromp runeks phantomcircuit EasyAt hashtag_ c0rw|sleep cgt_ waxwing helo
08:05:17wilhelm.freenode.net:Users on #bitcoin-wizards: lechuga_ a5m0 luigi11111 isis PaulCapestany nanotube yoleaux gmaxwell andytoshi berndj gavinandresen dignork AdrianG s1w livegnik optimator fluffypony Meeh cursive dansmith_btc morcos guruvan BananaLotus bedeho heath roasbeef_ eordano_ Fistful_of_Coins dardasaba jonasschnelli comboy_ tromp_ stonecoldpat nuke_ afdudley ahmed_ betarigs_admin espes__ pigeons otoburb eric jessepollak airbreather sipa warptangent gribble ryan-c mkarrer_ phedny so
08:05:17wilhelm.freenode.net:Users on #bitcoin-wizards: nuke1989 rustyn adams_ STRML harrow` huseby GreenIsMyPepper forrestv Xzibit17 hguux__ michagogo yrashk mariorz null sl01 kefkius SwedFTP larraboj midnightmagic lnovy Iriez Apocalyptic jcorgan [d__d] NikolaiToryzin petertodd kanzure catcow Muis cfields Zouppen coryfields_ cryptowest_ kinlo wizkid057 wumpus BlueMatt gwillen dasource fenn nickler Alanius sdaftuar Hunger- null_radix epscy Taek smooth artifexd kumavis Krellan platinuum Oizopower
08:05:17wilhelm.freenode.net:Users on #bitcoin-wizards: BrainOverfl0w MRL-Relay azariah btc___ throughnothing @ChanServ brand0 davout NeatBasis mr_burdell CryptOprah leakypat TD-Linux K1773R indolering veox Eliel Graet warren gnusha jbenet mappum Keefe
09:13:58lmatteis:hello. is there a paper somewhere that explains how Namecoin works?
09:19:09fluffypony:lmatteis: #namecoin
09:19:17fluffypony:or #namecoin-dev
09:52:35nsh:.title http://www.reddit.com/r/crypto/comments/30wuxb/anyone_want_to_help_draft_some_cwes_for_elliptic/
09:52:36yoleaux:Anyone want to help draft some CWEs for Elliptic Curve Crypto? : crypto
09:52:47nsh:(Common Weaknesses and Exposures)
09:59:14maaku:maaku is now known as Guest37590
10:57:04ahmed_:ahmed_ is now known as Guest27388
11:07:47zz_betarigs_admi:zz_betarigs_admi is now known as betarigs_admin
11:11:23zz_ahmed_:zz_ahmed_ is now known as ahmed_
11:12:57zz_betarigs_admi:zz_betarigs_admi is now known as betarigs_admin
12:16:53c0rw|sleep:c0rw|sleep is now known as c0rw1n
13:21:36jmaurice:jmaurice is now known as wiz
14:44:36andytoshi:i think "known weak curve" is probably the only code worth having for curve parameters ... these things change as time ticks by and nobody is introducing known-broken curves to existing systems (are they?)
14:47:28pigeons:the projects i know are scared and just using whatever NaCl supports (Curve25519 i guess)
14:55:46gmaxwell:it's funny, because the NaCL implementation of signing with 25519 is some kind of adhoc, prestandard thing that doesn't match anything published.
14:57:25pigeons:yeah i think its a "nobody got fired for using IBM" sort of thing
14:58:31pigeons:everybody else is doing it, and we can appeal to djb as an authority
15:00:11gmaxwell:DJB is indeed awsome, but he's just one dude; its not like his code has been bugless. And his code is often very hard to review. I suspect people doing that probably haven't completely thought through what happens if things do go wrong; its easy to throw rocks at just using nacl.
15:10:00andytoshi:mmhmm, i recall some "random from [0, .. 2^255-19)" code posted here which was so bitshifty, long and uncommented that i said it was "probably backdoored" ... then we tracked it back to SUPERCOP/ed25519 (meaning djb had written it, and this was also our first clue it was doing modular reduction) and i revised it to "probably not". but tbh i couldn't tell and didn't want to wade through it ... if i
15:10:03andytoshi:was doing code review with him i'd make him add sipa-style invariant comments to every line at least
15:11:15andytoshi:actually maybe it wasn't 2^255-19, it'd be crazy then to not just generate 255 random bits..
15:18:48gmaxwell:Yes, he writes a lot of code thats very difficulty to review. It's also almost always correct (certantly moreso than anything I write). But not always. :(
15:20:34andytoshi:ah, it was 2^252 + 27742317777372353535851937790883648493 ... the discussion was on the mornintg of 2014-06-06, https://download.wpsoftware.net/bitcoin/wizards/2014-06-06.html starting from 16:08:57
15:28:38gmaxwell:yea, that function is a doozy. lol
15:29:42fluffypony:sc_reduce is headache-worthy
15:30:17Anduck:that's sick
15:30:26fluffypony:I love how MRL-0003 reduces that entire thing down to 2 sentences -
15:30:27fluffypony:4.1.11 sc_reduce
15:30:28fluffypony:Takes a 64-byte integer and outputs the lowest 32 bytes modulo the prime q. This is not a CryptoNote-specific function, but comes from the standard ed25519 library.
15:34:47hearn:it's like he said "magic numbers? i love magic shows!"
15:36:30fluffypony:everyone saw the TrueCrypt report, right?
15:36:39fluffypony:makes for interesting reading
15:37:12fluffypony:tl;dr - TrueCrypt is basically well designed, bar some Windows PRNG issues
15:39:17gielbier:fluffypony haven't seen it yet, thx for the link
15:40:05gmaxwell:I don't think there are any unexplained magic numbers in libsecp256k1, unless you count test vectors. (if you happen to find any, whine.)
15:44:05kanzure:i have been meaning to find an excuse to use https://github.com/Z3Prover/z3
15:46:13gmaxwell:any more formal analysis on libsecp256k1 would be awesome.
16:45:12Guest37590:Guest37590 is now known as maaku
16:45:40gsdgdfs:gsdgdfs is now known as Transisto
18:32:20[1]LeMiner:[1]LeMiner is now known as LeMiner
21:39:23smooth:smooth is now known as Guest21207
21:39:28TD--Linux:TD--Linux is now known as TD-Linux
21:39:36otoburb:otoburb is now known as Guest30600
21:42:14mariorz_:mariorz_ is now known as mariorz
23:29:51rusty:GreenIsMyPepper: why 40 days, BTW?