Community Points are the first step towards a better future for online communities. In order to be truly independent from platforms like Reddit, communities need to be owned by their members in ways that platforms cannot take away. With the advent of blockchain technology, we now have a way to establish this freedom in a decentralized and secure way.
As blockchain tokens that are owned and controlled by communities themselves — not by any app or platform — Community Points represent a way for Redditors to own a piece of their favorite communities. They are earned by making contributions to the community, like creating content and moderating. They not only represent ownership and reputation within the community, but can also be used for community governance, moderation, and unlocking premium features. They can even be used in custom tools outside of Reddit and on other platforms.
Wow! Ownership and reputation of a community, used for governance, and transferrable to other platforms! Just like all those videogame NFTs that worked so well and appreciated in value so much.
since crypto still stubbornly refuses to die (completely), shall we have a new thread? or just keep adding onto this one, like The Blockchain?
In the spirit of blockchain, we should have one thread that's 200 gigabytes and you need to download and verify the entire thing every time you add a post.
The public and private keys are created as part of the same process, right? You could just run the generation code to pre-compute all possible public-private key pairs -- 32-bit input seed means you've only got ~2 billion possible key pairs, which isn't a particularly large number in this context.
Throw the key pairs in a lookup table and scan the blockchain for any public keys in your table and you're golden.
A rainbow table attack? No; while the random bit can be guessed, there's also going to be a salt in place, based on the username or other known--actually let me check that. (Re-reads the exploit summary) They didn't put a salt in. This is vulnerable to a rainbow table attack. An attacker can trivially generate a lookup table of all possible public key values going to all possible private key values, for all wallets created with the vulnerable software, and just check all new wallets against that table. No wonder so many people got hacked.
EDIT: For those of you who didn't understand this, just know that this was so stupid I literally didn't even consider it. If you generated your private key at the same second as a different user, both of you would have the same public and private keys.
Community Points are the first step towards a better future for online communities. In order to be truly independent from platforms like Reddit, communities need to be owned by their members in ways that platforms cannot take away. With the advent of blockchain technology, we now have a way to establish this freedom in a decentralized and secure way.
As blockchain tokens that are owned and controlled by communities themselves — not by any app or platform — Community Points represent a way for Redditors to own a piece of their favorite communities. They are earned by making contributions to the community, like creating content and moderating. They not only represent ownership and reputation within the community, but can also be used for community governance, moderation, and unlocking premium features. They can even be used in custom tools outside of Reddit and on other platforms.
Wow! Ownership and reputation of a community, used for governance, and transferrable to other platforms! Just like all those videogame NFTs that worked so well and appreciated in value so much.
Good luck, Reddit.
Community Points! Gain ownership and control* of your community.
*Community Points do not grant any express or implied ownership or control of services or content.
Just remember that half the people you meet are below average intelligence.
The public and private keys are created as part of the same process, right? You could just run the generation code to pre-compute all possible public-private key pairs -- 32-bit input seed means you've only got ~2 billion possible key pairs, which isn't a particularly large number in this context.
Throw the key pairs in a lookup table and scan the blockchain for any public keys in your table and you're golden.
A rainbow table attack? No; while the random bit can be guessed, there's also going to be a salt in place, based on the username or other known--actually let me check that. (Re-reads the exploit summary) They didn't put a salt in. This is vulnerable to a rainbow table attack. An attacker can trivially generate a lookup table of all possible public key values going to all possible private key values, for all wallets created with the vulnerable software, and just check all new wallets against that table. No wonder so many people got hacked.
EDIT: For those of you who didn't understand this, just know that this was so stupid I literally didn't even consider it. If you generated your private key at the same second as a different user, both of you would have the same public and private keys.
This doesn't sound right, I've only made a custom implementation of oauth2, and every computer has it's own source of truly random bits that you can use to get the needed entropy, it's pretty easy to use, and while the generator CAN run out, that's only an issue if the server has just booted up and the bucket hasn't been filled, or maybe if you generate like... a 100 keys a second, it's a pretty big bucket.
Why would you use something as non-random as the system clock, when the tools are RIGHT there, and free, and widely supported, and known?
The public and private keys are created as part of the same process, right? You could just run the generation code to pre-compute all possible public-private key pairs -- 32-bit input seed means you've only got ~2 billion possible key pairs, which isn't a particularly large number in this context.
Throw the key pairs in a lookup table and scan the blockchain for any public keys in your table and you're golden.
A rainbow table attack? No; while the random bit can be guessed, there's also going to be a salt in place, based on the username or other known--actually let me check that. (Re-reads the exploit summary) They didn't put a salt in. This is vulnerable to a rainbow table attack. An attacker can trivially generate a lookup table of all possible public key values going to all possible private key values, for all wallets created with the vulnerable software, and just check all new wallets against that table. No wonder so many people got hacked.
EDIT: For those of you who didn't understand this, just know that this was so stupid I literally didn't even consider it. If you generated your private key at the same second as a different user, both of you would have the same public and private keys.
Just when you think crypto can't get any dumber, they pull this crap. Anybody who has ever had a diner breakfast knows that you always salt the hash!
The public and private keys are created as part of the same process, right? You could just run the generation code to pre-compute all possible public-private key pairs -- 32-bit input seed means you've only got ~2 billion possible key pairs, which isn't a particularly large number in this context.
Throw the key pairs in a lookup table and scan the blockchain for any public keys in your table and you're golden.
A rainbow table attack? No; while the random bit can be guessed, there's also going to be a salt in place, based on the username or other known--actually let me check that. (Re-reads the exploit summary) They didn't put a salt in. This is vulnerable to a rainbow table attack. An attacker can trivially generate a lookup table of all possible public key values going to all possible private key values, for all wallets created with the vulnerable software, and just check all new wallets against that table. No wonder so many people got hacked.
EDIT: For those of you who didn't understand this, just know that this was so stupid I literally didn't even consider it. If you generated your private key at the same second as a different user, both of you would have the same public and private keys.
This doesn't sound right, I've only made a custom implementation of oauth2, and every computer has it's own source of truly random bits that you can use to get the needed entropy, it's pretty easy to use, and while the generator CAN run out, that's only an issue if the server has just booted up and the bucket hasn't been filled, or maybe if you generate like... a 100 keys a second, it's a pretty big bucket.
Why would you use something as non-random as the system clock, when the tools are RIGHT there, and free, and widely supported, and known?
It's in the vulnerability report: https://milksad.info/
They're using a psudo-random source of randomness, and initializing it with the system clock.
const auto now = high_resolution_clock::now();
return static_cast<uint32_t>(now.time_since_epoch().count());
...
twister.reset(new std::mt19937(get_clock_seed()));
Converting the result of now.time_since_epoch().count() into a uint32_t turns it into the number of seconds since the epoch, instead of retaining any fractional seconds. Then they initialize the twister random number generator with that value.
EDIT: or maybe the conversion cuts off the top values instead? I'm not actually sure what this does, because I don't do enough C++. But I can tell they've dropped system time to a 32bit number, which means there are only 32 bits worth of possible private keys this could ever generate, which is well within the possibility for a rainbow table. A site I found online estimated a table size in megabytes, not gigabytes.
It even seems Libbitcoin did things right(ish) until version 3.0. It supposedly made errors in some implementations so as an example the win32 version was also playing with half a deck, but an attacker at least didn't know which half.
At that point they decided to take all the locks off their house (including that fishy Wal Mart brand one that was still technically a lock) and replace them with rusty wang hangers chip clips.
0
Options
FencingsaxIt is difficult to get a man to understand, when his salary depends upon his not understandingGNU Terry PratchettRegistered Userregular
The attributes of crypto are numerous in amount. One attribute is that it can be difficult to understand, like a maze. Or as the first nations call it - maize. Another famous crypto person is Satoshi.
And this is why you're supposed to use an actual god damn entropy source for anything where security matters.
(Also entropy isn't all that hard to come by either - any running system has random noise that can be collected by the OS)
Reminded of that one security firm on the West Coast that generates their security hashes using a wall of lava lamps
Edit: It's Cloudflare, and they use seismic data and other uncontrolled variables recorded at other international offices as well.
Shame that they have a policy of protecting bigots and terrorists. But it's okay - they have hate offsets!
(That's not a joke, by the way - CloudFlare literally handles providing services to bigots by then giving their services free to pro-marginalized group organizations so they can...combat the disinformation and hate coming from the bigots who are CloudFlare customers.)
I'm going to quit my job and open up a second-hand boutique apparel store in San Francisco called "Non-Fungible Threads".
Just got to make sure you never have two equivalent versions of the same shirt or they WILL be fungible.
But I don't mind, as long as there's a bed beneath the stars that shine,
I'll be fine, just give me a minute, a man's got a limit, I can't get a life if my heart's not in it.
U.S. judge revokes Sam Bankman-Fried's bail, saying FTX founder tampered with witnesses
FTX founder Sam Bankman-Fried was ordered jailed on Friday to await trial after a bail hearing for the fallen cryptocurrency wiz left a judge convinced that he had repeatedly tried to influence witnesses against him.
Posts
Reddit is getting in on the crypto shit. This is ostensibly why they murdered their other paid options without warning recently.
Wow! Ownership and reputation of a community, used for governance, and transferrable to other platforms! Just like all those videogame NFTs that worked so well and appreciated in value so much.
Good luck, Reddit.
In the spirit of blockchain, we should have one thread that's 200 gigabytes and you need to download and verify the entire thing every time you add a post.
pleasepaypreacher.net
A rainbow table attack? No; while the random bit can be guessed, there's also going to be a salt in place, based on the username or other known--actually let me check that. (Re-reads the exploit summary) They didn't put a salt in. This is vulnerable to a rainbow table attack. An attacker can trivially generate a lookup table of all possible public key values going to all possible private key values, for all wallets created with the vulnerable software, and just check all new wallets against that table. No wonder so many people got hacked.
EDIT: For those of you who didn't understand this, just know that this was so stupid I literally didn't even consider it. If you generated your private key at the same second as a different user, both of you would have the same public and private keys.
Community Points! Gain ownership and control* of your community.
*Community Points do not grant any express or implied ownership or control of services or content.
I will say I’m darkly excited for WSB or someone else to attempt a hostile takeover of another sub
Pluto was a planet and I'll never forget
This doesn't sound right, I've only made a custom implementation of oauth2, and every computer has it's own source of truly random bits that you can use to get the needed entropy, it's pretty easy to use, and while the generator CAN run out, that's only an issue if the server has just booted up and the bucket hasn't been filled, or maybe if you generate like... a 100 keys a second, it's a pretty big bucket.
Why would you use something as non-random as the system clock, when the tools are RIGHT there, and free, and widely supported, and known?
They could just have hit up Amazon.
Just when you think crypto can't get any dumber, they pull this crap. Anybody who has ever had a diner breakfast knows that you always salt the hash!
It's in the vulnerability report:
https://milksad.info/
They're using a psudo-random source of randomness, and initializing it with the system clock.
Converting the result of now.time_since_epoch().count() into a uint32_t turns it into the number of seconds since the epoch, instead of retaining any fractional seconds. Then they initialize the twister random number generator with that value.
EDIT: or maybe the conversion cuts off the top values instead? I'm not actually sure what this does, because I don't do enough C++. But I can tell they've dropped system time to a 32bit number, which means there are only 32 bits worth of possible private keys this could ever generate, which is well within the possibility for a rainbow table. A site I found online estimated a table size in megabytes, not gigabytes.
(Also entropy isn't all that hard to come by either - any running system has random noise that can be collected by the OS)
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
At that point they decided to take all the locks off their house (including that fishy Wal Mart brand one that was still technically a lock) and replace them with rusty wang hangers chip clips.
That's not a high bar to clear! I'm an English major.
If there’s one thing this whole topic has shown, it’s that you don’t need technical knowledge to write about crypto.
Though I can see how understanding and/or respecting the English language would put up a roadblock to doing it authentically.
You just have to call the entropy chaos service
In conclusion, crypto is a land of contrasts.
This is my NFT do not right click and save that’s stealing.
today's news is Non-Fungible Threads
Reminded of that one security firm on the West Coast that generates their security hashes using a wall of lava lamps
Edit: It's Cloudflare, and they use seismic data and other uncontrolled variables recorded at other international offices as well.
Rock Band DLC | GW:OttW - arrcd | WLD - Thortar
Shame that they have a policy of protecting bigots and terrorists. But it's okay - they have hate offsets!
(That's not a joke, by the way - CloudFlare literally handles providing services to bigots by then giving their services free to pro-marginalized group organizations so they can...combat the disinformation and hate coming from the bigots who are CloudFlare customers.)
I'm going to quit my job and open up a second-hand boutique apparel store in San Francisco called "Non-Fungible Threads".
I'll be fine, just give me a minute, a man's got a limit, I can't get a life if my heart's not in it.
hey
guess what
https://www.cbc.ca/news/world/sam-bankman-fried-bail-revoked-witness-tampering-1.6934340
pleasepaypreacher.net
https://forums.penny-arcade.com/discussion/248005/crypto-nfts-and-blockchain-now-with-32-bit-encryption/p1?new=1