03:05:04 So from memory to confirm, when a user sends to a particular address, they generate a random nonce that gets combined with the address to determine where to send their funds 03:05:37 And choosing the same number and sending to it twice will generate outs with the same key image, rendering only one spend able 03:06:20 If I'm missing a piece please fill it in, my memory says that there's an infinitesimal chance that sending to a user will cause an unredeemable spend 03:35:52 that's right, reusing transaction public keys can cause problems but is very very unlikely if you generate them randomly each new tx 03:36:21 I would have assumed the chance of a single account generating duplicate key images was zero 03:36:31 and the only chance of collision was across multiple accounts 03:47:31 https://www.reddit.com/r/Monero/comments/gg5fuc/is_this_mnemonic_seed_cursed_truly_bizarrehave_i/fpxoqrf?context=2 03:47:36 There's the context 03:50:35 ah yes, all-zero spendkey 03:51:00 some crypto mechs just error-out on an all-zero input 05:07:54 precomputed hashes aren't working on master 08:09:12 Hello, I want to generate keyimage, but I can't find the Java implementation 13:11:08 needbrrrrrrr90: I saw the reddit thread. The problem is the private spend key is all zeros, which doesn't work mathematically (can't multiply an elliptic curve point by zero, it just doesn't make sense), and I guess the code is built to handle that kind of issue. 13:11:20 isn't* built 13:11:52 yeah, confirmed on second box and build "2020-05-09 13:11:28.894 E Failed to load hashes - unexpected data size 13:11:52 " 13:12:12 gimme mah hashes! 13:13:19 Is that with selsta's recent patch for 0.15.1.0 ? 13:13:24 its master 13:13:49 Fine, I get it, I'll look. 13:13:50 yes the hashes haven’t been updated in a while, they work with my v0.15.1.0 patch 13:13:52 so if its not pulled in yet, then i didn't compile it 13:14:00 (that I have to update to v0.16...) 13:14:17 lemme hunt down that patch 13:14:36 wtf, git pull trying (and failing) to pull some ethereum stuff 13:14:52 yes trezor submodules pulls some ethereum stuff 13:14:57 has for a while now 13:15:10 Succeeded now. That is dodgy. 13:15:54 So it looks like it does not have selsta's patch yet. Does it work if you apply it ? :) 13:53:14 That's why 0.15.0.1 was released, wasn't it ? 13:53:43 Wrong hash step (256 -> 512) in 0.15.0.0, IIRC. 14:26:24 You mean master has had a bad hoh file all this time, but gingeropolous only spotted it now ? 14:27:12 Could be. Any way to tell if the hashes in master are 256-step or 512 ? 14:28:04 The header has the number of hashes. 14:28:24 They're not logged though. Or check the date of the commit that modified it last. 14:29:07 Says 0.15.0.0. 14:29:34 So you're likely correct and we can just ignore this, since selsta's commit probably uses the right version. 14:30:34 DE1D = 1DDE = 7646 x 256 = 1957376 ? 14:30:42 Sounds plausible ? 14:30:44 yes hashes master have been broken for a while 14:32:44 release-v0.15 has 030F = 0F03 = 3843 x 512 = 1967616. 14:35:10 Sounds very plausible. 14:58:01 UkoeHB_: there is this now https://github.com/monero-project/monero/pull/6296 15:00:29 Is that causing trouble ? It's just a "tell the user to stop being an idiot", really to placate some spammy dude. 15:03:20 Someone entered `abbey` 25 times as their seed and asked if/why things are broken. 15:04:18 Was that given by some software, or is that someone being an idiot on purpose ? 15:05:42 > It was at this point he told me it wouldn't be the first time the seed had changed hands, and that someone had given him the seed at a Monero Meetup. 15:05:57 maybe someone did this as a joke to confuse people? 15:06:46 https://www.reddit.com/r/Monero/comments/gg5fuc/is_this_mnemonic_seed_cursed_truly_bizarrehave_i/ 15:07:05 Using a seed from someone else, clearly trolling. 15:07:54 Anyway, from time to time people pop up thinking it's a good idea to use their own words and not understanding that not veru word string maps to a valid seed. 15:08:06 AFAIK nothing in monero tells people this is a good idea. 15:08:32 *every 15:08:55 maybe they are conusing it with a brainwallet? 15:09:11 I *think* this is why some people report a changed seed (software reduces the scalar). 15:09:32 Brainwallet tells you to come up with your own words ? 15:10:12 yes 15:10:41 Unfortunate. Then maybe it's not idiotic, just bad assumptions. 15:11:10 there is this correct horse battery staple xkcd and a lot of people used it as their brainwallet 15:11:28 so now there are bots that instantly transfer out transactions of this brainwallet 15:11:29 Come to think of it, if people want their own woeds, we could just hash this with a KDF to a seed. 15:11:51 OK, back to idiotic then. 15:13:12 Actually, my address generator does that already. I wonder if that helped confuse people :/ 15:14:54 I think the idea can be neat if you can memorize your seed. 15:16:08 you mean the custom entropy thing? 15:16:15 abbey is word 1 15:16:17 aka zero 15:16:30 someone trolled that dude I guess 15:17:47 lol 15:21:17 I think it's about the 4th time this "abbey abbey abbey ..." wallet and its strange behaviour comes up on Reddit. I guess it's possible to come with this for curious people all on their own and then check that seed 15:23:00 moneromooo, will your patch now make this wallet un-restorable? 15:23:09 No. 15:23:41 (just for the json restore path) 15:24:07 Guess we could warn when we get an invalid words list. 15:24:21 Doesn't hlep people who use a seed someone else made though. 15:26:35 By the way, is this wallet unique? Or are there other ones where every out transaction produces the same key image, say because some modulo operation makes it work like these zero keys? 15:27:24 (Somebody asked this on Reddit, and I got interested. My guess is "yes, it's unique", but I am not sure.) 15:28:47 I don't really get it 15:29:26 Get what, my question? 15:29:46 seems like a bug 15:30:18 a zeroed private key shouldn't result in identity key images 15:30:43 only a zeroed output private key should 15:32:58 Well, maybe I assume this to be much too simple, but isn't there some op where "times 0" (from the keys) gives 0, and from there on it goes wrong? 15:33:21 Or does EC multiplication not work this way? 15:34:04 it does, yes 15:34:10 but the private key is only used by addition 15:35:07 anyway plenty of copies 15:35:08 large hemlock royal beware woozy gather slackens vain nanny tumbling gained identity abbey abbey abbey abbey abbey abbey abbey abbey abbey justice yearbook annoyed nanny 15:35:21 wade saga knuckle dolphin website pegs ethics angled galaxy seeded pause space abbey abbey abbey abbey abbey abbey abbey abbey abbey upwards withdrawn below saga 15:35:35 I assume if you import them the wallet will reduce to abbey abbey.... 15:35:57 How did you come up with those seeds? 15:36:33 Replacing some words with "abbey" to get a zero key? 15:36:49 more seeds to troll at meetups 15:37:01 the wallet does reduce to abbey, just tested 15:37:21 Because the one key derives from the other, right? 15:37:24 rbrunner just double l 15:37:51 there should be like 15 of them 15:40:12 "yearbook annoyed nanny" lol 15:40:25 unfortunately all of them will ahve a lot of abbey's later on, so anyone in the know can detect them 15:42:01 So it's unique, in a way? There is no key, say "halfway up to the maximum" key that has the same behaviour because some mod operation makes it zero. 15:43:03 (Sometimes stupid questions lead to something, so please forgive :) 15:43:23 no of course not, the modulus is a prime number 15:43:48 keys are 0, modulus, 2*modulus, and so on 15:44:10 when the wallet sees a key higher than modulus, it reduces it to the equivalent key in the set 15:45:21 I see. So only limited fun. 15:46:01 but I still don't get it 15:46:07 I guess I'll scan that wallet and see 15:46:50 See what? It has 7 transactions incoming, one is from me when I tried whether the transactions were doctored, or the wallet is "broken" 15:48:02 yeah I wanna see them 16:03:46 can we tell everyone to send their burn coins there 16:05:00 There should be an "abbey" command in the wallet for that. 16:05:56 iDunk, you made my day 16:06:05 :) 16:06:27 abbey normal? 16:08:04 idk if the abbey wallet qualifies as a burn address, be very careful 16:08:23 I expect someone could patch the code to make it useable 16:16:04 figured it out 16:16:24 wallet thinks it's view only 16:16:41 UkoeHB_ it's definitely not a burn address 16:16:47 thus can we tell everyone to send their burn coins there 16:16:57 lol 16:17:18 https://github.com/monero-project/monero/blob/master/src/cryptonote_basic/cryptonote_format_utils.cpp#L323 16:17:24 go get your free monero 16:17:50 lol 16:19:03 abbey is a permanent watch-only wallet? 16:21:48 not permanent, you just have to patch it up 16:22:16 custom build 16:22:36 yeah, even a non dev (if you can figure out how to compile) could do it 16:22:43 the spendkey is still zero tho 16:22:46 very easy change 16:23:04 one-time addresses aren't just the spend key, so it works out 16:23:10 ah 16:23:11 the spendkey is only used in an addition context for transactions, that's why it works 16:44:53 Almost an anti-climax 16:46:22 yeah, much better as a cursed address 16:52:29 Hmmm, Monero Core Team member with "cloud10again" as their Reddit handle? They just made a post explaining the thing with the treatment as output-only wallet ... 16:52:52 luigi 16:52:53 cloudluigi 16:53:18 Oh, ok. 18:22:10 a zeroed private key shouldn't result in identity key images <= Perhaps someone trolled by sending burnt outputs to the wallet 18:22:16 By keeping r constant for numerous transactions 20:10:14 no 20:38:15 loogi pls branch 20:38:38 v0.16 or whatever you like 20:39:28 * iDunk votes for release-v0.16 21:44:00 releasing v.16.1111 21:46:04 https://github.com/monero-project/monero/tree/release-v0.16 21:47:01 nice 22:01:26 luigi = monero leader 22:01:36 confirmed by wikipedia^tm