<b​rick:tchncs.de> How can I fight ordinals in monero?

<o​frnxmr:monero.social> Hm?

<b​rick:tchncs.de> I saw MentalOutlaws video

<o​frnxmr:monero.social> Old

its ok they dont exist anymore

<b​rick:tchncs.de> Ok

<b​rick:tchncs.de> cool

<o​frnxmr:monero.social> But, how to fight them? Update your node to 18.2.2 or later

<b​rick:tchncs.de> Also, I have a question about network updates. I am hosting a node via a GUI wallet, I heard that if a wallet is outdated or the node is that it is connected to (in my case they would obviously be the same version so I am not sure) but monero sent on an old wallet version (or network, still not sure) will not go through unless the block it is a part of is mined by a monero minine<clipped message>

<b​rick:tchncs.de> r running an older version of the network (or wallet) version.

<b​rick:tchncs.de> Is my understanding correct? Also how do I know when i need to update my wallet?

<b​rick:tchncs.de> Can an outdated wallet/node also have problems receiving monero?

<1​23bob123:matrix.org> p2p mining?

<b​rick:tchncs.de> What about it?

<b​rick:tchncs.de> Well all I guess. P2P solo and pool

the monero gui itself will notify you of any new updates if your version is outdated. you can also subscribe to getmoneros blog RSS feed where releases and other things are announced getmonero.org/feed.xml

the only time an outdated wallet would have trouble receving/sending funds if it is on a pre-hardfork version

so pre v0.18.1.2 , you wont be able to send monteros

often, new updates are marked as being "highly recommended" (not mandatory) because they fix bugs

we are currently on network v16 github.com/monero-project/monero#scheduled-softwarenetwork-upgrades

sorry, fork version*

<1​23bob123:matrix.org> Fork you!

<g​onbatfire:monero.social> Does monero.social support password recovery via email?

<g​onbatfire:monero.social> I never receive any email

<x​mrscott:monero.social> Yes, just did it to validate

<g​onbatfire:monero.social> huh.. yeah I'm not receiving anything, thankfully I just remembered my password lol

what's the word on this CCS fund hack? was it an inside job, or is the code really fubar?

<r​brunner7:monero.social> As far as I know nobody really has a clue yet. Thus, "no word".

<1​23bob123:matrix.org> word

word

<o​frnxmr:monero.social> :D

<c​howbungaman:matrix.org> Monero meetup in Buenos Aires , Argentina here today at 11am local time:

<c​howbungaman:matrix.org> maps.app.goo.gl/9tu7S21yD9WLL5ho9?g_st=ic

<a​tomfried:matrix.org> with more and more storries i see on twitter on how people are loosing their coins, i would like to generate a bip39 or monero seed phrase by dice rolling.

<a​tomfried:matrix.org> are there any tutorials for this out there which are valid?

<a​tomfried:matrix.org> are there any out there specifically for monero which we know are statistically sound? Rucknium

<p​lowsof:matrix.org> discussion on this happened here atomfried libera.monerologs.net/monero/20231026#c293528

<a​tomfried:matrix.org> oh thank you

<p​lowsof:matrix.org> creating an offline securely is easy, the hard part is using it to send/receive funds

<a​tomfried:matrix.org> i just want to create a bip39 and put it on my hardware wallet

<a​tomfried:matrix.org> i just want to rule out the possibility of a flawed random number generation

<r​ucknium:monero.social> atomfried: With BIP39, the annoying part is the checksum word. With a 12-word seed, the checksum can be found by trying 4 or 8 (need to check) different possibilities. With 24 words, you need to run a Python script on an airgapped computer to find it.

<a​tomfried:matrix.org> ok i see, but this also would rule our flawed random number generation, so i am fine with that

<r​ucknium:monero.social> With Monero's 25 word seed phrase, the checksum will be one of the words of the first 24 words.

<p​lowsof:matrix.org> if you have 24 words without checksum, thats also fine, monero-wallet-cli will accept it .. you can use your monero address as your own checksum - if it doesnt match, then a word is wrong

<a​tomfried:matrix.org> thats nice!

<r​ucknium:monero.social> Cryptographic randomness is not something I understand well, especially pseudo-random (computer-generated) randomness. For statistics, usually random number generators that would not be cryptographically valid are used.

<a​tomfried:matrix.org> it is not that i do not trust the theoretical foundations of cryptographic random generators, i just dont realy trust the implementation or lets say i just want to rule out this attack vector

<r​ucknium:monero.social> I don't necessarily trust it either.

<a​tomfried:matrix.org> given i have a list of words 1 to n.

<a​tomfried:matrix.org> and i role 6 dices and concat the numbers to generate a number x.

<a​tomfried:matrix.org> if x > n i reroll the dices, otherwise i pick the word which is associated with the number i rolled.

<a​tomfried:matrix.org> will this pick words uniformly random?

<a​tomfried:matrix.org> or will there be a bias in the words i selected because if the reroll?

<r​ucknium:monero.social> For example, the Milk Sad insufficient entropy vulnerability used the Mersenne Twister random number generation algorithm. Mersenne Twister isn't adequate for cryptography, but it _is_ R's default random number generator. Different standards for different purposes.

<a​tomfried:matrix.org> if i avoid calculating modulo to force finding a pick and just reroll is this valid?

<a​tomfried:matrix.org> MT is also pretty much the goto PRNG for c++ with the <random> header

<r​ucknium:monero.social> Uh, I don't really want to endorse a specific seed word generation method right now since it's important to get it right. There are many methods published online. Of course, you want to verify that the published methods have no problems.

<a​tomfried:matrix.org> i understand that

<r​ucknium:monero.social> I think that the "just has it" method that plowsof posted would not work directly for seed words. It would get the private key. You would have to have a method for mapping the output of the hash onto the list of seed words

<r​ucknium:monero.social> *just hash it

<r​ucknium:monero.social> I think kayabanerve has opinions on dice as the source of entropy

<k​ayabanerve:matrix.org> I don't mind them as a supplement

<k​ayabanerve:matrix.org> atomfried: You can't concat the numbers in base 10, you'd need to convert from a base 6 number to a base 10 number.

<k​ayabanerve:matrix.org> You can reject if x > n to achieve numbers without bias.

<k​ayabanerve:matrix.org> Though you need to understand every single signature you make presumably uses RNG

<k​ayabanerve:matrix.org> So either ensure your signing program doesn't use RNG, and instead uses hashes of the private key + message for its nonce, or get the dice out whenever you want to make a transaction

<a​tomfried:matrix.org> hahaha

<k​ayabanerve:matrix.org> I'd recommend `H-512(rand(32 bytes) + "142325624625142365243516...)" to make a new private key if you want to incorporate dice

<k​ayabanerve:matrix.org> No math re: the dice itself, dice is solely additional entropy.

<a​tomfried:matrix.org> so rolling my bip39 seed would not give me extra security?

<b​tclovera:matrix.org> You fully trust PRNG / TRNG? kayabanerve?

<a​tomfried:matrix.org> i think i will just get some d16 and a d8 dice and then i can easily roll the d16 two times and the d8 one time to pick a random bip39 word.

<a​tomfried:matrix.org> since there are 2048 words this fits perfect

<a​tomfried:matrix.org> just for your interest

<r​ucknium:monero.social> atomfried: Do you plan to take the sum of the d16*2 and d8 to choose the word?

<b​tclovera:matrix.org> I have calculated my 24 words in bitcoin with a coin.... By flipping 256 times. I calculated the checksum using iancoleman.io/bip39 offline or any hww that allows you to do it like SpecterDIY.

<b​tclovera:matrix.org> But I would love to be able to do this with polyseed. But i dont undertant how to do it

<b​tclovera:matrix.org> checksum is word 1 and all 11bits. them you have more information not randomly. so, i odnt know ho to do it

<a​tomfried:matrix.org> yes, now that i think about i am not 100 sure that is a good idea

<r​ucknium:monero.social> It's not. The sum would not be uniform. (Sorry IRC people):

<r​ucknium:monero.social> ```R

<r​ucknium:monero.social> n.sims <- 10000

<r​ucknium:monero.social> results <- vector("numeric", n.sims)

<r​ucknium:monero.social> set.seed(314)

<r​ucknium:monero.social> for (i in seq_along(results)) {

<r​ucknium:monero.social> results[i] <- sample(16, 1) + sample(16, 1) + sample(8, 1)

<r​ucknium:monero.social> }

<r​ucknium:monero.social> 100 * prop.table(table(results))

<r​ucknium:monero.social> ```

<r​ucknium:monero.social> Sums of random variables tend to converge to the Normal distribution

<a​tomfried:matrix.org> yes, ofc stupid me ... i was just thinking about using 2^11 rolls with a coin per word to select it and thought i could just take a short path by using higher dices

<a​tomfried:matrix.org> so when i use two D8s and a D4 i could do:

<a​tomfried:matrix.org> idx = (D4 -1) * 64 + (D8_1 -1) * 8 + (D8_2 - 1)

<a​tomfried:matrix.org> to select the index of the 2048 words i want to choose from i guess thats more of what i thought of before i was bamboozled by the multiplication idea

<m​onero-hackerindustrial:monero.social> This might be of assistance for you

<m​onero-hackerindustrial:monero.social> github.com/Monero-HackerIndustrial/MoneroDice-WalletGen

<m​onero-hackerindustrial:monero.social> I need other people to take a look to make sure I didn't overlook something

<m​onero-hackerindustrial:monero.social> ```The script generates 100 dice rolls for a little bit over 256 bit entropy.

<m​onero-hackerindustrial:monero.social> Based on some Math from coldcard, a d6 dice provides 2.585 bits of additional entropy per roll This means: 50 rolls for 128 bit 99 rolls for 256 bit```

<m​onero-hackerindustrial:monero.social> ````

<m​onero-hackerindustrial:monero.social> The script generates 100 dice rolls for a little bit over 256 bit entropy.

<m​onero-hackerindustrial:monero.social> Based on some Math from coldcard, a d6 dice provides 2.585 bits of additional entropy per roll This means: 50 rolls for 128 bit 99 rolls for 256 bit```

<m​onero-hackerindustrial:monero.social> ````

<m​onero-hackerindustrial:monero.social> the kdf on bip39 is

<m​onero-hackerindustrial:monero.social> github.com/diybitcoinhardware/embit…d9d9564eed48/src/embit/bip39.py#L86

<m​onero-hackerindustrial:monero.social> here is an issue I had made on polyseed to ask about the kdf and the entropy involved. I linked the existing bitcoin bip39 kdf functions along with what polyseed uses etc.

<m​onero-hackerindustrial:monero.social> tevador/polyseed #8

<m​onero-hackerindustrial:monero.social> My diceroll generator vs polyseed differences:

<m​onero-hackerindustrial:monero.social> ````

<m​onero-hackerindustrial:monero.social> My version and Polyseed use similar key derivations except for 2 differences.

<m​onero-hackerindustrial:monero.social> sha256 vs sha512

<m​onero-hackerindustrial:monero.social> #of iterations

<m​onero-hackerindustrial:monero.social> 10000 vs 2048

<m​onero-hackerindustrial:monero.social> The salt being the reserved/feature bits.

<m​onero-hackerindustrial:monero.social> ```

<m​onero-hackerindustrial:monero.social> That is the only difference and should be a couple of line changes for the kdf function

<m​onero-hackerindustrial:monero.social> If you are going to diceroll you need a KDF function to "stretch" the entropy into a uniform string but also beyond just "simple hash on brain wallet" since those are insecure

<m​onero-hackerindustrial:monero.social> You can put the diceroll into a variable then generate the hash of it. Then feed the hash into a kdf function. Bip39 uses 2048 iterations of sha512. Here is a slight modification to work with monero python client to generate seeds:

<m​onero-hackerindustrial:monero.social> ```

<m​onero-hackerindustrial:monero.social> PBKDF2_ROUNDS = 2048

<m​onero-hackerindustrial:monero.social> #password used for the salt (a sha256sum )

<m​onero-hackerindustrial:monero.social> password = hashlib.sha256(dice_rolls.encode()).digest()

<m​onero-hackerindustrial:monero.social> entropy_bytes = hashlib.pbkdf2_hmac(

<m​onero-hackerindustrial:monero.social> "sha512",

<m​onero-hackerindustrial:monero.social> dice_rolls.encode("utf-8"),

<m​onero-hackerindustrial:monero.social> password,

<m​onero-hackerindustrial:monero.social> PBKDF2_ROUNDS,

<m​onero-hackerindustrial:monero.social> 32,

<m​onero-hackerindustrial:monero.social> )

<m​onero-hackerindustrial:monero.social> hex = entropy_bytes

<m​onero-hackerindustrial:monero.social> hex = hex.hex()

<m​onero-hackerindustrial:monero.social> s = Seed(hex)

<m​onero-hackerindustrial:monero.social> phrase = s.phrase

<m​onero-hackerindustrial:monero.social> public_address = s.public_address()

<m​onero-hackerindustrial:monero.social> ```

<s​needlewoods_xmr:matrix.org> rip irc

<s​needlewoods_xmr:matrix.org> but interesting stuff

<o​frnxmr:monero.social> Rip

F

uyfougpohij[]

<m​onero-hackerindustrial:monero.social> Yeah I forget about the irc bridge. Shoot me a PM if you want to talk more about it

<1​23bob123:matrix.org> Rip nioc

F