> nacl.bindin.crypto_scalarmult_ed25519_noclamp throws an error when I try to multiply by 8 (int(8).to_bytes(32, byteorder="little")).

libsodium checks if the point is on the prime-order subgroup before performing the multiplication and as the point your multiplying isn't it returns an error

> nacl.bindings.crypto_core_ed25519_is_valid_point says the original hash_to_point value (before adding it to itself 8 times) is not a valid EC point.

This function checks (among other things) if the point is on the on the prime-order subgroup and as the original point isn't it returns false.

<anonimauzanto[m]> "After many hours of searching it..." <- monero's hash to point is non-standard IIRC and the documentation for this function says `The point is guaranteed to be on the main subgroup.` so i would say this is not equivalent

Am I incorrect in assuming that the prime order subgroup is the same thing as the main subgroup?

nah they are the same thing

If I have time in the next few days I may try to modify the pynacl library to include crypto_core_ed25519_from_uniform to test against key_image calculation. I do not use C/C++ so I cannot test the source functionality. Thank you boog900~

Interesting, I modified the pynacl wrapper to expose the crypto_core_ed25519_from_uniform function, and with modulus applied to the keccak hash results it produces almost the appropriate hashed point. With a slight change to the point compression encoding I have matching key image results.

Here is the python code I used. It requires pynacl to be modified to expose the function.

<bcrumb> "I use local, it's weird that it..." <- sdd it says, i am syncing, takes whole day, occupies a lot of local memory space, internet is so so but enough for most things. but monero jams things usually. is it possible that remote nodes are much faster? and how are they less secure, what most of monero users are using, local or remote. for example, who ever doed it from smartphone it has to be remote?

Why not post in dev room if its a world ender

dev presumably already knows

as this went through hackerone and hasnt been disclosed yet

Looks like there going to disclose it

yep. i wonder if it mostly effects simple-mode users

i wonder if it also affects remote nodes throughout tor, but probably yes

or if hes referring to s*th traitor type nodes (/s)

Maybe

Sith lord

Lets guess the vul

thats probably the crux of the issue. a lot of people use sith nodes.

decoy poisoning

Morbs break decoys

or maybe the issue is linked to Known ring does not include spent output

Yeah cake,feather use sith

xfedex[m]: so poisoning with fake decoys? dig dig dig

im gonna check hackerone

Ima go to sleep

how can you sleep knowing seth is sleeping well?

s/seth/sith/

His asmr voice puts me to sleep

i should try that

ive never actually heard him speak. im just a hater who hates him for not acknowledging me

Should have used my own node. SHUMON

hopefully disclosed soon

Who would they report it to anyway?

On dev team

Would be interesting to know what is meant by more than loss of privacy but no fund loss

what app can i use for having multiple numbers for sms & calls?

it will be great if it accept monero but im ok with paying with cc / appstore

i need one with asian numbers (Singapore , India , etc)

not western (US,UK,Canada)

Sounds decoy issue

* Sounds like decoy issue

Security response team

luigi1111

moneromooo

our main devs, yeah

koe, vtnerd, luigi, mooo etc respond to hackerone

ooo doesnt seen to like H1 lolol

is it risky to use a web wallet?

(he reported and fixed multisig)

mlcboss[m]: duh

when has ysing a web wallet ever been a good idea?

ofrnxmr[m]: can they track my spendings?

aside from"when it was the only option"

mlcboss[m]: yes

thats what a light wallet is. it does the scanning for you

is it bad to run xmr node on VPS?

while the view key TECHNICALLY doesnt show your spends, its a simple matter to them to fingerorint change

mlcboss[m]: yes

... but define bad? for who?

centralizing nodes on 1 provider helps with purchasing bandwidth to seed tge network

I guess we gotta take the bad with thr good monero-project/monero #8827

it also opens up centralized attack points

ofrnxmr[m]: is there a way to hide my xmr wallet on my computer?

?

from who?

from your wife?

from your isp?

ofrnxmr[m]: i can't tell you but i need it to be hidden

good luck

i cant help if im expected to be psychic

Use a vpn and store your monero on a portable ssd

my psychic powers are exhausting. i only use them occasionally

modul8[m]: that doesnt hide from isp or wife

ofrnxmr[m]: is

not an ISP

maybe from coffe shop wifi

Prison wallet cant kind a portablr nvme usb adapter?

*hide

Like encrypted drive?

border agebts? delete the wallet

why is it matters anyways , i just don't want having a coin that used for illegal shit wallet in my PC

only keep seed in an encrypted backup

Without knowing the goal nobody can give you a good answer

^

mlcboss[m]: eat s rooster then

a*

go use btc

and give me all of your cash please

I put mine in btrfs drive

Is that the answer your looking for?

mlcboss[m]: Spend some monero on a new laptop that only you use and nobody knows about. Easy.

"illegal shit money"

insanity

get out of your dumbass crypto bubble

money IS private

Oh hang on..he is judging us!!

Sunno

* Dunno

just because scam 1-1000 dog coin isnt, has nothing to do with fundanental properties on money

"illegal shit"

yall weirdos are trying to reinvent the wheel by adding corners

modul8[m]: ok fine , someone suspect me I'm doing illegal stuff

cause they once see my computer had a Tor Browser on it

i can't tell you who it is cause is private

so delete it

or do like me

and tell them to eat a rooster

Fyi its not illegal to use tor

my exchange account was frozen a few days ago

Considering us navy created onion routing

they wanted to know what im doing and why my ltc address is always empty

said they trued to call me

i told them "x m r, when are you relisting?"

account > unblocked

ofrnxmr[m]: i already did and only use mymonero web wallet on pc rentals

-.-

mlcboss[m]: bananas

mymonero > might as well just use monero from he police officers car laptop

Now gonna go to sleep tldr me later

DanIsnotthemanBr: i know normies see Tor as a browser used by hacker and criminals

they don't even know it was made for privacy & anonymity

i use tor, i2p, moneo, torrents, youtube

Terrorist

so because stupid people cab tie their shoes >> i will no longer wear shoes

cmon man

Ok bye

gnite D

s/cab/cant/

They say weed makes you paranoid

these idiots say cooking burns down houses. only allowed to buy fast food > cmon man

modul8[m]: coke*

caffeine*

nicotine*

I think i misjudged how long ungoogle chromium takes to build

<ofrnxmr[m]> "i use tor, i2p, moneo, torrents,..." <- sadly Youtube is very unfriendly towards Tor user

to solve this , i searched the video title on the web and watch it on random website that reposted the same vid

vimeo , daily motion , voice tube and other brick & mortar youtube clone

youre not an android user, are you

#monero-offtopic:monero.social lets cont. there

someone should code a GPT (some FOSS derivative) / LLAMA / OpenAssitant based crypto wallet

instead of having the user need to do txs and control stuff by themselves it should be a dialog based wallet

this might be more something for ethereum though, who knows

Didn't some wallet do that as April fools

who needs tx_extra when you have output spam? 1095 bytes of data per tx. Aint it beautiful? stagenet.xmrchain.net/tx/c394b0b982…8899c062806fdb0ac4b7d1ef5e97a125acb imgur.com/a/0NfBEL6

Isnt that a typical 16 out

3,2kb 1:2 looks pretty normal iirc

I'm surprised the dev and MRL channels have been quite since the announcement of a vulnerability in wallets that can be exploited by a malicious remote node. The latter were already questionable for an opsec POV, i believe logging and decoy selection were know issues, but this seems more severe.

ofrnxmr is a fed

* a fed MAYBE

i am entitled to an opinion

he talks so much shit constantly, according to the cia playbook

kowalabearhugs-[: it has always been known that remote nodes can feed you bad data

selsta: Yes. Has "bad data" traditionally referred to the DSA?

"The impact of the exploit is more than just privacy loss" makes it seem like a larger issues than a remote node simply feeding skewed decoys

<toralien[m]> "ofrnxmr is a fed" <- 100%. tell em

Well the fee bug is an example of an attack more than just privacy loss

the whole point of having a separate daemon and wallet is that you separate responsibilities

adding checks to the wallet can be done if they don't have too much of an performance impact

kowalabearhugs-[: The fact that this is a Medium CVE is already a flag. Now, this wouldn't (and isn't) a good idea, to disclose informations about the vulnerability while a decision hasn't been made.

ofrnxmr[m]: as far as i know you are on some xmr communit something and you are the only person i express dissatisfaction with noting that i am a donator

s/communit/community/

toralien: before you start shitosting #monero-offtopic:monero.social

selsta: Can you confirm this new announcement is genuine?

selsta: are you aware of the details of the vulnerability?

If it is, I am very surprised that it was decided to release a 'security advisory' on Reddit and nowhere else.

toralien[m]: not due to work done but because of the constant manner of behaviour

im not on anything

then i am content

rip

Alex|LocalMonero: yes

<ofrnxmr[m]> "Isnt that a typical 16 out" <- It's XOR'ed. If you take the first vout key and XOR with the first outPk, 2nd with 2nd, 3rd with 4rd, etc, you'll see it

s/4rd/3rd/

yeahh i didnt even check more details first (didnt even see in in/out). apologies i had written a follow up reply but didnt send

is there an XMPP > gaytrix bridge?

Thought it is dANBs

maybe bridgerton

spackle_xmr[m] and others who asked

selsta: Thank you. I still don't understand why Reddit was used as the only channel to communicate the advisory, but that certainly clears things up.

In the past we haven't put out advisories for medium severity bugs before they were fixed.

90 days had passed so tevador was allowed to post about it per the VRP.

oh, that "vulnerability" was known for a long time

reddit seems like the place with the largest audience

twitter would have been good, too, though

I mention it more out of a concern for people using Reddit as an authoritative source for receiving security related announcements. I don't trust Reddit, and the situation seems exploitable to me.

Anyways, I appreciate the information. I'll shut up and go back to polishing my tinfoil hat.

It would be a good time to sign statements with PGP keys.

Rucknium[m]: we did that here getmonero.org/2021/12/06/vulnerability-multisig.html

Thanks. That is the memory that I recalled.

It appears in this instance that tevador was free to choose to sign (or not) the statement with his/her PGP key.

So world is not ending?

the sky is falling down

Sounds like i didnt get my way so i posted in reddit and made it bigger then ben-hur

Vulnerability

it's a valid vulnerability but definitely not world ending

I'm happy that tevador found a good solution with the RandomX change, otherwise we would have had to wait until Seraphis to mitigate this.

Don't we still have to hardfork?

yes, but we will likely hard fork Bulletproofs++ and the RandomX change before Seraphis

Oh, nice then

Out of all this at least i know there is hackerone reporting for monero now

selsta: Given the next HF is likely more than 6 months away do you have any idea where things stand with OSPEAD and its potential inclusion?

Rucknium[m]: ^

kowalabearhugs-: If the hard fork was 3 months away, we could include OSPEAD, but it would be close. If more than 3 months, we could easily include it.

definitely more than 3 months away since

OSPEAD is a wallet-level change that doesn't require a hard fork. However, we have not evaluated the risk of having two significantly different decoy selection algorithms being used by the reference implementation (wallet2). It could be evaluated (I have some possible methods), but it is out of scope for the original OSPEAD CCS.

The question is how easily an adversary could distinguish between the two decoy selection algorithms and whether that would give them an advantage in trying to guess what output in a ring is the real spend.

We don't really have to answer that question if OSPEAD is implemented in a hard fork since all users who want to use the hard-forked chain would use the updated wallet2, either directly or through a "third-party" wallet.

We know that there are "third-party" wallets that don't use the wallet2 decoy selection algorithm, but that's out of scope of this issue unless something like this is done: monero-project/research-lab #87

Another related issue is "Avoid selecting coinbase outputs as decoys" monero-project/research-lab #109

jeffro256 has written code to implement it. But an adversary may be able to guess that a user would be using the decoy selection algorithm that avoids coinbases.

Implementing it ^ with a hard fork would mostly avoid the wallet software version distinguishability issue.

Distinguishability is easier to analyze with the coinbase avoidance proposal because it's basically a set of binary choices, which would create a binomial probability distribution. The OSPEAD change is a change in the continuous probability distribution, which is harder to analyze.

Harder, but not impossible. Like I said, I have some ideas about how it could be done. It requires research labour hours to check things to be sure, test, etc.

🐟

Hi. Any recommendation for mobile wallets?

I tried Monerujo but it kept crashing

L3M0R, android?

Yes

hmm never had issues with monerujo on android

It crashed while grabbing keys from my password manager

you can try cake maybe

Maybe?

I dunno

lol. Alright I'll into it. Thanks

try cake?

is your android up to date? also the app? re-install might help

or just reach out to their support :)

np

Yes, and I got the app from play store

what do you mean with the password manager?

keepassxc

it interacts with the app?

keepass2android to be exact. It has its own keyboard which allows you to fill entries

yeah no clue on that

As soon as I entered my key, it froze.

Now I feel like creating a new wallet :P

good luck :)

but maybe try add monerujo as exception on that thingy and see if it works

I'll try again.

one more thing, is LocalMonero a good way to buy XMR?

yeah

L3M0R, here kycnot.me

damn

Thanks!

(: yw!

But are these reliable/trustable?

DYOR iGuess otherwise it's just my opinion

fair enough

kico: I tried installing monerujo through Fdroid and Google play protect is displaying a warning "Harmful app blocked"

lol

sorry can't help :\

that's ok

oh yeah fdroid

will not work on normal android

But then Google play installed some old version

only version on appstore will

google play

for fdroid you would need f-droid.org

Yea I added the repo

and installed the app and the warning showed up

but if you install the app from google play works?

It runs, but with no warnings

not sure there is a chan for monerujo on irc

ok

you should try support :)

let me try cake

But I like the aesthetics of Monerujo

<L3M0R> "and installed the app and the..." <- There's an option in settings that allows apps to be installed from an unknown source

That is enabled

It was Google Play Protect warning

Oh I think that's a setting inside Google play app