00:50:06 hmmm, another discussion about matrix not working 00:54:16 Yea, i'm pretty sure the monero.social homeserver is just broken :) 00:55:12 OK, let's form an issue statement to work on. This looks like a start? " I lost connection to Monero community workgroup help. Is it overloaded? Nah just forever loads on laptop, phone it’s gone" 00:58:26 To start I'll look at the metrics and then I'll try to login as well 00:58:45 Need to check something unrelated first. 01:01:09 it honestly appears as if the state of the rooms is being rolled back, or certain info is being dropped 01:01:42 Monero-website is missing the profile pic for monero.social users, even though it was just added 01:11:46 state resets is a known problem with matrix. the protocol and server implementation is just broken 01:11:58 Yep 01:31:18 its werid tho, bcuz if youre on a different homeserver (like xmr.mx) the rooms and users on other homeservers appear to be fine 01:31:46 Example: ofrnxmr:monero.social cannot seen plowsof:matrix.org's pfp, but the pfp is older than the sky 03:26:07 I'm not having any of the connection or latency issues, but I can reproduce some of the missing profile pictures, so that gives me a place to start looking. 12:49:50 The conn issues arent easily reproducible. They happen to random ppl at random times. 12:49:51 quickex was dropped from this room, i was as well. I think someone else too, all at different times 12:50:26 While many others (like syntheticbird) had accounts that were unaffected 13:15:35 this so much true 14:06:30 Could you elaborate on this? What would this look like in practice? 14:32:28 1. Blocking port 18080 2. inspect packets for monero p2p traffic and block it 14:33:18 3. Mitm "fire sheep" [self-signed] rpc traffic 14:40:39 this so much true 16:13:46 change port, use Tor or VPN 16:45:11 Use tor or vpn => block connection guard nodes/block wireguard/openvpn connections 16:45:24 It's more than easy for any country to make a GFW 16:45:48 look there is even an open source re implementation of china GFW: https://github.com/apernet/OpenGFW 16:46:44 > **Use cases** 16:46:45 > Help you fulfill your dictatorial ambitions 16:47:51 No incoming connections is you use tor or most centralized VPN 16:48:24 And if you use a centralized VPN that does have port forwarding, your node will share an ip with many others 16:49:00 And if your vpn provider is using an ISP that blocks monero, well, youre SOL 16:49:42 if monero had onion/i2p blockchain sync, it would cause issues with network speed / scaling 16:51:01 "change port" requires upnp to work, disregarding firewalls, and doesn't do anything about packet analysis 16:51:53 When he says VPN, he means mullvas. Rando doesnt believe in traditional VPN connections :D 16:52:55 The only combination that would work out would be Wireguard over Shadowsocks + DAITA and it's supposing the firewall don't store the IP addresses of mullvad servers 17:05:22 "change port" was my solution to port blocking which is a common thing, VPN/Tor can easily bypass it countries that doesn't block them 17:06:29 yes DAITA by mullvad is the only VPN that can protect you against traffic analysis 17:06:48 "change port" was my solution to port blocking which is a common thing, VPN/Tor can easily bypass it in countries that doesn't block them 17:07:58 Mullvad needs to exit to clearnet 17:08:35 Here's the actual paper: https://dl.acm.org/doi/pdf/10.1145/3603216.3624953 17:09:29 Also a report from a mullvad dev: https://pulls.name/blog/2024-06-05-eval-first-daita-servers/ 17:09:54 Adding random traffic can actually make you stand out at times, best to look at the actual research done 17:10:07 I plan on adding MaybeNot to Cuprate in the future. Iirc there is also someone working on monerod traffic obfuscation 17:10:18 Cool! 17:22:01 Windscribe also does that but it is not as advanced with AI 🚀 17:22:01 https://blog.windscribe.com/combating-traffic-correlation-attacks-decoy-mode/ 17:22:28 rando DAITA do not use AI 17:22:34 Lol 17:22:49 Read the paper before making conclusions 17:23:13 oh lool 17:23:15 MaybeNot is just a unified framework of network state machine that give you instruction on padding, delays and fragmentation 17:23:48 Now here's the thing: There is no technical background on this blog post. Adding random traffic can make you stand out! 17:24:27 Adding random traffic only (can) protect you against one type of correlation attack, but many others exist 17:25:02 See reference implementation of defenses used by researcher: https://github.com/ewitwer/maybenot-defenses 17:25:40 stand out as someone using this feature, because more traffic isn't that much suspicious. 17:26:17 That mostly. Also if you add truly random noise in your traffic you can just noice cancel it and it would add no protection. 17:26:38 The main point is not to add noise. but make your traffic looks like noise 17:26:55 SyntheticBird explained it, and additionally, it depends on the amount of information adversary has 17:27:35 SyntheticBird explained it, and additionally, it depends on the amount of information/access adversary has 17:27:53 As if conatantly streaming blockchain traffic doesnt already standout 17:28:13 It does, and that is a big problem for people in certain places 17:28:37 With 15 outgoing connections and 100 incoming 17:28:39 An option is tor 17:28:48 Tor doesnt so incoming 17:28:51 But even then, yes, incoming/outgoing connections can be suspicious 17:29:03 Oops, yes, you're right 17:30:10 I2p at least runs a relay by default, so (if we had blockchain sync over tor/i2p) your traffic would be mixed in with relay traffic (afaik) 17:30:53 That's right 17:31:11 >The paper was written responsibly using ChatGPT, Github Copilot, and Grammarly. 17:31:11 Respect the honesty 17:31:13 I just want i2p written in Rust with modern crypto algorithm that are fast and safer. Is that so much to ask ? 17:31:15 LOL 17:31:23 LMAO 17:31:31 Yes haha 17:31:53 Which algorithms would you like to see implemented? 17:32:04 used AI 🤣 17:32:12 replace every hash by Blake3 would be a start 17:32:31 then also use muh Falcon or Kyber post quantum 17:40:09 https://github.com/samuel-lucas6/Cryptography-Guidelines?tab=readme-ov-file#use-in-order-4 17:40:09 BLAKE3-256: the fastest cryptographic hash in software at the cost of having a lower security margin and being limited to a 128-bit security level. It's also rarely available in cryptographic libraries. However, it improves on BLAKE2 in that there’s only one variant that covers all use cases (it’s a regular hash, PRF, MAC, KDF, and XOF), but depending on the cryptographic libr 17:40:11 ary you use, this probably isn't something you’ll notice when using BLAKE2b anyway. I'd only recommend this when speed is of utmost importance because it's not conservative. 18:03:46 Interesting. I didn't know Blake3 had a 128bit security level. So only relevant for pre-quantum applications. 18:40:18 Aren't our seeds /privkeys limited to 128bit? 18:40:39 I don't remember, maybe just a polyseed thing? 19:03:38 yes , and thats why a quantum day would reverse our public keys to private keys . 19:05:42 Yes. Our keys and overall cryptography is based upon Curve25519 which offers 128bit security 21:31:48 seed/polyseed is a representation of the private key 21:32:22 Here's a nice resource: https://getmonero.dev/cryptography/asymmetric/private-key.html 21:34:30 https://docs.getmonero.org/cryptography/asymmetric/private-key/ 21:34:31 FIFY 21:34:40 Oh, cool, new website 21:34:44 Thanks ofrnxmr 21:36:27 https://83.md.monerodevs.org/mnemonics/polyseed/ here too 21:37:43 My point was that the argument between 12 vs 24 word bitcoin seeds was (iirc) something about 24 being pointless due to the security of the key being limited to the security of 12 words 21:37:54 Ohh 21:37:55 Okay 21:38:01 Thanks for clarifying 21:39:42 And polyseed being less words because more words doesnt actually increase the security. I think that may have been the reason for the bump from 14 to 16 words for polyseed (checksum, birthday, features + privkey) 21:45:54 I still want a simple cli program that convert 25 words seeds + birth date into 16 word polyseed 21:46:18 Why not do it? 21:46:20 What's the issue? 21:46:31 There should be a reference implementation of polyseed somewhere 21:47:12 https://github.com/recanman/docs/blob/main/monero-convert-between-wordlists.md 21:47:13 Convert between 25-word seed wordlists 21:48:10 I love you 21:48:27 Someone asked how to convert old english to english a few months back, so I made this 21:48:33 https://83.md.monerodevs.org/mnemonics/polyseed/ 21:48:45 i dont think its possible ? 21:49:00 I don't even know how polyseed words, let me read 21:49:10 You can go from poly to legacy, but not legacy to poly 21:49:41 https://github.com/tevador/polyseed more detailed here 21:49:54 iiuc 21:51:08 Not directly because of the wallet birthday embedding 21:52:25 https://github.com/DiosDelRayo/polyseed-python 21:52:35 For that youd just need to convert the restore height to an approximate date 21:52:42 Yeah 21:53:00 Date after nov 2021 21:53:01 I need to look into the code to look at the representation of the private keys 21:53:28 > The wallet birthday has a resolution of 2629746 seconds (1/12 of the average Gregorian year). All dates between November 2021 and February 2107 can be represented. 21:53:39 https://matrix.monero.social/_matrix/media/v1/download/kernal.eu/uYFEgKcBiAfzhkbXhhLzZthQ 21:54:26 `feature` bits are pretty clear along with `birthday` 21:54:42 Yeah 21:55:01 https://github.com/tevador/polyseed/commit/90f0a469a4b505c7b6da481062dcc178abef0270 21:55:06 Ah, here are some tests: https://github.com/DiosDelRayo/polyseed-python/blob/master/test_polyseed.py 21:55:37 In a couple of hours I think I can get something working but don't have the time unfortunately 21:56:19 Well, possibly on Monday... not sure as always 21:57:58 Definitely cant use seeds older than 2021(?) 21:58:17 Well, the birthday would be messed up, yeah 21:58:25 Afaik you cant convert a pkey into a polyseed, 21:58:28 i'll make a new wallet then 21:58:45 Why not? 21:58:52 Pkey is deroved from the polyseed ping vthor and detherminal 21:59:31 I think you can. I better hope Polyseed is a mapping function not just an encoding one. 21:59:32 Because the pkey is a derivation of the feature bits, birthday etc, not the other way around 21:59:48 oh in that sense 22:00:04 hmm 22:01:02 I remember (maybe) tevador saying it was a 1 way function, and detherminal's writeup on poly states that, unlike legacy, the key is a derivation of the seed. Legacy seeds can be created by knowing the key, but polyseeds cant be created by knowing the key 22:01:18 That's a very interesting approach 22:01:42 by just knowing the key? or with every features? 22:01:43 tobtoht might also know the answer, but he's not in this room 22:01:57 oh no I think you're right 22:02:04 there is a argon2 story behind it 22:03:41 Looks like you're right 22:03:47 >The private key is derived from the 150-bit secret seed using PBKDF2-HMAC-SHA256 with 10000 iterations 22:04:19 ah PBKDF2 I see tevador is racist. 22:04:49 Wait, 10k iterations only? 22:05:07 NIST recommends 600k lol 22:06:03 OWASP* 22:06:05 not NIST 22:06:18 Really? I remember seeing it on NIST website 22:07:10 I found https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 22:07:20 and their NIST link do not redirect to any 600k reference 22:07:28 🤷 22:07:39 > Therefore, the iteration count SHOULD be as large as verification server performance will allow, typically at least 10,000 iterations. 22:07:45 from NIST website 22:13:37 > The KDF parameters were selected to allow for the key to be derived by hardware wallets. 22:13:41 Yeah I saw that. Just unusual for me 22:14:31 I do think its strange and contradictory to use a low number BECAUSE of supposed high security devices 22:15:10 Like "we could have used 600k, but because we want secure devices, we'll use the bare minimum of 10k" 22:15:21 No idea 22:15:24 I suppose it probably doesn't matter that much. The entropy of the 150bit secret seed is high enough unlike a password 22:15:44 It's more a matter of getting more bit from it than really making it hard to do the reverse 22:15:52 my password is password4321 22:16:45 And for those tricky websites its pass1234*/-+ 22:17:14 I always forget if its +- or -+ (±) 22:18:30 Hey there! I wanted to let you know that I have a Telegram channel where I share some amazing Verified sauce and soft cashout 22:18:31 Here are some of the things you can find on my channel: 22:18:33 - Apple Pay 22:18:35 - Bank logs/ bank drops 22:18:37 - Chime transfer 22:18:39 - Cashapp 22:18:41 - Clone card 22:18:43 - Credit Cards( Cvv ) 22:18:45 - CC sites 22:18:47 - PayPal transfer 22:18:49 - Wellsfargo sauce 22:19:16 Does this actually work? 22:19:16 ofrnxmr: "Afaik you cant convert a pkey into a polyseed" <- you can't 22:19:31 Hey there! I wanted to let you know that I have a Telegram channel where I share some amazing Verified sauce and soft cashout 22:19:31 Here are some of the things you can find on my channel: 22:19:33 - Apple Pay 22:19:35 - Bank logs/ bank drops 22:19:37 - Chime transfer 22:19:39 - Cashapp 22:19:41 - Clone card 22:19:43 - Credit Cards( Cvv ) 22:19:45 - CC sites 22:19:47 - PayPal transfer 22:19:49 - Wellsfargo sauce 22:20:09 Dm me 22:20:17 I'm interested 22:20:33 I dont use telescam tho 22:21:22 Thanks vthor 22:21:43 "ah PBKDF2 I see tevador is racist" <- ? Wuut :D 22:22:29 No idea what that meant. Anyways, why was PBKDF2 the choice? 22:23:14 Hey there! I wanted to let you know that I have a Telegram channel where I share some amazing Verified sauce and soft cashout 22:23:15 Here are some of the things you can find on my channel: 22:23:17 - Apple Pay 22:23:19 - Bank logs/ bank drops 22:23:21 - Chime transfer 22:23:23 - Cashapp 22:23:25 - Clone card 22:23:27 - Credit Cards( Cvv ) 22:23:29 - CC sites 22:23:31 - PayPal transfer 22:23:33