Saki

Looked into my key ring and found only a few RSA2048 keys (used by old Proton users). Apparently most devs use Ed or RSA4096 to sign today. Even Thunderbird (its OpenPGP is convenience first, security second, in a sense that your sec key is not passphrase-protected) generates at least RSA3072, RSA2048 is not even an option!

Though this news might be a joke, it’s totally possible that RSA2048 (or RSA itself) becomes eventually obsolete. Which doesn’t mean cryptography in general will be broken, of course. There are different kinds of "one-way" problems, like Ed, already widely used, based on elliptic curves.

If a faster factorization algorithm is found (though that may be proved to be impossible after all), it’s essentially great news. Even Gauss said, “the dignity of the science itself seems to require that every possible means be explored for the solution” (of primality test and factorization), meaning “We must try everything to find a better way to factor a big number!” (which also implies “a more effective attack against RSA!”).

Though no one wants broken cryptography, factorization is something number theorists would love to do quickly too, if possible at all.

See also [not directly related]: https://en.wikipedia.org/wiki/Logjam_(computer_security)

Recently (2023), the default of GnuPG has been changed: a new key generated will be no longer RSA but ECC. Elliptic (25519) is a way to go: keys are much shorter than say RSA4096. Migrating to elliptic is convenient and perhaps safer, even though RSA may be still safe too.

Realistically 2048 is about 600-digit. Factorization of a 100-400 digit number is more or less possible now. 600 is still hard, but maybe not totally impossible in the near future.

25519 was designed by D. J. Bernstein, who tenaciously fought a long legal battle against the US cryptography export regulations. He’s also strongly criticized various sabotages (backdoor) in NIST standardized cryptography algorithms, such as the random bit generation in Dual EC. That’s why people tend to like 25519, over RSA etc.

Nerdy footnotes 😅

multiplying two different large prime numbers

Technically, the two numbers are usually not proven primes (not a big deal: they’re most probably primes, just not mathematically proven…).

brute-force cracking a strong key would require an enormous amount of time

Obviously, one wouldn’t do a naive brute-force, like trial division. There are some number theoretic, sophisticated algorithms, and they’re getting stronger and stronger, both algorithm-wise and machine power-wise… Not too long ago, people were saying RSA512 was strong enough!

I’d avoid anything related to Cake Wallet (e.g. its remote nodes), seeing that the OP sgp = SamsungGalaxyPlayer is doing this side business—chain analysis, offering suspicious activity reports for CEXes, ready to collaborate with law enforcement if paid.

In 2022, it was noticed that someone from Team Cymru, a company trading net flow data, was a board member of the Tor Project, providing bandwidth, hardware, bridges (entry points to the Tor network). There was a fix: Remove Team Cymru hard-coded bridges.

Now “Moonstone Research” is proudly saying they can trace things that other companies can’t, and they’re related to Cake Wallet directly or at least indirectly, or so it seems.

This possible suspicion aside, the analysis itself is interesting. While it might be good news if we can identify the attacker, that would be actually very bad news for Monero!

In hindsight, maybe something very simple—using Feather on Tails, and this USB stick is only physically connected when necessary—could have prevented this from happening. Maybe.

Thank you very much. You pointed out there: "Nobody really used it, so it ended up being unstable and full of problems" and there was a reply, saying you “can't really force anybody to use something”.

I’d like to add another point of view. With reliably working multisig, we can have our own Bisq-esque DEX (at least in principle), and many people would love to use it, once it’s really available, right? For example, one might be able to sell and buy XMR in a safe and reliable way. Or eventually, though this might sound like a pipe dream but at least in theory, we might have a P2P proxy-store, where basically anyone can offer doing any shopping they can do for you. Just like on Bisq, both send securities first to discourage any cheats. When the seller ships whatever you’re buying, they “confirm” (or sign). When you receives it and everything is fine, you confirm too. Then, and only then, your security will be back and the seller will receive the locked xmr you initially deposit, and everyone will be happy. Multisig seems necessary (if not sufficient) for this to work.

we had become complacent because everything had "worked just fine" for so long.

This comment of fluffyponyza is also understandable. Generally, a programmer doesn’t want to change things when it’s working fine. “If it ain’t broke, don’t fix it.” In this case, something was (easy to) broken, though. Hindsight is 20/20.

Given that multisig is already available (just not yet well-tested), let’s stop joking like “We should keep our Monero in some other coin,” and try to think a bit more positively. At the very least it has been clearly demonstrated that Monero is so private that even core developers can’t trace it…

Troddit version links (a Tor-friendly instance) https://troddit.esmailelbob.xyz/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/k7mj2he - Onion -> http://troddit.esmail5pdn24shtvieloeedh7ehz3nrwcdivnfhfcedl7gf4kwddhkqd.onion/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/k7mj2he

Is multisig such far from being practical yet? Does that also mean Bisq-like platform (Haveno) is still far from being practical?

A Monero user tends to proudly think that Monero is good, rather philosophical, being actually used for good reasons, and community-based… but it’s been hacked… I guess people will laugh now. Everyone can draw a lesson from this, though…

@UncleIroh@merovingian.club While “Windows 10” is obviously alarming, this doesn’t seem as simple like that, like pointed out in the linked thread. Maybe password-based (not key file) SSH was the problem? Btw that “someone” is hinto-janai, the person providing gupax among other things!

Come to think of it, any CDN may have the same problem (MitM-ness etc). Not sure. Considering alternative options is good in general, though. What I hate about CF is indiscriminate Tor blocking. Tor is also used as a humanitarian tool, helping various vulnerable users (like those who live in an oppressive country with heavy Internet censorship). Blocking it is like collaborating with oppressive regimes.

It is interesting that it took nine transactions to empty the CCS wallet. Is that indicative of somebody new to monero?

Not sure but perhaps they weren’t able to send it in one go for technical reasons (like byte size limit), as inputs would have been too many (a lot of relatively small coins, originally received from many supporters)?

Firstly relatively small 23527 B. They did a small “test”? https://localmonero.co/blocks/search/ffc82e64dde43d3939354ca1445d41278aef0b80a7d16d7ca12ab9a88f5bc56a

Then bigger like 101 KB https://localmonero.co/blocks/search/08487d5dbf53dfb60008f6783d2784bc4c3b33e1a7db43356a0f61fb27ab90cc https://localmonero.co/blocks/search/4b73bd9731f6e188c6fcebed91cc1eb25d2a96d183037c3e4b46e83dbf1868a9 https://localmonero.co/blocks/search/8a5ed5483b5746bd0fa0bc4b7c4605dda1a3643e8bb9144c3f37eb13d46c1441 etc.

Yes, actually trying and seeing is the best way, if you’d really like to fine-tune anything. I don’t have much technical knowledge but empirically, any value may be about as good as another, if not too extreme. The end results might be about the same no matter which you use: 64, 80, 96, 128, etc. and just using the default settings may be good enough.

P2Pool may be somewhat special, as it’s not just about running a full-node but you have to run like 3 tools (each possibly resource-hungry) at the same time.

fyi p2pool README says:

--out-peers 64 --in-peers 32 is needed to (1) have many connections to other nodes and (2) limit incoming connection count because it can grow uncontrollably and cause problems when it goes above 1000 (open files limit in Linux). If your network connection's upload bandwidth is less than 10 Mbit, use --out-peers 16 --in-peers 8 instead.

Didn’t notice that, but you’re right.

Onion versions are up (I only checked them when I posted this):

Home

http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/

Web mail

http://xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion/

A privacy-centric hosting company having in-house DDOS-protection would be ideal? This basedflare thing may be better than CF, though it feels exactly like CF for me an end user. Their error message is unhelpful too:

Verifying your connection to basedflare.com This process is automatic, please wait a moment... Error: Browser does not support WebAssembly.

A more-friendly error message would be: Use the “Standard” Security Level in Tor Browser; “Safer” “Safest” wouldn’t work for this. (Brave Search actually says something like that, nice to Tor users, though I seldom use Brave Search…)