Mike Perry transcribed 6.0K bytes:
Thomas White:
Hmmm... appears to be have been upgraded since I last checked then (which was only a few weeks ago!). Nicely done oniontip. I stand corrected.
Well, my original ask was for everyone to be able to verify that all 12.36 BTC that oniontip has received (as of right now) has actually been distributed how the users have asked.
Mike Perry and I took a look at the Oniontip codebase this afternoon. The primary concern was with respect to the `ONIONTIP_BITCOIN_PUBLIC_SEED` in your payment verification script, [0] which is passed to the `bitcoin.electrum_address()` function. [1]
The `bitcoin.electrum_address()` function is meant to take what they call a "masterkey". [2] (Check out that `crack_electrum_wallet()` function right beneath it!) It appears as if `electrum_address()` is merely a thin wrapper around `electrum_pubkey()` [3] which generates a new private key with the incremented counter, concatenating it with the "masterkey", taking the sha256 of that, and then generating the key by doing a (really crappily implemented, IMO) elliptic curve scalar multiplication of the (public, in the `bitcoin` module source code [4]) group generator times the private key, then shoving it into `privkey_to_pubkey()` to get the address. [5] Because all of these one-way functions are computable if one knows the original "masterkey" plus the incremented counter, this means that anyone who knows the `ONIONTIP_BITCOIN_PUBLIC_SEED` can generate all your private keys.
If you plan to keep using that Electrum API, you should regenerate that `ONIONTIP_BITCOIN_PUBLIC_SEED` and keep it secret.
[0]: https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py#L1... [1]: https://github.com/DonnchaC/oniontip/blob/master/scripts/payment-check.py#L3... [2]: https://github.com/vbuterin/pybitcointools/blob/fa9856fede9e601c4b9f5ed75f11... [3]: https://github.com/vbuterin/pybitcointools/blob/fa9856fede9e601c4b9f5ed75f11... [4]: https://github.com/vbuterin/pybitcointools/blob/master/bitcoin/main.py#L20 [5]: https://github.com/vbuterin/pybitcointools/blob/master/bitcoin/main.py#L342