What happen if 2 different persons use the same SHA265 hash to create a bitcoin address?
Please see the example below with bitcoinjs-lib
https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/addresses.js#L19
Related
I'm trying to get a list of addresses that have made transactions with a given bitcoin address for a project that examines how people use bitcoin for non-nefarious purposes. I've got a lot of addresses so a web based blockchain explorer like blockchain.info isn't practical.
I've downloaded the blockchain and used bitcoin-abe to dump it into a sqlite database. However I'm not finding addresses anywhere. Are the actual addresses called something different in the blockchain?
The spending conditions, i.e., who is able to spend a given output, are encoded as scripts in the output. What is commonly referred to as a Bitcoin address is little more than a default script format (either pay-to-pubkey or pay-to-pubkey-hash) which require a signature from a private key matching the pubkey in the script. For example P2PKH scripts look like this:
OP_DUP OP_HASH160 <PubkeyHash> OP_EQUALVERIFY OP_CHECKSIG
This checks that the pubkey on the stack matches the hash, and then checks that the signature and pubkey are valid for the transaction.
ABE stores the output scripts, but appears not to create an index for the addresses. So you probably want to convert the addresses that you're looking for into the script version (see the wiki for details on how to extract the pubkey hash or pubkey from the address). Once you have the pubkey hash or pubkey you construct a binary script similar to this (hexencoded):
76a914<pubkey-hash>88ac
You should then be able to search for these in the database ABE gives you.
You need to write a cron job using the BTC address of the user and check whether the transaction is made or not.
https://www.blockchain.com/explorer
Ex. https://github.com/bitpay/insight
End goal is to find all used addresses of a xpub programmatically, in batches, by querying a local node.
This PHP tool ( https://github.com/dan-da/hd-wallet-addrs ) extracts regular bitcoin addresses from an HD bitcoin wallet . I have to query a local bitcoin node to find out whether the extracted addresses have been used or not.This can easily be found out by querying the node one address at a time ( https://bitco.in/en/developer-reference#getreceivedbyaddress ). It works, but is too slow.
How can the same be done in batches ? i.e is there a Core function call or something to check info about a group of addresses ?
or any other way this can be accomplished ? I am relatively new to bitcoin and don't fully understand its inner workings.
P.S: can't use an external API like blockchain.info
With importAddress and rescan (3 paramter) set to true, you can add the addresses that you want watch.
Than with listTransactions you can list the last transactions that affect the imported address.
I'm new in bitcoin.
I need to create something like a temporary bitcoin wallet for the currency exchange app. The wallet should be alive just one exchange transaction or 2 days(if the transaction wouldn't confirmed) and then should be removed.
But as I understand right from bitcoin docs - I cannot remove a wallet, because it is sort a "public key".
Any suggestions?
A 'wallet' doesn't actually really exist. All it is, is a collection of private keys (or just one private key that can be used to derive other keys from, like HD wallets do). These private keys allow you to spend the unspent output (UTXO), thus make a transaction.
These private keys are used to generate public keys, and from those the addresses are generated. You can't remove these addresses because they just exist. In fact, every address already exists, you just need the private key to access them.
Removing things from the blockchain wouldn't make sense anyway, the blockchain is literally a chain of blocks, each block being a container filled with transactions. If you would remove a transaction from a block, all the following blocks would become invalid because the hash of your block's merkle tree would no longer add up.
That being said, you may want to look into HD wallets. You could do something like this (see BIP44):
m / purpose' / coin_type' / account' / change / address_index
Here you can use an incrementing ID for account, so that each use has his own account. You can then create a new address for each incoming payment (change = 0 for inbound external transactions, change 1 = for change coming from your own wallet).
This means that each payment/whatever will have its own address. Because it's a HD wallet you can still access all the addresses with the master key if you like.
We are using jPOS to communicate with the bank for card payment processsing. We recently purchased HSM (Hardware Security Module) for secure key storage. Since this hardware is expensive we are using JCESecurityModule to mimic the actual HSM.
I have TMK wrapped under LMK and clear track 2 data. I would like to perform the following:
un-wrap the TMK under LMK to get the clear TMK value
Using the clear TMK value, I would like to encrypt the track 2 data
I am not able to figure out the code to perform the above steps. Could somebody help with sample codes or directions to achieve the above?
You need to export your TMK under HSM's LMK into a key known by jPOS.
Then you need to import your foreign key into a key encrypted under jPOS' LMKs.
The jPOS SM Console (call bin/q2 --cli and type help) can help.
In my program, we store a user's IP address in a record. When we display a list of records to a user, we don't want to give away the other user's IP, so we SHA1 hash it. Then, when the user clicks on a record, it goes to a URL like this:
http://www.example.com/allrecordsbyipaddress.php?ipaddress=SHA1HASHOFTHEIPADDRESS
Now, I need to list all the records by the IP address specified in the SHA1 hash. I tried this:
SELECT * FROM records
WHERE SHA1(IPADDRESS)="da39a3ee5e6b4b0d3255bfef95601890afd80709"
but this does not work. How would I do this?
Thanks,
Isaac Waller
Don't know if it matters, but your SHA1 hash da39a3ee5e6b4b0d3255bfef95601890afd80709 is a well-known hash of an empty string.
Is it just an example or you forgot to provide an actual IP address to the hash calculation function?
Update:
Does your webpage code generate SHA1 hashes in lowercase?
This check will fail in MySQL:
SELECT SHA1('') = 'DA39A3EE5E6B4B0D3255BFEF95601890AFD80709'
In this case, use this:
SELECT SHA1('') = LOWER('DA39A3EE5E6B4B0D3255BFEF95601890AFD80709')
, which will succeed.
Also, you can precalculate the SHA1 hash when you insert the records into the table:
INSERT
INTO ip_records (ip, ip_sha)
VALUES (#ip, SHA1(CONCAT('my_secret_salt', #ip))
SELECT *
FROM ip_records
WHERE ip_sha = #my_salted_sha1_from_webpage
This will return you the original IP and allow indexing of ip_sha, so that this query will work fast.
I'd store the SHA1 of the IP in the database along with the raw IP, so that the query would become
SELECT * FROM records WHERE ip_sha1 = "..."
Then I'd make sure that the SHA1 calculation happens exactly one place in code, so that there's no opportunity for it be be done slightly differently in multiple places. That also gives you the opportunity to mix a salt into the calculation, so that someone can't simply compute the SHA1 on an IP address they're interested in and pass that in by hand.
Storing the SHA1 hash the database also gives you the opportunity to add a secondary index on ip_sha1 to speed up that SELECT. If you have a very large data set, doing the SHA1 in the WHERE clauses forces the database to do a complete table scan, along with redoing a calculation for every record on every scan.
Every time I've had an unexpected hashing mismatch, it was because I accidentally hashed a string that included some whitespace, such as "\n".
Just a quick thought: that's a very simple obfuscation. There are only 232 possible IP addresses, so if somebody with technical knowledge wanted to figure it out, they could do that by calculating all 4 billion hashes, which wouldn't take very long. Depending on the sensitivity of those ip addresses, you may want to consider a private lookup table.
Did you compare the output of your hash algorithm with the output of MySQL's SHA1()? For example for IP address 1.2.3.4?
I ended up encrypting the IP addresses, and decrypting them on the other page. Then I can just use the raw IP address in the SQL query. Also, it protects against brute force attacks, like Autocracy said.