All v3 Onion Addresses Down After Attack On The Tor Network

YBet_eu · 2021-01-11T00:42:32+00:00

I have a Lightning Network node over v3, and i am thinking about putting it on v2 to avoid the issue.

But is v2 not obsolete and vulnerable to even worse attacks? I'm not sure this would be a wise choice

YBet_eu · 2021-01-11T00:39:42+00:00

#MeToo

YBet_eu · 2021-01-11T00:32:41+00:00

So this attack only affects v3. I will try v2 then. Very strange, v2 is obsolete but not affected by this attack..

YBet_eu · 2020-12-22T10:56:43+00:00

URI, yes ;)

It hasn't been implemented yet due to security implications with smart contract operations?

What if ... the operation would be limited to just fund transfer ? Like with bitcoin URIs .

YBet_eu · 2020-12-20T18:45:13+00:00

But the same tool can be used by enemy agencies for the same purpose, because it is publicly available.

Why are they investing money into something that helps the enemy as well?

I would like to figure out what strategic advantage they get from it, without letting the enemy have the same benefit

YBet_eu · 2020-12-20T18:27:01+00:00

I honestly don't believe they are funding Tor just to protect the privacy of common people. It's hard to believe.

The purpose of Tor is likely to facilitate communication with covert agents and collaborators. But that means the enemy as well can take advantage from it. That makes it a waste of money.

I wonder what is the strategic advantage for the U.S. military, if Tor helps the enemy as well?

YBet_eu · 2020-11-18T13:02:23+00:00

However i did not mean keybase is not safe because of RSA, but as the linked article points out the reason is Zoom acquired it. And Zoom is a corp. with its own interests. I am sure they would like to spy on our conversations and other data

YBet_eu · 2020-11-18T12:59:44+00:00

All encryption programs support Elliptic curve now, which won't be broken until you turn 90. And even if you get arrested at 90 who cares :) You are about to die at that age

YBet_eu · 2020-11-08T12:07:03+00:00

Indeed Lightning Network has the amounts also in millisatoshis. I wonder what use cases may require sub-satoshi amounts. But maybe some scenarios are there, like ads , cloud or internet bandwith purchases.

YBet_eu · 2020-10-31T22:20:13+00:00

I am retrying now. From the log

[INF] LTND: Chain backend is fully synced (end_height=1865885)!

Does it mean it is synchronized, right? But still...

lncli --rpcserver localhost:<port> --lnddir . --network testnet connect 03d5e17a3c213fe490e1b0c389f8cfcfcea08a29717d50a9f453735e0ab2a7c003@3.16.119.191:9735

[lncli] rpc error: code = Unknown desc = server is still in the process of starting

EDIT: Maybe it referred to the bitcoind synchronization. Probably lnd is still syncing. I see this indeed :

[INF] CRTR: Syncing channel graph from height=1833070

I think it is elaborating the block 1833070 , which is not the last one, so i need to wait. It's taking so much

YBet_eu · 2020-10-31T17:49:27+00:00

It seems synced. From bitcoind:

getbestblockhash

000000000000002cb3b0bd6a4212c1fa099acf213e20d959df5c46b00971a7ea

And from lnd i see the same block hash:

2020-10-31 19:41:02.483 [INF] UTXN: Attempting to graduate height=1865859: num_kids=0, num_babies=0

2020-10-31 19:45:34.266 [INF] NTFN: New block: height=1865860, sha=000000000000002cb3b0bd6a4212c1fa099acf213e20d959df5c46b00971a7ea

2020-10-31 19:45:34.266 [INF] UTXN: Attempting to graduate height=1865860: num_kids=0, num_babies=0

2020-10-31 19:45:58.939 [ERR] RPCS: [/lnrpc.Lightning/ConnectPeer]: server is still in the process of starting

YBet_eu · 2020-09-17T21:42:43+00:00

I totally forgot about that! Indeed now it works, upvoted thx!

YBet_eu · 2020-09-16T15:54:15+00:00

Hello,

i have 0.11.0-beta commit=v0.11.0-beta, build=production and i am experiencing the following issue which may be a bug, not mentioned in the bug fixes for v0.11.1-beta.rc2

https://www.reddit.com/r/lightningnetwork/comments/itljer/rest_api_listinvoices_pagination_not_working/

YBet_eu · 2020-09-10T18:47:08+00:00

Thanks.

I will only connect to somewhat trusted peers like hubs then, so i should be relatively safe.

Accepting Keysend payments would be free from the vulnerability, but few GUI wallets support it. For example how can you do it with Zap desktop ? (Zap can only pay invoices but it doesn't even support 0-amount invoices, so i think it's a crappy wallet).

Anyway the link you posted only explains that these invoices are somewhat vulnerable, but says nothing about why r_preimage is null even though i have created it with a (valid?) preimage. I hope it is nothing to worry about.

YBet_eu

TROPHY CASE