Logged Conversation (all times UTC)
[10:58] <stellar-slack> ok I have my multi-sign API server now almost done. I'm just short one last function
[10:59] <stellar-slack> to convert a base64 envelope back into binary format
[11:00] <stellar-slack> I have the function to convert binary envelope in b64 but not back again
[11:01] <stellar-slack> without it I'm stuck again
[11:14] <stellar-slack> seems I need more than just convert base64 as I thought I found it
[11:15] <stellar-slack> reverse of this b64 = envelope.to_xdr(:base64) ; so need the reverse of to_xdr also
[11:15] <stellar-slack> var buffer = new Buffer(req.body.txenv, 'base64'); var envelope = stellar.xdr.TransactionEnvelope.fromXDR(buffer); var tx = new stellar.Transaction(envelope);
[11:15] <stellar-slack> In javascript
[11:16] <stellar-slack> cool with that I might be able to do a search to find it's match in ruby
[11:19] <stellar-slack> might have found it tr = Stellar::TransactionResult.from_xdr bytes
[12:10] <stellar-slack> Is that for receiving an envelope to sign, or for collecting signed envelopes?
[12:11] <stellar-slack> (for collecting signed envelopes all you need is the signatures. you can add them manually to the envelope before submitting the envelope to the network)
[12:13] <stellar-slack> it recieves and collects mutli-sign accounts and transactions, the transactions are available for others to pickup and sign. with the server detects it has enuf sigs for the transaction it submits it
[12:16] <stellar-slack> How complicated was that? I haven’t done that yet. You check the source accounts in the envelope, check the signers+weights for those addresses, check which sigs you have, and if you fulfill the signature requirements?
[12:17] <stellar-slack> the transactions are ided with a tx_code that is a 10 letter hash of the master tx so that users know what tx they are looking for and want to sign
[12:18] <stellar-slack> Oh, I’m just thinking about how to know when it’s all signed
[12:19] <stellar-slack> yes but presently I don't look inside the tx, I have the user send me the specs to the server at this time
[12:19] <stellar-slack> ok, ok
[12:19] <stellar-slack> why do you test locally if it has enough signatures? you could just submit it to the network to check....
[12:19] <stellar-slack> if it goes through -> good, if it gets error -> not good
[12:20] <stellar-slack> It would be cool to have in the ui.. 5/7 signatures collected. Two more needed. Or a progress bar
[12:20] <stellar-slack> wow what kind of transaction are we talking here
[12:21] <stellar-slack> must be super important :)
[12:21] <stellar-slack> I'm not sure that's just how I did it. the user had to have the info to setup the account so this way the account can be created and processed on the server side with nothing but curl transactions needed on the user side
[12:22] <stellar-slack> @buhrmi: Haha, just thinking ahead :)
[12:22] <stellar-slack> the holy transaction! everybody sign!
[12:22] <stellar-slack> hehe
[12:22] <stellar-slack> it checks it like this:
[12:22] <stellar-slack> it's all done with json transactions
[12:23] <stellar-slack> the only key needed to sign is the master but he can be set to have no weight so it has no security problems even with unencrypted curl transactions
[12:25] <stellar-slack> @burhmi: seven sigs might have been a bit extreme, but I don’t think six would be that exeggerated
[12:25] <stellar-slack> I made a function to setup a basic account: setup_multi_sig_acc_hash(master_pair,*signers)
[12:25] <stellar-slack> my game runs with 10 players
[12:26] <stellar-slack> There you go!
[12:26] <stellar-slack> I'm not sure what the limits would be of how many signers
[12:26] <stellar-slack> 20 sign per transaction envelope is the maximum, I think?
[12:27] <stellar-slack> it auto calculates basic weights so all have to sign by default but you can tweek the hash to whatever you want
[12:27] <stellar-slack> let's make a multi sig acc with 7 billion signers, and a network with only one transaction submitted by this account.
[12:27] <stellar-slack> the one transaction
[12:27] <stellar-slack> wonder what's inside
[12:28] <stellar-slack> I should be able to publish the mostly completed test version by tomaro or the next
[12:28] <stellar-slack> OK, yeah. 20 is the max. Per account, and per tx envelope
[12:28] <stellar-slack> sounds arbitrary
[12:29] <stellar-slack> cool 10's all I need so I'm set
[12:29] <stellar-slack> you could I guess just chain many accounts so you could have more signers
[12:33] <stellar-slack> you could maybe chain transactions together.. make a nice little tree
[12:34] <stellar-slack> but at this point it still centralized but the protocol I guess could be used for p2p at some point
[12:35] <stellar-slack> I presently just setup a listening port on 9494 that listens for json commands
[17:00] <stellar-slack> re: limit on the number of signatures per transaction. Yeah completely arbitrary. It's easier to raise the limit in the future than to lower it when we see how people abuse the system. I tend to think that people are always super creative when it comes to breaking systems :)
[17:03] <stellar-slack> as backoffice-tooling developer as my day job... i can confirm
[17:04] <stellar-slack> "I just broke the systen".. "what did you do?" ... "I just gave it totally unrealistic amounts of artificial load to see if it can handle it" .. "...."
[17:04] <stellar-slack> WELL DONT DO THAT
[22:52] <stellar-slack> FYI: We (the SDF) are going to be resetting the testnet in the next hour or to incorporate https://github.com/stellar/stellar-core/pull/728
[22:53] <stellar-slack> The various libraries (except go-stellar-base), horizon and horizon importer have had their master branches updated to reflect this change (which should land on stellar-core master soon)
[22:54] <stellar-slack> We’ve also pushed ruby-stellar-base 0.4.0 to rubygems to reflect this change, and js-stellar-base 0.4.0 will be landing shortly
[23:36] <stellar-slack> :(
[23:36] <stellar-slack> Wouldn’t replay attacks already be prevented by sequence numbers?
[23:37] <stellar-slack> So you’d have to have the same address + the same sequence number on both networks for it to work?
[23:47] <stellar-slack> yes, you'd just have to wait for the account to be "ripe" for the exploit by watching its sequence number against a database of signed tx for that account.
[23:52] <stellar-slack> OK, OK, now I’ve read the changes… So you’re basically just changing the signature hash to what it was like in stellard. I just assumed that was the way it was already..
[23:52] <stellar-slack> when it comes to attacks, you normally want to have a completely asymmetric complexity between what a good guy does vs what an attacker needs to do
[23:53] <stellar-slack> I don't think there is such a concept in stellard - the assumption is that people will pick different secrets for different networks
[23:54] <stellar-slack> (or at least it was not configured if it existed)
[23:54] <stellar-slack> The signature hash is prefixed base on the network.. .STX/0 (live) or stx/0 (test)
[23:55] <stellar-slack> So this is just a generalization
About StellarVerse IRC Logger
StellarValue IRC Logger
is part of