Transcription Episode 33 New York

8/13/2019 Transcription Episode 33 New York

1/94

Episode 33 Live From New York!

Participants:Adam B. Levine (AL) Host

Andreas M. Antonopolous (AA) Co-host

Stephany Murphy(SM) Co-host

Jonathan Mohan (JM) BitcoinNYC Special Guest

(music)

Hi folks, Adam E. Livine here for LetsTalkBitcoin. Continuing our August trend,today's episode, is a two-parter. The second portion of today's episode was

recorded in Manhattan. The day after the Inside Bitcoins event with StephanieMurphy and special guest host Jonathan Mohan of Bitcoin NYC. We talk about theconference, the attendees, ripple, ASIC mining panels, and also bacon. Big thanks toJonathan Mohan who did a great job with this segment and who you'll be hearingmore from in the weeks to come. But first, there's some important news for users ofAndroid wallets. When news breaks in the bitcoin world often times it's hard tounderstand. This week a vulnerability was revealed in the Android operatingsystem that put a real fear in the bitcoin community. LTB Host AndreasAmantonopolis spoke with Andreas Peterson of the Mycelium wallet project aboutexactly what happened. But before we get to that, Andreas, I had some questions foryou. First off, in the interview that follows, you talk a lot about entropy. Can you

explain to me what that is in sort of simple terms?

AA

Sure, Entropy is a measure of how much information there is in a message. If youlook at it the other way around how much randomness there is in a message incomputer science terms. In physics terms it's essentially how much disorder thereis in a system or how much energy in the form of heat there is in a system. But inthe case of information systems really you can say entropy is saying the same asrandomness. So the problem we're discussing in this particular bug is thatsomething that should be random - that means it should have high entropy - is notrandom. It doesn't have the necessary entropy. In fact, it's a rather predictablesequence.

AL


2/94

So when we talk about randomness that can also be characterized as noisecompared to the signal, right?

AA

Well, effectively yes. If you have a random stream, especially if it's a secure randomnumber generator where you expect it to have certain characteristics ofrandomness then there should be no signal - that's the definition. So every bit thatcomes out of that should be noise - you should have no signal.

AL

So it's all noise then. Ok, so if it's all noise, then is there a difference between a lot ofnoise in a system versus a little noise in a system? Just not necessarily talking about

random number generators just broadly speaking. If you're trying to encryptsomething or secure something, is it better to have more randomness than lessrandomness?

AA

You need absolute randomness. Let me give you an example. Let's say that there's afunction within the system where you're taking a random number and you'remultiplying it with your secret key. So for simplicity sake, let's say I have a secretkey and my secret key is 3. So give me a random number between 1 and 50.

AL

35

AA

Fantastic, so, I'm going to multiply that by 3 and I've got my digital signature. So if I

ask you in my next transaction, give me a number between 1 and 50.

AL

17


3/94

AA

Ok, great, so you gave me a different one. But what if you had said 35 again and Ihad then multiplied that by 3 and broadcast it to the network. And people knewthat they could guess that if you'd said 35 once you were likely to say 35 again.Well, then they could just divide by 35 and figure out what my private key is. Theywouldn't be able to do that if you actually came up with a random number. So that'sthe problem. The problem is you should say something different, but, you say thesame number again.

AL

And so that's more likely to happen in a system that has less entropy than one thathas more entropy, is that right? Because there are fewer possible numbers?

AA

So the way it works is when you have a secure cryptographic random numbergenerator, you can only pull out bits for the amount of entropy it has. So let's say forexample it has currently 128 random bits to give you. If you get 128 random bitsthose will be random. If you tried to pull out 200 bits, you know, the first 128 willbe random but after that, the system doesn't yet have enough entropy. You have towait a bit for random processes to occur. The basic concept behind it here is thiswas not a problem of running out of entropy, This was simply a broken algorithm,so, it was supposed to give out 256 bits of entropy and instead it gave out on

average 9. So the difference there is instead of having more choices or probabilitiesthan there are atoms in the universe it came down to 500 combinations. That's 9bits of entropy. So you can very easily test all 500 combinations and pretty muchfigure out what the next random number that's supposed to be random is and if youcan guess the next number - well, it's not random.

AL

So what should have taken all the super computers that are currently in existence inorder to crack this one particular 256 degrees of randomness basically-

AA

-You could do on a wide board with a pen.


4/94

AL

Right okay, well that makes a lot of sense. Ok great. Well I really appreciate youproviding some clarity for us on this issue. Let's jump right into the interview withthe other Andreas.

Hi everyone, this has been a rather exciting week in the bitcoin space with theannouncement of a very critical android bug that has widespread repercussions allacross the mobile wallet space. To discuss this in a bit more detail I'm very pleasedto be joined today by Andreas Peterson who is one of the owners/authors of theMycelium Mobile Wallet and he's here to talk to us a bit about this recent breach.

AP

Hello everyone.

AL

Hello Andreas, thank you so much for joining us. Can you tell me a bit about whatexactly the problem is - where did this start?

AP

To see the source of the problem we have to go back in time a little bit to 2012 whenthere was an announcement of a randomness failure in the Android implementationof Java. Basically in the harmony system. This was presented in the RSA conferencein 2013 - I think it was March. This was mainly an academic problem. Becausenobody could really see the practical problem behind it except for this weirdrandomness behavior on Android.

AL

Yeah, so it would only really apply if you had some kind of bizarre digital currencythat could somehow be stolen, right?

AP

Yes, yeah, so most people don't really notice if let's say their SSL connections aren'treally that secure or if they encounter some other kind of problem. So, bitcoin really


5/94

puts the system under test here and reveals these kinds of problems. To be precise Ithink this is not a single problem - there are two very distinct problems that wehave seen here. The first problem is you know there's a so called random device inmost Linux systems or in all Linux systems, and from that there is a U-Randomdevice. These seem to be working fine as far as we know.

AL

So the operating system random device generator that creates random numbersthat's working ok on Android.

AP

Yeah, yeah - so to actually use random numbers on Android using Java language you

need to instantiate a so-called secure random object and that secure random objectis just a wrapper for a system library and that is commonly implemented usingOpenSL. And that implements the randomness by talking to the device and so thereare many layers involved here. Wallet Alphas did nothing wrong. They stuck to thedocumentation and applied the best practices to not rewrite your cryptography andso on. So that was not the problem. The problem was between all these layers,entropy was removed from the original entropy source that is the random device.

AL

So basically you're getting numbers that are less random than they should be fromthe source so gradually they're getting less and less random, ok.

AP

Yeah, but from that bug directly nobody really lost money. I have talked to anotherguy who is cracking private keys as a hobby, and he generated lots and lots ofrandom numbers. 2.6 million random numbers and he never got the collision usingAndroid. He never got the collision so there was no private key compromised as far

as we know. We don't know really, but what we do know is that there is a secondissue. That is, when signing transactions there is also a random number needed togenerate a valid signature. And those signatures are definitely not as random as wethink they are.

AL


6/94

So let me just clarify there Andreas for a second. So the issue is not with the keygeneration per se, the issue is that when you try to sign a transaction especially tospend it, you are in a situation where you are seeding that signature with a randomnumber which is not random and if you do that more than twice, that can reveal theprivate key. Is that correct?

AP

Yes, exactly. So there is an equation, it is described very nicely in a bitcoin magazinearticle. If you have this random number and you use it twice, then using thisequation you can trivially, simply, calculate the private key that was used. Thismeans that if you have a weak random number generator that can potentiallyexpose your private key to everyone. That has happened a number of times in thepast. Most of the time where it was when people were playing around with toyimplementations, prototype implementations of clients. But it also happened on

Android directly when signing transactions. The issue is that you create a newsecure random instance and then you query it twice. Under very weirdcircumstances there are fallback scenarios where the entropy goes down to a levelwhere it has a very high chance of repeating the same value. Basically I think that insome cases the randomness can go down to 9 bits of entropy instead of 256 bits ofentropy.

AL

Given all of those circumstances I would assume that means whether you'vegenerated the key on an Android wallet or not, if you have an Android wallet that isusing this Java secure random number generator, and you use that to spend moneyat any time you have a chance of having revealed a private key for that particularwallet?

AP

Right now I would assume - of course you should migrate your keys because of thegeneral entropy issues - but, right now, if you haven't lost your money yet, it's not

extremely likely that you will lose it in the future because of this secondvulnerability. Because that would mean if you continue using the old software andgenerate these weak transactions yes, then you could potentially expose that. Butthat's very unlikely.

AL


7/94

So one thing that was rather interesting with this was that the bug itself expressesitself on the block chain in a way that anyone can go and find these suspecttransactions. Presumably you're looking at a transaction, or rather you're looking attwo consecutive transactions done by a same key where the same randomparameter R was used for both, and presumably you can just write software that

trackless through the block chain to find these, right?

AP

Yeah, and people were doing this and you will lose your money rather quickly if yougenerate such a transaction.

AL

If you'd already done it you would have lost your money already so there's nothingto worry about. Just don't make any new transactions.

AP

Yeah, and of course all the change of keys. There are many properties of this stack,MSSL, and the Android API that are kind of shady in my opinion because it certainlyisn't impossible to implement that in a way that it would simply work. And it's kindof shady that it fails in such a way, so I would say if somebody used secure randomon Android for any purpose that you should change your keys because there mightbe a vulnerability that we don't know exactly about yet.

AL

So Andreas, would you say that this bitcoin demonstration makes the 2013announcement at RSA much more critical and concrete now and should thereforelead other developers on Android doing software that's not directly related tobitcoin but to other secure implementations. This will kind of wake them up, youknow, this is now in the wild and usable.

AP

I don't really think it's a very big coincidence that all these bugs happened together.A kind of conspiracy theory here, but of course, this bug makes it potentially mucheasier for anyone with massive computing resources to crack encryptedcommunication. And therefore everyone who is the author of any cryptographically


8/94

interesting application on Android should definitely cease to use secure random andrather look for an alternative. So, the most obvious alternative would be to accessDAFU random device. DAFU random file directly and read from that as we do nowin the Mycelium wallet. The other thing is that I'm currently looking into animplementation proposal by Bruce Schneier, if that would provide a very good

alternative that we could combine multiple entropy sources.

AL

Ah, right, yes. As a developer of the popular and very function Mycelium wallet,you've taken steps now to fix this problem I'm assuming all of the Android bitcoinwallet developers are doing so. What would the users experience? Would theyexperience simply an update coming through their play store?

AP

Yes, so first of all I have to really give credit to Jan Mechler, and as far as I know allpopular Android wallets have been updated so that they are four wallets out therethat keep your own private keys on the device. That's bitcoin wallet from (inaudible14:30), that's Mycelium wallet, Blockchain.info, and also the now kind of deprecatedBitcoin Spinner - that was the previous application from Jan - was also updated. Soon some of these wallets you need to manually do the key rotation, but on others forexample on the Mycelium wallet there's a wizard that detects old keys andautomatically moves them to new keys. And in the process what I really want toemphasize here, please do make a backup of all your old keys and your new keys.You don't know if you're going to need them in the future. In the wizard it also givesyou the opportunity to make a backup. So please do that and get those private keysonto a piece of paper please.

AL

Okay, yes, very good advice. Get it onto paper wallets as backups. So let me justclarify a tiny bit. You talked about the rotating keys, if you were to break down thisprocess: you download the new code from the software developers who have

updated the code. You make a backup of the keys as you very rightly just said. Thenyou create a new wallet, and then you essentially send all the money from the oldwallet to the new wallet? Is that it pretty much?

AP


9/94

You will send money from one address to another address and your wallet softwarenow has maybe both addresses in it or just one address in it depending on theimplementation used. It's not a very complex problem, you're essentially justsending money to yourself and it's a new address.

AL

And very critically I would say this has to happen after the software has been fixedbecause if you just generate a new address and tried to send your money, you willbe creating exactly the kinds of transactions that could compromise your privatekey, right?

AP

Yeah, so updates for all the wallets have been pushed out so the play store and thetwo other channels, that shouldn't be a problem. Can I ask you something in returnregarding this topic. You were involved in the paper wallet project, yeah? How isthe situation there, do you have any inside information about... what kind ofrandomness does the paper wallet provide?

AL

The original paper wallet is derived from the bitaddress.org version 2.4. That's thesame software we use for open paper wallets, safe paper wallets, and as far as Iknow the bitcoin paper wallets which is another version. All of those use theoperating system devurandom from within a JavaScript wrapper library. That doesnot run on Android so that would be inside the desktop browser as far as I knowthere's no vulnerabilities there.

AP

It would rely on the JavaScript implementation of the browser used. So it could beChrome or Internet Explorer or something.

AL

Well it's cross-browser so it operates on all of them, but certainly yes, one of theconsiderations here - and I think a good security practice - and one of the reasons Iwas not as worried about this even though I use a mobile wallet is simply that I onlyhad 2-3% of my funds online on the wallets that were doing transactions from my


10/94


11/94

You're welcome.

Easy DNS is the Swiss-army knife for your domain names - helping meet theircustomer's individual needs since 1998. Easy DNS has been an outspoken critic of

SOPA and CISPA. Easy DNS was an early supporter of bitcoin and now they areproud to sponsor this show. Do business with a business that shares your values.Get a 13% discount when you pay with bitcoin. Go to bitcoin.easydns.com and besure to use discount code LTB.

Hi, this is Jason King, for Bitcoin100.org, and you're listening to LetsTalkBitcoin.Bitcoin100 is old school bitcoin philanthropy. We've brought further awareness tobitcoin by having charities and non-profits add a bitcoin donation option to theirsites. Then we will award them with a $1,000 endowment for their efforts. Please

help support us by either donating to our cause at Bitcoin100.org or by helping usfind worthy non-profits that are willing to accept bitcoins for donations. Thanks.

AL

Hi and welcome to episode 30 of LetsTalkBitcoin, we are on the 38th floor of theNew Yorker Hotel in New York, New York! Yesterday we attended the InsideBitcoins Conference, and this morning it's a little after 10 AM East Coast time which

means about 7 AM West Coast time. The time that my brain is still on. Joining ustoday we've got my normal co-host Stephanie Murphy.

SM

Hello, we're in the same room again!

AL

Yes, we're in the same room again. Second time! Sweet. And then also special guesthost Mr. Jonathan Mohan.

JM

Hey, I have some big shoes to fill but I hope to them quite ((inaudible, 21:00)


12/94

AL

So Jon Mohan again has been on the show before and is the founder and whirlwindof activity that constitutes the planning behind the Bitcoin NYC group and various

events. We went to a cocktail party the night before last?

JM

Yes, on Monday.

AL

Second market that you helped put together and it was a combination group eventfor LetsTalkBitcoin and for a couple of other - I think Coinsetter was there?

SM

Yeah.

AL

Yeah, Coinsetter, and then the other one was of course Second Market.

JM

Yeah, I heard that 140 people RSVP'd, they had to kick people out.

AL

Yeah, that was a funny thing. Apologies to listeners if anybody didn't get in, feel freeto email complaints to Adam at LetsTalkBitcoin.com. But yeah, so this was anincredible event! I gotta say even for a one day event, a lot of stuff happens, youknow the talks again, we had this thing where the talks were good but it was moreabout the attendees than really about the speakers.

JM


13/94

Some feedback I got was there were way more amazing people in the audience thansometimes as a panelist I'm gonna say-

AL

Right, we all spoke there I feel comfortable saying- (all laugh)

JM

I would talk like, "What do you do? Why weren't you on that? Oh my god!"

SM

It's true. You'd walk around and everyone has CEO on their name tag. I wanted tosay I'm like the CEO of Ork Therapy or something. (all laugh) But yeah I meaneverybody had a project, they all had things to say. At one point I was doing someinterviews out in the hallway and I realized that several hours had gone by and I hadmissed Adam's talk actually and I wanted to see it but I was like just one interviewafter the other, so...

AL

Yeah yeah, no, you were quite the machine out there,. So how many interviews didyou get this time, Stephanie?

SM

Oh, at least a dozen.

AL

Okay, so you got, I think it was, was it 20 last time? I think it was about 25 last time?Okay, so the ratio is about keeping up, it's about 12-15 a day.

SM

Well hopefully it's quality too and not just quantity. But honestly I thought theywere great. I talked to some people that I had been wanting to talk to and it was


14/94

really interesting. Especially to hear more about what's going on in the miningscene. Those were probably my favorite interviews. I talked to Sam from KNCMiner and Josh from Butterfly Labs. I also found out about Feathercoin, that wasinteresting too.

AL

Yeah, yeah, did you meet the CIO there?

SM

Yes, that was Peter.

AL

Was that his name? I thought his name was John. I'm terrible with names.

SM

It was Peter John.

AL

Peter John! There you go, okay, that makes sense.

JM

My mother says to never trust people with two first names. Maybe that's a sign. Ihad no idea he was there.

SM

Yeah it was cool, I learned some things I didn't know about Feathercoin before and Ikind of wanted to get Feathercoins last night when I got home.

JM


15/94

I joke with Jonathan Worhan the BitMessage guy that we should make our owncrypto currency and call it breath like air. And what it will do is there will only everbe 21 quadrillion units in circulation and it will be the heir to Feathercoin's copper.(all laugh) It's so (inaudible 24:00) it's unmeterable. It's just you don't care becauseit's so many. I think it's gonna go places, I think this is the time to announce it.

SM

There is so much more going on too. There were a lot of big media there. Adam, youknow, I don't know if they're going to do anything with it but you and I were both oncamera for CBS national.

AL

Yeah, no, she was excited, we spoke with the producer there, I actually - walking outon the talks on the way to lunch, you know I actually didn't eat breakfast yesterdayand so I was heading to lunch. But then I was walking by and I saw this bewilderedlooking woman who had a nametag that said producer CBS and I like reversed, cameback, and was like, "Hey, I'm Adam B. Levine of LetsTalkBitcoin! Do you need anyhelp finding anyone?" So that's what I try to do at these events most of all is just tobe helpful and to-

SM

Oh you were great with that! You lined up a bunch of interviews. I think shelearned a lot about bitcoins because she was totally new to it and I'm glad theydecided to come. CNN was there in the morning.

AL

Well they weren't necessarily- CBS wasn't- she was just there to see if they shouldcover it. And so after I told her that I could get her like 10 interviews she's like Ok,I'm calling the crew. Then they showed up about a half hour later. But no, it was

great, it's terrific. Again, bitcoin and crypto currencies in general are hard tounderstand if you don't have the basis to understand them and so when especiallyjournalists come into play - a lot of times these people don't have a real monetarybackground and so it's hard to appreciate it. But you know, if you can get out thereand give them good analogies they can understand and they can take back to theirlisteners and their viewers - because that of course is the other thing is that if theycan't understand it how in hell are they supposed to present it to an audience who is


16/94

even less informed than they are. So, you know, I think we actually did some goodwork yesterday and I know PBS was there too.

SM

Reuters, TechCrunch. A lot of big names, honestly. It was great.

JM

You know, at DefCon, they have something called spot the fed where it's a gamewhere you have to spot who's a federal agent. And actually I don't know in the SanJose conference if you had any, but, did you

SM

Andreas claimed that he identified an FBI agent.

JM

Were you able to meet the special agent who was here from the Cyber CrimesDivision?

SM

I didn't meet him but I heard you're having lunch with him.

JM

Yeah, next week I want to do that. He seems really interesting.

SM

Wow, so you didn't have to spot him he was obvious.

JM


17/94

Yeah, he was wearing a name tag that read FBI. He didn't look like a Fed. He waswearing a t-shirt and just hanging out.

SM

Well then the question becomes who was incognito.

JM

Right, right. I had a really fun moment where someone had given me his card. And Iwent, oh my god I talked to this Fed you have to talk to him. So when I went tospeak to him, I said hey I'm Jonathan we should grab lunch some time. And he said,"Oh, let me give you my card." And I was like, "that's alright I already have all ofyour information." (laughs) And he was like, "What?"

AL

Ahead of the game! (laughs)

Yeah no, in addition to the FBI - I did not meet the agent there, but. I did seesomeone from treasury there and I got a card from them and we're gonna speak tothem because again you know they're... Really what it seemed like again - and thismight not be true of everyone in these agencies but certainly the people who arethere at the very least seemed like they were curious and just didn't really know

what was going on. So that could be an act-

SM

That would not surprise me..

AL

Right, exactly but it seems actually fairly likely that given all the things to payattention to, this is just simply not something that the majority of them are payingattention to.

JM


18/94

Right. And you'd mentioned PBS. So I was speaking with them and at the end of theinterview the producer had mentioned, "You know, we were talking aboutpotentially thinking about accepting bitcoin." And I said, "Oh my god, that'samazing! Oh, wait! I'm gonna do as much as I possibly can to make this a reality..."And that's what's so amazing about the conference is when you have 300, 400

entrepreneurs in a room it's really easy to start doing things. So I just got- Iimmediately ran to Tony Gileppe of BitPay. And so I was like, "Alright you and I.We're gonna meet with PBS and we're gonna make this happen." And I got out threesheets of paper, and I just ran around the conference and during that time weactually got 200 bitcoins pledged towards going t PBS should they accept bitcoin. Soactually Josh from Butterfly Labs pledged 50. And then EFU pledged 50. And Samfrom KNC Miner? Yeah, he pledged 50 as well. and then Tradehill pledged 10. Andthen we have Bitcoin100, which is always available for 10 bitcoin. And then about20 people also pitched in about 1 bitcoin. So it was kind of a communal effort. Just ashock by how much demand there is to see someone like PBS get behind bitcoin.

AL

That actually exceeds the number you going for, right? Because at the end of theconference we ended a little bit early because one of the speakers didn't show up.Christian Dumont I believe....

SM

Oh... from Foodler!

AL

Yeah

SM

You wanted to talk to him.

AL

I know! We've been trying to schedule with him. Because again they have a reallyinteresting use case and that's what he was supposed to be speaking about there butas far as I understand it sounds like he missed two flights by coming here and didnot make it in.


19/94

SM

Yeah, I can understand that it's easy to get lost in New York and it's easy to...

AL

It's easy to not get to New York too apparently.

SM

Yeah, totally. Well hopefully we'll be able to catch up with him later.

AL

You know, again, it seems like they're having a lot of success with the space sothere's no incentive for them to leave.

SM

I just saw something saying that their bitcoin orders. So it's a thing where you canorder take-out. And they take out bitcoin. So you can take out locally with bitcoin

and I just saw an article about it and apparently the bitcoin orders have grown andtripled over the last month or something.

AL

So of course the question with that always is what were they to begin with? Becausetripling...

SM

Yeah, we had 1 bitcoin order last month, now we have 3. (laughter)

AL


20/94

So it's all kind of relative when you're talkin' about abstract numbers like that. So,let's talk about the conference. I mean that was certainly something is that we didsee a lot of ASICs there. I don't think anybody spoke about ASICs. This was notreally a technical event, this was more on the regulatory side of things.

SM

Yeah, or just um, like an intro, like. They really did try to make it friendly to peoplewho had no idea what bitcoin was. The keynote speaker was Charlie Shrem so hespoke first thing in the morning and actually I was seated right in front of hisparents and so that was cool because I got to meet his parents. He was saying thathe founded BitInsant , just a young guy. He's only 23 years old. Just amazing whathe's done with BitInstant in that time. But he was saying he got laughed out of everyventure capital firm that he tried to pitch the idea to back several years ago. 3 yearsago I think. When he was trying to start BitInstant. So, he had to actually get the

startup funding from his Mom. And so she was standing up and she was likewoohoo!

AL

The number though - that was the thing that surprised me. I assumed that therewas more cost behind BitInstant but he said that

SM

10,000 dollars.

AL

yeah, $10,000 to start BitInstant.

SM

Yeah. I'm sure he didn't have an office in Manhattan at first.

AL

I mean obviously, but it just goes to show the barrier to entry on these propertieseven so even with something like that where you're actually interfacing with the


21/94

monetary side of it is not that expensive until you get to regulatory compliance. Andonce you get to regulatory compliance the cost goes through the roof and yousuddenly need millions of dollars in order to pay the bonds, just endless things.

SM

I think that's really important to point out because it's really... already we don'treally have regulation- is much about bitcoin but just the thought that there could beregulations about bitcoin is stifling a lot of bitcoin business. And we saw on the-there was a venture capitalist panel actually of several investors who were eitherhad invested in bitcoin businesses or had invested in bitcoin personally or wereplanning on it. And one of the things they said that they would avoid that was like ared flag for bitcoin businesses that they would not want to fund a business was ifthey had basically like regulations hanging over their head or like regulatoryliabilities. So basically exchanges and things that could be potentially considered

money services businesses or anything like that.

JM

And so at one of my weekly entrepreneurship meetings regulation is the talk of thetown. Because there is this tremendous incentive for (inaudible 31:58) to not wantto invest in something for which you can't quantify the risk for. And if you don'thave your regulation down you're just a risky bet.

SM

Yeah it doesn't matter how great your business is and that just struck me as sounfair. You could have an amazing idea for a business and these bureaucrats arejust gonna get in your way . And you won't be able to get funding.

AL

Hang on a second. It's not fair, Stephanie. It's not fair? No, of course it's not fair.

It's not supposed to be fair.

JM

And you know, there's reason why finance hasn't changed that much in America.And it's because of what's happening here.


22/94

SM

Yeah, with the regulations. Exactly. Everybody says the US is the least friendlyenvironment for any business that involves money.

JM

And I actually think that bitcoin might be the canary in the mind to say that, "Thismight be the point where progress and innovation needs to leave America in orderto succeed." Because I've been having weeks and weeks of discussions withregulators and I myself was scared away from starting a company just because Iwould be a money transmitter and would need hundreds of thousands of dollars tostart my idea when really the costs were under 10 grand to get it started.

SM

Well how many people have the same experience.

JM

And so many I'm talking to them and the answer is always, "Well you know Eric andGabe and the bunch, down in Panama, totally, they'll hook you up. They'll give you a

place to crash for a bit until you find somewhere and Panama is right there, 0%income tax, we could do it guys."

SM

And you know about Coinapult.

JM

Yes Coinapult.

SM

That's the company Eric Vorhees... Yeah that really stood out to me, I mean just thefocus on where is this gonna go from a regulatory standpoint and I feel really sad


23/94

about that. I love to see these businesses growing. And we have such an amazingtechnology that could do so much for freedom in the world, for convenience. It justopens up so many possibilities it really is the future of money for a reason becauseit's so much better than what we've got right now. Credit cards were great, theywere an innovation but that was 40 or 30 years ago, right? At this point? And so,

you know, it's time for something new and I would like it to be able to just go andsee what happens with it. But it seems like there's a storm cloud that may beholding a lot of people back.

AL

Yeah, you know, I mean, I think that- Ok, so in addition to the VC, in addition to theminers that we saw, the miner manufacturers that we saw: we also saw a wholebunch of lawyers. This was really, I was surprised by how well represented theywere. And you know we saw the firm that did the..

SM

Oh really, the lawyers were actually well represented?

AL

We were actually sitting in front of a gentleman who represents the online BAR Ithink is his project. It's out of South Africa but they have 3,000 lawyers who hespeaks to and you know, he was there just learning about bitcoins. So we talked tohim for a really long time. He was very interested. They're also into permaculture.Crystal and his wife. Yeah, Crystal spoke to them about permaculture, my wifepersonally. She's the engineer`

SM

She's awesome. She's our producer.

AL

She's our producer. Um, but yeah they were well represented. In the talks itseemed like there was a theme that I was a little bit disturbed by. Which is thatbitcoin fundamentally has to change in order to work in the long term.


24/94

SM

Yeah, I saw that, and I think that I totally think that's inspired by the regulationsthat people fear are coming. And so they're like, "Well, you know it's not so bad ifwe don't make it anonymous and we if we don't cause chargebacks and if we buildchargebacks into bitcoin what's the big deal? What's the big deal is it's not bitcoinany more.

JM

Well I think it's easy to confuse a business opportunity to fundamental changes tobitcoin itself. So these people that's what businesses are for. You see a little gap andyou fill that niche. So I think that a lot of these are just going to be a bitcoin back inbusiness that are going to fill the capacity to facilitate chargebacks.

AL

Well I think that's the hope is that you wind up with something like that. Is that youwind up with like an insurance type of system where merchants subscribe and pay afee. And then there's the ability to do voluntary chargebacks and then you have athird-party arbitrator who can essentially come in and mediate that.

SM

It can happen with escrow services now though. There are some, I mean that arestarting...

AL

Yes, that's true, that's true, but again. You add layers of cost to this thing every timeyou do stuff.

JM

Right.

AL


25/94

And I mean, and that again is the problem. That over the long term the question is,are we throwing the baby out with the bath water by trying to fix these problemsare we in fact ruining the system as a whole.

SM

Yeah, this revolutionary technology that is completely different from the LegacyBanking System is so great! We just need to make it a little more like the LegacyBanking System to make it better. Yeah, and I was disturbed by the way it waspresented in a lot of the talks that I saw. We need to do this. You know, like it's notso bad. Let's just tie our identities to all of our bitcoin addresses and put a socialsecurity number on it. Let's like, you know get rid of the irreversibility oftransactions! And we need to do this, or else bitcoin will never get mainstreamedup. And I disagree with that. And I was sad to see that sort of, I guess they wouldprobably say, well we're being pragmatic. Because this is gonna have to happen

anyway if bitcoin is gonna succeed. Well I'm gonna take the idealist position as Ialways do. And I just want to put it out there and say, I don't think that has tohappen. And we can use bitcoin as it was initially intended and there are certainlyuses for bitcoin that don't involve sacrificing some of those great things aboutbitcoin.

AL

Right, and you know the option is always there if you want to create comply coin. Ithink that that

SM

(laughs) Comply Coin! Yeah, that would be a great market idea.

AL

There's a huge niche for that I think.

SM

Sadly I think there are lots of people who would hear it and they'd say, "Oh, ohgoody, I can do everything the regulators want me to do."


26/94

AL

Because I thought... it does exist it's called Ripple.

JM

Ah, there you go. Well even Ripple has some problems because it is still notanonymous, because it has entry points and exit points where there's identificationthat asks..

SM

What do people criticize Ripple for? Can you just give us overview on that? BecauseI think a lot of our listeners don't even know what Ripple is let alone understand the

criticisms of it so let's talk about that.

JM

So, I'm assuming they're great entrepreneurs. I'm not disparaging them. All thepower to them for trying to better the ecosystem. But when it comes to looking atalternative crypto currencies there are a couple of key identifiers as to whether ornot this is a scam. And when you apply it to something like Ripple it kind of hassome warning signals. So one of them is pre-mining. So if you're

SM

Are you talking about XRP which is the currency that Ripple uses?

JM

Yes.

SM

Okay, so let's say what Ripple is first, I mean.

JM


27/94

Sorry.

SM

So, Ripple is like, um... (laughs) so I don't completely understand it either so correctme if I'm wrong. But, basically it's a network where you can easily convert differentcurrencies. Let's say you need to borrow $50 to get some groceries or something.Like, you could trust somebody who trusts somebody else in China and they couldbasically send - loan you bitcoins or loan you Ripples or loan you Wans or whateverand you could get your $50. And like Ripple is just like the medium of exchange allthe lending takes place outside of Ripple I guess. But it's basically a system that'sbuilt on trust, networks between people and it's a way to convert currencies andexchange credit peer-to-peer.

AL

Right, and of course all those things you say basically translate to its debttransmission network. Where essentially you're not. And this is why you can senddollars through it so fast. Again, you can send dollars as fast as you can send bitcoinbecause you're not really sending the dollars. You're transferring a debt fromsomething that you own and you're applying it to somebody else.

JM

And I think when you look at Ripple it's an amazing iterative step on our currentbanking/financial system.

AL

This is, this is important.

JM

And I look at it, and I'm like, I know five years from now or three years from nowwhen congress is gonna start looking at this space they're gonna be like, "Well whycan't you be like your brother? Ripple's able to do it how come you guys can't do it?C'mon bitcoin, get with it." So I think that ripple is a great transitory, you know,transition into bitcoin.


28/94


29/94

But I remember reading somewhere that if you looked at the current market price ofa Ripple and then you multiplied it by the 100-billion Ripples they have or whateverit is, that it was equal to the value of the market cap of the bitcoin network.

AL

So they gave themselves an impressive pre-market evaluation.

JM

Yeah (laughs). So I don't know how that works, but it kind of looks like they're ableto print money in my opinion.

Break

AL

You're listening to LetsTalkBitcoin. The premier audiocast providing news andinsights that cover the rapidly evolving world of digital money. Our twice weeklyshow include analysis of late breaking news, updates on key, technical, business andregulatory issues - and in-depth interviews with the key people driving the newdigital economy. LetsTalkBitcoin offers sponsors an attractive way to reach a

targeted and savvy audience. For more information email sponsors atLetsTalkBitcoin.com.

Advertisement

More than 300,000 users and counting trust blockchain.info. It's a bitcoin walletservice and a wealth of bitcoin information and is completely free to use. With theBlockchain.info wallet, you'll get the convenience of a web wallet, and the security ofa desktop client. Blockchain.info is also a block explorer. You can use it to seebitcoin transactions in real time, check the balance of any bitcoin address, and do

many handy bitcoin charts, all for free. See what they have to offer today. AtBlockchain.info.

AL


30/94

I think that what you said there about Ripple being an iterative step is reallyimportant because that's the thing. Is that, ,if Ripple had come out- and to a certaindegree I think this extends to open transactions too, because it also is a debttransition mechanism because. You can't - bitcoin and crypto-currencies are so fluidbecause they don't exist in real life. So when you're talking about assets that have

real life presence you simply can't cram those down and shove them through aninternet connection. So it has to be a debt transition mechanism in order to do that.But the thing is that with bitcoin and with crypto-currencies you don't need to dothat at all. It's unnecessary. And especially when we move to a more digitaleconomy where the need to do that at all goes away basically. So you know, again,it's one of those things where if the Ripple system had come out before bitcoin we'dbe having a very different conversation now. And now it'd probably beLetsTalkRipple. Because I mean and again, compared to the banking system wehave now it's so much more efficient compared to crypto currencies. It's lesscompelling.

JM

I just think that if the thing that bitcoin does is force the current baking paradigm tomove to Ripple and then the conversation is Ripple vs. bitcoin. I think that's afantastic world to live in.

SM

Yeah, I completely agree.

AL

And you know, that's an interesting point, because you know that certainly could be- Ripple has gotten a lot of high-profile investors. And that certainly could be theplay they have in mind is that okay, so you've got these crypto-currencies buttheyrekind of flatly incompatible with the existing financial system so if we'regonna move towards something that's more like that then this is an intermediary

step that we can take that we know already complies and can be easily integrated in.And so then we just sell it essentially software as a service to all these bankinginstitutions around the world. Bob's your uncle, you know we're the defacto centerof it all again. It's a very interesting space for them to operate in right now I think.

JM


31/94

Was there someone from Ripple at the conference?

AL

Yes. I'm not sure if I talked to anyone from Ripple. The coin thing and the openthing, very very difficult. So many companies there have those in the names. It'slike when I used to work in the green space and everybody used to have like greenor bio or all those other nonsense. And it's like again, the first couple companiesthat do it. That's great. And then the next 400 companies that do it - it's confusing!

SM

So if you meet someone new and you forget what company they're with you're like,"Oh yeah, you're from coin..." I'm like, "Yeah, Coin Peg, Yeah."

JM

I saw 3 different accountants who had a play on bitcoin accountant in the name.And I just couldn't remember them because they were so similar in the name.

SM

I got some people remembering variations of LetsTalkBitcoin actually like.Someone goes, "Oh, yeah. You're from BitccoinTalk." And then someone goes,"You're from BitTalkLive.". (laughs) LetsTalkBitcoin? Oh real quick. What's thedifference between Ripple and Open Coin or Open transactions?

AL

Open transactions. So Ripple is the product of a company called Open Coin. AndOpen transactions is a product of a company called MonoToss. And we'veinterviewed Chris Odom before,, he goes by Fellow Traveler. He's a podgener of that

technology. I think he's more of a marketer than a code guy. But he managed to putit together to the point where he's really been able to attract some attention. I knowthat they either have just funded or they are in the process of funding right now andare raising a pretty decent amount of capital because again. There's a lot of... youknow again, when you're talking about these systems it's so much easier to complywith these various debt transfer mechanisms because they integrate so much betterso you know again that's where a lot of the money seems like it's going. That andaltcoins too, there are some altcoins that are getting some traction.


32/94

SM

I talk to a litecoin developer yesterday, and there were some litecoin people there,and they were so cool and pleasant to talk to. And I was like I can't wait to see

where they're going. I think we're gonna have an interview with Worm who is oneof the litecoin dev's to talk about the new release and what they're going to do withlitecoin in the future. And I'm just impressed with like... there's more infrastructurethat's coming out. Not just with litecoins but with all these different altcoins. A lotof these coins are where bitcoin was a couple of years ago. And I think people seethat and maybe feel like they missed the boat or whatever. They got in too late andthey want to get in. I think we're still very early in the adoption curve of evenbitcoin. But it's tempting, you see an alt coin and it looks like it has potential, youknow, you wanna get in on the ground floor and see what it does.

AL

Exactly, you know the multiplier is just so enormous. Again, you look at bitcoin,certainly a multiplier. It could be enormous assuming you have a whole bunch ofhundred dollars to throw at buying some bitcoin. But you know, with the alts, thebuy in, you're talking about pennies,. And the potential is still there for that priceincrease. We don't talk about the price but from a speculative standpoint, it seemslike if you could identify the right alts that actually have the right characteristics togive us a chance of making it big, that is really where the exponential potential is fora very small investment to convert into a big one.

SM

Yeah, and I remember one of our first episodes of LetsTalkBitcoin, I want to say itwas like 3 or 4. We talked about altcoins and we gave a rundown of some of themost popular ones. Well even now just a few months later, there are hundreds ofaltcoins. And nobody can keep them straight. I was talking to somebody yesterday,and I said so what are they other script-based altcoins? And he said oh! There areat least 40 I can name off the top of my head. I said 40? I only know of like 2!

JM

Y'know, it's a testament to the space that I'm kind of eating my words. Severalmonths ago I'd kind of make fun of litecoin, and now the discussion is, maybebecause of mining centralization bitcoin needs to become more like litecoin. So youknow you're seeing the free market at work because when you allow people to do


33/94

whatever it is they want to do in the space, the market leader has to learn from thetrail.

SM

I think it's really important to keep an open mind. If you like the concept of bitcoin,or if you just like the concept of crypto-currency in general, if you like anythingabout it. Realize that there's the potential - like, we're still figuring this out andmaybe it's bitcoin, maybe it's litecoin, maybe it's some other coin, or maybe it'sgonna be a bunch of different coins. That's gonna predominate. Coming up.

AL

over the last 2 months I've really gone from there can be only one camp to realizing

that's probably actually not going to be the case. And it's because (beep) happens,and stuff changes, and when things change. And you know, that's the thing, is thatlike, when things change it's gonna happen fast. So now what I have kind of over thelast few weeks come to believe is that right now we're in essentially a belief bubble.Where everybody looks at the crypto currency space. And because it's so new theylook and they say, okay, bitcoin is the one. And then there's all these other ones.They don't matter. And they don't matter right now. But it's because people onlylook at bitcoin. What's gonna happen is they're gonna see some destructive changescoming in bitcoin's future whether or not the developing team likes it and I thinkthat we're probably going to wind up seeing that illusion to that bubble get popped.The illusion dispelled and at that point suddenly it will be a whole new ball game ifyou start an alt. And itll be much more about the merits of your currency rather

than about whether or not you've already achieved an (inaudible (50:21). Again,because there's that potential for the exponential multiplier of very smallinvestments to convert into very large ones.

SM

There is something to be said for achieving the network effect though.

AL

Certainly. It's no small barrier I don't mean to say that.

JM


34/94

Essentially what you're saying is we're waiting for bitcoin to have its Mt. Gox event.

AL

Right, exactly, but you can think about it like this. When bitcoin has its Mt. Goxevent instead of all the money in Mt. Gox being locked down, bitcoin is totally liquid.So it's very very easy to just (beep) slip into the next one. I have to edit that. I'vebeen swearing for the last couple of days...

JM

It's New York it does it to you. (laugh) I mean but yeah, you had a company that hadeverything going for it. It had 90-something percent of the space and through aseries of unfortunate events, that would have happened to anyone who - the point

about a trailblazer.

SM

It took a lot of unfortunate events though, I mean once it got to the critical point itwas hard to knock it down off the pedestal, right?

JM

Right, and I mean the same could be said about bitcoin for example, people like toforget that bitcoin is 0.8 version right now. It is still a beta. It is a multi-billiondollar beta. And, what's to stop some random error that no one has seen justwrecking the whole thing?

AL

Oh, so we should talk about that. On that note, so we had some conversation fromsome miners, Stephanie I know that you interviewed. I had some conversations off

the record with some people about this kind of question. Specifically about, wetalked about HOPEC was it?

SM

OHEC


35/94

AL

Oh heck, oh heck, that was it.

SM

Organization Hasing Power Exporters

AL

Yeah, that's right, so some people didn't understand what we were talking about. Itwas kind of a joke, because, the oh heck was kind of a joke. Because in order for

that... in case you haven't listened to the last episode where we talked about this,basically KNC miner released a statement saying that they were going to stopshipping ASIC units from November through Q1 of 2014 with the idea being thatthis would protect the investment of the people who have purchased equipmentcoming before because in Q2 they're going to release, and they could in Q1 butthey're gonna hold it until Q2... um, are going to release hardware that is orders ofmagnitude cheaper and faster than what people have previously ordered. And so ifthey were to release it at the pace of technology then the people who were gettingthis mining hardware would be almost instantly obsolete and have no opportunityto earn their money back. And of course that's bad if you're a business that tries tohave customers that buy your product if you're iterating so fast with the technology

that people can't even have a chance to make back their investment.

JM

Although I would like to say in this space that I personally think that's a greatmarketing pitch for their company but that if you look at what happened in the pastwith EFU of Avalon. He had said hey look, we're the market leader just because Ihad no idea that every single other company wouldn't ship. When you're talkingabout how successful you're gonna be at executing in this space it's a space that hasa lot of people not executing. So I just think that if they could do what they say

they're gonna do they should just do it. Because executing in this space is so rarethat I think the market needs that more than it needs someone being it's Batman.The protector it may not need but it needs... it doesn't know but it wants.

AL


36/94


37/94

SM

But I guess the question is, is there some other company out there who is beingcompletely quiet, and is totally off the radar is a wild card and is going to come up

with some powerful ASIC during that time frame. And that could throw a wrench ineverybody's work. KNC said that if somebody does that they're gonna continue toreleae their devices as best they can.

AL

Right, exactly, exactly, so that's the thing, if the cartel fails, then everybody is justfree for all wild west again, everybody releases as fast as they can. And of coursethen the question becomes what's the balance between releasing so that you're thefirst one out and you're the first. Because otherw- if you're the last man out thedoor, then chance are pretty good. People who are excited about buying thatespecially with as fast as the tech is moving are not going to have any reason to buyyour product. Unless there's a material advantage. And it doesn't really seem likeanyone is going out of their way. What I've been waiting for is a truly plug-n-playASIC solution. And as far as I'm concerned we still have yet to see anything like that.

JM

You know the Avalon at BitInstant has been not operable in the past couple of weeks

just because it broke and no one knows how to fix it. So the one bitcoin per day thatit could be making for the foundation.

SM

Is that why (Ifu) is here to fix it?

JM

Yeah, that's why he came back from China. So they're just like ahhh, they clearlyhave other things that they have to deal with.

AL

Right, well.


38/94

JM

These things are complicated.

AL

They are!

SM

I've seen a picture of that thing and it's funny because like you see ASICs advertisedonline and it's like a sleek little black box with you know a USD cable coming off of it.

This thing looks like... I don't know, it looks like a printing press. It's big, it's likeopen, it doesn't have a nice case or anything but it works. Or at least it did workuntil just a couple weeks ago. But, yeah, that was a while ago that the first batch ofAvalon ASICs shipped, so it's been operable for a while.

JM

Yeah, they had a good run.

SM

Yeah, definitely. They were in a great position. But I mean Sam was saying fromKNC miner that this is actually good for bitcoin. It's not centralizing it's actually thatthey're trying to get ASICs into the hands of as many people as possible. Theaverage person, and he was saying that ASICs are a reality, everyone's going to behaving them at some point, and we're gonna try and get them into as many hands aspossible so that the mining power is distributed.

JMSo you guys were on one of what I would say one of the most interesting panels.Jonathan and Stephanie, you guys were both on the Bitcoin & Free Speech,moderated by our good friend Mark Hoshtein from American Banker.

SM


39/94

Yeah, he was so cool. I got to know him the other night, yeah he was really fun totalk to.

JM

Marks' the man. I'll tell you that.

SM

That was a fun panel. We got a lot of positive feedback on it. It was sort of a nicecounter-balance to all the people saying yeah we need more regulation. And wewere like no, bitcoin is free speech!

JM

Yeah, well I think any panel that in 45 minutes talks about prostitution, drugs andguns is doing the right thing to bitcoin.

SM

Well Adam got some audio of it so I think you'll be able to hear that pretty soon.

AL

Yeah yeah yeah, it turns out they weren't filming any of the talks there. So I took theH4M, that's what we're recording on right now, and I got a direct feed out of theboard. And then of course for about half of them I forgot to press the button twice.You had to press the button twice on this thing otherwise it doesn't work. And I wasrunning around the entire time, but I only caught maybe 3 or 4 of the talks. But theones that we did get we are going to be releasing.

SM

That's great, yeah. I'm really glad you did that. I wasn't expecting them not to befilming. But maybe, yeah maybe the next event they will.

AL


40/94

Well, what I- so again, so this event was really cool. I actually thought the event waspretty interesting, put on pretty well. It was a little bit more expensive than I wouldhave liked. I know some people couldn't attend because the cost was simply prettyhigh relative to the- you know, the San Jose conference was like $180 for a two dayevent. This one if you got the early bird price it was $299. If you used our 20%

coupon it's less than that.

SM

For one day.

AL

For one day. And at the door it was $599.

JM

Wow.

SM

Really? It was packed though.

AL

Yeah. It was packed. It was packed. And again, over time people more drifted out ofthe talks and more into the networking area and that's what happened with bothyou and I.

JM

But the thing about these conferences is it kind of is about the price that they chargejust because the price is an indicator of how bad you want it.

AL

well it determines the type of audience that you get.


41/94

JM

That's what I'm saying, so you know that the other person wanted it bad enough toeither scam their way into the conference as I happened to have done. Or to actually

have paid the fee.

SM

It's not scamming we gave them something of value.

JM

True. That's true.

SM

So yeah, back to the panel. So I thought it was really cool because we got to talkabout wikileaks and some of the potential bitcoin has to help organizations thatmight be marginalized. And the idea of bitcoin neutrality which is something I knowis really interesting to Andreas so I'm curious to hear his thoughts about that. Butthe idea of neutrality being- you know, if you have a technology like bitcoin thatanybody can use,, that's just it! Anybody can use it, right? So some people, they're

gonna be people you don't like, that use it. And they're gonna use it for things thatyou don't like. But there are also gonna be people who are great who use it, andwho use it for things that you do like. And you can't get rid of the so called badpeople without getting rid of everybody's privacy and freedom. So...

AL

Right, this is the theme that comes up over and over and over again. And it wastalked about in your panel pretty extensively. The idea being that if the point is toprotect us from crime, and to protect the world from certain types of things like

terrorism, human trafficking and things like that. Then that's all well and good. Andthat's a noble goal. But Stephanie, you had a great point. You said it's all aboutdifferentiating the transaction from the actual crime. And the differentiating factorthere is that a crime has a victim whereas a financial transaction has a recipient.That might be something that enables the crime. But it's the crime-


42/94

SM

Oh please, victimize me by sending me money.

AL

But it's all about establishing that harm is actually done not that somebody paid forsomething that might have potentially caused a problem down the road. Becauseonce you start doing that it gives you the rationale to start listening to everybody tostart tracking everything. And that might make sense in some sort of weird Alice InWonderland, through the looking glass world. But I think in the world we live inmost people would agree that if 99.99% of people aren't doing stuff like that. Andyou know that small percentage is - it probably doesn't make sense, is inconvenientand essentially remove the privacy of that 99.99% that aren't doing those bad thingsjust to try and stop or at least detect. Because that's the other thing of course is that

we're not even talking about stopping these things from happening. We're talkingabout punishing them. Punishing them after the fact so I mean it makes no sense.Except of course in this Alice In Wonderland world we live in.

JM

You know when the CEO of Discovery was interviewed and they go what do you oweyour success to? He said. You know, sharks and Nazis. And I kind of feel like whenit comes to bitcoins and when it comes to security, it's always the terrorists and thepedophiles. And that's always the discussion of everything always comes down to

the .01% of bad actors that need to dictate the rest of the 99.99% of the market.And it just drives me insane because when you're talking about bitcoin it's, nothingexists in the vacuum. It's always in compared to what. And when the gentlemanasked that question of..

SM

Yeah, right, how many cash transactions are used in activities that potentially hurtpeople and do have victims and... I mean, I would argue that buying drugs forpersonal consumption is a victimless crime.

JM

Right you weren't going to win that argument there.


43/94

SM

I don't know, I think some people were sympathetic to us. Especially the guy whoasked that question. But, um, but yeah. When you're talking about things thatactually are crimes, that actually have a victim, that are causing harm to people.Orders of magnitude more of those are done in cash or are done through the legacybanking system. I mean, I think I brought up the point on the panel that drugdealers, loan sharks, they have bank accounts.

AL

And you know, Allen Safonte, oh gosh, I'm probably mispronouncing the name.Asfahe? Ok, yeah, um, from ZipZap. You know, he's an Iranian and has been living inthis country for a long time. And one of the things that he talked about was howright now you can go into any store and buy essentially $500 of free paid Visa cards

or prepaid debit cards and there's no KYC processors, no identity processorswhatsoever. You can go in and you can buy a shoebox full and they are just as goodas cash...

SM

Take 'em across the boarder.

AL

Exactly so it's like, so the idea here is that on the internet it's different. I mean, youthink about it, and it's not different. It's not different at all, there's nothing differentabout it.

JM

Well, I mean, the internets different. Just because granddad doesn't know how the

tubes work...I mean you look at punishment in terms of the internet and you graffitia place and you'll get some community service. But you DDoS a restaurant or awebsite and now you get years. And it's a comprable act of writing graffiti or takinga site down for a few minutes. Especially if there are no damages if it's a non-commerce site. And it's just the prosecutions of things that are computer relatedare...

SM


44/94

That's why.. ok, so it sounds like what you're saying basically is that the regulationsor like the legal system hasn't caught up with the fact that we have the internet andthere are analogies to like real world physical things that happen in the worldincluding so-called crimes and stuff like that. And so, what I wonder is, there musthave been people... and people compare bitcoin to the internet in 1992, bitcoin right

now. So there must have been people in the early days of the internet who weretrying to educate the legislators and were trying to tell the government this is whatthe internet does and here's how you can regulate it in a way that makes it friendlyto us. There had to have been people trying to do that but it still hasn't caught up. Imean, 20 years later we still don't have modern laws that understand the internet ina way. It's still sort of back in the.. comparing it to phones and faxes and things likethat.

JM

Kevin Mitnik has an amazing auto-biography. And in it he writes about how hewould hack all of these establishments but he wasn't doing anything illegal becausethere were no laws on the books on it. So they were like, alright well let ya go this

time. And that was just an amazing time to experience and where the internet wasso new that there were no laws on it just like bitcoin is right now.

AL

So what's the 60-second biography as you know it on Kevin Bitnik for those whodon't know?

JM

So it's called a Ghost in the Machine. And essentially it's what taught me that KevinBitnik is chaotic neutral. Because he had the power to take down billion dollarestablishments and he could have been the Julian Assange a hundred times over butjust wanted to do it so that he could be a phone phreak and just like prank callpeople. He once got cut off in traffic and got the guy's license plate number, got hiscell phone number, called him a few minutes later and then said that if you're ever

on the road again I will take your license away from you. That's the power that hehad. And he didn't use it for good, he didn't use it for evil, he used it for Kevin Bitnik.

AL

He used it for Kevin Bitnik. Chaotic neutral.


45/94

JM

Chaotic neutral. But it's a fantastic book. That and We Are Anonymous kind ofreally give you a good understanding of what it's like in the hacker space especially

when it comes to dealing with the law.

SM

Yeah. I guess the point on that was that if we don't have internet regulations thataren't modern and caught up with the times so-called. What makes people thinkwho are arguing now think oh we need to regulate bitcoin? What makes peoplethink that they're gonna pass laws that are modern and what thee people want forbitcoins?

JM

But I don't think it's about that when it comes to the regulation. I look at regulationas a thing that's needed because when businesses need investment, whenbusinesses need a bank account, there needs to be some risk mitigation there andyou can't invest in an unknown unknown. And until theres some precedent set inthe legal space bitcoin businesses are so toxic that banks don't even want to giveyou an account. There was an entrepreneurship...

SM

It's okay you don't need an account.

AL

Sometimes you do.

JM

Right. There was a business, there was an entrepreneurship pitch contest earlierthis month and the woman who won, won because she had 3 separate bankaccounts in 3 separate places that gave her an account.


46/94

AL

So anyways, we're just about out of time here. Guys, this has been great. Jonathan,you did real well.

JM

Thank you, it was a pleasure.

AL

This is good, this is good.

SM

Yeah, this was fun.

AL

So yeah, this was a fun conference, so there's another one. So I know you've beeninvited to speak at the one in Las Vegas that's happening in December, yeah?

JM

Yeah, that'll be a lot of fun.

AL

Yeah, it sounds like they're going to have a lot of the same speakers. I've also beeninvited back.

SM

Invited back?

AL


47/94

They're doing another event. They're doing another one of these events inDecember. Yeah, Media Bistro, the same company that put this on.

JM

Although it'll be in an even funner context. It's the social gaming and gamblingconference.

AL

Well my understanding is actually that there are two going on at the same time, thebitcoin one and the social gaming one.

JM

So it is the social gaming and gambling conference and they have multiple tracks.And he is going to add a bitcoin track to that conference. So he really wants to getthat Eric Vorhees on that panel. So if anyone has a gambling company and they wishto have a place to promote it I would certainly talk to Media Bistro right now.

AL

So guys, thanks again, once again thank you for joining me this was episode 30, Iguess that's another milestone we don't really celebrate milestones because theycome by so fast. I don't know, we had bacon today so

JM

Any time you have bacon it's a celebration.

AL

(laughs) Fair enough. Alright guys. We'll see you next time on another episode ofLetsTalkBitcoin.

Thanks for listening to this portion of our special LetsTalkBitcoin conferencecoverage. Big thanks to Media Bistro for putting on a wonderful even at Inside


48/94

Bitcoins. Stay tuned for more to come over the course of August. If you have anycomments or questions for me directly you can email Adam at LetsTalkBitcoin.com.If you have questions, comments, or suggestions directed at the show broadly,please visit letstalkbitcoin.com/reddit. See ya next time! (music)

Hi folks, Adam E. Livine here for LetsTalkBitcoin. Continuing our August trend,today's episode, is a two-parter. The second portion of today's episode wasrecorded in Manhattan. The day after the Inside Bitcoins event with StephanieMurphy and special guest host Jonathan Mohan of Bittcoin NYC. We talk about theconference, the attendees, ripple, ASIC mining panels, and also bacon. Big thanks toJonathan Mohan who did a great job with this segment and who you'll be hearingmore from in the weeks to come. But first, there's some important news news forusers of Android wallets. When news breaks in the bitcoin world often times it'shard to understand. This week a vulnerability was revealed in the Androidoperating system that put a real fear in the bitcoin community. LTB Host AndreasAmantonopolis spoke with Andreas Peterson of the Mycelium wallet project about

exactly what happened. But before we get to that, Andreas, I had some questions foryou. First off, in the interview that follows, you talk a lot about entropy. Can youexplain to me what that is in sort of simple terms?

AA

Sure, Entropy is a measure of how much information there is in a message. If youlook at it the other way around how much randomness there is in a message incomputer science terms. In physics terms it's essentially how much disorder thereis in a system or how much energy in the form of heat there is in a system. But in

the case of information systems really you can say entropy is saying the same asrandomness. So the problem we're discussing in this particular bug is thatsomething that should be random - that means it should have high entropy - is notrandom. It doesn't have the necessary entropy. In fact, it's a rather predictablesequence.

AL

So when we talk about randomness that can also be characterized as noisecompared to the signal, right?

AA

Well, effectively yes. If you have a random stream, especially if it's a secure randomnumber generator where you expect it to have certain characteristics of


49/94

randomness then there should be no signal - that's the definition. So every bit thatcomes out of that should be noise - you should have no signal.

AL

So it's all noise then. Ok, so if it's all noise, then is there a difference between a lot ofnoise in a system versus a little noise in a system? Just not necessarily talking aboutrandom number generators just broadly speaking. If you're trying to encryptsomething or secure something, is it better to have more randomness than lessrandomness?

AA

You need absolute randomness. Let me give you an example. Let's say that there's a

function within the system where you're taking a random number and you'remultiplying it with your secret key. So for simplicity sake, let's say I have a secretkey and my secret key is 3. So give me a random number between 1 and 50.

AL

35

AA

Fantastic, so, I'm going to multiply that by 3 and I've got my digital signature. So if Iask you in my next transaction, give me a number between 1 and 50.

AL

17

AA

Ok, great, so you gave me a different one. But what if you had said 35 again and Ihad then multiplied that by 3 and broadcast it to the network. And people knewthat they could guess that if you'd said 35 once you were likely to say 35 again.Well, then they could just divide by 35 and figure out what my private key is. Theywouldn't be able to do that if you actually came up with a random number. So that's


50/94

the problem. The problem is you should say something different, but, you say thesame number again.

AL

And so that's more likely to happen in a system that has less entropy than one thathas more entropy, is that right? Because there are fewer possible numbers?

AA

So the way it works is when you have a secure cryptographic random numbergenerator, you can only pull out bits for the amount of entropy it has. So let's say forexample it has currently 128 random bits to give you. If you get 128 random bitsthose will be random. If you tried to pull out 200 bits, you know, the first 128 will

be random but after that, the system doesn't yet have enough entropy. You have towait a bit for random processes to occur. The basic concept behind it here is thiswas not a problem of running out of entropy, This was simply a broken algorithm,so, it was supposed to give out 256 bits of entropy and instead it gave out onaverage 9. So the difference there is instead of having more choices or probabilitiesthan there are atoms in the universe it came down to 500 combinations. That's 9bits of entropy. So you can very easily test all 500 combinations and pretty muchfigure out what the next random number that's supposed to be random is and if youcan guess the next number - well, it's not random.

AL

So what should have taken all the super computers that are currently in existence inorder to crack this one particular 256 degrees of randomness basically-

AA

-You could do on a wide board with a pen.

AL

Right okay, well that makes a lot of sense. Ok great. Well I really appreciate youproviding some clarity for us on this issue. Let's jump right into the interview withthe other Andreas.


51/94

Hi everyone, this has been a rather exciting week in the bitcoin space with theannouncement of a very critical android bug that has widespread repercussions allacross the mobile wallet space. To discuss this in a bit more detail I'm very pleasedto be joined today by Andreas Peterson who is one of the owners/authors of theMycelium Mobile Wallet and he's here to talk to us a bit about this recent breach.

AP

Hello everyone.

AL

Hello Andreas, thank you so much for joining us. Can you tell me a bit about whatexactly the problem is - where did this start?

AP

To see the source of the problem we have to go back in time a little bit to 2012 whenthere was an announcement of a randomness failure in the Android implementationof Java. Basically in the harmony system. This was presented in the RSA conferencein 2013 - I think it was March. This was mainly an academic problem. Becausenobody could really see the practical problem behind it except for this weirdrandomness behavior on Android.

AL

Yeah, so it would only really apply if you had some kind of bizarre digital currencythat could somehow be stolen, right?

AP

Yes, yeah, so most people don't really notice if let's say their SSL connections aren't

really that secure or if they encounter some other kind of problem. So, bitcoin reallyputs the system under test here and reveals these kinds of problems. To be precise Ithink this is not a single problem - there are two very distinct problems that wehave seen here. The first problem is you know there's a so called random device inmost Linux systems or in all Linux systems, and from that there is a U-Randomdevice. These seem to be working fine as far as we know.


52/94

AL

So the operating system random device generator that creates random numbersthat's working ok on Android.

AP

Yeah, yeah - so to actually use random numbers on Android using Java language youneed to instantiate a so-called secure random object and that secure random objectis just a wrapper for a system library and that is commonly implemented usingOpenSL. And that implements the randomness by talking to the device and so thereare many layers involved here. Wallet Alphas did nothing wrong. They stuck to thedocumentation and applied the best practices to not rewrite your cryptography andso on. So that was not the problem. The problem was between all these layers,entropy was removed from the original entropy source that is the random device.

AL

So basically you're getting numbers that are less random than they should be fromthe source so gradually they're getting less and less random, ok.

AP

Yeah, but from that bug directly nobody really lost money. I have talked to another

guy who is cracking private keys as a hobby, and he generated lots and lots ofrandom numbers. 2.6 million random numbers and he never got the collision usingAndroid. He never got the collision so there was no private key compromised as faras we know. We don't know really, but what we do know is that there is a secondissue. That is, when signing transactions there is also a random number needed togenerate a valid signature. And those signatures are definitely not as random as wethink they are.

AL

So let me just clarify there Andreas for a second. So the issue is not with the keygeneration per se, the issue is that when you try to sign a transaction especially tospend it, you are in a situation where you are seeding that signature with a randomnumber which is not random and if you do that more than twice, that can reveal theprivate key. Is that correct?


53/94

AP

Yes, exactly. So there is an equation, it is described very nicely in a bitcoin magazinearticle. If you have this random number and you use it twice, then using thisequation you can trivially, simply, calculate the private key that was used. Thismeans that if you have a weak random number generator that can potentiallyexpose your private key to everyone. That has happened a number of times in thepast. Most of the time where it was when people were playing around with toyimplementations, prototype implementations of clients. But it also happened onAndroid directly when signing transactions. The issue is that you create a newsecure random instance and then you query it twice. Under very weirdcircumstances there are fallback scenarios where the entropy goes down to a levelwhere it has a very high chance of repeating the same value. Basically I think that insome cases the randomness can go down to 9 bits of entropy instead of 256 bits ofentropy.

AL

Given all of those circumstances I would assume that means whether you'vegenerated the key on an Android wallet or not, if you have an Android wallet that isusing this Java secure random number generator, and you use that to spend moneyat any time you have a chance of having revealed a private key for that particularwallet?

AP

Right now I would assume - of course you should migrate your keys because of thegeneral entropy issues - but, right now, if you haven't lost your money yet, it's notextremely likely that you will lose it in the future because of this secondvulnerability. Because that would mean if you continue using the old software andgenerate these weak transactions yes, then you could potentially expose that. Butthat's very unlikely.

AL

So one thing that was rather interesting with this was that the bug itself expressesitself on the block chain in a way that anyone can go and find these suspecttransactions. Presumably you're looking at a transaction, or rather you're looking attwo consecutive transactions done by a same key where the same randomparameter R was used for both, and presumably you can just write software thattrachles through the block chain to find these, right?


54/94

AP

Yeah, and people were doing this and you will lose your money rather quickly if yougenerate such a transaction.

AL

If you'd already done it you would have lost your money already so there's nothingto worry about. Just don't make any new transactions.

AP

Yeah, and of course all the change of keys. There are many properties of this stack,MSSL, and the Android API that are kind of shady in my opinion because it certainly

isn't impossible to implement that in a way that it would simply work. And it's kindof shady that it fails in such a way, so I would say if somebody used secure randomon Android for any purpose that you should change your keys because there mightbe a vulnerability that we don't know exactly about yet.

AL

So Andreas, would you say that this bitcoin demonstration makes the 2013announcement at RSA much more critical and concrete now and should thereforelead other developers on Android doing software that's not directly related to

bitcoin but to other secure implementations. This will kind of wake them up, youknow, this is now in the wild and usable.

AP

I don't really think it's a very big coincidence that all these bugs happened together.A kind of conspiracy theory here, but of course, this bug makes it potentially mucheasier for anyone with massive computing resources to crack encryptedcommunication. And therefore everyone who is the author of any cryptographicallyinteresting application on Android should definitely cease to use secure random andrather look for an alternative. So, the most obvious alternative would be to accessDAFU random device. DAFU random file directly and read from that as we do nowin the Mycelium wallet. The other thing is that I'm currently looking into animplementation proposal by Bruce Schneier, if that would provide a very goodalternative that we could combine multiple entropy sources.


55/94

AL

Ah, right, yes. As a developer of the popular and very function Mycelium wallet,you've taken steps now to fix this problem I'm assuming all of the Android bitcoinwallet developers are doing so. What would the users experience? Would theyexperience simply an update coming through their play store?

AP

Yes, so first of all I have to really give credit to Jan Mechler, and as far as I know allpopular Android wallets have been updated so that they are four wallets out therethat keep your own private keys on the device. That's bitcoin wallet from (inaudible14:30), that's Mycelium wallet, Blockchain.info, and also the now kind of deprecatedBitcoin Spinner - that was the previous application from Jan - was also updated. Soon some of these wallets you need to manually do the key rotation, but on others for

example on the Mycelium wallet there's a wizard that detects old keys andautomatically moves them to new keys. And in the process what I really want toemphasize here, please do make a backup of all your old keys and your new keys.You don't know if you're going to need them in the future. In the wizard it also givesyou the opportunity to make a backup. So please do that and get those private keysonto a piece of paper please.

AL

Okay, yes, very good advice. Get it onto paper wallets as backups. So let me just

clarify a tiny bit. You talked about the rotating keys, if you were to break down thisprocess: you download the new code from the software developers who haveupdated the code. You make a backup of the keys as you very rightly just said. Thenyou create a new wallet, and then you essentially send all the money from the oldwallet to the new wallet? Is that it pretty much?

AP

You will send money from one address to another address and your wallet softwarenow has maybe both addresses in it or just one address in it depending on the

implementation used. It's not a very complex problem, you're

Documents

Transcription Episode 33 New York