Transcription Episode 33 NY v.2

8/13/2019 Transcription Episode 33 NY v.2

1/70

Episode 33 Live From New York!

Participants: Adam B. Levine (AL) Host

Andreas M. Antonopoulos (AA) Co-host

Stephan y Murph y (SM) Co-host

Jonathan Mohan (JM) BitcoinNYC Special Guest

(music)

AL: Hi folks, Adam B. Levine here for LetsTalkBitcoin. Continuing ourAugust trend, today's episode, is a two-parter. The second portion oftoday's episode was recorded in Manhattan. The day after the InsideBitcoins event with Stephanie Murphy and special guest host JonathanMohan of Bitcoin NYC. We talk about the conference, the attendees,ripple, ASIC mining panels, and also bacon. Big thanks to JonathanMohan who did a great job with this segment and who you'll be hearingmore from in the weeks to come. But first, there's some important newsfor users of Android wallets. When news breaks in the bitcoin worldoften times it's hard to understand. This week a vulnerability wasrevealed in the Android operating system that put a real fear in thebitcoin community. LTB Host Andreas Antonopoulos spoke withAndreas Peterson of the Mycelium wallet project about exactly whathappened. But before we get to that, Andreas, I had some questions foryou. First off, in the interview that follows, you talk a lot about entropy.Can you explain to me what that is in sort of simple terms?

AA: Sure, entropy is a measure of how much information there is in amessage. If you look at it the other way around how much randomness

there is in a message in computer science terms. In physics terms it'sessentially how much disorder there is in a system or how much energyin the form of heat there is in a system. But in the case of informationsystems really you can say entropy is saying the same as randomness.So the problem we're discussing in this particular bug is that somethingthat should be random - that means it should have high entropy - is not


2/70

random. It doesn't have the necessary entropy. In fact, it's a ratherpredictable sequence.

AL: So when we talk about randomness that can also be characterized asnoise compared to the signal, right?

AA: Well, effectively yes. In a random- if you have a random stream,especially if it's a secure random number generator where you expect itto have certain characteristics of randomness then there should be nosignal - that's the definition. So every bit that comes out of that shouldbe noise - you should have no signal.

AL: So it's all noise then. Ok, so if it's all noise, then is there a difference

between a lot of noise in a system versus a little noise in a system? Justnot necessarily talking about random number generators just broadlyspeaking. If you're trying to encrypt something or secure something, isit better to have more randomness than less randomness?

AA: You need absolute randomness. Let me give you an example. Let'ssay that there's a function within the system where you're taking arandom number and you're multiplying it with your secret key. So forsimplicity sake, let's say I have a secret key and my secret key is 3. Sogive me a random number between 1 and 50.

AL: 35

AA: Fantastic, so, I'm gonna multiply that by 3 and I've got my digitalsignature. So if I ask you in my next transaction, give me a numberbetween 1 and 50.

AL: 17

AA: Ok, great, so you gave me a different one. But what if you had said35 again and I had then multiplied that by 3 and broadcast it to thenetwork. And people knew that they could guess that if you'd said 35once you were likely to say 35 again. Well, then they can just divide by35 and figure out what my private key is. They wouldn't actually beable to do that if you actually came up with a random number. So that'sthe problem. The problem is you should say something different, but,you say the same number again.


3/70

AL: And so that's more likely to happen in a system that has less entropythan one that has more entropy, is that right? Because there are fewerpossible numbers?

AA: So the way it works is when you have a secure cryptographicrandom number generator, you can only pull out bits for the amount ofentropy it has. So let's say for example it has currently 128 random bitsto give you. If you get 128 random bits those will be random. If youtried to pull out 200 bits, you know, the first 128 will be random butafter that, the system doesn't yet have enough entropy. You have towait a bit for random processes to occur. The basic concept behind ithere is this was not a problem of running out of entropy, This wassimply a broken algorithm, so, it was supposed to give out 256 bits ofentropy and instead it gave out on average 9. So the difference there is

instead of having more choices or probabilities than there are atoms inthe universe it came down to 500 combinations. That's 9 bits ofentropy. So you can very easily test all 500 combinations and prettymuch figure out what the next random number that's supposed to berandom is and if you can guess the next number - well, it's not random.

AL: So what should have taken all the super computers that arecurrently in existence in order to crack this one particular 256 degreesof randomness basically-

AA: -You could do on a wide board with a pen.AL: Right okay, well that makes a lot of sense. Ok great. Well I reallyappreciate you providing some clarity for us on this issue. Let's jumpright into the interview with the other Andreas.

Break

AA: Hi everyone, this has been a rather exciting week in the bitcoinspace with the announcement of a very critical android bug that haswidespread repercussions all across the mobile wallet space. To discussthis in a bit more detail I'm very pleased to be joined today by AndreasPeterson who is one of the owners/authors of the Mycelium MobileWallet and he's here to talk to us a bit about this recent breach.

AP: Hello everyone.


4/70

AA: Hello Andreas, thank you so much for joining us. Can you tell me abit about what exactly the problem is - where did this start?

AP: To see the source of the problem we have to go back in time a littlebit to 2012 when there was an announcement of a randomness failurein the Android implementation of Java. Basically in the harmonysystem. This was presented in the RSA conference in 2013 - I think itwas March. This was mainly an academic problem. Because nobodycould really see the practical problem behind it except for this weirdrandomness behavior on Android.

AA: Yeah, so it would only really apply if you had some kind of bizarredigital currency that somehow could be stolen, right?

AP: Yes, yeah, so most people don't really notice if let's say their SSLconnections aren't really that secure or if they encounter some otherkind of problem. So, bitcoin really puts the system under test here andreveals these kinds of problems. To be precise I think this is not a singleproblem - there are two very distinct problems that we have seen here.The first problem is you know there's a so called random device in mostLinux systems or in all Linux systems, and from that there is a U-Random device. These seem to be working fine as far as we know.

AA: So the operating system random device generator that createsrandom numbers that's working ok on Android.

AP: Yeah, yeah - so to actually use random numbers on Android usingJava language you need to instantiate a so-called secure random objectand that secure random object is just a wrapper for a system library andthat is commonly implemented using OpenSL. And that implements therandomness by talking to the device and so there are many layersinvolved here. Wallet Alphas did nothing wrong. They stuck to thedocumentation and applied the best practices to not rewrite yourcryptography and so on. So that was not the problem. The problem was

between all these layers, entropy was removed from the originalentropy source that is the random device.

AA: So basically you're getting numbers that are less random than theyshould be from the source so gradually they're getting less and lessrandom. Ok.


5/70

AP: Yeah, but from that bug directly nobody really lost money. I havetalked to another guy who is cracking private keys as a hobby, and hegenerated lots and lots of random numbers. 2.6 million randomnumbers and he never got the collision using Android. He never got the

collision so there was no private key compromised as far as we know.We don't know really, but what we do know is that there is a secondissue. That is, when signing transactions, there is also a random numberneeded to generate a valid signature. And those signatures aredefinitely not as random as we think they are.

AA: So let me just clarify there Andreas for a second. So the issue is notwith the key generation per se, the issue is: when you try to sign atransaction especially to spend it, you are in a situation where you areseeding that signature with a random number which is not random and

if you do that more than twice, that can reveal the private key. Is thatcorrect?

AP: Yes, exactly. So there is an equation, it is described very nicely in abitcoin magazine article. If you have this random number and you use ittwice, then using this equation you can trivially, simply, calculate theprivate key that was used. This means that if you have a weak randomnumber generator that can potentially expose your private key toeveryone. That has happened a number of times in the past. Most of thetime where it was when people were playing around with toyimplementations, prototype implementations of clients. But it alsohappened on Android directly when signing transactions. The issue isthat you create a new secure random instance and then you query ittwice. Under very weird circumstances there are fallback scenarioswhere the entropy goes down to a level where it has a very high chanceof repeating the same value. Basically I think that in some cases therandomness can go down to 9 bits of entropy instead of 256 bits ofentropy.

AA: Given all of those circumstances I would assume that meanswhether you've generated the key on an Android wallet or not, if youhave an Android wallet that is using this Java secure random numbergenerator, and you use that to spend money at any time you have achance of having revealed a private key for that particular wallet?

AP: Right now I would assume - of course you should migrate your keysbecause of the general entropy issues - but, right now, if you haven't lost


6/70

your money yet, it's not extremely likely that you will lose it in thefuture because of this second vulnerability. Because that would mean ifyou continue using the old software and generate these weaktransactions yes, then you could potentially expose that. But that's very

unlikely.AA: So one thing that was rather interesting with this was that the bugitself expresses itself on the block chain in a way that anyone can go andfind these suspect transactions. Presumably you're looking at atransaction, or rather you're looking at two consecutive transactionsdone by a same key where the same random parameter R was used forboth, and presumably you can just write software that trackless throughthe block chain to find these, right?

AP: Yeah, and people were doing this and you will lose your moneyrather quickly if you generate such a transaction.

AA: If you'd already done it you would have lost your money already sothere's nothing to worry about. Just don't make any new transactions.

AP: Yeah, and of course all the change of keys. There are manyproperties of this stack, MSSL, and the Android API that are kind ofshady in my opinion because it certainly isn't impossible to implementthat in a way that it would simply work. And it's kind of shady that itfails in such a way, so I would say if somebody used secure random onAndroid for any purpose that you should change your keys becausethere might be a vulnerability that we don't know exactly about yet.

AA: So Andreas, would you say that this bitcoin demonstration makesthe 2013 announcement at RSA much more critical and concrete nowand should therefore lead other developers on Android doing softwarethat's not directly related to bitcoin but to other secureimplementations. This will kind of wake them up, you know, this is nowin the wild and usable.

AP: I don't really think it's a very big coincidence that all these bugshappened together. A kind of conspiracy theory here, but of course, thisbug makes it potentially much easier for anyone with massivecomputing resources to crack encrypted communication. And thereforeeveryone who is the author of any cryptographically interestingapplication on Android should definitely cease to use secure random


7/70

and rather look for an alternative. So, the most obvious alternativewould be to access DAFU random device. DAFU random file directly andread from that as we do now in the Mycelium wallet. The other thing isthat I'm currently looking into an implementation proposal by Bruce

Schneier, if that would provide a very good alternative that we couldcombine multiple entropy sources.

AA: Ah, right, yes. As a developer of the popular and very functional anduseful Mycelium wallet, you've taken steps now to fix this problem I'massuming all of the Android bitcoin wallet developers are doing so.What would the users experience? Would they experience simply anupdate coming through their play store?

AP: Yes, so first of all I have to really give credit to Jan Meller, and as faras I know all popular Android wallets have been updated so that theyare four wallets out there that keep your own private keys on thedevice. That's bitcoin wallet from (inaudible 14:30), that's Myceliumwallet, Blockchain.info, and also the now kind of deprecated BitcoinSpinner - that was the previous application from Jan - was also updated.So on some of these wallets you need to manually do the key rotation,but on others for example on the Mycelium wallet there's a wizard thatdetects old keys and automatically moves them to new keys. And in theprocess what I really want to emphasize here, please do make a backupof all your old keys and your new keys. You don't know if you're goingto need them in the future. In the wizard it also gives you theopportunity to make a backup. So please do that and get those privatekeys onto a piece of paper please.

AA: Okay, yes, very good advice. Get it onto paper wallets as backups.So let me just clarify a tiny bit. You talked about the rotating keys, if youwere to break down this process: you download the new code from thesoftware developers who have updated the code. You make a backup ofthe keys as you very rightly just said. Then you create a new wallet, andthen you essentially send all the money from the old wallet to the newwallet? Is that it pretty much?

AP: You will send money from one address to another address and yourwallet software now has maybe both addresses in it or just one addressin it depending on the implementation used. It's not a very complex


8/70

problem, you're essentially just sending money to yourself and it's anew address.

AA: And very critically I would say this has to happen after the softwarehas been fixed because if you just generate a new address and tried tosend your money, you will be creating exactly the kinds of transactionsthat could compromise your private key, right?

AP: Yeah, so updates for all the wallets have been pushed out so the playstore and the two other channels, that shouldn't be a problem. Can I askyou something in return regarding this topic. You were involved in thepaper wallet project, yeah? How is the situation there, do you have anyinside information about... what kind of randomness does the paperwallet provide you?

AA: The original paper wallet is derived from the bitaddress.org version2.4. That's the same software we use for open paper wallets, safe paperwallets, and as far as I know the bitcoin paper wallets which is anotherversion. All of those use the operating system devurandom from withina JavaScript wrapper library. That does not run on Android so thatwould be inside the desktop browser as far as I know there's novulnerabilities there.

AP: It would rely on the JavaScript implementation of the browser used.So it could be Chrome or Internet Explorer or something.

AA: Well it's cross-browser so it operates on all of them, but certainlyyes, one of the considerations here - and I think a good security practice- and one of the reasons I was not as worried about this even though Iuse a mobile wallet is simply that I only had 2-3% of my funds online onthe wallets that were doing transactions from my mobile client. Therest was all in paper wallets and that's a good way to be rest-assuredessentially - to be relaxed about it.

AP: Yeah, yeah, absolutely. So also I mean on paper wallet you rely onhaving a good entropy for the key of course but the main problem theduplicated random values in the transaction doesn't even show up inpaper wallets because they don't do any transactions of course.


9/70

AA: That is correct although we do have in our latest version of SafePaper Wallets software we do have a way to completely sweep andredeem and it will create a transaction so I would have to look at therandom number generator. But in general I think this is really a sign of

things to come because vulnerabilities in the past had time betweengoing from theoretical to practical and in the wild, but what bitcoin doesis it provides immediate incentive to take that theoretical exploitpractical and make some money off of it. So we're going to see thishappen more and more, would you say?

AP: Absolutely. So this is really showing the weaknesses on somesystems and also in computer security it's not surprising that a lot of filehosts, server hosts, have been hacked and attackers specifically onlywent for the bitcoin customers and left everyone else alone. So this

really shows the security status of the system if you have some bitcoinsup for grabs for an attacker.

AA: Most systems are not quite ready yet for storing digital money butwe're going to learn and develop as time goes by. I would like to thankyou so much Andreas Petersson, co-author of the Mycelium mobilewallet for giving us some excellent information today on what exactly ishappening with Android random number generator, how to solve it, sowhat to account for, and thank you so much for all this usefulinformation.

AP: You're welcome.

(Advertisement)

Easy DNS is the Swiss-army knife for your domain names - helping meettheir customer's individual needs since 1998. Easy DNS has been anoutspoken critic of SOPA and CISPA. Easy DNS was an early supporterof bitcoin and now they are proud to sponsor this show. Do businesswith a business that shares your values. Get a 13% discount when you

pay with bitcoin. Go to bitcoin.easydns.com and be sure to use discountcode LTB.

Hi, this is Jason King, for Bitcoin100.org, and you're listening toLetsTalkBitcoin. Bitcoin100 is old school bitcoin philanthropy. We'vebrought further awareness to bitcoin by having charities and non-


10/70

profits add a bitcoin donation option to their sites. Then we will awardthem with a $1,000 endowment for their efforts. Please help support usby either donating to our cause at Bitcoin100.org or by helping us findworthy non-profits that are willing to accept bitcoins for donations.

Thanks.AL: Hi and welcome to episode 30 of LetsTalkBitcoin, we are on the38th floor of the New Yorker Hotel in New York, New York! Yesterdaywe attended the Inside Bitcoins Conference, and this morning it's about-I guess its a little after 10 AM East Coast time which means about 7 AMWest Coast time. The time that my brain is still on. Joining us todaywe've got my normal co-host Stephanie Murphy.

SM: Hello, we're in the same room again!

AL: Yes, we're in the same room again. Second time! Sweet. And thenalso special guest host Mr. Jonathan Mohan.

JM: Hey, I have some big shoes to fill but I hope to them quite((inaudible, 21:00)

AL: So Jon Mohan again has been on the show before and is the founderand whirlwind of activity that constitutes the planning behind theBitcoin NYC group and various events. We went to a cocktail party thenight before last?

JM: Yes, on Monday.

AL: Second market that you helped put together and it was acombination group event for LetsTalkBitcoin and for a couple of other -I think Coinsetter was there?

SM: Yeah.

AL: Yeah, Coinsetter, and then the other one was of course SecondMarket.

JM: Yeah, I heard that 140 people RSVP'd, they had to kick people out.

AL: Yeah, that was a funny thing. Apologies to listeners if anybodydidn't get in, feel free to email complaints [email protected]. But yeah, so this was an incredible event!


11/70

I gotta say even for a one day event, a lot of stuff happens, you know thetalks again, we had this thing where the talks were good but it was moreabout the attendees than really about the speakers.

JM: Some feedback I got was there were way more amazing people inthe audience than sometimes as a panelist I'm gonna say-

AL: Right, we all spoke there I feel comfortable saying- (all laugh)

JM: I would talk like, "What do you do? Why weren't you on that? Oh mygod!"

SM: It's true. You'd walk around and everyone has CEO on their nametag. I wanted to say I'm like the CEO of Ork Therapy or something. (alllaugh) But yeah I mean everybody had a project, they all had things to

say. At one point I was doing some interviews out in the hallway and Irealized that several hours had gone by and I had missed Adam's talkactually and I wanted to see it but I was like just one interview after theother, so...

AL: Yeah yeah, no, you were quite the machine out there, that was thething. So how many interviews did you get this time, Stephanie?

SM: Oh, at least a dozen.

AL: Okay, so you got, I think it was, was it 20 last time? I think it wasabout 25 last time? Okay, so the ratio is about keeping up, it's about 12-15 a day.

SM: Well hopefully it's quality too and not just quantity. But honestly Ithought they were great. I talked to some people that I had beenwanting to talk to and it was really interesting. Especially to hear moreabout what's going on in the mining scene. Those were probably myfavorite interviews. I talked to Sam from KNC Miner and Josh fromButterfly Labs. I also found out about Feathercoin, that was interesting

too.AL:Yeah, yeah, did you meet the CIO there?

SM: Yes, that was Peter.


12/70

AL: Was that his name? I thought his name was John. I'm terrible withnames.

SM: It was Peter John.

AL: Peter John! There you go, okay, that makes sense.JM: My mother says to never trust people with two first names. Maybethat's a sign. I had no idea he was there.

SM: Yeah it was cool, I learned some things I didn't know aboutFeathercoin before and I kind of wanted to get Feathercoins last nightwhen I got home.

JM: I joke with Jonathan Worhan the BitMessage guy that we shouldmake our own crypto currency and call it breath like air. And what itwill do is there will only ever be 21 quadrillion units in circulation and itwill be the heir to Feathercoin's copper. (all laugh) It's so (inaudible24:00) it's unmeterable. It's just you don't care because it's so many. Ithink it's gonna go places, I think this is the time to announce it.

SM: There is so much more going on too. There were a lot of big mediathere. Adam, you know, I don't know if they're going to do anythingwith it but you and I were both on camera for CBS national.

AL: Yeah, no, she was excited, we spoke with the producer there, Iactually - walking out of the talks on the way to lunch, you know Iactually didn't eat breakfast yesterday and so I was heading to lunch.But then I was walking by and I saw this bewildered looking womanwho had a nametag that said producer CBS and I like reversed, cameback, and was like, "Hey, I'm Adam B. Levine of LetsTalkBitcoin! Do youneed any help finding anyone?" So that's what I try to do at these eventsmost of all is just to be helpful and to-

SM: Oh you were great with that! You lined up a bunch of interviews. I

think she learned a lot about bitcoins because she was totally new to itand I'm glad they decided to come. CNN was there in the morning.

AL: Well they weren't necessarily- CBS wasn't- she was just there to seeif they should cover it. And so after I told her that I could get her like 10interviews she's like Ok, I'm calling the crew. Then they showed upabout a half hour later. But no, it was great, it's terrific. Again, bitcoin


13/70

and crypto currencies in general are hard to understand if you don'thave the basis to understand them and so when especially journalistscome into play - a lot of times these people don't have a real monetarybackground and so it's hard to appreciate it. But you know, if you can

get out there and give them good analogies they can understand andthey can take back to their listeners and their viewers - because that ofcourse is the other thing is that if they can't understand it how in hellare they supposed to present it to an audience who is even lessinformed than they are. So, you know, I think we actually did some goodwork yesterday and I know PBS was there too.

SM: Reuters, TechCrunch. A lot of big names, honestly. It was great.

JM: You know, at DefCon, they have something called spot the fed whereit's a game where you have to spot who's a federal agent. And actually Idon't know in the San Jose conference if you had any, but, did you

SM: Andreas claimed that he identified an FBI agent.

JM: Were you able to meet the special agent who was here from the FBICyber Crimes Division?

SM: I didn't meet him but I heard you're having lunch with him.

JM: Yeah, next week I want to do that. He seems really interesting.

SM: Wow, so you didn't have to spot him he was obvious.

JM: Yeah, he was wearing a name tag that read FBI. He didn't look like aFed. He was wearing a t-shirt and just hanging out.

SM: Well then the question becomes who was incognito.

JM: Right, right. I had a really fun moment where someone had givenme his card. And I went, oh my god I talked to this Fed you have to talkto him. So when I went to speak to him, I said hey I'm Jonathan we

should grab lunch some time. And he said, "Oh, let me give you mycard." And I was like, "that's alright I already have all of yourinformation." (laughs) And he was like, "What?"

AL: Ahead of the game! (laughs)

Yeah no, in addition to the FBI - I did not meet the agent there, but. I didsee someone from treasury there and I got a card from them and we're


14/70

gonna speak to them because again you know they're... Really what itseemed like again - and this might not be true of everyone in theseagencies but certainly the people who are there at the very least seemedlike they were curious and just didn't really know what was going on.

So that could be an act-SM: That would not surprise me..

AL: Right, exactly but it seems actually fairly likely that given all thethings to pay attention to, this is just simply not something that themajority of them are paying attention to.

JM: Right. And you'd mentioned PBS. So I was speaking with them andat the end of the interview the producer had mentioned, "You know, wewere talking about potentially thinking about accepting bitcoin." And Isaid, "Oh my god, that's amazing! Oh, wait! I'm gonna do as much as Ipossibly can to make this a reality..." And that's what's so amazing aboutthe conference is when you have 300, 400 entrepreneurs in a room it'sreally easy to start doing things. So I just got- I immediately ran to TonyGileppe of BitPay. And so I was like, "Alright you and I. We're gonnameet with PBS and we're gonna make this happen." And I got out threesheets of paper, and I just ran around the conference and during thattime we actually got 200 bitcoins pledged towards going t PBS shouldthey accept bitcoin. So actually Josh from Butterfly Labs pledged 50.

And then EFU pledged 50. And Sam from KNC Miner? Yeah, he pledged50 as well. and then Tradehill pledged 10. And then we haveBitcoin100, which is always available for 10 bitcoin. And then about 20people also pitched in about 1 bitcoin. So it was kind of a communaleffort. Just a shock by how much demand there is to see someone likePBS get behind bitcoin.

AL: That actually exceeds the number you going for, right? Because atthe end of the conference we ended a little bit early because one of thespeakers didn't show up. Christian Dumont I believe....

SM: Oh... from Foodler!

AL: Yeah

SM: You wanted to talk to him.


15/70

AL: I know! We've been trying to schedule with him. Because againthey have a really interesting use case and that's what he was supposedto be speaking about there but as far as I understand it sounds like hemissed two flights by coming here and did not make it in.

SM: Yeah, I can understand that it's easy to get lost in New York and it'seasy to...

AL: It's easy to not get to New York too apparently.

SM: Yeah, totally. Well hopefully we'll be able to catch up with him later.

AL: You know, again, it seems like they're having a lot of success withthe space so there's no incentive for them to leave.

SM: I just saw something saying that their bitcoin orders. So it's a thingwhere you can order take-out. And they take out bitcoin. So you cantake out locally with bitcoin and I just saw an article about it andapparently the bitcoin orders have grown and tripled over the lastmonth or something.

AL: So of course the question with that always is what were they tobegin with? Because tripling...

SM: Yeah, we had 1 bitcoin order last month, now we have 3. (laughter)

AL: So it's all kind of relative when you're talkin' about abstractnumbers like that. So, let's talk about the conference. I mean that wascertainly something is that we did see a lot of ASICs there. I don't thinkanybody spoke about ASICs. This was not really a technical event, thiswas more on the regulatory side of things.

SM: Yeah, or just um, like an intro, like. They really did try to make itfriendly to people who had no idea what bitcoin was. The keynotespeaker was Charlie Shrem so he spoke first thing in the morning andactually I was seated right in front of his parents and so that was coolbecause I got to meet his parents. He was saying that he foundedBitInsant , just a young guy. He's only 23 years old. Just amazing whathe's done with BitInstant in that time. But he was saying he got laughedout of every venture capital firm that he tried to pitch the idea to backseveral years ago. 3 years ago I think. When he was trying to start


16/70

BitInstant. So, he had to actually get the startup funding from his Mom.And so she was standing up and she was like woohoo!

AL:The number though - that was the thing that surprised me. Iassumed that there was more cost behind BitInstant but he said that

SM: 10,000 dollars.

AL: Yeah, $10,000 to start BitInstant.

SM: Yeah. I'm sure he didn't have an office in Manhattan at first.

AL: I mean obviously, but it just goes to show the barrier to entry onthese properties even so even with something like that where you'reactually interfacing with the monetary side of it is not that expensiveuntil you get to regulatory compliance. And once you get to regulatorycompliance the cost goes through the roof and you suddenly needmillions of dollars in order to pay the bonds, just endless things.

SM: I think that's really important to point out because it's really...already we don't really have regulation- is much about bitcoin but justthe thought that there could be regulations about bitcoin is stifling a lotof bitcoin business. And we saw on the- there was a venture capitalistpanel actually of several investors who were either had invested inbitcoin businesses or had invested in bitcoin personally or were

planning on it. And one of the things they said that they would avoidthat was like a red flag for bitcoin businesses that they would not wantto fund a business was if they had basically like regulations hangingover their head or like regulatory liabilities. So basically exchanges andthings that could be potentially considered money services businessesor anything like that.

JM: And so at one of my weekly entrepreneurship meetings regulation isthe talk of the town. Because there is this tremendous incentive for(inaudible 31:58) to not want to invest in something for which you can't

quantify the risk for. And if you don't have your regulation down you'rejust a risky bet.

SM: Yeah it doesn't matter how great your business is and that juststruck me as so unfair. You could have an amazing idea for a businessand these bureaucrats are just gonna get in your way . And you won'tbe able to get funding.


17/70

AL: Hang on a second. It's not fair, Stephanie. It's not fair? No, of courseit's not fair. It's not supposed to be fair.

JM: And you know, there's reason why finance hasn't changed that muchin America. And it's because of what's happening here.

SM: Yeah, with the regulations. Exactly. Everybody says the US is theleast friendly environment for any business that involves money.

JM: And I actually think that bitcoin might be the canary in the mind tosay that, "This might be the point where progress and innovation needsto leave America in order to succeed." Because I've been having weeksand weeks of discussions with regulators and I myself was scared awayfrom starting a company just because I would be a money transmitterand would need hundreds of thousands of dollars to start my idea whenreally the costs were under 10 grand to get it started.

SM: Well how many people have the same experience.

JM: And so many I'm talking to them and the answer is always, "Wellyou know Eric and Gabe and the bunch, down in Panama, totally, they'llhook you up. They'll give you a place to crash for a bit until you findsomewhere and Panama is right there, 0% income tax, we could do itguys."

SM: And you know about Coinapult.JM: Yes Coinapult.

SM: That's the company Eric Vorhees... Yeah that really stood out to me,I mean just the focus on where is this gonna go from a regulatorystandpoint and I feel really sad about that. I love to see these businessesgrowing. And we have such an amazing technology that could do somuch for freedom in the world, for convenience. It just opens up somany possibilities it really is the future of money for a reason because

it's so much better than what we've got right now. Credit cards weregreat, they were an innovation but that was 40 or 30 years ago, right?At this point? And so, you know, it's time for something new and Iwould like it to be able to just go and see what happens with it. But itseems like there's a storm cloud that may be holding a lot of peopleback.


18/70

AL: Yeah, you know, I mean, I think that- Ok, so in addition to the VC, inaddition to the miners that we saw, the miner manufacturers that wesaw: we also saw a whole bunch of lawyers. This was really, I wassurprised by how well represented they were. And you know we sawthe firm that did the..

SM: Oh really, the lawyers were actually well represented?

AL: We were actually sitting in front of a gentleman who represents theonline BAR I think is his project. It's out of South Africa but they have3,000 lawyers who he speaks to and you know, he was there justlearning about bitcoins. So we talked to him for a really long time. Hewas very interested. They're also into permaculture. Crystal and hiswife. Yeah, Crystal spoke to them about permaculture, my wifepersonally. She's the engineer`

SM: She's awesome. She's our producer.

AL: She's our producer. Um, but yeah they were well represented. Inthe talks it seemed like there was a theme that I was a little bitdisturbed by. Which is that bitcoin fundamentally has to change inorder to work in the long term.

SM: Yeah, I saw that, and I think that I totally think that's inspired bythe regulations that people fear are coming. And so they're like, "Well,you know it's not so bad if we don't make it anonymous and we if wedon't cause chargebacks and if we build chargebacks into bitcoin what'sthe big deal? What's the big deal is it's not bitcoin any more.

JM: Well I think it's easy to confuse a business opportunity tofundamental changes to bitcoin itself. So these people that's whatbusinesses are for. You see a little gap and you fill that niche. So I thinkthat a lot of these are just going to be a bitcoin back in business that are

going to fill the capacity to facilitate chargebacks.AL: Well I think that's the hope is that you wind up with something likethat. Is that you wind up with like an insurance type of system wheremerchants subscribe and pay a fee. And then there's the ability to dovoluntary chargebacks and then you have a third-party arbitrator whocan essentially come in and mediate that.


19/70

SM: It can happen with escrow services now though. There are some, Imean that are starting...

AL: Yes, that's true, that's true, but again. You add layers of cost to thisthing every time you do stuff.

JM: Right.

AL: And I mean, and that again is the problem. That over the long termthe question is, are we throwing the baby out with the bath water bytrying to fix these problems are we in fact ruining the system as a whole.

SM: Yeah, this revolutionary technology that is completely differentfrom the Legacy Banking System is so great! We just need to make it alittle more like the Legacy Banking System to make it better. Yeah, and Iwas disturbed by the way it was presented in a lot of the talks that Isaw. We need to do this. You know, like it's not so bad. Let's just tie ouridentities to all of our bitcoin addresses and put a social securitynumber on it. Let's like, you know get rid of the irreversibility oftransactions! And we need to do this, or else bitcoin will never getmainstreamed up. And I disagree with that. And I was sad to see thatsort of, I guess they would probably say, well we're being pragmatic.Because this is gonna have to happen anyway if bitcoin is gonna

succeed. Well I'm gonna take the idealist position as I always do. And Ijust want to put it out there and say, I don't think that has to happen.And we can use bitcoin as it was initially intended and there arecertainly uses for bitcoin that don't involve sacrificing some of thosegreat things about bitcoin.

AL: Right, and you know the option is always there if you want to createcomply coin. I think that that

SM: (laughs) Comply Coin! Yeah, that would be a great market idea.

AL: There's a huge niche for that I think.

SM: Sadly I think there are lots of people who would hear it and they'dsay, "Oh, oh goody, I can do everything the regulators want me to do."


20/70

AL: Because I thought... it does exist it's called Ripple.

JM: Ah, there you go. Well even Ripple has some problems because it isstill not anonymous, because it has entry points and exit points wherethere's identification that asks..

SM: What do people criticize Ripple for? Can you just give us overviewon that? Because I think a lot of our listeners don't even know whatRipple is let alone understand the criticisms of it so let's talk about that.

JM: So, I'm assuming they're great entrepreneurs. I'm not disparagingthem. All the power to them for trying to better the ecosystem. Butwhen it comes to looking at alternative crypto currencies there are acouple of key identifiers as to whether or not this is a scam. And whenyou apply it to something like Ripple it kind of has some warningsignals. So one of them is pre-mining. So if you're

SM: Are you talking about XRP which is the currency that Ripple uses?

JM: Yes.

SM: Okay, so let's say what Ripple is first, I mean.

JM: Sorry.

SM: So, Ripple is like, um... (laughs) so I don't completely understand it

either so correct me if I'm wrong. But, basically it's a network whereyou can easily convert different currencies. Let's say you need toborrow $50 to get some groceries or something. Like, you could trustsomebody who trusts somebody else in China and they could basicallysend - loan you bitcoins or loan you Ripples or loan you Wans orwhatever and you could get your $50. And like Ripple is just like themedium of exchange all the lending takes place outside of Ripple I guess.But it's basically a system that's built on trust, networks between peopleand it's a way to convert currencies and exchange credit peer-to-peer.

AL: Right, and of course all those things you say basically translate to itsdebt transmission network. Where essentially you're not. And this iswhy you can send dollars through it so fast. Again, you can send dollarsas fast as you can send bitcoin because you're not really sending thedollars. You're transferring a debt from something that you own andyou're applying it to somebody else.


21/70

JM: And I think when you look at Ripple it's an amazing iterative step onour current banking/financial system.

AL: This is, this is important.JM: And I look at it, and I'm like, I know five years from now or threeyears from now when congress is gonna start looking at this spacethey're gonna be like, "Well why can't you be like your brother? Ripple'sable to do it how come you guys can't do it? C'mon bitcoin, get with it."So I think that ripple is a great transitory, you know, transition intobitcoin.

SM: But that tool, the debt transfer network exists outside of the crypto

currency Ripples. The crypto currency is somewhat similar to bitcoin.You know, right? And that's what you were talking about before whenyou said there's a red flag because they pre-mined XRP and then weregiving them away, is that right?

JM: Yeah.

SM: So yeah, go on, continue with that.

JM: So, I mean there are a couple of red flags when you are looking atcrypto-currencies that just get started and one of them is: has the ownerpre-mined it? And if you look at the distribution of Ripple that are inexistence. Like 50 people own a significant portion of the Ripple.

AL: They pre-mined all of them, didn't they.

JM: Yeah. It's 100% pre-mined.

AL: But it's a little bit mis-leading because in the Ripple network you'renot really, it's not like I'm gonna send 20 ripples to you and then you'regonna cash the ripples. It's more like Ripples are stamps. Where it's

like an anti-spam mechanism more than it is a value transfer mechanic.JM: But I remember reading somewhere that if you looked at the currentmarket price of a Ripple and then you multiplied it by the 100-billionRipples they have or whatever it is, that it was equal to the value of themarket cap of the bitcoin network.


22/70

AL: So they gave themselves an impressive pre-market evaluation.

JM: Yeah (laughs). So I don't know how that works, but it kind of lookslike they're able to print money in my opinion.

BreakAL: You're listening to LetsTalkBitcoin. The premier audiocastproviding news and insights that cover the rapidly evolving world ofdigital money. Our twice weekly show include analysis of late breakingnews, updates on key, technical, business and regulatory issues - and in-depth interviews with the key people driving the new digital economy.LetsTalkBitcoin offers sponsors an attractive way to reach a targetedand savvy audience. For more information email sponsors atLetsTalkBitcoin.com.

Advertisement

More than 300,000 users and counting trust blockchain.info. It's abitcoin wallet service and a wealth of bitcoin information and iscompletely free to use. With the Blockchain.info wallet, you'll get theconvenience of a web wallet, and the security of a desktop client.Blockchain.info is also a block explorer. You can use it to see bitcointransactions in real time, check the balance of any bitcoin address, anddo many handy bitcoin charts, all for free. See what they have to offer

today. At Blockchain.info.AL: I think that what you said there about Ripple being an iterative stepis really important because that's the thing. Is that, ,if Ripple had comeout- and to a certain degree I think this extends to open transactionstoo, because it also is a debt transition mechanism because. You can't -bitcoin and crypto-currencies are so fluid because they don't exist inreal life. So when you're talking about assets that have real life presenceyou simply can't cram those down and shove them through an internetconnection. So it has to be a debt transition mechanism in order to dothat. But the thing is that with bitcoin and with crypto-currencies youdon't need to do that at all. It's unnecessary. And especially when wemove to a more digital economy where the need to do that at all goesaway basically. So you know, again, it's one of those things where if theRipple system had come out before bitcoin we'd be having a verydifferent conversation now. And now it'd probably be LetsTalkRipple.


23/70

Because I mean and again, compared to the banking system we havenow it's so much more efficient compared to crypto currencies. It's lesscompelling.

JM: I just think that if the thing that bitcoin does is force the currentbaking paradigm to move to Ripple and then the conversation is Ripplevs. bitcoin. I think that's a fantastic world to live in.

SM: Yeah, I completely agree.

AL: And you know, that's an interesting point, because you know thatcertainly could be - Ripple has gotten a lot of high-profile investors. Andthat certainly could be the play they have in mind is that okay, so you'vegot these crypto- currencies but theyre kind of flatly incompatible withthe existing financial system so if we're gonna move towards somethingthat's more like that then this is an intermediary step that we can takethat we know already complies and can be easily integrated in. And sothen we just sell it essentially software as a service to all these bankinginstitutions around the world. Bob's your uncle, you know we're thedefacto center of it all again. It's a very interesting space for them tooperate in right now I think.

JM: Was there someone from Ripple at the conference?

AL: Yes. I'm not sure if I talked to anyone from Ripple. The coin thing

and the open thing, very very difficult. So many companies there havethose in the names. It's like when I used to work in the green space andeverybody used to have like green or bio or all those other nonsense.And it's like again, the first couple companies that do it. That's great.And then the next 400 companies that do it - it's confusing!

SM

So if you meet someone new and you forget what company they're withyou're like, "Oh yeah, you're from coin..." I'm like, "Yeah, Coin Peg,

Yeah."JM: I saw 3 different accountants who had a play on bitcoin accountantin the name. And I just couldn't remember them because they were sosimilar in the name.


24/70

SM: I got some people remembering variations of LetsTalkBitcoinactually like. Someone goes, "Oh, yeah. You're from BitccoinTalk." Andthen someone goes, "You're from BitTalkLive.". (laughs)LetsTalkBitcoin? Oh real quick. What's the difference between Ripple

and Open Coin or Open transactions?AL: Open transactions. So Ripple is the product of a company calledOpen Coin. And Open transactions is a product of a company calledMonoToss. And we've interviewed Chris Odom before,, he goes byFellow Traveler. He's a podgener of that technology. I think he's moreof a marketer than a code guy. But he managed to put it together to thepoint where he's really been able to attract some attention. I know thatthey either have just funded or they are in the process of funding rightnow and are raising a pretty decent amount of capital because again.

There's a lot of... you know again, when you're talking about thesesystems it's so much easier to comply with these various debt transfermechanisms because they integrate so much better so you know againthat's where a lot of the money seems like it's going. That and altcoinstoo, there are some altcoins that are getting some traction.

SM: I talk to a litecoin developer yesterday, and there were somelitecoin people there, and they were so cool and pleasant to talk to. AndI was like I can't wait to see where they're going. I think we're gonnahave an interview with Worm who is one of the litecoin dev's to talkabout the new release and what they're going to do with litecoin in thefuture. And I'm just impressed with like... there's more infrastructurethat's coming out. Not just with litecoins but with all these differentaltcoins. A lot of these coins are where bitcoin was a couple of yearsago. And I think people see that and maybe feel like they missed theboat or whatever. They got in too late and they want to get in. I thinkwe're still very early in the adoption curve of even bitcoin. But it'stempting, you see an alt coin and it looks like it has potential, you know,you wanna get in on the ground floor and see what it does.

AL: Exactly, you know the multiplier is just so enormous. Again, youlook at bitcoin, certainly a multiplier. It could be enormous assumingyou have a whole bunch of hundred dollars to throw at buying somebitcoin. But you know, with the alts, the buy in, you're talking aboutpennies,. And the potential is still there for that price increase. Wedon't talk about the price but from a speculative standpoint, it seems


25/70

like if you could identify the right alts that actually have the rightcharacteristics to give us a chance of making it big, that is really wherethe exponential potential is for a very small investment to convert into abig one.

SM: Yeah, and I remember one of our first episodes of LetsTalkBitcoin, Iwant to say it was like 3 or 4. We talked about altcoins and we gave arundown of some of the most popular ones. Well even now just a fewmonths later, there are hundreds of altcoins. And nobody can keepthem straight. I was talking to somebody yesterday, and I said so whatare they other script-based altcoins? And he said oh! There are at least40 I can name off the top of my head. I said 40? I only know of like 2!

JM: Y'know, it's a testament to the space that I'm kind of eating mywords. Several months ago I'd kind of make fun of litecoin, and now thediscussion is, maybe because of mining centralization bitcoin needs tobecome more like litecoin. So you know you're seeing the free market atwork because when you allow people to do whatever it is they want todo in the space, the market leader has to learn from the trail.

SM: I think it's really important to keep an open mind. If you like theconcept of bitcoin, or if you just like the concept of crypto-currency ingeneral, if you like anything about it. Realize that there's the potential -like, we're still figuring this out and maybe it's bitcoin, maybe it's

litecoin, maybe it's some other coin, or maybe it's gonna be a bunch ofdifferent coins. That's gonna predominate. Coming up.

AL: over the last 2 months I've really gone from there can be only onecamp to realizing that's probably actually not going to be the case. Andit's because (beep) happens, and stuff changes, and when things change.And you know, that's the thing, is that like, when things change it'sgonna happen fast. So now what I have kind of over the last few weekscome to believe is that right now we're in essentially a belief bubble.Where everybody looks at the crypto currency space. And because it'sso new they look and they say, okay, bitcoin is the one. And then there'sall these other ones. They don't matter. And they don't matter rightnow. But it's because people only look at bitcoin. What's gonna happenis they're gonna see some destructive changes coming in bitcoin's futurewhether or not the developing team likes it and I think that we'reprobably going to wind up seeing that illusion to that bubble getpopped. The illusion dispelled and at that point suddenly it will be a


26/70

whole new ball game if you start an alt. And itll be much more aboutthe merits of your currency rather than about whether or not you'vealready achieved an (inaudible (50:21). Again, because there's thatpotential for the exponential multiplier of very small investments to

convert into very large ones.SM: There is something to be said for achieving the network effectthough.

AL: Certainly. It's no small barrier I don't mean to say that.

JM: Essentially what you're saying is we're waiting for bitcoin to have itsMt. Gox event.

AL: Right, exactly, but you can think about it like this. When bitcoin has

its Mt. Gox event instead of all the money in Mt. Gox being locked down,bitcoin is totally liquid. So it's very very easy to just (beep) slip into thenext one. I have to edit that. I've been swearing for the last couple ofdays...

JM: It's New York it does it to you. (laugh) I mean but yeah, you had acompany that had everything going for it. It had 90-something percentof the space and through a series of unfortunate events, that would havehappened to anyone who - the point about a trailblazer.

SM: It took a lot of unfortunate events though, I mean once it got to thecritical point it was hard to knock it down off the pedestal, right?

JM: Right, and I mean the same could be said about bitcoin for example,people like to forget that bitcoin is 0.8 version right now. It is still abeta. It is a multi-billion dollar beta. And, what's to stop some randomerror that no one has seen just wrecking the whole thing?

AL: Oh, so we should talk about that. On that note, so we had someconversation from some miners, Stephanie I know that you interviewed.I had some conversations off the record with some people about thiskind of question. Specifically about, we talked about HOPEC was it?

SM: OHEC


27/70

AL: Oh heck, oh heck, that was it.

SM Organization Hasing Power Exporters

AL: Yeah, that's right, so some people didn't understand what we were

talking about. It was kind of a joke, because, the oh heck was kind of ajoke. Because in order for that... in case you haven't listened to the lastepisode where we talked about this, basically KNC miner released astatement saying that they were going to stop shipping ASIC units fromNovember through Q1 of 2014 with the idea being that this wouldprotect the investment of the people who have purchased equipmentcoming before because in Q2 they're going to release, and they could inQ1 but they're gonna hold it until Q2... um, are going to releasehardware that is orders of magnitude cheaper and faster than whatpeople have previously ordered. And so if they were to release it at thepace of technology then the people who were getting this mininghardware would be almost instantly obsolete and have no opportunityto earn their money back. And of course that's bad if you're a businessthat tries to have customers that buy your product if you're iterating sofast with the technology that people can't even have a chance to makeback their investment.

JM: Although I would like to say in this space that I personally thinkthat's a great marketing pitch for their company but that if you look at

what happened in the past with EFU of Avalon. He had said hey look,we're the market leader just because I had no idea that every singleother company wouldn't ship. When you're talking about howsuccessful you're gonna be at executing in this space it's a space that hasa lot of people not executing. So I just think that if they could do whatthey say they're gonna do they should just do it. Because executing inthis space is so rare that I think the market needs that more than itneeds someone being it's Batman. The protector it may not need but itneeds... it doesn't know but it wants.

AL: You know I agree with you there, but that's the thing. When talkingwith these guys I spoke with the guy Sam from.. was that his name?

SM: Sam.

AL: Sam from KNC. And also there were one or two other ASICmanufacturers whose names I didn't catch in this little conversation we


28/70

were having. You know that you're gonna have to get together with allthe other players out there and you guys are all gonna have to stopshipping,

SM: Yeah, like a cartel.

AL: Yeah, exactly exactly. And he was like, yeah I know. Then westarted talking about how, he started telling me how it was good forbitcoin and how they were just going to get together and they'd fight forthree months and then they'd be like ok guys, let's go back and re-workour technology. Then we'll come back three months later. We'll fightagain. So we'll have these on and off again release schedule that'scoordinated throughout the space. And so again, he felt - we thought itwas a joke. We thought it was a marketing play. At least I certainly didwhen we were talking about it before. Speaking with these guys, theywere dead serious about it. That is their plan. I mean, do you think theycan pull it off?

SM: Oh, gosh. I mean, a lot of the other companies were saying, yeah Ithink we'll play. I think we'll do that.

AL: Yeah, Josh from Butterfly Labs, yeah said something. Basically, so Iwas like you know, so these guys are gonna try to do this, I spoke tothem separately.

SM: But I guess the question is, is there some other company out therewho is being completely quiet, and is totally off the radar is a wild cardand is going to come up with some powerful ASIC during that timeframe. And that could throw a wrench in everybody's work. KNC saidthat if somebody does that they're gonna continue to releae theirdevices as best they can.

AL: Right, exactly, exactly, so that's the thing, if the cartel fails, theneverybody is just free for all wild west again, everybody releases as fastas they can. And of course then the question becomes what's thebalance between releasing so that you're the first one out and you're thefirst. Because otherw- if you're the last man out the door, then chanceare pretty good. People who are excited about buying that especiallywith as fast as the tech is moving are not going to have any reason tobuy your product. Unless there's a material advantage. And it doesn'treally seem like anyone is going out of their way. What I've been


29/70

waiting for is a truly plug-n-play ASIC solution. And as far as I'mconcerned we still have yet to see anything like that.

JM: You know the Avalon at BitInstant has been not operable in the pastcouple of weeks just because it broke and no one knows how to fix it. Sothe one bitcoin per day that it could be making for the foundation.

SM: Is that why (Ifu) is here to fix it?

JM: Yeah, that's why he came back from China. So they're just like ahhh,they clearly have other things that they have to deal with.

AL: Right, well.

JM: These things are complicated.

AL: They are!SM: I've seen a picture of that thing and it's funny because like you seeASICs advertised online and it's like a sleek little black box with youknow a USD cable coming off of it. This thing looks like... I don't know, itlooks like a printing press. It's big, it's like open, it doesn't have a nicecase or anything but it works. Or at least it did work until just a coupleweeks ago. But, yeah, that was a while ago that the first batch of AvalonASICs shipped, so it's been operable for a while.

JM: Yeah, they had a good run.SM: Yeah, definitely. They were in a great position. But I mean Sam wassaying from KNC miner that this is actually good for bitcoin. It's notcentralizing it's actually that they're trying to get ASICs into the hands ofas many people as possible. The average person, and he was saying thatASICs are a reality, everyone's going to be having them at some point,and we're gonna try and get them into as many hands as possible so thatthe mining power is distributed.

JM: So you guys were on one of what I would say one of the mostinteresting panels. Jonathan and Stephanie, you guys were both on theBitcoin & Free Speech, moderated by our good friend Mark Hoshteinfrom American Banker.

SM: Yeah, he was so cool. I got to know him the other night, yeah he wasreally fun to talk to.


30/70

JM: Marks' the man. I'll tell you that.

SM: That was a fun panel. We got a lot of positive feedback on it. It was

sort of a nice counter-balance to all the people saying yeah we needmore regulation. And we were like no, bitcoin is free speech!

JM: Yeah, well I think any panel that in 45 minutes talks aboutprostitution, drugs and guns is doing the right thing to bitcoin.

SM: Well Adam got some audio of it so I think you'll be able to hear thatpretty soon.

AL: Yeah yeah yeah, it turns out they weren't filming any of the talksthere. So I took the H4M, that's what we're recording on right now, andI got a direct feed out of the board. And then of course for about half ofthem I forgot to press the button twice. You had to press the buttontwice on this thing otherwise it doesn't work. And I was running aroundthe entire time, but I only caught maybe 3 or 4 of the talks. But the onesthat we did get we are going to be releasing.

SM: That's great, yeah. I'm really glad you did that. I wasn't expectingthem not to be filming. But maybe, yeah maybe the next event they will.

AL: Well, what I- so again, so this event was really cool. I actuallythought the event was pretty interesting, put on pretty well. It was alittle bit more expensive than I would have liked. I know some peoplecouldn't attend because the cost was simply pretty high relative to the-you know, the San Jose conference was like $180 for a two day event.This one if you got the early bird price it was $299. If you used our 20%coupon it's less than that.

SM: For one day.

AL: For one day. And at the door it was $599.

JM: Wow.

SM: Really? It was packed though.

AL: Yeah. It was packed. It was packed. And again, over time peoplemore drifted out of the talks and more into the networking area andthat's what happened with both you and I.


31/70

JM: But the thing about these conferences is it kind of is about the pricethat they charge just because the price is an indicator of how bad youwant it.

AL: Well it determines the type of audience that you get.

JM: That's what I'm saying, so you know that the other person wanted itbad enough to either scam their way into the conference as I happenedto have done. Or to actually have paid the fee.

SM: It's not scamming we gave them something of value.

JM: True. That's true.

SM: So yeah, back to the panel. So I thought it was really cool becausewe got to talk about wikileaks and some of the potential bitcoin has tohelp organizations that might be marginalized. And the idea of bitcoinneutrality which is something I know is really interesting to Andreas soI'm curious to hear his thoughts about that. But the idea of neutralitybeing- you know, if you have a technology like bitcoin that anybody canuse,, that's just it! Anybody can use it, right? So some people, they'regonna be people you don't like, that use it. And they're gonna use it forthings that you don't like. But there are also gonna be people who aregreat who use it, and who use it for things that you do like. And youcan't get rid of the so called bad people without getting rid of

everybody's privacy and freedom. So...AL: Right, this is the theme that comes up over and over and over again.And it was talked about in your panel pretty extensively. The idea beingthat if the point is to protect us from crime, and to protect the worldfrom certain types of things like terrorism, human trafficking and thingslike that. Then that's all well and good. And that's a noble goal. ButStephanie, you had a great point. You said it's all about differentiatingthe transaction from the actual crime. And the differentiating factorthere is that a crime has a victim whereas a financial transaction has arecipient. That might be something that enables the crime. But it's thecrime-

SM: Oh please, victimize me by sending me money.

AL: But it's all about establishing that harm is actually done not thatsomebody paid for something that might have potentially caused a


32/70

problem down the road. Because once you start doing that it gives youthe rationale to start listening to everybody to start tracking everything.And that might make sense in some sort of weird Alice In Wonderland,through the looking glass world. But I think in the world we live in most

people would agree that if 99.99% of people aren't doing stuff like that.And you know that small percentage is - it probably doesn't make sense,is inconvenient and essentially remove the privacy of that 99.99% thataren't doing those bad things just to try and stop or at least detect.Because that's the other thing of course is that we're not even talkingabout stopping these things from happening. We're talking aboutpunishing them. Punishing them after the fact so I mean it makes nosense. Except of course in this Alice In Wonderland world we live in.

JM: You know when the CEO of Discovery was interviewed and they go

what do you owe your success to? He said. You know, sharks and Nazis.And I kind of feel like when it comes to bitcoins and when it comes tosecurity, it's always the terrorists and the pedophiles. And that's alwaysthe discussion of everything always comes down to the .01% of badactors that need to dictate the rest of the 99.99% of the market. And itjust drives me insane because when you're talking about bitcoin it's,nothing exists in the vacuum. It's always in compared to what. Andwhen the gentleman asked that question of..

SM: Yeah, right, how many cash transactions are used in activities thatpotentially hurt people and do have victims and... I mean, I would arguethat buying drugs for personal consumption is a victimless crime.

JM: Right you weren't going to win that argument there.

SM: I don't know, I think some people were sympathetic to us.Especially the guy who asked that question. But, um, but yeah. Whenyou're talking about things that actually are crimes, that actually have avictim, that are causing harm to people. Orders of magnitude more ofthose are done in cash or are done through the legacy banking system. Imean, I think I brought up the point on the panel that drug dealers, loansharks, they have bank accounts.

AL: And you know, Allen Safonte, oh gosh, I'm probably mispronouncingthe name. Asfahe? Ok, yeah, um, from ZipZap. You know, he's anIranian and has been living in this country for a long time. And one ofthe things that he talked about was how right now you can go into any


33/70

store and buy essentially $500 of free paid Visa cards or prepaid debitcards and there's no KYC processors, no identity processorswhatsoever. You can go in and you can buy a shoebox full and they arejust as good as cash...

SM: Take 'em across the boarder.

AL: Exactly so it's like, so the idea here is that on the internet it'sdifferent. I mean, you think about it, and it's not different. It's notdifferent at all, there's nothing different about it.

JM:Well, I mean, the internets different. Just because granddad doesn'tknow how the tubes work...I mean you look at punishment in terms ofthe internet and you graffiti a place and you'll get some communityservice. But you DDoS a restaurant or a website and now you get years.And it's a comprable act of writing graffiti or taking a site down for afew minutes. Especially if there are no damages if it's a non-commercesite. And it's just the prosecutions of things that are computer relatedare...

SM: That's why.. ok, so it sounds like what you're saying basically is thatthe regulations or like the legal system hasn't caught up with the factthat we have the internet and there are analogies to like real worldphysical things that happen in the world including so-called crimes andstuff like that. And so, what I wonder is, there must have been people...and people compare bitcoin to the internet in 1992, bitcoin right now.So there must have been people in the early days of the internet whowere trying to educate the legislators and were trying to tell thegovernment this is what the internet does and here's how you canregulate it in a way that makes it friendly to us. There had to have beenpeople trying to do that but it still hasn't caught up. I mean, 20 yearslater we still don't have modern laws that understand the internet in away. It's still sort of back in the.. comparing it to phones and faxes andthings like that.

JM: Kevin Mitnik has an amazing auto-biography. And in it he writesabout how he would hack all of these establishments but he wasn'tdoing anything illegal because there were no laws on the books on it. Sothey were like, alright well let ya go this time. And that was just anamazing time to experience and where the internet was so new thatthere were no laws on it just like bitcoin is right now.


34/70

AL: So what's the 60-second biography as you know it on Kevin Bitnikfor those who don't know?

JM: So it's called a Ghost in the Machine. And essentially it's what taughtme that Kevin Bitnik is chaotic neutral. Because he had the power totake down billion dollar establishments and he could have been theJulian Assange a hundred times over but just wanted to do it so that hecould be a phone phreak and just like prank call people. He once got cutoff in traffic and got the guy's license plate number, got his cell phonenumber, called him a few minutes later and then said that if you're everon the road again I will take your license away from you. That's thepower that he had. And he didn't use it for good, he didn't use it for evil,he used it for Kevin Bitnik.

AL: He used it for Kevin Bitnik. Chaotic neutral.

JM: Chaotic neutral. But it's a fantastic book. That and We AreAnonymous kind of really give you a good understanding of what it'slike in the hacker space especially when it comes to dealing with thelaw.

SM: Yeah. I guess the point on that was that if we don't have internetregulations that aren't modern and caught up with the times so-called.

What makes people think who are arguing now think oh we need toregulate bitcoin? What makes people think that they're gonna pass lawsthat are modern and what thee people want for bitcoins?

JM: But I don't think it's about that when it comes to the regulation. Ilook at regulation as a thing that's needed because when businessesneed investment, when businesses need a bank account, there needs tobe some risk mitigation there and you can't invest in an unknownunknown. And until theres some precedent set in the legal spacebitcoin businesses are so toxic that banks don't even want to give you anaccount. There was an entrepreneurship...

SM: It's okay you don't need an account.

AL: Sometimes you do.


35/70

JM: Right. There was a business, there was an entrepreneurship pitchcontest earlier this month and the woman who won, won because shehad 3 separate bank accounts in 3 separate places that gave her anaccount.

AL: So anyways, we're just about out of time here. Guys, this has beengreat. Jonathan, you did real well.

JM: Thank you, it was a pleasure.

AL: This is good, this is good.

SM: Yeah, this was fun.

AL: So yeah, this was a fun conference, so there's another one. So Iknow you've been invited to speak at the one in Las Vegas that'shappening in December, yeah?

JM: Yeah, that'll be a lot of fun.

AL: Yeah, it sounds like they're going to have a lot of the same speakers.I've also been invited back.

SM: Invited back?

AL: They're doing another event. They're doing another one of theseevents in December. Yeah, Media Bistro, the same company that putthis on.

JM: Although it'll be in an even funner context. It's the social gamingand gambling conference.

AL: Well my understanding is actually that there are two going on at thesame time, the bitcoin one and the social gaming one.

JM: So it is the social gaming and gambling conference and they havemultiple tracks. And he is going to add a bitcoin track to that

conference. So he really wants to get that Eric Vorhees on that panel. Soif anyone has a gambling company and they wish to have a place topromote it I would certainly talk to Media Bistro right now.

AL: So guys, thanks again, once again thank you for joining me this wasepisode 30, I guess that's another milestone we don't really celebrate


36/70

milestones because they come by so fast. I don't know, we had bacontoday so

JM: Any time you have bacon it's a celebration.

AL: (laughs) Fair enough. Alright guys. We'll see you next time onanother episode of LetsTalkBitcoin.

Thanks for listening to this portion of our special LetsTalkBitcoinconference coverage. Big thanks to Media Bistro for putting on awonderful even at Inside Bitcoins. Stay tuned for more to come over thecourse of August. If you have any comments or questions for medirectly you can email Adam at LetsTalkBitcoin.com. If you havequestions, comments, or suggestions directed at the show broadly,please visit letstalkbitcoin.com/reddit. See ya next time! (music)

Hi folks, Adam E. Livine here for LetsTalkBitcoin. Continuing ourAugust trend, today's episode, is a two-parter. The second portion oftoday's episode was recorded in Manhattan. The day after the InsideBitcoins event with Stephanie Murphy and special guest host JonathanMohan of Bittcoin NYC. We talk about the conference, the attendees,ripple, ASIC mining panels, and also bacon. Big thanks to JonathanMohan who did a great job with this segment and who you'll be hearingmore from in the weeks to come. But first, there's some important newsnews for users of Android wallets. When news breaks in the bitcoinworld often times it's hard to understand. This week a vulnerabilitywas revealed in the Android operating system that put a real fear in thebitcoin community. LTB Host Andreas Amantonopolis spoke withAndreas Petersson of the Mycelium wallet project about exactly whathappened. But before we get to that, Andreas, I had some questions foryou. First off, in the interview that follows, you talk a lot about entropy.Can you explain to me what that is in sort of simple terms?

AA: Sure, Entropy is a measure of how much information there is in a

message. If you look at it the other way around how much randomnessthere is in a message in computer science terms. In physics terms it'sessentially how much disorder there is in a system or how much energyin the form of heat there is in a system. But in the case of informationsystems really you can say entropy is saying the same as randomness.So the problem we're discussing in this particular bug is that somethingthat should be random - that means it should have high entropy - is not


37/70

random. It doesn't have the necessary entropy. In fact, it's a ratherpredictable sequence.

AL: So when we talk about randomness that can also be characterized asnoise compared to the signal, right?

AA: Well, effectively yes. If you have a random stream, especially if it's asecure random number generator where you expect it to have certaincharacteristics of randomness then there should be no signal - that's thedefinition. So every bit that comes out of that should be noise - youshould have no signal.

AL: So it's all noise then. Ok, so if it's all noise, then is there a differencebetween a lot of noise in a system versus a little noise in a system? Justnot necessarily talking about random number generators just broadlyspeaking. If you're trying to encrypt something or secure something, isit better to have more randomness than less randomness?

AA: You need absolute randomness. Let me give you an example. Let'ssay that there's a function within the system where you're taking arandom number and you're multiplying it with your secret key. So forsimplicity sake, let's say I have a secret key and my secret key is 3. Sogive me a random number between 1 and 50.

AL: 35

AA: Fantastic, so, I'm going to multiply that by 3 and I've got my digitalsignature. So if I ask you in my next transaction, give me a numberbetween 1 and 50.

AL: 17

AA: Ok, great, so you gave me a different one. But what if you had said35 again and I had then multiplied that by 3 and broadcast it to thenetwork. And people knew that they could guess that if you'd said 35

once you were likely to say 35 again. Well, then they could just divideby 35 and figure out what my private key is. They wouldn't be able todo that if you actually came up with a random number. So that's theproblem. The problem is you should say something different, but, yousay the same number again.


38/70

AL: And so that's more likely to happen in a system that has less entropythan one that has more entropy, is that right? Because there are fewerpossible numbers?

AA: So the way it works is when you have a secure cryptographicrandom number generator, you can only pull out bits for the amount ofentropy it has. So let's say for example it has currently 128 random bitsto give you. If you get 128 random bits those will be random. If youtried to pull out 200 bits, you know, the first 128 will be random butafter that, the system doesn't yet have enough entropy. You have towait a bit for random processes to occur. The basic concept behind ithere is this was not a problem of running out of entropy, This wassimply a broken algorithm, so, it was supposed to give out 256 bits ofentropy and instead it gave out on average 9. So the difference there is

instead of having more choices or probabilities than there are atoms inthe universe it came down to 500 combinations. That's 9 bits ofentropy. So you can very easily test all 500 combinations and prettymuch figure out what the next random number that's supposed to berandom is and if you can guess the next number - well, it's not random.

AL: So what should have taken all the super computers that arecurrently in existence in order to crack this one particular 256 degreesof randomness basically-

AA: -You could do on a wide board with a pen.AL: Right okay, well that makes a lot of sense. Ok great. Well I reallyappreciate you providing some clarity for us on this issue. Let's jumpright into the interview with the other Andreas.

Hi everyone, this has been a rather exciting week in the bitcoin spacewith the announcement of a very critical android bug that haswidespread repercussions all across the mobile wallet space. To discussthis in a bit more detail I'm very pleased to be joined today by Andreas

Petersson who is one of the owners/authors of the Mycelium MobileWallet and he's here to talk to us a bit about this recent breach.

AP: Hello everyone.

AL: Hello Andreas, thank you so much for joining us. Can you tell me abit about what exactly the problem is - where did this start?


39/70


40/70

AP: Yeah, but from that bug directly nobody really lost money. I havetalked to another guy who is cracking private keys as a hobby, and hegenerated lots and lots of random numbers. 2.6 million randomnumbers and he never got the collision using Android. He never got the

collision so there was no private key compromised as far as we know.We don't know really, but what we do know is that there is a secondissue. That is, when signing transactions there is also a random numberneeded to generate a valid signature. And those signatures aredefinitely not as random as we think they are.

AL: So let me just clarify there Andreas for a second. So the issue is notwith the key generation per se, the issue is that when you try to sign atransaction especially to spend it, you are in a situation where you areseeding that signature with a random number which is not random and

if you do that more than twice, that can reveal the private key. Is thatcorrect?

AP: Yes, exactly. So there is an equation, it is described very nicely in abitcoin magazine article. If you have this random number and you use ittwice, then using this equation you can trivially, simply, calculate theprivate key that was used. This means that if you have a weak randomnumber generator that can potentially expose your private key toeveryone. That has happened a number of times in the past. Most of thetime where it was when people were playing around with toyimplementations, prototype implementations of clients. But it alsohappened on Android directly when signing transactions. The issue isthat you create a new secure random instance and then you query ittwice. Under very weird circumstances there are fallback scenarioswhere the entropy goes down to a level where it has a very high chanceof repeating the same value. Basically I think that in some cases therandomness can go down to 9 bits of entropy instead of 256 bits ofentropy.

AL: Given all of those circumstances I would assume that meanswhether you've generated the key on an Android wallet or not, if youhave an Android wallet that is using this Java secure random numbergenerator, and you use that to spend money at any time you have achance of having revealed a private key for that particular wallet?


41/70

AP: Right now I would assume - of course you should migrate your keysbecause of the general entropy issues - but, right now, if you haven't lostyour money yet, it's not extremely likely that you will lose it in thefuture because of this second vulnerability. Because that would mean if

you continue using the old software and generate these weaktransactions yes, then you could potentially expose that. But that's veryunlikely.

AL: So one thing that was rather interesting with this was that the bugitself expresses itself on the block chain in a way that anyone can go andfind these suspect transactions. Presumably you're looking at atransaction, or rather you're looking at two consecutive transactionsdone by a same key where the same random parameter R was used forboth, and presumably you can just write software that trachles through

the block chain to find these, right?AP: Yeah, and people were doing this and you will lose your moneyrather quickly if you generate such a transaction.

AL: If you'd already done it you would have lost your money already sothere's nothing to worry about. Just don't make any new transactions.

AP: Yeah, and of course all the change of keys. There are manyproperties of this stack, MSSL, and the Android API that are kind ofshady in my opinion because it certainly isn't impossible to implementthat in a way that it would simply work. And it's kind of shady that itfails in such a way, so I would say if somebody used secure random onAndroid for any purpose that you should change your keys becausethere might be a vulnerability that we don't know exactly about yet.

AL: So Andreas, would you say that this bitcoin demonstration makesthe 2013 announcement at RSA much more critical and concrete nowand should therefore lead other developers on Android doing softwarethat's not directly related to bitcoin but to other secure

implementations. This will kind of wake them up, you know, this is nowin the wild and usable.

AP: I don't really think it's a very big coincidence that all these bugshappened together. A kind of conspiracy theory here, but of course, thisbug makes it potentially much easier for anyone with massivecomputing resources to crack encrypted communication. And therefore


42/70

everyone who is the author of any cryptographically interestingapplication on Android should definitely cease to use secure randomand rather look for an alternative. So, the most obvious alternativewould be to access DAFU random device. DAFU random file directly and

read from that as we do now in the Mycelium wallet. The other thing isthat I'm currently looking into an implementation proposal by BruceSchneier, if that would provide a very good alternative that we couldcombine multiple entropy sources.

AL: Ah, right, yes. As a developer of the popular and very functionMycelium wallet, you've taken steps now to fix this problem I'massuming all of the Android bitcoin wallet developers are doing so.What would the users experience? Would they experience simply anupdate coming through their play store?

AP: Yes, so first of all I have to really give credit to Jan Mechler, and asfar as I know all popular Android wallets have been updated so thatthey are four wallets out there that keep your own private keys on thedevice. That's bitcoin wallet from (inaudible 14:30), that's Myceliumwallet, Blockchain.info, and also the now kind of deprecated BitcoinSpinner - that was the previous application from Jan - was also updated.So on some of these wallets you need to manually do the key rotation,but on others for example on the Mycelium wallet there's a wizard thatdetects old keys and automatically moves them to new keys. And in theprocess what I really want to emphasize here, please do make a backupof all your old keys and your new keys. You don't know if you're goingto need them in the future. In the wizard it also gives you theopportunity to make a backup. So please do that and get those privatekeys onto a piece of paper please.

AL: Okay, yes, very good advice. Get it onto paper wallets as backups.So let me just clarify a tiny bit. You talked about the rotating keys, if youwere to break down this process: you download the new code from thesoftware developers who have updated the code. You make a backup ofthe keys as you very rightly just said. Then you create a new wallet, andthen you essentially send all the money from the old wallet to the newwallet? Is that it pretty much?

AP: You will send money from one address to another address and yourwallet software now has maybe both addresses in it or just one addressin it depending on the implementation used. It's not a very complex


43/70

problem, you're essentially just sending money to yourself and it's anew address.

AL: And very critically I would say this has to happen after the softwarehas been fixed because if you just generate a new address and tried tosend your money, you will be creating exactly the kinds of transactionsthat could compromise yo

Transcription Episode 33 NY v.2

Documents

Transcript of Transcription Episode 33 NY v.2