Convert string in base64 to image and save on filesystem ...
Base64 vs Base58 Encoding - Qvault
Bitcoind – Commands, RPC Protocol, Install Server ...
Bitcoin Python Github CryptoCoins Info Club
I'm writing a web app (Flask, Tornado) and would appreciate an expert's opinion on best practices. I don't know any other Python devs in real life :(
I don't know how/where to ask this, so if I chose the incorrect site and subreddit forward me along :) But I've been working on a project for around a week and I don't know if I'm approaching it correctly. Right now I'm using:
Flask for the WSGI/routing
Tornado for the IOLoop, HTTPServer, and WebSockets
SQLAlchemy as the ORM with SQLite as the temp database
Flask-Cache for caching with a Redis backend
Modified Flask snippet for throttling using Redis as the backend
Beaker for sessions
Requests for API calls
Jinja2 for templating
Knockout.js for client framework
Bootstrap for styling
JQuery and Underscore for DOM manipulation
I'm using Python 2.7.5, with Debian on my production server, Windows 7 with Debian VM on my dev box.
Basically, I just need help. This isn't the first web project I've done .. but it's by far the most complicated. I know I'm not doing some things right and want to fix them before it gets too far along. I would love to talk with someone for 20 minutes about any of the following:
Configuration best practices; right now I'm using a _globals.VARIABLE scheme...it's not good.
....how do you store sensitive data in plain view? I had to base64 a password because it made me cringe to see it in English.
Fabric to deploy with a Git pull
Best way to JSON / WebSocket data to the client
Best way to receive AJAX requests
Encryption. I've got HTTPS working with a signed certificate...but what about cookies and encrypting data? What about sending data to and from the server? Verifying identity? Is HTTPS even working?
API for my APIs? I'm using three different APIs in my project..and they all return values differently. How do I manage incoming data uniformly? How do I manage data to the client uniformly?
....do people use an internal REST api to get data from the ORM into more simple views?
In what part of the project do I do all my data crunching? Is it done in the View, in the DB model, in the API response code, separate module?
Input Validation? Client or server side? How do I do this correctly?
....and how reliable are encrypted cookie values to sign the transaction?
Server setup...I still feel vulnerable.
Utilizing the IOLoop...I think I could make this do more work for me.
How to test if caching and sessions are actually working and secure.
Is there a way to keep my local project in sync with the server, so I can make UI changes live?
How do I keep PyCharm from wigging out after a couple days of coding...I get random errors that go away when I cycle through the tabs.
Do people compile Python from source so their .pyc files can't be undone if compromised?
What do you know about bitcoins? (project uses them, best practices only)
How do you fail gracefully?
What am I overlooking?
ANY tips on logging to keep a server and user history.
I'm studying CS in school but picked up all the python-web-stuff on my own over the last year or so, and I don't think I'm doing it right. As a broke college kid I can't pay for your time but might be able to exchange something instead. Thank you in advance if you can help me with any of the above topics. Note) I should note that everything WORKS, so this isn't a "how do I get this and this working for that to happen" -- I could finish the project without any answers. I just want to tighten security and make sure I learned things correctly while spending so much time on a "major" project for myself. Also, I'm still waiting on the Flask text book from kickstarter if the author happens to see this post ;)
I've been having a bit of silly fun thinking about secret communication in plain sight - something like what 1940's spies may have done, but using the Internet. So, any thoughts on the following "protocol"? Setup: You and your partner meeting in person at a safe/secure location. You use something like Diceware or maybe just a dictionary to create a secure (high enough entropy) passphrase known only to you two. You memorise the passphrase and destroy all evidence of its creation. Then you agree on the cryptographic protocols (see below) and finally you decide on a place and time for virtual communication. For example, you might to decide to use pastebin and have a communication window at 8pm every day. You both now go your separate ways. The next evening you want to see whether your partner has communicated something. You take your chosen passphrase and feed it into a KDF that was chosen in the protocol selection step. Let's say you decided to use PBKDF2 with 100k iterations, 32 byte output and both the input password and the salt set to the passphrase you chose. The resulting 256 bit value is your shared symmetric key. As part of the protocol selection, you also decided on a method of synchronising identities. Let's say you chose to use the Bitcoin blockchain. You look at the most recent block in the blockchain as it was at 8pm that evening, and take the block nonce. You encrypt it using 256 bit AES in ECB mode. The resulting value is your shared ID. You now go to pastebin and search for the ID you just generated. If your partner had uploaded something, then you'd find the ID, an IV and maybe a base64 encoded message that was encrypted using your shared key using 256 AES in CBC mode. To send a communication, you'd basically reverse the process. So the general idea is to use a publicly verifiable service to sync your anonymous one-time IDs. The rest of it just comes down to choosing cryptographic primitives, and you can use whatever tools you happen to have available at the time (openssl, python, ruby etc). Just a bit of fun. Any thoughts?
Simply run the python script to get the sha256 hash used by Wright in his post, the 64 char string that looks like the hash from the famous Sartre quote it's just some data extracted from the blockchain itself (second output, the first output is a double-hash).
Let's put the hash in a file to recreate the full scenario as described here:
Paste this (make sure you have the correct indentation and add a tab before the f.write then exit using Ctrl+X then Y):
from bitcoin import * modtx="0100000001ba91c1d5e55a9e2fab4e41f55b862a73b24719aad13a527d169c1fad3b63b5120100000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104bed827d37474beffb37efe533701ac1f7c600957a4487be8b371346f016826ee6f57ba30d88a472a0e4ecd2f07599a795f1f01de78d791b382e65ee1c58b4508ac00d2496b0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000" bin_modtx = changebase(modtx, 16, 256) print sha256(bin_modtx) with open('Sartre', 'w') as f: f.write(bin_modtx)
Now you can pretend to hash Sartre quotes like Wright ( you can download the Sartre file here ): python python-bullshit-output.py sha256sum Sartre 479f9dff0155c045da78402177855fdb4f0f396dc0d2c24f7376dd56e2e68b05 You can recreate the sn7-message.txt file made by Wright like this (you can put this in python and run like above):
from bitcoin import * modtx="0100000001ba91c1d5e55a9e2fab4e41f55b862a73b24719aad13a527d169c1fad3b63b5120100000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3acffffffff0200ca9a3b00000000434104bed827d37474beffb37efe533701ac1f7c600957a4487be8b371346f016826ee6f57ba30d88a472a0e4ecd2f07599a795f1f01de78d791b382e65ee1c58b4508ac00d2496b0000000043410411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3ac0000000001000000" bin_modtx = changebase(modtx, 16, 256) bin_modtx_sha = changebase( sha256(bin_modtx), 16, 256 ) with open('sn7-message.txt', 'w') as f: f.write(bin_modtx_sha)
The same way you can recreate the sig.asn1 file because this is basically the script of input 0 in tx 828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe see here
You can just download it from here along with other files here
Hey guys, I am writing a trading program that I need to connect to MtGox (a bitcoin exchange) through the API v2. But I keep getting the following error: URL: https://data.mtgox.com/api/2/BTCUSD/money/bitcoin/address HTTP Error 403: Forbidden. Most of my script is a direct copy from here (that is a pastebin link). I just had to change it to work with Python 3.3. I suspect that it has to do with the part of script where I use base64.b64encode. In my code, I have to encode my strings to utf-8 to use base64.b64encode (lines 112 and 113). However, with the other guy's script, he doesn't have too (see lines 112 and 113 of the first link). I'm wondering if that extra encoding is causing my header credentials to be incorrect. I'm guessing this is another Python 2 v. Python 3 problem. I don't know how the other guy got away without changing to utf-8, because the script won't run if you try to pass a string to b64encode or hmac. Do you guys see any problems with what I am doing? Is out code equivalent?
The Bitcoin Wiki has a page with a detailed description of some ways to make a JSON-RPC call in various programming languages. For brevity, only two are listed. In Python: import httplib, json, base64 def mkrequest(url,user,pass,method,params,hasresponse=True): # # No part of python-bitcoinlib, including this file, may be copied, modified, # propagated, or distributed except according to the terms contained in the # LICENSE file. """Base58 encoding and decoding""" from __future__ import absolute_import, division, print_function, unicode_literals import sys bchr = chr bord = ord if sys. version > '3': long = int bchr = lambda x: bytes ([x]) bord ... This is what i am doing RPC_USER = username RPC_PASS = pasword rpc_id = ID ... : local variable 'response' referenced before assignment I have a string in base64 format, which represents PNG image. Is there a way to save this image to the filesystem, as a PNG file? I encoded the image using flex. Actually this is what I get on ser... It provides utilities and examples for writing tools in pure Python that speak the bitcoin protocol on the bitcoin network. Note that it uses the new asyncio library included in Python 3.4 (and available from pypi in Python 3.3 -- type "pip install asyncio"), and so requires Python 3.3 or higher (unlike pycoin, which supports Python 2.7). $ NEW_ENV=~/.virtualenv-pycoinnetwork # or whatever ...
Getting base64 from bitcoin 310 image - Bitcoin 310 challenge
In this video, we will continue a new series - coding bitcoin wallet in python. Using python3 I am going through the algorithm to encode any string of data to base58 characters. It is the encoding ... This is part 13 of the Blockchain tutorial explaining what base-64 and base-58 encoding is. In this video series different topics will be explained which will help you to understand blockchain ... Hacking With Python Encoding and Decoding Base64 using python script - Duration: 4:07. R PLANET ACADEMY 204 views. 4:07. Python Tutorial for Beginners [Full Course] ... base64 encode it. This video is unavailable. Watch Queue Queue Thanks For Watching source code - https://bit.ly/2IXkjhG Make Sure To Watch These: Join My Discord Server To Talk: https://discord.io/CodingWithUday How To M...