RSS

How you probably will find Satoshi

lalaland11251 pts0 comments

How you probably will find Satoshi - Fox Chapel Research

Fox Chapel Research

SubscribeSign in

How you probably will find Satoshi<br>An update on Sergio Lerner's old blogpost. Plus, a look at who Satoshi probably isn't.

Fox Chapel Research<br>May 21, 2026

Share

Sorry for not blogging in a while: I started posting while furloughed during a government shutdown, but as soon as that ended, I found myself much less interested in blogging :)<br>I and a brilliant security researcher on Twitter named tmctmt have been curious about the identity of Satoshi Nakamoto, the inventor of Bitcoin. Following what I believe to be an incorrect article published in The New York Times, my interest has grown substantially. So, when I stumbled on a blogpost by Sergio Lerner titled “How you will not uncover Satoshi”, I took note.<br>The premise of that article simple: Satoshi Nakamoto exported his Bitcoin whitepapers using OpenOffice’s PDF exporter.<br>The PDF exporter includes, as metadata, a hash of, among other things, where the PDF was saved. Therefore, if you can guess where Satoshi saved the PDF — say, C:\Users\Satoshi’s Real Name Here\Documents\Bitcoin.pdf — you might end up with his name. If you believed Sergio Lerner, then you would think you’d need a lucky guess of all of these things simultaneously, and — if you were so lucky — you’d have Satoshi:<br>The file destination,

Whether Satoshi used Windows XP or Windows Vista (after all, Windows XP and Windows XP have a different user-directory paths),

Whether Satoshi saved in a user directory at all, and

Which of 1,000 milliseconds Satoshi saved the file in

Fortunately, this isn’t actually true. You can guess Satoshi’s username with the whitepaper with a lot more ease than that.<br>But first, let’s clear up some worrying possibilities and try to avoid assumptions:<br>Assumptions about Satoshi

We are assuming Satoshi used OpenOffice’s PDF exporter.

We believe this to be true because the OpenOffice PDF exporter was bespoke. You can actually just look at the PostScript and see that it could only have come from OpenOffice.

We are assuming Satoshi used Windows XP.

We believe this to be true because Satoshi extensively referred to Windows XP service pack 2; used XP in his screenshots; pointed out lack of testing on Vista; etc. There is an enormous amount of evidence for this. But perhaps more importantly, see also, point #3.

We are assuming that Satoshi’s Windows installation (and therefore, most likely, user account) predates his ideas around Bitcoin.

Satoshi repeatedly emphasized that his interest in doing something like Bitcoin came about around 2007-2008, which matches up with the death of E-Gold. Satoshi had installed Windows

However, I found that it was extremely unlikely. When you go to install software like WinRAR, it is unlikely that you deliberately seek out a random point release for no reason. It is also unlikely that you go out of your way to update WinRAR.

Crucially, Satoshi Nakamoto used WinRAR for his earlier Bitcoin releases. So if you download 100 copies of WinRAR, extract his old releases, and then re-compress them with WinRAR, there’ll come a point where WinRAR changes lead to different archives from the archive Satoshi produced, either because you’ve gone too far back, or because you’re too far forward.

I found that Satoshi’s bitcoin .rar files could only have been produced by WinRAR versions older than WinRAR 3.62, which came out December 04, 2006. That’s before Satoshi had started on Bitcoin, and even before the E-Gold indictment.

We are assuming that Satoshi did not deliberately tamper with the PDFs.

This is harder to prove; however, the creation date does not appear to have been tampered with, or if it has, Satoshi manually recomputed the proper document checksum, which is a little excessive. Further, Satoshi would have had to have modified both the pre-release draft that he sent to Stealthmonger (someone who I am surprised doesn’t have any Satoshi-related conspiracies to his name, not that I think he’s Satoshi) who later went on to share it, as well as modify the public final release.

If he failed to do so with either of these PDFs, then it’s still possible to find Satoshi.

Finding Satoshi

As discussed, finding Satoshi by cracking the hash in the PDF appears intractable if you’re trying to exploit forensically-useful OpenOffice quirks. But it’s not, for a number of reasons.<br>Speedup #1: Windows’ timer resolution

While the millisecond in which Satoshi saved his file is part of the hash, there aren’t 1,000 milliseconds that you have to check, there are only 65. How is this possible? If you’ve looked at enough malware1, you probably already know. But if you don’t:<br>Satoshi’s rar files offer a hint: Satoshi stripped/changed all his files’ timestamps, except at one point he forgot to strip the timestamp on a few folders. Using unrar5, you can view the millisecond field:<br>The src/object folder in Bitcoin’s first release’s RAR file was modified at 15:3:27.4687500;...

satoshi bitcoin windows winrar probably openoffice

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.