Bitcoin Forum

Update: A lot of people are completely misunderstanding this thread, and we're on page 3 already. So here's the premise: Will a global currency system have any practical use in a global post apocalyptic scenario? Eg. global economic collapse, global police state, global nuclear winter, world wide killer virus outbreak, giant asteroid impact, sentient computers, etc...?

Perhaps not. But if it would, then the question is simple: What can we do now, to ensure that this currency will be Bitcoin, and to maximize its utility both today and at such a point in the future?

These are questions that I believe will lead to answers in aid of the above.

While I've seen 51% and Bad-actor/rational-actor type scenarios being discussed ad nauseam, and in-depth, and we know the encryption and protocol is very resilient, my searches for any sort of unpacking of the following scenarios have been fruitless:

1) "Stealth" code changes, that could get slipped in via an update, to modify network operation in some unforeseen, but yet-to-conceive exploitable way.
How huge a social-engineering effort would this take?
Do the huge-pool-guys vet every line of code themselves?
Does anyone log- and track stats on how quickly updates propagate throughout the network?
(This one looks pretty cool, but seems to have crashed: http://bitcoinstatus.rowit.co.uk/)

2) Someone big player, say the World Bank, establishing and promoting their own, incompatible network.
...coupled with an international media- and marketing campaign, backed by much more finance than the Bitcoin network, perhaps even offering lucrative-by-comparison shares in their new venture, to current Bitcoin players.
Once the mainstream is persuaded by the resilience and power of crypto-currency technology, it seems natural that they would adopt it... on their terms... doesn't it? What would the first ripples of this look like? Which banks are the key stakeholders? Is Bitcoin leading the pack to bank-adoption?

What is the man-hour- and dollar cost of launching something on par with what Bitcoin currently has?

3) Computer intelligence optimizing ("modifying") the protocol
...potentially silently taking control of the network (without anyone noticing) only to wield its power at some opportune watershed moment. Yes, I know, Sci-fi...The moment we have all been waiting for... with it's plausibility-spectrum all the way from "impossible" and "maybe in 100 years", to "an AI (or CI as I like to call it) will be algorithmically cheap enough to run on a smartphone", all the way to, "the *insert multinational organization* is already run by an AI." (eg. http://dilbert.com/blog/entry/how_the_robots_will_take_over/)

Sure, on the surface, the latter two scenarios are very hypothetical and unlikely... yet, if Bitcoin *is* the biggest hedge against global economic stability, doesn't that in fact highlight their relevance?...

But here are the stats that are within arms length, and I'd like to see... (shouldn't be hard to compile, even collect as part of the protocol...)

4) Isn't it relevant how each GH is powered and how easily that power can be removed by tactical means?
...to diminish the network hashrate as part of a global co-ordinated multi-faceted strike, the hashrates taken out only to come back up to a network beyond its recognition? Eg. How stable is the US national grid? Compared to those of other countries? What proportions of what countries' power grids run the internet - and Bitcoin? What is the minimum number of power stations that needs to get taken out? What is the minimum fire power required and the cost thereof? Or actually, how many steel poles (of neglible cost) of what length would be needed to short out said power supplies?

5) Add to that security. How many layers of security and obscurity in the hardware+software that powers each GH/TH/PH/xH?
ie. How many layers of security? How agile is its management? How rapidly can the system be secured and restored to a previous point in time?

What I'm concerned with, in particular, is concerted efforts to gather metrics on factors relevant to the above, in a public forum.

Any links welcome... particularly to a Wiki or new https://blockchain.info/pools or https://blockchain.info/charts pages monitoring metrics relevant to any- or all of the above. I'm fairly certain the bigger players of the world keep tabs on the above, but shouldn't it be out in the open? How better to guard against it than having it in the public domain?

10 BTC in 1EfnAXe2dyuKiVXfGyoSBMSKqvzzQcfr3L will see me dedicate one month to compiling the best sources of the above information, as professionally as I can, and compile what I can on a live dashboard, and post the link here.

I'll go ahead and answer most of these without too much hassle....




Every merge, or pull request on Github get's looked at by Core bitcoin developers, so unless you get them all in on the scheme it simply won't happen. There are also a lot of separate developers that work on the code in their free time, you can see all this on the bitcoin Github which can be found here: https://github.com/bitcoin/bitcoin


Anyone is free to start their own big "bitcoin" competitor, just look at all the alt-coins that are out there, or for example governments like Ecuador that have "banned" Bitcoin and say they want to start their own crypto currency. But judging from the popularity and the short lifespan of most alt-coins it seems that not too many people are as interested in them at all as much as they are in Bitcoin.


The unlikeliness of cracking the Bitcoin private keys can be found here: https://i.imgur.com/CzyO1yv.jpg  --- On a side-note, the protocol is as secure as it's code and the miners that secure the blockchain. As long as the code is secure it's very unlikely of a flaw massive enough that could damage the protocol as a whole.


In the unlikely event that all mayor pools would be hit in a coordinated effort to kill the networks hashrate, I'm sure that a lot of miners within a few hours would step over to decentralized solutions like P2Pool, etc. In which case the entire internet would have to be taken down.



The main security is the protocol which is secured by cryptography and is extremely unlikely to be cracked (refer to the image I posted before, even by quantum computing), then the blockchain is secured by the miners that perform work to secure it. Judging by the exponential growth in hashrate that we've been experiencing for the last 2 years it's also unlikely that anyone will secure a big enough share (51%) to threaten the network.

In the case of a split of the blockchain the network can be restored to previous states relatively simple (has been done twice before in 2013), where we forked away from the longest chain and continued on a different one.

There you go, all questions answered and it didn't cost anyone a single bitcoin.

There are more than one Bitcoin Implementations or stacks which work with the Bitcoin Blockchain. Any bugs, backdoors, or problems with one and we can just use the other implementation like libbitcoin. https://wiki.unsystem.net/en/index.php/Main_Page


Countries have already and are already doing exactly this. Canada, Ecuador are two examples. You shouldn't be concerned about this because :

1) Their digital currencies will likely have security flaws - counterpartry risk from regulators or banks and/or inflation that allows them to steal from the public, and/or doesn't respect users privacy.
2) In the odd event they do create a cryptocurrency that both respects the privacy and property of users than great, we all win anyways, but Bitcoins first mover advantage will probably keep it ahead.



This is unlikely to happen but if this "black swan" event ever did occur than Bitcoin would be the least of anyone's problems as all fiat currency, corporate secrets, and state secrets will be open for everyone. If this ever did happen we could simply take a snapshot of the blockchain and switch algorithms.


A 51% attack only means that the attacker can do the following :
1) Temporarily prevent a transaction from occurring
2) Create 2-3 false transactions
This attack would quickly get noticed,prevented,  and possibly rolled back by the community.

there are atleast 100 coders checking the code and then many people in the community that double check it too. so chances of spotting stealth code are easy
thre are 500 altcoins already, who says one of them is not a world bank invention.. and more importantly who cares? bitcoin is bitcoin and does not need to be compatible with other altcoins or fiat. people that want to exchange one for another will find a way even if the blockchains do not talk to each other.
if there was a chance that 256bit encryption was at risk, then within 24 hours private/public keypairs could be updated to 1024bit. and funds would be moved across.
never underestimate how fast an update can outpace hackers/crackers exploits.. look how fast the heartbleed was figured out and the world updated its security.. how much data or value was lost... not much...
if a national blackout occured bitcoin would be the least of your worries. within 12 hours all frozen food would start to thaw out and become unusable. people wont be able to get cash out of ATMS, shops would not be able to accept credit cards or bitcoins. meaning no commerce would happen. atleast bitcoin does not have to rely on american companies (visa/mastercard) so that non americans can still use bitcoin as electronic payment whilst most banks are closed due to no access to bank details.

restored to a previous point.. ?? im not even going to comment on the stupidity of having restore points as thats the fungability argument. bitcoin will continue on as it should, as you say it would require a hell of alot of things in combination to cause the bitcoin ledger to be re-written and governments would not waste resources or risk fiat catastrophe based on bitcoin. after all there are over 100 FIAT currencies.. do you see america trying EMP explosions in russia and china to stop the BRICS development.
as for your comments on how secure is GH.. well better than KH better than MH, but not as good as TH and definetly not as good as PH.. so dont worry about the small stuff we are over 25% nearer to EH than dropping all of the way back to GH
[/quote]

In a nutshell... I'm looking for hard numbers. It's easy to speculate, but unless you have hard numbers, you don't know much.

1) Yet - on Github - there are only 12 contributors with more than 50 commits. Does anyone actually know all these people, in person? How socially connected are the contributors? If someone were to take them out and replace them, one by one, or somehow engineer for them all to go on holiday, away from internet access, for a week or two, at the same time, after compromising their accounts, who would notice? :-D

How closely guarded is the Github infrastructure? How many people would you need to get by, to gain access to the server and modify the code without anyone picking it up right away?

But what I really meant is... what is the potential impact of code changes - how quickly does it propagate through the network? I'm sure someone can - and has already - written a piece of code that graphs the percentages of versions of bitcoin clients, and the lead time... but where is it?

Isn't this an important security metric that should be gathered?

And again... how many of the big pools and guys personally vet the code, line by line?

I'm looking for hard numbers... and I'm pretty sure that people seriously looking to mess with Bitcoin, and capable of doing so, has this.

(And considering the value that it contains, and the growth path, there certainly is more than enough incentive, as the potential payoff is huge!)

2) Again, looking for hard numbers. How much money and man hours has gone into the Bitcoin social- and physical infrastructure? In total. Spread over how much time? How much money would it take to launch something bigger, and more successful.

How big a of a global misinformation campaign will it take to remove public confidence in Bitcoin, and focus it on something else? How big are the syndicates operating in the space? How many are there? How many of the big exploits and hacks were likely carried out by governments? Who has made a list of institutions who may both be capable, and incentivised to do this?

3) Haha, I don't think anything can guard against this, except luck. This is, to me, the biggest threat - perhaps only cancelled out by the fact that we'd either have no more problems, or much bigger problems. Intelligent machines could upgrade the security for you, to something not recognizable by humans, in nanoseconds. Something that could take hundreds of human years to figure out or calculate could potentially be calculated or figured out and applied by intelligent machines in microseconds.

4) Many countries require critical infrastructure to maintain their own backup power systems, capable of running for months... but yes, there would be bigger problems. Still, what if you only had to take out 3 or 4 major powerlines, or grid transformers, to remove 90% of the hashing power from the network? Or even easier, just take an axe and a shovel and hack away at 5 or 10 fiber conduits, so your petahash grid can leap ahead... How long will it take for those to be repaired? Most lucrative potential return on investment.

Again, it's easy to speculate, but hard numbers are better.

I maintain that our civilization really is very civilized and advanced, seeing as that stupid, nasty things like this are quite rare. Perhaps we are, in some sense, all keenly aware of how insignificant even the biggest thing that we can accomplish, on this speck of dust, in infinite space, is.

5) I'm not talking about attacks on the protocol, I'm talking about physical access to the hardware and wallets. Good thieves rarely enter through the front door. And again... hard numbers: How many years of security experience protects said pool? How many layers of security? Do they have a worst case compromise recovery plan, and what is the impact? How many layers of security?

Has anyone penned down a good and comprehensive security protocol? And how many of the items on the protocol do they comply with / adhere to?

It is good that you are curious but your many questions aren't exactly new or haven't been addressed by security experts already.
In order to answer all your questions we would need to essentially discuss all the security best practices in Bitcoin and the open source movement in general which would involve far more time than a simple thread.

Bitcoin is as secure or insecure as you choose to make it. A mutisig paper wallet with the keys stored in different locations and different forms is essentially impossible to steal, unless you torture the owner into recovering the keys and than in that case you can use a dead mans switch or ntimelock to even protect against this vector of an attack.

I would suggest you start researching into computer security by first reading the available information.

As far as getting hard numbers on how many "man hours" has been invested in Bitcoin this is impossible to obtain as Bitcoin is a global open source project in which anyone can participate and many are anonymous with their contributions.

Moore's law is already cracking, from the perspective that IPC increases out of AMD and INTEL have been strictly nominal for the past few years. So from that narrative, which I think also holds strong (looking at the supercomputer list when you normalize some combination of flops/kw or cores/kw) in the proprietary chip market also (e.g. IBM).

So what's going to likely happen moving forward is that sha256 gets slowly eroded, which is basically what has happened to every other industry standard cryptographic algorithm.

In the ASIC chip industry, people are already down to 28 and 20nm. Soon enough  (e/g 1 year) when everyone in the industry has reached down to 20nm you'll see a plateau in computing power between chips. The competitive advantage will dissipate between manufacturers as everyone optimizes their chips at 20nm.

So the point is that there is basically no likelihood of a zeroday event where someoen ramps up enough computing power to brute force out sha256 tomorrow.

If that is true - where? I wrote my post because I went looking, and didn't find what you say exists.

I am well versed in computer security - and googling for the listed questions do not yield any quality leads. Perhaps my main question is this: Do you know if anybody has taken the time to compile a comprehensive wiki on the subject, and perhaps specifically, as it pertains to Bitcoin?

The closest I've been able to find is pages like https://en.bitcoin.it/wiki/Myths - and there are no real, hard numbers there. The words "Best practice" and Bitcoin do not seem to appear in close proximity, anywhere on the internet, and I see this as a barrier to Bitcoin's progress. 

How do they say... "Common sense is not so common".

Again, isn't this just addressing the "front-door" approach, that everyone seems to stare themselves blind at?

Let's try this differently, how centralized are these pools?

Discus Fish    
GHash.IO    
KnCMiner    
AntPool    
(https://blockchain.info/pools)

What will it take to take them out, and if done, how long will they be down for?

Another scenario - how elaborate a hack will it take to link them together to do a 51% attack to empty some big wallets?

How many layers of security would you need to get through? How many stolen ssh keys will it take?

What I mean, is, how easy is it to gain access to the largest mining operations and pool control structures?
On the physical layer?
On the OS layer?
On the social engineering layer?

What I mean is, how easy would it be to disrupt the 5 or 6 largest pools, and take half the network hashrate offline? How feasible is it? And as with anything, surely a cost can be attached to that... and a reward. Does it even out? Has anyone done a qualitative calculation? At what price point will it become feasible?

Where is this calculation? Or do I have to do it myself...?

For someone claiming to have read into the matter and know a lot about network security you certainly don't seem to know too much about the Bitcoin protocol. As I've answered before, taking down those pools would technically be the best possible thing you could do for the health of the network, since within hours all miners will step over to DECENTRALIZED solutions like p2poool, since none of them want to be missing out on potential mining profits. I wrote this before but I doubt you read it.

Now lets step over to the social engineering part of it all. Ok, so congratulations you've hacked into all of those pools and you can now unleash your evil plans on the blockchain... One problem, you can't STEAL anyone's wallet! WALLETS ARE SECURED BY CRYPTOGRAPHY STRONG ENOUGH THAT IT WILL TAKE MORE THAN THE ENERGY OF THE ENTIRE SUN FOR ITS ENTIRE LIFESPAN TO CRACK. Having 51 or even 99% of the network changes nothing about that.

You could prevent transactions of your choosing from gaining any confirmations, thus making them invalid, potentially preventing people from sending Bitcoins between addresses. You could also reverse transactions you send during the time they are in control (allowing double spend transactions), and they could potentially prevent other miners from finding any blocks for a short period of time. That’s really about it

And all of this would be blatantly obvious to people monitoring the blockchain. Miners that notice they're mining on a malicious pool would step over to a different pool, or simply to p2pool. Once miners step over you and your evil plans will be left in control of nice pools.... controlling exactly 0% of the networks hashrate.

There is nearly no profit is obtaining 51% of the network through hacking except for doing some doublespends after which miners stop providing their hashing power to mine for your evil plans. In short, you'd be doing the network a favor since people will finally step over to decentralized mining pools.

Your questions lead us to believe that you really don't understand Bitcoin or how secure open source projects are developed. The problem with answering your questions is that the scope is so broad because their are so many details and different layers of security specific to every facet that it would cover a very large wiki of information.

You can start here :
http://mhuan.name/wp-content/uploads/downloads/2014/05/ExJobb_Final_Report_Huan_Meng.pdf

and than read more here :

http://sourceforge.net/p/bitcoin/mailman/bitcoin-development/

Just keep in mind that Bitcoin having almost a 6 billion dollar market cap, which peaked at over 10 billion last year is incentive enough for black hats to test all security weaknesses of the Bitcoin infrastructure. Bitcoin is constantly being tested and attacked because of this.

I think the only one of these things that is even remotely possible is stealth code.

The others don't make sense on the face of things.
"Computer intelligence optimizing"?  What's that supposed to mean?
The protocol hasn't been "cracked" in 6 years.  The only way
to crack it would be to break the cryptography, which doesn't
seem possible.

Again, you're staring yourself blind at the front-door approach. I have now have thousands of the highest value wallets and their keys. And malicious control of the pools. Now I'm emptying all those wallets into a network of new wallets under my control, too complex for anyone without a list of the exact wallets, to decipher.

Which will be near impossible, if at all feasible, without preparing for this exact scenario in advance.

How often do you change wallets? Every hour? Every day? Every month? How many transactions on the blockchain is purely people changing wallets? How many automatic-wallet-changing-apps are in the public domain? What's safer - a static wallet, or a dynamic wallet?

...Which improves your chances of winning the lottery - always playing the same number, or playing a different number every time? ... See what I'm doing here. Inception. And then reversing it. The bad guys don't. You've been incepted to stare yourself blind at how secure a protocol is that you don't understand yourself, nor tried to circumvent yourself.

And then, of course... not to mention that I have remote agents, and plenty of bandwidth, on my own dark net, and on almost every AS on the internet, and a decentralized control system of my own, that only I can control. Using encryption that is decades ahead of what is mainstream or available in the public domain today.


That's about all you need. What's the potential damage value, per minute, per hour, per day?
Hard numbers. What's the best hedge against it? Someone has worked it out. Is it in the public domain? No.
Is it being tracked in real-time, in the public domain?
No.
Should it be?
Would it be better that only a handful of malicious agents track it... or if everyone was keenly aware of the score?

Hey, the score can even make itself back into the protocol, to beef it up even more. The only beefing-up today is against Moore's law and the size of the network. Do you really, truly and honestly believe that that is enough?

---

This is the initial point of my post. Everyone is going on about how bullet-proof the protocol is, yet there are gaping vulnerabilities that nobody is talking about. Okay, perhaps they're not "gaping" yet, and perhaps not unique to Bitcoin, save for the fact that Bitcoin could potentially present their highest-value taget... perhaps the little talk about it is more a symptom of them not being an issue ...yet.

The protocol is pretty great, yes... but even the ancient Greeks had stories about how fallibility... the Indians were ahead by another few thousand years. Icarus. Jatayu.

What kills you? It's what you don't know or don't see coming. Complacency. What is the weakest link in the chain? It's you - and where you save your key. And your limited knowledge of- and ability to control the hardware-, software- and networks you need to utilize it. Which I started mastering before you could speak your mother tongue, which I stole even before you generated it (if you used my wallet software, or OS...) ... and you're still blissfully eating your steak, pretending that me and my world don't exist, simply because you've not come face-to-face with it yet... once you have, you'll be beyond thinking it will go away if you just close your eyes and pretend, you'll be beyond sticking your fingers in your ears... so perhaps all this is, is your assertion that you have not.


So... what's the reaction time on that? Microseconds? Hours? Days? Weeks?...
How many of the blockchain downloaders are actually running metrics on it? 5? 10? 100? 1000? How many of them are sharing their metrics with the world?...

How many people use randomized pool lists...? Because what if I even engineered those?...

Don't you want to know more?...

BTW... have you checked the p2pool code yourself? Which client and server versions? Downloaded from where? Who can you trust.... ? MUHAHAHAHA.

I'll mail you a postcard from my island... where the only currency I need is bananas and boobs.

Useful links. But Bitcoin is neither an OS, nor an open hardware standard, nor a person, yet it runs on all of these, and each is prone to exploitation on a wide scale.

What I'm saying is that these are relevant vulnerabilities with measurable metrics - and that these could and should be measured and could even perhaps find their way back into the protocol itself, so as to make it even more resilient...

great to share, thanks

I'll reply a little bit right now and some more later. Not that you've actually even attempted to understand what I wrote but that's ok, you're starting to look more and more like an elaborate troll.

I don't think you've fully realized yet that even with 99% of the entire network under your control you cannot move or empty anyone's wallet. You do not have the private keys of those people. Without the private key you cannot move any funds on the blockchain even if you had 100% of the network. I don't have to change wallet since my private keys are secure, if someone would take control of the network I would just simply be relaxing and wait out the storm since my coins are secured by MY private key that YOU don't have access to. It's not a lottery, you cannot crack my private key. This image will explain it to you...

http://nandbit.com/docs/bitcoin-sun.jpg

Then let's move on to who would see your malicious attempts... Well, pretty much anyone that's running a full node on the network. Doublespend attempts are easy to recognize and there are hundreds of people constantly looking at transactions on the blockchain, so yes, it will be obvious, and it is monitored in real time.

The potential damage would only last for a few hours, since miners will step over to p2pool, which is decentralized. And yes, people are constantly looking at the security of that OPEN SOURCE code as well and thousands of hackers have tried to attack it.

You can try to steal my private keys, but sadly for you all of them are offline. If you really are that good at hacking I recommend you start with coinbase, they have some nice hot wallets and just like Bitcoin their system is constantly tested by hackers. Write me back when you're in (although I'm sure we'll read in the news about it) and then post your "loot" on this thread and perhaps someone will believe you. Public keys are open domain so feel free to try and crack a private key from a public key, you can find some public keys here: http://blockchain.info/

I feel like you have a lot of reading to do. If you would like to learn more about cryptography you could read this book: http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/8126513683/ref=sr_1_1?s=books&ie=UTF8&qid=1415981394&sr=1-1&keywords=Applied+Cryptography%3A+Protocols%2C+Algorithms%2C+and+Source+Code+in+C

This thread looked interesting at first, but it became obvious, that the OP is either a troll or an idiot.
Thanks to all the people, who gave great answers here.

I am really not trying to troll... only one out of more than 10 replies so far has come near addressing any of my questions directly.

Stop assuming that I'm asking what has already been answered. I'm not. How can I prove this to you?! Let's dig deeper...

Yes, I can, because I also have a huge number of private keys, including yours. (Hypothetically speaking) - do you really think that hacking syndicates who have stolen private keys, are going to rush out and use them right away?

Let me put it to you this way: even if I didn't copy your private key the moment you generated it, with some backdoor in your PC software or hardware, all I need to do is to look at the time and date of your first transaction, your OS, wallet software, and any and all other information leaking out from your computing devices, consult my vast database of PRNG quirks, to vastly reduce the amount of time I'll need to crack it.

But cracking, or tracking the crackability of the various parts of Bitcoin or the computing infrastructure it runs on, is the least of my concern. BECAUSE ALMOST EVERYONE ELSE IS FOCUSED ON THIS. So this isn't what I'm talking about.

I'm talking about the lower layers that Bitcoin is built on and my concern is with measuring. With gathering metrics. With free and unfettered access to actual collected metrics. All which is wide open, and available, yet there's no concerted effort to gather any in a public forum.

Please address this concern. You seem to think this is irrelevant... why?!

All the encryption in the world won't help you if your key is stored in memory in your computer, and I have access to your computer.

So how many private keys are offline, and how many online? I am willing to take a substantial bet that 99.9% of all private Bitcoin keys are stored online, within reach of a CPU.

Still, when I originally posted, this was not my primary concern... but granted, it seems obvious that its perhaps the most relevant metric, and perhaps the most difficult to collect with great accuracy.


"Pretty much"... Have you done an internet search on "Bitcoin metrics", or "Most important bitcoin metrics"?

According to http://www.coindesk.com/state-of-bitcoin-q2-2014-report-expanding-bitcoin-economy/ (http://www.coindesk.com/state-of-bitcoin-q2-2014-report-expanding-bitcoin-economy/) about 5m wallets have been seen on the network, projected to be around 8m by December.

Soo..... 5m wallets. How many of those wallets' keys are stored offline? 100? 1000? 10 000? What's that? 0.001%.

Are you saying that's not a significant metric to get right?

Let's see... how many of those wallets are stored on some web-wallet service? A quick internet search reveals that coinbase is on track to keep around 2m of those by December. 25% of all wallets. Yes, coinbase is quite a high value target... so who runs the security over at Coinbase, and what's his experience? How many lines of code has he written? How many layers of security does he oversee, and what's the furthest anyone has come?

Googling for Bitcoin security, around about the first 2 pages only point to one person: Andreas M. Antonopoulos. Is this the only person on the planet who knows anything about securing computers?

So, needless to say, Coinbase sounds like they have pretty beefy security. But if I pull the geolocation records on all their keyholders (how many could there be now, 3? 5? 10? ... I track them down, put them all in the same room, and hold a gun to their head, how many of them will give their lives for a bunch of secret codes? Even this I can gather metrics on... how many of them served in the military? How many of them carry guns? How many of them adhere to a strict routine of visiting friends or relatives? How many of them visit random new places weekly?...)

How many others web wallet-services are there? How many exchanges? How many coins are held in pools and exchanges' wallets, for how long, on average?

Once again, I can almost guarantee you that the syndicates taking down exchanges, do not merely pick these exchanges at random...

Yes, considering this, perhaps putting this information out there is not the best idea.

All I want is a dashboard, showing the vital signs of Bitcoin. The real vital signs, not the surface features that are discussed to here and gone.


Perhaps I should just clear this up: I am not trying to hack anyone... and I am not the hacker. I'm the concerned citizen, the messenger, the coder, the mathematician, the philosopher, who have looked into the future beyond the horizon commonly discussed, and I want the community to look further too... and be better prepared for what's coming.

Because, where there's a way, there's a will.

Turing complete devices will never be 100% secure. This is why people should store a bulk of their savings with mutisig cold storage and hardware wallets.

If you really care about bitcoin security I would like to see you promote cold storage and hardware wallets.

Instead it looks like you are merely a PoS shill:


These targeted attacks from PoS shills will not be forgotten and will come back to haunt your projects. Why don't you try and compete honestly through real development instead of creating shill accounts on bitcointalk?

This is silly and proves nothing, besides being wrong: it's like saying you can't play chess simply because you can't count to 2^64. Okay, I'll be reasonable: it's like saying that because you can't contain every possible chess game in memory.

Also, you have my lottery comment out of context: If I have your private key, and you change it, then you're safe again. But you changing your private key all the time, obviously maximizes my chances of stealing it... or does it?

Come on! Catch up.


Looks like a cool book.

But again... have you been living under a rock? No encryption needed to get cracked for millions of hosts to get compromised via ssh, which is also secured by various flavours of encryption, including SHA hashes... all it took was a little "bug". How many private keys got changed after that fiasco??! Did you change yours?

You realize that to do a transaction, you need to put your private key into your computer, and if you've put your key into your computer any one of around half a million or more "security researchers", software developers and potential bad guys who have touched the code resident in your computer's memory, have potentially had an opportunity to capture some part of your key in one way or another... anywhere from recording the sound your keyboard makes when you hit each key, up to the hardware or software in your keyboard, browser, OS, or that of the phone your little nephew carried in there a few moments before you did the transaction, you know, the one where he loads new "unlocked" versions of whatever on daily...

I am not poking at the absence of holes in Bitcoin. I'm poking at the holes in the slab of swiss cheese that Bitcoin lives on, and I'm saying that Bitcoin can shield itself against that, even...

Actually, I'm not even poking at it yet... I'm just asking... who has? Where are they? Where are their findings?

No, reading a computer security manual is not the answer, because the vast majority of people using bitcoin will never do that; I'm saying that Bitcoin needs an official security strategy... be it "security through obscurity", or "security through unscrupulous transparency"... whatever it is, it's going to need more of it if it's to weather the coming waves... where is it?

Damn straight. More than that. I want to know what percentage of the bitcoin network is controlled by hot private keys, and what percentage by cold ones. I think it should be part of the protocol, somehow.

So how can this be measured? ...


Oooh... wow! Taking comments, made - in computer-time-relative-terms - centuries ago - out of context, even... In April, global hashrates flipped between PoS coins like fleas on a poor old infested dog...  can't even remember I said that. And I will probably forget that I said this in a few months time, when I'm thinking about something else again...

And my short attention span is a symptom of humanity, hence the need for science, or anything useful in general, to record hard metrics on things, to make them useful, and hence my post.

I hold no allegiances to anything, except the notion that all things are variable... let's refrain from getting personal and try to navigate closer to the topic at hand, shall we?


I only have two accounts here... and I've forgotten the login details or pseudonym of my first.

It's not a targeted attack. Seeing as that my Bitcoins will only be worth something in a few years, and I'm frustrated at that, having more time than money, I'm staring at the cracks and sharing my thoughts. I do appreciate you trying to understand them...

Stealth Code Scenario :- 90% possible

Just gain access to public figures accounts , temporarily detain them and release an emergency update that fixes some flaw.

Here is why it is possible

1) The US has access to 80% of all servers public and private

2) when the need has arisen.....Have they not somehow out of the blue managed to capture anyone they want ? Be it in a day or ten years? This is a government , they make the rules.

3) with over 20 heavily funded and massively staffed security agencies including 3 military and non military ones whose single purpose in life is net dominance, you think compromising the accounts of 8 people or replacing a number of people who go by pseudonyms on the net is a difficult task?

The only reason we have not yet seen any real devastating attacks physical or otherwise is because they thus far are intrigued by the concept and do not perceive any serious threat from it.

While they may not be able to completely demolish the idea and the network, just taking the above measures or simply applying Russia like legislation will result in a collapse of the bitcoin price down to single didgits.

Do not kid yourselves that BTC is out of reach , a lot of nonsense about how it will function against governments has been spouted here by people who are either ignorant or arrogant. The honest truth is that we rely on the good graces of governments that allow us to have such freedoms else this idea would die.

Keeping those facts in mind note that only 1% or less of BTC users actually give a crap about the idea or technology, most just joined when they realised it could be profitable, if and when that ceases to be true,....u know it yourselves what they will do.

I am advocating that moving onwards the community be honest about our position in the world, that is the first step to making the rest of the world join us, otherwise staying in this bubble of over confident arrongance, will lead to sad results.

I am Ukrainian by birth, and I have lived on both sides of the divide ( west vs rest of the world) long enough to know that  even the best ideas , facts and figures fall short when a government decides to use force, let alone an informed well funded and heavily staffed government being egged on by bankers, heavy handed conservatives and Military industries.

Ok, I will take your word for it that you merely have a short attention span and have genuine intentions.


You are just pulling numbers out of thin air. I would suggest a majority of Bitcoin users care about the idea and technology from what i have seen.


Perhaps we take a more constructive approach, instead of asking for statistics for something that is almost impossible to accurately determine, and instead promote better security. This will be positive for everyone.

Contribute here or make your own thread encouraging better security practices:
https://bitcointalk.org/index.php?topic=858604.0

P.s... I created a poll for you so you can gather inaccurate stats that have too small of a sample size and impossible to verify since you seem to be interested.

113.9% of them in fact :D

If someone cracked the hash algorithm, or found a cheaper way to compute it, they'd make a lot of money, difficulty would go to the moon, but the rate of Bitcoin creation would not increase. Just like when ASICs came in.

I'm going to go ahead and stop replying to a troll, and if it's not a troll simply someone that does not want to learn or understand. Op has a lot of reading to do if he ever wants to even so much as have a grasp of understanding how Bitcoin works. And seeing how he if having problems at understanding even the most basic concepts I'm afraid that might take a few years.

Nice to review doomsday scenarios but the biggest risk, BY FAR, is that Bitcoin will drop in popularity, be forgotten, and approach $0 in value.

The fact that it isn't backed by anything real is a major problem. In the old days, it was backed by general purpose GPU's with quantifiable market value - NASA would, for example, love to have all that horsepower at their disposal. Now it is backed by specific purpose ASICS that are useless for anything other than SHA  hashing.

In a real sense, the Bitcoin network was running on Gold and has now been replaced with Tin.

Interesting idea, though my opinion on value is that it came initially from people who genuinely believe in the tech and the possibility of it beccoming mainstream and globally acceptable anywhere.

The rest , like me came after we heard it could actually be successful, and others came after they saw the number of zeros increase.

so to summarize..

i can't show bitcoin is weak but i'm going to ask about it at an attempt to discredit.

if people would stop responding.  this post could finally die.

Something I want to arm bitcoin against, hence my post!

My suspicion too.
Some stats:
5m bitcoin users
300k Bitcointalk users, let's say 2% are active and passionately care: 6k
That's 0.001%

I think humans notoriously over-estimate their position in the world. If you are 1 in a million, you are part of a group of 8 million people, or roughly one person in a city the size of one an average province's major metropoles. Conversely, there are more than a million large cities in the world.

Amen!

Now if you had taken the time to do some research or post some relevant metrics that we can gather, this would have possibly been the first of the type of reponses I was looking for... maybe I should update the original post. I guess I'm a forum newbie... but then again, doesn't it say so on the left?!

Anyways.... thanks for futhering the discussion!

Wow. Maybe I should learn a new language that is not as open to misinterpretation as English!  ???

My summary:
I own a lot of bitcoin and want to see the value increase. Lets look at the cracks. Hey, there are some cracks nobody seems to be talking about... I wonder why. Let's ask.

PS Bitcoin's market cap speaks for itself, don't you think? I don't think it needs you to defend it.

What it needs is hard numbers and more tech. Or better ideas... but the right, experienced people, running the show. Such as this... would the same evils that have beefed up the worlds' fiat system, work for Bitcoin? I'm sure it would. Is it a good idea?


 ... Some more links for the best books on economics you've read, or even better, your take-aways from those books, might be an appropriate response to this post... (besides being off-topic)

One of my biggest fears is that big whales gather together and decide to heavily crash Bitcoin. They do it in JP Morgan in the "normal market", this isn't any different. All it takes is a group of people with insane resources and good cooperation.

According to a certain theory, if 1 in 20 people know about your product, you're made and it's all downhill from there... (How many of these theories are there - and how does Bitcoin rate in each?)

We'll soon be 8bn people. (http://en.wikipedia.org/wiki/World_population) According to the World Bank, people directly involved in the formal sector is around 2bn (http://data.worldbank.org/indicator/SL.TLF.TOTL.IN). So let's say that's the "target market" - plus some. So 3bn.

Bitcoin has an estimated userbase of around 3m. That's 1:1000 total formal-sector people... not bad... and it has taken 5 years. Going on a network/exponential growth rate, it'll be at 1:20 in less than another 5... depending on how much of the news it can capture. Bigger news items = faster propagation. I don't think positive or negative matters...

So... dropping in popularity or being forgotten... seems very unlikely at the current trajectory. In fact, it looks like it will be another year or two before it *really* takes off.

It was never backed by that, in my opinion. Rather, it was backed by the need for cash transactions over the internet. It is backed by the need for less regulation and friction in moving value around. It is backed by the need for a global, irreversable, decentralized transaction mechanism, and the medium only instilled some bias toward decentralization.

It's also backed, in part, by the promise that it will keep functioning, almost unaffected, in a global war scenario.

But because we want it to be used as a de-facto store of value, we're back at your initial point: It's backed for the most part by people's perceptions. And people don't have very good perceptions of value or currency: they think value is measured in dollars, and more is better.

So it will be very hard for the average person to grasp the concept that even though the dollar value of bitcoin might decline, at some point its purchasing power will overtake that of the dollar. So perhaps what the Bitcoin community needs the most, is a concerted and focused effort to change the trend and rather measure the dollar in bitcoins as the standard.

What it needs, is to lobby hollywood and futuristic movies, to ensure that the currency in use, in those movies, is called "Bitcoin".

But both these are somewhat off-topic. I'm interested in finding someone who has compiled many more meaninful numbers than the current most-useful bitcoin site: https://blockchain.info/charts

Has anyone measured the possibility of this happening? How many people are involved, and how "financially secure" are they? How much money would such an effort take? What's the worst-case scenario and what can we do today to render such an attempt harmless...?

Nice! That's more what I'm talking about.

So how big is your sample size?
8bn people
3bn "economically active" (that's around 1:3)
(technically, everyone is econmically active, because they have to eat and <1bn grows their own food... probably meaning that, on average, every working person looks after 2 non-working people...)
3m bitcoin users (that's 1:1000 of the "economically active", or 1:3000)
300k bitcointalk users (1:10 of bitcoin users, 1:10000 of the economically active, or every bitcointalk user represents a small town of 30000 people, when viewed globally...)
300 replies to your poll (lets hypothesize... so thats 1:1000 of Bitcointalk users)

But... I think it's fair to say that only concerned citizens/security conscious/technically minded/seriously interested people are active here, and they are not representative of the average user....

(So how do we correct for that.... how many of an industry, are it's early adopters and/or luminaries? 1%? 10%? 20%?)

Still, if they're not representative of the average user, that would be nice, because that would mean that this *is* the place to discuss security best practice, and to discuss what metrics are vital statistics, and how to gather them...

...But then again, the world reknowned experts are all employed and well paid, in the formal sector, and will hardly take the time to hang out here and wage small-talk with some internet forumites... instead, they are probably studying the myriad of tactics that the publishing of the Bitcoin source code has crowd-sourced... drawn into the public eye. ...And keeping their notes to themselves, because why would they share their accumulated secrets and metrics on how to get rich, with the world?

There's also the little matter of theory vs practice. Everyone knows what the right thing is to do... but if it's too much hassle, they won't do it. So I might vote on the poll "Of course I'm using a cold wallet"... meanwhile back at the ranch, a huge chunk of my money is in an exchange...

What percentage of Bitcoin's value is held in exchanges, at any one time?

Perhaps, what I propose is exploring the potential metrics that could pave the way to an API that allows exchanges and Bitcoin players to share back information... and some sort of service that will share anonymized aggregated data, without sharing anything that could negatively impact the value of those players... eg. number of transactions/day, number of user accounts, number of unique users/day, total bitcoin transaction volume per day, total bitcoin transaction volume in hot wallets, in cold wallets, threshold- and delay, in seconds, for transacting with cold wallets, number of people responsible, number of standard security protocol layers, number of obscure security layers, time to implement worst case recovery plan, number of geographically separate locations critical data is stored, do each location employ unique, isolated security from the others? etc.

Has the Bitcoin foundation considered/planned for something of the sort? Is there something like this? Is there some sort of official Bitcoin certification programme?

Obviously what would make the most sense is having this all part of the blockchain, or only putting the minimum required, if any, in there, and inferring the rest... but before that is done, it needs to make sense, and offer real value in return...

Think way beyond that... if you can.

For lack of a better example: my gripe is that this is a bit like Windows 98 security: You can set a login password and it gets encrypted satisfactorily... but to bypass the login password, you simply needed to press ESC at the right time.

I had to look up the meaning of "shill", you may find it hard to believe but there are people who have never come across that word before. I've been sending emails since 1993, and I wrote computer code before I could read or write my native language.

I'm not the troll... I'm the messenger, here to tell you about the troll under the bridge you're trying to cross... and I'm trying to gather some momentum to dry up the river so there's no need for a bridge... but I'm not getting much help, yet...

http://en.wikipedia.org/wiki/Bias_blind_spot
It's almost like: http://www.quora.com/What-are-some-stupid-things-that-smart-people-do

So everyone is *still* staring themselves blind and patting themselves on the back about the encryption. Great. My point is that it is still stored on your computer, and your computer is insecure, no matter how you cut it. There is no widespread, cleanly audited, secure bootloader in use. The moment you generate a key, you run a risk of giving it away.

Here's the news: you need more than a secure algorithm for security. Security is only as good as the weakest link in the chain.

You may say it's not a Bitcoin-problem... but if it affects Bitcoin, and the Bitcoin ecosystem can be reinforced against it, I think it should be.

So, you think, if you press the right buttons, you don't need to sign a transaction with your private key?
That exactly shows, that you have no idea what you are talking about.

Not at all. "For lack of a better example" <- Did you see that, what did you think it means?

Almost like "pressing the right buttons" - I can transact using your wallet because I stole your private key the moment you generated it, so I can sign any transaction with your key. (Let's say I'm the NSA, or perhaps even someone more "sinister"...)... I'm still accumulating keys. (And metadata on others, which is almost as good as the real thing, considering the amount of computing power I commad...) How many keys do you think I have, by now?

See... you have no clue. You're still arguing that I dont understand how good SHA-256 is. (It's irrelevant, here!)

I also have backdoors installed at all the major exchanges and wallet services and I'm best friends with their cold wallet keyholders and know all about their routine, protocols and families... Oh, I almost forgot, I also have a backdoor in everyone running a client or server compiled from the github code, ready to fire it up when they send their next packet to another node... (LOL that code has been in there since v4, and nobody has spotted it yet) Also, I have a virtually unlimited budget, and have just been doing this "for fun"... you know, just in case you tried something funny, just because "Uncle Bob" told me to keep an eye on you.

So I'm keeping my finger on the trigger. If I press ENTER, everyone who co-operated with me gets filthy rich... and Bitcoin dies. (But if I do it now, something else will just take its place... just...have...to...wait..a...little...longer.... then nobody will trust crypto ever again. Yes! Like communism.)

You still have a chance to stop me...

You have nothing, no numbers, nothing, except a poor excuse: "Hey man, SHA256 is really good. Look it up. We're safe." ...Do you know how many people I talked to? Do you know how many keys I have? Do you know how much of the network I control? Do you know my endgame?

What I am saying is that these are metrics that we could have meaningful lower and upper bounds of... and that we can put them to work for us, beefing up protection against this very scenario.

Do you want to see what a hostile takeover of the world's biggest crypto currency looks like, before you believe that it's possible?

Would it be cheaper to just buy everyone's Bitcoins in some other currency? Doubtful... but why guess if we can try to measure. We want the best, most resilient currency, end of story, period. Right?

Way ahead of you dude, I just used my mind powers to put an impregnable hypnotic block on you doing this, so we're all good now.

(As long as we're allowed fictional devices to say any shit can happen)

Being able to "attack" a system because you have a password/private key and really attacking it, are 2 complete separate things. If you are too stupid to understand that, than I can not help you.
Your scenarios are based on "I have infiltrated everything. I have even magically infiltrated you air-gap machines". If you could really do that, why bother with bitcoins? Just get access to all nuclear silos and threaten to bomb everyone.

So are you saying that it is impossible to combine 2 or more attack strategies in a giant onslaught?

You do raise a valid premise: Will a global currency system have any practical use in a post apocalyptic global scenario? Eg. global economic collapse, global police state, global nuclear winter, world wide killer virus outbreak, giant asteroid impact, sentient computers, etc...?

Perhaps not. But if it would, then the question is simple: What can we do now, to maximize its utility both today and at such a point in the future?

I say, if you can get access to all private keys, by individually hacking every machine on the world, than you don't need a 51% attack or anything else. You already control the network.
But that doesn't have anything to do, with a weakness of the Bitcoin Network. Getting your twitter password stolen from your trojan infestested PC is also not a weakness of Twitter.

Correct. But if Twitter could guard against that, it would benefit from it.

So what I'm saying is that because of how Bitcoin works, it would be even easier for Bitcoin to guard against non-Bitcoin problems, than for Twitter - because Bitcoin can get those protections built into it much easier due to the nature of its community.

My gripe is with knowing that people have thought of this, a lot, but to day very few have published any of their research. Many have gone on to create alternate cryptocurrencies, rather than waste their time discussing their ideals with the Bitcoin community. Bitcoin has a lot going for it... So, if you come across something addressing this, or someone, motivate them to spend time on it, to study it, and to publish their research or insights where the community can have easy access to it...

So, you want a secure system where nobody needs any kind of password/private key? Good luck with that.
There are already tons of projects out there do create private keys far away from the internet.

That would help somewhat.

So are you collecting statistics or metrics on how many keys were generated in this way? I know I'm not.

And I know somebody is, and that that information is both powerful and useful.

So what I'm saying is that it would probably be a good idea to make that information part of the protocol. What do you think? Can you think of any other such information that might be useful?

There is no way, to know, how a private key was generated. That is just not possible. Unless we are using your favorite tool: magic.

First, a quote on magic: "Any sufficiently advanced technology is indistinguishable from magic."

So, let's start with what we know:
- The number of freely and easily available software packages that will generate a key for you
- The number of times that a download on those were recorded
- The release dates of these
- The number of hardware devices that will do the same
- The approximate number sales
- The release dates of these
- The number of total unique bitcoin addresses that had been seen transacting by each of the dates above

From that, I think we can establish a lower and an upper bound... and make a real good guess so as to the vulnerability of each wallet - from which we can guage the level of threat to the network.

Which is, in my opinion, better than that bad guy in "The Matrix"'s favourite tool: Ignorance.

And this is just measuring one metric: Key sources.

So, how do you calculate the amount of private keys from people who role dices to make them. How do you count the people who let their cat run over their keyboard to generate it? There are a lot of possibilities to create private keys, without even software.
Your last point is just stupid: Used Bitcoin addresses and generated private keys are just not the same thing.
So, yes you can collect some data, and make a guess, but it wouldn't be a good one.

What are you on about? What part of: IF YOU DID IT ON YOUR PC IT IS PROBABLY COMPROMISED don't you understand?!

This is a very valid point...

I have not sifted through the developer lists at fear of getting sucked in and never coming back out. Instead I'm just looking to see what vital statistics I can find. It seems the door is still wide open for someone to publish some more, and stake a claim...

It also makes my point more valid: It's a lucrative target and information about its possible exploitations should be out in the open. I'm saying: let's calculate the lower and upper bounds of the potential cost for all the possible large-scale attacks, even if they are side-channel attacks, social engineering attacks, etc.

Perhaps calculating and/or tracking those metrics will reveal more insight into its price fluctuations...

If it is a PC that was never connected to the internet, it is not. Unless you want to use magic again, which is unfair.
Furthermore, I just wanted to show, that you can not really predict how private keys are generated. You can't even predict, when a private key/public address was generated, since I can generate one today and use it in 10 years and you wouldn't know.

1. The software is compromised. Worst case scenario, every node runs software that has an intentional backdoor. For example, it accepts a special signature which by passes ECDSA verification. Any coin can be transferred by using the backdoor.

Result: The blockchain is bogus - it will have to be reverted once the backdoor is detected. Massive disruption. I don't see how to undo the damages. Will have to refund a lot of people I guess.

How likely? The code is open source but not too many people review it. More over, the vast majority of the network is running the reference client in some version. So if the change was well hidden, it could happen. Similar to shellshock or heartbleed, etc.

2. Crypto is broken secretly. Like when the allies broke Enigma but never disclosed it. Very hard because several unrelated crypto algorithms are involved. They would have to be all broken for this to work (SHA, RIPEMD, ECDSA).

Result: Can steal anyone's coin but unlike 1. it cannot be easily proven. You become instantly rich.

How likely? Much much harder than 1.

3. A hidden hardware circuit transmits everything to a hidden organization.

Result: They can steal your keys because at one point or another the key has to be in memory of a computer.

How likely? Even if it's done, the sheer amount of data would make this quite impracticable. Considering how long it takes to take down terrorist cells with all the intelligence resources put to it, I doubt that anyone is capable of sifting through that much data.
One could reduce the difficulty by targeting PC Windows XP or what not, but then savvy users should be able to avoid this threat.
 

ad 1.
That is not how Bitcoin/cryptography works. You can't sign transaction with some kind of master key

ad 2.
On a mathematical level cryptography is safe, unless it is a conspiracy that involves all mathematics and they just lied to us for decades.

ad 3.
For offline signing you would need some secret wireless transmitter, that does send the key. That would be some real hard core conspiracy.

*hyperventilate* *hyperventilate* *hyperventilate*

Can't you see he's right, if someone today rebuilt Bletchley Park's codebreaking machine Colossus out of modern parts it would be a complete and unmitigated disaster, they'd be able to break 4 character brainwallets in mere months!

I'm not talking about a crypto backdoor here but a backdoor in the implementation. For instance, in CheckSig (interpreter.cpp),
Of course, this one is super obvious and won't fool anyone but let's say that something similar has been slipped in voluntarily or not. If enough of the network is running the same code base (and the reference client dominates at the moment), one could create a big fork.
On the other hand, this part of the code is very sensitive and lots of people have looked at it. It would have to be quite subtle.
Once they use the backdoor, it will be noticed and patched very quickly. The coins should return to their real owner then.

Not all mathematicians would have to be involved. Again, the Enigma machine is an interesting historical precedent. Besides, it's enough to have an evil genius who cracks it. It's unlikely to happen because when the community gets close to a solution, the method is deemed unsafe and replaced like SHA-256 replaced SHA-1. You would have to crack various cryptography functions too.

It's not a secret wireless transmitter but cleverly leveraging the hardware you already possess. Systems get more and more integrated to reduce cost. You end up with beefy configurations when in the past you would have to buy parts by parts. At then end, your machine could have wifi on chip. Also, they are not completely off if power is provided. It's possible to have something running in low power mode, though I agree it's difficult. The upside is that if they steal your coins this way, no one is going to believe you.

Enigma machine was not so much a mathematically sound encryption device, as a devious mechanical obfuscater.

Show me a PC like that, and I'll show you a unicorn!

http://www.coldpi.com/

and here is also a picture of a unicorn

http://img1.wikia.nocookie.net/__cb20090425203919/monster/images/c/c4/Unicorn.jpg

I have several... but a DOS offline wallet would be required to make them useful.... and it might take hours to form a tx on the 386.

how about the current doomsday?

There are a lot of big problems concerning Bitcoin now, mainly the fork problem which needs to be addressed due future blockchain bloat, the exchanges being hacked, and the mainstream public still not being able to understand Bitcoin let alone use it, which translates on a shitty price.

Time will prove us right tho.

I don't think, forking is a problem. Most people don't care, the rest has to follow or they will be pretty much alone in their fork.

And why the hell wouldn't they follow? If they own Bitcoins and they want the best for Bitcoin they will do follow. Its better than doing it once Bitcoin is popular.

So... I've reached some greater insights over the past few months...

Globally, wars are declining. And should a global war scenario break out, it will not be *that* global... ie. the internet will survive.

Individuals using Bitcoin don't have to worry about forks and such as most hashing power is in the hands of a bunch of groups - who know the hand that's feeding them, and who won't compromise their own network by getting greedy and trying to slip backdoors- or a way to gain control over each others' networks, into their codebases.

 ::) Oh my... private blockchains or competing p2p nets?! Well... there's still a risk - the total amount of venture capital that has gone into Bitcoin is still less than half of the US Black Ops budget. Technically, the banks of the world could still get together and launch a concerted effort against Bitcoin, in favor of something similar, over which they have more control and which is run by p2p nets that favor them more...

But: 1) That window of opportunity is shrinking, fast ... and
2) There are already so many finance people into Bitcoin, and many of these already stink in the same ways that banks do. All the scammers and exploiters of the world are already here... so...

I think Bitcoin it is...

Still, there is intelligence about Bitcoin that is only tracked by individual companies - and it would be to Bitcoins benefit if this was in the public domain. Because information asymmetry creates opportunity for disruption, and a disruption to Bitcoin will destroy a lot of economic value that has been built up...

So Kudo's to people like Blockchain.info, who make as much information public as possible. That's the real spirit of the internet, p2p and Bitcoin: Openness.

(Not to be confused with transparency or the be juxtaposed against privacy - these is a difference between knowing how something works, and having access and being able to learn about it and understand it, and knowing about the people involved, their desires, motives and private lives, and bad ideas <- It's up to the Openness to show them better ideas, but ultimately they still have to discover those for themselves.)

It takes a lot time before people get convinced to give Bitcoin a chance. A lot people at the very beginning when they hear about Bitcoin they are quite skeptical and think in a negative way. If you explain everything to them in an easy manner, then they surely will let their skeptical way of thinking vanish and turn that into a positive when they see Bitcoin has a real purpose and will benefit us all.

@OP
imho you points stated arent very likely to be a doomsday scenario for bitcoin.

Here is my list ordered after likeliness:

1. Nuclear war
2. Global killer asteroid
3. GRB that hits earth

Oh i forgot something:

4. Illuminati and co.

The only bad thing I could see if someone comes in and takes control over the whole network and starts cashing in on all the coins.