Haha I'll see if I can wrap my head around this, but if not at least I can check the sources. Thanks!
Javascript itself is just a language. This doesn't say anything about the way the entropy is collected and the quality of the PRNG at all.
I was referring to a talk by... Who was it... Greg Maxwell? I think it was referring to blockchain.info or other websites and how they gather entropy using a poor method. I just don't use any other entropy source (for cold storage anyway) since idk how they work and therefore can't trust them. It's a huge problem being super paranoid but not having coding skills!
You could simply use /dev/random of a unix system.
The linux kernel uses mouse movements, inter-keyboard timings, CPU interrupts and other non-deterministic events to gather entropy.
That's definitely random enough to generate a private key.
Awesome! I'll test that out. Man I wish I asked a few years ago. Would have saved me approx 749283700 dice rolls.  . Thanks! |
|
|
|
You can't randomly generate a base-58 WIF private key directly because some of the bits contain non-random data. So you are going to have to generate a random 256-bit value and convert the result to a private key. Also, keep in mind that not all 256-bit values are valid private keys.
Basically, the number of N-sided dice you must roll to get 256 bits of entropy is 177.446 / ln N.
Do you know where I can read up on entropy? I'm not sure what that means or how to calculate it. Any other simple/quick entropy sources would be welcomed as well. I'm just trying to save myself some time when generating private keys for cold storage and I don't trust other entropy sources since idk where they get it from or how it works. Thanks!
How about mouse movement? I seriously doubt it can be "recreated" easily since there are many factors from mouse type, DPI, mousepad surface, user's mood & many more. The only problem is understanding library which used to generate entropy & you generate it while you're visiting website which track user's mouse movement. Do you know how would I record mouse movements and/or how could I could use that as an entropy source? I know bitaddress uses this method but then at the same time idk if it's using JavaScript cryptography, which isn't secure enough for a Bitcoin private key IMO. |
|
|
|
|
I've been thinking about grabbing some 16 sided dice, rolling them 64 times, converting the rolls to hex then punching that into bitaddress.org or segwitaddress.org.
I was trying to think of a way to avoid that step and was looking at 58 and 60 sided dice. Of course 58 sided dice aren't fair (different shapes/sizes) so I wouldn't go with that, but 60 may be an option. I could just reroll if I rolled a 59 or 60.
This leaves me with one issue. Is that even going to help me generate a private key? It would have to go through some checks so it's in the right format, so would it be worth buying such a random die, or would getting hex dice and converting that make more sense?
Side note, is it "more random" to flip a coin 256x, roll a 6-sided die 99x or roll a 16-sided die 64x? If you know of where I can read up on probability/entropy please let me know. I'd rather learn it for myself so I really understand it. Any other simple/quick entropy sources would be welcomed as well. I'm just trying to save myself some time when generating private keys for cold storage and I don't trust other entropy sources since idk where they get it from or how it works. Thanks!
|
|
|
|
Thanks for your completely unbiased opinion . Just because they didn't try to break it doesn't mean it's not breakable. Do you have any actual proof? I'd rather verify that it's safe than trust someone shilling it in their signature. I just wrote my opinion based on that thread, if you need more proof read it or send PM to OP and ask him how ChipMixer is safe or not. Fact that I have CM signature does not mean that I am shilling for them. You are free to use any service for protecting your privacy, there is at least 14 other mixers. No thanks. I don't trust third parties with my funds. |
|
|
|
Well this certainly deserves a bump. I hope I can figure out how to run it now |
|
|
|
|
It's 2019 and Yobit isn't permabanned from the forum yet? You'd better thank your lucky stars. That crappy wash trading exchange's whole signature campaign should have been blown to oblivion years ago.
|
|
|
|
I guess my only question would be if I'm printing something out on an air-gapped system, shut it down then boot up on another system, would malware within the printer be able to send off what I just sent on a live USB? Likely? No. Possible? Absolutely. All modern printers have memory which can be utilized by malware. Many mid to high end printers will automatically store copies of the last x number of documents which have been printed or scanned in their memory. If your printer has an option to reprint previous documents, or re-order documents in a print queue, then it is absolutely storing copies. This problem is compounded with printers which accept removable storage like USB drives or SD cards. It is absolutely possible to write malware which will keep copies of what is being printed and scanned, with instructions to send them off when an internet connection is re-established. Booting your computer from a live USB offers protection from malware on your PC, but if the malware is on the printer, it doesn't really matter what you are doing with your computer. Yikes. I honestly never thought of that. I'll stop looking for a printing solution and continue writing out my private keys. With that being said, how do people like storing funds long term? For me I roll dice for entropy, use a downloaded version of bitaddress.org to covert that to a private key then convert that to a bech32 address via segwitaddress.org (all offline on a live usb). Then write out the private keys. I hear lots of people saying I should use a mnemonic seed phrase instead but I'm not sure how to generate that with my own entropy source. I see why it would make sense to use a mnemonic seed phrase, since it's human readable and less prone to error, but at the same time I've always understood that different wallets could always use different mnemonic seed phrase types so you can't rely on a seed phrase forever. Any idea which is right nowadays, or is it just personal preference at this point? |
|
|
|
Thanks for your completely unbiased opinion . Just because they didn't try to break it doesn't mean it's not breakable. Do you have any actual proof? I'd rather verify that it's safe than trust someone shilling it in their signature. Using any decentralized option such as coinjoin would be better than trusting any third party with your funds. You know, a trustless option, which is why we're all here in the first place. |
|
|
|
Interesting. I guess not being able to use my new printer on a live USB is even more secure than I initially thought. Thanks!
You can still use the printer but you must disconnect your computer to the internet forever to transfer the generated paper wallet you need a USB drive and transfer it to your offline computer to print. Or burn a CD that includes your private keys and seeds as a safe alternative. Yeah no worries there. I only generate paper wallets on a live USB and only use my own entropy source. My only issue is that my printer's drivers don't work properly for me on a Linux Live USB so I've been writing things out instead. I guess my only question would be if I'm printing something out on an air-gapped system, shut it down then boot up on another system, would malware within the printer be able to send off what I just sent on a live USB? I hope that makes sense. |
|
|
|
You can't beat printing it out for security. You can - writing it down. There exists malware which can run on printers and provide 3rd parties with details of what you are printing. If that includes your mnemonic phrase or private key, then you can say goodbye to your coins. Interesting. I guess not being able to use my new printer on a live USB is even more secure than I initially thought. Thanks! |
|
|
|
One issue I understand with grin is that it depends on nodes deleting transactions yet how can you enforce that and verify it?
What I've figured out thus far is that nodes can choose to delete transactions or not. This isn't so much a privacy factor, but instead it's meant for scalability. Dandelion is what actually makes the transaction more private if I'm not mistaken. I hope that everybody finds a decentralized way to obfuscate their funds in the future. Wasabi has some good solutions for privacy and Samourai is working on some great stuff as well. |
|
|
|
...
Really? What exactly makes Monero better than GRIN? Please pinpoint that for us.
DYOR, I am not shilling. I don't care if you believe me or not. Infrastructure alone without even getting into the technicals (of which I am not an expert on the cryptography) is reason enough. The future is bright for Grin by all accounts but it is just that, the future and until that materializes (if it does) there is Monero for fungability and BTC for everything else. One issue I understand with grin is that it depends on nodes deleting transactions yet how can you enforce that and verify it? Anyway here's a good link touching on it. If you find better info go ahead and link it for me as I am interested in both projects. https://www.reddit.com/r/Monero/comments/a8wqug/regarding_beam_vs_monero_also_grin/Good question. I'm curious myself. Let me have a look into it! |
|
|
|
The thesis is from December 2017, I read it a long time ago and it does not mention Bitcoin Blender, they attack Coinmixer.se, not Bitcoin Blender. The attack it describes requires that the mixer publicly publishes statistics on how many mixer transactions they have done over the last week (which I don't) "In all mentioned attacking scenarios, we assume that the attacker is able to retrieve publicly accessible statistics which may be published through the centralized mixing service." It then mentions some other flaws of Coinmixer.se necessary to identify their transactions, the most important was that they used a static transaction fee for all withdraws, on Bitcoin Blender each withdraw sent have a randomized transaction fee. Coinmixer.se also always set a locktime of the current block on their transactions, on Bitcoin Blender it is randomized if locktime is set on transactions or not. Further Bitcoin Blender also randomizes if RBF is to be set on the transactions sent. Oh yeah. How's that working out now? Obvious scam is obvious. Sorry to hear people have lost money on this. That is a much better Idea but yet again Monero is a better choice than grin.
Really? What exactly makes Monero better than GRIN? Please pinpoint that for us. |
|
|
|
|
Good tips. I've never really trusted any backup unless it's air-gapped. You can't beat printing it out for security.
|
|
|
|
|
Does anyone have a good way to hold grin in cold storage? I can't figure it out at all other than doing a backup then deleting my seed phrase on my computer, but that's not secure enough IMO. Seeds generated on an air gapped system would be best, then never have them touch the internet.
|
|
|
|
About the wash trading accusation, I would not touch that, it's hard to give an opinion when it comes to things about violation of law.
Let the regulators punish them if they've done a violation.
Did I say this was my opinion? No. The fact is that they've been proven to be wash trading. Check out BTI.
Better not trust only one site, diversify your funds and let's support other exchange to grow so we will not all be in Binance only.
Wrong again. It's better to never trust anyone with your borderless trustless (key word) currency  Just wondering on whats SAFU and as i able to search its the acronym meaning of Secure Asset Fund for Users (SAFU). Each exchange should have this kind of reserve. Saying you have a reserve is all fun and games until the totally existing fund doesn't cover everything. How do they prove they're keeping 10% of their fees in a SAFU fund? Is it bitcoins or shitcoins? Was it tether? Did they have to market buy $40M of bitcoins to cover their losses? They're great at hype. They're great at pretending they're being completely transparent but honestly if they're holding their own insurance fund and it's not transparent it's just a marketing ploy. What needs to be answered is, how much is left in the SAFU fund? Can they prove they're somehow segregated from other funds? If not they could just as easily be hacked. What currency are SAFU funds in? Lots of people use their BNB ponzi coin to save on fees. If it was in BNB that's ultra crappy because of course your shittoken will drop like a rock when you either market sell $40M worth. The other option there would be that they don't sell and it still drops like a rock because who the hell wants to trade at an exchange that can't keep hackers out? SAFU simply translates to "I can't spell worth shit and didn't even bother to double check my tweet. The "u" and the "e" are clearly so close on the keyboard and I made a booboo". Then it became a meme. Then he decided to use it to his favour because he wanted to ruin it by embracing it. the whole situation is a giant cringe from me, but it's to be expected from a 17er.
The wash trading does not appear to be initiated by Binance and the report said that it was low in comparison to other exchanges.
Wash trading is often done by coin devs and coin communities to make their coin appear to have more trading volume. Some exchanges even encourage it by giving certain users access to extra low fee or even fee free trading.
You forgot your source on your opinion there. Binance is still one of the greatest crypto exchange ever
I have never understood the reverence binance attracted and still don't. And the guy in charge tweeting about researching doing a reorg of the bitcoin Blockchain to claw back his poxy money is a glaring demonstration of his lack of understanding and egomania. It astounds me that anyone who's spent more than five minutes reading about BTC believes it's a viable idea. If you weren't sceptical about them before you should be now. https://www.coindesk.com/binance-may-consider-bitcoin-rollback-following-40-million-hackThe rollback approach is clearly not something that should be pursued, and apparently even CZ has agreed that after consulting a bunch of people. Why did the CEO of a multi-billion dollar crypto exchange not understand that a 51% attack against the first and biggest cryptocurrency is a bad idea? The guy is a complete and total moron who's just therefore show. He doesn't have a clue what the hell he's doing, which is why it doesn't surprise me that the team behind him also can't secure the funds held on the exchange. |
|
|
|
I think the current lack of a windows wallet with GUI is a bit of a hinderance for many users that could be considered a weakness.
Maybe, the GUI wallet for Windows will be released at the first anniversary of Grin coin. Theymos did (or did not) likely predict Grin coin destination for its first anniversary. Who knows, if Grin coin can be able to survive till its one year anniversary, and expected Windows GUI wallet released on that day. I think these two things deserve our time to wait for them. They might not happen at the same time, on one year anniversary, and Windows GUI wallet might be released sooner. Since the inflation rate is so high in the first ~year, I think it will probably go even lower, probably under $1, and I'd expect the price chart of the first year to be a general downward trend.
Aren't there at least 3 GUI wallets now? Idk about Windows. I don't follow it closely as it doesn't affect me. |
|
|
|
|
This has been an issue for literally years. Just put every yoshit spammer on ignore and you're golden. It's very easy.
|
|
|
|
|
Show Posts
