I'm trying more to find a way to industrialize it and minimize user interaction.
Also, i'm trying to find out what can be a the safest way to interact between the 2 devices.
For information, i'm planning to use AES 256 to encrypt the private keys on the cold device part.
...
thanks
I am currently playing with my cold storage systems (single board computers like OrangePi, RaspberryPi...). They usually have a USB and Ethernet and/or WiFi. - Ethernet is not desired, cause all known problems of „connectivity“ malware - USB cable would be like a HW wallet (no re invention of the wheel please) - USB Stick between two different OS is deemed to be secure - QR Codes: you outlined already everything remains serial and Bluetooth. Both allows to send data in a client-to-client way. Looking at serial, they are most probably dead on standard HW, but I use USB2serial. Advantage is, that the listening Programm cannot inject malware, cause code stacks are well known, open source. And you really see “immediately”, what data get’s exchanged, when using terminal programs like minicom/cu/screen or the Windows terminal. Bluetooth has a similar approach, but there again is often a stack or library below, that one cannot always control. |
|
|
|
same question here: https://bitcoin.stackexchange.com/questions/70662/private-key-security-level/70676?noredirect=1#comment81975_70676Yes, dealing with funds and crypto currency is basically a question of trust. There has been to many lost funds due to exchanges going down. So be extremly careful to secure your funds. Only when you have the private keys yourself, the funds are secure. At the point when you use a an exchange, "they" control the keys, with the keys the funds, and you could only trust them. Storing the keys locally on your machine depends on your willingness to invest in security measures. As I replied already in stackexchange, security is a trade-off. See my answer to a similar question here: https://bitcointalk.org/index.php?topic=2865766.msg29442089#msg29442089I think an offline solution is the best you can achieve nowadays, and it provides enough trust, that you can sleep without fear of loosing coins. |
|
|
|
Properly secured Windows (except Windows10) computer is unbreakable. Even for NSA. Why? Because a 0-day in network stack or network card drivers is only way to hack it. Manually install all security patches. Disable all auto updates. Disable unnecessary services and configure firewall to reduce attack surface. It is it. I challenged to hack my Windows 7 or Windows XP machine to steal all my coins back then. Nobody succeeded. In such case the NSA/CIA/FBI will try to get physical access to machine to install malware or read disk contents.
It is ridiculous how paranoid some Windows haters are. They obviously never been hackers themselves and also dont know how police and spy agencies do things.
More notable thing that probably nobody noticed is that Satoshi's hard drive was using NTFS compression, most likely on whole partition. This is very untypical to have NTFS compression enabled on whole partition upon manual formatting.
Doesn't make sense to me. In order to be sure that something is not hacked, you would need to at least know what the code is doing. Sure this doesn't mean that Linux isn't hackable, everything with code is, but my point is.. how do you even know what updates to enable and what other updates to ignore? Updates are packages of closed source code. You are trusting to believe what it says on the description but you don't know what you are actually installing with each update, one of these updates could contain a backdoor for the NSA or something. You can block ports with a firewall, but that's about it. A keylogger that's embedded in a file that is part of the OS would go ignored by firewalls for instance. For example, imagine that the reporting tool in windows which is just an exe, sends a text file with keystrokes to someone... how would you even notice if you can't see what Dw20.exe is doing? (or any other closed source executable for that matter). It goes even further... last year it was discovered, that all HP machines had a sound driver, which would log all keystrokes into a log file. The original intend is for sure unknown, but the idea was, that you had to capture the control keys to change the volume (and more). So there was debug code in the executables, and they have been detected fairly late. There is no evidence, that this data was used to be sent anywhere, but if a sound driver is able to log keystrokes, even those which are irrelevant for its function, then security in a layered fashion is not one of the strong points of this operating system. Now try to get the source code of this sound driver! You won’t, it’s also closed source. Same could be true for WiFi cards... closed source. Now compare this to Unicode systems. You can install proprietary software, but you must not! And you can read source codes of majority of the OS, and you can even modify it in a way, that you see, what is going on under the hood. You can’t do this with Windows. There is a reason, why this OS is not used in high secure environments... |
|
|
|
|
I think RGBKey explained it pretty well for use of bitcoin core wallet. I agree to the steps and process. However: if you don‘t use a wallet software, and create the tx e.g. at the command line, you can assemble a tx completely offline. You would transfer only public known information. For sure you would need to know the tx details, like previous tx IDs, outpoints, amounts and pk scripts. Assembly could happen on the offline PC, and signing as well.
At the end the signing is a process of the tx hash, but it involves several steps of data management, and therefor you need all tax details on the cold storage system before signing.
|
|
|
|
If I understood the docs correctly, the big difference between routing in IP networks and in Lightning is the used model: in Lightning I see source routing used, so the sender first creates the route, packs it in layers (hence onion), and then sends the package. In IP networks there is ROUTERS all over the network, that do this job. So in the IP world you can send a package with a destination address (encapsulated in the header field) to the next router, and he has these lookup tables, and forwards accordingly. In a lightning node would have to ask "the network" first, then create the route (based on fees), and then send the package over this pre-defined route. So the node has it's own "lookup table". It might be called differently though. I still have an issue to understand the "ask the network", so leave it open for discussion. There was some text from the devs on the mailing list: https://lists.linuxfoundation.org/pipermail/lightning-dev/2015-December/000384.htmlSurely you mean the 2500 Series? (Ooops showing my age again.) yes, and yes  , me too! |
|
|
|
...
Network routing is one of those arcane specialties filled with scary-smart people who know all the minutiae of complex systems which most developers are barely aware exist. (How does the Internet really work? How do all those little packets know where to go? Magic!) I am not in that specialty, and I’m not familiar with its research literature I'm also not a specialist, but understand enough on the basics. So no, not magic, and I bet you know as well :-) IP protocol is well defined, with routing information (or destination) in the header of each packet. In the very early days a router would ask his neighbor, do you have a route for network x? (neighbor discovery protocol). Someone to whom I was connected would answer accordingly (or not, then "PATH NOT FOUND"). And the question of routing optimization started quite early. There was this ATM network model at the same time (goal to unify networks with telephony and IP in 53 byte packets!)... Remember good old CISCO 27xx or 29xx models with configs for RIPv1 and v2, and then open shortest path first (OSPF)? These were the internal routing protocols. Then there was the bigger networks in the late 80s and they needed a professional base layer (border gateway protocol, BGP and IGRP/EGRP, or EGP). And of course a DNS. btw: why is DNSsec not used today? ... what first occured to me was that Spanning Tree Protocol might somehow be applicable. Of course, that’s not an Internet routing protocol; but it is the standard staple for organizing the network topology on LANs. Spanning tree was the protection layer in bridges, to prevent loops in larger networks, with the "routing" of MAC addresses (bridge = layer 2 device). Yup, no routing at layer 4 here ... The general question is: Given a global set of nodes which form and remove links between each other unpredictably, how does each node organize its own view of potential routes and choose optimal paths?
Lookup tables? I took a look into the routing in Lightning - you come to deal with SPINX, HMACs, and of course onion routings. I think the difficulty layer of lightning routing stems from the fact, that the node only knows the predecessor and the successor of a route. Nothing else. Not the origin, not the final destination, not the amount (but then, how to know, that the channel supports the requested value transfer?), and for sure in a way bullet proof, that the node cannot benefit from forwarding the package to a different target. There I find this table in the data structure of 20 entries @65 bytes (hops_data), which makes me think on what it is used for? Is there a max of 20 hops? Also the flare white paper ( http://bitfury.com/content/5-white-papers-research/whitepaper_flare_an_approach_to_routing_in_lightning_network_7_7_2016.pdf) says: Hence, it is in the interest of the sender to optimize fees and make the final decision on which route to choose to the recipient (otherwise the sender gets potentially unpredictable expenses, as other nodes are not incentivized to optimize for the cheapest path). and Source routing leads to the requirement that the sender node should be able to collect information on fees and available channel capacity to pick the best route (as well as knowing which nodes are currently online). Thus, an overlay mechanism should exist to enable requesting information about a channel from any of its owners. Interesting, that would mean no dynamic routing? I don't understand (yet) how routing achieves a dynamic management, when it is pre-defined from the beginning. And this would mean, it does not require IP routing specialists? There's work to be done! |
|
|
|
...
I will make explicit a specific question I earlier implied: Are the Lightning engineers availing themselves of the fine research literature on network routing protocols and routing algorithms? If that could be answered off-hand by anybody who’s been following Lightning development much more closely than I have, I’d be much obliged.
Thanks.
When following older threads, there is lot of discussion on onion routing. But here in the forum I haven‘t seen engineers discussing the research literature. There has been a short discussion, but it did not get the desired attention it deserves... https://bitcointalk.org/index.php?topic=2573055.msg26369895;topicseen#msg26369895The routing itself is described here: https://github.com/lightningnetwork/lightning-rfc/blob/master/04-onion-routing.mdAnd I read, Acinq/Eclair is using the flare routing engine. Haven‘t found the spec yet. If someone has? |
|
|
|
Gentlemen!  This is not a forum to through with mud. This behavior shows a certain level of infancy. Please respect each other. There are enough trolls in the Reddit’s, but we shouldn‘t come down to the same level here. I fully understand that this is tough times for bitcoin and I see, that some people are really disappointed. This doesn‘t give anyone the right to start insulting others... There are those here in the forum, who have a high level of reputation AND KNOWLEDGE, and those who are challenging the actual view. Yes, why not? It now became a religious fight about who is wrong, and who is right. Does this make sense? Those who got it, have left, those who are touched by the provocation are reacting angry, and only support the continuation of the nonsense. I want to reply with Aretha: Think !(Before you reply) |
|
|
|
Thx to dinofelis, I got a learning session  appreciated. As non native I got a bit lost in the discussion. I reviewed the links, and to my surprise found Schopenhauer and Kant. For sure well known authors and text for me, but at no level can I compete in a foreign language (whereas I am more in French, not English). I now understand, what the link is to win in front of an audience with arguments. But here in the forum we have open minded discussions, and liberty to speak. I can't see the necessity for "winning"... The only winner I can see is Bitcoin (and LN), maybe this whole new crypto eco-system. Fascinating. What I observe (too) often, is that a statement is made, and others are asked to show that this statement is wrong. It is easy to make such statements (god is existent, Elvis is still alive, aliens brought live to earth, ...). And there is no way to proof the opposite. So from my point of view, this belongs in the area of metaphysics (having read Kant  ), and I feel the same is true for arguments like "LN is centralized banking hubs" or "non-mining nodes (without exchanges) keep miners in check" or "nodes want a protocol change, miners and exchanges want to keep the old protocol". (btw: this was not UASF. UASF was, at last from what I can recall, a response to a very very small team behind closed doors in NY, representing vast majority of centralized miners, which wanted Segshit2x failing dramatically). I think there simply isn't a possibility to show that this postulation is false. And as such it must not be proofed to be wrong. |
|
|
|
...
Whether there are still 10 000 other Joe's that run nodes or not, doesn't make the slightest difference. If they switch off their nodes, nothing dramatic will happen, and the miner pools, nor the exchanges, will notice.
...
However, if ever exchanges and mining pools agree upon a protocol change, nobody will give a shit that 10 000 Joes find their nodes switching off because they don't find the "right" block chain any more, and come to a grinding halt.
Even if we are leaving the track of the OP here - I do not understand why you use such black and white words ("miners don't give a shit"), as if you are unsatisfied with the system. I also read your posts about the banking assumptions. Can't make up my mind yet, but looks like you are highly desperate of the system, still you contribute a lot of text to the discussions - puzzled  I want to mention quickly the UASF discussion from last year, and why dramatic things happened. Segwit got introduced, and Bitcoin went up like a rocket... If you read the segwit2x story from a miners point of view, then one could think, they met in NY, found an agreement, and implemented it. If you take a look at the reality, you find, that suddenly many, many nodes where on the net, not relaying transactions, if the miner doesn't signal segwit support. So I think it is correct, if you say, a single user can switch on or off a node, and the miners don't care. But when many users do the same, miners HAVE TO CARE. A bit like in democratic systems, and basically the design of Satoshi design/genious/network. A single malicious code can't do harm, and in general it is better to play the incentivized game, than trying to fight it. But when many users work together, miners "give a shit" :-) I think it is very well balanced... |
|
|
|
all steps to start thinking/implementing a cold storage system are the right way to do it. You take ownership of your funds. In my opinion security is always a trade-off. How much are you willing to invest, to protect assets? My two cents in this discussion: think about the value to protect, and maybe take some analogies of real world: small values are in my purse (wallet), with several bills and coins monthly values are at my bank, cause I trust them, and they have high walls around "my money" to protect it from being stolen large/huge values (e.g. pension funds): I (might) trust a government, which has an army, to protect against neighbours coming in... So the higher the value, the more needs to be invested into security. Cold storage (any system, even hardware wallets) is the best way in getting started, and then based on the level of comfort and willingness many options come into the game. Operating system (you provided a good set, I'd like to add a BSD type OS), transfer methods (USB, Camera, sound ?), and finally wallets on top... maybe the next layer is how to protect your room or building against electro-magnetic fields. All a question of personal paranoia |
|
|
|
... because the essence of a payment system is that "money goes round in circles". If there's one thing the LN cannot do, that is to make money go in circles. The LN network can only make money "oscillate" back and forth. But going around in circles exhausts all links along the circle. However, where this is interesting, is in trading. Trading is indeed "going back and forth". This analogy to real money can be discussed as an interpretation, of what money is. Friedman, Nash, Schumpeter, Mises, or the gold standard...? The usual bills and coins (Pound, Dollar, Euros?), or the virtual money (FIAT), which only exists as figures, where you don't know if you can get it, if you really need it... you name it! I don't see how money goes in circles, my view is it is a one-to-one connection. I open a 1:1 channel, when I pay with cash, I put a 10 Euro bill, and I get maybe some return. There is no circle at all involved. Same I can do with a Lightning Channel... Circle might come into the game, when my 10 Euro bill, which is in the hands of some else now, continues his travel, cause this someone else pays again for something. So the re-usability of this bill is maybe the circle analogy. The exactly same thing can be done with Lightning. But this money has a major, major disadvantage: you open/close the transaction channel within several seconds/minutes, you cannot keep it open. Every time you pay something, you need to re-open a process like pulling out your wallet, find the right bills, and hand over the money. Lightning gives me the extreme flexibility of "lending money" to a trusted channel, from which a specific amount can be used over and over again. The assumption is, this makes it very cheap for especially smaller amount transactions. The best thing with lightning is on top: in real live I cannot tell my grocery shop to keep some of my money, because I have to buy some bread around the corner, and they shall send it to the bakery. With Lightning I can do this. I'd call this hopping over service providers. Impossible in this money world (limiting the circle analogy). With Lightning everyone can do this, and as such a network gets created. If the perfect game for lightning is, that 10.000 traders open channels with the exchanges, then I don't see how this can be called centralized. And another 10.000 with their cable service. And another 10.000 with Amazon (or what so ever). I don't have to use these existing channels, I can still open a channel with my spouse independently. People here are discussing a lot centralization, predicting the future based on very limited assumptions. I am not seeing the centralization idea, as it is especially unclear, what centralization means. If there are 20 main hubs around the world, can this be called centralized? Or is centralized, when 1000 major hubs collect 10.000 users around them? Or is something centralized, when one company owns all these 20 worldwide hubs? Or is centralized, when you have to use a specific hub? There is a broad spectrum of personal understanding behind centralization, that people use to predict the future... I always come to think, that a lot of personal fear is involved, and overall I am missing real tests from those people. It is easy nowadays to create several thousand or ten thousand nodes in lightning, and let them work. And then have real statistical values as an underlying basis for such statements. But I also see, that not everyone can create such a setup. Summary: centralization of lightning cannot be predicted, nor proofed, due to: - incapability of large scale measurements - limited assumptions - limited personal understanding of the network - different scope of meaning (of centralization) - and a bit of personal apprehension All this make predictions look like hobby research, throwing shells, maybe conspiracy theory, but not at all (bullet proof) research. |
|
|
|
I couldn't send small amount of btc when I wanted to make the transaction without paying high fees
i had to pay 11$0 fees to send 10$ only
you can not send small amount of btc currently without paying high fees
i had to pay 11$ fees to send 10$ only
YES YOU CAN!See, your statements are a bit misleading, at last. Looking at the current tx fees, we are near all-time-lows: https://dedi.jochen-hoenicke.de/queue/more/#24hYou must check the service, your wallet, the provider - whatever you use. Don't generalize your problem over Bitcoin. When you create the tx yourself, you can go with 5 Satoshi per Byte (or even lower). A std tx is roughly 227 bytes, even if it is a more complex one say 500 bytes. Then you pay ~2500 Satoshis as fees. This is 0.000025 Bitcoin, at 10'000 US$ it is 0.25 US$. I last had a tx going through with this amount. So you are only making your service provider rich... So really, check with your service provider!  Those who stay uninformed, pay the price for not willing to learn... |
|
|
|
|
yadda, yadda, yadda... when is the ICO, when will we get rich?
|
|
|
|
...
in the code I am looking at on windows the wrapper just uses
System.Security.Cryptography.SHA256 and does a double hash and I can see that the public key
gets used to to create a signature along with the double hash so how does this work ? In bitcoin all keys are managed by ECDSA logic, and I would hope, that the code to create the signatures (also in the windows systems) use the private key.  On the tx and the signature: there is a fairly complex process to create the tx (see answer from runeks here: http://bitcoin.stackexchange.com/questions/3374/how-to-redeem-a-basic-tx), and then this tx is hashed (sha256), and this hash is signed. |
|
|
|
thought I put my comments into a picture - I had some difficulties to upload directly here, maybe it got to big in size... https://ibb.co/b9AMm6maybe this ? (hope I don't overdo it, but just don't like people predicting the future, when starting from incomplete or wrong assumptions) |
|
|
|
On Unix or Linux, read() off /dev/urandom; or use whatever special nonportable APIs may be offered to obtain randomness directly from the kernel (getrandom(), a special sysctl, etc.). On other platforms, find the equivalent. If writing a web application, use getRandomValues() ( for most any current browser) or, if feasible, the generateKey method; then, pray to whatever gods you believe in that the browser is not too stupid. I do not trust - neither in someone else's god, nor in someone holding my private keys I am reading about entropy, especially in the bitcoin discussion, but not sure what is considered a good "value" for entropy/randomness. There is this thread from May 2017, which seems to indicate, that most modern unixoide systems have a good entropy. And of course I just checked my OSX and OpenBSD boxes, which show the expected (seemingly good) results. How is this linked to bitcoin? Any hints? |
|
|
|
Hi guys, I'm reading "Mastering Bitcoing" and I'm curious about this topic, I read that with 64 hexadecimal you can generate 10^77 seeds and there is 10^80 atoms in the visible universe, but is it possible that you have a seed that already exist? I'm not focus on the probability, just the possibility.
Thanks and regards!
just as another thought on top: and let's just assume, a collision was found - what is the probably that exactly this bitcoin address contains some spendable funds? |
|
|
|
|
Show Posts
