And having people share script (which contain condition to spend/lock the Bitcoin) instead?


Wrong, bitcoin address basically is just abstraction/representative of script. It's also the reason you could send and receive Bitcoin using same address.

If you decide to use software "btcrecover", the author also provide video tutorial on youtube (https://www.youtube.com/playlist?list=PL7rfJxwogDzmd1IanPrmlTg3ewAIq-BZJ) which should give you an idea how to use this tool.


It also depends on which character do you use, which affect total possible password combination. Here's an calculation example with following detail,

• 8 character length.
• The password use lower case (a-z) and number (0-9).
• 1 (One) Nvidia RTX 2080 Ti. Speed data is taken from https://btcrecover.readthedocs.io/en/latest/Usage_Examples/2020-10-06_Multi-GPU_with_vastai/Example_Multi-GPU_with_vastai/#performance.

Total unique character used = 26 (lower case)  + 10 (number) = 32 character.
Total possible password combination = 32 character ^ 8 character length = 1099511627776 (about 1.09E12).
Speed of RTX 2080 Ti = 6.4 kP/s or 6400 password per seconds.
1 day in seconds = 60 * 60 * 24 = 86400 seconds.
Brute force time (in days) = 1.09E12 / 6400 / 86400 = ~1971 days.

That website basically is BSV propaganda, please don't use it as reference. Who knows what kind of false information they intentionally include.


This article doesn't touch problem of block size in detail. https://en.bitcoin.it/wiki/Block_size_limit_controversy should be good addition of Aaron's article.

This is fair point, especially for small organization/individual who accept Bitcoin as donation option.


I get your point. But the sender could just re-check latest Bitcoin address mentioned by receiver.



Mostly irrelevant due to HD wallet where user only need to backup recovery phrase/words or master private key (also called xprv). And on practice, they need to protect their device and wallet file instead.

CMIIW, but doesn't Redis has faster performance/response time compared to local database since Redis store the data/index on RAM?

It can be done by changing value of minrelaytxfee parameter, but OP's system will not see incoming transaction until it's included on the block. It has some trade-off if OP running a service where the customer want to know the system already detect their transaction.

Did you mistype something? OP already use walletnotify. The only other relevant notification option on Bitcoin Core is blocknotify.

This doesn't make sesnse since walletnotify make notification when the transaction is on mempool (has 0 block confirmation) and included on block (has 1 block confirmation). And time when node receive the transaction or timestamp on block isn't very reliable.

Yes, you can do that. I just tried on testnet version.


Can't think anything since Bitcoin Core already makes it clear by specific "Payment to yourself" if you check the transaction on "Transaction" tab.

I agree with @suchmoon, so it's more realistic to either
1. Keep reporting those posts. At bare minimum, they'll focus spamming on different board.
2. Quote their reply with detailed explanation why their post either doesn't make sense or could be dangerous towards other user.
3. Ignore them.


It'll be nightmare towards VPN and Tor user who already face occasional CloudFlare "security check". And it's publicly known popular CAPTCHA service (such as hCaptcha and reCATCHA) is hostile towards VPN and Tor.

Assuming either the password is either short or your friend remember parts of the password, brute-force is possible within reasonable time. It comes down whether you choose to,
1. Use your own computer. Least amount of trust is required, but you usually either need to be patient (if you have slow computer) or make big initial investment (if you're willing to buy high end GPU).
2. Use cloud computing service such as vast.ai. Some trust is required, but usually is cheaper for short term usage.
3. Ask for help reputable from service. Few member mention https://www.walletrecoveryservices.com/, but i never try to use this service.

Are you trying to say you tried to generate uncompressed public key (which has 130 character) or public key (which has 66 character) based on your private key?


HEX private key with 2 character padding which indicate compressed/uncompressed also exist, see Compressed hex private key with 66 characters?. It's also possible certain software decide to add prefix 0x to indicate the format is hex.

Thanks for the explanation. While i understand rationale behind the decision, there are few things i'd like to comment.
1. I have doubt using time improve the security since the attacker (assuming they know how the private key is generated) could reduce search space between time you create this library and first time the address receive Bitcoin.
2. I'm not sure how useful is 52-bit entropy from 2 different source when anything less than 112-bit no longer recommended these days.
3. Some details of Java's SecureRandom can be seen at https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SecureRandomImp.

Have you tried this tool personally? I did quick check and i'm 99.99% sure this tool is either malware, scam or fake.
1. This software is closed source.
2. The video mention udrop.com to download the application, but link on video description provide download link at mediafire.com and mega.nz instead. For reference, i checked the application based on mediafire.com link.
3. The application was compressed into .rar file with password. This is fairly common method to share pirated software or malware.
4. The application claim to search for ownerless wallet, but doesn't mention location of the wallet file.
5. This application seems to have ability to find seed phrase based on Bitcoin address (video duration 2:53), which is IMPOSSIBLE.
6. The .exe file is flagged by 21 AV. See https://www.virustotal.com/gui/file/13ab2aa012971573519748407a9fe49bb8ae87e85486dcd91f8f593ca672d8ff/detection.


Bisq also has security deposit requirements to protect both party.

This doesn't answer OP's question since you and the source doesn't mention which wallet use C-Lightning as it's backend. In detail,
1. Zeus wallet already mentioned by OP.
2. Zap desktop wallet use LND, not C-Lightning. See https://github.com/LN-Zap/zap-desktop/blob/master/docs/ADVANCED.md#lightning-network-daemon-lnd.
3. BlueWallet use LNDHub, which is wrapper for LND. See https://bluewallet.io/lndhub/.
4. Breez wallet also use LND. See https://doc.breez.technology/Overview-for-Developers.html
5. Wallet of Satoshi is custodial wallet, so obviously there's no option to connect to your own LN node/server.

I don't know what do you mean by "mask generation", but for .txt file you could create .bat file to parse/loop parameter on  .txt file and then execute BitCrack.


You could create a thread on Services to seek people who can do the job.


To be more specific, those algorithm (such as Pollad's Kangoroo and BSGS) have time complexity lower than O(2^bits). For example, Pollad's Kangoroo time complexity O(sqrt(2^bits)).

Even those who create malware/botnet would mine different coin (usually Monero) which could be mined with CPU at profit.


If it's truly possible, Intel would rather optimize source code of their dedicated GPU[1] driver and modify existing open source SHA-256 mining software rather than creating ASIC[2].

[1] https://www.intel.com/content/www/us/en/products/details/discrete-gpus/arc.html
[2] https://www.intel.com/content/www/us/en/products/docs/blockchain/custom-asic-product-brief.html

That's true, i was thinking people would do both things (write down seed and print manual) at same time and then store both of them are same location. And i definitely agree multisig is safer option.


But don't forget there are trade off where SSS recovery can't be done manually with hand and you need to check software which implement SSS doesn't have any bug or weird config which makes it harder to recover with different software.

My review about Coinballer (Done)

First visit

Using Tor Browser, i visit Coinballer website. I don't see annoying "security check" or CAPTCHA which is a bit nice compared to few casino i've visited. The website design is extremely simple which reminds me of 90's website, although slightly modern design would be great and could attract more people. I have slight positive first impression.

Just like other member, i have difficulty understanding the rule. I had to re-read the rules few times and read discussion among member in order to understand the rule. Even so, there's one point i misunderstood (more detail below). So it'd be great if short video or example of game session with some explanation is exist.

Exploring other page, i didn't find few important page such as FAQ, ToS (Terms of Service) and PP (Privacy Policy). Many people would either perceive it as red flag or doesn't take your casino seriously. You really should add those page since it also could save you from answering similar question many times.

As open source user, it's nice addition that the website is open source. But most people either don't care or don't know the benefit of open source software, so adding one/two paragraph explanation about it could give user better impression. And while we're at it, the "About" page should include another ways to contact you (such as email address or this Bitcointalk thread).

Play a game

Since the game require you to include Bitcoin address of all players in advance, i decide to include Bitcoin address of all reviewer and see who joined. It's more convenient and took less time compared with contacting each potential player where. As you can see on game 21, i set it to have 10 player, 3 winner and 576 blocks (about 4 days) length. Initially i mistook 576 blocks as length of whole game rather than length between last bet and deadline. Had i known about it, i would set it to only 288 or 432 blocks (about 2 or 3 days).

Checking other games, there are many finished game and unfinished game with empty pot. It'd be great if list of finished game only can be seen on different page. And since there are many unfinished game with empty pot, personally i'd like the website to emphasize game with non-empty pot.

Now about UI/UX, there are few lacking things. While now we know 6 confirmation is needed, it'd be great if the game show transaction/balance which doesn't have 6 confirmation yet. It'd be nice assurance for user that the system already detect the transaction and they send Bitcoin to correct address. The website also only use block height/total block count as time reference. Adding different time unit such as "576 blocks (4 days or ended on 10/01/2023 10:00 AM)" would give user better idea and saving their time from using calculator and looking at calendar.

Game 21 finally finished after 4.5 to 5 days since the creation. I sent 10K satoshi during the game and received ~11K satoshi in return which is nice. I briefly checked the transaction on certain Bitcoin block explorer and found out each transaction only send Bitcoin to one winner. I would recommend you to perform batching in the future to reduce satoshi spend on TX fee.

Conclusion

I have not so positive experience with Coinballer. The game itself isn't really fun since i have to contact people in advance, which is cumbersome when people around you isn't willing to bet with real money. I also feel the only suspense/adrenaline comes from player who're willing to keep make a raise. But take note i'm not gambler.

From UI/UX and marketing perspective, some effort is needed to attract average player/gambler. Aside from what i've mentioned above or already mentioned by other player, here are few additional recommendation.

• Coinballer source code has no license yet, so you should add one. MIT is simple and popular option, but AGPLv3 also works if you want to put few restriction.
• For game with multiple winners, having option to share the pot evenly or based on deposit amount would be great option.
• Let player know that amount on "Currently each winner will receive" doesn't consider Bitcoin transaction fee.

Bitcoin Core and most software isn't designed to be forward compatible, so what you want is impossible. Besides, i find it's ridiculous idea to use SegWit/Taproot wallet on client which doesn't implement SegWit/Taproot.


More recent Bitcoin Core switched from Berkeley DB 4.8 to SQLite as wallet.dat database, so simple tweak won't do the job.

This is naive assumption. Knowing parameter of secp256r1[1] is chosen by NSA and cryptography security could be reduced on specific parameter (such as e=3 on RSA[2]), OP concern is valid.

[1] https://it.slashdot.org/story/13/09/11/1224252/are-the-nist-standard-elliptic-curves-back-doored
[2] https://security.stackexchange.com/a/2339

I briefly checked source code of Coinballer and found it uses Bitcoin full node to obtain the data[1]. And it looks like it has 6 minimum confirmation[2], so that might be why the address/pot balance isn't updated yet.

[1] https://github.com/jackmurray90/coinballer/blob/main/bitcoin.py#L6
[2] https://github.com/jackmurray90/coinballer/blob/main/bitcoin.py#L14

Payment confirmed. I created a game where the participant is everyone who accepted on this review campaign. If you're interested, the detail is available on https://bitcointalk.org/index.php?topic=5432506.msg61541978#msg61541978.