Every famous open-source crypto wallet lacks a UI/UX design and some of them don't have applications for smartphones. I personally use Electrum and its mobile app is terrible, and far from intuitive. Windows app looks like an old application from Windows XP times.
Long story short, every Bitcoin wallet needs to do more UI/UX research and create more intuitive design and they need good smartphone app. I would also love to see timelock feature on crypto wallets because it's sometimes hard to HODL and locking your bitcoin for years is the best way for those who lack self-control.
Trezor Suite has the best UI in my opinion, but when it comes to UX, Electrum and Bitcoin Core are more objective. It has the Send, Receive button, I just think that both Electrum and Bitcoin core should return to having dynamic QR Codes, when changing the amount or description the QR is instantly updated instead of clicking on "create new receiving address" and a new QR Code. About Electrum's retro UI, this pleases me, because remembering graphical interfaces from the XP era is very nostalgic, electrum reminds me of those password managers like Keepass. It seems to me that bitcoinwallets lack the functions that blockchain.com / blockexplorer.com, bitcoinfees.earn.com websites provides, such as a transaction explorer, mempool weight, bitcoin fees and time to confirm a transaction. It would be nice to have similar information in the adjacent tabs of the bitcoin wallet, but I think that it would “weight down” the wallet and make it bulky and clumsy, which combine applications become.
I would like to see this in bitcoin wallets, rather than looking for the necessary information on third-party websites, which, as we know, don't hesitate to collect information about visitors.
Well, Sparrow has an integrated block explorer, do you already know it? |
|
|
|
|
the 12 word length standard is the accepted standard in 95% of wallets, what guarantee do u have that a seed of just 3 words will be accepted by other wallets? Understand that this causes the versatility of the backup to be lost, being limited to a few wallets that accept restoring a 3-word seed + passphrase.
Your passphrase must be long enough to compensate for the weak security of a 3-word seed, which creates another problem, how will you guarantee that you'll remember this passphrase when you need to restore funds? It's easier for you to follow the standard of at least 12 words and use a good passphrase using words + numbers and some symbols, thus striking a good balance between increasing security and avoiding forgetfulness.
I see that the only justification for choosing a seed of 3 words instead of 12 is to make it easier to remember, but there are safer ways to do this...
It's easy to memorize a seed of 12 words and some passphrases, but never rely solely on your brain due to the risk of amnesia, spread your backup geographically without giving obvious clues that it has anything to do with bitcoin.
|
|
|
|
|
Forum Rank: Hero
Bech32 address: bc1qes8w0kywyp02aettn4nn82d0q9m73httpqc4vv
|
|
|
|
|
Thank you for participating in this campaign and for the opportunity @suzanne5223 it'll be a pleasure to work with you on future projects.
|
|
|
|
|
I'd take 1 BTC immediately and then think about what I do with it, I'd divide this prize between 20% for variable income investments and only 2% in betting and sports betting and the rest I would keep in hodl.
|
|
|
|
-
Mas existe um grande problema nessa questão aí, você vai depender se o seu governo não for corrupto como o governo brasileiro, se o governo/gestão do seu governo for o mínimo corrupto possível, eu entendo o seu ponto. Agora se o governo do seu país for composto onde a maioria é corrupto e não estão nem aí pra população, então temos um problema. Pois a maioria do dinheiro pago em impostos não serão gastos com o que foi prometido e você está ferrado. |
|
|
|
|
I'm sorry for your loss OP, but take this as a learning experience and based on it, as well as serving as an experience for us because you're telling us something that's useful for you.
Some people actually work more than they spend time in leisure, this is sad for bettors. When you are feeling tired or stressed, try to satisfy your adrenaline levels in other activities that do not depend on your bets at that moment, such as playing a video game, or even researching the team you are betting on and seeing their current conditions to place a bet when you are cool-headed and refreshed.
|
|
|
|
Poxa pessoal, saiu está campanha e ninguém para avisar: https://bitcointalk.org/index.php?topic=5489143.0 Infelizmente não deu tempo para eu me inscrever nela. Vejo que o fórum está aberto para novas campanhas. Achei bem interessante isso. E ai @Sabotag3x, o que você acha desse tipo de campanha ?  Pena que é na Alemanha que o "serviço" é oferecido.  Obs*: O "serviço" é apenas de fotos e vídeos. Achei que era mais completo.  Ela acabou de abrir de novo https://bitcointalk.org/index.php?topic=5489143.60;topicseenWe have 1x Position open, apply now!
Update: Já foi preenchida Accepted! Welcome to the Campaign, and nice to have a German local board poster! 
We are once again CFNP. Thank you all for your applications! |
|
|
|
As Stalker22 suggested, the closest solution to what you are looking for is BIP85. To summarize, BIP85 makes it possible to derive from the original seed infinite seeds, WIF or XPRIV through indexing from 0 to what is allowed by this BIP similar to what an HD wallet does to derive the private key addresses via index i.e: m/0/0/0 address1, m/0/0/1 address2 and so on. But in BIP85 it's directly from a number that goes from 0 to unknown, for example 999999. When choosing an index number, it'll always generate the same seed, WIF or XPRIV, if the seed is protected by the BIP39 passphrase it'll generate completely different seeds and the rest. In BIP85, the seeds generated are unique and the child seed cannot reach the mother seed, so there is no problem if an attacker discovers your child seeds if your funds are in the mother seed (this is just an example), because with the child seeds they'll not be able to calculate up to the mother seed. You can use this for plausible deniability, for example, generating a BIP39 seed, protecting it with Passphrase BIP39 and generating a new seed using this seed in BIP85, with this you can safely store your original seed, because even if an attacker physically accesses your original seed, he still needs to know the BIP39 Passphrase and in addition, he still needs to know which index you used to access the seed that contains your funds, and you can still protect this child seed with BIP39 Passphrase making it even more difficult for any attacker. Realize that your security increases, but with great power comes great responsibilities, the risk also increases a lot: - There is a high chance that you will make a mistake in the middle of the setup.
- Will you remember how to recover the funds if many years pass?
I think that an extended seed (seed + passphrase) would already meet your demand, because a wallet protected with BIP39 passphrase, even if the attacker physically accesses your seed, unless he doesn't know your BIP39 Passphrase, it will be useless for him to try anything. Furthermore, as some mentioned, passphrases make it possible to create infinite wallets using a single seed. Be careful, do your research before making any decision, because in bitcoin, one slip-up can cost you all your funds. |
|
|
|
Será que essa correção disponibilizada pela intel foi repassada para fabricantes de placa mãe e ai eles liberaram novas BIOS que corrigem essa vulnerabilidade? Pensa em buscar essa correção para o seu notebook?
Eu não sei te informar sobre isso, vou procurar saber mais tarde. Se tiver atualização disponível, vou procurar sim. Meu sonho sempre foi ter um MacBook e eu ainda não vou desistir de ter um, acho eles ótimos pra tudo que se propões a fazer, ainda mais se você tiver iPhone/iPad. |
|
|
|
|
Deixa eu ver se eu entendi? Está proibido na europa fazer pagamentos de carteiras cripto de auto-custódia? Que absurdo, só prova que o governo tem muito a temer com a revolução Web3, está vendo seu aparato está se tornando obsoleto. Mas a longo prazo será um tiro no pé, pois nenhuma proibição de bitcoin funcionou (na verdade, causa o efeito contrário).
Eu tava assistindo vídeo sobre o assunto do canal Ancap.su do Youtube. Rapaz, em alguns casos, a europa está pior que o brasil, em vez de reduzir os impostos, não interferir no mercado eles tomam atitudes que beira ao infantil de criança que para uma partida de futebol bruscamente pra levar a bola pra casa porque não gostou de alguma coisa que o coleguinha fez ou falou dele.
Por isso que a cada dia o descontentamento das pessoas frente aos governos crescem e com isso migram pro bitcoin e cripto em geral, a cada dia que passa, as pessoas percebem que os governos de todo o mundo só atrapalham e limitam o cidadão de alcançar objetivos pessoais, além de não cumprir com o básico que prometem: saúde, segurança, saneamento básico e infraestrutura em geral.
Essa bancada política mal sabem o funcionamento de tecnologias ponto-a-ponto como o bitcoin que são imparáveis devido a sua natureza descentralizada, porque a maioria são um bando de velhos burros que mal sabem o básico de informática.
|
|
|
|
Hmm, but your screenshot shows that the addresses are the same. Do you mean the WIF private keys are wrong? It's working in HCP's version of that edited IanColeman BIP39 tool, here: github.com/HardCorePawn/electrumBIP39Yes, they are correct, because in the images I used an electrum seedphrase without a passphrase. I used the correct derivation path, the problem I described below: In the version that I changed, the code also worked as described, see that you used common spaced words as passphrases, I tried the same here and it worked, it generated the same private keys as in the Electrum software, but if you use alphanumeric characters and special characters in BIP39 Passphrase, will never generate the same addresses in electrum software with an extended seedphrase containing special characters. Seedphrase electrum without passphrase matched:   Seedphrase electrum with passphrase (spaced words) matched:   Seedphrase electrum with passphrase (complex passphrase with special characters) not matched:   |
|
|
|
-
I believe that online casinos/crypto-casinos will be the main alternative for Brazilian bettors, and that this arbitrary decision by the government will be a shot in the foot in the medium-long term resulting in the opposite effect, instead of increasing revenue, it will decrease it, as bettors will migrate to unregulated platforms and online casinos that are not registered here in the country. The current government is thirsty for citizens' money, but what are they doing with so much money to always want more and more? This sounds more to me like the government indirectly discouraging people from gambling because in a nutshell, it makes gambling rarely profitable as you will be remitting any profit you manage to make to the government. If I place 10 bets and win only 3 and I'm taxed in the 3 bets that I won, what happens to the bets I lost? Is this not simply increasing the loss of the gambler? This simply means that the government is saying don't gamble and if you insist, if you didn't lose your money to the bookies, we will take it from you... whichever case, the loss is on the gamblers and only few will escape.
What happens to taxing only credits to bank accounts? This is the effective way to tax and not to tax individual bet slip.
No Odohu, the government isn't at all concerned about discouraging bettors, if that made sense, they'd run some kind of campaign encouraging bettors not to bet or something like that, but as a lot of money circulates especially in recent years with the increase surreal of sponsorships from sports betting companies in brazilian football (around 60 or 70% of clubs sponsorships are done by sports betting companies), there was an increase in both interest and finance in the betting sector in the country and the government unintentionally wasting time, saw the opportunity to tax the sector absurdly. |
|
|
|
I changed a few lines of code from the iancoleman BIP39 website following the instructions from @HCP and @o_e_l_e_o ( here) and tested an Electrum seedphrase after the modification and it worked, generating the same electrum wallet addresses. But it doesn't work if you have extended the words (added passphrase to a seedphrase created in Electrum), generating totally different keys, has anyone done the test? Does anyone know how to get around this?  |
|
|
|
-
How dangerous are these flaws? No one panics as I see.
Due to the complexity of the attack, it's difficult to believe that hackers would want to massively disseminate malware exploiting this flaw, especially because it was recently disclosed, it may be more viable for them to focus their efforts on someone who is highly targeted and has a better chance of success, so it's not really a reason to panic (yet). Regardless, in digital security whenever there is a vulnerability, we assume that your computer is infected with malware capable of exploiting that vulnerability and extracting Bitcoin private keys. Assuming that your macbook is affected by this vulnerability and that you have decided to transfer the funds to a new wallet outside the macbook with the M chip, it would not be the best decision to transfer the funds directly from the affected notebook, what you can do is, take the encrypted file (in the case of Electrum, your defaut_wallet) and open electrum by accessing the encrypted Electrum keystore and make this transaction on the device free from the vulnerability (remember, the flaw is in the M1 chips, so if you have an intel chip macbook, theoretically is fault-free). Or you restore the Electrum wallet on another device using the Electrum seedphrase and make the transaction. It's worth remembering that I'm not a security expert, I'm just a curious person trying to stay informed every day to increasingly improve my security and privacy habits and find the best possible balance between these two and convenience. Overall, the decision to view this as a red alert will depend on each Mac owner. It's cool that you work with UI/UX Design, I'm also learning and who knows how to make a profession out of it. |
|
|
|
-
Yes, I myself can find out where the UTXO are without difficulty, as the best known are M/0, M/0H, M/44H/, M/49H..., M/84 and 86 (few support the last 4 scripts together). Bitcoin Core (legacy wallet) and Electrum use derivation paths from the beginning of bip32. Recently Bitcoin core adopted the BIP39 standard (without mnemonic). At the time, I tried to restore the wallet created in bitcoin core through xpriv on Electrum, out of curiosity and I was unable to do so. Even getting the derivation patch right. Regarding the shortcomings of BIP39, electrum already contains a seed indicating the version number in the seed itself indicating what type of addresses to generate, but only it uses its own standard. Which I don't technically get how it works and how the electrum seed version is better than the BIP39 as they claim.
https://electrum.readthedocs.io/en/latest/seedphrase.html#motivation |
|
|
|
Fiz uma pesquisa se existe algo semelhante nos processadores intel e encontrei isso https://www.adrenaline.com.br/intel/vulnerabilidade-cpus-intel-expoe-dados-sensiveis/Em resumo, praticamente a mesma coisa, uma vulnerabilidade chamada "Downfall" que afeta os processadores intel da 6º geração até a 11º (Meu notebook é intel 11  ). Ela permite que determinados registros no hardware sejam acessados via software, com malwares obtendo informações sobre os aplicativos, possivelmente roubando senhas e chaves de cripto. Pelo meu conhecimento não-muito-técnico, pude entender que é quase a mesma coisa. Porém diferente dessa vulnerabilidade da Apple, a intel liberou uma atualização de firmware corrigindo a falha, porém afetando a performance. Acho que no caso da Apple, também pode ser corrigido, mas como é a nível hardware, é mais complicado, é mais fácil a Apple lançar o M4 com essa vulnerabilidade corrigida. Uma coisa legal que eles podiam fazer é aceitar a troca de um macbook com chip M para abater no valor de um novo macbook com processador novo corrigido. É bem provavel que existam vulnerabilidades em nossos sistemas que ainda não conhecemos, mas ainda vivemos tranquilamente. Uma vez li algo que parecia ser "absurdo"... malwares poderiam se espalhar entre computadores atravéz de sons inaudíveis utilizando as caixas de som e microfones dos notebooks, possibilitando que uma ataque fosse realizado à até 19 metros de distância do alvo, de forma parecida já falaram também que é possível interceptar dados que sao gravados através dos sons que são emitidos pelos HDs (os velhos dispositivos de discos rígidos... ponto para os SSDs).
Agora, além da pergunta sobre "registros conhecidos" de ataque, é preciso se perguntar o quão prático isso é... ou seria apenas alguém filosofando sobre as possibilidades de algo que na prática é praticamente impossível de se obter algo "aproveitável"!?
Fora os esforços/custos envolvidos que muitas vezes podem não compensar o ataque.
Enfim, não desmerecendo a notícia e muito menos a sua intenção de trazer esse conhecimento até nós, mas minha opinião é de que isso é apenas mais uma vulnarabilidade que vai ficar só na "possibilidade" mesmo.
A maioria dessas falhas divulgadas por esses acadêmicos nem são exploradas, acredito que elas avisam as fabricantes primeiro antes de veicular as nóticias, para darem tempo delas tentarem corrigir o problema, senão seria uma má prática de mercado, estou certo? E esse lance da possibilidade de um malware se espalhar através do som, tô por fora disso. Parece ficção científica, assustador  |
|
|
|
A vulnerability has been discovered in Apple's M1, M2 and M3 chips that allows attackers to access the private keys of Mac devices through side-channel-attack. Modern processors have a technique called "prefetching" to optimize performance and activity patterns. The prefetcher stores data in the cache memory, this data acts as a locator to access information more quickly for the user and in this way it can leak information, allowing attackers to access it via a side channel attack. What caught my attention the most, from what I understood, was the possibility that an attacker could inject malicious javascript code into a site, so that when Mac users access these sites, the malicious script acts to obtain the cache data and consequently, If a user has accessed private data such as private keys, seeds, etc., the information may be saved there temporarily. Is there a similar flaw in Intel processors and others that have not yet been discovered? Remembering that the failure affects chips from Apple's M line, that is, the same goes for iPads that also contain an M chip. At the moment there is no record of victims of this attack, but the moment requires attention. According to what I found in the news (I'll leave one of the links below), the fault can't be corrected, as it is at a hardware level and not a software one (read the details in the news). The vulnerability is considered serious and it is recommended that if you have created bitcoin wallets on Mac devices, you create a new wallet on a non-Apple device and transfer the funds.
Links: https://cointelegraph.com/news/unpatchable-flaw-apple-chip-access-encrypted-datahttps://www.zetter-zeroday.com/apple-chips/https://twitter.com/KimZetter/status/1770869722760061195?ref=zetter-zeroday.com |
|
|
|
|
Show Posts
