Hey, welcome to Bitcoin! I just stumbled across your thread, and was kind of disappointed you hadn't had more responses by now. I'll try to answer a few of your questions though. (First, for clarity: I'll refer to the file containing your private keys (among other info) as your wallet, and the software that manages the wallet and (usually) broadcasts your transactions as a client.) Wallets. I count no less than 7 different formats-- Qt, Electrum, Armory, Blockchain.info, Multibit, Paper, BIP 38. Not to mention any online wallet service. To what do you attribute the variety? Do you feel like the variety is a good or bad thing? I feel the variety is a great strength. Since the private keys are standardized, the wallet formats can afford to be different, and as long as you can extract and save the private keys (or the wallet format isn't too complicated should you need to extract the private keys yourself by hand,) it's quite workable to have multiple clients using different wallet formats (although it would be great if all the clients allowed you to import wallets in other formats, or at least allowed export and import in the standard Bitcoin-Qt format.) Should a flaw be found in one client, or one wallet format, only a segment of the Bitcoin community will be at risk, not the entire community. Just like biodiversity keeps entire ecospheres from complete collapse should some unexpected calamity arise, I feel diversity in clients (and by extension wallet formats) does the same thing. How do you choose a format? I'd say based on client features. Beginners generally want (need?) something faster and less complicated. A thin client, especially something like the Mycelium wallet app for Android makes a better choice. For someone who knows his way around Bitcoin and wants to support the network with a full client, Bitcoin-Qt might make more sense. For hardcore users who want the best in security, Armory is the clear choice. What makes a good wallet? Again, it mainly comes down to, "does this client best support the features I need?" But that said, one thing to watch for is to give strong, strong preference to clients that don't give third parties access to your private keys. I'd also suggest using a client that matches your degree of expertise... if you can handle Bitcoin-Qt, I'd recommend using it, even if you also use something else. Simpler clients like Mycelium or Electrum, even though they may only grant access to your keys to you, may rely on third-party servers for their speed and thinness. Having a rock-solid backup that also contributes to the network is something more advanced users should find desireable. Is it possible to encrypt my wallet, and still have my family be able to access the funds when I die? It depends on the client, but in most cases, yes! Bitcoin-Qt can encrypt and backup your wallet. Copy the encrypted backup around, even give copies to your loved ones if you like. Just be sure to either make new backups regularly, or set the software to pre-generate an enormous number of change addresses, just in case. Then you can include the passphrase in your will, and they'll have access to the wallet. Mycelium has an excellent backup system that generates a PDF for an encrypted paper version of the wallet, along with a password for that specific PDF. You can store the password with the (printed or electronic) PDF, or store them separately such that your family gains access to both the PDF and the password upon your death. Those are the only two clients I've used extensively; from what I understand, most other clients have other methods of allowing encryption and backup of your wallet (for example, I believe Electrum uses a single passphrase that can recreate the entire wallet.) I found many threads like this one, which describe processes for offline wallets, but recent developments left me skeptical of my computer's random number generator. You have good reason to be wary of PRNGs, both as a source of generating new private keys, and as a source of entropy for individual transactions. IIRC, as far as Bitcoin transactions go, it's possible to craft them without even relying on random numbers, and I believe the suggestion has already been made to the core development team. Considering how it's done, I see no reason why other client developers couldn't implement it right away, or why you couldn't implement it yourself. (You just use the hash of the transaction as the random number.) So what to do? I am attracted to BIP 38, because it seems like a straightforward 2-factor authentication system, but why is it so complicated? I just discovered and did some reading on BIP 38 myself. It is impressive, isn't it? (For the record, Mycelium now supports it.) It does not seem to be widely accepted either (blockchain.info did not recognize my BIP 38 encrypted QR code as a private key). Why is it worth 20 BTC just to program BIP decryption? Why are all the wallets so complicated? Why aren't wallets just AES.COUNTER_MODE(Private Key) and Address? What component am I missing? Well, BIP 38 is just a very useful feature. It really changes the game as far as Bitcoin private key security goes. As far as the complication, it comes back to the freedom that Bitcoin allows. Anyone can get in and use it, and if someone doesn't like a wallet format that's already out there--they don't think it encodes enough information, or feel it needs to be simpler, or that it needs to be deterministic, or whatever--then they're free to create their own. And as far as death is concerned, do any wallets implement Shamirs secret sharing scheme, or something similar? I'm not too familiar with that, but I seem to recall that m-of-n signature support for spending from an address has already been implemented into the Bitcoin-Qt client. So at the very least, if you have a single m-of-n address that holds the bulk of your coins you intend to leave to others, then you can distribute the keys for that address to multiple people, and if enough get together and pool their keys, they can access the funds. So, should I just stop worrying and love the wallet? The worrying is understandable, but unnecessary.  If you keep the bulk of your funds in cold storage, in the most simple format you feel comfortable with (so loved ones won't need to spend much effort to retrieve them,) you'll be fine. TL;DR: Bitcoin will change the world. Is there a standard wallet that allows user input addresses (dice generated), Mycelium and Blockchain.info do. produces a variety of standard wallet formats, This seems to be a big sticking point; I don't know that any allow this. generates raw transactions offline, I thought Blockchain.info allowed this? Maybe not. does not download the entire blockchain, Mycelium, Electrum, Blockchain.info is able to implement a secret sharing scheme, Bitcoin-Qt offers m-of-n signature support, and passphrase-encrypted wallets. Mycelium offers password-encoded PDFs. Electrum's seed passphrase can be broken into separate words (or groups of words) and distributed to others. and can run on an operating system smaller than 100MBs? Not asking a whole lot now, are we?  That's alright; surely Electrum or Bitcoin-Qt can run on whatever version of Linux you like (not sure about the others.) And we can probably expect the clients to get better with every generation (I'd say we're really only on generation 2 or 3 so far.) |
|
|
|
If you import a key you never have to verify it. You already proved that you have elsewhere. Verification is only required for keys that were generated by the app.
Ah, so then the experience I had was just a one-time event, due to updating the app's wallet? Nice! (Or try to bribe you with bitcoins....) Hey, I'm willing to make a reasonable offer. |
|
|
|
It's however good to design the wallet for both basic and advanced users in mind. It's not a big issue if I have to go through a few menus to be able to ignore the backup reminder, that's what advanced users do. I go through all possible settings in a program in detail every time I use anything. When something can't be customized (in any way), that is always a disappointment.
The problem is "advanced users" are often the victims of their own intelligence. And then there is just plain bad luck - like losing the phone, or dropping it in your beer. A true "expert user" would recognise backups are MUCH more important than a nag screen. @Jan - dont remove it. And those of us importing our already-backed-up keys just have to go through the verification procedure again each time? A procedure which pretty much (appropriately) requires a printout of the keys? *sigh* Maybe two versions of the app might be warranted. The normal version, and the "DANGEROUS", "RISKY", "ADVANCED EXPERT MODE" version that scares all the newbies away with descriptions like "this version is far riskier, and YOU STAND A GOOD CHANCE OF LOSING YOUR COINS if you don't take extra precautions on your own." Of course, knowing that that would require much more work than it might sound like, I'm only joking. But a guy can dream. (Or try to bribe you with bitcoins....) |
|
|
|
|
Finally got around to trying out the newest version and backing up the keys on one of my phones. Here's my feedback:
1) This method of backing up is excellent. It's reasonably simple, and having the necessary components be split into two parts (the PDF and the password) allows for a lot of flexibility. While I personally am a little nervous about the idea of having to decrypt the keys by hand should I not have access to Mycelium (I like to have low-level access to my data,) I understand most people will never even think of this. And, I can always write out the private keys by hand anyway. Great work on this!
2) I've never used the autopay feature, but then I don't spend my bitcoins all that often. But I can see how for those who do, this could be a very big deal. It never got in the way when I wasn't using it. I can see wanting to limit the overall spending though; a spending cap (that goes down whenever a spend occurs) may be a good solution for that since "power users" shouldn't mind setting that up.
3) I do think the "forced backup" and highly visible backup notices is a bit of overkill. Before this version of the app, I wrote down all my private keys by hand. To suddenly have the app decide my keys aren't backed up, with no way to get rid of the message other than using the PDF-and-verify method, was a bit annoying. Being able to inform the app that you've backed up already would be a nice alternative option; you can't protect users from all their mistakes forever.
4) I noticed and missed the lack of ability to swipe between keys right away, but I'm already over it.
5) An option to send the PDF to the memory card would be great.
|
|
|
|
...snip...
Wait - you are happy to allow female genital mutilation, provided its not done to your daughter, and now you want to go all happy-clappy about believing in people?
If this is how your vision of anarchy "works" you'll find that people won't allow it. As I say, disgusting.
Wait, wait... one of your disagreements with anarchy is because under it, some people somewhere might be circumcising their daughters? We already live in a world with practically everyone under the thumb of some government, and this already happens. I wouldn't be surprised if there was a government or two that mandated it. How is anarchy worse in that regard? Would you allow female genital mutilation? That's not even a fair question. Male "mutilation" goes on all around me. By not voting to prevent it, or using guns to stop every doctor who engages in it, I'm allowing it? I actually have an obligation to go out and prevent all crime outside of my personal sphere? Now if the question was meant as, would I allow my female children to be circumcised, then the answer is no. If not, how would you prevent it if the majority of people in your area have chosen a protection service that does allow it?
The same way I would now if I were living under a government that allowed or mandated it... effectively, I wouldn't. If I found it too egregious (and honestly I've found no compelling reason to look into the gory details of the activity) and couldn't persuade others to stop, I would simply have to move. How is anarchy worse in that regard? |
|
|
|
So you will allow female genital mutilation. I assume the same logic applies to honour killings, bride burning and the like.
If that is what anarchy requires, then I don't see it ever "working."
False. I will not allow my child to have her genitals mutilated. That's the point; it requires a rational society, of which you'd find no place if you will not even acknowledge when you're wrong. As I said, you have no morality. You don't want your child hurt but you turn a blind eye to a neighbour's child having her clitoris cut off without anaesthetic. Disgusting. False. You have no idea what morality is, either, if you believe people can be with or without them. Hawker, take my advice: take a class on philosophy, specifically on ethics. It'll help. Take care Wait - you are happy to allow female genital mutilation, provided its not done to your daughter, and now you want to go all happy-clappy about believing in people? If this is how your vision of anarchy "works" you'll find that people won't allow it. As I say, disgusting. Wait, wait... one of your disagreements with anarchy is because under it, some people somewhere might be circumcising their daughters? We already live in a world with practically everyone under the thumb of some government, and this already happens. I wouldn't be surprised if there was a government or two that mandated it. How is anarchy worse in that regard? |
|
|
|
This from one that: just a few days ago said that bitcoin could take over the world a day later : "I'm having 2nd thoughts" now: bitcon I agreed bitCON would likely exponentially grow in market cap into the $trillions. I still do. It is a ponzi scheme and that is mathematically undeniable. I hope you like paying 300% taxes and going to jail from aiding and abetting a ponzi scheme. You're either an idiot, or a bad troll. Either way, you deserve to be ignored. |
|
|
|
Also, would it be possible somewhere to see the individual balance of all keys stored in Mycelium? Currently we only see a total balance of all added together.
You can change this in the settings. Turn off "Aggregated View." EDIT: You may have to enable "Expert Mode" right above it to do so. |
|
|
|
Just messed up. We need to expose the idiot doing this. Just hurting the crypto community and is plain wrong.
No one is really doing this. It's all a ruse. Lies playing on the theater of fear to try to frame the debate and generate a desired response. Don't fall for it. |
|
|
|
|
The "then they fight you" stage is starting to ramp up....
|
|
|
|
Sunde: You can't beat politics with technology
Bitcoin: Challenge accepted.
Yup. You'll just have to pardon us for continuing to opt out of the system and to resist it through all peaceful means possible, including technologically. Think it's useless? Think it's dumb and won't work? Think it's immature? Too bad. It's still going to continue. Must be tough to not be able to get others to ignore the gun in the room... especially as they actively seek means to neutralize it. Tough indeed. |
|
|
|
|
This is the best they can do?
"No one is listening... we need to PROVE that Bitcoins are dangerous and need regulation. ... See?! Anonymous currency can be used for assassinations! You NEED the regulation!"
The whole thing is clearly a ruse. I'm just waiting for the "kiddy pr0n" angle to be used next, and to flop. At that point we'll know their backs are against the wall.
|
|
|
|
|
I'm all for 0.0001 BTC. We need to just go with the half-way point. Room for growth, and fluid transitions within the system.
1 bitcoin = 10,000 digibits (or whatever)
1 digibit = 10,000 satoshis
And I agree that resorting to the next-lower denomination will get more people interested, as long as it's NOT millibit or millibitcoin or microbit, etc (I've encountered non-users mentioning such things quite a bit.)
Someone should fork Mycelium, call it KidCoin, add bright colors and fun imagery, and change the displays and inputs to only work in 0.0001 BTC units, except 1 BTC = 10,000 KDC. It would see overnight success.
(Edit: yes, that was exaggeration.)
|
|
|
|
What other measure would you guys suggest to meet existing legal requirements? Trying to convince lawmakers that bitcoin should be anonymously traded is an absolute non-starter. If that is the foundation's opinion then bitcoin may be declared illegal and the tracking of coins will move to law enforcement. So, what are our other options?
So let it be declared illegal in the U.S. Then all of you who are so concerned can just stop using it and go on about your lives without facing any further risks. Instead, you'd rather see a key aspect of Bitcoin eliminated, the anonymity, and in a way that's obviously destined for abuse no less. That says enough right there. This is not a matter for debate anymore. It doesn't matter what you or I or any agency wants to happen. There WILL be an anonymous cryptocurrency. We WILL take steps to ensure that Bitcoin is that currency. And if Bitcoin is morphed into one that's just another tool for tracking, then another will be built and we'll leave yours alone from that day forward. Will you then try to justify changing that new one too, because you like it and want to use it and make money with it but have to deal with regulators to do so? Is your goal simply to see U.S. financial tracking expanded, period? Because right now, that's all that's being pushed. |
|
|
|
Again you are giving the foundation too much power.
Mod Edit Note: Shove your tracking pixel up your ass, BCB. Cheers, Raoul Duke
Well, ain't that nice. Tracking pixels... noting every IP address that views his post. Why am I not too surprised?  |
|
|
|
Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B.
Output A is 5.21875 BTC and Output B is 3.4375.
In order for an attacker to break the mixing he must answer the question, "which combination of inputs add up to each output", and that question could likely have only one solution. If there is only one solution, the mixing has no value other than forcing the attacker to spend a bit of CPU power on it.
If the participants in the mix instead choose to only use integer powers of 2, they can break their desired outputs down like this:
Output A can be broken down as follows:
1 x 22
1 x 20
1 x 2-3
1 x 2-4
1 x 2-5
Output B can be broken down as follows:
1 x 21
1 x 20
1 x 2-2
1 x 2-3
1 x 2-4
So now the transaction has 10 outputs: 4 BTC, 1 BTC, 1 BTC, 250 mBTC, 125 mBTC, 125 mBTC, 62.5 mBTC, 62.5 mBTC, 31.25 mBTC.
The odds of finding an unambiguous mapping of inputs to outputs should be far lower in the second case.
Hmm. It might simplify things by "approximating" powers of 2: 1, 2, 5, 10, 25, 50, 100, 250, 500, etc. Similarly, 0.5, 0.2, 0.1, 0.05, 0.02, 0.01, etc. The downside is there's somewhat more risk of analysis matching inputs to outputs, but I would think the increased risk is very slight. Among the benefits is that the math is simpler, allowing other ideas to be easily implemented (such as a cutoff value: everything under 0.000x BTC is lumped into one output. If a small, random transaction fee is also included, this avoids dust outputs but is still resistant to analysis.) For example, your above outputs, after removing small transactions fees, might break down to A) 5.21872289 (prior output after removing a randomized 0.00002711 txn fee) = 5 + 0.2 + 0.01 + 0.005 + 0.002 + 0.001 + 0.0005 + 0.0002 + 0.0002289 BTC B) 3.43742991 (prior output after removing a randomized 0.00007039 txn fee) = 2 + 1 + 0.2 + 0.2 + .02 + 0.01 + 0.005 + 0.002 + 0.0002 + 0.0002 + 0.00002991 BTC Almost all of the privacy, and the coins are less noticeable (as opposed to values like 0.03125 BTC) even just sitting in the wallet. And this would be a much better result too for those of us managing coins in paper wallets who need to determine how many change addresses to grab to spend X bitcoins. Just a thought. |
|
|
|
what blocks are 90% empty and there is a back log?
Essentially all. None of the last 100 blocks were larger than 400KB. Only 5 were larger than 300KB. The vast majority are 100KB to 250KB. More than 20 are <100KB. The block size limit is 1MB. why are miners creating a back log when they have plenty of space. why not include all the TX's if there is space for them? Probably because far too many of those transactions are being sent with low (or no) transaction fees, and the miners just don't feel like turning charity into an entitlement. I'd like to know the stats as far as the trends in fees go. But if that is the case, I can't say I blame the miners for not wanting to encourage the practice. |
|
|
|
can we stop this?
Yes, but not by negotiating with every fool who attempts it, for there are far too many fools in the world. I've personally talked two startups out of similar business models in the past. We can stop this by making sure that its not viable, by tweaking our practices and the ecosystem to be an environment that things like this just can't work in. This means: Anonymous mining, Discouraging address reuse, coinjoin, etc. Importantly, people need to step up and fund the development of privacy tools. Today there is no business model for decenteralized privacy tools that people can use casually and thus pervasively. We must vote with our wallets— not our spending, but how we choose to transact and what developments we fund. As a spending group the people who really realize the importance of privacy and fungiblity will always be a small enough minority that short-sighted business people will find it all too easy to go without their business. I agree and support everything you said here, Gregory, but I'm afraid that might not be enough. Working around balcklists is feasible, through the means you cite. But the threat here are not blacklists, the threat are mandatory whitelists. You may coinjoin your coins as much as you want. If you want to use them in "the land of the free" you'll have to give away your freedom and privacy by declaring them to Big Brother. Otherwise your output might just be frozen by the "law abiding merchant" that receives it. Mixers are not enough to fight back. But I fail to see alternatives. I know you and many other bitcoin developers have brilliant minds... I hope you manage to come up with a solution. The solution seems obvious (if difficult to implement): A setup where you know the address you send money to... but where no one can determine where the funds in a given address came from. This has downsides of course; you can't prove you sent a payment, only that payment was sent. But developing this scheme seems worthwhile enough, as it will stop this nastiness cold. EDIT: Frankly, the way bitcoin works, even if such an option was available, there will always still be an option to use direct payment, and the tendency will be to force users to do so. It's looking like we need a new cryptocurrency where direct payment isn't even possible. |
|
|
|
Re-requesting a push for the development of CoinJoin-mixing in the Mycelium Wallet. With the redlist scandal going on, I think that implementing CoinJoin everywhere is a good idea.
I second this. |
|
|
|
If the foundation chooses to support this idea, it will be the day when Bitcoin splits. In one way or another, there will be two different Bitcoin protocols, be it in the form of an altcoin or as a hard fork. I hope they make the right decision, which is obvious in my mind.
Why wait? That fact that this is being advocated, whether for the protocol, for wallets, or for third-party "validation" companies (talk about doublespeak) is proof enough that the very possibility of this needs to die, right now. I'll certainly direct whatever I can, including my coins, toward any development that ends this talk of "redlisting." This actually has me willing to donate to Dark Wallet. |
|
|
|
|
Show Posts
