|
Just use bitaddress.org (web page) or NoBrainr (offline tool) to generate robust brainwallets and cold storage addresses.
|
|
|
|
Crypto currencies are a game-changer. But, as currently implemented, they are designed to fail. The proposals here won’t change the outcome. Simply put: there is no spend password on the private key! To illustrate: my PGP/GPG private keys are only created and used offline; printed and stored in an offsite safe. But, they are vulnerable to replication. Somebody sitting at a keyboard and hammering out a random string that just may be identical to my original PGP/GPG private key. So, when somebody finally replicates my PGP/GPG private key they must still crack my random password to impersonate me. That, is to transact with my key. The Android Bitcoin flaw proved that the Bitcoin 51 character private key is much easier to replicate. It starts with the digit 5 and the rest of the key are randomised characters from the Base58 symbol chart on the Base58Check encoding page. It doesn’t matter if you follow best-practice privacy measures, such as cold storage, paper-wallets, encrypted USB drives, etc. No passphrase, no security. It won’t be long before some script-kiddy writes an algorithm to replicate all possible Bitcoin private keys. Run them through the JavaScripts available online that calculate the individual public keys. Query sites such as Bitcoin Block Explorer for addresses with transaction histories. Download the JavaScript to create secure offline Bitcoin transactions. Then, broadcast the transactions. All without touching a single encrypted wallet.dat. –––– REFERENCES ···· The Android Bitcoin vulnerability explained http://blogs.avg.com/mobile/android-bitcoin-vulnerability-explained/···· Base58Check encoding https://en.bitcoin.it/wiki/Base58Check_encoding···· Query private wallet keys at https://www.bitaddress.org···· Watch wallets online at https://blockchain.info/address/···· Retrieve transaction history at http://blockexplorer.com/q/mytransactions/···· Create offline send with http://www.howtovanish.com/images/offline-transactions.zip···· Broadcast spend at http://blockchain.info/pushtxThis already exists: Deep Space Vagabond  Google it. Perhaps more interesting than the app is the discussion thread, read it all, it's very educational. |
|
|
|
The speed (seconds) with which the funds were redirected make it clear it was a bot. I don't think you understand what a rainbow table is. Somebody generated the exact same brainwallet you did, long before you ever thought of using that passphrase. They've actually generated millions of brainwallets, and they're just waiting for someone naive enough to use the same weak passprases and deposit money into one of their addresses. Anything less than 16 random words is too short as a passphrase. Not a 16 word phrase from your favourite work of literature, not some TV character's 16 word catchphrase with a few simple letter substitutions and random punctuation characters thrown in. 16 words that have never before been grouped together into the same context by any human that has ever lived. If you can't generate and remember a random passphrase this long you shouldn't use brainwallets. Diceware: http://world.std.com/~reinhold/diceware.htmlThis. And there are a couple of nice tools on this forum that easily convert dice rolls into passphrases and bitcoin addresses. Diceware SHOULD NOT be used with anything other than dice: the entropy is not the same otherwise. Read my post again. The tools I saw WORK WITH DICE. So, full entropy. |
|
|
|
The speed (seconds) with which the funds were redirected make it clear it was a bot. I don't think you understand what a rainbow table is. Somebody generated the exact same brainwallet you did, long before you ever thought of using that passphrase. They've actually generated millions of brainwallets, and they're just waiting for someone naive enough to use the same weak passprases and deposit money into one of their addresses. Anything less than 16 random words is too short as a passphrase. Not a 16 word phrase from your favourite work of literature, not some TV character's 16 word catchphrase with a few simple letter substitutions and random punctuation characters thrown in. 16 words that have never before been grouped together into the same context by any human that has ever lived. If you can't generate and remember a random passphrase this long you shouldn't use brainwallets. Diceware: http://world.std.com/~reinhold/diceware.htmlThis. And there are a couple of nice tools on this forum that easily convert dice rolls into passphrases and bitcoin addresses. |
|
|
|
Thanks for this interesting discussion. 34 chars: ~96.026255%
33 chars: ~3.973735%
32 chars: ~0.00001%
So if I understand this right, I've got my answer: 32 characters are 400,000 times rarer than 33 characters. Are 31 characters also 400,000 times rarer than 32 characters, or does the factor differ again? |
|
|
|
OK, I started off trying to make a paper wallet or pendrive wallet. But for reasons that baffle and frustrate me, I'm incapable of dual booting linux onto my computer to enable this, all the while the price continues to rise so feel I'm wasting valuable time. So unless someone has a much simpler and less frustrating way to create said wallets, what would you guys recommend as the safest, easiest and quickest way to buy bitcoins online. With the consideration that my plan was just to buy then to hold onto them for, I'd imagine, a couple of years. I'd be grateful for as many opinions as possible and the reasoning behind them to make the most informed choice. For example mtgox vs localbitcoin etc. Thanks for any advice in advance guys. Have you looked at tools such as bitaddress or nobrainr (even safer as it is not a webpage) to create your paper wallet? |
|
|
|
|
I'm not very good at math... but I have noticed that 33-character addresses are about 20 times less common than 34-character addresses. Similarly, are 32-character addresses 20 times less common than 33-character addresses (and so on)?
I would really like to see a math guru confirm this.
|
|
|
|
I don't understand the code well enough to answer your specific concern. My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught. Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me. I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious: http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/ Yeah - all I wanted to do was modify the code a bit to add some of my own extra randomness to it for my sanity... But this has put me off completely now! I just want to create a really secure paper wallet where I don't need to trust somebody... Any ideas? You may like the NoBrainr tool, also on this subforum. It's a little frugal but, I found it to be really easy to "review", even though I'm not a developer. It's so tiny there's little space to hide malicious code. |
|
|
|
|
Any chance you could release a commented version of the script? Would be great for educational purposes.
|
|
|
|
theres no safest wallet if its online , save it in paper or your computer ! Diceware is not online nor offline wallet and has nothing to do with bitcoin itself. Diceware is not even online password generator (although there are some). Diceware is a method to pick a strong pass phrase completely offline and completely random! Using ordinary dice, pen and paper. This. I'm a huge fan of diceware. EDIT: Just found this little tool that uses diceware to paper/brainwallets: https://bitcointalk.org/index.php?topic=308972.0 |
|
|
|
|
To be honest the current situation is a huge mess. Everybody is in a state of uber paranoia,
which is of course irrational. It is totally possible to keep bitcoins on a Windows machine, and whatever
solution you choose, there is ALWAYS some amount of trust needed. That said, if you're a newbie, I would
recommend to wait till you have done enough research before investing any significant money in bitcoin.
|
|
|
|
Another change that was recently merged (but may not make it out the door) is a feature I've dubbed TxQR.
It's a modification to slush's QRCode plugin that allows you to both display and read unsigned and signed transactions via QR. It basically duplicates the existing "Save unsigned transaction" "sign transaction" "broadcast transaction" workflow between seedless and seeded wallets but with QRCodes instead.
This allows you to have two instances of Electrum communicate with each other without the risk of spreading malware between the two using a USB key.
I don't know when the Electrum maintainers plan on pushing this change out in an official release, but the code is there (pull request 227) for you to test.
Enjoy,
Nice. But does a transaction always fit into a single QR code? |
|
|
|
|
Is there a feature roadmap for Electrum? What's in the pipeline?
I believe the most pressing things to be done for Electrum to be widely adopted is good documentation and tutorials, and a sexier GUI. Is there any work being done on that currently?
Also, how many developers are there? I only ever see ThomasV here. Is this a one-man effort?
I would hate to see the project abandoned at some point...
|
|
|
|
I've been playing around with a couple of Bitcoin wallets recently, and have stumbled upon Electrum.
For me, this wallet is really appealing as I don't have the resources to maintain the blockchain on my machine, and I don't really like the idea of handing over my coins to Blockchain / Coinbase to store, and Electrum seems to be that nice compromise. The big disadvantage though is the UI is terrible, and I'm really put off using it.
Just wondering if there are any other wallets which are similar in structure to Electrum, or other wallets which don't involve me having to trust another company with all my coins?
True, Electrum's half-baked UI is its biggest drawback IMHO... Such a shame as it's a real solid & fast client otherwise. If using Windows, have you tried flatfly's branch of it? It looks more polished as he's using a more modern graphical toolkit to build it. See this screenshot. Official thread: https://bitcointalk.org/index.php?topic=73651.0 |
|
|
|
A lot of hands are "like" other hands and if you are playing even a few tables you'll notice a lot of cases of matching and partial matching, it is to be expected. But if you get exactly 4c6d (in order) even 4 times out of 4, that's pretty far out there.
1 in (52x51)^4 ~= 1 in 4.946455187×10¹³
But given enough chances it will happen.
Note that's the odds of getting a hand picked in advance 4 times in a row. Getting any hand 4 times in a row is a more reasonable 1 in 18,651,791,808. There was an instance in New Zealand where 4 players were dealt a royal flush each. The deck was shuffled and they played the next hand, again 4 royal flushes. Rare as hell to occur, I'll see if I can find the link. Please stop spreading nonsense. Added to my ignore list. |
|
|
|
I contacted him (not the whois protected stuff) and waiting for his response...
Oh, so you know him? |
|
|
|
I understand that the seed in number form is 128bits of entropy. But is the mnemonic 128 bits too? 12 words out of 1600 are 128bits of entropy? Just curious.
Yes. As long as they are *randomly* chosen. |
|
|
|
|
I think there's one (or more) sync bug in the latest release.
As a workaround, just close and restart electrum and the updated balance should show up.
|
|
|
|
It is not inconceivable that the original computer that Satoshi used as the 24/7 backbone of the Bitcoin network in 2009 and early 2010, also happened to mine 1 million coins. Sergio is talking about this.
Now, we know that the genesis block cannot be spent, because Satoshi thought it would be "unfair". Perhaps he thinks the same about these coins. Perhaps not.
Probably he is at this very moment thinking, which would be better for the universe:
- Send a message using those private keys, telling that he is about to never spend them. Possibly the coins would even be collectively banned after such a message. (Some communists have suggested this solution as a forced group decision without asking the owner of the coins.)
- Start spending them, essentially forming the largest bitcoin wealth & power center, far above the Winklevoss and the smaller fish. This comes with both privileges and responsibilities.
- Leave us in the state of confusion for some more time.
At the point when you possess the capability of generating something as valuable as this, you have a very different mindset towards money than that of the ones who want to have more of it, for the reason of getting a better life.
Are you aware that DPR owns 600,000 coins (and that's a very conservative estimate)? |
|
|
|
|
Show Posts
