The task is simple, I just need someone to teach me how to compile Electrum standalone executable for windows from source code, and I pay in btc for this job. That's it.
Just take a look at above: You can find step-by-step guides on github: That should be enough. That's basically just typing the same commands. And i am sure there are even more guides available online. Just try following the guide. If you succeed you can donate that money to the development of electrum. If you fail while doing a specific task, feel free to ask for further assistance.
|
|
|
They stopped being a privacy browser when they requested for KYC from their airdrop participants [...]
It's not Brave doing this. Uphold, which they partnered with is though. And why did they partner with them? They could have easily done that without a 3rd party. Instead, they chose the simple way without caring about their original philosophy of "privacy orientated". Brave is (and always was) a joke.
|
|
|
I don't see the point in opening a separate topic for these as they are against the forum TOS and the flags are to alert users so most of them do not require a whole separate posts to be created.
The reasoning behind that is that other people can confirm your claim and therefore support the flag. It also acts as proof for the flag. Imagine someone seeing another scam offered by the flagged person. They will likely check the flag and see that the referenced topic doesn't exist anymore. There is no way for them to verify that this flag actually indeed is accurate. Creating a new thread as a reference containing all relevant details and proof is a proper way of doing this.
|
|
|
So after reading all your replies this is my understanding;
The "master public key" is linked to my air gapped seed version. Any addresses added to the "master public key" addresses whilst running Electrum online (watch only wallet) can still be signed by the air gapped version even though the online version was not created with the seed.
Yes. The master public key has been generated from the master private key, which has been generated from the 12 word mnemonic code (you did back it up, right?). All you need to generate the private keys from the address your watch-only (online) wallet is creating, is this 12 word mnemonic. You don't need to back up individual private keys.
|
|
|
The problem is that the possibility of a double spending attack exists.
Either a simple one by replacing the transaction which has the RBF-flag set or by more complicated ones which need some technical knowledge or the cooperation with a miner. For small purchases (like a coffee) it doesn't really matter. If you don't accept RBF transactions, you are free to accept 0-conf transactions.
However, for larger purchases (or medium purchases where the buyer is kind of anonymous) you actually should wait for at least one confirmation.
|
|
|
Please find holes in my cold storage strategy.
The biggest problem is, that this actually is not cold storage. The device you are using for cold storage has to be offline. It doesn't matter whether you created a new profile/user. If your device is online, it effectively is an online/hot wallet. If you truly want to use cold storage, you need a device which always is offline. Whether this is an old notebook, a mobile phone or a raspberry pi with an attached small display doesn't matter. The point is, that it has to be offline.
|
|
|
Wie nutze ich jetzt den Mixer richtig? Von Anycoin durch den Mixer auf die wallet ? Oder direkt auf die Wallet und erst beim kaufen im market mixen?
Hängt in erster Linie ab, aus welchem Grund du deine Coins mixen möchtest. Generell würde sich empfehlen, die Coins direkt zu mixen. Damit ist dein "Wallet" schon nicht mehr mit Anycoin in Verbindung zu kriegen. Allgemein lässt sich ja sowieso keine Verbindung zwischen einem Service und einem Wallet, sondern nur zwischen einem Service und einer Adresse, herstellen. Wenn du also beim kaufen mit BTC (das meintest du mit "erst beim kaufen", oder?) möchtest, dass keine Verbindung zu Anycoin hergestellt werden kann, ist es egal wann du mixt. Wenn dein Wallet/Adresse jedoch schon nicht damit in Verbindung gebracht werden soll -> gleich mixen. Du musst auch nicht zwingend sofort mixen. Es spricht ja nichts dagegen 2 Wallets zu verwenden. Eins ist dann mit Anycoin in Verbindung zu kriegen und das andere enthält nur Coins von einem Mixer.
|
|
|
Und was wäre eine sichere Zahlungsoption?
Kreditkarte. Jede halbwegs anständige Kreditkarte bietet einiges an Consumer Protection. Bei Käufen etc. kannst du bei nicht erhalt der Ware einen Antrag auf Rückerstattung stellen. Sofern du beweise vorlegen kannst, dass du nichts erhalten hast oder dass der Verkäufer sich quer stellt etwas zurückzuerstatten, kannst du dir dein Geld einfach wiederholen (bis zu ~120-180 Tage nach Kauf).
|
|
|
Fingerprint sensor.. and <230€. Hmm..
If providing biometrical data is sufficient to be able to sign a transaction.. it definitely is not secure.
A proper fingerprint sensor costs waaay more. Anything in this price range is useless and can easily be circumvented by providing some stupid silicon material. There are blueprints available which unlock ~70-80% of all fingerprint secured mobile phones. And the sensor in that device can't be much better.
|
|
|
It is important especially on mobile devices, for whom wallets don't provide a decent security (only an easy-to-crack 6 digit PIN).
The idea behind a 4 or 6 digit pin is that after X wrong tries, the app is either locked and requires a different (longer) password or the whole content is erased. Obviously 10 4 or 10 6 possibilities is not much to bruteforce. But the fact that you only have 5/10/15 attempts is the key. With 15 attempts and 1.000.000 possibilities, you won't be successful unless a stupid pin (e.g. 123456) is chosen. Sensitive information also is not encrypted using that pin. The pin is used to access the encryption/decryption key. So simply gaining access to the wallet file and bruteforcing it on another device does not work. And the encryption/decryption key usually is stored in a secure place (ios: secure enclave; android: keychain). Both are hardware backed storages for key material. So, even with a 4-6 digit pin, it isn't simply possible to bruteforce your way into a wallet, assuming the implementation is done correctly.
|
|
|
Is it possible to get the private key from a Bitcoin raw transaction?
No. A "raw transaction" is simply a transaction. I guess you are referring to the getrawtransaction CLI command from core ? You can use the -v (verbose) flag to get more information about that transaction. However, a private key is never included in a transaction. The private key is used to sign the transaction. Transactions are being broadcasted into the network. They simply can not contain your private key without the whole system being worthless and broken.
|
|
|
You are assuming that Brave user base is only made of people who want a few tokens.
And that's probably the reason the majority is using brave. There is no other sane reason to use brave instead of e.g. firefox. I was using it because of its in built adblocker
You chose a browser based on an ability which every other browser has an addon for ? Does brave also block every javascript until you allow it? There are addons for that as well.
|
|
|
I want to do it on pen and paper, so that I never have to type my hole private key into a computer. I do not have any good hardware that i do know for sure that no one has hacked or spyed on in some kind of way.
Unless you are going to try to sign transactions using a pen and paper, at some point you will need to enter your private key into a computer. Same applies to the generation of the private-/public keypair. You won't be able to do everything without a computer. Do you already have a solution for the generation and transaction signing ?
|
|
|
Do you have a link to scheme that is made and approved by cryptographer, that i am able to do with pen and paper and would require 2 of 4 parts? I would be more than happy to use that, but I have not been able to find it.
Secret sharing schemes usually involve mathematics (and not just simple calculations). You can do every scheme with pen and paper, altough it is not that easy. Sharing schemes based on the chinese remainder theorem aren't that hard to calculate with pen and paper (and a calculator maybe). Take a look at Mignotte's and Asmuth-Bloom's sharing schemes. There is even an example on wikipedia on how to split and retrieve the secret. You can definitely do them without a computer. However using a small (even self-written) script which implements that scheme should be fine too from a security-related point of view. But then, i don't know what your thread model is and why you want to do it with pen/paper only.
|
|
|
Just stop creating your own techniques. Use a very well known, common and functional secret sharing scheme, such as Shamir's (SSS).
Doing your own crypto always fails. Whether encryption or something else doesn't matter. Professionals in the field of crypto already created several good secret sharing schemes.
You don't have to use Shamir'r secret sharing scheme which is based on polynomial interpolation. There are other gemoetric schemes or schemes based on the chinese remainder theorem available.
Just use a scheme made and approved by cryptographer.
Don't do your own crypto!
|
|
|
All those " acoustic, seismic, magnetic, thermal" and so on described by Wikipedia are just conceptual discussions ("gravitational" falls into the same category). I didn't know any practical case related to them. If you know actual case please share it by providing a link.
There are some interesting paper published by Guri Mordechai (and others) covering this topic: You're slowly moving to theoretical attack rather than practical attack, no one would do that unless they know you have tons of cryptocurrency or other confidential/valuable data.
Definitely, yes. There are concepts (and published malware) available. But unless you own an enormous amount of money (and people know that), it is extremely unlikely to ever encounter such an attack. Institutions, however, should have enough physical security to be protected against such attack vectors. Aside from using USB drive (and probably install OS/application in secure manner) on air-gapped device, i think user don't need to worry about possible attack vector of their air-gapped system.
I completely agree with you. All i wanted to point out is, that you never can be completely safe.
|
|
|
[...] how does the other computer know if the private key I am now entering on metamask to import an account is correct or not?
A private key basically is just a big random number. When you import a private key into a wallet, it derives the public key and the address. If there is nothing wrong (e.g. sanity checks / amount of bits), it is a valid private key and will therefore produce a valid public key and address.
|
|
|
(for added security I run it inside an encrypted single purpose virtual machine where 99.9% of malware won't find it).
Well yeah.. you don't gain anything security-wise with that. Your virtual machine is worthless if the host is compromised. And security by obscurity is (and always has been) a bad practice. What I want is a single wallet, based on that single seed phrase, which has separate compartments that work like separate wallets.
What you are looking for, is basically any wallet which lets you adjust the derivation path. BIP 32 / BIP 44 specifices the derivation path. And one parameter ("account") is being used for exactly that. m / purpose' / coin_type' / account' / change / address_index
|
|
|
Really? Even if recipient doesn't want to get fund to SegWit address simply because he has no access to it due to the bug?
If he doesn't want to receive funds to a segwit address, he should not provide one. If you get an address, you pay to it. Doesn't matter what kind of address it is. The recipient already chose whether he wants or doesn't want to receive funds to a segwit address by giving it to you and declaring it as the payment address. Someone may have recipients address given him some time ago and he/she thinks it is still valuable for recipient but it's not. I always check whether the address is still topical and encourage you to do the same.
Reusing addresses is bad practice. Whenever you pay for something you should get a new address.
|
|
|
Alternativ könntest du hier im Forum natürlich auch BTC gegen Paypal verkaufen.
Hierbei ist es aber wichtig, dass du wirklich nur mit Leuten handelst, die eine gute Reputation aufweisen. Da Paypal-Zahlungen umkehrbar sind, trägst du damit immer ein gewisses Risiko.
|
|
|
|