I'm not sure I follow your logic here. If people have to send their dust to an address you provide, then you've already given the attackers what they want - the dust to move in a transaction. Even if you don't move the dust until you have 200 inputs to consolidate, the information has already been leaked by the first transaction, no?
What is wrong with it? If the information about address is well known, so anyone may send dust, there is no leak, at least not the intended (several addresses sending dust in this same transaction). Or I am missing something? The cost of using the collected dust later is something different. |
|
|
|
I've thought about creating a service for this for a while, but haven't found an easy way to make sure a Bitcoin address only gets shown once on a website. My idea was to provide a list of unique Bitcoin addresses anyone can use to send their dust to, and I promise not to move the funds until there are a. at least 200 inputs or b. 10 years have passed.
Would you like to resurrect this project? I think it could be easily doable using bitcoinj library. PM me if you think it still makes sense. |
|
|
|
The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them.
Which wallet give this feature? I can't remember if I have seen anything like this in electrum. As far as I know, certain address can be freezed but not sure about freezing unspent output. Can you recommend one? Possible in Electrum. |
|
|
|
Sending the dust to a burn address is exactly what these dust attackers want you to do. Any movement of the dust reveals at least something about the address they sent it to, and since the vast majority of dust attacks are for 546 satoshi (or the equivalent dust limit for other address types), then you need to use another input from elsewhere to be able to pay the fee, thus revealing even more information. Sending the dust anywhere, even to a burn address, is the wrong course of action.
The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them. If you get fed up of looking at them in your wallet, then move to a new wallet. Even better would be for wallets to offer the option of blacklisting such outputs, so they can never be spent and are hidden from being displayed altogether.
Ah ok. I see. My point is - why not to send dust to some charity address. Or make a 'agreement' that everyone sends it to RedCross or sth like this. But if it is not possible to send just a dust itself (547sat) then in fact it makes no sense, as you must 'add' something from yourself. |
|
|
|
|
How can we burn dust? As far as I understand, the idea behind is to observe transactions which contain dust and see if several addresses sends dust "together" -> in one transaction or to the same address.
What if all the people would send dust to one agreed address?
|
|
|
|
I have trouble understanding PGP. I have Kleopatra installed and I have a certified keypair or something like that. I see people sharing PGP fingerprints, uploading them to servers, pgp blocks, I want to share this too. but what can I share? I have made a list below with the things that I have: - blablaPUBLIC.asc
- blablaSECRET.asc
- My fingerprint
What are the things I can share? And what is which one used for? Thanks! Public key. Only. you may also publish fingerprint, but it is useless without access to public key. So, in few words: You have two parts, public and private. Public is.... public. In fact you should upload it to any PGP server for other users to be able to find it. Private is yours. If someone gets your private key, you should revoke it. 4 operations are possible: - you sign message to someone -> you use your private key to sign something (text, file)... Private key will generate signature. Other side must have your public key (you may give it or person may find your key somewhere, on the PGP server, using your email or name or fingerprint etc.). If public key corresponds to the private key used by you - signature will be approved. - you may encrypt message to someone -> you need someone's public key. They you encrypt message and other person may decrypt it ONLY if have private key corresponding to public key you used. So, in fact even you cannot decrypt message you encrypted... but usually programs make is possible because they also prepare it using your's public key (it is possible to have more than one recipient). - you may verify signature - if you receive signed content, you may verify the authenticity using someone's public key. This part is interesting, because it is the way how you may verify if program (executable) or some other content is not modified. For example - author of Electrum wallet signs application and tells which key you should find/get to verify if the file comes really from him. - you may decrypt content prepared for you - if someone encrypted text/file using your public key, you need private key to decrypt it. As you see, operations are symmetrical and it is easy to understand if you think about it a little and remember that public part is available for everyone and private should be kept on your side. Regards, |
|
|
|
i have a weird question, i know generally if there is no way to generate a private key from a public key, however, if i had the public key and say, 44 of the 51 characters of the private key, could i possibly use them to fill in the missing digits? backstory: i bought a paper wallet and when the cops tore my car apart looking for something that wasnt tgere, they trampled my paper wallet. i can r ead all of the public key and all bu t like 7 or 8 digits of the private. is it possible to decipher the missing characters?
Sure. Take a look at my program here: https://github.com/PawelGorny/WifSolverDepending on which characters are missing, solution will come sooner or later... Check examples. |
|
|
|
Java is designed to be portable such that the same Java program that's compiled with one Java development kit should run on a JVM from a different vendor. So it shouldn't matter whether you used Oracle, Amazon, Red Hat, or some community-developed JDK, they're all based on the same OpenJDK standard.
Theory....  As long as you do not use features from newer version than yours or library compiled with the newer version of java... And minor version sometimes matters, unfortunately... but it is off-topic. Anyway, you may always get maven and compile project yourself. |
|
|
|
I don't see many bitcoin tools created with Java (mostly uses Python or C/C#/C++). Most Java program i use usually need specific version range (such as Java 1.8/8).
It would be great if you can write required Java version and whether it support OpenJDK.
I used Java8 for compilation (1.8.271), but you may use any 1.8+. I did not test with OpenJDK, but I think it will work - on 99% Later I will try to install it one some machine and launch. |
|
|
|
|
I played a little and released a new version.
Now it is possible to search for more than one word if the position is specified.
More details in readme.
|
|
|
|
Validating the mnemonic's checksum should limit the number of possibilities to around 192.
Indeed! I have published the new release, it is much faster now. Thanks. |
|
|
|
Usually it isn't the last word of the seed that is lost, it could be any word in the list that is lost somehow and forgotten by human memory. So I suggest implementing support for guessing which word position in the phrase you want to find.
Yes, it is how it works. Missing word could be on any position. Maybe I incorrectly used word 'last', but I wanted to say that one is unknown. |
|
|
|
Hello editedRecently someone on this forum wrote that he has 23 words of his seed and was looking for a way to find the last, missing word, which could be on any position. As he had problems with his python for btcrecover, I wrote a very simple java program. Unfortunately for some reason it did not work for him, but as I had some time today to play with it, I publish the next release. It is nothing special, but I treat it as a way to learn something new and maybe someone will find it interesting - or even better, someone will find it useful. My idea was to make it more user-friendly than btcrecover. There is still lot of things which could be done, but let's start slowly. Currently I use library from bitcoin core, what I was able to cover is (based of wonderful page https://iancoleman.io/bip39/) BIP32 and BIP141/P2WPKH. Maybe it is possible to have other modes implemented, I must investigate. It is also possible to specify derivation path, if one wants to look for address which is not the first one. And 'hardened address' option works too. Please let me know if you have any idea what also could be useful for some people, maybe you know any other interesting use cases. I think the easiest would be to check several consecutive addresses from derivation path, but is it really important? The code and compiled jar is available on github: https://github.com/PawelGorny/lostwordeditedNow program words in modes: https://bitcointalk.org/index.php?topic=5295174.msg56473042#msg56473042All is described in ReadMe in github. Regards, |
|
|
|
Hi all,
I have a problem :
- I resetted my Ledger Nano S by putting 3 times the wrong password.
- I do have the list of word, and have 23 of the 24 words (yes this is weird but that's the problem).
So I know 23 of the 24 words, but I'm stuck to know what the last word is, and I'm not really sure about its position in the whole list...
Does someone have a solution for this?
It does not look to be difficult, as long as you are sure of the order of the rest of the words.
I may prepare a simple program which may check it, but you will need to know 'derivation path' (account number?) and address used (preferably the first one).
And here you are: https://github.com/PawelGorny/lostwordRequires java of course. Very simple program, could be improved in many ways, but not today Slow, but works. If your case is simple, it will help, if not - let me know, I will modify it. I have tested with examples from https://iancoleman.io/bip39/, using first address from derivation path m/0/0. Here you may download compiled .jar, or if you do not trust me, you may download sources and compile on your computer. https://github.com/PawelGorny/lostword/releases/tag/0.1 |
|
|
|
|
Can be this issue reproduced on testnet?
|
|
|
|
|
Show Posts
