Bitcoin Forum
May 28, 2024, 06:09:01 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 [2] 3 4 5 6 7 8 »
21  Alternate cryptocurrencies / Announcements (Altcoins) / Re: Announcing Alphacoin - the newest altcoin has arrived!! on: June 10, 2013, 08:57:32 PM
send alpa please, m broke as a joke. a22fY3CvZpksn28FATfjdg1FwXzMrRrYwA

With a quip such as 'Employable, but it'll cost you' your credibility is zero on this Wink

since you are mining like a boss, why not employ me to hold on to your alphas?

Hmm ok..my wallet is here https://i.imgur.com/87FXKF8.jpg

Only take 10 coins tho now ya hear?

Oldminer, i like your wallet, can you make one for me next time?  Tongue

Please label NSFW next time!
22  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] The Most Perfect Coin [UPDATED] on: June 10, 2013, 08:27:25 PM
Doesn't anyone understand how the crypto network functions? How do you suppose people will move coins around, if there are no miners to find blocks and get confirmations?

This is a huge point I'm still trying to understand about cryptocurrency as a whole. Will transaction fees be enough to keep miners going on any coin. The rationale is that once all the coins are minted, there will be more in circulation and thus more transactions and more tx fees. Those fees are supposed to subsidize the miners. The crazy thing that will probably happen with bitcoin is that towards the end, there will probably be huge hashes fighting for the last coins. That will push up the difficulty and then they will probably fall off when those last coins are minted, I think, leaving the difficulty stuck too high for a while. That is a ways off though, so maybe something will be done about that, or there already has been something done and I just haven't heard about it or haven't understood it fully.

But with the case of this coin. If all were minted in 2 weeks, there wouldn't be many services set up for people to spend their coins at, so there would be minimal transaction fees and hardly any incentive to mine at all.

This would be a good way to find out.

Generally, transaction fees should keep the miners busy.  But who knows?

Lets do it and see what happens next.
23  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] USSC Crypto-P2P-Server | Decentralized P2P Exchange & Application on: June 10, 2013, 08:10:14 PM
Sorry for taking so long to update this thread.

I am currently researching & meditating on other ways to solve some of the problems we are facing for a decentralized p2p exchange.

(I WILL POST TOMMOROW OR DAY AFTER NEXT...   CHECK BACK THEN.)
24  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] The Most Perfect Coin [UPDATED] on: June 10, 2013, 08:01:46 PM
Basically relaunch MNC without premine.

Isn't this coin a 2 week long premine though? lol

Two weeks is kind of short. Expand it to... let's say... maybe two months?
25  Bitcoin / Bitcoin Discussion / [PSA] Secure Bitcoin Accounts from Hackers Using LiveCD OR Disposable Wallet on: June 10, 2013, 05:43:55 PM
How To Secure Large Bitcoin Accounts

USE A BRAIN WALLET!

This is what I do to keep my cryptocurrency accounts safe from hackers:

1. Boot up PC with a easy to use Live Linux CD like UBUNTU or TAILS:  http://www.pendrivelinux.com
 
2. Keep a saved copy of the Bitcoin/Litecoin client source code on a usb flash drive along with a saved copy of the brainwallet generator such as bitaddress (for Bitcoin) or liteaddress (for Litecoin).

3. Insert usb and copy source-code and address generator to home directory on live cd instance.

4. Verify (md5sum, PGP, etc...) source-code of Bitcoin/Litecoin client and then compile the source-code (just a few commands. To make things faster, you can use a saved script that you have stored on the usb flash drive.).

5. Load the saved block-chain that you have previously stored on the usb flash drive. Copy the saved block-chain to the bitcoin/litecoin directory.

6. Start the Bitcoin/Litecoin client and update the saved blockchain.

7.Unplug your internet connection then use the offline wallet generator brainwallet tab to generate your Bitcoin/Litecoin Private Key.

8. Import the Private key into the Bitcoin/Litecoin Client.

9. Reconnect your internet connection then perform whatever Bitcoin/Litecoin transaction(s) you desire.

10. Reboot/Shutdown.

That is all. All of your coins are safe in an offline brain wallet. Do not keep a wallet.dat file!



OPTIONALLY YOU CAN USE THE DISPOSABLE BRAINWALLET METHOD HERE[/]:

https://bitcointalk.org/index.php?topic=209269.0


Disposable Wallet Method:

Just what is a "disposable wallet"? Its not just a wallet you use then throw away. Its way more complex than that.

A "Disposable wallet" is a one-time use wallet whose contents are in an un-redeemed state in the blockchain. Once the private key is imported into the Bitcoin client and a transaction has occured the wallet is then discarded. Any coins left over from the transaction are sent to a new "Disposable wallet" and those coins also remain in a non-redeemed state in the blockchain as well.

Disposable wallets are brain wallets that you generate using something like bitaddress.org.

If you click on the brain wallet tab of the site and enter a passphrase:

Quote
maryhadalittlelamb

the javscript will output this:

Quote
Bitcoin Address: 1Fcf6bCJWt2UGkK9fnTWnynY9dMcoA2v3v

Quote
Private Key (Wallet Import Format): 5KgCWZGaSqAFv5Fv74thJR4Gzv4KFPX13q4WidDmELnYNHoqGNf

After the wallet is generated. You can immediately send money to that address:

Bitcoin Address: 1Fcf6bCJWt2UGkK9fnTWnynY9dMcoA2v3v

If you send money to that address and do not use or import the private key into any bitcoin client then the transaction will be added to the blockchain and the coins will have a status of NOT-REDEEMED.

As long as you do not import the private key in to any Bitcoin client the status will not change.

A "Disposable wallet" is a one-time use wallet whose contents are in an un-redeemed state in the blockchain. Once the private key is imported into the Bitcoin client and a transaction has occured the wallet is then discarded. Any coins left over from the transaction are sent to a new "Disposable wallet" and those coins also remain in a non-redeemed state in the blockchain as well.

How does that help secure the p2p exchange servers from rogue admins?

The answer is simple:

After generating the private key, you split the key into multiple parts and then store them on multiple servers in the p2p network.

With this scenario, there are no wallet.dat files even stored on the server. All that is stored are partial private keys.

If a rogue admin tries to access the wallet banks all he will be able to retrieve are partial private keys.





So how do you conduct a transaction?  

With something I call a "wallet-virtual-server" or "transaction-server" or "wallet-bot".

I will tell you about "wallet-bots" in the next post.

(I AM WRITING THIS WHILE YOU READ IT... CLICK REFRESH TO UPDATE THIS POST.)

26  Bitcoin / Project Development / Re: Distributed identity and reputation database on: June 10, 2013, 05:14:00 PM
A user identity database can be created without requesting personal information such as name, address, etc...

All that is needed for user identification is a cryptographic identifier that only that specific user has access to. For example, a brain-wallet key generated from a very long passphrase.
27  Bitcoin / Project Development / Re: BrainPay - a new way to manage your Bitcoins with your brainwallet on: June 10, 2013, 05:09:13 PM
Quote
Your passphrase or private key never leave the extension

How do you secure the extension?

Doesn't matter anyway.

The extension should not save anything. The extension should generate the wallet key on demand.

The purpose of a brain wallet is so you do not have to save anything at all.

Maybe that is what you are trying to say.  If so, then very good initiative!
28  Bitcoin / Bitcoin Discussion / Re: Announcing Project Invictus: a P2P Exchange Collaboration on: June 10, 2013, 04:40:04 PM
I laud the effort and will watch closely

however I have seen a few of the P2P exchange threads now full to the brim with details,  if as much time was spent coding as writing these long descriptions, we would have P2P exchanges by now, eg satoshi coded bitcoin before writing how it worked

The problem (and one of the reasons why I have not coded anything), is that the community needs to come to a consensus on what is needed for a decentralized p2p exchange.

I have submitted and am working on a design for a decentralized p2p exchange here:

https://bitcointalk.org/index.php?topic=209269.0


My purpose of my design submission is to inspire a coordinated effort in the crypto-community to develop a p2p exchange.  I have submitted some ideas that solve some of the problems but would like others to submit ideas as well.

Some of the problems with fiat conversions are government institutions and laws.  No one (including myself) wants to submit designs that seem to condone breaking the law.  I have a solution to the fiat conversion problem, but it directly clashes with some of the legality that some governments have issued guidelines for.  I am debating even if I should submit a design to solve the fiat conversion problem.  The truth is the solution is quite simple (nevermind).  
29  Alternate cryptocurrencies / Announcements (Altcoins) / Re: ★★ [ANN] [CRD] Credits, a new crypto with real innovation ! ★★ on: June 07, 2013, 06:18:18 PM
You gave one really good idea that I think everyone should take seriously:

Quote
A transaction fee of 0.01% because I think a percentage is preferable over a fixed fee.
30  Alternate cryptocurrencies / Altcoin Discussion / [ANN] The Most Perfect Coin [UPDATED] on: June 07, 2013, 04:39:03 PM
PERFECT COIN

Want a highly successful coin?

Make a coin with all of the following:

1. A coin that can be fully mined to the hard limit in less than two weeks months by just a few hundred users with good machines.

2. Make the difficulty high at the beginning and then get lower as more users join in mining, and as the hash rate goes up.

3. Create LESS than 500,000 coins total

4. After two weeks months all of the coins will be minted and no more can ever be made!

5. Then request the rare coin to be added to exchanges for trading.

6. NO PREMINE (FOR ANY REASON)!!!


I guarantee you, that you will have a popular coin that everyone will love.  Especially the latecomers!  Plus, you will have the only fully minted crypto-coin in the world!

31  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] USSC Crypto-P2P-Server | Decentralized P2P Exchange & Application on: June 07, 2013, 04:19:39 PM
User Account Consensus

By keeping more than one instance of a specific virtual-server online it is now possible to have them use a consensus to perform valid transactions. (I will get back to Bob and Alice's transaction later).



32  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] USSC Crypto-P2P-Server | Decentralized P2P Exchange & Application on: June 07, 2013, 03:32:40 PM
Blockchain vs "Federated" p2p system.

I must admit that the system being designed on this thread is indeed a "federated" type system. Any p2p exchange is going to have to have some sort of federation in order to be successful.

What will make the system liberated are the various p2p exchanges interlinked through contract agreements enforced by protocols built into the system. As I explained in an earlier post, a group such as Anonymous could produce a p2p exchange in their name then interlink it to another group such as Kim Dotcom's Mega. Both could have connections to Fiat converting sites such as MTGOX and BTC-e.  Users could choose which p2p exchange they wanted to have their account on, then be able to move that account to another p2p exchange if so desired.

Because this system is built on an application stack there is no need to "reinvent the wheel". The blockchain would still be utilized by the bitcoin/litecoin/cryptocurrency clients at the bottom of the stack.

Being a federated system the owners of the system should allow anyone to join as an admin (so they both can make money). The admin would charge a transaction fee to the end-user if his server is used in any transactions. This allows the federated system to be open to anyone interested in becoming an admin and deploying a physical server to house virtual-servers on the network.

The sec-coins would allow a measure of control over the entire p2p network. The sec-coins would only be seen by administrators on the network.



 

33  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] USSC Crypto-P2P-Server | Decentralized P2P Exchange & Application on: June 07, 2013, 03:20:23 PM
Hello,

Things seem to be drifting in a direction which is pretty far away from the original goals. Users creating alt coins?

All the end user wants is some software he can run, which will facilitate a secure currency exchange without any need for a central server. That is the goal. I think you should focus on that and keep all the other good ideas for another time and another project.

-Michael



Sorry I have been away a few days. Been a little under the weather. But I am back now.

Michael,

The end-users would not have to create anything.  Just install a plug-in into their bitcoin software.

You asked me in a previous post about security measures in the p2p exchange. The security coins (sec-coins) are a supplemental method keep secure the p2p network infrastructure.

The processes that I am writing about on here are background processes that the end-user does not see.

The end-user would not ever see the sec-coins. His client would perform all of the validations. All the user does is click yes or no to confirm the transactions.

Please understand that p2p networks are decentralized by nature; so, not all of the server operators are going to be honest, good hearted people. So the network must be designed to be functional while keeping a good measure of security to protect the end-user accounts.

This thread and my design are geared mostly toward software developers and system admins who would be interested in developing or deploying such a system.
34  Bitcoin / Project Development / Re: [ANN] P2P Decentralized Orderbook on: May 27, 2013, 09:50:24 PM
New Sec-Coins Thwart Hackers & Rogue Servers on p2p Exchange

More details here:

https://bitcointalk.org/index.php?topic=209269.0

If you are reading this or printing this out then you might want to re-read or re-print this thread. I have made changes to the configuration and security practices. Most of the changes are from the Disposable Wallet Section on.


ALT-COIN SECURITY

USE WORTHLESS ALT COINS TO DO TRANSACTION VERIFICATION BETWEEN NODES.

All of these new alt coins being created everyday are not necessarily a bad thing. Crypto-coins and their corresponding blockchains can be used for other things besides money. Like securing transactions between P2P nodes. You can use worthless alt coins as transaction verifiers throughout the entire p2p network; and its more secure than using CA certs, pre-shared keys, or other more complicated security setups.

For high security, don't use other alt coins. Make your own customized alt coin for the same purpose. You don't have to worry about double spend attacks because you are only using it for the purpose of securing transactions for the p2p network and you are the only one with access to the coin. Make a coin that is fast and can be mined easily. Afterward, pre-mine it with enough coins to support the entire network. You wont have to worry about it retaining a monetary value because its pre-mined. Don't give any coins out to anyone except server admins. It shows the users on the exchange that a server admin is validated because no one should have the coins except for server admins.


The good thing about alt-coin security is that no one will have your coin except you. As long as none of the admins don't send their coins to other people. If they do you can find out by doing an blockchain analysis. If no one has your coins except for you then that makes it much harder for a hacker to compromise the p2p network integrity.


Security-Coin Validation
Use the blockchain to verify where the security-coins came from. If a server node sent you security-coins from a wallet address of ABCDEFG1234567 to validate a specific transaction you can verify the where the security-coins came from by doing a blockchain analysis. The analysis will show where the security-coins came from. If the security-coins came from an address that you do not know or is not listed in the security list you know not to perform the said transaction. It that simple. No ACLs, no certs, no keys, just alt-security-coins.

High Level Security-Coins
For sensitive servers such as high level wallet-bots use a different security-coin than that which is used by the rest of the network. Only give it out to server admins that are high level. This provides an additional layer of security within the p2p network.

Keep Track Of Every Coin
The head of the p2p network can disburse security-coins to the server admins for transaction verifications and tolls on the network.  As the security-coins travel from the server admins to other nodes, you can make nodes to collect the security-coins and bring them back to you. A security-coin audit can show if any security-coins were lost and where they went and who lost them. This provides better security than other methods; in addition, if a server admin and his nodes are booted or fired from the p2p network you can blacklist his wallet address or refuse to give him more security-coins to perform transactions and pay tolls on the network.

Transaction Tolls
Transaction Tolls provide a way to control and maintain the p2p network. Certain nodes require certain security-coins and a specific amount. For example, a high level transaction involving a large sum of money might require a larger amount of security-coins before the transaction will take place. Only admins with that amount of security-coins will be able to perform the said transaction.

Security-Coin Dual Wallet Application
I recommend coding a dual-wallet application for the wallet-bots. Code the wallet application so that the Bitcoin/Litecoin wallet will not send cryptocurrency to anyone unless there is a sufficient amount of security-coins to perform the said transaction. You can hard code the security-coin amounts based on how much cryptocurrency is sent. This would make it much harder for a hacker to get the bot to send coins to an illegal wallet address.


Append the Sec-Coin Wallet Address To The Name Of The Node
Name the sever nodes on the network with their corresponding sec-coin wallet address appended so that users and end-user clients can view the sec-coin blockchain to verify that the server performing the transaction actually has sec-coins and enough of them to perform the task. If a rogue server-node spoofs a sec-coin wallet address and attempts to perform a transaction on the p2p network, the transaction will be denied because the rogue node doesn't have any or enough sec-coins to complete the transaction.  Verify the transaction afterward by examining the sec-coin blockchain to see if the balance has changed.  If the balance is still the same then you know a rouge server was spoofing a valid servers wallet address.  When the transaction confirmation comes back to you, deny the confirmation.  If you know that a sec-coin transaction costs five sec-coins and the balance has changed by four; again, deny the transaction confirmation when it arrives.

(I AM GOING TO TAKE A BREAK... BE BACK LATER)


Use a Proof Of Stake Alt-Coin
As much as I do not like "Proof of Stake" coins, I have to admit that they are better to use for sec-coins.  The reason for this is because sec-coins are purposely pre-mined. What that means is that the pre-miner should be the largest stake holder.
Being a "Proof of Stake" sec-coin, any attack against the sec-coin will be far more expensive for the attacker as opposed to using a "Proof of Work" sec-coin.

Keep The Sec-Coin Secret
Once you download the open source version of this p2p software (when it is made) and are going to customize and use your sec-coin; do not release the newly customized alt-coin that you are going to use as a sec-coin.  Do not release the customized source code. Do not release the software clients binaries after you have compiled them. What I am saying is, keep the sec-coin secret and confidential. This is going to be the foundation of your p2p network security.  Do not announce pre-mining operations to anyone.  You don't want anyone else mining your sec-coins while your pre-mining operation is going on.


*I am not saying that I will develop this p2p software that I am designing, but I imagine the developer of the software will release the code as open source (as per my request at the beginning of this thread).


Set a Hard Limit on each Sec-Coin you create
Pre-mine each set of sec-coins to the hard limit.  If you set a hard limit on each set of sec-coins that you pre-mine and you mine it to the hard limit; no more coins can be made after your pre-mine operation is over.  If you pre-mine one million sec-coins then make sure no more can be made afterward.  Pre-mine multiple sets of sec-coins for different purposes and security levels.

Keep Track of the Sec-Coins You Pre-Mine
Keep count of the sec-coins that you have pre-mined. Since you pre-mined the sec-coins to the hard limit, you now are obligated to keep count of the coins. If you lose any sec-coins that you have pre-mined, they can potentially be used against you if a hacker gets his hands on them.

Wholly Abandon Any Set of Sec-Coins If Some Of The Coins Are Lost or Stolen
If a rogue admin sells some of the sec-coins that you made, or you somehow lost some; then you need to wholly abandon that particular set of the pre-mined coins. If you have pre-mined multiple sets of sec-coins just replace the set with another or pre-mine some more. Whatever you do, I urge you - Do not use any of the sec-coins from the set that was compromised. Dump them on the market (they may have value if your p2p exchange is popular) or throw them away.  Once again I tell you: If you lose any sec-coins that you have pre-mined, they can potentially be used against you if a hacker gets his hands on them.



(CHECK BACK TOMORROW FOR MORE UPDATES...   THANKS EVERYONE!)


More details here:

https://bitcointalk.org/index.php?topic=209269.0


35  Bitcoin / Bitcoin Discussion / Re: New Type of Disposable Wallet Stops Rogue Admins From Stealing Wallet.dat files on: May 27, 2013, 09:24:23 PM
More tomorrow. I may show how to deploy sec-coins and best practices. If you have any questions. Please post.
36  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] USSC Crypto-P2P-Server | Decentralized P2P Exchange & Application on: May 27, 2013, 09:22:35 PM
More tomorrow.  I may show how to deploy sec-coins and best practices.  If you have any questions, please post.


Note for tomorrow:

Sec-coins can be used in email to validate email in place of a signing key.
37  Bitcoin / Bitcoin Discussion / Re: [ANN] New Sec-Coins Thwart Hackers & Rogue Servers on p2p Exchange on: May 27, 2013, 09:21:43 PM
More tomorrow. I may show how to deploy sec-coins and best practices. If you have any questions. Please post.
38  Alternate cryptocurrencies / Altcoin Discussion / Re: [ANN] USSC Crypto-P2P-Server | Decentralized P2P Exchange & Application on: May 27, 2013, 08:14:29 PM
Use a Proof Of Stake Alt-Coin
As much as I do not like "Proof of Stake" coins, I have to admit that they are better to use for sec-coins.  The reason for this is because sec-coins are purposely pre-mined. What that means is that the pre-miner should be the largest stake holder.
Being a "Proof of Stake" sec-coin, any attack against the sec-coin will be far more expensive for the attacker as opposed to using a "Proof of Work" sec-coin.

Keep The Sec-Coin Secret
Once you download the open source version of this p2p software (when it is made) and are going to customize and use your sec-coin; do not release the newly customized alt-coin that you are going to use as a sec-coin.  Do not release the customized source code. Do not release the software clients binaries after you have compiled them. What I am saying is, keep the sec-coin secret and confidential. This is going to be the foundation of your p2p network security. Do not announce pre-mining operations to anyone.  You don't want anyone else mining your sec-coins while your pre-mining operation is going on.

*I am not saying that I will develop this p2p software that I am designing, but I imagine the developer of the software will release the code as open source (as per my request at the beginning of this thread).


Set a Hard Limit on each Sec-Coin you create
Pre-mine each set of sec-coins to the hard limit.  If you set a hard limit on each set of sec-coins that you pre-mine and you mine it to the hard limit; no more coins can be made after your pre-mine operation is over.  If you pre-mine one million sec-coins then make sure no more can be made afterward.  Pre-mine multiple sets of sec-coins for different purposes and security levels.

Keep Track of the Sec-Coins You Pre-Mine
Keep count of the sec-coins that you have pre-mined. Since you pre-mined the sec-coins to the hard limit, you now are obligated to keep count of the coins. If you lose any sec-coins that you have pre-mined, they can potentially be used against you if a hacker gets his hands on them.

Wholly Abandon Any Set of Sec-Coins If Some Of The Coins Are Lost or Stolen
If a rogue admin sells some of the sec-coins that you made, or you somehow lost some; then you need to wholly abandon that particular set of the pre-mined coins. If you have pre-mined multiple sets of sec-coins just replace the set with another or pre-mine some more. Whatever you do, I urge you - Do not use any of the sec-coins from the set that was compromised. Dump them on the market (they may have value if your p2p exchange is popular) or throw them away.  Once again I tell you: If you lose any sec-coins that you have pre-mined, they can potentially be used against you if a hacker gets his hands on them.


 




(CHECK BACK TOMORROW FOR MORE UPDATES...   THANKS EVERYONE!)
39  Bitcoin / Bitcoin Discussion / Re: New Type of Disposable Wallet Stops Rogue Admins From Stealing Wallet.dat files on: May 27, 2013, 04:34:35 PM
Disposable Wallet Method:

Just what is a "disposable wallet"? Its not just a wallet you use then throw away. Its way more complex than that.

A "Disposable wallet" is a one-time use wallet whose contents are in an un-redeemed state in the blockchain. Once the private key is imported into the Bitcoin client and a transaction has occured the wallet is then discarded. Any coins left over from the transaction are sent to a new "Disposable wallet" and those coins also remain in a non-redeemed state in the blockchain as well.

Disposable wallets are brain wallets that you generate using something like bitaddress.org.

If you click on the brain wallet tab of the site and enter a passphrase:

Quote
maryhadalittlelamb

the javscript will output this:

Quote
Bitcoin Address: 1Fcf6bCJWt2UGkK9fnTWnynY9dMcoA2v3v

Quote
Private Key (Wallet Import Format): 5KgCWZGaSqAFv5Fv74thJR4Gzv4KFPX13q4WidDmELnYNHoqGNf

After the wallet is generated. You can immediately send money to that address:

Bitcoin Address: 1Fcf6bCJWt2UGkK9fnTWnynY9dMcoA2v3v

If you send money to that address and do not use or import the private key into any bitcoin client then the transaction will be added to the blockchain and the coins will have a status of NOT-REDEEMED.

As long as you do not import the private key in to any Bitcoin client the status will not change.

A "Disposable wallet" is a one-time use wallet whose contents are in an un-redeemed state in the blockchain. Once the private key is imported into the Bitcoin client and a transaction has occured the wallet is then discarded. Any coins left over from the transaction are sent to a new "Disposable wallet" and those coins also remain in a non-redeemed state in the blockchain as well.

How does that help secure the p2p exchange servers from rogue admins?

The answer is simple:

After generating the private key, you split the key into multiple parts and then store them on multiple servers in the p2p network.

With this scenario, there are no wallet.dat files even stored on the server. All that is stored are partial private keys.

If a rogue admin tries to access the wallet banks all he will be able to retrieve are partial private keys.



So how do you conduct a transaction? 

With something I call a "wallet-virtual-server" or "transaction-server" or "wallet-bot".

I will tell you about "wallet-bots" in the next post.


(I AM WRITING THIS WHILE YOU READ IT... CLICK REFRESH TO UPDATE THIS POST.)


Disposable wallet method can be further secured using the following means:

1. Add a TTL (Time To Live) to the disposable wallet. Whether there is a pending transaction or not, set a TTL on the disposable wallet. This way a rogue admin would only have a limited time to try an attack to collect all of the partial key pieces from the servers in the p2p network.

2. Because there are replicated virtual servers keep more than one online. I know I said earlier to keep one virtual server online and the replicated copies offline. But now I have changed my configuration and design. Keep more than three virtual servers online at a time. Split the partial keys up between the online copies, offline copies, and other semi-offline virtual servers that are not linked to that particular virtual server. for example:

NY-p2p-Server
home-virtual-server-002......online......wallet-key-home-virtual-server-002-bank-001-wallet-004.dat-segment-A-XXXXXX-A-segment-end
home-virtual-server-005......offline......wallet-key-home-virtual-server-005-bank-005-wallet-002.dat-segment-G-XXXXXX-G-segment-end
home-virtual-server-007......offline......wallet-key-home-virtual-server-003-bank-001-wallet-001.dat-segment-M-XXXXXX-M-segment-end
home-virtual-server-009......online......wallet-key-virtual-server-009-bank-003-wallet-003.dat-segment-P-XXXXXX-P-segment-end

This way a rogue admin would have to hunt the keys down outside of his home-virtual-server groups. The final key he may need may be on a home-virtual-server that he doesn't even know exists on a physical server on the other side of the globe.


3. Rotate newly generated disposable wallet partial keys among the home-virtual-servers.

4. Make sure each generated key is large enough to be split into 25 parts. Split then label each part from A through Y or B through Z.

5. NEVER KEEP MORE THAN $1000 IN ANY WHOLE DISPOSABLE WALLET.  I will explain why later when I explain about wallet-servers or wallet-bots. I will also introduce you to another wallet called an insurance-wallet.

6. Set hierarchies for the wallet-bots with most handling transactions of less than $100 USD.  Higher more secure wallet-bots from more trusted admins (with higher insurance fees) can handle larger amounts. Again never allow any single wallet-bot to handle more than $1000 USD. Period.




I have made some updates and added the new Sec-Coin section:


If you are reading this or printing this out then you might want to re-read or re-print this thread. I have made changes to the configuration and security practices. Most of the changes are on from the Disposable Wallet Section.


ALT-COIN SECURITY

USE WORTHLESS ALT COINS TO DO TRANSACTION VERIFICATION BETWEEN NODES.

All of these new alt coins being created everyday are not necessarily a bad thing. Crypto-coins and their corresponding blockchains can be used for other things besides money. Like securing transactions between P2P nodes. You can use worthless alt coins as transaction verifiers throughout the entire p2p network; and its more secure than using CA certs, pre-shared keys, or other more complicated security setups.

For high security, don't use other alt coins. Make your own customized alt coin for the same purpose. You don't have to worry about double spend attacks because you are only using it for the purpose of securing transactions for the p2p network and you are the only one with access to the coin. Make a coin that is fast and can be mined easily. Afterward, pre-mine it with enough coins to support the entire network. You wont have to worry about it retaining a monetary value because its pre-mined. Don't give any coins out to anyone except server admins. It shows the users on the exchange that a server admin is validated because no one should have the coins except for server admins.


The good thing about alt-coin security is that no one will have your coin except you. As long as none of the admins don't send their coins to other people. If they do you can find out by doing an blockchain analysis. If no one has your coins except for you then that makes it much harder for a hacker to compromise the p2p network integrity.


Security-Coin Validation
Use the blockchain to verify where the security-coins came from. If a server node sent you security-coins from a wallet address of ABCDEFG1234567 to validate a specific transaction you can verify the where the security-coins came from by doing a blockchain analysis. The analysis will show where the security-coins came from. If the security-coins came from an address that you do not know or is not listed in the security list you know not to perform the said transaction. It that simple. No ACLs, no certs, no keys, just alt-security-coins.

High Level Security-Coins
For sensitive servers such as high level wallet-bots use a different security-coin than that which is used by the rest of the network. Only give it out to server admins that are high level. This provides an additional layer of security within the p2p network.

Keep Track Of Every Coin
The head of the p2p network can disburse security-coins to the server admins for transaction verifications and tolls on the network.  As the security-coins travel from the server admins to other nodes, you can make nodes to collect the security-coins and bring them back to you. A security-coin audit can show if any security-coins were lost and where they went and who lost them. This provides better security than other methods; in addition, if a server admin and his nodes are booted or fired from the p2p network you can blacklist his wallet address or refuse to give him more security-coins to perform transactions and pay tolls on the network.

Transaction Tolls
Transaction Tolls provide a way to control and maintain the p2p network. Certain nodes require certain security-coins and a specific amount. For example, a high level transaction involving a large sum of money might require a larger amount of security-coins before the transaction will take place. Only admins with that amount of security-coins will be able to perform the said transaction.

Security-Coin Dual Wallet Application
I recommend coding a dual-wallet application for the wallet-bots. Code the wallet application so that the Bitcoin/Litecoin wallet will not send cryptocurrency to anyone unless there is a sufficient amount of security-coins to perform the said transaction. You can hard code the security-coin amounts based on how much cryptocurrency is sent. This would make it much harder for a hacker to get the bot to send coins to an illegal wallet address.


Append the Sec-Coin Wallet Address To The Name Of The Node
Name the sever nodes on the network with their corresponding sec-coin wallet address appended so that users and end-user clients can view the sec-coin blockchain to verify that the server performing the transaction actually has sec-coins and enough of them to perform the task. If a rogue server-node spoofs a sec-coin wallet address and attempts to perform a transaction on the p2p network, the transaction will be denied because the rogue node doesn't have any or enough sec-coins to complete the transaction.  Verify the transaction afterward by examining the sec-coin blockchain to see if the balance has changed.  If the balance is still the same then you know a rouge server was spoofing a valid servers wallet address.  When the transaction confirmation comes back to you, deny the confirmation.  If you know that a sec-coin transaction costs five sec-coins and the balance has changed by four; again, deny the transaction confirmation when it arrives.

(I AM GOING TO TAKE A BREAK... BE BACK LATER)

More Here:

https://bitcointalk.org/index.php?topic=209269.0
40  Bitcoin / Bitcoin Discussion / [ANN] New Sec-Coins Thwart Hackers & Rogue Servers on p2p Exchange on: May 27, 2013, 04:26:11 PM
New Sec-Coins Thwart Hackers & Rogue Servers on p2p Exchange

More details here:

https://bitcointalk.org/index.php?topic=209269.0

If you are reading this or printing this out then you might want to re-read or re-print this thread. I have made changes to the configuration and security practices. Most of the changes are from the Disposable Wallet Section on.


ALT-COIN SECURITY

USE WORTHLESS ALT COINS TO DO TRANSACTION VERIFICATION BETWEEN NODES.

All of these new alt coins being created everyday are not necessarily a bad thing. Crypto-coins and their corresponding blockchains can be used for other things besides money. Like securing transactions between P2P nodes. You can use worthless alt coins as transaction verifiers throughout the entire p2p network; and its more secure than using CA certs, pre-shared keys, or other more complicated security setups.

For high security, don't use other alt coins. Make your own customized alt coin for the same purpose. You don't have to worry about double spend attacks because you are only using it for the purpose of securing transactions for the p2p network and you are the only one with access to the coin. Make a coin that is fast and can be mined easily. Afterward, pre-mine it with enough coins to support the entire network. You wont have to worry about it retaining a monetary value because its pre-mined. Don't give any coins out to anyone except server admins. It shows the users on the exchange that a server admin is validated because no one should have the coins except for server admins.


The good thing about alt-coin security is that no one will have your coin except you. As long as none of the admins don't send their coins to other people. If they do you can find out by doing an blockchain analysis. If no one has your coins except for you then that makes it much harder for a hacker to compromise the p2p network integrity.


Security-Coin Validation
Use the blockchain to verify where the security-coins came from. If a server node sent you security-coins from a wallet address of ABCDEFG1234567 to validate a specific transaction you can verify the where the security-coins came from by doing a blockchain analysis. The analysis will show where the security-coins came from. If the security-coins came from an address that you do not know or is not listed in the security list you know not to perform the said transaction. It that simple. No ACLs, no certs, no keys, just alt-security-coins.

High Level Security-Coins
For sensitive servers such as high level wallet-bots use a different security-coin than that which is used by the rest of the network. Only give it out to server admins that are high level. This provides an additional layer of security within the p2p network.

Keep Track Of Every Coin
The head of the p2p network can disburse security-coins to the server admins for transaction verifications and tolls on the network.  As the security-coins travel from the server admins to other nodes, you can make nodes to collect the security-coins and bring them back to you. A security-coin audit can show if any security-coins were lost and where they went and who lost them. This provides better security than other methods; in addition, if a server admin and his nodes are booted or fired from the p2p network you can blacklist his wallet address or refuse to give him more security-coins to perform transactions and pay tolls on the network.

Transaction Tolls
Transaction Tolls provide a way to control and maintain the p2p network. Certain nodes require certain security-coins and a specific amount. For example, a high level transaction involving a large sum of money might require a larger amount of security-coins before the transaction will take place. Only admins with that amount of security-coins will be able to perform the said transaction.

Security-Coin Dual Wallet Application
I recommend coding a dual-wallet application for the wallet-bots. Code the wallet application so that the Bitcoin/Litecoin wallet will not send cryptocurrency to anyone unless there is a sufficient amount of security-coins to perform the said transaction. You can hard code the security-coin amounts based on how much cryptocurrency is sent. This would make it much harder for a hacker to get the bot to send coins to an illegal wallet address.


Append the Sec-Coin Wallet Address To The Name Of The Node
Name the sever nodes on the network with their corresponding sec-coin wallet address appended so that users and end-user clients can view the sec-coin blockchain to verify that the server performing the transaction actually has sec-coins and enough of them to perform the task. If a rogue server-node spoofs a sec-coin wallet address and attempts to perform a transaction on the p2p network, the transaction will be denied because the rogue node doesn't have any or enough sec-coins to complete the transaction.  Verify the transaction afterward by examining the sec-coin blockchain to see if the balance has changed.  If the balance is still the same then you know a rouge server was spoofing a valid servers wallet address.  When the transaction confirmation comes back to you, deny the confirmation.  If you know that a sec-coin transaction costs five sec-coins and the balance has changed by four; again, deny the transaction confirmation when it arrives.

(I AM GOING TO TAKE A BREAK... BE BACK LATER)


Use a Proof Of Stake Alt-Coin
As much as I do not like "Proof of Stake" coins, I have to admit that they are better to use for sec-coins.  The reason for this is because sec-coins are purposely pre-mined. What that means is that the pre-miner should be the largest stake holder.
Being a "Proof of Stake" sec-coin, any attack against the sec-coin will be far more expensive for the attacker as opposed to using a "Proof of Work" sec-coin.

Keep The Sec-Coin Secret
Once you download the open source version of this p2p software (when it is made) and are going to customize and use your sec-coin; do not release the newly customized alt-coin that you are going to use as a sec-coin.  Do not release the customized source code. Do not release the software clients binaries after you have compiled them. What I am saying is, keep the sec-coin secret and confidential. This is going to be the foundation of your p2p network security.  Do not announce pre-mining operations to anyone.  You don't want anyone else mining your sec-coins while your pre-mining operation is going on.


*I am not saying that I will develop this p2p software that I am designing, but I imagine the developer of the software will release the code as open source (as per my request at the beginning of this thread).


Set a Hard Limit on each Sec-Coin you create
Pre-mine each set of sec-coins to the hard limit.  If you set a hard limit on each set of sec-coins that you pre-mine and you mine it to the hard limit; no more coins can be made after your pre-mine operation is over.  If you pre-mine one million sec-coins then make sure no more can be made afterward.  Pre-mine multiple sets of sec-coins for different purposes and security levels.

Keep Track of the Sec-Coins You Pre-Mine
Keep count of the sec-coins that you have pre-mined. Since you pre-mined the sec-coins to the hard limit, you now are obligated to keep count of the coins. If you lose any sec-coins that you have pre-mined, they can potentially be used against you if a hacker gets his hands on them.

Wholly Abandon Any Set of Sec-Coins If Some Of The Coins Are Lost or Stolen
If a rogue admin sells some of the sec-coins that you made, or you somehow lost some; then you need to wholly abandon that particular set of the pre-mined coins. If you have pre-mined multiple sets of sec-coins just replace the set with another or pre-mine some more. Whatever you do, I urge you - Do not use any of the sec-coins from the set that was compromised. Dump them on the market (they may have value if your p2p exchange is popular) or throw them away.  Once again I tell you: If you lose any sec-coins that you have pre-mined, they can potentially be used against you if a hacker gets his hands on them.



(CHECK BACK TOMORROW FOR MORE UPDATES...   THANKS EVERYONE!)


More details here:

https://bitcointalk.org/index.php?topic=209269.0

Pages: « 1 [2] 3 4 5 6 7 8 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!