|
Blockchain is a ledger. Nodes are decentralized mechanism to distribute it.
Nodes doesn't technically secure the entire system but rather it acts as a decentralized storage for the blockchain where every nodes saves their own copy. It doesn't necessarily mean that they would provide security for the blockchain though. Verifying the entire blockchain primarily benefits the user of that node and the people retrieving data from that node. Having more nodes does however means that sybil attacks are harder due to the larger number of nodes to choose from.
|
|
|
|
|
When you're creating an airgapped wallet, the online desktop wallet should have your master public key imported and it should be able to allow you to see all the addresses related to that airgapped wallet. There is no need to pick specific addresses, unless you want to use CoinControl and you can right click the specific address and press "Send From" to select specific transaction outputs to spend. After generating the raw transaction, you can either export it as a QR code or a file for it to be signed on the offline computer.
I'm not exactly sure what's the context of this. You created a new topic previously and I'm wondering if that's related.
|
|
|
|
for example the DNS seeds which are ONLY used when the nodes run for the very first time are created and hosted by those altcoin creators and their network is completely separate from bitcoin's network.
The node will always query DNS seeds when they are unable to get any peers. A common scenario is if the peers.dat is not backwards compatible or if the user deletes the peers.dat and anchor.dat completely.
Depending on the difference in protocol rules, the transactions that is made on Bitcoin could very well also be valid on a fork of Bitcoin and thus exposing the user to the risk of replay attacks and that is also one of the main concerns when dealing with Bitcoin forks. |
|
|
|
|
If you cannot use any other device other than the Android which is infected with malware, there is no way you can use it without an internet connection and thus the malware will always steal your funds whenever you go online. If your phone is (in the worst case scenario) infected with malware, I can't see any reason why you wouldn't be trying to back up your seeds and important files before resetting the phone completely.
If you do have another computer with a QR code, you can click your wallet and your master public key should be shown. Import that onto an Electrum on your computer as a watchonly wallet. Next, use the desktop Electrum to create a raw transaction, Finalize and export using QR Code. Afterwhich, go back to your phone and in the Send Tab, press scan and you should be able to sign your transaction. Using the desktop Electrum, go to Tools>Load Transaction>From QR Code and you can broadcast using that.
Unless you know exactly how to use Coinb.in and which addresses the funds are located in, you shouldn't use coinb.in. It's tougher to use than most wallet UIs and is more suited for advanced users. Coinb.in also seems to break the raw transaction when copied to Electrum as well.
|
|
|
|
My point is that QC tech is currently publicly available. I would anticipate it will continue being publicly available, probably a few generations behind the 'state of the art' technology.
It is. I just don't see the point if they aren't sufficient for doing anything as much as attacking Bitcoin, nor would I think that anyone in the public would be able to have access to such technology at least until the point when the relevant cryptographic algorithms are phased out. I have made similar arguments in the past, and I stand behind those arguments. I don't think this means QC can be ignored though. Once the West and the Communists in the East (most likely the US and Chinese respectively) have QC tech, knows the other side knows they have QC tech, and knows that the other side knows they have QC tech, the incentive to keep the technology under wraps goes away.
If QC technology is used to crack bitcoin private keys, it will probably be too late to move away from EDSCA and confidence in bitcoin security will be lost/damaged. Using QC technology to crack bitcoin private keys will also cause a lot of damage throughout the bitcoin economy, and it has the potential to cause a lot of businesses to go out of business.
The threats of quantum computers are very real. That does not discount the fact that the incentives to attack Bitcoin pales in comparison to the other things that you can do with QC. You're assuming that we won't be able to at least adopt another QC resistant standards before it becomes a threat. Long before Bitcoin becomes a target, I would assume that we would've adopted another QC resistant algorithm. QC technologies seems to have an incremental improvement over the years and I don't think that a 2000qubit QC machine would be discovered overnight. As a state, I would think that they are more interested in collecting encrypted information rather than cracking a few Bitcoin keys, and I think the estimates for a ~1500qubit machine puts it at one PK per hour. I'm not exactly sure of the running costs of a quantum computer but I would probably think that it's not worth their time at an early stage where you would probably need a very precisely controlled conditions to keep it stable. Bitcoin prices will probably crash if that type of QC gets discovered overnight, so will the stocks market. QCs are after all not the primary threat to Bitcoin, but to all existing internet infrastructure. Yes, Bitcoin will definitely be affected by QC but the fact that it *probably* cannot be mass produced in the first place will bring about some doubts if people would want to start cracking the keys if they (the states) could stand to gain much more by starting to decrypt previously intercepted internet traffic. Anyhow, I would regard all of the discussions as speculations. If quantum computers gets cheap enough and collecting money is their main goal, then attacking a currency like Bitcoin could make some sense though the effects will be limited. |
|
|
|
2. so how this is different than brute-force from just an address?
Quantum computers do not provide a sufficient speedup for your hashing algorithm which is your RIPEMD160 and SHA256 which wouldn't allow them to be able to get to your ECDSA public key which would be required for to be able to get your private key from your public key. i think it would be reckless to make that assumption. it underestimates the potential power of the adversary's hypothetical machine. we may be talking about the same situation as a race attack. if the adversary forces a holder to spend all their coins as mining fees, the end result is the same---he loses his coins and they are recirculated into the supply.
it's also very unlikely that all holders of vulnerable outputs would be in a position to race the adversary. we're talking about a window of minutes or even seconds.
I would think that a collusion with a mining pool would make this far easier with them only accepting the attacker's TX. I couldn't find any other relevant information regarding the number of qubits required but I remember that you'll need a fairly high number of qubits to be able to pull this off within an hour. All the scenarios described are purely hypothetical. I wouldn't really believe that the adversary, if it's a government would truly be interested in attacking Bitcoin as it's merely a low hanging fruit with fairly low rewards. |
|
|
|
You should try with vanity gen and offline machine, you can get the software in the next link: https://en.bitcoin.it/wiki/VanitygenStep 1: Download the software Step 2: Install it on a virtual machine Step 3: Save the private keys under zip with a password. That's the secure way to do it. You're generating a private key, not a paper wallet. You can just do it by downloading Bitcoin Core.
OP, take note of the phishing sites. It is not sufficient to just load the webpage and disconnect your internet connection. Bitaddress doesn't generate any Segwit address type and you can't get the benefits of Segwit when you're using their paper wallet. I'm not aware of any wellknown segwit paper wallet generators though. Depending on your use case, you can explore airgapped wallets as well. |
|
|
|
Did you run Bitaddress locally (after cutting off your internet)? If so, then someone must've got access to your paper wallet and retrieved the funds.
Depends on how you accessed it. I would just download it directly from Github and verify the signature myself minimally, else the script is quite fast to skim through and it would be way better than generating it offline. A certain paper wallet website is known to intentionally introduce a weak RNG and thus generating predictable private keys and that can be injected into the website without the user ever knowing. Not to mention if you get a MITM attack.
Paper wallets are tougher to use as compared to most cold storage methods and/or desktop wallets. Spending them securely is not simple for most and it would be fairly difficult to secure it as well. |
|
|
|
agree but i already pass over all , the controller is damaged.
Can still companies recover it , even if the controller is damaged/ and sdd is encrypted?
Encryption is a totally different ballgame. Depending on the complexity of the password and how accurate your guesses are, the time taken to bruteforce one could possibly be over your lifetime. That isn't the point of data recovery services who will only recover your data and the rest would be dependent on you. SSDs are significantly more complex than HDD however, from experience, I've seen more successful HDD restoration by just replacing the controller than HDD. Approach your local data recovery company, they would know best with them having the disk physically. |
|
|
|
Physical meet ups for trades is very risky and highly not advisable, this exposes you to a lot of risk, not only for amounts involved in the transaction, but also amounts which would be linked to it.
If for example you made a trade involving a certain amount of bitcoin, but hold a much larger amount, thieves could force you to give up the entire amount as the blockchain is transparent, and someone who meets up with strangers would probably not bother with mixing or coinjoining.
You really can't get more privacy than doing face to face fiat transaction. If you were to put the specific amount in a multisig wallet or pre-sign a raw transaction, the robbers would have a slightly harder time trying to rob you since no one really memorizes seeds or keys. If you have to do a meet up, I would often suggest a more public place with high human traffic. There are obvious risks associated with physical transactions but you can also chargeback bank transactions. Meeting up for large transactions at a secluded place is very shady to say the least. I wouldn't have continued with the transaction. |
|
|
|
|
I don't think Slushpool pays out from their Coinbase transaction like some other pools (judging from their blocks alone) but it would be a good practice to have it sent to a wallet that you have some control over. Electrum, Bitcoin Core or Wasabi Wallet would be a good choice. After the funds are sent to the account, you can send it to your exchange.
|
|
|
|
|
Very often. People always seems to fall for phishing scams, likely due to the fact that Google doesn't really care about the phishing reports as well and they run rampant at the ad slot in the searches. 2FA can only do so much to protect you but won't be able to do much against the user's incompetence. It's usually only used to protect the user from getting hacked from leaked passwords or from unauthorized logins only. Malwares can target the more complacent users and be able to trick more with well scripted malware. If you take precautions to only download from the websites that you trust, you shouldn't be facing any problems.
|
|
|
|
Depends on how you look at it. It consists of 2x 5 qubit processors and a 16 qubit processor. So, not really practical to attack cryptography at all. As to the prior argument, I would say that if there comes a day where quantum computers are powerful enough, the governments will keep it for themselves. Breaking asymmetric cryptography is useful for espionage and mass surveillence, don't think they have any incentives to do so. A government that does not want their unit of currency debased by bitcoin/cryptocurrency may also have an incentive to use QC to harm the public perception of the safety of using bitcoin.
Comes down to opportunity cost. I don't see quantum computers with that many qubits to be readily available and they would very much rather use it for deciphering sensitive information. Using it to attack Bitcoin won't reap much benefits especially when some BIPs would probably shift it to a quantum resistant algorithm fairly quickly. |
|
|
|
|
I don't know of any wallets on Android or any wallets in general that uses .dat. Did you reset the phone with the wallet file on it or did you meant some Android Wallets?
Most Android wallets do not store their wallet files in the basic internal storage but they would usually store it within the area which requires root access. I know Knox makes it hard and makes the device less useful when rooted but if you did root it, it would be slightly easier. Rooting it now *might* require a factory reset again so I don't recommend that.
|
|
|
|
Open Source only works to a point. You are still at the mercy of the manufacturer of hardware components / secure element.
Even if it IS 100% open source and documented that does not mean what you are getting is what they told you. You can only test what you can see.
If Input "A" is supposed to give you Output "B" and it does, and all other functions act the way they are supposed to you can only ASSUME that all is good.
Not that they didn't shove in 1k of nvram to record the last 1000 bits of data going in and out, and that it can only be accessed in a special way.
Yeah, you can X-Ray the chip and do some other things but....
Also, you can only hope that there are no other bugs that everyone missed, yeah 1000s and 1000s of people looking at the code will probably find it.
But only IF those 1000s and 1000s of people know what they are looking at and catch the problem.
Open source things get missed all the time. Heartbleed comes to mind...
That is correct. I feel that game theory plays a huge part in the legitimacy of hardware wallets as well. They are bound to be audited fairly frequently and sometimes by the community to try to find exploits or bugs. If there are any serious vulnerabilities found within the hardware wallets, then their reputation would be tarnished. I don't consider this as being overly paranoid but there wouldn't be anything that you can do if you don't have the expertise to read codes/equipment to inspect the hardware. Same goes for wallet builds, if you don't understand the code and you're instead validating your copy against someone else's, you are just trusting another person/a group of people and for them to be honest. I feel like the benefit of open source codes has been blown out of proportion. I find it helpful to be able to read and inspect the codes myself but I think that the normal users would be fazed by the lines and lines of code and wouldn't even try to read it, if at all. Sure, open source projects removes the corporate aspect of the software but it by no means guarantee that an open source software will be better than a proprietary one. |
|
|
|
|
It shouldn't pose much of an issue or else your Electrum wouldn't have proceeded at all.
Electrum currently uses cryptography as a dependency as well and I think they use that by default and pycryptodome became optional quite some time ago. Cryptography is a mandatory dependency while cryptodomex is an optional one, it doesn't affect if your version is lower than the required as it's just included in their dependency checks.
You can update it if you want, pip install pycryptodomex.
|
|
|
|
People usually make the assumption that martingale strategy does not work because they do not have a huge bankroll to soak up the consecutive losses, but if you had used this script since the first game on bustabit, you would have still not busted (and there has been over 4 million games)!
House edge guarantees that the returns in the long run is always negative. You're expected to lose about that percentage of your bankroll in the long run, no matter how much bankroll you have. Even if you have an excessively huge bankroll, simple statistics shows that the risk of you getting an excessively long streak increases as you play. While the probability can seem relatively small, it is more than likely that you're going to hit that streak before you hit your desired returns. If you were to use this method, I'll recommend you to just play manually instead. |
|
|
|
|
Show Posts
