This doesn't sound like a brain wallet at all since your passphrase is actually a randomly generated 128+ bits of entropy and you are just adding a tiny bit of entropy on top of that with your salt. That means regardless of what your salt is (even if it is "123") the result should be secure. Ordinarily yes, but OP has said he wants to print out the seed phrase he is using as a QR code so he can then put it on an object for his mother to display in her house. Going through this process probably exposes the seed phrase to the internet, but more importantly, anyone who visits his mom can scan the QR code and access the seed phrase in 2 seconds. That could be anything from families and friends to babysitters to trades people and so on. Hell, it could be someone looking through the window. I would consider that seed phrase to be highly insecure, and therefore the security of his whole set up hinges on his weak human generated password.
|
|
|
and to the best of my knowledge, there have been no reported instances of funds being lost due to security issues with these devices. There have been a number of vulnerabilities across multiple different hardware wallets which could result in funds being lost. Ledger had a vulnerability where an attacker could trick you in to making a bitcoin transaction while your device was showing you a transaction for some altcoin. Trezor still have a vulnerability where the seed phrase can be extract from the device by someone with physical access to the device. There will 100% be other vulnerabilities discovered in the future. As you say, they are generally secure, but no method is 100% safe. The long and short of the whole thing is that we all consider hard ware wallets (not just ledger) to be the most secure means through which we can safely store our crypto assets. I don't. I consider encrypted airgapped cold storage to be more secure than any hardware wallet which is connected directly to your computer or phone.
|
|
|
no one is going to follow because you didn't make anything clear but whatever... I agree. OP seems very confused. In his first post he said he needed to recover a brain wallet, but now he is talking about Merkle trees, nonces, and BCash, and claiming he knew about bitcoin 2 years before Satoshi announced it and that he was mining pretty much from day one. I don't know what he is actually trying to achieve here, but if he does have coins locked behind a brain wallet, and has absolutely no back ups, then as I stated previously his only chance is to either remember the brain wallet phrase or to brute force it. Anything else to do with random deformed addresses or TXIDs which don't actually exist is irrelevant. Beyond this, I don't think there is anything anybody else can do here to help him.
|
|
|
I agree with others, something that has been hacked before would never give me trust ever again, it would not be possible at all for me to trust it and use it. Do you use a centralized exchange? They have all been hacked at some point. This is why I believe that we should be focusing a lot more towards finding something that has never been hacked or never had any bugs etc etc before This is an unobtainable standard. Every piece of software in existence has bugs in it. Bitcoin itself has had a number of critical bugs, probably the worst of which resulted in 92 billion bitcoin being created out of thin air. For the online wallet, use another tails os to put your xpub. You will pass the psbts with qr codes or burned cds. not usbs. What's the benefit of your online wallet being on another instance of Tails, as opposed to just your usual OS? Provided your computer is clean, free from malware, and your watch only wallet is connecting exclusively to your own node, I don't see what is to be gained by using Tails for this part? I suppose the benefit comes if you are not connecting to your own node at all and are just using third party Electrum servers?
|
|
|
Since a lot of the people who post here in the HW board tend to be more about security and tech then the collectable area was wondering if anyone else had any ideas on how to make it work better / more securely. Any useful input would be appreciated. If you want to do it completely trustlessly, then the only way to do it is a DIY solution where you add the key to the collectible yourself after you have received it. You can spread the trust by having some kind of multi-sig set up where two or more different collectible producers add private keys to the collectible separately. But as mentioned, all you are doing there is spreading the trust, not eliminating it. You could potentially do a multi-sig or split key set up where I generate one part and the collectible producer generates the other, but that then means your collectible on its own is worthless. Without my share/key/etc., then the collectible is unspendable, and you will have a hard time selling it to anyone else since they cannot trust that you and the producer are not conspiring together. BIP38 doesn't work at all since at some point one party must know both the private key and the password.
|
|
|
You are certainly along the right tracks.
I'm not sure you need a hardware wallet in this situation, especially if you are planning to destroy it after you have generated the seed phrase. Given that you say you already have an old laptop with no hard drive and will be running a live Linux OS, then you can just use that to generate your seed phrase. Bonus is that you can do this using only open source software, which you won't get with a Ledger hardware wallet, and it avoids all the issues with data leaks from hardware wallet companies.
I would suggest not using bitaddress or Ian Coleman to generate your entropy seed phrase. Javascript is a very poor choice for generating entropy.
In terms of privacy, yes you can extract your master public key from the seed phrase and then use that to endlessly generate new addresses to send coins to. You would need to be careful how you handle this master public key though if privacy is your goal. If you import it in to a random hot wallet to watch your addresses, then whichever server(s) your wallet is connecting to will be able to see all your addresses are linked to each other. You would instead need to be looking up your addresses via your own node in some way, such as with your own Electrum server or by running Sparrow wallet pointed at your own node.
I would also strongly suggest making more than a single back up of your seed phrase.
|
|
|
I was going to kick up a fuss about nutildah excluding me from the thick skin gang, but if I do that I'll no longer be a member.
|
|
|
color=transparent works even better.
|
|
|
I remember trying to help the user in that quoted thread at the time. If I remember correctly, he told me in another thread that his encrypted shared seed began with the characters "6P". Is this the case for you? Two additional questions regarding your user seed. Does it start with "5", "K" or "L", and is it 51 or 52 characters long?
If the answer to all those questions is yes, then it should be fairly easy to recover your vault in a wallet such as Electrum. If not, then we'll need to figure out exactly what format your two seeds are taking.
|
|
|
Can you use the Electrum GUI to do this instead? It is trivially easy. Simply go to the send tab, and in the "Pay to" field you enter OP_RETURN followed by your message in hex. So for your string "Hello, world!", your entry would look like this: OP_RETURN 48656C6C6F2C20776F726C6421 Then just set the "Amount" to 0 and hit pay. You'll get the usual Electrum pop up to choose your fee, etc.
|
|
|
There is no such transaction in the mempool. Further, I am unable to find an output of 12.426792 BTC anywhere in the blockchain. This means this isn't just a mistake on the part of whoever sent you the screenshot. They can't just say "Oops, forgot to hit broadcast, silly me!" This is categorically a scam, since the outputs they are supposedly sending you do not exist. 1c9c129d40e7b988017efa9clcd..........b4ecf5c59af684515110508ff6:1 Also looks like the scammer accidentally included an invalid character in his fake hash. "L" is not in the hex character set. Lol.
|
|
|
So you think the warp wallet algorithm with argon2 and pbkdf2 does not strengthen it enough? I care far less about the algorithm you use and far more about the fact that it only requires a human made weak password in order to compromise your wallet. We are talking about wallets of 20-50 USD. I would have thought that even with the QR code stolen, brute forcing would cost too much. 50 USD today. Who knows how much it will be worth in 10, 20, 50 years? I want to offer this also to my friends, a different present for each of them. I do not like gifting bitcoin in this way for two reasons. First of all, the recipient needs to trust you completely, both your competence in setting up the wallet in the first place and your honesty to not keep a copy and swipe it later. Secondly, it teaches them to trust third parties instead of holding their own keys, which as we all know is a terrible idea. Much better for them to set up their own wallet, give you an address from their wallet, and then you can use that address to generate a QR code for their gift.
|
|
|
So even a date could be hardcore to find As I said above, with reasonable hardware and a correctly configured tokens file, btcrecover will be able to try every date from the last 100 years in one specific format in around 30 seconds. So even if you come up with multiple different ways to write out the date, this is trivial to brute force, provided it is just a date and nothing else. Let's say you have "two thousand nine" and "two thousand and nine" for the year. 2 possibilities. For the day/month, you could have "January first", "January the first", "First January", or "First of January". 4 possibilities. You could put the year first, or the day/month first. 2 possibilities. 2*4*2 = 16, meaning you can try every date in the last 100 years with every combination of those possibilities in 8 minutes. Even if you come up with 500 different possible formats to write the date, you can brute force them all in a few hours.
|
|
|
Idk about satoshi no one rlly know, and I know there is no such txid bcs this is txid from bch adress format. Bcash didn't fork until 2017. It did not exist in 2009-10 as you are talking about. Maybe its my phone but when i do check this adress in blockchain.info, shows the prefix 1×. Either a problem with your phone or with blockchain.com. There is nothing wrong with the address itself. Btw in the files i have which one exactly could lead me to the secret exponent, because the merkle root, the txid and the hash txid are the same Again, you sound confused. In bitcoin, a Merkle tree is used to combine all the transactions in a block. It has nothing to do with individual private keys, and knowing a Merkle root does not give you any information about those private keys.
|
|
|
Also, should the community be more concerned on Binance or is it still considered reasonably safe from being the next exchange to bite the dust? No exchange is safe. We are seeing DCG's subsidiaries starting to have major problems. Everyone knows about the problems with Grayscale over the last year or so, and now Genesis are reportedly preparing to file for bankruptcy. They are also selling off CoinDesk. DCG have tens of billions of assets under management. If they are not too big to fail, then neither is Binance or Coinbase or any other exchange. Approximately two-thirds of Bitzlato’s top receiving and sending counterparties are associated with darknet markets or scams. For example, Bitzlato’s top three receiving counterparties, by total amount of BTC received between May 2018 and September 2022 were: (1) Binance, a VASP; (2) the Russia-connected darknet market Hydra; and (3) the alleged Russia-based Ponzi scheme “TheFiniko.” So how long before Binance start to get investigate for money laundering?
|
|
|
If there is no solution for poor people, it's sad and it's a big fail for Bitcoin because it was supposed to help unbanked ones IIRC, and some poor countries like Salvador want to try to use it as an official currency. If you have an electronic device, which you must to be able to use bitcoin, then you can create a wallet safely. The options are safe, cheap, easy. You can pick two. Hardware wallets are safe and easy, but they are not cheap. Paper wallets or other cold storage is safe and cheap, but they are less easy. Hot wallets are cheap and easy, but they are less safe. If cost is the biggest factor for you, then you can rule out hardware wallets. However, you can still use hot wallets for small amounts relatively safely by taking standard security precautions. I keep a small amount of bitcoin in a hot wallet on my phone and have done for years, topping it up whenever I spend from it. I only ever keep a small amount on my phone, but I have never once been hacked over the many years and multiple phone handsets I have used such a wallet. Hot wallets can still be relatively safe if you use them properly. And if you want cold storage, then you can do that for free by just taking a bit of time to learn about what you are doing and how to do it. All the tools needed - Tails or some other Linux distro, Electrum, pen and paper - are either free or very cheap. The problem is that most people don't bother to learn how to do it properly, cut corners, and just fire up a random website on their usual computer and then wonder why they lost their coins. One disadvantage of using a paper wallet for storing Bitcoin is that it is prone to physical damage, such as being torn, burned, or otherwise destroyed. Hardware or electronic wallets are prone to the exact same damage, as well as general degradation of their components or storage medium. Overall, paper wallets are considered less convenient and less secure than other forms of Bitcoin storage, such as hardware wallets or software wallets. Less convenient, maybe, but generated properly a paper wallet is exponentially more secure than a hot software wallet.
|
|
|
When I asked them can they be really sure that same thing won't happen with Binance, they told me that even if something happens to Binance, prices will go down so much that it won't matter anyway. Nonsense. We've just had more than a dozen exchanges or other centralized platforms collapse, and the price is pretty much at a six month high. If Binance collapses then sure, there will be short term price fluctuations, but bitcoin will come out the other side just fine, just as it always does. I guess in the end people will keep doing what they have been doing. Be it with fiat / crypto or whatever. Yup, it's an absolute mess. And of course, that doesn't even scratch the surface, since you can easily add on dozens of other exchanges to that diagram and there will be hundreds of deals and arrangements going on that we have no idea about. And of course with fiat or any bitcoin you don't keep in your own wallet, then any money you "own" is somewhere in all that mess, handed over to who knows who for who knows what. Perhaps we could make a similar diagram for self custody. It would be very simple. It would look like this: | - | - - - - - - - - | - | | - | | - | | - | My wallet | - | | - | | - | | - | - - - - - - - - | - |
|
|
|
I know people that mined on homemade diy cpus not bigger than a smartphone, and just because it was officially released in 2009,there was a lot of information even a year before even 2, u just couldn't spent where we do now. But you could easily buy on tor. Satoshi first went public with bitcoin in October 2008 with an email to the cryptography mailing list, which was only a few months before the genesis block. And you could not buy bitcoin anywhere for several years after that. a83ff468a32f29387d531f19e7092a5dcf6ce52d20931227447c0b9b7a5f2988 This is txid where 20 btc are received. There is no transaction in the blockchain with that TXID. Run it as hex privkey one adresess is this
1L1x25zS8Zg93Yo7tJzVrKxCbDBXzRyuxC
Check it out in blockchain its deformed Deformed in what way? That is a perfectly valid address.
|
|
|
This might sound as an excuse but how you people suggest this to non-techy person using bitcoin/crypto who only wants safety to his coins, obviously most doesn't know how to use and setup linux OS, or doesn't have extra device for airgapped option. I wouldn't. As I mentioned above, I think using websites for anything like this is a bad idea from the start, even if you are following all these precautions. Most users should download (and verify) a good software wallet such as Core or Electrum for small amounts, and get a good hardware wallet for larger amounts. If you know what you are doing then airgapped cold storage is even better, but I don't recommend this for non-technical users and I certainly wouldn't recommend generating cold storage from any website. But as OP was asking, if you want to use Ian Coleman, then on an airgapped machine with a clean OS is the only safe way to use it.
|
|
|
This is not a collision, it is not the first time ever, nor is it in any way difficult to do. It is an inherent property of the secp256k1 curve that bitcoin uses. Taking the negation of any private key modulo n is the same as negating the resulting public key across the x axis. As such, the two private keys which OP has given, which are modular negations of each other, produce public keys with the same x coordinate but different y coordinates. Here's another pair: 0000000000000000000000000000000000000000000000000000000000000002 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413F which give the following two public keys: 04 c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee51ae168fea63dc339a3c58419466ceaeef7f632653266d0e1236431a950cfe52a 04 c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5e51e970159c23cc65c3a7be6b99315110809cd9acd992f1edc9bce55af301705
|
|
|
|