but what they are selling, just a piece of hardware with a software open-source light wallet installed on it? what is the main difference between that solution, and same open-source software on some old laptop, that is not used for anything else, just to have access to your wallet?
why the Trezor is better (just asking, I do not think that it is not) from old laptop? and old laptop sitting somewhere is the basement could be not recognized as hardware wallet, or it would be harder than seeing Trezor as a wallet
what is a main Trezor advantage, in your opinion?
Trezor was one of the first HW wallet maker and it was their choice to not put a secure element within their devices. Their rationale being that the main attack vector is from the net, among various other stuff [1]. I saw this counterargument (by Ledger) years ago and thought that it made more sense[2]. Trezor is designed to not be vulnerable to typical malware and viruses as its primary purpose is to receive and sign transactions, so the attack vector is pretty small. I think their firmware is also signed so that isn't a threat. I think your final question is about HW wallets in general. As said, the secure element will mitigate the attacks as mentioned. It really depends largely on your usage. Are you confident with handling air gapped storage? Do you want a bit more convenience while ensuring the same level of security (relative)? Do you want to save money on HW wallets? Personally, I bought a HW wallet not because it's more secure (the threats are largely irrelevant to me) but that it provides much more convenience and portability than an airgapped wallet. Trust me, a hardware wallets makes everything smoother than starting your RPI up and realising your Electrum got corrupted again and having to find and type in the seeds again. [1] https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b[2] https://www.reddit.com/r/Bitcoin/comments/52x08n/is_bankinggrade_security_good_enough_for_your/d7odee4/
|
|
|
Ok I get that but the full public key is 130 characters. Is it the first 65 (X value)
I think it'll be easier to represent it in a transaction with an uncompressed public key. Let's inspect this address: 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a TXID: 3410bc9f7671d30225678a870f8d695cad1af6f64b0a319a487d3b86540794ab ScriptSig: 483045022100a9830934fffb69c597f68a1d5f5b6621a5d384ba4a4c81c316c08f652ed8036202206 cef70d41b95bfd53c6ee3cc0a69ab7c96d9a1ef18ffbf100505851ba53d266b01 - Signature 41044f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa385b6b1b8ead8 09ca67454d9683fcf2ba03456d6fe2c4abe2b07f0fbdbb2f1c1 - Public key. Yes, you can interpret the last 130 characters (or 65 bytes) of a scriptsig as the public key. Clients generating uncompressed public keys are a rarity nowadays, given bech32 and the inefficiency of uncompressed public keys.
|
|
|
I actually posted[1] about this a few days back I think. So the format of P2PKH sigscript is the signature followed by the public key. So basically, extract the sigscript, identify the signature and there should be a OP_Pushbytes_65 (since we're talking about uncompressed) which is 41 in hex. You should get the public key pertaining to that specific address.
You can probably write a script to separate and identify the public key pretty easily. [1] https://bitcointalk.org/index.php?topic=5302887.msg55912788#msg55912788
|
|
|
All of the links I used to update/download the wallet were from the Electrum website. I had no pop ups nothing!!!!! I had little blue text at the bottom of my wallet stating there is an update available which was the 4.0.9 . I cant see how Electrum cant be held responsible in anyway if someone is posing to be them and allowing for fund to be removed without any warning?
Is there literally nothing that can be done?
Was there a pop up saying that your Electrum was outdated? I assume your prior version wasn't below 3.3.4? The likely scenario I can think of is that you clicked on one of the top few results of Electrum if you've Googled it. Your Electrum was compromised when you installed the github version which is only 4.0.5. There is nothing to be done, unfortunately. It's a good practice to be downloading and verifying the PGP signature of the binaries because these phishing attempts are very common. They cannot be held responsible, there is nothing they can do if users were to accidentally get phished because they didn't verify the binaries.
|
|
|
There is another thing I would like to know. The crypto community preaches "Verify, Don't Trust!" How many of us actively check the code of the software, wallets, and everything else crypto-related that we use? Do you have the programming skills, time, and experience to inspect the codebase and deem it OK to be used? Or do you trust that others have done so and take their word for it? Do you find it odd that you are placing your trust in other individuals to have done the job for you in an industry where you are supposed to be your own bank, banker, and security department?
I personally have only read Electrum's source code fully, because it's written in Python and it's relatively less bulky than most other implementations. For that matter, I think it's a good practice to inspect what you're running on the computer. But the truth is, it's just too unrealistic. It's a time consuming process and most programs are a mix of languages and for which some are not proficient at. If you're reading the code but you don't know what's going on, the process is probably not going to be of any use and just a waste of time. Beauty of open source lies primarily in the fact that people can have access to the source code and there are probably some that are honest and are quick to point out of any mistakes as well as transparent commits (in the case of projs on github). If you don't have the skills or the time to audit it (which can be rather time consuming for some bulky codes), then you'll be better off just validating the binaries. You'll probably not be able to identify anything wrong with the source code, it can be well obfuscated. As for the study, isn't it geared towards softwares which integrate open source resources? Wouldn't the onus be on the corporations to be auditing their own software and/or update the modules appropriately?
I think auditing the code and compiling it yourself is good practice, if you can read it in the first place. **Given how well the Electrum phishing worked, I would think that most people wouldn't bother to even validate the binaries, let alone see the code.
|
|
|
Satoshi is indeed the founder, but he is not the first member on this forum. Here is him , user with UID=1 adminThose were test accounts, which were (presumably) created by Satoshi. So technically, he's the first user because he controlled the test account at that time.
|
|
|
It's not insecure per se, it's just not the best security practice. The relevant files needed for the operation will be stored in the folder which is the same as the Electrum portable exe.
The main problem arises when you're plugging your drive and running it on different computers. The rationale why portable exes are considered to be more dangerous is because users tends to run it on insecure computers that could extract the wallet files or have malwares and potentially providing an avenue for malwares to spread through your disk drive and eventually to your own computers when you plug it in.
However, if you're looking for portability, consider using a hot wallet on your phone instead. It's way more secure.
Btw using a hard disk for Electrum isn't necessary, a removable USB flash drive will be more than sufficient.
|
|
|
I don't get that, why should all seeds have a valid checksum? We generate a random number and then we put a valid checksum, but for what reason?
Not needed. Most wallets, like Electrum, actually doesn't care about the checksum (other than the fact that it'll put a small warning) but it won't prohibit the user from continuing. It'll be good to enforce a valid checksum as it'll make missing phrases "slightly" easier to bruteforce and allow the user to identify if their phrases are entered wrongly. Of course, as mentioned, the longer seed phrases has a longer checksum length and thus bring about better error identification. One scenario I imagine is if you split your seed into three to store as 2 of 3 factors of authentication, in case of 24 words, attacker would have to crack more words if they get their hands on one copy versus if you were using 12 words.
That isn't really 2 of 3 FA since you need the entire seed to use the keys so it'll be theoretically more like 3 of 3.-snip-
Wow, that's pretty interesting.
|
|
|
You have to determine the source of the compromise. Was it compromised solely because of the information being used for the Ledger Live leak or because of some other sources? How do you know your phone was hacked?
I would recommend for you to wipe your computer and your phone. I suspect that there is a high chance that you have a malware on the devices as opposed to your accounts being SE'ed. Ledger should generally be safe from such attacks. Seeds are never exposed outside of your devices and please don't key it into your computer either.
|
|
|
Yes. Sirius was the second member and was in control of the domain and hosting for an extended period of time. After that, Theymos took over as the administrator in 2012 IIRC.
|
|
|
Unencrypted format is in 5XXXXXXXXXXXXXXXXXXXXXX DATETIME LXXXXXXXXXXXXXXXXXXXXXX DATETIME KXXXXXXXXXXXXXXXXXXXXXX DATETIME You likely have it encrypted and I thought the format was different since it's an uncompressed key and I've only dealt with compressed ones. I can't find any reliable tool to decrypt the file without installing MultiBit. You can try using BTCRecover[1] since it does support MultiBit Classic files if you know the password to the wallet file. It's definitely more complicated than using MultiBit Classic but it's a good way to try. [1] https://github.com/3rdIteration/btcrecover/blob/master/TUTORIAL.md#running-btcrecover
|
|
|
Are AES encrypted USB Flash Drives (PNY or San Disk) susceptible to hardware exploits like the Trezor?
Another problem I see with Trezor is that if an officer stops you and searches you and knows what a Trezor is then he can take it, and from what I've read it only takes 15 minutes to hardware exploit it. Good luck trying to actual go through litigation and get it back or prove anything during that route.
I feel really uneasy with my Trezor knowing that hardware exploit is possible, especially in 15 minutes. And then Ledger is closed source which makes me uneasy. Ugh. Tough decisions.
I don't find it too much of a problem. As long as you have a passphrase, the attacker would have a hard time trying to get your seed. There are a lot more choices than those two companies, maybe you could try exploring your options. Regarding the attack, what makes you think that your devices would be more protected than your hardware wallet? Attacking Trezor requires the attacker to specifically extract the encrypted seed from the secure elements by desoldering it and using specialized tools, after that start to crack your keys. I've seen more vulnerabilities affecting mobile devices than most hardware wallet and they don't require special skills. I feel like most attacks are often blown out of proportion and companies has been relatively quick (at least those competent ones) to respond and provide a mitigation to it.
|
|
|
When i send btc, i have to make sure the address is correct... triple check it many times before i click send. Obviously everyone should be doing this. But if you make a mistake somehow with a letter off or accidentally deleted a character like m and put n instead... yes i know you should be copying/pasting the seed and never type it.... but obviously it could somehow happen if you accidentally type in an extra letter or deleted a letter by accident and replaced it by another character... what typically happens?
Then the address will be invalid and transactions generated for it will be invalid as well. Addresses has a checksum and replacing or reducing any characters will result in it being invalid. The chances of you replacing or removing a character and still matching the checksum is actually fairly low. I heard the odds of it being sent to another address was almost impossible... is that correct or not? Like could you be off a character... and that btc address is actually a btc address? Thus you woulda sent btc to someone else by accident?
Very low. But the biggest thing here i say is if you are sending big amounts. With how much btc price has gotten, im sure if someone here sends half a btc or one btc... they are very careful right? Even sending ten percent of a btc is a ton of money nowadays. Like how do ppl who have lot of btc feel when they are about to send btc? Im trying to imagine how someone feels when say they are sending 5 btc from their wallet to another wallet etc.
If you know what you're doing, you probably don't have to fear too much. I always like to 'test' my wallet by sending a small amount and transferring around. It isn't necessary at all but helps with giving you a peace of mind. Obviously when you deal with big amounts, besides being very careful the address is right and the amount is correct... is make sure you are sending it with the recommended sending fee right? I can't imagine someone sending something like 5 btc... then pay like the minimum sending fee on their nano ledger s?
Use RBF so you could still replace the transaction with something with a higher fees. I'm guessing the other thing you can do to make sure is whoever you are sending btc to... whether coinbase or exchange or someone or a site and doing a big amount... first send like a tiny test deposit first to make sure it works... before you send the whole thing the second time? [/b]
Correct.
Which bech32, the number of errors you make would probably give you a cushioning of 4 characters at least. As the number increases, it should tend towards the probability of 1 in a billion.
|
|
|
On the next bitcointalk update, it Would be nice if the Dev team can implement an auto-filter bot mechanism that will automatically detect and delete bot posts from the forum.
I see lots on this bot actions being carried out on different threads, but the post gets deleted within some few minutes.
Certain links are autonuked by one of the bots being operated here. There are new links popping out every now and then so I imagine that it's difficult for them to nuke all. Recently, they're obfuscated to use hyperlink or copy certain posts and insert their link in between. I've reported quite a few of them but it takes time for them to be removed.
|
|
|
Now, I am by no means an expert on this so please correct me if I'm wrong, but reading this paper it seems this does not apply to most bitcoin wallets (emphasis mine): -snip- Bitcoin Core has been using libsecp256k1 since 0.10 in 2015. Which wallets are still using OpenSSL and not libsecp256k1? Hopefully not, secp256k1 has a lot more benefits than that . Thanks! Someone mentioned (I think a few weeks ago) that secp256k1 isn't that susceptible to certain sidechannel attacks but I couldn't find any literature on that. I didn't do any in depth research on the feasibility on the various other sidechannel attacks. But I suspect an attack could also be mounted on the encrypting/decrypting process of the wallet instead of the signing itself or through the RNG. Don't quote me on this, just a thought. I've read through the firmware of ColdCard briefly and they did actually implement a few measures to reduce the signature.
|
|
|
I think that there are some conceptual misunderstanding here, I'll try to explain the process the best I can.
Mining involves the miner with his ASICs hashing the block headers twice to produce a hash. The block is valid when it's hash meets the target as specified by the network. The components of the block headers are as follows: - Version (not really standardized due to ASICBoost) - Previous Block hash - Merkle Root Hash (Depends on the Transaction set) - Time Stamp (Variable) - Target in nBits (Fixed) - Nonce (Variable) The mining pool's job is to determine the transaction set and assemble them. Firstly, the mining pool will select a set of transactions and calculate the transaction fees. The pool will then use this amount, the pool will generate their own transaction and specify an output that is their address for which the amount must be less than < 6.25BTC + TX fees, there is no lower limit. After that, the pool will send the Version, Block hash, coinbase transactions, merkle tree, target and current time. The mining software will add the extranonce within the coinbase transactions before forming the merkle root hash. The mining software will then feed the relevant information to the ASIC itself.
Now, to the main part which how the ASIC actually mines. Depending on your ASIC, it will increment the nonce by itself. The extranonce allows the ASICs to calculate more hashes at once without wasting time to calculate the entire merkle tree again. ASICs are actually so specialized that most of them are designed to only vary and hash the final 4bytes which contains the nonce.
To point out the mistakes:
1. The mining software you're using likely doesn't connect directly to the network directly. You need to have access to the previous block hash, list of transactions and the target. To do this, something must be used to process the information which is usually either your own Bitcoin Core (for a solo miner) or a mining pool. 2. The previous block hash always changes every ~10minutes so there's likely no advantage in doing so. 3. Mining software does not store the coins in the wallet. As mentioned, a coinbase transaction is included in the block. The transaction contains the newly generated coins as well as the transaction fees and you can specify the output as your wallet. It does not happen after you find a block. 4. There's no verification node. Your ASICs determines the target and compares the hashes generated. If the hashes meets the minimum target, your block is valid. Your software will send the nonce used, timestamp, etc to the server and the server will relay the valid block with the headers, transactions etc.
|
|
|
Miners will still earn a revenue because even without fees, block reward still exists. Technically, we do not really need fees to transfer BTC. However, as miners obviously prefer txs with fees over free ones, it just became a constant competition over who gets their tx to be mined first. You could initiate a free tx at any time - given you are ready to wait for months, if not years (or.. forever) to actually get it mined.
Fees actually acts as a disincentive for spammers, that's why minimum relay fees was introduced. The fee market makes spam attacks more expensive and with lesser funds, the spam attack isn't competitive. I would say the reason why fee is necessarily is to reduce the shock to the system during the decrease in the halving. It creates a free market for the fees. Still possible. It just requires the participation of the miners. The transactions described likely belongs to the miner mining it.
If you're responding to the fiat shill, then take it with a grain of salt. Tax and fees are intrinsically different, with fees, you're expected to pay someone or an intermediary and given that the miners uses their POW to mine blocks and include your TXes into the blockchain, I would think that it's like Western Union, Paypal, MasterCard, Visa which all charges a fee. You wouldn't call that a tax would you?
|
|
|
can you elaborate on this? what is the theoretical threat to an airgapped wallet setup?
Side channel attacks. Most of your devices are not specifically hardened to withstand side-channel attacks by reducing the potential attack vectors associated with the sidechannel, (eg. EM wave leakage, timing attacks). There has been a study conducted on this[1] but, interpret it as you want, it isn't that recent or conducted on major wallets. I wouldn't consider it to be THAT big of a threat but if we were to compare the specifics, might as well mention it. I understand that Trezor and some of the secure chip used were vulnerable to such attacks as well. They've fixed the problem and most of them requires tearing entire device apart and the victim's participation while it's hooked up to an oscilloscope. ** I'm not sure if someone conducted similar experiments on Electrum but I'd like to see if there is one. [1] https://eprint.iacr.org/2016/230.pdf
|
|
|
Emm, somewhat you are right that custodial wallet can freeze our account at any time and even thay can seize our account too. that's why we should have to use popular and trustworthy service. I didn't here coinbase seized someones account without any reason, its true that they frequently ask for KYC for making their service more secured but I got them loyal.
To get rid of these hassles you can keep very little bitcoin in these accounts. Just keep as much bitcoin as you need to pay monthly coffee bills, and other bills here so that you don't have to incur huge losses even if they freeze your account.
If you have to adopt centralised services just to use Bitcoin for your payments, then you might as well use PayPal. Coinbase is by no means a suitable alternative to rising fees and any other services like it doesn't serve as a suitable solution in the long run. Services like that will provide you with lower fees since the transfer is done within their own database, but you're sacrificing the transparency and the privacy of the individual. There's no company that would ever provide you with free services to transfer, there must be some strings attached. If you want to focus on low fees, I rather focus the efforts on LN and similar implementations.
Coinbase is a prime example of a company that doesn't give it's user the control of their own coins. They often freeze accounts on the basis of tainted coins which are often built on unfounded allegations.
|
|
|
As said, Ledger uses many different addresses and thus the disparity lies primary with the fact that your funds are split between each address that you use. Ledger also sends funds into your Change addresses which are never shown as your receiving address. You can export the master public key [1] and use it to search for the funds in the addresses generated with the corresponding seed. I wouldn't recommend doing this as the blockexplorers can know the group of addresses that are linked together, with the IP and the browser fingerprint being leaked. Using a Ledger with an Electrum wallet should be sufficient to identify addresses that contains the funds and use it to search on the blockexplorers. [1] https://support.ledger.com/hc/en-us/articles/360011069619-Extended-public-key
|
|
|
|