Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.
No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else. Better now? Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.
|
|
|
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out. Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either . Brain wallets are another bad idea. You are comparing your app to a known bad idea?
|
|
|
So the private key is not encrypted in any way? It's just the sha256 hash of the image. What could possibly go wrong!
Also number 1 is people emailing the private key to others?!
|
|
|
I think the Austrians should start by changing their country's name to something more unique. I read it like Australian National Bank.
|
|
|
One of the electrum dependencies is a python package called slowaes. Even though it's included with electrum when you do a pip install pip fetches it from pypi.python.org. slowaes' latest version is a pre-release version. In older versions of pip it would install pre release versions without complaint. Now you have to tell it do that with the --pre switch. I don't think there have been any security related changes bugs in a long time. What version is on the ubuntu repos? Edit: You can see the release notes here: https://github.com/spesmilo/electrum/blob/1.9.8/RELEASE-NOTES
|
|
|
if the PBOC continues trying to manipulate shit, it will be more and more factored into the BTC price.. cant cry wolf every time.
Sure you can. People have been crying wolf about bitcoin for at least a year.
|
|
|
No, my brain wallets are much more complex. This was the kind of pw most websites would reject as too simple except for adding the salt. With BIP 38 you need the private encrypted key, so there wasn't the need for a tough pw. I am perplexed and befuddled. I still think it may have been a possible bug in which case I will need help someday.
BIP38 uses scrypt to hash the password. Scrypt ASICs have been out for a few months now and faster devices are released all the time. Soon scrypt hashing will be very fast and someone will be able to brute force your keys for you. In the meantime you would do well to get a notebook and write down everything you remember about your password. The more info you have the better the chances of cracking it. The existence of ASICs for scrypt-mining has little to no effect on the strength of scrypt as a password-hashing-function. Mining ASICs perform a very specific operation on a very specific input-format and they can't be reconfigured to go password cracking. SHA-256 is being used to hash passwords across the globe, but we haven't seen the Bitcoin miners switch their equipment to crack some passwords. For the simple reason that it is impossible. You'd need a different device for it. I see. I didn't know that. My mistake.
|
|
|
I think most religious people would recognize their messiah if they saw him in person.
BTW do you guys think Dorian asked Andreas for lunch too? I wonder whether he likes Greek food?
|
|
|
No, my brain wallets are much more complex. This was the kind of pw most websites would reject as too simple except for adding the salt. With BIP 38 you need the private encrypted key, so there wasn't the need for a tough pw. I am perplexed and befuddled. I still think it may have been a possible bug in which case I will need help someday.
BIP38 uses scrypt to hash the password. Scrypt ASICs have been out for a few months now and faster devices are released all the time. Soon scrypt hashing will be very fast and someone will be able to brute force your keys for you. In the meantime you would do well to get a notebook and write down everything you remember about your password. The more info you have the better the chances of cracking it. Oh and if you want to try and get it bruteforced today you can consider this guy's services: https://bitcointalk.org/index.php?topic=240779.0
|
|
|
Got a quick question: I tried to install electrum on Ubuntu 14.04 (trusty) with the installation instructions given here: https://electrum.org/download.html - It didn't work. I got some error back which I don't remember. It used to work with Ubuntu 12.04 with the same instructions. Now I could download electrum via the Ubuntu Software Center. But this is not most recent version. Is that one safe still (open ssl, any other security relevant issues?)? You can install the version on electrum.org if you change the pip install line to the following: sudo pip install --pre https://download.electrum.org/Electrum-1.9.8.tar.gz#md5=e3918fec0254267f08e41a1fb8691382
i.e. you just add the --pre switch. Alternatively you can use the one in your distro's repository. OpenSSL is installed separately and not with the Electrum installation.
|
|
|
How much did you loose?
I'm really not counting them as totally lost yet. That would be unthinkable. It is enough to shake my faith in cryptocurrency development that such a serious bug can occur. I will not completely rule out user error, but it's highly unlikely. Assuming you used bitaddress.org, have you tried using older versions of that site? They have a github repo where you can download old versions: https://github.com/pointbiz/bitaddress.org/releases
|
|
|
This encryption feature should be removed from all software until the bugs are worked out. I created a set of wallets with an easy to remember password in January 2014 and now it doesn't work. I tested the password to decrypt one of the wallets before loading them. Now I cannot recover them. I have a feeling this will be a problem for a lot of people that think their BIP 038 wallets are secure.
How much did you loose?
|
|
|
edit: not for sale anymore.
|
|
|
Africa is relatively underpopulated compared to other continents. China alone has more people than all of Africa.
Africa is having a population of more than a billion, and its is the second most populous continent after Asia. Comparing the Chinese with the Africans, you have to keep in mind that the Chinese doesn't depend on food aid from the developed nations, but more than 50% of the Africans are dependent on it. With the Western economies still in recession, I don't think that the food aid will flow infinitely. Africa is relatively underpopulated compared to the amount of land and resources they have. A lot of African countries are badly governed that's all. China did suffer a famine about half a century ago. Food aid from the west will flow indefinitely because that is mostly a by product of your food subsidies which benefit your own farmers at home. Also food aid is a very very small amount compared to the size of your economies. In return you get substantial leverage in resource rich African countries. For example you mentioned the DRC. Coltan is used in smart phones. Where would Apple's famed 50% gross margins be if the essential components of smart phones were more expensive?
|
|
|
Electrum can easily do this from CSV data formatted as follows:
"ADDRESS1", 0.12345 "ADDRESS2", 0.22334 "ADDRESS3", 0.45678 ...
Access this feature through the Tools\Create transaction menu items.
Thanks, but is not there any web wallet that support data fetching from excel sheet ? No.
|
|
|
As the text below the YouTube clip explains, Sanger was specifically arguing that people in developing countries shouldn’t have babies until 1957. Well... well... although I think that this women was nuts, I firmly believe that if people can't afford to look after their children, then they should refrain from reproduction. For example, an average African women give birth to 7 children in her life, although she has the means to look after only one child. This uncontrolled population explosion is the basic force which fuels all the African civil wars. Africa is relatively underpopulated compared to other continents. China alone has more people than all of Africa.
|
|
|
The random values are being taken from the OS level PRNG (pseudo random number generator) implementation. PRNGs are always deterministic (you can't make a deterministic computer produce random events) that means for a given seed it will produce the same sequence of values. However the PRNG is seeded with entropy by the OS from chaotic inputs (like keyboard and mouse movements, drive latency, least significant digit of CPU temp reading, etc). Very well explained. Thank you. This leads me to a related question. It's been recommended to use an offline computer with Electrum to generate a paper wallet (at least if you have a large fortune of bitcoins). Often this would mean an old computer that you had stacked away. I can imagine that these have terrible PRNG, hence an attacker can try to replicate these not-so-random inputs? Why would it matter if the computer was online or not? PRNG is implemented in software specifically the operating system. You can install the same OS on an offline computer as you can on an online one.
|
|
|
|