|
TC is just not safe and not a bright idea for a store of value, that is why no one with a brain is storing money on the Ethereum network. All these "im holding ETH long term" cryptonoobs will sooner or later pay the fee.
|
|
|
|
Im not comfortable with anything but Bitcoin Core including to manage keys.
Why, though? Apparently, you're not comfortable with Bitcoin Core either. Every wallet has its upsides and drawbacks. For me, the biggest drawback of SPV wallets is simply that they don't verify the full chain. However, if you pair an SPV wallet (that gives you seed words to easily back up) with a self-hosted Bitcoin Core node, you do get the best of both worlds. You can hold keys in that SPV wallet (if you're fine keeping them on a HDD - same as if using Bitcoin Core). Or you use a hardware wallet. If you're really paranoid, I highly recommend building a SeedSigner, getting some casino dice and generating true randomness, then giving it to the offline signer. It will spit out a QR code that you can write down as well as seed words. You can import it as watch-only into Sparrow and also import addresses into Bitcoin Core. If you use Sparrow, just set it to only ever connect to your own node. When there is need to send funds, you turn on the signer, import the seed, scan the transaction and send it off. You should use Bitcoin Core as a wallet too and fully avoid SPV. I have always thought Luke Jr was right from the start, including block size, even tho is not practical to decrease it anymore. How do you keep this file safe, and what if all physical copies become lost due floods, fires, thieves I'd buy myself an SD card, save it there and then hide it; it's tiny and lasts for a long time. Another way would be to encrypt it and save it to as many clouds as possible, including my hard drives. Then, I'd only have to write down an other kind of seed phrase.  Unfortunately, they do not last for a long time. I use SD cards a lot and they've failed me a few times, without very heavy usage. In my opinion they're fine for backups that are easy and quick to make and to restore, like implemented in the BitBox or Passport, but only supplementary to a written seed. Otherwise it's too risky for my taste. If someone does want to rely on SD cards, keep in mind there are the 'SanDisk Industrial' ones that Passport uses and might be worth considering. I just had a little look online and it appears that SD cards have more risk than other flash storage due to exposure to ESD which builds up for instance by plugging them in and out. Worth keeping in mind when it comes to storage (anti-static bags maybe). Even SSDs aren't a good idea for long term storage, including USB pendrives; HDD is still recommended. Of course, it begs the question: how do you even hide an HDD properly if needed. Personally im moving my tax residence to a "crypto friendly" country ASAP and stablish my "bunker" there and hope the most f*cked up scenario in which even the "crypto friendly" countries get coerced into joining the supranational decision makers of how storing private keys is now illegal. At least I will buy some time to decide what to do. For now it is what it is. I don't see a way to store a Bitcoin Core wallet any other way but to have your HDDs in jurisdictions were they will not confiscate your stuff anytime soon. Mdisk (millenium disks) may be a good long term storage backup too assuming it is possible to safely store data while being able to edit it which I doubt it's possible. Ages ago I remember using "DirectCD" software to edit CDroms, having some sort of "opened session", but this introduced further problems. |
|
|
|
|
If you use Bitcoin Core as wallet, how do you keep your keys safe?
Im not comfortable with anything but Bitcoin Core including to manage keys and im sure im not the only one. The problem is keeping the wallet.dat file safe, specially on an scenario were physical copies can be lost.
An Electrum user can have physical backups and an extra layer of protection by remembering the seed, so worst case scenario, if everything is lost, you still have the chance to spawn your wallet with the 24 words. However, with Bitcoin Core you are limited to the wallet.dat
How do you keep this file safe, and what if all physical copies become lost due floods, fires, thieves, government bans it and becomes extremely anti Bitcoin and seizes all physical drives if they find any links of you owning or having ever owned crypto, or you trying to cross a border where you get your stuff cloned (already happening in airports) etc.
Having multiple copies in different physical locations requires that you either trust someone else which I don't, or you own other properties which which a government will know you own anyway. Unless you are insane enough to bury a copy in in the middle of nowhere, but then again, someone could find it. Construction workers, random people, scavenging animals, etc etc. Not to mention there are cameras everywhere nowadays.
You could upload it somewhere online, encrypting the file inside and encrypted file, but then you are trusting no one finds this file, because if they find it, they can have a physical copy with all the time in the world to either attempt to bruteforce or wait for an exploit of the algorithm used to encrypt it in order to access the files.
I still haven't found a way to be comfortable using Bitcoin Core as a wallet in terms of storing it and accessing it quickly in extreme situations in case I were to lose all physical copies.
|
|
|
|
Is there a way to get a list of which hardware is being used for nodes on the network and sort it on a list? I assume many people take extra steps to not leak this data so probably we can't get a good idea of what hardware is sustaining the network.
Exact hardware (CPU brand, CPU type, etc.)? I doubt it. But we do know some Bitcoin nodes run on VPS. It's indicated by Bitcoin node IP which is in IP range of certain VPS provider. Those VPS provider usually state their hardware specification, so you could get minimum number of node which use modern Intel/AMD CPU. Yeah going by VPS it's not a good view. That's pretty much all compromised. Intel ME can achieve remote control via BMC/IPMI present on server chips. And I forgot to mention Raspberry Pi which a lot of people seem to use to run nodes also require propietary blobs to even start. From fsf website: Boards based on the Broadcom VideoCore 4 family, such as the Raspberry Pi, require non-free software to startup, although signature checks are not enforced. A free proof-of-concept replacement firmware has been developed, but it is not in a usable state, and development has halted. Until the non-free startup program is fully freed, these boards are useless in the free world.
|
|
|
|
I believe it was an incomplete feature that Satoshi wanted to introduce in bitcoin qt but was removed before release. It acts as some sort of rating system where it gives a rate (nAtom) to each user possibly to introduce a decentralized marketplace with the message "review".
This system seems to be giving a random rate to public keys of those who mined a block in the code you shared above.
My thesis is that the wanted a sort of ebay's stars system, you would gain reputation by mining honest blocks, this reputation would show up in the marketplace. He must have had ideas to try to incentive people into doing transactions in a world where Bitcoin was worth 0, he needed a context, so he was building this web of trust based market. There's a more lines related to the marketplace in 1.0.0 including atom propagation and review functions https://github.com/trottier/original-bitcoin/blob/master/src/market.cppI think this was removed in 0.1.5, this is the last time I found it https://github.com/blaesus/tinybtc/wiki/Bitcoin-0.1.5-LOC-statistics |
|
|
|
|
Is there a way to get a list of which hardware is being used for nodes on the network and sort it on a list? I assume many people take extra steps to not leak this data so probably we can't get a good idea of what hardware is sustaining the network.
My thesis is that the network could at some point become vulnerable to hardware-based exploits, as old hardware gets replaced by new computers which include exploits such as ME for Intel or PSP for AMD, increasingly more sophisticated and impossible to shut down. A main reason to not increase the blocksize that never got much discussion if any, was that the newer computers introduce these binary blobs which are basically at this point entire operating systems with full access to the machine at pre-BIOS status. In most cases, you can't shut it down except a few exceptions, so without knowing a list of which hardware is supporting the network, statistically probably most computers are compromised. An attacker would want the entire network to run on modern computers so it's all compromised by default, so the ever increasing blocksizes would aim in this direction. Once a big enough % is running under such hardware they would attack it. If folks running nodes aren't aware of this it's ought to happen in the future.
|
|
|
|
Is there any list of supported hardware for Coreboot or Libreboot?
I know there are some premade stuff that work on Thinkpads but it could be issue to run this bios on custom made desktop computers. Check your laptop brand and board here: https://coreboot.org/status/board-status.htmlBasically, stick to Lenovo. x230 is probably the best you could get with an i7. With Libreboot x200 or t400 for a bigger laptop and that's about it. There is a whole subject on what's better, Libreboot or Coreboot. With Libreboot you get 0 binary blobs but you lack microcode updates which are available in Coreboot (at the expense of having to use some proprietary blobs but it's considered not a problem and ME is of course disabled). You need to hardware flash for both, i think except the x60 which can be done by downloading the rom. This is possible in theory, but more simple way of introducing a global kill switch would be to just turn of the internet, like we can see it's happening in some countries during riots.
Internet is centrally controlled and controllers don't have to worry about people like you who run custom bios on computers.
If they really want to hurt Bitcoin (and everything else) this is what they would do because it's more simple.
It would be overkill to cut the entire internet since it would crash the stock market. They can just keep Bitcoin running under a network that is compromised because no one paid attention to this. |
|
|
|
All standard bios contain proprietary blobs. If you are not using Coreboot, chances are your CPU has Intel ME enabled, which has it's own proprietary OS in it with pretty much full access to your computer at pre-boot times. Anyone that is serious about Bitcoin should be using Coreboot or Libreboot. Most people don't use Bitcoin tho, if you aren't running your own full node you aren't using Bitcoin as far as I can tell. So it all begins with a good defense at the bios level, then you build a decent Linux setup, then install Bitcoin full node client you can trust. Most people aren't even aware of Intel ME and PSP for AMD exist so without addressing that most Bitcoin nodes are potentially compromised by default.
Sure, but you can always lock your bios with a strong password and you can disable in settings anything that you don't want to have. Don't get me wrong, I updated my bios many times and I never used corebot or libreboot so far, but maybe I will give it a try to see how it works on older computer. In addition to this you can always enable encryption during installation of any Linux OS, that makes is much more secure than any windows os will ever be, and you can always go next level with Tails, Whonix or Cubes os, but that is not recommend for majority of people. I don't see how Bitcoin nodes or any bitcoin related software can be affected with having bios password, plus encryption on OS level, plus strong password for your account. You can't disable Intel ME etc in the bios settings, that's the whole point. It runs no matter what you do, except if you flash your bios with Coreboot, which 99% of people will not do because it doesn't work in most modern computers, and it requires you to do some hardware modifications, it's not just flashing a rom file. A reason why an attacker would want big blocks on the network, besides reducing number of nodes due higher space needed, would be to take advantage of built-in exploits at the hardware level. Once 100% of the network is running on hardware that can be controlled remotely or modified in some way you have a killswitch. I haven't seen this angle discussed. Basically most of the network outside of Raspberry Pi and flashed bios' without Intel ME and PSP is potentially backdoored. |
|
|
|
I was looking at the (I think) earliest ever code found for Bitcoin in a version that was privately shared amongst some people, and in main.ccp, looking at the comments, every function seems explained in a straight forward way, but this one seems strange: // Add atoms to user reviews for coins created
vector<unsigned char> vchPubKey;
if (ExtractPubKey(vtx[0].vout[0].scriptPubKey, false, vchPubKey))
{
uint64 nRand = 0;
RAND_bytes((unsigned char*)&nRand, sizeof(nRand));
unsigned short nAtom = nRand % (USHRT_MAX - 100) + 100;
vector<unsigned short> vAtoms(1, nAtom);
AddAtomsAndPropagate(Hash(vchPubKey.begin(), vchPubKey.end()), vAtoms, true);
}
return true; What was the context for "Add atoms to user reviews for coins created" there? |
|
|
|
|
There's a way to check the content of a wallet.dat address list without even needing to install the Bitcoin software. Simply open it with a text editor and search for "name" string and cycle through results, you should see the addresses. Look em up on some blockchain explorer to see if the funds are there to calm your anxiety while you sync the full node. It even works on encrypted wallets because for some reason developers have decided to leave that part unencrypted (which is why you shouldn't rely on your wallet.dat password only, but to encrypt the actual file too)
|
|
|
|
Would it be a good idea to have cybersecurity subforum? It is a topic that goes hand in hand with bitcoin. I don't remember last time when moderators added some new child boards in forum, and I have been saying for some time that we should have some changes. Adding cybersecurity board could be added but only if related with Bitcoin, otherwise it would probably go to off-topic section. Lightning Network board could also be interesting, with some different opinions, but Theymos might not be in the mood for adding anything new things in forum, but I could be wrong about that  I don't use Heads, and messing around with bios is not advisable for most people. Even regular update of bios is not recommend to everyone, and should be done only if you need to fix some issue with your computer or enable new functionality. All standard bios contain proprietary blobs. If you are not using Coreboot, chances are your CPU has Intel ME enabled, which has it's own proprietary OS in it with pretty much full access to your computer at pre-boot times. Anyone that is serious about Bitcoin should be using Coreboot or Libreboot. Most people don't use Bitcoin tho, if you aren't running your own full node you aren't using Bitcoin as far as I can tell. So it all begins with a good defense at the bios level, then you build a decent Linux setup, then install Bitcoin full node client you can trust. Most people aren't even aware of Intel ME and PSP for AMD exist so without addressing that most Bitcoin nodes are potentially compromised by default. |
|
|
|
Would it be a good idea to have cybersecurity subforum? It is a topic that goes hand in hand with bitcoin. Without a good setup hosting your private keys is useless, you might as well have them on an exchange than host them on some Windows machine. For instance I wanted to talk about bios tampering to see if anyone here is using Heads: https://osresearch.net/This I think is a key factor that no one is talking about. Checking the integrity of the bios, not only corebooting it. This way you could avoid man in the middle attacks that would go unnoticed. I wasn't sure in which subforum to post this. It is too niche to get any serious replies outside of development subforum but I think that's off-topic. In a dedicated subforum we could share different techniques to improve the setup. |
|
|
|
This is an address. You don't need to back up addresses, but keys/seeds.
You can actually set your own hdseed through sethdseed. The hdseed that Bitcoin Core accepts is in WIF format so any new addresses will be generated from that. That is however not the recommended way to backup your wallet, backing up the entire wallet file would be far more prudent. Mnemonic is meant for easier memorization and it is fine to memorize it ontop of your physical copies. However, if you run into the issue of possibly losing your wallet file, then you probably didn't ensure enough redundancy. How do you store wallet.dat files in a safe way in all possible scenarios? Including: 1) Having all of your physical copies destroyed by a flood/fire 2) Having your physical copies stolen by a totalitarian government (yours become one, or you get stopped in an airport etc) 3) The people you trusted to hold backups also get theirs confiscated, they get bribed and betray you, etc 4) You get put to jail by totalitarian government and come out 5 years later (online backups in free sites may get removed due lack of use/host goes bankrupt, and paid ones require you to pay a membership to maintain the files) Im trying to come up with an alternative, without having to use Electrum. This is the only way I've thought it could be done. In extreme scenarios the only way you could have any hopes in recovering your funds is if you managed to have a plan B hosted in your mind and practicing daily to not forget the seed. |
|
|
|
Tried to tell my friends back in the summer that $60k+ was a good time to sell because bear market was incoming.
No one listened. They all were hypnotized by the YouTubers shilling alt coins and thought another 10x was around the corner.
Now, 6 months later they are all talking about the crash incoming.
N00bs....
I saw it comming from both technical and fundamental analysis. Technical analysis: We broke all time highs and it failed to deliver a proper breakout. It just went a shy extra couple of k's above the prior ATH, and then it went below prior swing lows, this is very bearish from a technical POV. Then add in the fundamentals. Fundamental analysis: An insane amount of media attention, everyone getting rich from total memecoins like Shiba, NFT craze, people buying scams like ETH and "ETH killers" because "BTC is now too high" etc etc. It's always the same thing every cycle, and on every cycle there is people in dennial about it ending. Im not sure if this is a secular bear market of 2+ years or an intermediate one. In any case, something like this was coming and it was predictable. And now the question is, 20k before 100k or not? |
|
|
|
|
You don't need any innovation at this point for the price to go up. It just needs to keep working as it is and keep any bugs clear and the price will eventually go up. The price is going down simply because an insane amount of dumb money arrived to the space thinking they would get rich overnight pushing the price high way too fast. So now we need a good shakeout. 20k would be the ultimate buy the dip scenario before 100k+ prices become the norm.
|
|
|
|
|
I was thinking of ways to be able to memorize the seed and then be able to carry your coins in your own memory as a last line of defense. Imagine that every single backup you own is lost for some reason, if you could memorize the seed as an Electrum user can do with 12 words (of 24 if you think 12 isn't safe) then you could still be able to access your funds even if all physical copies are lost and any possible emergency encrypted backups in the clouds are also lost.
So in Bitcoin Core you can use the dumpwallet command and get the hdseed=1 string which for instance would be like this: "tb1qzqtu25qsue0a5pp3hg8lkftclf8ds"
Im not sure if there is a fixed length of 33 characters or it's approximately 33 characters. In any case the idea is to convert this string into human-readable format.
So once you cross the border of a country or wherever you want to go where you don't want to be carrying anything encrypted, you can create a new wallet, enter the seed, rescan the wallet and then the addresses with your funds would show up (or possibly you need to generate receiving addresses for them to show up? im not sure)
Also, im not sure if the hdseed=1 tb1qzqtu25qsue0a5pp3hg8lkftclf8ds string is all you need to backup or there would be more?
Im interested to hear if someone has done this in practice and if it has worked and any ideas to convert the string into something you can memorize.
|
|
|
|
~
That sounds great! The techniques you described all make sense to me and should be pretty secure, as you say. Of course, critiques such as deleted files being recoverable, are valid as well, but I am not sure if there has been malware already that recovers deleted files. I think because this case is quite the edge-case. Regarding 'cold storage support', since v22.0 Hardware Wallets should now be supported. Everyone's definition of 'cold storage' varies a bit, but I thought it may be interesting for you. It wasn't simply deleting the file but overwritting it with shred on the linux console, shred -zvun 16 specifically will make sure no one can recover it. ...
I would like to avoid Electrum because im only familiar with Bitcoin Core's coin control and I have no idea what im doing outside of that. As a way to get an alternative to the lack of being able to store 12 or 24 words (memorizing them because if you have to store them, it's the same problem as storing a wallet file) I was thinking about ways to get the HD seed of Bitcoin Core human-readable. For instance, this hd seed is 33 characters, would it be possible to convert this to words? tb1qzqtu25qsue0a5pp3hg8lkftclf8ds If you could memorize this, then you could use Bitcoin Core as electrum, since if you can memorize that, you can create a new wallet and enter "sethdseed tb1qzqtu25qsue0a5pp3hg8lkftclf8ds" and you would get the wallet. How do you rate storing encrypted files on email providers instead of dropbox type sites? Then once you cross the border, you delete the file, but probably there would be traces of the file for them if they wanted to recover it since it would be a simple file deletion and not a shred type overwrite, but it's unlikely anyone would bother to go throught that. It would need to be employees of the email provider to get into your account, look for deleted files, and then crack the SHA256 encrypted file (and probably 3 cascaded algorithms if you use Veracrypt). So yeah good luck with that. The real risk would probably be that there is a user+password database leak and it would need to happen during the time you are hosting the file which is temporary, and then they would need to be able to crack the file. So probably hosting an encrypted file temporary on a private place that requires a login+password access is reasonable. |
|
|
|
I check that sha256 hash matches then I compile it and I overwrite whatever was on the bitcoin folder previously. Is this ok, or should I first delete the bitcoin folder, and the compile it or any other steps I may be missing?
I don't know definition of "correct" in this case, but here are few common recommendation. 1. For security purpose, you may want to verify the signature (which contain hash of the files). 2. Do not overwrite/delete the Bitcoin directory (which contain executable file), but rename/archive it in case compilation failed or newer version has unwanted bug/behavior. Yeah I always check the SHA256 checksum of the files. I should check gpg sigs too but usually I check SHA256 on Bitcoin Core site and on the github page so its unlikely both get hacked at the same time. https://github.com/bitcoin-core/guix.sigs/commit/74e11d73285a63c7a3e9fd5eac42054b5ee3014bWhat I want to know is how to deal with the blockchain files. I guess the best solution is to have a dedicated blocks folder and then build the binaries from scratch on a new folder for each version so I don't overwrite anything and reuse the downloaded blockchain files and generate new chainstate ones. |
|
|
|
|
Show Posts
