No, it isn't worth it. As I calculated earlier in this thread, you are looking at over 16k flips to be relatively sure of excluding a bias from a coin flip, which has 2 possible outcomes. The number of runs to exclude bias from a bingo ball machine with 75 balls would number in the millions. Absolutely not worth it.

People coming up with their own methods of generating keys, backing up their seed phrases, creating difficult to access wallets, etc., is a leading cause of people losing their coins. Just because someone hasn't done something before, does not mean it is worth doing it nor that it is a good idea.

No, I don't. You are attempting to create a solution for a problem which doesn't exist. We already have easy, simple, quick, and provably secure ways to generate private keys. We do not need to reinvent the wheel.

If you want to treat it as a challenge for a bit of fun, then I can't stop you. But I would never recommend using it to generate private keys or wallets you will use to actually store funds.

No, you put your name, "General Delivery", and the address/city/state/zip code of the post office you want it delivered to. Check with that post office they support general delivery first, otherwise your package may get redirected elsewhere. There are more details on the USPS website here: https://faq.usps.com/s/article/What-is-General-Delivery

Can you sign up to an Amazon account using a prepaid card with fake details? Because if not, even if you get delivery to an Amazon locker, Amazon will still have your full name and address.

That is perfectly fine set up for your own personal use. You cannot use this server to allow other people to connect to, however. The clue is in the name - Electrum Personal Server. The way this server software works is that you have to tell it in advance the addresses or extended public keys you want it to watch, and it performs a full blockchain rescan for these addresses/xpubs. Other people cannot use this with their wallets because the server hasn't scanned the blockchain in advance for their addresses. The upside to this is it is very lightweight and does not need much in the way of resources.

If you want a server other people can use, you would need to run something like ElectrumX or Electrs, but these require much more resources.

I happen to think fillippone has pretty great buns.

So include all the inputs you want, add an extra input to cover the fees, set the outputs you want, set the fees you want, and the left over from the extra input will be returned to you as change.

There is no way to select this, and indeed, no such thing. When you have a transaction with multiple inputs and multiple outputs, it is impossible for anyone to say which bitcoin ended up where.

At a protocol level, your fee is simply whatever amount of bitcoin you don't specify an output for. There is no "fee" field in your transaction; it is simply whatever is left over. And so there is no way to assign specific bitcoin to the fee (or indeed to any output).

Essentially, yes.

Yes, kind of.

If you are running Bitcoin Core, then it is your wallet. No one else who is running Bitcoin Core needs to connect to another specific node, since they are running their own. (But of course their node will connect to other nodes as part of the normal bitcoin network.)
If you are using a closed source wallet such as Coinomi or Trust, then that wallet probably exclusively uses the servers of the company or entity which built that wallet, and the users can't change that. Such wallets provide no privacy and very poor security, but for some reason people continue to use these wallets.
If you are using an open source wallet such as Electrum or Sparrow, then yes, those wallets will connect to public nodes/servers in order to obtain the necessary blockchain data. You could host your own public Electrum server with your node as a back end for it, if you so choose, which other people could then connect to with their Electrum software.

On the general bitcoin network, your node will first use either a DNS server or one of the hardcoded IP addresses to connect to another node, and then will query that node for the addresses of more nodes, and build up a local database of nodes it can connect to. In terms of if you are running an Electrum server, then a similar process is followed to publicize your server: https://github.com/spesmilo/electrumx/blob/master/docs/peer_discovery.rst

Absolutely, but the beneficial trade off for that limitation is it also the lightest of the three options which has the lowest demand on hardware, so that will be something for OP consider. If OP will simply be setting up a solitary multi-sig HD wallet, then it is quick and straightforward to import his xpubs to EPS, scan once, and then be good to go. And you can of course choose to only scan from a set height, so if it is a newly created wallet you do not need to rescan at all.

Check out this thread: Do Hardware wallet Manufacturers Ship to PO Boxes or Not?

The best option is to order direct from the seller under a pseudonym to a shipping location not directly linked to your real name and identity. How easy or not this is to do depends on both your country/state of residence and the hardware wallet manufacturer and their shipping arrangements.

Other options will to buy in person from an official reseller using cash, or to use general delivery/poste restante to deliver to a post office and then pick up with your ID, meaning you only have to reveal your name and not your address. You can (and should) choose a post office in a different county/area/zip code/etc. to the one you live in to make it harder to trace.

Almost identical wording to the not-an-audit that Mazars performed for Crypto.com, which as I point out in this post, is completely meaningless. And again, just like the Crypto.com one, absolutely no mention of their centralized token they can print out of thin air to prop themselves up and use to buy enough bitcoin to make everything look peachy.

Here is a link to the full Binance not-an-audit: https://veritas.mazars.com/binance/Binance_POR_Report_7_December_2022.pdf

Look at point 5 on page 2. One of the ways they identified funds as belonging to Binance was as follows:

Not signing a message or making a transaction, but checking if an unknown source had "tagged" the address on a centralized website. So basically, "these funds belong to Binance because a stranger says so". With literally nothing to stop someone at Binance from tagging addresses themselves. Absolutely unbelievable.

Yeah, I think we are going to have to simply agree to disagree on this one. You will never convince me that any process which requires human selection or ordering will generate truly random entropy (because humans cannot be truly random), and I will never advocate using a system like bingo balls which has an unmeasured bias and requires unnecessary transformation of the final result. If you want to use a physical method to generate a seed phrase or private key, flip a coin. If you don't, use /dev/urandom. Making it more complicated than this is just introducing errors and biases which don't need to be there.

We do have statistics on that. They are summarized at the end of BIP173: https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#checksum-design

The lines we are interested in are length 39 and 59, which correspond to a 42 character P2WPKH address and a 62 character P2WSH address (3 additional characters for the non-data part "bc1"). For both address lengths, and considering 8 characters being substituted, then the chance of this going undetected by the checksum converges on 0.931 per billion.

You can use the same onion address on Bisq for as long as you want. Your account will show an age, and you will also show your local reputation to other traders. You can delete this onion address at any time you aren't actively trading, which effectively wipes your account and makes you appear as a brand new user to the rest of the network.

Privacy and centralized exchanges do not go together in the same sentence. If you do anything with a centralized exchange, assume your privacy is zero, everything is being logged, and all those logs are being shared with third parties. Bitcoin to Monero is a good anonymization method if and only if you performs those trades peer-to-peer.

That's not a fair comparison. You are comparing having two identical seed phrase back ups and two identical passphrase back ups in the case of a single seed phrase/passphrase wallet, against having only two different encrypted seed phrase and two different decryption tables for two different wallets.

You should never only have one back up of any element of your set up. If you are using your system, then each wallet should have (at a minimum) two identical back ups of the encrypted seed phrase and two identical back ups of the decryption table. When you compare like for like, there is no difference in this regard between your system, seed phrase/passphrase, or 2-of-2 multi-sig.

Hard disagree. Not only is a multi-sig wallet a great way to secure your funds, but it also brings the significant benefit of avoiding a single point of failure by requiring at least two wallets on two different devices to sign any transaction.

I don't think this is different at all. With either a seed phrase/passphrase or a 2-of-2 multi-sig set up, it must obviously be a unique pair of back ups which are obtained in order to compromise the wallet. Obtaining the same seed phrase twice achieves nothing.

I've lost track of how many times I've warned that these proof of reserves that all exchanges are coming out with are little more than a marketing gimmick. They prove nothing. It won't be long before the first exchange which "proved" they were fully backed up goes bankrupt, and takes another few million customers' funds with them.

I'm not sure you can call warnings on any centralized exchange FUD right now, given the events of the last few months. But good news anyway that more people are withdrawing to their own wallets. Although perhaps the outrageous withdrawal fees that Binance charges on $2 billion of withdrawals will be enough to plug the apparent hole in their balance sheet.

Claim everything is fine while simultaneously pausing withdrawals. The exact pattern of behavior we saw with Celsius. And Voyager. And BlockFi. And FTX. And the dozens of other smaller platforms which have gone bankrupt in the last few months.

But sure, leave your coins on a centralized exchange. Maybe withdraw just enough to buy yourself a clown costume for when you lose everything after months of non-stop red flags and warnings.

I don't think this adds anything over a seed phrase/passphrase combo or a multi-sig wallet, while also losing the plausible deniability which comes with both of those.

With your system, you need 4 back ups in separate places - two of your encrypted seed phrase, and two of your decryption table. Compromise of one back up is insufficient to steal your funds, but compromise of one of each back up will lead to your funds being stolen. This is identical to a seed phrase/passphrase combo (which should have two back ups of the seed phrase and two back ups of the passphrase), or a 2-of-2 multi-sig wallet (which should have two back ups of each cosigner).

However, with your system, if an attacker finds your encrypted seed phrase or a decryption table, they will know they have found something to do with a seed phrase but will not be able to access any wallet at all (given an only 1 in 256 chance of randomly passing the checksum with a 24 word seed phrase), incentivizing them to either keep looking for your other back ups, or to just attack you directly.

With a seed phrase/passphrase combo, if an attacker finds a copy of your seed phrase, they can access a base wallet which you can set up as a decoy, hiding the fact that you have a passphrased wallet at all. If they find a copy of your passphrase, you can easily deny it has anything to do with bitcoin at all (bonus points if you use that passphrase as a decryption key for some encrypted volume full of plausibly "sensitive" material). Similarly, if they find a copy of one seed phrase from a 2-of-2 multi-sig wallet, they can recover a standard single sig wallet with that seed phrase, which again, you can have set up as a decoy, hiding the fact you have a multi-sig wallet at all.

I note the point you make in your whitepaper about passphrases potentially being insecure if the user chooses an insecure one, but this is easily mitigated by simply not doing that.

And as DaveF says: Where is your source code? This is something that must be examined and ran offline.

Or maybe not. The pull request for setting mempoolfullrbf=1 as default (i.e. enabling it as default) was closed a few weeks ago, and just yesterday was removed from the v25.0 list of milestones: https://github.com/bitcoin/bitcoin/pull/26305#event-8016077680

There is still a lot of discussion and arguments going on on the mailing list too. It might well be contentious enough that we don't get full RBF by default in v25.0 and it is pushed back to a later version.

Note that you are quoting from BIP350 which defines the Bech32m variant, which is used for version 1 segwit addresses (taproot, bc1p) and future versions of segwit addresses. These addresses can be between 14 and 74 characters long, so you can indeed have additions and deletions without invalidating the address.

Version 0 segwit addresses (native segwit, bc1q) as were being discussed above have fixed lengths, so you can only have a deletion if you also have an addition of the same length, and vice versa.

Maybe if you were to wear a blindfold when arranging the dice in the grid you could convince me you have not introduced a bias, but otherwise you have. You may think you haven't, you may think you aren't paying attention to the numbers on the dice, you may think you are being totally random, but you aren't, because humans can't be. And we both know that many people if told to wear a blindfold to arrange the dice would just skip that step, thinking it was a waste of time because they are sure they are being random (just as you are), when they aren't.

And I would counter that there is no way I personally will be using a process I know nothing about to generate my private keys. But YMMV.

I already have a perfect one - flipping a coin. The outcomes of 256 fair flips are perfectly and provably matched one-to-one with the set of 256 bit numbers.

Not for individual vanity addresses like this. You simply create a new wallet, select "Import bitcoin addresses or private keys", and then paste the relevant private key with the prefix "p2wpkh-p2sh:" for a nested segwit address such as this one.

Well, there's more to it than that. Creating a universal signing scheme which will work for all bitcoin addresses and all script types is not trivial. If you are really interested, you can have a read of BIP322 and the issues surrounding it:
https://github.com/bitcoin/bips/blob/master/bip-0322.mediawiki
https://github.com/bitcoin/bips/pull/1347
https://github.com/bitcoin/bitcoin/pull/16440

Electrum have a created a very specific solution for signing with one specific type of address. And so if you want to use this specific solution, then just download Electrum.

Oh I dunno about that. Here are a couple I just spun up:

3Chymistu2BS56TuweMrwVgEyCLHXrtFxR
bc1qscepchymy3k8t8gvng50gpuudvp3swawws075c

Now I would offer to send you the private keys, but of course that would be a highly risky move on your part to use an address where I know the private key. But if you did want such an address, then I could generate one for you using a split key, which means I don't know the private key.