OK, first let me squash the "I have no idea what I'm doing" remarks. That check was already scratched out (because it was a misprinted, scrap check) and the purpose of the picture was to focus on the private key, thats it...
As for the firstbits, You and a few others have made your point and I will work on getting the firstbits verified and tied to the check since, as you said "If you provide it, they will use it", and that will also make them more useful if the QR code is not available to scan.
Sorry if I came across a bit harsh there, I didn't mean to call you dumb or anything, but you are (at present) on a newbie account in the newbie forums and the pic did seem pretty odd. Not trying to call you out, honestly, I'd rather offer help if there's some misunderstanding. I want to see Bitcoin succeed and the better people understand it at this stage of the game the higher the chances of that happening are. I wasn't trying to beat a dead horse with the firstbits thing either, it's just that a lot of folks aren't aware of things like vanitygen and don't know that you can "steal" firstbits pretty trivially. I figured an actual in-practice example would be a good way to drive that home. I know I come off strong but it's only because you look like you've got a good product if you can just recognize and patch a few simple problems before hitting a live market with them and I wish you the best of luck. |
|
|
|
That is why I also have the full address listed on the check, If the merchant checks only the firstbits and does not validate the whole address that is their mistake, TBH. Don't get me wrong I had thought of that, but at the same time personal responsibility of your own payments is like Bitcoin 101.
What is the point of including the firstbits on the check then, if they aren't to be used to validate the check balance? They are, but if I relied solely on the first bits the full address wouldn't be needed. Creating an address with matching firstbits also kind of defeats the purpose as well. You're kind of missing the point. Most people will use whatever the easiest method you present them is. If they have a way to scan the QR code, then they'll do that - otherwise they'll default to firstbits. Nobody is going to enter a 34 character alphanumeric case sensitive string to check balance if they can type 6 or 7 non-case-sensitive firstbits instead. If you're printing the firstbits on the check, it's implied that the firstbits are inexorably tied to that piece of paper, which isn't necessarily the case. I've already demonstrated how someone could use this loophole to scam a merchant and saying "it's on the merchant if they don't take the time to type 34 alphanumeric characters" is not a valid excuse for doing things the right way. If we want Bitcoin to be accepted by merchants we have to make it easier than "1KvrFZYgwQe5D7cfMR1ndKL9zUzm9CAHzy and pray to god you don't make a typo" which is the whole point of firstbits anyway. But for the firstbits to be valid you HAVE to fund them or else leave yourself open to a collision attack like I described above. Merchant's won't use these if it's that trivial to scam with them. Again, you don't even have to fund them with a lot, you can spend a single satoshi which, at the time of this writing, is worth ~0.0000000494991 USD (about five millionths of a penny). To refuse to fund at 0.00000001 BTC before sending is either incredibly cheap or incredibly lazy and either way it completely invalidates the usefulness of printing the firstbits at all. Also, for the record, it seems odd that you've scribbled over the address but left the privkey visible in your image; it seems to belie a very poor understanding of how Bitcoin actually works... From private key 5J7nDBQHbQ7u8MmLdHuxz2uqGCJdrKzZSMY7vcnZRnDeCEFqLs3 it's trivial to compute the scribbled-out address 1KvrFZYgwQe5D7cfMR1ndKL9zUzm9CAHzy with firstbits 1kvrfzy. As a proof of concept I just did exactly what I suggested and made an address with vanitygen that collides with your firstbits: 1KvrFZyLX7dKpvYjzTWv3E9KfivR6fhBco and funded it with a satoshi just to prove that I can "steal" your firstbits if you don't fund them at the time of generation/purchase. I'm doing this from my work laptop so I didn't even have the benefit of OpenCL acceleration on a decent GPU to help me. This took less than ten minutes. With even a single 5830 it would take less than one. Note: At the time of this writing there hasn't been a new block for nearly an hour so the transaction is 0/unconfirmed so I technically haven't stolen your firstbits just yet, but whenever the next block arrives you should see what I mean.Update: Block finally hit, all your firstbits are belong to me.
Firstbits.com is annoyingly slow to confirm this but http://blockchain.info/address/1kvrfzy links to my address, not yours. I think that's an adequately solid proof of concept. |
|
|
|
How do you have firstbits printed on the bills before funding them? That isn't possible. You can't just guess what your firstbits will be. You have to get the address in the blockchain first.
When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7. However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit. But they will also have an unfunded check, also the reason for 6 characters. To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits. I think it's a good idea to have the firstbits on the check, but better to be safe than sorry! You can use sendmany for each batch to minimize fees. It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate! Otherwise, you'll keep being asked the same question over and over about the firstbits.  Yeah. This would work and guarantee that you don't ever have an incorrect firstbits. I don't really want to send out funded checks and the firstbits are only ment as a reference number to check the transaction, not the sole means of funding. Look, here's the problem: Say you have a check with firstbits 1qz80e7. I can go grab a copy of vanitygen and make a new bitcoin address with those firstbits. I then send money to that address and nothing ever gets sent to the actual address on the check. Since firstbits aren't case-sensitive generating a collision should be relatively easy. A merchant might then take the check, check the firstbits only and accept it since firstbits 1qz80e7 actually shows a balance. When said merchant attempts to redeem the check via the private key, they will find they've been given the privkey to an account holding no funds. |
|
|
|
Name the businesses please. I'd like to know where not to shop any more.
http://www.thestockman.org/A unique combination of Financial and Website Development Services Brought to you by a 15 year Wall street veteran Uses a template monster template for the website The animated gif of flashing lightning in the header was a nice touch. OK if this is your business front, I'm fairly confident I would never have bought anything from you anyway - bullet dodged. A web designer that uses crappy template monster templates? Brilliant. In all seriousness though, stop bitching and get in line. The more you complain the more you make yourself look like an idiot. We're not insulting you, you're insulting yourself - we're just pointing it out. |
|
|
|
i run large businesses and would never insult potential clients. ill think twice now before using bit instant
Name the businesses please. I'd like to know where not to shop any more. |
|
|
|
|
I love how angry people are getting over one weekend without access to their funds. Apparently no one learned any lessons or got any perspective from the MtGox hack.
|
|
|
|
|
People pointed out you were being stupid in the other thread about Bitcoinica so you start your own thread to be stupid in? OK we'll just move over here to call you an idiot.
Ecommerce isn't like a brick-and-mortar store, sometimes the thief is still "in the store" long after the initial crime is committed. If Bitcoinica put their servers back up so you can pull out your money they could potentially lose whatever funds they put on said server to reimburse you. Welcome to the real world where we have to investigate breaches before putting the systems at risk again.
Of course you already know this because I'm not the first one to explain it to you. Now stop acting like a troll, put on your big girl panties and wait until Monday or Thursday or six weeks from now or however long the investigation takes.
|
|
|
|
|
So here's what I ended up doing for my wearable paper wallet - dog tags.
Dog tags are durable (made of steel), cheap (a set of 2 with chain and silencers cost me $9), and hold a lot of text (5 lines of 14 characters each per tag and it's customary to wear two).
The major downside? Most of the places that emboss dog tags don't allow lowercase letters so I couldn't use base58, I had to default downward to base32. Luckily, base32 is a recognized standard (unlike base58 which we more or less made up for Bitcoin) so if you want to do fancier things than me there are pre-existing libs for it. Also, since each character of b32 is worth 5 bits of entropy we only need 160/5=32 digits for entropy to be >= the amount of entropy in a Bitcoin address or about 24 digits to match the entropy in one of Casascius' mini private keys.
Now if you're super paranoid you could just put half of your key on one tag and half on another and have them engraved by separate companies but I opted for a different (and I think more clever) approach. Since each tag can hold up to 5 lines of text, I generated some random 40-bit (8 character) base32 and labeled my tags thusly:
Tag 1:
0 RNESQS5Y
1 KI3QGVP3
2 IY4EZIIH
3 OYHBET4C
4 CLMAD264
Tag 2:
5 QEPOOXFJ
6 JRIIEL2K
7 VAIV5HU4
8 I2H4ZGP5
9 C6NPVY3Y
(note: not my actual key values, I'm not that dumb...)
Now I just need to remember any number with at least 3 (preferably 4+) digits and use the tags as a lookup device. If my pin were 1286, for example, I'd look up the values for those numbers on my tag and come up with a key of KI3QGVP3IY4EZIIHI2H4ZGP5JRIIEL2K. I can enter this value into something like Casascius' BitcoinAddress utility and generate an address (or even a whole deterministic wallet) just like it were a valid mini private key from one of his coins. I could also add another bit of entropy by varying whether I enter the b32 values above in upper or lowercase characters and could even "salt" the values with a simple/descriptive passphrase.
IMO this is the best combination of a physical wallet and a mental wallet since it requires both a physical device and a value known only to me to recreate any given wallet. It also allows me to store an effectively limitless number of privkeys on my person (limited only by however many PINs or salt passwords I can memorize).
For the truly insane, most embossers do support a small number of special characters - hyphens, colons etc. so it's possible to extend base32 as you see fit, and I'm sure if you hunt you can find someone that will emboss mixed case letters, but for cheapness and simplicity base32 just works. It also has the advantage of representing a number of bits that 160 is divisible by, so Bitcoin-related entropy math is very easy.
Any thoughts?
|
|
|
|
 Wow, already blocked by my company's websense. |
|
|
|
This actually looks like it'll work nicely, assuming the BFLs use the same sort of interface as the Icarus boards from the post. It'll take some experimentation but it sounds like exactly my sort of weekend project  |
|
|
|
|
Does this experimental firmware void or otherwise affect warranty support?
|
|
|
|
Up to 70 FPGA devices have been tested on a little TP-link router, if that helps you to figure out how much resource you will need for your host.
Basically, there is little to no USB bandwidth needed, very little network bandwidth needed, and the drivers are almost universally compatible.
Do you happen to have a link to any resources about mining from a TP-link router? I've got one I was intending to use as a piratebox but could easily repurpose for miner control, assuming I don't have to write the software myself... |
|
|
|
Well at least I got a meaningful update to my FIT data question. Not that any FPGA would be the weak point in those calcs anyway... |
|
|
|
|
If I were to rebuild my mining operation using BFL units or FPGAs it seems to follow that the PC would only need to run the mining software, connect to the internet, support the drivers necessary for USB comms with the BFL/FPGA units and run whatever minimal OS is necessary to support the above. It seems like you could get away with a nettop or even a plug computer for the above, minimizing both PC cost and power cost - but there are some data points I don't have that might change that outcome.
Do the BFL/FPGA units require drivers that are only available for certain versions (or CPU architectures) of Windows/Linux that might limit my selection?
Do the BFL/FPGA units use so much USB bandwidth that throwing a hub or two on the one or two physical USB ports these computers have would be inadequate? Would I need to get a larger PC with more ports/channels?
Are there any BFL/FPGA units that use non-standard mining software that might require a specific platform, thus limiting my selection?
Have I overlooked any other important bits?
|
|
|
|
|
Aside from the p2pool issue, does anyone have results to report?
|
|
|
|
like the block reward half'ing in December
Miner's revenue seems to have stabilized around 25% so with the block reward halving in December one of two things will have to happen to maintain that stability: the price doubles or the difficulty halves (or some combination of the twi). While it's likely that the decreased daily supply (from ~7200 to ~3600 BTC) would increase value somewhat (assuming the demand stays the same) the ~3600 BTC influx that is removed from the block reward halving is a small fraction of daily trade volume, so my money is on difficulty halving as the decreased operating margin pushes less efficient miners out of the game. Still, I'm interested to see what an effective halving of the inflation rate does to BTC's price point. Whether it's good or bad it will at least be interesting |
|
|
|
|
The raffle was for a device that computes millions of SHA256 hashes per second, I figured it wasn't unreasonable to ask you to compute one. Plus, the entire process was explained in the raffle thread. The SHA256 calculator I linked you to? It's the one GigaVPS linked you to as well. Sorry if I'm unreasonably harsh but one of my pet peeves is people who don't actually read directions then complain when they can't follow them.
|
|
|
|
You do realize you're in a room full of people who are constantly trying to engineer new ways to compute said hashes faster and more efficiently, right? In all seriousness though, he posts the results of sha256(email) which you can find by entering your email address in the hash calculator he linked to and see if your email addy matches the #1 result. This isn't done to make people unaware of when they win, it's to prevent giving away your email address while still publishing the results publicly. |
|
|
|
Also keep in mind that mens rings are usually wide enough to fit 2 or 3 lines of text @ 30 characters each, so you could potentially put up to 90 characters inside the ring and if you got the right material, style and finish another 90 characters outside. It might be wise to use a separator character on each line to show where the characters start and stop, depending on how the engraving works out so 87 inside and 87 out for a total of 174 characters. If you use Bitcoin's standard Base58 encoding that gives you log2(58)*174≈1019 bits for both sides or log2(58)*87≈510 bits - WAY more than you'd actually need for a privkey. Even falling back to hex would give you log2(16)*174=696 bits for a double-sided inscription or log2(16)*87=348 bits, still more than adequate.
Given that the Casascius mini private key is kind of an industry standard though, it's probably best to stick with it for compatibility's sake.
If one did more than 30 characters for a private key, the additional characters ought to contribute to some sort of forward error correction scheme (e.g. Reed-Solomon codes), so that the key can be recovered with any substantial fraction of the message. Not a bad idea. Perhaps that'd be a better use of the extra space in my wacky sliding nested ring thing up there than storing multiple keys. I'd trust you to come up with the scheme for that better than I'd trust myself, you tell us? |
|
|
|
|
Show Posts
