3)怎样创建、验证、使用纸钱包和头脑钱包? 創建paper wallet有兩個方法: 1. 到 https://www.bitaddress.org/ , 第一個畫面就已經是一個隨機產生的紙錢包, 把Private Key印出來, 就可以把錢放進對應的Bitcoin Address了. (你喜歡也可以選擇"Paper Wallet"和"Bulk Wallet", 只是一次產生多個紙錢包) 該網頁可以離線使用, 只要你把網頁保存下來, 在離線電腦產生紙錢包, 就不怕木馬了 (注意這裏用的Private Key是Wallet Import Format (WIF), 是以5字作開始的一串文字數字; 而我一開始講的是Hexadecimal Format. 不過兩者是可以互換的, 例子中的private key的WIF就是5KGWPZG9pigSLa2pksxDBYSngTNr8qjnB4YDVsGtbaWe3QxRDq5; WIF比Hexadecimal短一些, 而且有校驗碼防止輸入錯誤, 但WIF是分大小楷的) 2. 用Armory客戶端 ( http://bitcoinarmory.com/ ). Armory比官方客戶端強得多, 只要正確使用, 也安全得多. 缺點是要較多資源, 但值得一試. Armory是依附於官方客戶端, 因此你必須安裝好官方客戶端並已和網絡同步, 且在使用Armory時必須保持官方客戶端在運行. 安裝Armory後: a. 按Create New Wallet b. 隨便給一個Wallet name和Wallet description c. 同時選擇 Use wallet encryption及Print a paper-backup of this wallet d. 按Accept e. 輸入一個密碼 (要用錢就要這個密碼), Accept f. 再入一次密碼, Accept g. 再入一次密碼, Unlock h. 把彈出來的頁面印出來就是paper wallet了. 記著這個paper wallet不受你剛才的密碼保護, 任何人得到這張紙都可以直接拿到錢 i. 雙按你的新錢包, 選Make Digital Backup, 就可以把那個電子錢包備份. 該備份是受剛才的密碼保護的. Armory的好處是只要你不手動引入其它private key (import private key), 剛才你印的那張紙就可以永遠保護該錢包內的所有bitcoin, 不管多少交易, 用過多少地址 Armory支持多個錢包, 但每一個錢包要個別備份 ---------------------------------- 要驗證WIF或Hexadecimal Format的private key, 只要在bitaddress.org的Wallet Details輸入private key, 就會產生對應的bitcoin address 而Armory的paper wallet, 驗證就是恢復了. 選Import wallet -> Restore from paper backup, 然後輸入資料, 就可以恢復該錢包, 看到入面的地址, 結餘(如果有上網的話), 並可以用裏面的錢了 附帶一句, Armory在沒有網絡或沒有官方客戶端的情況下也可打開, 只是不可以看到結餘和用錢, 但仍可以生產和恢復錢包 ---------------------------------- 要使用bitaddress.org產生的paper wallet (其實就是WIF的Private key), 用官方客戶端就很麻煩, 我建議用Armory. 首先把Armory改為Advanced或Expert模式後重啟, 雙按你的錢包, 選Import/Sweep Private Key. 如果想同時加入個private key, 可以選Multiple Keys, 然後輸入你的Private Key, 最後選第二項"Import these address to your wallet". 那麼你的錢包便會多了這些新地址, 你也可以用裏面的錢. (如果你最後選了Sweep any funds....., Armory就會把那些private key內的錢全部轉到你原有錢包的地址內.) 請注意你引入(import)的private key是不受Armory的paper wallet保護, 你必須另外記下來. ---------------------------------- Brain wallet也可以在bitaddress.org產生, 只要在Brain Wallet一項下輸入一些文字(分大小楷)/數字/符號, 就會產生一個WIF private key和對應的地址. 只要你把剛才輸入的句子記下來就是腦錢包了, 任何人得到這句子也就得到戶口內的錢. 要驗證也就是在同一頁面輸入同一句字, 看看是否輸出同一個Bitcoin Address; 要使用就把那個WIF private key引入Armory就可以 |
|
|
|
我嘗試用簡單的方法介紹. bitcoin有所謂的"密匙" (private key), 密匙由64個0-9及A-F組成, 例如BF3BD3C6228DE8044C427EB76F364D1C893088D0654FA7018D05BEE2C344886D. 每個密匙換算為一個戶口賬號 (address/account), 上述密匙就對應18TPQs83tBzuhYFTZorbUkB5zsEcKyzuju
任何人只要得到密匙就可以得到戶口內的BTC, 所以密匙是不可讓人知道的. 傳統的bitcoin客戶端會隨機產生密匙, 記在wallet.dat內. 因此得到wallet.dat就可得錢包內的錢. 錢包可以再用密碼加密, 那麼得到wallet.dat還要同時有密碼才可以拿到錢.
而所謂紙錢包或腦錢包, 就是把密匙(或生產密匙的方法)記在紙上或腦內
待續.....
谢谢!请继续。 我目前是这么做的。 一个是除了在台式机上装了客户端,用于平常交易外,还在我的一台平时很少用的笔记本电脑上也装了一个客户端,两个都是官方的Bitcoin-qt版本。 第二是把两个客户端都加密(系统自带的加密功能),并把两个Wallet.dat都备份到移动硬盘上。 第三是平时只用台式机交易,及时把绝大部分的比特币发送到笔记本上储存,确认后把笔记本关机,放一边。 不知道这样做足够安全了吗? 基本上安全, 如果: 1. 你的兩台電腦(特別是笔记本电脑, 因為存的錢較多)絕對沒有病毒或木馬; 2. 每進行100次交易, 最少备份 wallet.dat 一次. 第2點很多人忽略, 就悲劇了 另外, 那100交易是指把wallet.dat加密後的100次交易. 假如你备份了沒加密的wallet.dat, 之後才加密, 那原來的备份便沒用了, 要再一次备份. 曾經有人因此悲劇了 還有, 其實你不用打開笔记本电脑都是可以收到錢的, 要確認看 http://blockchain.info/ 就可以了 |
|
|
|
1)纸钱包和头脑钱包到底是什么?有什么作用和特点?
2)使用纸钱包和头脑钱包有什么好处呢?不用又有什么不好呢? 我嘗試用簡單的方法介紹. bitcoin有所謂的"密匙" (private key), 密匙由64個0-9及A-F組成, 例如BF3BD3C6228DE8044C427EB76F364D1C893088D0654FA7018D05BEE2C344886D. 每個密匙換算為一個戶口賬號 (address/account), 上述密匙就對應18TPQs83tBzuhYFTZorbUkB5zsEcKyzuju 任何人只要得到密匙就可以得到戶口內的BTC, 所以密匙是不可讓人知道的. 傳統的bitcoin客戶端會隨機產生密匙, 記在wallet.dat內. 因此得到wallet.dat就可得錢包內的錢. 錢包可以再用密碼加密, 那麼得到wallet.dat還要同時有密碼才可以拿到錢. 而所謂紙錢包或腦錢包, 就是把密匙(或生產密匙的方法)記在紙上或腦內. 所以你把上面的密匙寫下/記下, 就已經是上面那戶口的紙/腦錢包 wallet.dat 是一個普通電腦檔案, 你可以隨意複製和保管在U盤或網盤. 好處是可以很方便地用錢包內的錢, 但壞處很多: 1. wallet.dat如不用密碼加密, 錢就很易被盜; 2. wallet.dat如用密碼加密, 忘了密碼就等於永遠失去了錢; 3. 如果wallet.dat放在上網的電腦中, 而電腦又有木馬, 則有沒有密碼都會被盜; 4. 和任何電腦檔案一樣, 硬盤/U盤壞了就會失去所有錢; 5. 雖然可以作多個備份, 但每用了100個地址就必須備份一次才可保證安全, 曾經有人因不適當備份而失去數萬美元價值的BTC, 問題至今仍未好好解決, 最近也有掉錢的例子 紙錢包就是把密匙印在紙上, 一般不會加密, 所以不可讓其它人看見. 紙錢包的好處包括: 1. 備份是永久有效, 不像wallet.dat要不停更新備份; 2. 印在紙張比U盤或硬盤可靠; 3. 駭客不可能透過木馬盜取. 但主要的缺點是不方便, 使用前需要先轉為wallet.dat (或使用其它客戶端) 腦錢包基本上和紙錢包一樣, 但最大缺點是忘掉了就什麼都沒有了. 但有一個額外好處, 就是沒有任何證據可以證明你擁有這個錢包, 也不可能強搶. 想像你在戰爭中逃難, 任何電子錢包或紙錢包都有被搶的可能, 但腦錢包就不可能了. 你可以把所有BTC放在腦錢包內, 只要性命就保存, 那些BTC就永遠是你的, 逃到安全的就地就可以過新的生活. 如果有貪官大盜把錢都轉到腦錢包, 只要他有命由牢裏出來, 他就可以繼續豪華的生活. 這是人類歷史上唯一一種可以有此效用的貨幣, 任何法定貨幣, 錢行戶口, 黃金, 白銀, 鑽石都不能做到的. 當然, 一個密匙可以同時用電子錢包 (wallet.dat), 紙錢包和腦錢包保存, 最常見的做法是平時在電腦用電子錢包, 以紙錢包作備份, 便不怕壞硬盤了. |
|
|
|
A friend of mine recently sent 5 BTC to an address that was used by one of her accounts a week or so ago. That account auto changes the funding address for protection. So I am wondering the following:
Where did the 5 BTC go?
Will it come back if found to be invalid?
Are old addresses reused?
All you have to do is to ask the service provider |
|
|
|
|
I picked some small economies and found their M0.
Iceland (pop:320,060): 36,706,350,000 ISK = 290,316,525USD (13.8USD/BTC, assuming 21,000,000BTC)
Qatar (pop: 1,757,540): 44,971,500,000 QAR = 12,352,771,620USD (631USD/BTC)
Norway (pop: 5,052,800): 101,976,000,000 NOK = 18,149,076,624USD (864USD/BTC)
Hong Kong (pop: 7,103,700): 273,959,000,000HKD=35,349,477,688USD (1683USD/BTC)
|
|
|
|
Will BTC accounts be insured as well? Are there plans to try and incorporate BTC-insured accounts (meaning that BTC accounts will be insured for their equivalent fiat value)?
BTC could and should be protected in a BTC-style such as multi-sig account |
|
|
|
Here are my questions for BIP32:
Assuming all chain codes are known, if private key m/i/j is known, :
1. are every private keys under m/i/j known? (I think the answer is yes)
2. are every private keys under m/i/j+1 known? (The answer should be yes if it followed the Armory model)
3. are every private keys under m/i/j-1 known? (The answer should be no if it followed the Armory model)
4. are every private keys under m/i known?
5. are every private keys under m/i+1 known?
6. are every private keys under m/i-1 known?
7. is the m known?
Answer is yes to all of them. (Assuming that all pubkeys are also known, not only chaincodes, so in fact all extended pubkeys are known. I thought this is what you meant to ask.) Sorry, I mean private keys, not public keys |
|
|
|
|
I feel confused.
For deterministic wallets allowing generation of public keys without private keys, the chain code must be included in the watch-only wallet. Therefore, the chain code have to be kept online. In the following discussion, I assume the chain code(s) are known to the public.
In Armory, if someone knows the private key of sequence number x, he will be able to determine all private keys with sequence number > x, but not for those sequence number <x. This is guaranteed by the EC algorithm.
Here are my questions for BIP32:
Assuming all chain codes are known, if private key m/i/j is known, :
1. are every private keys under m/i/j known? (I think the answer is yes)
2. are every private keys under m/i/j+1 known? (The answer should be yes if it followed the Armory model)
3. are every private keys under m/i/j-1 known? (The answer should be no if it followed the Armory model)
4. are every private keys under m/i known?
5. are every private keys under m/i+1 known?
6. are every private keys under m/i-1 known?
7. is the m known?
|
|
|
|
this x 1000. I think newbies should start with electrum and go up from there if they need to.
And then get robbed because they don't understand the reduced security model of electrum. There is no replacement for understanding. If the OP is confident that his coins were unrecoverable perhaps he could make his wallet files (the corrupted one, and the backups) and perhaps someone can recover the coins. If you don't trust Electrum, use Armory |
|
|
|
Just to make sure I understand correctly: The blockchain could still be verified in its entirety even if no node had a copy of the transaction (the pic completely pruned from all nodes blockchain copies)?
If this is correct, I see no problem here. The attack is futile.
Yes. It can even be verified without knowing any of the transactions any block contains using the block headers alone. only right now 90% of nodes are full nodes which record every transaction. and unless you want to introduce "trust" into the protocol, every transaction needs to be publicly available, else transactions are open to double spending since you need to verify that every payment that is made to you doesn't use an input that was spent by another transaction. How about a miner putting child porn in coinbase? |
|
|
|
|
If Bob lost, he could simply double spent the 0.01BTC
|
|
|
|
|
Frankly speaking, people should not use the reference client (i.e. the "official" client) unless they fully understand what it is doing. All these kinds of bitcoin loss is fully avoidable with determilistic wallet (e.g. Armory, Electrum) with proper paper backup. I never trust an electronic backup because it may corrupt for many reasons.
|
|
|
|
Just for interest there is a full lunar eclipse at exactly 33 minutes past this current hour (in half an hour +/-) & the full moon is at 46 minutes past, exciting timing!
Oooh. That is pretty awesome timing but I'm sure it only holds true in one place. Can someone find out where that happens at the moment the blocks halve? I hope it's not off the coast of Africa in the Null Triangle (0.0.0.0).... No, it's just a penumbral eclipse http://eclipse.gsfc.nasa.gov/LEplot/LEplot2001/LE2012Nov28N.pdf |
|
|
|
sorry for my chinese
I think it's Google Translator's Chinese, not your Chinese. Don't use Google Translator if you do not know the translated language at all. The result may sound really silly. Just use English. I think all people here do have the ability to read English |
|
|
|
I will just regularly send my BTC between my own accounts. Problem solved. Recall that the purpose of money printing is to encourage or discourage spending. When the central bank wants to encourage spending, they print money leading to inflation. Inflation encourages people to turn cash into goods and physical assets. This increases spending in the short-run and stimulates the economy.
The blockchain makes it possible to execute more powerful monetary policy. Money printing is coarse because price increases occur with a time delay. The blockchain is precise and effective inflation can be achieved instantaneously.
Suppose the central bank controls 51% of hashing power and wants to achieve a stimulus equivalent to a 3% increase in inflation.
Simply demand a txn fee equal to 3% of coin-age (with age measured in years). This is just like instantaneously increasing the inflation rate by 3%. Take the fee proceeds and hand them out to banks. Voila. You have stimulated spending. Once the economy recovers, the txn fee can be lowered again. The inflation rate of every single block is completely at the bank's discretion. This is 100% impossible with the tools available today.
Now people might try and horde (the bank can't steal my coins... I'll just wait till they lower the fee and spend then). Ha, this would not work at all.
The bank has a historical record of its inflation policy and would bill these guys. The fact that you haven't paid yet won't help them. The seignorage will be deducted from their account whenever they finally decide to spend. [Could go through more details on calculating seignorage fee, but I think that is enough for now.]
It is pretty clear that the blockchain gives central banks unprecedented control over monetary policy. All they have to do is command 51% of hashing power. An absolutely negligible investment for such a well-capitalized institution.
I am kind of confused why we still operate with dollars. Central bankers should start issuing dollars and euros this way. Or they could just adopt bitcoin. It would make their lives so much simpler.
|
|
|
|
I've been monitoring BTCGuild Hall of Fame for over a month now, and it seems to me something is not right. There have been many discussions about predictability when it comes to hash required to solve block, and even though they all ended up with "proofs" that it's impossible to predict a hash, this table clearly shows different picture. Users colored in red are not even listed on top 25 fastest list, but it somehow happened they solved blocks every difficulty for 1+ month. Also check users colored in blue, (dark) green and yellow. Now, I don't really care if you think I'm wrong and start coming up with "proofs" one more time. The purpose of this post is to let developers and think-tanks realise the issue and eventualy fix the problem, which clearly points that attacker does not need 51% but noticably less hashrate share to overtake the Bitcoin network.  You simply misunderstand the statistics. The "Blocks Found" is a life-time figure. Those blocks could be found long time ago and these people may have stopped mining in BTCGuild. The only thing you should look at is the number of block found in current difficulty, which is shown in the bracket. Also, you make a mistake in filling in color for the 54578. |
|
|
|
|
I have a temporary solution. Currently the satoshi client has hard code of historical block hash (currently at about height 190000). Could we also hard code all the unspent output to the satoshi client up to a certain block height? For each output, only the transaction id, output order, script, and the block height are needed. That would be all information needed for verifying any future transactions and spending the coins (block height is needed to calculate the priority. If these unspent outputs are deep enough in the chain, the block height may be omitted as well).
Since the users can verify the hard-coded data with the blockchain, they don't really need to trust the development team. If the hard-coded data is widely distributed and independently verified by many people, normal users may simply accept it as-is.
|
|
|
|
Interesting routing issue with blocks over the last 2 hours ... 11 out of 16 said they came from the same IP in Switzerland   search before you post |
|
|
|
This is just another example of a frustrated user of a complicated system that leaves in disgust because of his inability to use it properly. This isn’t the fault of the user it’s the fault of the training program.
The one major difference I can see between open source systems and centrally controlled closed systems is the control of the information and user support. Both types of systems can deliver excellent quality but open source lacks a central point of instruction and authority over training for new users. This needs to change.
This ignores the root cause of the problem. It is not the user or lack of training. It is Microsoft Windows which is a propriety operating system. It is even unclear if the Yubikey (apparently incorrectly used) or the backup wallet was compromised. The reality here is that many new users will loose their bitcoins if they use Microsoft Windows as their Operating System. Two factor authentication can help but as this case sadly demonstrates it is not foolproof. At a very fundamental level a propriety operating system with over 90% market share worldwide is incompatible with bitcoin as the security of bitcoin is ultimately predicated on each individual user having complete control over their computing experience while propriety software is about the exact opposite. Be it Apple's walled garden or Microsoft's centralized control over people's computers the direction that propriety software has taken is very much about centralized control. For example with the recently released Windows 8 RT. Microsoft has complete control over which software is installed on a particular computer or device. Centralizing control over the training of new bitcoin users in order to accommodate Microsoft or Apple is simply not the answer. I use Windows and bitcoin without any problem. All of my coins are under cold storage and my mtgox account is secured by 2-factor authenication. There is noting wrong to use propriety OS. Linux looks safer simply because less people use it and it's not efficient to hack it for stealing coins. If a Linux user misuses the system (downloading warez or storing unencrypted wallet improperly), their coins will get stolen some day. By they way, I don't think mtgox and bitcoinica are running on Windows but both got hacked Yes one can secure Microsoft Windows, but it takes considerable effort and technical expertise. The average consumer's Microsoft Windows computer is more often than not infected with all sorts of rootkits and malware. It is far simpler in these situations to simply ditch Windows and use GNU/Linux. Cold storage can also provide a false sense of security because the moment one needs to move coins then one is exposed. GNU/Linux is way safer that Microsoft Windows when it comes to malware. There are many reasons that come down to the design of the OS, (it was designed form the ground up as a multi user OS, Windows was not), and the culture, (most GNU/Linux users download their software from trusted repositories, do not run as root, and have no motivation at all to download warez even if warez that actually runs natively on GNU/Linux even exists!). The entire Free Software / Open Source model of software development is far more secure since there is no opportunity for "security by obscurity". The latter is very popular with propriety software vendors. DRM for example is entirely based on security by obscurity. There is a lot wrong with using a propriety OS with bitcoin, particularly one that has over 90% market share since that creates a massive single point of failure for a very large portion of the bitcoin network. If a Microsoft Windows related attack were to hit the bitcoin network, bitcoin's chance of survival will likely rest with those of us who have chosen to run bitcoin nodes and mining on GNU/Linux. As for the MTGox and Bitcoinica hacks we are talking about servers being compromised because of less than optimal security procedures of the server administrators. This has nothing to do with the issue at hand here, namely malware on consumer computers. I don't think you really know how cold storage like Armory or Electrum works. The private will never expose to the internet. If mtgox or bitcoinica running on *inx could be hacked, your desktop computer with linux could be hacked too, if you have less than optimal security procedures. As I said, there is less malware on Linux just because there is lack of enough incentive to do it. |
|
|
|
|
It seems that my question was not answered. At least I would like to know why it does not work.
I have modified my proposed scheme. A script could be constructed like this:
1. At any time, the coin can be spent by satisfying condition A (e.g. signatures from X and Y)
2. If block height >= n, the coin can be spent by satisfying condition A OR condition B (e.g. signature from Z)
Therefore, the condition A permanently valid. The condition B is always invalid before block height = n, and permanently true after. It is equivalent to an nLockTime tx, signed by condition A, and send to an output for condition B.
It is better than using nLockTime because the user can deposit to the script hash at any time, without the need of sending nLockTime transaction back-and-forth and storing them.
|
|
|
|
|
Show Posts
