I have long argued that bitcoin mining not only uses a completely inconsequential amount of electricity in the wider scheme of things, but also uses a much higher proportion of renewable electricity than almost any other sector and is actively beneficial in the development of new renewable infrastructure.

But, here's my question to you as a biological scientist about your proposal: What is stopping the development and building of these bio-degradation plants right now? If they can reduce waste while producing usable energy or electricity which can be sold at a profit, then why do we not have more of them already? Why would sticking a bitcoin mining operation on the side make any difference?

There are multiple ways to make an educated guess, but there are usually no ways to say definitively which output is change.

The most common is by looking at the address type. Most wallets send change back to the same address type as the outputs. So if I spend from a legacy address, the change will be sent back to a legacy address. If the other output is to a segwit address, then you can make an educated guess that the legacy output is the change. The next most common technique is looking at the value, as hosseinimr93 has said above. Payment amounts are more commonly a round value, say 0.001 BTC, while change amounts are more commonly made up of whatever is left over and so are not a round value, such as 0.0012918 BTC.

There are other more advanced techniques, such as looking for unnecessary inputs, looking at how the suspected change is later spent/consolidated, or looking at the some of the specifics of the transaction such as the sequence, locktime, or fee rate.

However, not only can you avoid all these things if you know what you are doing, but you can actively use them to specifically make your payment look like change and your change look like a payment.

And yet, this still does not solve any of the other issues. How do we know the encryption is secure when you keep it closed source? How do we know that when the time limit is up, even if everything is done offline, the user isn't instead shown a message from you asking for a ransom payment before decrypting their back up? How do you address the multiple points of failure?

Sure, but they rely heavily on the fact that most users (and probably almost all users who are using a closed source wallet owned by Binance) will be unaware of the difference between a library being open source and the app being open source. Lots of similar statements on their Twitter account not clearly making the distinction, such as:
https://nitter.it/TrustWallet/status/1271248054755229697#m
https://nitter.it/TrustWallet/status/1104686959304368128#m

They also lie about it on Binance:

I just wouldn't use this method at all. If you are worried about your seed phrase being lost or burnt in a fire, then you should be twice as worried about your book being lost or burnt in a fire. It is trivial to make an additional copy of your seed phrase to store somewhere else (and indeed, having more than one back up should be seen as mandatory). How many people on the other hand have multiple identical copies of the same book, same edition, same print, etc.

There is literally no advantage to this set up when compared to using multi-sig or a passphrase, or just plain old encryption.

Importing a private key in to a hardware wallet defeats the purpose of the hardware wallet in the first place, since it cannot guarantee that the private key was created securely and has remained permanently offline. For the same reason you should not import seed phrases created elsewhere in to a hardware wallet. The hardware wallet should be used as a standalone device to create its own wallets, and interact only with those wallets.

As I think I said to you in another thread, you should download and verify version 4.1.5 of Electrum from this link (https://download.electrum.org/4.1.5/), which works on Windows 7, to use on your offline computer. Use it to sign a transaction which sends all the coins from your offline wallet to a fresh address on your new hardware wallet.

Your math is wrong.

You have odds of 6/55 when drawing the first number only. Since the numbers drawn are not returned to the pool and cannot be drawn a second time, then after you have drawn the first number there are no longer 6 possibilities you can choose, but 5. Similarly, there are not 55 balls to choose from, but 54. So the odds for the second ball are not 6/55, but 5/54. The same logic applies for all future balls. So instead of (6/55)⁶, the actual equation will be (6/55)*(5/54)*(4/53)*(3/52)*(2/51)*(1/50). So the odds are ~1 in 29 million.

See my earlier post in this thread for a full explanation: https://bitcointalk.org/index.php?topic=5415646.msg61047255#msg61047255

The last paragraph of the image you have shared sums it up nicely. If we were seeing 433 winners on a truly random selection of balls, then that would be evidence of something gone wrong or some foul play. But we are not seeing that. Instead, we are seeing 433 winners on a very obvious pattern which has been selected more than average simply by virtue of it being a very obvious pattern.

I don't agree with their argument at all. It is easy to create a malicious clone without access to the source code, simply by copying the GUI which is easily visible. You can copy the back end from an old version and just add a few lines of code to send any seed phrase, generated or entered, to yourself over the internet. It doesn't matter if your malicious clone doesn't have all the functionality of the real thing - by the time this is discovered it is already too late for the victim.

They claim it here:
https://trustwallet.com/developer/
https://github.com/trustwallet/wallet-core

They are outright lying.

Sure, but you still need to keep it safe with no guarantees you could ever find a replacement.

Low, but not zero. It is completely centralized and owned and operated by Microsoft, who could simply decide to discontinue their support for it at any time.

Here you go:
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed
https://wiki.trezor.io/Passphrase

It's not just unnecessarily complicated, but also drastically increase your risk of loss.

The Bible is probably one of the worst possible choices, actually. There are literally hundreds of different versions, with each version having dozens of editions, and even the same edition of the same version being different due to having multiple publishers and/or printers. Even something as simple as line spacing being slightly different or page size being slightly different and your page/line/word schematic is rendered completely useless and your coins completely inaccessible.

The example I gave of Bread wallet is absolutely software which runs on your own device. Another example would maybe be Schildbach's bitcoin wallet, which does not use seed phrases but its own unique encrypted back ups which can only be recovered using the same software.

The point here is that Bread wallet didn't tell its users what derivation path was being used. Many wrongly assumed it was the standard BIP 44/49/84 paths, but because they never tested their recovery using independent software (as we are advocating here), they never found out they were wrong until they couldn't access their coins.

Not only are plenty of people still using non-standard formats, but there are plenty more still in development, such as Block's new hardware device, which will not use seed phrases and be completely dependent on Block for recovery.

This line of thinking is a fallacy.

It's like saying "I've been driving without a seatbelt or an airbag for a year, and I'm still alive, so doing this is perfectly safe and seatbelts and airbags are unnecessary." This is obviously nonsense. While you hope to never be in a crash, you should obviously take reasonable precautions to protect yourself just in case. And while you hope your coins are never lost or stolen, you should obviously take reasonable precautions to protect yourself just in case. And these precautions include not using a closed source wallet which could be doing absolutely anything behind the scenes.

Everyone who has lost coins via an exchange being hacked or a platform going bankrupt thought those platforms were very safe right up to the minute they weren't. Everyone who was trading on Mt Gox thought they were highly reputable until they lost everything. Everyone with coins in Celsius thought everything was fine until their accounts were frozen. And everyone who uses a closed source wallet will be happy with it right up until some vulnerability is discovered and they lose everything.

If you have 16 random characters from the full set of 95 printable ASCII characters, then you have 95¹⁶ possibilities, which comes out to a little over 105 bits of entropy. The bitcoin network currently has a hashrate of around 250 EH/s. Given that each of those is two SHA256s, then that means it would take the entire bitcoin network around 2,800 years at current rates to perform 2¹⁰⁵ hashes. So your password is quite safe against random brute forcing.

But, as Loyce correctly points out, if someone has managed to steal your wallet.dat file from your computer, then your entire set up is now compromised either physically or electronically, and a secure password is no guarantee of safety.

With the first solution (book), you are now reliant on hiding an entire book rather just a single piece of paper. If you lose your copy of the book, there is no guarantee you would find the exact same edition again and your coins will be lost. So that's a more difficult back up process and a single point of failure.

With the second solution (Github), you are now reliant on a third party to continue hosting your repo. If your account is banned, or their servers fail, or they shut down, etc., then your coins will be lost. So again, a more difficult process and a single point of failure.

In short, this is unnecessarily complicated and significantly increases the risk of you losing access to your wallets. If you want a set up in which your seed phrase can be compromised without resulting in immediate loss of your funds, then you would be far better off using a standardized method which does not have a single point of failure, such as either an additional passphrase or a multi-sig set up.

Trust wallet is not open source.

Here is their blog post announcing they are becoming closed source about 4.5 years ago: https://trustwallet.medium.com/why-open-sourcing-android-app-could-be-a-harm-to-the-crypto-community-fb3ae1707dc6

Here are the links to their Github repositories which show they are both archived and have had no updates in 4 years:
https://github.com/trustwallet/trust-wallet-android-source
https://github.com/trustwallet/trust-wallet-ios

They outright lie on their website when they claim to be open source. If being closed source isn't enough to convince you to stay away, then them outright lying to you should be. They are also owned and operated by Binance, so you can guarantee you will have absolutely zero privacy when using Trust wallet.

Avoid it.

Not only is it not statistical impossible at all, but it is perfectly understandable and entirely expected. The very fact that we have a thread created about these numbers because they conform to some specific "pattern", is proof enough that humans see this pattern as unique or special. Because of this, more people will choose these numbers. Just like numbers under 31 are chosen more frequently because of birthdays, or the number 13 is chosen less frequently because of superstition. If the numbers 1, 2, 3, 4, 5, 6 were drawn, which are statistically just as likely as any other six numbers to be drawn, you would find thousands of winners simply because this is a pattern which holds meaning for us.

The same can be seen in bitcoin private keys. Your private key should be generated randomly, and you should avoid picking any obvious pattern, but despite that we know that keys such as 101010....101010 which generates the address 12Zuey14JDyFSeNVqLKNqb6gfSWos7iTj4 have been used multiple times.

I mean the website you are using to pull the time from. If that website no longer exists, then your product no longer functions. That's a single point of failure and requires complete trust in a third party.

So again you are admitting a single point of failure.

And how do the people with keys locked in the current version using a defunct website overcome this issue? And again, here is another single point of failure - you updating the code.

This is incorrect. I have multiple cold wallets which I spend from without them ever touching the internet. That's the whole point of a cold wallet.

It would be trivial for you to set up a bot which automatically sweeps any coins in a second or two, far quicker than any normal user would be able to spend their coins.

Again, I wouldn't touch this ever. 100% trust based and multiple points of failure. And you are charging $12 for something anyone can do themselves 100% trustless, for free, via timelocked transactions?

Encrypted how? With what algorithm?
Which website? How can you be sure it won't be offline? If it is offline, are the keys permanently inaccessible?
How can we be sure the program doesn't send off the encrypted file when it accesses the internet, and how can we be sure you don't know the encryption key it is using and can steal the funds?

This is entirely based on trust, and has multiple completely unnecessary points of failure. There is zero benefit over a timelocked transaction. I wouldn't touch it.

That's it exactly. It is easy to look back on events which have already happened and say "Look how unlikely this is! There is no way it could have been chance!", but doing so is a complete fallacy. Although any one combination of numbers has a ~1 in 29 million chance of appearing, it is certain that some combination of numbers will appear.

Here's another stark example. How likely do you think you are of experiencing an event with the odds of 1 in 115 thousand trillion trillion trillion trillion trillion trillion? It would never happen, right? Not before the death of the universe would we ever see an event with such a vanishingly small probability of occurring. And yet, these are exactly the odds you overcome every single time you generate a new bitcoin address.

Correct. Although perhaps an easier way of thinking about it is that given there is only ever one checksum which will fit the given entropy, and for a 24 word seed the last word contains 3 bits of entropy (11 bits of data minus 8 bits of checksum), then since 2³ = 8, there are 8 possible words. For a 12 word seed the last word contains 7 bits of entropy (11 bits of data minus 4 bits of checksum), and 2⁷ = 128 possible words.

But now you are assuming additional knowledge, such as that an attacker knows which addresses are derived from the same seed phrase, that there is no passphrase in use, and what the derivation path being used is. Don't forget as well that as I said above, turning a valid seed phrase in to an address to check for funds is computationally expensive, and so brute forcing x number of seed phrases takes significantly more computing power and time than brute forcing the same number of individual private keys, even more so if for each seed phrase you want to start checking additional derivation paths.

You can quite easily work out the odds of this happening.

This lottery is drawn from 55 numbers. Within those 55 numbers, there are 6 which are divisible by 9. Given this, all 6 must be picked, but the order is irrelevant, so the odds are just the same as picking any combination of 6 numbers.

For the first number, there are 6 possibilities out of 55, so 6/55. For the second number, you've already drawn one number, so there are 5 more you can draw out of 54, so 5/54. For the third number, 4/53. And so on. (6/55)*(5/54)*(4/53)*...

This can be simplified to the combination equation, where n is the total numbers which can be drawn (55) and k is the number we need to draw (6):

n! / k!(n-k)!
= 55! / 6!(55-6)!
= 55! / 6!*49!
= 28,989,675

So there is a ~1 in 29 million chance of drawing these 6 numbers, same as there is a ~1 in 29 million chance of drawing any 6 numbers.