As pooya says, a complex derivation path does not help you in the scenario that someone steals your wallet file. It may help you in the scenario that someone steals your seed phrase back up, if your derivation path is long and complex enough to be difficult for an attacker to find. However, any derivation path which is long and complex enough to be difficult must also be backed up on paper separately. And if you are going to need to back up something separately, why not do something standard and easy to recover from such as an additional passphrase or multi-sig, rather than something nonstandard and which much software will not support?

Honestly, this whole thing just keeps getting worse and worse.

https://www.cnbc.com/2022/09/23/celsius-has-a-hail-mary-bankruptcy-plan-turn-its-debt-into-a-new-cryptocurrency-.html

Excel. They were running their entire business using an Excel spreadsheet, which was being manually updated. Billions of dollars worth of assets, and all their acquisitions, sales, and loans being tracked by a person entering the figures by hand in to Excel. Unbelievable.

And now they plan to release a new token to compensate their users, and let the "market determine its value". A new scam built on top of a previous scam built upon a company ran by grade schoolers, apparently.

Is it, though? What attack, which is able to physically obtain your phone, crack/hack/shoulder surf/$5 wrench/malware/or otherwise obtain your phone unlock password/PIN/code, and similarly obtain your wallet unlock code, would be reliably prevented by forcing it to also obtain the code for your 2FA app? If you've been so compromised on the first three points, then the fourth point is pretty much moot.

This is why I use 2FA frequently on a lot of things, but not on my mobile hot wallet. I don't see it adding any meaningful security.

Maybe. 20 years ago most people wouldn't have had an always on device in their pocket, let alone an always on device with constant internet access. Think of all the new always on and always connected devices people have now, from phones to smart fridges to Amazon Echos to video doorbells. Is a node that big a leap? And even if it is, then people can still use mobile Lightning wallets which will use a third party back end and let the end user use Lightning extremely easily.

Having no new coins entering circulation will just make it even more obvious what absolute nonsense taint is, since every coin will have enough history to be able to be classed as tainted by almost any metric.

And compared to using a single dictionary word password, using two dictionary words is technically an improvement. And compared to using a 3 word seed phrase, using 6 words is technically an improvement. But that still doesn't mean that these examples are secure, worth using, or should be recommended.

It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly.

I use a hot wallet on my phone almost daily. I do not use 2FA on it because there is no point. Since I'm not going to carry a separate device with me solely for this purpose, then any 2FA will involve the same phone the wallet is on. If an attacker is able to steal my phone, unlock it, and unlock my wallet file, then I am beyond compromised and a 2FA code from the same phone achieves nothing.

The KPMG report is now available for viewing here: https://www.reddit.com/r/bsv/comments/xlilzv/fresh_from_oslo_kpmg_report_into_craig_wrights/

And a thread briefly discussing just a few of the issues here: https://nitter.it/wizsecurity/status/1573295840248172545

My personal favorite is where the ">" symbol is changed to a "<" symbol in a different font, not only making the forgery completely obvious, but also making the equations in the whitepaper incorrect and meaningless. The true work of Satoshi. Lol.

Having been following the recent trial closely, I also noticed you being banned from Reddit and flagged it up my post here: https://bitcointalk.org/index.php?topic=5413844.msg60972559#msg60972559

I'll reiterate what I said there: Reddit is a trash platform.

I am generally in support of all efforts to show CSW up for the fraudster he is. Two thoughts come to mind immediately when considering a sub-board. Firstly, it should be as a sub-board under Scams or Reputation, not under Bitcoin Discussion or any of the bitcoin centric boards. In my mind, doing the latter lends credibility to BSV. Secondly, moderation. This forum in general has a long history of not banning trolls or deleting even provably wrong information. I am not in favor of DaveF's suggestion above of just silencing the other side, as in doing so pushes us more towards the type of mob-rule echo chamber that is part of the reason Reddit is so bad. But on the other hand, without a stricter moderation policy than that which is applied in the rest of the forum, the board would I'm sure rapidly become overrun with BSV shills and trolls. It would require a carefully considered approach.

Yeah, it seems from Bitcoin Magazine's latest video that the result may well come before then, and the judge said she would give a one day notice period to both parties before the judgement is published. Still disappointing that they haven't released the raw footage that they have from the last few days but have just made a bunch of videos of them talking about it. We want to see CSW's fails in person please!

Also, it may be that it is possible to request that the KPMG report full of CSW's forgeries be released to the public: https://nitter.it/Arthur_van_Pelt/status/1572272323381559298#m. Wouldn't that be fun.

Trial is finished. Apparently the judge has set a date of November 8th for a decision (!), so we are going to be waiting ~7 weeks to find out the outcome of the case.

Costs are being submitted within 2 weeks, so there is still time to donate to Hodlonaut's legal fees or to help fund future cases against CSW: https://opensats.org/projects/opensats_legal_defense

Warp your centralized coin in to a centralized token owned and controlled by Coinbase? Sounds great!

Also, that is not the same thing is unstaking your Eth. You cannot unstake your Eth. You can only receive a wrapped centralized token from Coinbase in return.

This is fundamentally different from PoW where your hashrate can be pointed at any pool you like at any time, or mine solo, or turned off, etc. If a mining pool does something shady, the miners react and move their hashrate elsewhere. If an Ethereum staker does something shady, the users cannot do anything.

You are aware it is literally impossible to unstake Eth at the moment? Once it is staked, it is staked for potentially a year or more until the Ethereum devs implement some future upgrade to allow people to actually unstake it or stake it with a different entity. If Coinbase decide to go rogue with their staked share, there is nothing the individual users can do about it. They can't unstake, they can't withdraw, they can't switch, anything. (Although I'm sure in such a scenario a small number of devs will publish some code to make sure things continue in the way they want them to, just like when ETH and ETC split. Decentralized, just as long as you do what you are told. Lol.)

On the other hand, bitcoin miners mining in a pool have absolutely nothing tying them to that pool, and can switch to a different pool at any time with a moment's notice. Imagine if ASICs were produced which could only mine on a single pool, could never be changed to a different pool, and couldn't even be switched off. This is the current situation with Eth PoS.

So Hodlonaut's team have now finished their closing statement, and CSW's team is giving theirs. Some absolute howlers coming out of CSW's team today:

You don't say!?

Expects the court to believe there is no link at all between CSW And Calvin Ayre in relation to doxing individuals? Lol. I'll just leave this here: https://nitter.it/CalvinAyre/status/1115913884823707649

---

Today is the last day. I'm not sure if we will get a judgement today, or if the judge will take some time to deliberate first. Anyone know?

Using a permanently airgapped computer, formatted, with a clean install of a reputable open source Linux distro as the OS, with a verified copy of Bitcoin Core installed, and using Core to generate entropy.
Using a reputable open source hardware wallet with a good source of entropy.
Using something like this to convert fair coin flips in to a seed phrase, again on a permanently airgapped computer with a clean Linux OS.

There will be wallet software which does all this for you in the background. Just as the average Joe doesn't need to know how to actually create or sign a transaction, or how to use change addresses, or how their private keys are derived, they also don't need to know how to actually open and close a Lightning channel. Their wallet will handle all this for them, and they will just spend freely and receive freely to the same channel without being aware of what is going on in the background.

Hence my comment about multi-user channels. If you could open a channel which includes 20 users, they can all pay $2 which is fine for the user, but the miner earns $40 for that channel being opened.

I don't think we necessarily need the same security as we have now. Bitcoin's hashrate has been on a more-or-less steady upward climb since day 1. It wasn't 51% attacked when the price was 3x what it is now with half the current hashrate, and it wasn't 51% attacked when the price was the same is it now but with double the block subsidy and only a tiny 5% of the current hashrate. It's about making sure the fees ensure the network is secure enough, not that the hashrate continues to increase forever more.

Then we need more adoption and more use as a currency!

I disagree. With this definition, then any mobile wallet is already using 2FA, since you must first unlock the phone with one PIN/password, and then unlock the wallet app with a second PIN/password. I would not call this two factors, just as I don't call my encrypted wallet files stored on a hard disk which is also encrypted two factors, despite needing two different decryption keys to access the wallets.

2FA isn't just two different passwords. In it's most basic form, it should be something you know (a password or login) and something you have (ideally a hardware key, but more usually a software key in the form of a TOTP from another electronic device, usually a phone). These must be separate or they aren't two factors; they are just a more complex single factor. Of course more passwords and more layers will add security, but it will never be two factors as long as all those layers are on the same device.

If an attacker can both physically access your phone and has been able to hack/crack/steal/observe or otherwise gain knowledge of one password, then it is highly likely your second password is also at high risk of compromise. hence the reason the two factors must be separate or they aren't two factors at all.

Theoretically; yes, it is possible. Practically; no, it will never happen. If every single one of the 8 billion people on the planet created a brand new wallet every second without interruption for the next one million years, they would only have generated 0.00000000000007% of all possible 12 word seed phrases.

The number of possible seed phrases or master private keys is orders of magnitude higher than other things we all take for granted, such as the number of possible credit card numbers.

This is more nuanced and is dependent on how the multi-sig wallet is set up, but to get the crux of your question, the answer is essentially the same as above. It is theoretically possible that someone could find a single private key which hashes to the right output or a simple script which hashes to the right output to let them spend the funds in a multi-sig address, but the chance of that happening is so infinitesimally small as to be completely negligible.

Not sure where you are getting this number from? Even if we say that bitcoin goes to $1 million, and you can open a Lightning channel in a transaction of a few hundred vbytes in size, then with a fee rate of 1 sat/vbyte you are looking at $2-3 to open a channel. Even if we go up an entire order of magnitude say it's going to cost you $30 to open a channel, if I then use that channel to make a few hundred transactions over a period of months, then it is overall it is still cheaper than had I made all the transactions individually.

You can always rebalance channels, and there are new developments such as channel factories and Eltoo which allow multi-user channels. With enough global adoption of bitcoin, there will be enough volume on the base layer simply from opening and closing Lightning channels (or some other layer two mechanism) to maintain the security of the network.

It may be that a further block size increase is needed in the future, but we are nowhere near that stage yet.

Looks like bitnorbert agrees with my statement above about CSW's team failing by calling experts who agree with Hodlonaut:

Obviously I'm only reading things through the filter of Twitter here, but it does seem like this should go in favor of Hodlonaut.

---

In other news, BSV shills have succeeded in getting Greg Maxwell banned from Reddit for posting some of CSW's lies and forgeries from the trial: https://www.reddit.com/r/Bitcoin/comments/xi8f1q/is_nullc_banned_from_reddit/

Reddit is such a trash platform.

The world has abundant energy. Covering just 1% of the area of just the Sahara desert with solar panels which we can manufacture today would generate enough energy to meet the needs of the entire world. Note that is energy, not just electricity. Enough energy to completely replace coal, oil, natural gas, etc. It could be done with a one off cost of around $5 trillion. That's less than the increase in the Fed's balance sheet over the last 3 years. That's less than what has been spent on bailing out banks around the world over the last decade.

There is no lack of energy resources. There is a lack of a will to spend money harnessing it, because our politicians are bought out by oil companies, banks, military industrial complex, and others, who are busy funneling the money in to their own pockets instead.

This is an absolutely moronic statement. If all PoW mining stopped today, global electricity usage would drop by a fraction of one percent. By next month, that saved fraction would already have been used up and more by the general growth and expansion of global electricity usage from other sectors which is continually happening. Banning PoW is completely inconsequential to global electricity use.