As pooya says, a complex derivation path does not help you in the scenario that someone steals your wallet file. It may help you in the scenario that someone steals your seed phrase back up, if your derivation path is long and complex enough to be difficult for an attacker to find. However, any derivation path which is long and complex enough to be difficult must also be backed up on paper separately. And if you are going to need to back up something separately, why not do something standard and easy to recover from such as an additional passphrase or multi-sig, rather than something nonstandard and which much software will not support?
|
|
|
Honestly, this whole thing just keeps getting worse and worse. https://www.cnbc.com/2022/09/23/celsius-has-a-hail-mary-bankruptcy-plan-turn-its-debt-into-a-new-cryptocurrency-.htmlExcel. They were running their entire business using an Excel spreadsheet, which was being manually updated. Billions of dollars worth of assets, and all their acquisitions, sales, and loans being tracked by a person entering the figures by hand in to Excel. Unbelievable. And now they plan to release a new token to compensate their users, and let the "market determine its value". A new scam built on top of a previous scam built upon a company ran by grade schoolers, apparently.
|
|
|
I mean, in the scenario I'm talking about, it's relatively easy to think up (realistic) attacks that would be prevented by single-device 2FA. Is it, though? What attack, which is able to physically obtain your phone, crack/hack/shoulder surf/$5 wrench/malware/or otherwise obtain your phone unlock password/PIN/code, and similarly obtain your wallet unlock code, would be reliably prevented by forcing it to also obtain the code for your 2FA app? If you've been so compromised on the first three points, then the fourth point is pretty much moot. This is why I use 2FA frequently on a lot of things, but not on my mobile hot wallet. I don't see it adding any meaningful security.
|
|
|
I don't bet the average Joe will do the former. Maybe. 20 years ago most people wouldn't have had an always on device in their pocket, let alone an always on device with constant internet access. Think of all the new always on and always connected devices people have now, from phones to smart fridges to Amazon Echos to video doorbells. Is a node that big a leap? And even if it is, then people can still use mobile Lightning wallets which will use a third party back end and let the end user use Lightning extremely easily. -snip- Having no new coins entering circulation will just make it even more obvious what absolute nonsense taint is, since every coin will have enough history to be able to be classed as tainted by almost any metric.
|
|
|
Like I said previously, compared to no 2FA at all, weak 2FA is technically an improvement. And compared to using a single dictionary word password, using two dictionary words is technically an improvement. And compared to using a 3 word seed phrase, using 6 words is technically an improvement. But that still doesn't mean that these examples are secure, worth using, or should be recommended. It is so incredibly easy to use 2FA properly, that there really is no excuse for doing it badly. 2FA on the same device is still a normal way to secure your hot wallet because it's the wallet that is frequently used. I use a hot wallet on my phone almost daily. I do not use 2FA on it because there is no point. Since I'm not going to carry a separate device with me solely for this purpose, then any 2FA will involve the same phone the wallet is on. If an attacker is able to steal my phone, unlock it, and unlock my wallet file, then I am beyond compromised and a 2FA code from the same phone achieves nothing.
|
|
|
Having been following the recent trial closely, I also noticed you being banned from Reddit and flagged it up my post here: https://bitcointalk.org/index.php?topic=5413844.msg60972559#msg60972559I'll reiterate what I said there: Reddit is a trash platform. I am generally in support of all efforts to show CSW up for the fraudster he is. Two thoughts come to mind immediately when considering a sub-board. Firstly, it should be as a sub-board under Scams or Reputation, not under Bitcoin Discussion or any of the bitcoin centric boards. In my mind, doing the latter lends credibility to BSV. Secondly, moderation. This forum in general has a long history of not banning trolls or deleting even provably wrong information. I am not in favor of DaveF's suggestion above of just silencing the other side, as in doing so pushes us more towards the type of mob-rule echo chamber that is part of the reason Reddit is so bad. But on the other hand, without a stricter moderation policy than that which is applied in the rest of the forum, the board would I'm sure rapidly become overrun with BSV shills and trolls. It would require a carefully considered approach.
|
|
|
Even more, the Nov 8 may be the "upper limit" and the result may come earlier. I hope so. Yeah, it seems from Bitcoin Magazine's latest video that the result may well come before then, and the judge said she would give a one day notice period to both parties before the judgement is published. Still disappointing that they haven't released the raw footage that they have from the last few days but have just made a bunch of videos of them talking about it. We want to see CSW's fails in person please! Also, it may be that it is possible to request that the KPMG report full of CSW's forgeries be released to the public: https://nitter.it/Arthur_van_Pelt/status/1572272323381559298#m. Wouldn't that be fun.
|
|
|
Trial is finished. Apparently the judge has set a date of November 8th for a decision (!), so we are going to be waiting ~7 weeks to find out the outcome of the case. Costs are being submitted within 2 weeks, so there is still time to donate to Hodlonaut's legal fees or to help fund future cases against CSW: https://opensats.org/projects/opensats_legal_defense
|
|
|
-snip- Warp your centralized coin in to a centralized token owned and controlled by Coinbase? Sounds great! Also, that is not the same thing is unstaking your Eth. You cannot unstake your Eth. You can only receive a wrapped centralized token from Coinbase in return. This is fundamentally different from PoW where your hashrate can be pointed at any pool you like at any time, or mine solo, or turned off, etc. If a mining pool does something shady, the miners react and move their hashrate elsewhere. If an Ethereum staker does something shady, the users cannot do anything.
|
|
|
You are aware it is literally impossible to unstake Eth at the moment? Once it is staked, it is staked for potentially a year or more until the Ethereum devs implement some future upgrade to allow people to actually unstake it or stake it with a different entity. If Coinbase decide to go rogue with their staked share, there is nothing the individual users can do about it. They can't unstake, they can't withdraw, they can't switch, anything. (Although I'm sure in such a scenario a small number of devs will publish some code to make sure things continue in the way they want them to, just like when ETH and ETC split. Decentralized, just as long as you do what you are told. Lol.)
On the other hand, bitcoin miners mining in a pool have absolutely nothing tying them to that pool, and can switch to a different pool at any time with a moment's notice. Imagine if ASICs were produced which could only mine on a single pool, could never be changed to a different pool, and couldn't even be switched off. This is the current situation with Eth PoS.
|
|
|
So Hodlonaut's team have now finished their closing statement, and CSW's team is giving theirs. Some absolute howlers coming out of CSW's team today: Lawyer switch. Starts out by talking about how you can't just claim things without evidence. You don't say!? Says Wright had nothing to do with the doxing of @hodlonaut, it was Calvin Ayre who did that, with no relation to Wright whatsoever. Expects the court to believe there is no link at all between CSW And Calvin Ayre in relation to doxing individuals? Lol. I'll just leave this here: https://nitter.it/CalvinAyre/status/1115913884823707649
Today is the last day. I'm not sure if we will get a judgement today, or if the judge will take some time to deliberate first. Anyone know?
|
|
|
Are there some more ways of generating good entropies? Using a permanently airgapped computer, formatted, with a clean install of a reputable open source Linux distro as the OS, with a verified copy of Bitcoin Core installed, and using Core to generate entropy. Using a reputable open source hardware wallet with a good source of entropy. Using something like this to convert fair coin flips in to a seed phrase, again on a permanently airgapped computer with a clean Linux OS.
|
|
|
The moment the average Joe has to do this and that and look at that and this and be sure to balance a lot of things he normally doesn't give a damn about it's the moment the average Joe will say fy this shit ain't for me! There will be wallet software which does all this for you in the background. Just as the average Joe doesn't need to know how to actually create or sign a transaction, or how to use change addresses, or how their private keys are derived, they also don't need to know how to actually open and close a Lightning channel. Their wallet will handle all this for them, and they will just spend freely and receive freely to the same channel without being aware of what is going on in the background.
|
|
|
If you pay 2$ for opening a channel and we balance the block perfectly and we forget about closing the channel completely you will still only be able to cram in only $8000 worth of fees, so yeah, for you it will definitely work but the miners will have to deal with a reward of just $8000. Hence my comment about multi-user channels. If you could open a channel which includes 20 users, they can all pay $2 which is fine for the user, but the miner earns $40 for that channel being opened. Two different things, how much is one user willing to pay on tx, and how much is required in fees to keep at least the same level of security as now! I don't think we necessarily need the same security as we have now. Bitcoin's hashrate has been on a more-or-less steady upward climb since day 1. It wasn't 51% attacked when the price was 3x what it is now with half the current hashrate, and it wasn't 51% attacked when the price was the same is it now but with double the block subsidy and only a tiny 5% of the current hashrate. It's about making sure the fees ensure the network is secure enough, not that the hashrate continues to increase forever more. More concerning it that we're nowhere near having full blocks actually as on-chain transactions are going down rather than up for the last few years. Then we need more adoption and more use as a currency!
|
|
|
Two-factor authentication is about different forms of identification, not necessarily about different types of devices: I can use my fingerprint as a first factor and a strong password as a second factor. I disagree. With this definition, then any mobile wallet is already using 2FA, since you must first unlock the phone with one PIN/password, and then unlock the wallet app with a second PIN/password. I would not call this two factors, just as I don't call my encrypted wallet files stored on a hard disk which is also encrypted two factors, despite needing two different decryption keys to access the wallets. 2FA isn't just two different passwords. In it's most basic form, it should be something you know (a password or login) and something you have (ideally a hardware key, but more usually a software key in the form of a TOTP from another electronic device, usually a phone). These must be separate or they aren't two factors; they are just a more complex single factor. Of course more passwords and more layers will add security, but it will never be two factors as long as all those layers are on the same device. If an attacker can both physically access your phone and has been able to hack/crack/steal/observe or otherwise gain knowledge of one password, then it is highly likely your second password is also at high risk of compromise. hence the reason the two factors must be separate or they aren't two factors at all.
|
|
|
1. is it possible that a 24-word seed + passphrase ends up generating the same xprv(root private key) as another 24-word seed or 12-word seed does(even without a passphrase)? Theoretically; yes, it is possible. Practically; no, it will never happen. If every single one of the 8 billion people on the planet created a brand new wallet every second without interruption for the next one million years, they would only have generated 0.00000000000007% of all possible 12 word seed phrases. The number of possible seed phrases or master private keys is orders of magnitude higher than other things we all take for granted, such as the number of possible credit card numbers. 2. likewise, is it possible that a single-sig wallet has the same xprv(root private key) as a multi-sig wallet does? This is more nuanced and is dependent on how the multi-sig wallet is set up, but to get the crux of your question, the answer is essentially the same as above. It is theoretically possible that someone could find a single private key which hashes to the right output or a simple script which hashes to the right output to let them spend the funds in a multi-sig address, but the chance of that happening is so infinitesimally small as to be completely negligible.
|
|
|
But you will still need to pay on average 1$ for each coffee purchase to conitribute enough to the network. Not sure where you are getting this number from? Even if we say that bitcoin goes to $1 million, and you can open a Lightning channel in a transaction of a few hundred vbytes in size, then with a fee rate of 1 sat/vbyte you are looking at $2-3 to open a channel. Even if we go up an entire order of magnitude say it's going to cost you $30 to open a channel, if I then use that channel to make a few hundred transactions over a period of months, then it is overall it is still cheaper than had I made all the transactions individually. You can always rebalance channels, and there are new developments such as channel factories and Eltoo which allow multi-user channels. With enough global adoption of bitcoin, there will be enough volume on the base layer simply from opening and closing Lightning channels (or some other layer two mechanism) to maintain the security of the network. It may be that a further block size increase is needed in the future, but we are nowhere near that stage yet.
|
|
|
Looks like bitnorbert agrees with my statement above about CSW's team failing by calling experts who agree with Hodlonaut: It turned out that BDO, one of the world's largest professional services companies, weren't going to sacrifice their reputation for Wright. This turned into a major self-own for him. Obviously I'm only reading things through the filter of Twitter here, but it does seem like this should go in favor of Hodlonaut.
In other news, BSV shills have succeeded in getting Greg Maxwell banned from Reddit for posting some of CSW's lies and forgeries from the trial: https://www.reddit.com/r/Bitcoin/comments/xi8f1q/is_nullc_banned_from_reddit/Reddit is such a trash platform.
|
|
|
this world's is lacking in energy resources. The world has abundant energy. Covering just 1% of the area of just the Sahara desert with solar panels which we can manufacture today would generate enough energy to meet the needs of the entire world. Note that is energy, not just electricity. Enough energy to completely replace coal, oil, natural gas, etc. It could be done with a one off cost of around $5 trillion. That's less than the increase in the Fed's balance sheet over the last 3 years. That's less than what has been spent on bailing out banks around the world over the last decade. There is no lack of energy resources. There is a lack of a will to spend money harnessing it, because our politicians are bought out by oil companies, banks, military industrial complex, and others, who are busy funneling the money in to their own pockets instead. It is either People get to live or PoW gets to live, which is why PoW is going to die. This is an absolutely moronic statement. If all PoW mining stopped today, global electricity usage would drop by a fraction of one percent. By next month, that saved fraction would already have been used up and more by the general growth and expansion of global electricity usage from other sectors which is continually happening. Banning PoW is completely inconsequential to global electricity use.
|
|
|
|