I agree, this type of attack is feasible. Even POW takes the longest chain automatically then what will happen to transactions in other chain?
Are they will be automatically reverted because longest chain do not have any information about another chain so for it they never happened.
Transactions CANNOT be reverted under any circumstances. If they are broadcasted, they would eventually be confirmed or invalid (if the inputs gets used in another transaction). Obviously, it won't disappear or anything; else no one would be using Bitcoin. When the client sees another chain with a longer proof of work, they take the transactions in the orphaned chain and put them back into the mempool. For miners, they will include the transactions in their block. They are treated like a normal transaction.
|
|
|
The solution is incredibly easy, anyone could do it. Just code a website which allows people to transfer Bitcoins within their internal system. It doesn't matter if the person is registered or not. The main thing about the system is that the person's identity must be validated. Obviously, this could potentially compromise the person's privacy.
It can't be easily implemented into Bitcoin's protocol. Changetip works similarly to the method that I've described though its not really viable.
|
|
|
2.7.12..
Assume that means the transaction is long gone and forget about it?
Nope. If the inputs to that transaction is still unspent, you can still import it into another wallet on another computer to restore it. I wouldn't recommend you to continue trying on this computer especially since this Electrum version has vulnerabilities. IIRC, Electrum doesn't work on XP anymore. Its possible that support for Vista has been dropped along with it.
|
|
|
Whats your Electrum version? If its one of the earlier version, don't bother trying to use it. Close it immediately and get another computer to install the latest version. Any Electrum version below 3.0.5 has the potential to leak your seeds and ptivate keys on RPC.
If its above 3.0.5, press the bubble on the lower right. Try connecting to another. Uncheck the select a server automatically and right click on another server to connect.
|
|
|
The validating of transactions uses relatively little resources. If the difficulty is the same, the theoractical resources used for generating a block is the same, even if one block has a thousand transaction and the other has one. The difficulty sets a requirement for the miner to meet. The higher the difficulty, the longer it would take, if the miner has no change in hashrate and ceteris paribus.
Mining is basically just the miner hashing the block header which contains the merkle root. The merkle root is the hash of the transactions in the block. Your ASIC does not validate transactions. In fact, if you run a Bitcoin node, you are also validating transactions the same way as a miner. I doubt you can accurately measure the energy consumption of miners in Germany at all. There is no indication of the location of where the mining farms or miners is located.
|
|
|
I have option to enable a guest network on router without broadcasting ssid so that may provide more anonymity? Appreciate the added thoughts and help. Seem though this may be unnecessary from previous comments though?
By disabling SSID broadcasting, your router will not openly say that the specific WiFi network exist. The only thing this would discourage is script kiddy trying to bruteforce your password protected WiFi. However, it would still be possible for someone else to detect your WiFi with monitoring. It wouldn't help in anonymity, especially if you have a relatively strong password. Even if it gets cracked, the only thing they can possibly see if the peers that you're connected to.
|
|
|
I did dl and sync a full node for bitcoin core. Followed all the the network instructions but after full sync and over night I still only see 8 outbound connections/ 0 inbound and not using VPN currently.
Ports are forwarded in router and winX firewall should be configured. I did TCP/UDP to 8333 but when I call to my IP and port 8333 any site I use says connection timed out.
Static IP through DHCP in router is set.
Not sure what I'm missing.
The most common issue I've seen is that the port forwarding is incorrect. Go to command prompt and type ipconfig and take note of your IPV4 address in the column with the connection you're using. That is your local IP address. Check if your port forwarding asks for any IP address, if it does, use that IP address and not your public IP address. Go to bitnodes.earn.com and press check node at the bottom. If it shows your client version then you're good to go.
|
|
|
It depends on what you define as a "world" currency. In some aspects, you can consider it as a universal currency since you can accept Bitcoins anywhere at anytime as long as you have an internet connection. It could possibly be a common currency among people depending on the adoption. However, when it comes to being a legal tender across all the countries, it would just downright be impossible. Most governments are against Bitcoins mostly due to their perceived threats to national security (ie. political interest, terrorism funding).
|
|
|
That's not completely true. Ledger application does use their server to show information about incoming/outgoing transactions and balance.
But you always can verify yourself whether a specific transaction has arrived (i.e. block explorer). This does not apply on coinbase. You are given deposit addresses and receive a 'balance' in their database. Since you don't own the corresponding private keys, you don't own the bitcoins. You can't validate anything. You just rely on their database being intact to credit you the correct amount of BTC when you want to withdraw them.
With ledger, (only) you have the control over the private keys. Therefore you can always validate transactions/balance without needing to trust someone.
My argument hinges on the fact that with server side validation, most people wouldn't bother to check the transaction on any other sources. I wasn't talking about how Coinbase or Ledger works. The attack would be viable for people receiving transactions (and thus the client forging and providing inaccurate information) and that seems to be the main thing that OP is concerned about. Of course, Ledger is better in general. But when you're trying to receive transactions, the risk is there. This means that ledger could show you wrong information inside their application. This also means that coinbase could show you whatever they want and still don't let you withdraw anything.
That's why I'm implying that they are somewhat similar in terms of this. If Ledger shows you the wrong information, I would say that they wouldn't let you withdraw anything. Wallets do not delete addresses because they don't exist on a technical level. The only thing you eventually could delete is a private key. But since the majority of wallets nowadays are HD wallets (which do not rely on storing private keys; they are being derived) thats mostly not an issue anymore.
Yes. Its mostly interpreted by the community as the same thing, could do better on my phrasing though.
I fully agree that Ledger/hardware wallets are better than Coinbase/Online wallets by far, as a whole. I am only focusing on the discussion on the safety of only when receiving a transactions. Assuming Ledger's web app and Coinbase, both are equally susceptible to server-side validation attack for which the host could modify information that is being displayed inside of the client. While I do agree that having a second source of information is useful, most people blindly trusts what the client says as correct.
|
|
|
Its inherently difficult to prove the sole ownership of your Bitcoins. A,B,C,E,F,G requires trust on either or both of the party and D just won't be sufficient.
The most accurate way is to sign a message with the address and the message must contain relevant information. However, this would just prove that you could have control of the address and the BTC associated with it. It is of course, possible for them to get someone else to sign a message using their address.
|
|
|
If you're strictly asking about the security of receiving transactions, then possibly more on the Ledger. To be fair, Coinbase and Ledger utilise server side validation which requires them to be trustworthy. This means that they can modify the things that they can show you since they have full control over it. In terms of privacy, Coinbase is pretty bad on that. Coinbase has suspended accounts over deposits coming in from questionable sources.
Its common for wallets to display a new address for every transaction. Address reuse has never been encouraged. Wallets do not delete addresses without you doing it.
|
|
|
First of all, check the address that you're trying to sweep on a block explorer. Does the amount of Bitcoins as indicated in the block explorer correspond to the amount of Bitcoins you can spend?
It might just be the Mycelium servers are being blocked. Are you in a country that heavily censors network traffic?
|
|
|
How it can be done ?
By modifying the Bitcoin fork. The change will ONLY affect whoever is using that client. Is it possible for a bitcoin fork for example ? and can be applied for any bitcoin address proving the private key to check if he/she own that address ?
It is possible for any client, literally. None of the clients that I know of currently implement such features. You can always modify the code yourself to do so. If you want to prove that someone owns a Bitcoin address, you can ask them to sign a message with a message that is agreed upon prior to signing. That could merely proof that they have control of the coin in the address at that point of time.
|
|
|
Btctalk name: ranochigo Rank: Legendary Current post count: 5610 BTC address: 1Yzig3e8vx79XyYMjJShk4yBPp1YcvPbQ
|
|
|
I can't get your point! Did you mean that even before the difficulty increased, miners started mining with GPU?
Honestly, we wouldn't know. But at least a few blocks would probably have been mined with GPUs when the network was still CPU dominant. If that's the case, how fast it was to mine btc with gpu than with cpu during those early days?
At least a few hundred times. I can't say for sure but I'm taking an estimate using hardware at that time. Did miners just use gpu to solve the blocks faster and get rewards easily? Thanks for the correction!
No. At the start, this would be the case. Once everyone started to mine using GPU, the difficulty increases proportionally and the earning decreases too. GPU would definitely be able to have a higher probability of getting a block within 10 minutes. If you're talking about when Bitcoin gained some traction, I think the probabilty of finding blocks using either GPU or CPU is negligible.
|
|
|
Thanks for the reply, this plugin uses Bitcoin. I linked this plugin to the address at blockchain.info . how to use testnet? Can you give me a few references?
If you didn't design the plugin, you probably can't test it yourself. Unless your plugin has an option to accept testnet coins, you have to code it to do so. I suspect it won't be easy with pre-made plugins.
|
|
|
So I'm thinking what if only have a Transaction which contains and amount of money to transfer, reference to a previous transaction, Lockcing script (for itself) and Unlocking (for a Transaction to spend)). (Acually in my case I will not have scripts just (planning to save sender and receiver Public keys and a signature - but is another question)). So we have spent transactions (reference to which are set in next transactions) and unspend transactions (like UTXOs)
How different is it from the current implementation? Your previous transaction still needs a signature and a script to let the people know where the coins are being transferred to. Transactions are typically sent to various addresses and it is highly unlikely that the sum of Bitcoins transferred will be spent altogether. Then I don't need to code Inputs and Outpus and enable nodes to sync UTXOs - that will be much simpler. But I'm afraind that I miss something very critical with not using Inputs and Outputs. Actually it's not difficult to me to code Inputs and Output but I'l like to know why they are so important)
If you were to remove inputs and outputs completely, nodes still has to synchronize all the transactions. I can imagine it being a whole lot more resource intensive. If the client does not extract the UTXO, then they would have to search through all the transactions for the Bitcoins that is being spent in the transaction. In addition, most of the transactions would have to be searched through since they can't be "marked" as spent completely.
|
|
|
So how can you make a transaction with bitcoind in an encrypted wallet if it doesn't ask for a password?
Of course not. It would be a terrible design flaw if that is possible. You need to unlock your wallet first by putting in the command walletpassphrase *PASSPHRASE* *TIMEUNLOCKED*. Some commands doesn't need it to be unlocked, some do. You aren't supposed to have your wallet.dat file in an online computer anyway, so that is not really an issue. You just want to ideally block access to wallet.dat as much as possible.
No one said you shouldn't have it on an online computer. Everyone did say you shouldn't use it on an infected computer. So ideally, you want to have the full client to transact, and just don't have to settle to other software to hold the keys.
If you'd like, run Bitcoin Core as a server for your whatever SPV client to connect to. Your trust lies with your Bitcoin Core instance. A bit more annoying to do but if you want it that way, there's that.
|
|
|
I wouldn't bother with pruning, as it isn't the space that is your problem, but the sync speed.
Pruning solves the issue with his limited storage on his macbook. I wasn't addressing his external harddrive speed since that's harder to solve. Yes removing chainstate files forces a rescan and it's pretty safe as far as I know. You can force a rescan by adding "rescan=1" in bitcoin.conf file or with the terminal adding -rescan.
Rescan doesn't make the client validate the blockchain. I believe that deleting the chainstate alone won't force the client to check all the blocks again. If you want to be on the safe side, delete the block index too. Either way, it would take somewhat the same amount of time to validate again as your initial synchronization.
|
|
|
|