what is the usage of Ethereum? creating ICOs.
I disagree with this statement. The whole purpose of ethereum is NOT to creat ICOs. The real purpose is to be able to create small programs (smart contracts) which can be executed without a central authority. Just because the majority of people are using them to simply create ICOs where they just build some kind of a payment token and promise a lot of utility, this doesn't describe the usage/purpose of ethereum itself. Most people are greedy. Thats the reason we have so much shitcoins and tokens now. They all just want to make fast money. But this does no way mean that the whole ethereum network has been made for this one purpose. @OP I think it heavily depends on the reason for BTC going down. If it would be because of a security vulnerability, the chances of ALL cryptos going down would be very high, IMO. |
|
|
|
Keeping just the chainstate folder seems not to be enough, becaus it seems to build up the whole blockchain from scratch if I delete all the files and folders except the chainstate folder.
I hope you didn't delete your wallet.dat with 'all the files and folders' you have deleted. If you want to save space, you can run core with the prune-command and set a limit on the maximum available space. Core is building the chainstate by downloading and verifying all blocks. You can't just delete all files except the chainstate folder and expect it to still work properly. But you can backup the chainstate directory to have a full functional backup of the current state (balance, UTXOs, ..) the next time it somehow gets corrupted. It is a fast way to make a backup and to return to a functional state if your system somehow doesn't work properly anymore. But the chainstate folder itself does not replace the whole data directory. |
|
|
|
So assuming it can be rooted, and most likely third parties will be selling compromised versions, what steps are needed to gain someone's funds assuming they use a compromised device from the off? Would it be very straightforward or are there are some steps that would be considerably harder?
Since this wallet is auto-updating itself each time it has an internet connection, you don't really need to sell compromised versions. You would just need to find a vulnerability and use an exploit to compromise ALL devices which are logging in (auto updating) their wallet within the trame frame of the beginning of your attack and the end of your attack (when bitfi wallet server gets shut down). But, assuming it can be rooted.. it would really be straight forward to create a malicious version which will serve as a backdoor. This is nothing compared to an attack on a ledger nano s / trezor. |
|
|
|
If a block explorer (e.g. https://www.blockchain.com/explorer or https://live.blockcypher.com/ does show the transaction as confirmed, you can safely assume that you have received your coins. Armory just can't update the necessary blocks since core is not fully synced. You can either wait for core to fully synch, you will be able to see and access your coins afterwards. Or you can export the private key of the address and import it into another wallet which does not require the whole blockchain to be downloaded and synced. If you should decide to export the private key, click on 'Backup this wallet' -> 'Export Key Lists' and choose 'Private Key Plain Base58'. Afterwards you will be able to import this private key into any other wallet to access your funds (e.g. electrum). |
|
|
|
when i use manager app i can connect ledger,but when i use bitcoin app nothing...
the app did not recognize that I connected the device
Do you hear the standard windows connection-sound when you connect your nano s with: 1) the ledger manager open and 2) the chrome wallet open ? Do you hear the sound in 1) AND 2) ? Or do you hear the sound only in 1) ? Or do you never hear such a sound ? |
|
|
|
Problem with urandom() is that when it has enough entropy it is a good RNG, but if it doesn't have enough entropy, then it can give insecure random numbers. And you can not know., because urandom() does not tell you if entropy is low.
Getting 256 random bit from urandom is not too hard. Just boot your PC, do some stuff for a minute, and you will have an entropy pool which already is way bigger than just 256 bits. You can also check the entropy pool witht his command: cat /proc/sys/kernel/random/entropy_avail
If it returns a number >300, you are good to go to use urandom as your RNG. You could generate the private key yourself, by rolling a dice.
I would not recommend this. Rolling a dice with the same hand, the same dice, the same table is WAY less random than using a proper RNG (like dev/urandom). |
|
|
|
I'm having an issue with my faucet. When I try to claim i have an error:
Notice: Post request, but invalid address input name. in /home/kbnwblfn/public_html/index.php on line 94
anyone know what could be?
Well.. what about showing us line 94 of your index.php ? Your script somehow regards your address as invalid. What address did you type in? It might be possible that this old script is only working with legacy addresses (starting with 1..), which would be quite awkward since it at least should accept p2sh too (starting with 3..). Did you enter a bech32 address (starting with bc1..) ? If yes, this might be the issue since your (probably very old) script does see bech32 addreses as invalid. But without lookink at the source code (preferably not ONLY line 94), nothing more specific can be said. Feel free to post the relevant snippet here, so we can take a look at it. |
|
|
|
My question is whether there is a guideline, or rule of thumb, that new blockchain developers follow to reduce the risk of such attacks?
It is simple. Don't use an algorithm which is already used in X other coins. The reason for each BTC fork to be heavily vulnerable to a 51% attack is, that just a small portion of miner from the BTC chain had to change the coin they are mining, to gain 51%+ of this coin. So, instead of forking and using sha256 as an algorithm (like in BTC + 30 forks) and making your whole network vulnerable to an attack by even one relatively small BTC miner, you should create your own mining algorithm. Choosing the mining algorithm is an important decision. This shouldn't be done without proper consideration. You probably won't be able to create an ASIC proof algorithm, or an algorithm which for 100% won't be traded on such a marketplace, but you can do your best to protect yourself from malicious miner looking for a weaker coin with the same algo to make money with. You would basically require an possible attacker to build his/her own ASICS for your algorithm, which still can be done.. but this makes an attack way more costy. |
|
|
|
|
After you have checked that you are using the latest version of electrum, you might want to try it out to change the server you are connecting to.
Click on 'Tools' -> 'Network' -> Change it from 'Select server automatically' to a specific one (e.g. zcl-electrum.com port:50002.
Try if it works now. You might also try out several other server.
|
|
|
|
if i was parking coins for a long time with the intention of picking up some future bonuses i'd stick with legacy myself.
You can't really regard cheap BTC forks as 'bonuses'. Most of them are worh nothing and only bring the risk of getting private keys compromised by using their one and only wallet. IMO this is a way too time-consuming process to be worth it.
error code: -4
error message:
Private key for address 16gzd25KU6tU89YsNNbGbzshvx3512YL1h is not known
May be need wait full sync?
If this address is indeed part of your wallet, you have to unlock your wallet first before being able to dump private keys. Use this command: walletpassphrase "YourPassword" 600
If you did unlock your wallet prior to using the dumpprivkey-command, it seems like the private key to this address has NOT been created by your wallet.
Because my script not use BTC about 6 month.. I adding BTC again.
In this case I will be use 3xxx.. I did not know about it.
It is always better to update your scripts to match the current state of the technology (note that p2sh addresses (starting with 3..) have been available in the network since the very early early days already). Using a legacy address simply because your script isn't updated yet, is kind of sad. |
|
|
|
Now My question that I hope someone could answer:
Is the reason for possible error are the users use and creates account in results error?
There are several sources of error which can result in lost funds. The most critical probably are the gathered entropy, the correctness of the implementation, and the storage of the private keys. Generally, if a user creates an address on your site, your backend server is generating a valid private key and stores it associated to the users ID in the database. If your implementation is correct and you are not vulnerable to any form of attacks, it won't result in errors. But if your implementation is buggy on the other hand, the possibility definitely exists that some malicious actor could trick your system to pay out more funds than it should. |
|
|
|
yes i see your advice but my ledger can not connect to chrome app.. only live and manager app but not btc app
What about the following statement then ? I can access bitcoin ledger wallet via chrome app
Why / How did you lose the possibility of accessing your wallet via the chrome app  This doesn't make much sense |
|
|
|
Does anyone have an idea, since LCB did not want to help me, saying web wallets have no private key etc. If the money is just stuck, will binance help my friend get his money back? He sent them a message already.
Man I tried begging them, the first few messages they actually replied, now they are ignoring my messages even though I am crying for help...
That's the problem with all of these online service without access to the private keys. It completely depends on their willingness to recover those funds  Most of them just ignore it, others recover the funds for a not too small fee. You should aim to always be in full control of the private keys, to stay in full control of your funds. Unfortunately there is nothing you can do. If localbitcoins decides to not recover your funds, they most probably won't change their minds. |
|
|
|
"python35 -V":
No command 'python35' found, did you mean:
Command 'python3m' from package 'python3-minimal' (main)
Command 'python3' from package 'python3-minimal' (main)
python35: command not found
So I don't know where things are at. Thought I'd managed to get 3.5 installed?
If you managed to successfully install it by sudo apt-get install python3.5, you do have python 3.5 installed. You need to type python3.5 instead of python35. So, this command: Then you can open electrum with this python version by typing: inside the electrum directory |
|
|
|
I tried iancoleman and did not see address in first 200 rows ,external or internal... do i have any other options?
The simpliest way to check whether your address belongs to your ledger has already been posted twice.. In the Ledger Chrome App... click on "Settings -> Tools -> Sign Message"
See if the address that has your BTC is displayed. If it isn't, click on the address... it'll open a search box. Start typing the first three or four characters of the BTC address and see if the whole address is shown in the list. If it is, then the address is definitely part of your Ledger Wallet and you have the correct seed.
If you are using the chrome application, go to the settings and choose 'Sign message'. Then start entering this address in the drop down menu. It should appear there.
If it appears, the private key associated to this address is part of your ledger. If not, unfortunately it is not.
Please do this first to verify this address has REALLY been generated by your nano s. |
|
|
|
Why would you want to have your hardware wallet attached to your phone case? It's almost the same level of danger as carrying your Ledger/TREZOR on a keychain everywhere. If you need to spend some of your coins outside then simply transfer them to a good software wallet.
I assume this the point which bothers the most. A mobile hardware wallet as a secondary wallet holding small funds does have quite a lot advantages over a mobile wallet. Physical 2-factor-autentication can not be attacked via any network-/communication vulnerability at all. On a smart phone on the other hand there are quite a lot vulnerabilities which can lead to a compromised phone. Your whole security relies on the smartphone to be clean, which not a good assumption to make. Regarding the poll, the device i'd like to see the most would be a mobile with an inbuilt (but seperated) hardware wallet. |
|
|
|
This seems to be fine. I didn't find anything critical/vulnerable within 10 mins looking at it. This does NOT mean that it is safe to use. This does only mean there is nothing too obvious to find. The proper way of implementing such a system would be to build it yourself. Thats the only way you can be sure of what your system is really doing. This does of course require knowledge and time to be available. Depending on what kind of service you are providing (i.e. amount of users, amount of BTC involved, etc..) building it yourself with security in mind might be the only way to be (as good as possible) secured against malicious actors. |
|
|
|
I was under the impression that Bitpie and Bither were released by the same developers?
Thats true. From their FAQ: Bither and Bitpie both belong to the same technical team, however Bither is the team’s early products and Bitpie is subsequently operated product. The main similarity between the two products: they all provide HD wallet management program;
@OP AFAIK they are using the BIP39 scheme. So the words should at least be recognized by bither's app. Do what HCP suggested and check whether all of your words are inside the BIP39 word list. It may be a typo. If one word is not in the list -> look for similar words which you might have written down wrong. Unfortunately i can't say anything regarding the derivation path. Couldn't find anything related inside their documentation too. |
|
|
|
but what if we just add 3 coin as example "etn,xvg,xrp"
and when any user make a deposit , the system automatically convert this coins to btc market price and keep this amount in every user wallet.
1) If you want to implement the conversion yourself, you need to write a program doing the logic/calculations which uses the API commands available by the given exchanges to make the correct actions. 2) If you additionally want to implement the backend of your sending/receiving transactions part, you also need the full nodes installed and configured to accept RPC commands. You can use an API instead, to get all information about incoming/outgoing transactions. Unfortunately you are relying on the service provider here and they charge a fee for this service. If you don't want to implement 1) by yourself, you probably should use a payment processor. They are 'easier' to handle but involve trust + fee regarding the provider. |
|
|
|
It is open source right?
Can you give us a link to the source code?
It's closed source for now. Might change it later. If it is not open soruce it is not a wallet, it's a bank. What makes it a bank? If the users own the private keys then how is it a bank.. The point is that the user CAN NOT KNOW that (only) he owns the private keys. It would be way too easy to have a backdoor installed in the wallet (either by directly letting the attacker/publisher connect to the PC or by using a predefined seed-pool). One should NEVER use/trust a closed-source wallet without any reputation. In most cases this will have a bad end. There is no reason to use such a wallet. 1) The concept CAN NOT work. 2) It MIGHT be malicious. 3) There are BETTER (open source) wallets available. |
|
|
|
|
Show Posts
