But I was thinking you could have a separate blockchain that served as a timestamp server. I don't see how this solves the problem. You broadcast your transaction first to the timestamp network, and have to wait for it to be confirmed for it to receive a timestamp, and then broadcast it a second time to the bitcoin network. There is still a time delay between broadcast and confirmation, except it is on the timestamped network instead of the bitcoin network. Plus then there is a further delay while you broadcast the transaction a second time and wait for confirmation. And who is running this second chain? What is their incentive to do so? Do I have to pay double the fees for my transaction? And then lets say a quantum computer was trying to look at pending transactions in the mempool to try and find public keys to crack. It would not be able to do anything with the mempool transactions which contained valid timestamps. Such transactions would be impossible to replace as they would stay in the mempool until confirmed. Long before we reach the stage where transactions are vulnerable to quantum computers solving the ECDSA in the ~10 minutes it takes for the transaction to confirm, we will have forked to a quantum resistant algorithm, otherwise every coin in a reused address (which number several million) would have long been stolen. |
|
|
|
Also on the bottom of the password list I added some old random passwords I had saved. I added 4 and it changed it to over 200,000 guesses now. How is that working? As I explained above, the tokens file will take a maximum of one entry from each line and combine them in all allowed permutations. So by including four passwords at the end like that, it will now be combining those passwords in every possible permutation with all the entries from the first three lines. If you want to simply try the four old passwords, then use the command --passwordlist instead of --tokenlist. That will just try each line of your file verbatim without combining it with other lines. |
|
|
|
If you think you can manage that then no harm in trying. It is difficult to understand exactly what you are saying when you say you are redacting some information - whether the "Z" represents any uppercase letter or one specific uppercase letter, for example. Here is a much more narrow token file based on some assumptions about what you have said above: ^1^Abc ^1^abc ^1^EFG ^1^Hij ^1^hij
^2^%[1Z]:23 ^2^%[1Z]:33 ^2^%[1Z]:@# ^2^%[1Z]:## ^2^Z339
^3^Abc ^3^abc ^3^EFG ^3^Hij ^3^hij ^3^Z33 ^3^Z## This will only generate 365 passwords. A little confused on the structures and how tokenlist works It will try one token from each line. The ^1^ before each entry simply tells it to try that token in the first position, ^2^ in the second position, and ^3^ in the third position. So essentially the file above will taken one token from each line in the order the lines are presented. You can run btcrecover with the argument --listpass and it will simply print all the passwords in your terminal window so you can see what it is generating to make sure it is doing what you think it should be. |
|
|
|
Ok, so based on all of that, your token file will look like this: ^1^%3A ^1^%3a ^1^%A%2a
^2^%in%y23 ^2^%in%y33 ^2^%in%y@# ^2^%in%y## ^2^%ia33%d
^3^%3A ^3^%3a ^3^%A%2a ^3^%A33 ^3^%A##
You can find the instructions on how I constructed this here: https://btcrecover.readthedocs.io/en/latest/tokenlist_file/
So for the first part it will try the following, where A/a represents any letter (case sensitive): For the second part it will try the following: Any single digit, lowercase, or uppercase letter, followed by
Any single symbol, followed by
23, 33, @#, or ##
OR
Any single lowercase or uppercase letter, followed by 33, followed by any single digit For the third part it will try the same as the first part, but also any uppercase letter followed by 33 or ##.
However, before you try to run this, you will need to try to narrow it down a bit. If you can replace any of the wildcards with something more specific (e.g. instead of "Any single digit, lowercase, or uppercase letter" at the start of the second part with "Definitely either a 1 or an uppercase Z"), then it would reduce the search space a lot. As it stands, that tokensfile will generate 23.5 trillion possible passwords, which on the provided benchmark for a 1660 of 6750 passwords/second, would take ~110 years to check. |
|
|
|
Ok, that's helpful. However, the additional uncertainty will greatly increase the search space. So the first part we are now saying is 3 letters, which could either be all uppercase, all lowercase, or one uppercase followed by two lowercase. The second part becomes tricky: Next 4 characters of the password are either 1:23, 1:33 or Z:33 or Z33... There could also be the shift/caps key applied to this part of the sequence.. So definitely 4 characters? Or it might only be 3? The first character could be a number or a letter (either case)? This might be followed by a symbol, but might not be? Then any two numbers or symbols? Or is it specifically one of the following: Or perhaps your keyboard doesn't have the @ and # symbols above 2 and 3? Then the last three characters could be 3 letters (all uppercase, all lowercase, or one uppercase followed by two lowercase) OR an uppercase letter followed by 2 numbers or 2 symbols? Again, is this definitely 33 or ##, or could it be any two numbers or symbols? |
|
|
|
One more question, why are you so afraid of the rules and the KYC system, are you committing a violation of law or a crime, that you are so afraid of an exchange that asks for your real identity, if you don't have any problem in your country I think KYC is not a big problem for you. Can we please stop repeating this incredibly incorrect notion that the only people who care about privacy must be criminals, and that only criminals care about their privacy? I don't have anything to hide, but I also don't have anything I want to share with anybody and everybody who is interested. You probably don't do anything illegal in your house, but you still have curtains on your windows. You probably don't do anything illegal online, but you still don't publish your browser history on your Facebook profile. The whole point of bitcoin is to not have random strangers and third parties start sticking their noses in to your private affairs, not to mention the massive security risk that comes with completing KYC. Privacy is a fundamental human right. Without privacy, there is no freedom. Allow me to quote myself from a few years ago: I don't need to spend a lot of time dismantling the "nothing to hide" argument, because it is already widely discredited. I will share one of my favorite quotes on the topic though: The old cliché is often mocked though basically true: there’s no reason to worry about surveillance if you have nothing to hide. That mindset creates the incentive to be as compliant and inconspicuous as possible: those who think that way decide it’s in their best interests to provide authorities with as little reason as possible to care about them. That’s accomplished by never stepping out of line. Those willing to live their lives that way will be indifferent to the loss of privacy because they feel that they lose nothing from it. Above all else, that’s what a Surveillance State does: it breeds fear of doing anything out of the ordinary by creating a class of meek citizens who know they are being constantly watched. |
|
|
|
Good job getting it working. We can help you make the tokenlist, but you are going to have to be much more specific. From what you've said it still isn't clear what format your password might take. 3 letters, followed by 4 characters and 3 letters or numbers.. a little complicated I know. In your first post you said 4-3-4. Now you are saying 3-4-3. You'll need to decide which it is. Picking out the important points from the post you just made: xxx 1:23 xxx
It's either the first capitalized letters in a word sequence I wrote down... Or on the new piece of paper it's 3 letters either Abc or abc
followed by the 1:23 middle part
then followed by D11
But this : could represented by another special character From this, I deduce your password looks like this: 3 letters, the first of which may or may not be capitalized 1 number 1 special character 2 numbers 1 uppercase letter 2 numbers Please correct me if this is wrong. Further, are there spaces in your password, or have you just put them in your post for formatting/clarity purposes? |
|
|
|
Changing the order of transactions in a block could be computationaly "expensive" for miners, because you need to recompute the merkle tree hashes to some amount, depending on the position of the changed transactions in the merkle tree, where the merkle tree hash contributes to the block header. Miners very likely choose the least expensive way to reset the nonce for further needed hash crunching. Miners very commonly use the extraNonce field to reset the nonce, which suffers from the exact same problem. With the coinbase transaction being the first in the block, it is the left most node at the bottom level of the Merkle tree, so all the hashes running up that left side need to be redone. Even in a block with up to 4,096 transactions, that's only 12 hashes. Swapping the order of two transactions, while not commonly used, would be the exact same number of hashes if you swapped transactions next to each other. |
|
|
|
That way you would be able to crop, resize, and change the appearance of the photo a bit, and still be able to recover the wallet, as the deep learning model would still generate the correct word for each photo. And then you also need to back up your deep learning model, and hope it doesn't make any mistakes when identifying your pictures. Problem is how to make something obvious and hidden in the same time... maybe making something like QR code artwork and only small section would work for scanning  If your goal is to have a picture on your wall which can somehow be used to recover your wallet, then the safest way to do this would be to simply write your seed phrase (encrypted, if you like) around the edge and then put it inside a frame which covers your writing. Every additional suggestion on top of the original idea is simply adding layers upon layers of complexity without actually adding any more security. The most likely outcome from one of these complex ideas is that you lock yourself out of your wallet by mistake. |
|
|
|
It looks like you just haven't been successful in installing the necessary dependencies. You are right that you don't need coincurve or ecdsa libraries for recovering a Bitcoin Core wallet. Then OpenCL libraries aren't installed by default when you install btcrecover, and you need to install them separately. What did you do to try to install them? Are you sure you have installed the right versions for your version of Python? I'm not really familiar with Windows,* but this section of the documentation should talk you through getting it installed: https://btcrecover.readthedocs.io/en/latest/GPU_Acceleration/#pyopencl-installation-for-windows*Do you have a Linux machine you can run this on instead? In my experience it generally works far more smoothly. |
|
|
|
So out of interest, I put in Binance's hot wallet address - 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s It stands to reason that anyone who withdraws coins from Binance, and therefore from this address, will receive coins which have the exact same "taint" as coins currently in this address. The breakdown is as follows: - 50% exchanges - other Binance addresses, presumably their cold wallets
- 25% unknown miner - presumably Binance pool
- 25% ofac sanctions blacklist
I did the same with one of Bittrex's current hot wallet addresses - 1MTwuZHvpmfu3Mupff8Ysomwuqm7rVaUgQ Much larger spread in this case, most coming from other exchanges and a couple of mining pools, but also a significant minority coming from known scams, known hacks, and two different blacklists. This raises two points. Obviously whatever mechanism this site is using to assign "taint" is different to what exchanges are using, otherwise these "tainted" coins wouldn't have ended up in exchange's hot wallets in the first place. And secondly, just because your coins came from a centralized exchange does not mean they are clean or free from taint, and another exchange might very well still discriminate against you and your coins. it does make sense to check his bitcoin address for AML risk before depositing on the given exchange to avoid or minimize chances of getting blocked or frozen This is not directed at you, but rather in general, but I have never understood this mentality of "We must bend over backwards and give up every shred of privacy to make sure these exchanges will continue to serve us", whereas any rational person would just say "Well, don't use exchanges which will steal your coins". |
|
|
|
Maybe but maybe Satoshi wasn't sure how many megahash some hardware might eventually get up to. Thus, it might burn through nonces and timestamps much faster than "real time". So it might need to go out to 2 hours in the future to get a valid hash, if the difficulty was high enough. But changing anything about the block allows you to reset the nonce (and effectively also the timestamp, giving you another 2+ hours to work through). There is the entire extraNonce field that miners can change, but also even something a simple as changing the order of the transactions they include (never mind including different transactions), will let you reset the nonce. In a block with 1000 transactions, there are 1000! different ways to order them, which is something in the order of 2 8529 possibilities, far in excess of anything that will ever be needed. In reality, most miners use the extraNonce field and don't bother adjusting the timestamp at all. Just the node that first received the transaction once it had been submitted to the network. Is all I was thinking. Whether it takes 1 minute or 1 week to get mined is another story but there could be a second timestamp for that perhaps. And that's it. Which makes it trivial to fake. "Oh hey, I saw this transaction two weeks ago but my node has been offline since then." There would have to be some type of cryptographic protocol to validate timestamps. You are now adding additional size to every transaction, thereby increasing fees, decreasing block space, and increase transaction time, as well as adding additional verification requirements for every transaction at every node, which will again slow things down, delay propagation, increase stale blocks, and so on. There are a lot of downsides to doing this. There would need to be a very good reason or major benefit to such a feature. |
|
|
|
My question is could you actually use custom made photo(s) that you could print and hang on your wallet as a piece of art in obvious place, but that art would hide bitcoin inside?
Scanning photo(s) would give you access to your keys, and you could even make mini printed version and keep it in your wallet, for international travels. Not using this method. It doesn't matter how good quality your prints are or how high tech your scanner is, if you scan to the exact same resolution in the exact same format with the exact same metadata - the file your scanner generates will never match the file you originally used. The picture in the file might look the same, but even a single pixel off by an imperceptible degree and your hash output will be different. You could maybe put a bunch of files on a digital photo frame (as long as you are sure the photo frame doesn't compress them or similar) and still recover the same wallet from them, but I still wouldn't suggest it given the reasons we've discussed above. |
|
|
|
That's very interesting. But, unless you had the master xpub key, there's NO WAY to know all of my addresses; UNLESS you use them together, like:
Address A has 1 BTC
Address B has 2 BTC
And then you create a tx of 2.5BTC to Address C and 0.5btc to Address (change address) D. Combining inputs from different addresses together in the same transaction is a strong indicator those addresses are owned by the same entity. In many transactions it is also possible to identify which output is probably the change (unless you actively take steps to obfuscate this information), and so again you can link this address to the same owner as the inputs. That way, you would be able to see that Address A, B, C and D are all connected, but other than that, there's no chance to see all other addresses That's not accurate though. There are many ways that people leak all the addresses in their wallet to third parties. The most common is by not running your own node. Any wallet which is not Bitcoin Core or is being pointed at your own node/server must connect to a third party server to query the history of the addresses in the wallet. When you do this, you send all the addresses in your wallet to the server and the server looks them up for you and send backs the balance and relevant history for those address. By doing so, the server can therefore link all the addresses in your wallet together. |
|
|
|
I see now problem with buying BTC from localbitcoins and localcryptop LocalBitcoins has required KYC for years. I've never heard of anyone ever being requested to complete KYC on LocalCryptos, and I use it semi-regularly without KYC. Do you information to the contrary? or even on some dex If an exchange says that it is a DEX but asks for KYC, then it isn't a DEX. It's a simple as that. If there is a centralized entity which is collecting KYC data, then the exchange is centralized. There is nothing wrong in KYC You mean apart from risking identity theft and having literally your entire life ruined? Why KYC is extremely dangerous – and useless |
|
|
|
It is impossible to verify their claims, but what could their incentives be to keep the record of random bitcoin addresses? Could they sell such information? A list of addresses which are owned by people who are specifically interested in maintaining privacy, plus maybe having IP addresses to match? Blockchain analysis companies would love such data. I mean, how they know an address is from an exchange and not from a web wallet when they tell "unknown exchange"? Or how they know it's a ransomware when they tell "unknown ransomware"?  All it does is look at every deposit to an address, and follow those coins back until they hit a match against one of their categories. If you withdraw from an exchange, for example, and your coins come from an address which is not yet known to belong to that exchange (since exchanges use new addresses all the time), then it will just keep going back in time until it does hit a match. If you do have concerns with the history of your coins, then rather than looking them up on such service better to just mix or coinjoin them and be done with it. |
|
|
|
Generating any child key from any parent key involves a one way hash function which cannot be reversed. This is true for all key generation in bitcoin, including generating a single address from a master public key. You cannot go backwards up the chain from a single address or public key, or indeed from many addresses or public keys, and calculate the parent key from which they were derived (unless you have additional information from somewhere else). Could it be possible at all to recover a master xpub from just 1 address? Even if I knew a million addresses from your wallet, I couldn't recover your parent public key. |
|
|
|
Don't use localbitcoins as suggested above. It might be peer to peer, but it is centralized and will absolutely require KYC and other information from you. but those ones do not, and they are safe. There is no centralized exchange in existence which is entirely safe, and even ones which offer non-KYC accounts such as KuCoin can and frequently do lock accounts and confiscate coins while they demand KYC. If you aren't comfortable submitting KYC, then you need to avoid all centralized exchanges. |
|
|
|
This tool has been around in various incarnations for a while now. The Tor link is here: http://pdcdvggsz5vhzbtxqn2rh27qovzga4pnrygya4ossewu64dqh2tvhsyd.onion/I would suggest that you do not use this service for your own addresses though. When they were previously shut down, every address which had been looked up was sent to law enforcement agencies for investigation: AMLBot also sent all addresses that had used Antinalysis, which were stored in the Crystal blockchain database, to U.K. law enforcement authorities. AMLBot noted that some addresses that had used the Antinalysis tool were previously not linked to the darknet or any illicit activities.
It added: “It can be assumed that criminals used these addresses for illegal actions … These addresses were added to the tracking database and transferred to the most prominent players in the market to [sic] a more effective fight against money laundering.” It is also impossible to verify their claims that they delete your search records from their database. If you are absolutely hell bent on looking up one of your addresses, then you should do it via Tor and you should do it in among a whole bunch of other random addresses you don't care about. |
|
|
|
To lessen possible damage, better secure your funds in your own wallet. Once you finished trading, store your funds in your own wallet. While good advice, the caveat with this is that there are plenty of exchanges out there which will let you open an account, complete KYC, deposit funds, trade those funds back and forth multiple times on multiple markets, all without issue, but the second you try to remove those funds from their platform is when they hit you with account suspensions or investigations or other such crap. While everyone should get their funds off centralized exchanges whenever they are not being actively traded, the only way ensure the safety of your coins is to never let a centralized exchange hold them at all. If you want to trade anything to do with foat money you will end up with CEXes following regulations. That's how real world works. If you want to be crypto anarchist, use dexes, don't use fiat money at all. There are plenty of DEXs on which you can trade fiat for bitcoin and vice versa. Bisq is the best example. That's a great list. I hope you update it regularly.  I'll try my best!  |
|
|
|
|
Show Posts
