why i cannot see the sender of those 50BTC?
You can't identify a sender because there is no. What you were looking at is a coinbase transaction (not related at all to the exchange called coinbase; they just used that term as a company name). This is the mining reward. They assign themselve the current reward (earlier 50 btc, then halving every ~4 years; currently 12.5 btc). This is the (only) way of generating bitcoins, mining them. and last transaction from this address was 18-03-27 12:57:12 ... so someone spend 10 years without spending those bitcoin?
Yes. This is nothing unusual. Thereare quite a few possibilities why they didn't got moved yet. He may: - have forgotten about it
- have made a mistake and included an address without holding the private key
- have lost the private key (e.g. hard drive damaged)
- have a lot more btc's and those are a part of his 'holding stack'
- etc..
|
|
|
|
Hi I have a basic question about bitcoin. I am wondering if a bitcoin transaction can be traced like this.
For example I have some bitcoins in my online wallet, I will use localbitcoins.com as an example. I then send these bitcoins to a desktop wallet such as Electrum. I know that this transaction is recorded and its easy to trace this transaction. But what would happen then if I was to send these bitcoins from the Electrum wallet, to another completely separate online wallet? Would somebody be able to know the funds have come from the original localbitcoins wallet, to the third completely separate wallet? I know a mixer can be used, but my question is without using a mixer.
Let me illustrate that: A = localbitcoins wallet B = electrum wallet C = 'another seperate online wallet' A -> B can be looked up, as you have already mentioned. This transaction is being stored on the blockchain. B -> C is just another transaction on the blockchain. So the same applies. Now, if i look at your first transaction (A->B) i might see X btc's being transferred from A to B. Afterwards im looking at your address B in a blockexplorer, and see that those outputs (X) already have been send in a nother transaction (with receipent C). In short words: Yes, it is possible. If you can trace A -> B and can trace B -> C (both are 'normal' transaction), you can also trace the whole path A-> C. Tracing, in terms of tracing UTXO's, is transitive. |
|
|
|
You are not reading the whole thread OP said that he found a solution that solved his issue. Check the post above your post for reference and hope you guys read the new post before you reply if the problem is solve or not.  I guess my eyes aren't that good anymore. Somehow completely overlooked that  |
|
|
|
While it can't be verified if they really only store the encrypted version, it would probably be more secure to check their github[1] and download/compile the 'wallet' yourself. This way you at least know what code is running in your browser. [1] https://github.com/OmniLayer/omniwallet/ |
|
|
|
From your website: Enhanced Security
Secure hardware-based key storage and asymmetric and symmetric cipher support.
What do you exactly mean? Asymmetric encryption on the hardware device? What for? How to decrypt it afterwards? Typing in a private key?  And what kind of encryption algorithms are used (can be chosen) ?
I got 4 additional questions: 1) How much storage does your device have? 2) "Hundreds of currencies" is mentioned.. how is the device protected from injecting code into the memory? 3) COIN owners can: - Create investment transactions and portfolios in Coinvest
- Receive assets from investment portfolio profits and index fund investment fees
- Purchase goods and services from merchant partners
- Buy and sell on supported cryptocurrency exchanges
Does this mean you actually have to buy/own the HW wallet AND your erc20 token to use the wallet? 4) Is it open source? I didn't find anything regarding source code. |
|
|
|
...and Schnorr Signature (reduce input signature size while increase user privacy)...
Schnorr signatures itself do not increase the privacy. After schnorr signatuers have been implemented, the foundation for future improvements (including privacy) has been layed. With schnorr, coinjoin [1] can be built on top. And coinjoin is what increases the privacy by 'mixing up' several inputs/outputs. https://en.bitcoin.it/wiki/CoinJoin |
|
|
|
False. This may have been the case back in the Silk Road days but Bitcoin can definitely be traced now. This is why many deep web markets have switched over to Monero.
Bitcoin has always been traceable. This is nothing new. Just because it was not known that it is traceable 5 years ago, this doesn't mean that it wasn't. If the government/someone really wanted to track down a transaction, they can do so even through bitcoin mixers and whatnot.
This only works under some circumstances: 1) The mixer keeps logfiles 2) The mixers location is in the same country as the authorities 3) There has to be a court decision If one of these points doesn't apply, this is not possible for governments.
Wow, so if that is true... Why are we not seeing government agencies arresting all the people who bought drugs on Silkroad or why are most of the money still untraceable that were hacked on the many exchanges that was exploited over the years?
Governments arrested a lot of people for selling drugs on silkroad. The majority has been traced via btc exchanges. The (from exchanges) stolen coins, have already been laundered. You can't trace them further if they have already been sold. Like it is the case with NEM. The majority of coins got laundered, therefore the foundation stopped tracing them. Why did they not arrest the owner of the biggest Bitcoin mixer service that closed down a while ago? < Bitmixer.io > Why should they? It is not illegal to run a mixing service. Bitcoin is for the most part anonymous, if you use it correctly and that is why government agencies are so against it. You can use other Alt coins like Monero and ZCash and Dash, but a lot of those coins are sold for Bitcoin in the end.
Bitcoin is not anynomous. It is pseudonymous. In the end the majority of pseudonyms (addresses) can be linked together. Thats by far not anonymous. |
|
|
|
There are 2048 words to be chosen in the seed and you have 24 words to create your seed.
2048^24= 2.9642775e+79.
This is the (theoretically) maximum amount of possible combination. But due to the fact that the last word is partially a checksum (a few bits from the last word), the actual amount of valid seeds is lower than 2048^24. You need a supercomputer to do the processing that takes a long time as well as the electricity bill.
Your money (0.1 BTC or 700$) will look slim if compared to the cost of restoring your seed.
It just doesn't take 'a long time', it is also not possible to compute all possibilities within a few hundred/thousand years. |
|
|
|
Doe anyone know how long it last? For example doesn't the battery wear out after x amount of years?
The lifespan (on average) would be 10.000 to 100.000 (write-)cycles.
But if you are done with it you should not leave the nano ledger s stuck in the usb port then right? Thus once you are done using it, just pull it out? And thats exactly what you should do... pull it out from the usb port since its not a flash drive?
Because i wondered was it bad if i just leave it plugged into my laptop all day or just leave it plugged in when not using it. That is probably bad idea right or it doesn't matter.
Well.. there is no reason to let it plugged in. You theoretically expose yourself a higher risk when having it plugged in all the time (e.g. new vulnerability gets found, better to have it not connected in this case). But practically, it probably won't make any difference. But why risking?
I just thought about something else. So you can put the 24 word seed in electrum if your device doesn't work or gets stolen or malfunction to get your bitcoin. Now what if you have other coins like bitcoin cash, litecoin, or those other type of coins? Then how would you claim your bitcoin cash? Which wallet would you have to download if you don't have another nano ledger s? For litecoin, it would be electrum for litecoin right? Now what if its all those other type of coins and not the popular ones. What happens there? So if you have like other coins, you have to download some other wallets in order to get it? The thing that is confusing is wouldn't certain coin wallets not have 24 word seeds and have lesser word seeds? Say you have dash and quantum. Well electrum isn't going to work for that right? So if someone has like 10 plus different coins, they going to need to download 10 different plus wallets assuming they cannot get another nano ledger s?
You can use your seed to generate all the private keys. There has been an 'agreement' on how to derive keys from a seed. So, regarding coins which don't have a wallet that accepts mnemonic seeds, you can just use a tool to derive the private keys you need, which then can be imported in any wallet. And yes, if they hold 10 coins.. and prevoiusly used one wallet for those 10 coins (e.g. nano s), they have to use 1 wallet per coin (assuming one wants to use official wallets). But there are also wallets which accept 100+ coins (e.g. mobile wallet: coinomi [1] - desktop wallet: exodus). [1] https://coinomi.com/[2] https://www.exodus.io/ |
|
|
|
To those of you that say its the worst idea to write the 24 word seed in gmail... i would agree with this because someone could hack your account. However, if you use say lastpass or keepass and then put the seed in either program, isn't that pretty safe? Thus the hacker would not only need to know your gmail address, they need your gmail password. Then they would need your password to either your lastpass or keepass. So wouldn't that be pretty safe? Or that could still be hacked?
If you are putting the seed into a password manager (which itself is as secured as the passwordmanager (encryption implementation, ..) is), why are you then storing something in your email? Is your idea to store the encrypted file in your email account? Or are you talking about storing your gmail password in a password manager and then store the seed (encrypted/unencrypted ?) in your gmail account? As i have already mentioned.. email is broken!Any (unencrypted) email you send, can be read by anyone who cares to read your emails. I hope you know this. So, no. An attacker would not need your gmail password to 'receive' your mails. He simply just 'copies them on the way to the mail server'. Note that it is not that trivial as i have described. But for an attacker with medium knowledge this is pretty easy to accomplish. For more information about how broken email is: https://en.wikipedia.org/wiki/Email#Privacy_concerns
Because they would have to go through 2 layers of security right?
No, only passwordmanager encryption. Since an attacker (who does target you) can read/intercept all of your (unencrypted) emails.
Also isn't it true if someone logs into your gmail account from another location, gmail would block them if they don't recognize the ip address or country etc?
An attacker could use a proxy, faking an IP address near from your location. This is a security measurement which can easily be bypassed.
So wouldn't that be another hurdle for that hacker?
No.
And even if they get through that, how could they hack the password for lastpass or keepass then? Are there cases of this?
Because i have heard of cases where someone types their seed and emails it to their gmail account like in plain letters... that is bad since its not even encrypted. But with lastpass or keepass, isn't that pretty safe then?
Well, as long as there is no vulnerability found (e.g. mistake in the implementation in the password manager) it is safe to store your seed inside kepass. But keep in mind that an attacker might have your encrypted file once you attach it to an email. So he has quite some time (assuming you don't change your seed frequently) to bruteforce all easy passwords. And once a vulnerability might be found, your seed can definetely get compromised. Overall, it is 'pretty safe' to store your encrypted seed in your email account regarding the possibility of someone cracking the encryption. But note that there are way more secured storage possibilities than an email account. Additionally you don't have any control over 1) who gets access to your encrypted file and 2) how long your file will stay there. One morning the email service provider might have a failure with their servers, resulting in a loss of data.. or whatever.. I would not suggest to use email as a storage for ANY confidential information. |
|
|
|
Wondering why so many posters are willing to give advice to some asshole who is likely to try & steal somebodies life savings with said info given to him.
Well, besides all of these information being available on the internet (probably less than 5 minutes yahooing googling), he can't do anything with these information without also having access to a wallet.dat. And maybe he isn't even trying to steal peoples coins. And even if he is.. he obviously doesn't have the mental capabilities to perform such a task. Unfortunately, it seems the vast majority of people can't be arsed putting the effort in, or have watched too many Hollywood movies where you can type "hackpassword.exe supersecretfile.dat" (usually into a command prompt with 30pt font) and it takes 30 secs to crack!  I'd like to illustrate that more detailed: There is a green matrix-like font running from the top of the screen to the bottom. And after 1000 lines output read by the highly professional hacker per second and hammering on the keyboard without even typing words, the ' password of satoshis address' appears. Hackers are magicians. Didn't know that? Probably thats the reason some non-techy persons think they can type a few words, look at a green screen, and get fkin richt instantly.. |
|
|
|
Does the address you have sent the funds to appear in electrum (receive- or address tab?) ?
Yes, the address I sent my BTC to is in the Electrum application, and the receiving address was inside of the receiving tab, right where it says: "Receiving address:" Does it still appear in the receive-/address tab?
Yep totally missed it (not used to a Mac) but then found it. I did an ismine("address") in the command line and it said true for the address I copied from electrum.
Just to make sure i understand you correctly: - You have sent BTC's to address X from your electrum wallet
- This address X is visible under receive-/address tab
- ismine("X") returns true
If you can answer all of those questions with yes, then can you please try to execute the following command: This should return all UTXO's available. Look at the list you get and search for your address/amount received. Do you see any transactions/coins related to your address X ? |
|
|
|
What is the solution against the bots that automatically and frequently upload unnecessary data into the Bitcoin blockchain?
Currently there is no real 'solution' to 'prohibit' such a behaviour. But pushing data into the blockchain is a very costly undertaking. You can't simply upload pictures or movies for a few bucks.. If allot of nodes enable pruning, will not the blockchain become less secure (because there are less nodes to download historical data from)?
It doesn't make the network less secure. The availability (of the blocks) for others to download from sinks. The 'security' is more dependent from the total hash rate. |
|
|
|
Same perception on what his motive. Creating a clone of one of the most famous exchange site would only have reason which it might be used on phishing out bittrex users and stole valuable coins.I might be judgemental but this is the only thing comes to my mind.As i read above he dont even have a money exceeding 1 btc for creating a possible exchange which means he do had other plans.If not an exchange then what?
I am wondering how people can be 1) stupid enough to ask something like that in this forum here and 2) too short-minded to actually google how to clone a website, scams don't need a functional backend, do they? I remember the times where scammer actually had to think about their tactics. This is just ridicilous how every non-brainer tries to scam/phish people, without even unerstanding what he is doing.. |
|
|
|
The ECPOINT in his code uses key exchange from Secp256k1 for AES key/iv as you can see so
I am not sure whats going on here so maybe you can cast some light on this
I am not sure what code you are looking at. The ECPoint you have linked ( https://github.com/TangibleCryptography/Secp256k1/blob/ee6ddaa59d3c61295bb24bcc903bb16fb528b933/Secp256k1.Core/ECPoint.cs) consists of this: public ECPoint(BigInteger x, BigInteger y, bool isInfinity)
{
_x = x;
_y = y;
_isInfinity = isInfinity;
}
Feel free to directly link to the AES function. But as i have already mentioned, AES is used for symmetric encryption. The bitcoin protocol doesn't require anything to be encrypted. While signing message/transaction is theoretically like encrypting (with private- and public key swapped), there is no AES (or anything comparable) used. You also seem to be a little bit confusing with your term of 'key exchange'. I'd suggest you read this: https://en.wikipedia.org/wiki/Key_exchangeRegarding the IV of (any) AES encryption: The IV can be whatever you want. So it seems that someone just decided to use parameters from the secp256k1 as IV. Read here for more information: https://en.wikipedia.org/wiki/Initialization_vector
public static class Secp256k1
{
public static readonly BigInteger P = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F".HexToBigInteger();
public static readonly ECPoint G = ECPoint.DecodePoint("0479BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798483ADA7726A3C 4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8".HexToBytes());
public static readonly BigInteger N = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141".HexToBigInteger();
} Does anyone recognize these hard coded strings ? What do you mean by 'recognize' ? You should read my answer to your previous post more carefully: Bitcoins signature algorithm is the ECDSA (DSA on elliptic curve). And Secp256k1 refers to the curve which is used.
Those are the values for the secp256k1 curve. Look here: https://en.bitcoin.it/wiki/Secp256k1 |
|
|
|
Bitcoin -$1000, Dow Jones -700 points, Gold and Silver +2%. Look at world markets ......
Bitcoin +$5913 (~ +600%), Dow Jones +2783 points (~ +12%), Gold +5%Look at world markets. And maybe look at a bigger timeframe? I have chosen 1 year. Picking random numbers from random timeframes is a not very established way of recommending an investment.
@OP: You need to decide for yourself wether you want to rather invest in only 1 project you trust the most, or spread across several. But keep in mind that you have to stay up-to-date regarding each of your investments. The possible return and risk has to be weight up. |
|
|
|
I pulled the bitcoin Secp256k1 from a windows library and I use that for key exchange because it is second to none but after that the code in Bitcoin uses AES for the signature from what I had seen. Here is the code that's in the project I pinched the Secp256k1 from. private byte[] DecryptData(byte[] Key, byte[] IV, byte[] cipher)
{//RijndaelManaged AES decryption
aesEncryption.IV = IV;
aesEncryption.Key = Key;
ICryptoTransform decryptor = aesEncryption.CreateDecryptor();
byte[] decryptedData = decryptor.TransformFinalBlock(cipher, 0, cipher.Length);
return decryptedData;
} Bitcoin does not use AES for signature. AES is used for symmetric encryption. Bitcoins signature algorithm is the ECDSA (DSA on elliptic curve). And Secp256k1 refers to the curve which is used.
This is why I stated that Bitcon uses AES after key exchange but now I have to question this myself
but this project I pulled this code from is quite a common one so I am not sure what to make of this.
Besides AES, bitcoin also doesn't have any key exchange. An key exchange is required when you have to actually exchange a symmetric encryption/decryption key. Asymmetric encryption made that obsolete with the drawback of being significantly slower. But the bitcoin protocol does not include any (encrypted) information exchange via the network. |
|
|
|
I don't see anything in the History tab and the Receive tab has the status as pending for those requested funds.
Does the address you have sent the funds to appear in electrum (receive- or address tab?) ?
I don't see any drop down to access the "console" - there are only 3 tabs, History, Send and Receive. in the Right lower corner there are four icons. Network (I'm connected to three nodes.) Seed (where I can enter my password to review my seed info) Preferences (I don't understand most of this) and Password (where I can change my password.)
I guess you missed it: Try the following:
Open electrum, goto the console ('View' -> 'Show console') and type in:
|
|
|
|
I tend to trust my own judgment.
A lot of people do that. And the majority get burned. Probably the best example: Brainwallets. Yes Linux is better but I am too much of an expert with windows
This eliminates the risk of any closed source software / malicious implementations without exposing yourself to the risk of an easily reverted encryption. My code would be open source and must stand up to peer review I guess you didn't understand my statement. The point is that it is senseless to create an 'encryption' which can easily be reverted. and I am sure no one would say a world if i just pasted the AES keys over to
microsoft to process the encryption because that's just whats happen already with windows based wallet on Bitcoin
What are you talking about? so please don't knock me for at least trying something new.
I did not intend to 'knock' you. I just tried to show you why it is a bad idea to 'create' an own 'encryption' algorithm. You seem to lack the basic knowledge about cryptography. Substitution is an easily breakable approach (i.e. known-plaintext attack / frequency analysis). Even in combination with linear functions this can not be considered safe. In no way. Your 'encryption' will be attackable without a big effort. |
|
|
|
I totally agree. However, Windows is not an open source system. So, one could never know if there's something inherently wrong with it security-wise from the very beginning.
You are right with windows being closed source and being more susceptible to exploits. But just because the operating system you use is open source, this does NOT mean that everything running on your system is open source. There is still closed source code running on your machine (Any driver, firmware, bios, etc...). Until you can eliminate all of these risks by building your system completely by your own, you will have to trust the manufacturer, regardless of the OS. |
|
|
|
|
Show Posts
