An attacker who can compromise the Ledger website and make it link to a malicious download could equally compromise whichever server Ledger Live connects to when you hit the "Update" button and make that point towards a piece of malicious software too.

With any piece of software, just downloading it from the "correct" source (while good practice) is never enough to ensure your safety. You should always verify it against the developer's keys or hashes.

He actually does state this incorrectly.

https://youtu.be/p5nSibpfHYE?t=280

https://youtu.be/p5nSibpfHYE?t=311

He does then go on to correctly state that it would be brute forcing 80 bits though. Whether or not he actually made a mistake or whether he was just "dumbing it down" for his viewers or not is another question. I did see another video where he incorrectly stated (multiple times) that the BIP39 wordlist starts at "about" and ends at "zebra", though.

Surely, technically speaking, anything longer than 128 bits isn't adding any additional security since it would no longer be the weakest link in your set up, assuming an attacker doesn't have partial knowledge of your passphrase with which to reduce the search space?

The obvious scenario where someone would (and should) use more than 60 characters in their passphrase is if their passphrase is not randomly generated like the example I gave above - ]$wQ^;g2q94@$HRY. If you choose dictionary words, names, places, quotes, words from a book/movie/song/poem/etc. as your passphrase, then 60 characters will result in far less than 60 bytes of entropy.

Sure, but reading OP's posts, he is brand new to using GPG and is importing a single key belonging to ThomasV to verify a single piece of software. He is highly unlikely to be importing other keys at this stage, and even less likely to be using them to build a web of trust since he doesn't know whose keys to trust or even how to sign that he trusts them. Yes, it is a good idea to sign keys once you understand why you should do so (which is explained in the link I gave), but I think forcing him to sign a key when he doesn't understand why is counterproductive to assisting him to safely install Electrum, which is what his ultimate goal here is.

Not only not from the BIP39 list, but it doesn't even have to be a word. You can use an entire phrase or sentence (but don't choose a famous quote or song lyric, since you decrease your security by doing so), you can use numbers and characters, you could use something that looks like this: ]$wQ^;g2q94@$HRY

Just make sure you write down your passphrase on paper the same as you (hopefully!) did with your seed phrase when you first set it up, and keep it safe and secure. You want to store your seed phrase and your passphrase back ups separately, so if one is compromised by an attacker they still cannot steal your coins.

I did this a few a years ago:

Perhaps just a touch excessive.

That's correct.

The seed phrase (plus any additional passphrase you set) is used to first derive a 512 bit seed number. This seed number is then used to derive a master private key, a master public key, and a master chain code. The master private key is termed "m", which you see appear in derivation paths such as m/44'/0'/0'/0/0. The next private key in the derivation path - 44' - is derived from the master private key combined with the master chain code and the index number (in this case 2³¹ + 44). The next private key in that path is derived from that private key, following a similar process. And so on down the tree (the process is similar but slightly different at non-hardened paths missing the ' symbol) until you reach the end of your derivation path. Then that final private key is converted to an address, which is what your wallet displays.

I'd recommend this link for a detailed explanation of how HD wallets work: https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc

Using Tor with a different circuit each time you deposit, withdraw, or otherwise interact with the mixer is probably better than using a VPN and a variety of browsers. VPNs don't guarantee anonymity by any means, and really you are just shifting your trust from the mixer provider to the VPN provider. Other browsers are also not hardened in the same way Tor is to avoid leaking information which may identify you, such as your real IP address via WebRTC even if you are using a VPN - Tor stops this by having NoScript installed automatically. As soon as you start customizing any browser, be that with add-ons, themes, even resizing the window, you start making yourself more identifiable. Using a clean install of Tor with nothing changed is your best bet to both protect your information from leaking, as well as keeping your browser as common as possible.

The value absolutely does change. Light propagates at different speeds in different medium, and different wavelengths of light also propagate at different speeds in those medium. In the most simple example, that's how a rainbow forms - from the different wavelengths of light from the sun propagating at different speeds through water droplets.

Quantum computers make some specific things which are simply too difficult with standard computers much easier, but they can not solve any and every problem, such as turning an address back in to a private key.

No, it isn't. It will be possible in select cases as we've discussed above, but even when finally possible, will still take a prohibitively long time for many years until quantum computers are much improved.

CBDCs will be entirely centralized, and so there is zero trade off for them to implement quantum resistant algorithms.

Genuinely laughed out loud at that.

But at some point people must question it, no? When Schiff has been regularly promising for 20 years that gold is going to hit $5,000 within a few years, and in that entire time it has only been over $2,000 for like a week, surely the people who listen to him must start having doubts? I suppose I just continue to be amazed at how long someone can peddle complete bullshit before they lose their following.

To turn a receiving address back in to a private key requires reversing a RIPEMD-160, SHA256, and an elliptic curve multiplication. Even advanced quantum computers which are still decades away will not be able to achieve this. And even if we ever get to a stage that SHA256 can be broken, then an attacker can at most find a collision. Given that there are 2⁹⁶ public keys per address (on average), then that's still far too many possibilities to draw any meaningful conclusions from. In short, this is not a concern.

Your other point regarding Electrum is an important one, though. If OP starts going around looking up this address on various block explorers or querying it through light wallets, then it links his IP address to that bitcoin address. Whether or not that information ever finds its way back to the person he is concerned about is another matter, though.

For the same reason most people do anything - money. The more people he can convince not to buy bitcoin and to buy gold instead, the more his bags of gold are worth. He doesn't care if what he is saying is true or not; he cares about his own personal wealth. He's quite happy to lie about bitcoin and see other people lose money, as long as he gets richer. See also: John McAfee, Elon Musk, CSW.

He's been predicting gold will hit $5,000 since the year 2000, and he's been predicting bitcoin will hit $0 since 2013. He is a broken record, completely insulated from the real world. It is a wonder he keeps getting invited back on TV when he has been so consistently and monumentally wrong with every single one of his predictions.

Yes, that was the point I made in my first reply. If I deposit 0.5 BTC in ChipMixer, and then withdraw a variety of smaller chips over a period of days, weeks, or even months, as and when I require them to spend directly with a merchant or other third party, without ever withdrawing them in to my own wallet, then my privacy is far greater than if I deposit 0.5 BTC and then immediately withdraw 0.5 BTC. If I repeat that action of depositing and immediately withdrawing the same amount, then my privacy is lessened further. If I always withdraw the same amount to an address associated with the same service, be that another mixer or something else entirely like an exchange, then my privacy is lessened further still.

All things considered, I think you are far better sticking with a single mixer. If you are at the stage of considering combining two or more mixers or other privacy techniques, then you would probably be better off just using Monero.

I don't own a ColdCard so cannot comment on the specifics you have mentioned, but yes, this is normal.

An xpub is your account extended public key. Lots of places refer to it as your master public key, but technically speaking, this is incorrect. Your master public key is at derivation path m. Your xpub from those two wallets will be at derivation path m/84'/0'/22' and m/84'/0'/0' respectively, and therefore, completely different. Not that the derivation path structure as laid out in BIP44 is as follows:


As you can see, you changed the account (the third number) from 0' to 22', which is the level the xpub is derived from. The two xpubs will therefore allow you to restore all the addresses in each respective wallet, but they will not allow you to restore addresses from a different wallet.

Also worth noting that the first three levels are hardened, as denoted by the ' symbol after the number. This means that if you were indeed dealing with the master public key at level m, you could not derive any addresses in either of your wallets, since you need the corresponding private keys to move down hardened paths.

Sure, but I would argue that if you repeatedly perform the same deposits and withdrawals of the same amount with the same delay and the same transaction heuristics then you are going to reduce your privacy, regardless of whether or not you are withdrawing your coins back to your own wallet or to a second, compromised mixer. Using a honeypot might speed up the process of identifying all your transactions for the honeypot operators, but if you repeat the same behavior enough then anyone who can read the blockchain would be able to link your transactions with a reasonable amount of certainty.

I take your point about consistently sending coins from mixer A to mixer B - doing so is a fairly unique transaction and so potentially links all your mixed coins together. But can you elaborate on the part I've quoted above? I assume when you say "information about its users" you are talking about things like IP addresses, browser fingerprints, etc? If so I understand, but if you are referring to blockchain or transaction information, then I don't follow your line of reasoning. If I withdraw (for argument's sake) 0.256 perfectly anonymized bitcoin from ChipMixer, send it to government honeypot (using a perfectly anonymized Tor session), and then receive a different 0.256 BTC from the government to my own wallet, what additional information have they gained?

No. Not every calculation is the same. Some calculations would be exponentially faster with a quantum computer, some would be linearly faster, and some wouldn't be faster at all.

Turning a public key in to a private key is particularly susceptible to quantum computers. A quantum computer running what is known as Shor's algorithm could reduce the number of operations required from 2¹²⁸ to somewhere in the region of only 128³. This number of operations is trivial for a standard computer, and so quantum computers will eventually reach this stage also.

However, reversing a hash and calculating a public key from an address would only experience a linear speed up. The best method for doing this, Grover's algorithm, only reduces the search space for SHA256 from 2²⁵⁶ to 2¹²⁸. 2¹²⁸ is simply too large a number to be threatened by any computer, quantum or otherwise. The entirety of bitcoin is built on security of 2¹²⁸, and nothing has ever come even close to a tiny fraction to the number of operations required to break it.

All addresses, be they legacy or segwit, are derived from hashes of the public key. It is only very early transactions which used P2PK - pay to pub key - which do not use hashes of the public key and would be inherently vulnerable to quantum computers. All addresses in current use are only vulnerable if they have already made an outgoing transaction and therefore revealed their public key.

I am considering a scenario where I have sent coins to ChipMixer, and now instead of withdrawing the chips to either send the coins back to my own wallet or to pay for a good/service/other transaction, I instead send them to a second mixer. Even if the second mixer is horrendously buggy or filled with weaknesses, I don't see how any of those bugs or weaknesses could decrease the privacy I have already gained from ChipMixer. The only scenario I can see which might decrease my privacy is that if I am mixing coins a second time, I am probably far more likely to withdraw all my chips at once and send to the second mixer. If I deposit 0.5 BTC to ChipMixer and then withdraw different amounts at a time over a period of days or weeks, my privacy is much better than if I withdraw all 0.5 BTC in one transaction shortly after I deposited it.

Yeah, if you plan on continuing to use Trezor Suite then freezing it in Electrum won't achieve very much, and you still run the risk of accidentally combining it with funds from other addresses in a future transaction, therefore revealing your other addresses to be linked to the addresses we are discussing here.

If it were me, I would just get those coins out of my wallet so I never trip up and accidentally spend them when I didn't mean to in the future. Maybe create a new wallet (you could create a simple software wallet using Electrum if you are going to be downloading it anyway) and send the coins there just to get them out your wallet, or alternatively, send the coins through a service such as ChipMixer so you can return them to your wallet completely obfuscated from your original address.

They are just manipulating their followers. Schiff comes out and says "I'm holding 0.001 BTC as an experiment, here's my address, I sure hope no one sends me any more!" and gets a bunch of free bitcoin. Then he says "Now my son has just bought some bitcoin, look at his account here!" and then he gets a bunch more sent to him for free. Listening to Schiff on anything bitcoin related is stupid, but sending him or his son free bitcoin "to teach him a lesson" or "to spite him" or something is just downright moronic. As I said above, he is just the same as an altcoin shiller, manipulating his followers for his own benefit.