yeah the early alts were premined generally, 2011 coins
much of the early mining.... well know whos really who did it? i suspect btc was certainly premined to a huge extent
When you post to old threads once a minute with your bitcoin-begging sockpuppet, I guess you can't be expected to post more than stupid shit. |
|
|
|
I have been thinking about generating private keys, or even electrum seeds with dice
You should read the rest of this thread, as everything you've typed is talked about. I wrote something that you can type your dice (or anything) into, but it will only need 32 key presses and will be much stronger than the dice: https://bitcointalk.org/index.php?topic=361092This should end the "roll dice" talk. I made it generate Electrum seeds with a 5 minute mod. Replace the end of the script with this "main" section: if __name__ == "__main__":
if len(argv) > 1 and argv[1][0].lower() == 'v':
platform_check(1)
userentropy = keyboard_entropy()
for i in range(50):
privk = random_key(userentropy)
privk = encode(privk, 16)
privk = privk[:32]
stdout.write(privk +'\n') Then run it and pick a seed.
eb3fd08cc9e5e8b84d6664df43869329
a26e94a535640cc9a3328d9623685959
312551f8084215516b09a721b00ee183
e6f9443810f3945142a52844f9d37678
74d7e7225cf22841ae2d4f7177eb1c10
ec51d3e933bdf6ac990fb611b8fb624a
9af6f28e6062f96f71866c6f7c39492f
d37411cfa6dc140bbd117376ac251312
b926a225f7a458e9d1d3d071c76cae68
e55d2eae738785407af71ca7229b9627
4cb4fcfbbc170131e7fe6fdea5fcd89f
4688605e91f5fb02cf6df254e78aaa59
6dca80cb9150f64b6b54ff078fcec946
f2adf8b925cf74d5e7c17af66853b136
238f2053f0031534e7a96a68c9963844
a653695ee91796e1a98427be2e619e6d
4098912769cd719929138edf7df12cca
5bbc479f71203c92495421ee258dad45
b9603f290a0d9cf071ee2d16ce26e65d
607ecf8b5128d1ae6ed032b809eec7de
ecc2fefa282fb169bc82f860d1dee5fc
bb8bdc8d8a8e8933842645884176066f
20d0011175644f13ca51d692f136323a
92152b46c9d5177372de0fa24cd95f05
d519871d0bacba9bd673f9eae7a7aeb2
e0510191d11e6af3ce3c45749b39fdc9
fcf7f4e0302d093ca0bd167d8051bb48
bb19bf51db6420f75fce755c001205fa
519d17f68c7220a31f8cb09c13ae1678
4eeb9f1a33e760d04a8cf1370e1410f9
37b00cf85895a689aa29151e06205a39
fe8082ec08890cc3c4df4a1bf2d35893
1c0fd63e8b75f8d8cae0d02eaa9ae1c3
2bdc23b5bf3d9f076ca1eb7051b09ac3
a3a783c06e1df0e269551f626ca696bf
909e8f72833416e036cfd29f43561fe2
43ca0039f9830c40e9067f3013db4ac2
2d54d817fb0e44e40e6874576eb17a8d
7caa7ecf06ca143a618203bd9798f6a4
3ef11dfded2c0079654f28ae83d15fac
7f7e266faef657ad7438c90ee882393c
67a069a5d418b0a20edfb276778ce570
179c6183113771710ae2d3d64c104870
2f01bf04723e908f8aee0de776c1f99b
6640898e7221f678881d6c0cba11fb9a
709a920233d6e50ea4f72c79ca761acc
e70dda0bb906d585ba05d68a8197d6ce
f1e29fc80907fb9657de73d0c92f3a5f
593fd8fcb423a0d3f8fd53d72a553044I don't know why you'd use Electrum though, and have all your addresses rely on a number 340282366920938463463374607431768211456 times smaller than a Bitcoin private key. |
|
|
|
Over the past month, I've made a few withdrawals from Bitmit, since I didn't want to risk losing my coins when they shut down. For every withdrawal I've had to pay a quite hefty withdrawal fee. I think the current Bitmit owners have been greedy with the fees, and by being vague about the actual closing date they have tricked many of us to make more frequent withdrawals than would have been necessary, had we been informed about the final closing date from the start.
How much are the withdrawal fees? Fee: 0.001 Bitcoin It's way too much. And how much of it actually goes into tx fees? 0.0001 BTC. They are keeping 90% of the fee, and making ~ 0.75 USD in fees for every withdrawal (even more before the correction of recent days). I too can confirm they charged 0.001 and paid 0.0001. That's better than not getting bitcoins out at all though. |
|
|
|
Thanks for your advice. One option is I can transfer my coins to another computer I own and just use this one for work. I'm seriously only thinking coin safety here. So it is in principle possible there is a little password cracker just trying its best to decrypt my wallets?
Thanks, I didn't expect mystery money, and it was just a random search that brought me back here to re-discover the source. Cracking encrypted wallets first requires the wallet to be stolen. The encryption method in Bitcoin-Qt is 25000 rounds, to make brute-force cracking computationally expensive, but it is certainly within the realm of feasible for short passwords or those comprised of combinations of dictionary words. You can look at many "I forgot my password" threads and see that several people have had success, if you can call it that, in regaining access to their wallet. A failed concept, the "brainwallet", is a user-created phrase put through one round of SHA256 to make an address. There is still a website offering to create one for you. This allows attackers to generate a huge rainbow table and instantly and remotely spend money whenever it is sent to any one of billions of candidate addresses. |
|
|
|
It's best to use a wallet address that you can never figure out, except by storing the raw secret in your wallet or offline. This precludes the use of human-comprehensible phrases, or by typing in data that you think looks random enough. Bitcoin wallet software takes care of the randomness for users. If you need a strongly-generated address that doesn't use unobservable methods, I made a paper wallet address creator here: https://bitcointalk.org/index.php?topic=361092You can memorize a wallet private key that has been securely generated. I call this a rain-wallet (as in Rainman). |
|
|
|
There is no concept of "lost coins" per se, there are only coins not spent recently. You can't tell ultimately if someone is saving for their retirement or cannot spend the money. In a macroeconomic scale, if money is removed from the economy, then that means the remaining currency must hold the value needed. For now, with Bitcoin, about $2M worth of Bitcoin is being printed every day, and I doubt it's being lost at that rate. https://en.bitcoin.it/wiki/Myths#Lost_coins_can.27t_be_replaced_and_this_is_bad |
|
|
|
You also have to consider the risk involved with Ebay. People sell at a higher cost, to make up for stolen Bitcoins and hardware due to chargebacks.
You also have to consider the risk involved with Ebay. Non-paying bidders bid up your item, which you then cannot relist while you go through the month-long dispute process. People bid at a higher price, because they are paying with stolen paypal accounts. |
|
|
|
|
Any feedback on how long a withdraw confirmation email has been taking? I hit the withdraw, and no email after 30+ minutes of staring.
Edit: figured it out, bitmit got labeled a spammer and put in the junk because two days ago they sent 13 "withdraw your balance" warning emails at once.
|
|
|
|
|
There are already two different hashes between the public key and the bitcoin address, SHA256 and RIPEMD160. To spend Bitcoins, you must not just overcome the two hashes, but also must have the private key for the corresponding ECDSA public key. If the Bitcoin address has already spent once, then you have the public key and a signed message to work with, and don't have to worry about hashes.
If there was a reduction possible in SHA256(SHA256()) known outside the NSA, Bitcoiners would probably be the first to know about it. There's (still) $2M worth of Bitcoins a day at stake.
Hashes don't encrypt messages, so there is less reason to suspect them of being surreptitiously weakened.
|
|
|
|
But in any case hardware random number generators are in general unauditable... Yup, SHA2 of passwords from aaaaa-ZZZZZ will also pass random tests. |
|
|
|
They don't "publish" the win/loss transaction until your payment is confirmed. You have no information whether to double-spend or not.
Unfortunately I can't afford to below $10 to test anything (I believe that's their lowest bid amount), and, the last time I used the service was about a year ago, back then, they'd instantly send you the money back (You'd see it in your wallet), has that changed? Yes, after an "academic" double-spend was performed, along with long chains of unconfirmed bets making users never get paid when their payout was mixed with the unconfirmed pool. |
|
|
|
Hi deepceleron, I’m the guy behind Piper. This is a cool alternative to standard entropy collection, however, Piper uses a hardware random number generator which collects entropy from thermal gradients... Finally, I know you mentioned adding BIP0038 to this script. Here's a python implementation of BIP0038 which should get you quite a bit closer to that goal. I believe it could be added to your single file since it's only about 40 lines: https://github.com/zimage/python-bitcoinlib/blob/e9506aba6d53ad5bf760d67815d711a1c55b2557/bitcoin/bip38.pyThis is what I find untenable in the above code, not workable for a "run this script on your vanilla live CD":
import Crypto.Cipher.AES as AES
import scrypt... and the c behind them. A bounty got us a JavaScript native decoder, Python-drop-in-a-py libraries along the same lines would be awesome. Thanks for your response. I called out the Piper because the source archive I found just has a vanitygen call; I don't have a device to dissect what you load them up with. When I examined deep into vanitygen previously, it was ultimately the OpenSSL build options that determined fips140 or OS entropy source, and such. The Pi has a HRNG, but it is low bit rate and it can't be examined for NSA bias insertion or such, but it is necessary with an unplugged environment-blind device. My script is really a response to the brainwallets and dice-rollers. I wrote the methods imagining it being run on a device with broken deterministic random, and check for a working precision clock before letting the user proceed. I spent probably more time than needed examining the output range, bias, and reasoning behind every line of math, that even if urandom returns 0's and you skip the user input, you still get an unrepeatable 256 bit entropy key. Also so users can see inside the black box. I get 512bit user entropy based on keypress times, with keypress values also used *8 (but not an integral component). I don't get the strict "time" between keypresses, there's a time->hash-driven variable length loop that runs after each keypress before time-poll to make CPU speed and system interrupts a factor, then I convolute the time. I seed the OS urandom with this user entropy and make a SHA256 hashed OS-based random key whitened with python's Mersenne Twister from oracle back to random bit depth. That's good enough, but then I re-seed the OS entropy pool every 1024 bits with time and user-based entropy plus hashes, then I XOR with a differently-obfuscated SHA2 of system random, and then I XOR with processor-time based and clock based time sources stretched to put 512bits of noise in the hash. Repeat 100 times. The code is easier to read than the explanation. To bad the piper doesn't have a button other than print, maybe I'd hack mine so the user keys Morse code on it until they are satisfied it's using their input too? |
|
|
|
|
They don't "publish" the win/loss transaction until your payment is confirmed. You have no information whether to double-spend or not.
|
|
|
|
PrefaceBitcoin requires cryptographically strong random numbers behind its ECC math when generating addresses and creating transactions. Bad math = stolen bitcoins. Important address keys used for savings must also be kept secure, ideally kept off Internet-connected computers that may be hacked. Bad procedures = stolen bitcoins. What's A Paper Wallet?"Paper wallet" is a term often used for what is better called a "cold storage address". You create a hard-copy of a new address and its private key, unconnected to your normal daily-use wallet, and write it down, print it, or even stamp it into a block of metal. Money can be sent to this address as long-term savings, and copies can be secured in safe-deposit boxes, with relatives, etc. To redeem funds, you later spend the entire balance after importing the private key into wallet software, and disuse the address. Bitcoin Paper Wallet Address Creator - paperwal.pyWhere do you get the address for your paper wallet? Taking one from your everyday Bitcoin wallet software defeats the security you desire, as the private key to spend the coins is saved not only to the wallet on the hard drive, but also potentially to hard drive swap space or temporary files. Naive Bitcoin software also may call poorly-implemented, faulty, or even backdoored OS crypto libraries, creating less-than ideal pseudo-random numbers. To address this need, I made a paper wallet generator, a single script written for Python 2.7 and requiring no additional packages, that will let you type keypresses to create the entropy necessary to generate a strong address and private key pair. It can be run on a disconnected-from-the-Internet computer to safely create a single address for paper wallet use. It employs several techniques and entropy sources besides simply the characters you enter, discussed later in thread. The actual code you run is readable to allow audit and review (although it's a bit complex). UsageThe address generator uses Python, an interpreted script language. Linux and Mac OS usually have the required Python 2.7 language interpreter pre-installed (Ubuntu 16.04, April 2016, is the first distro to switch the default interpreter to Python 3). Windows would require installation of 2.7.x from python.org - but you already can guess that Windows is not recommended. With the Python interpreter installed, a double-click on the downloaded script or typing "paperwal" is generally enough to launch the generator. If not, you can specify the Python interpreter in the path with the command "python paperwal.py". Some command-line options are available for more specialized use: >paperwal.py -h
Usage: paperwal [options]
Options:
-h, --help show this help message and exit
-e, --encrypted create BIP38-encrypted privkey (takes a LONG time)
-v, --validate enable extensive system tests for entropy
-s, --silent disable most console output except address
-l, --loop restart instead of exit
-p, --nopause disable the pause before exiting
-d, --doublecalc calculate twice and test results
-z JUST A HELPFUL HINT
try ctrl-tab to abort the program
Warning:
If you use this option, you should supply REAL randomly generated
entropy.It is probably a good idea not to reuse a seed.
-r ENTROPY, --entropy=ENTROPY
random seed instead of keypresses, 64+ charactersGenerate Address On A Secure PlatformYou can make your address hacker-proof - by never storing it on a computer. This is commonly done by rebooting your computer to the "clean environment" of a standard Linux live CD. You can even be paranoid and disconnect your hard drive. Here is an example procedure using Alpine Linux, a small security-focused distro and live CD that starts to a shell prompt. We will use the Internet to install Python and download the script, but then you can disconnect the network cable: logon: root (no password) > setup-alpine (and press enter for just about every option, including no hard drive) > apk add pythonDownload script from my site:>wget http://we.lovebitco.in/paperwal.pyGenerate addresses:Now disconnect internet to be secure, verify the file hash, run the script, pound on the keyboard when prompted, and see the output:
>sha256sum paperwal.py
9a88d46ad2ea6d19cb3940dc396be9f7cbe29186150d57440d26005c628597ad *paperwal.py
(update 2014-01-03 v1.2a)
>python paperwal.py
Press keys to generate secure address.... OK
Bitcoin Address:
1Cz7oXpaYycVeAoX1LXqniYGTzazjA7Zm9
Private Key:
KwuZP7E2Zq5WmzcvZyLTHMerZKmWtzYbnDaEUCg9BWJ5uUU8qwRe Note: the generator only generates compressed addresses (used by Bitcoin-Qt since v0.6.0). The private key is in "Wallet Import Format" Be sure your wallet-of-choice can import some test private keys.Password-Protected Paper WalletSomeone finding your paper wallet printout would be able to to spend your bitcoins. Bitcoin Improvement Proposal BIP0038 adds a password feature to protect the private key, making it impossible to spend without knowing or cracking the password. The encryption is purposefully made very hard to brute-force - it takes about ten minutes for the address generator to encrypt a key using plain Python. When using the generator's --encrypted option, the private key is not displayed unencrypted. BIP38 private key encryption is a recent feature developed separately from Bitcoin Core; most wallets don't have a built-in decrypting feature. One way to decrypt is by downloading the http://bitaddress.org HTML page and using the javascript-based utilities in it offline to reveal the true private key. This address generator allows you to type passphrases that other utilities might not process correctly, such as typing only spaces. Be sure you can decrypt private keys generated with your passphrase before using this feature.
Example use with encryption:
>paperwal.exe -e
Enter your wallet passphrase (will not appear).....*
Re-enter to verify your wallet passphrase.....*
Show your passphrase before continuing? (y/n)
Passphrase: (456456)
(counter): 123456
Press keys to generate secure address.... OK
Calculating encrypted private key...
stage 1 of 8...
stage 2 of 8...
stage 3 of 8...
stage 4 of 8...
stage 5 of 8...
stage 6 of 8...
stage 7 of 8...
stage 8 of 8...
Press "Enter" to close
Other stuffI'll leave you the headache to figure out printing from your live CD. Download Linkshttp://we.lovebitco.in/paperwal.py (35kB) Python 2.7 script, no other libraries needed sha256: 9a88d46ad2ea6d19cb3940dc396be9f7cbe29186150d57440d26005c628597ad *paperwal.py md5: 4d26d19b041f1f8f2ba29d1de537579f *paperwal.py http://we.lovebitco.in/paperwal.exe (4MB) Windows exe created with py2exe, Python 2.7.6 32 bit sha256: 31af7bec9aa68c8a32ce09de42f16cf58868c6d6a69a71c701ae52efba842076 *paperwal.exe md5: e2e5d1d648ccc1cabebd745a160e5277 *paperwal.exe (Windows users - don't use the binary exe for more than just demonstration; install Python for yourself: http://www.python.org/download/ - the script is reviewable, EXEs are not; don't blindly trust EXEs from the Internet with your bitcoins.)
|
|
|
|
|
What are you paying per address/per find? You know that 1Savings is 59x harder than the others, there's a 13% chance I don't make it after two months of solid GPU?
>oclvanitygen -p0 -d0 1BitCoin
Difficulty: 873388193410
[17.02 Mkey/s][total 149422080][Prob 0.0%][50% in 9.9h]
>oclvanitygen -p0 -d0 1Savings
Difficulty: 51529903411245
[17.56 Mkey/s][total 351272960][Prob 0.0%][50% in 23.5d]
|
|
|
|
Will bitcoin-qt only recognize a bootstrap.dat file starting at block 1?
is it possible to use the python util to create a new bootstrap.dat starting at block 250001 ? For example - to update an off-line PC which has only had previous access to the 250k bootstrap.dat.
Creating a new 10gb+ file up to 270k+ seems silly when I only need to create the difference between the two (and easier to transfer to off-line PC).
Thanks.
Bitcoin 0.8.5 has a checkpoint block in it at 250,000 and less checks are done when downloading or importing blocks before this point. After block 250,000, download/sync/import speed is usually CPU-limited. Bitcoin looks for any file named bootstrap.dat when it starts up, imports the blocks from it, and renames it. If the blocks are duplicates, it will ignore them. If the blocks are unseen and continue from the last block, it will import them. |
|
|
|
|
Create new user account, first post 5 minutes later is sob story and donation address. Repeat.
For $15k of bitcoins, there's a very slim chance that data recover can pull a private key off a hard drive if it is taken out of service immediately.
|
|
|
|
|
Consider this a spear-phishing attack, if I want to find bitcoin users or users with secrets, where better to go than crypto? You don't have to pay anything, or if you do I'll consider it a donation to the web hosting fund (although I'm getting to the point where I should offer paid tech support when the solution is to Google for the exact question asked).
I would install to a new hard drive and keep the current drive image around for quite a while, who knows when you may discover you need to go back and get that forgotten IM password, site login, or savegame.
|
|
|
|
remove anything google-installed.. and never let software from an advertising company run on your computer again.
and re installed chrome
Well, there's your problem. Here's a link to finding and killing the chrome browser user profile, I would go a step higher and remove the "google" subdirectory. http://techdows.com/2009/01/deleting-your-google-chrome-profile.htmlFirefox doesn't run apps, it doesn't let applications install plugins without your permission, it installs and stores data where programs are supposed to install, and is pretty strong when you don't have the "top offenders" like Java, Flash, or Acrobat plugins (that have never had releases without some 0-day exploit). Firefox developers will even piss off users to protect them from themselves. The requestpolicy add-in blocks all off-site requests, such as to advertising networks that can serve malicious content. I can make no statement that your computer is or is not compromised beyond a rooted browser, but I can say it will be trojan-horse free after a wipe and reload. A lesser step is to create a new username, which creates a new profile; lots of 'bad stuff' runs out of the user profile and %temp% directories that the user can write to in all systems, even in administrator locked-down machines. Then copy only the directories of known importance to your new profile, such as %appdata%\Bitcoin. However, consider that a credential stealer app has already been demonstrated in my first link above - the first order of business is to diligently change all your web site passwords from a secured platform soon. |
|
|
|
|
Show Posts
