I've said it once and will repeat: there's no fairer way to deal with a bank failure than a bail-in: - Current bank owners (shareholders) should lose everything.
- Creditors should lose the necessary amount to save the bank, starting by those who accepted more risks (like bondholders) until those who did not accept much risk (depositors). Ideally, depositors should not lose anything or very little - but if the hole was too huge, they might end up with a significant cut.
- These same creditors should be rewarded with ownership of the bank. For example, if you lost 10K, and in total 10G were needed to save the bank, you now must own a millionth part of the bank in shares.
I can see no way to make it fairer than this. Tax victims should not have to spend a dime - that's externalizing a cost to people that had nothing to do it (imposed negative externality, moral hazard, private profit public losses etc). Only those involved with the failed bank should. Federal/national insurances of bank deposits are unfair by definition and should never have been created in the first place. |
|
|
|
No, he's too busy working in secret, off the bitcoin-dev mailing list on some sideband "payment protocol" to bootstrap the de-anonymization of bitcoin via the X.509 SSL infrastructure.
- This is not secret.
- It will not de-anonymize Bitcoin.
- Can you provide a better way to protect against address replacement attacks?
I recognize there are critics that can be made. I, for one, never really liked the idea of a "Bitcoin Foundation". But what you just wrote is not pertinent. |
|
|
|
Ill be honest, they are really starting to clamp down hard in the U.S and is making me nervous.
With this exception of this California action, everything else in the US has been completely consistent with existing US law. Garzik, every totalitarian government acts totally in the scope of its laws too. Remarkably, the more totalitarian, the vaguer the laws tend to be. |
|
|
|
Luckily there are over 1,100 national banks in the United States.
I read somewhere that before 1929 and the Great Depression that number was at least an order of magnitude higher. |
|
|
|
Anyway.. I would never ever buy and use a hardware wallet for which the seed wasn't generated by me. Period.
You're confusing bitcoin keys with the certificate and key used for the address verification protocol. They are not the same. You'd still generate the bitcoin seed yourself. |
|
|
|
Steps:
1: tell exchange your public key which then gets locked in
2: exchanges shows you which public key you submitted and to submit a message signed with the corresponding private key
2a: if you see some other address you abort
2b: if you see the correct address proceed to signing the message
The virus can just put itself in the middle of the communication. It sends the attacker's key to the exchange, but display your own to you. If the exchange uses a second channel (like SMS) to confirm the public key, then perhaps it might work safely enough, as we can consider it unlikely for the attacker to control both channels. What this doesn't do?
Helps you in anyway if an attacker has access to your account, obviously.
We're always assuming the user's system is under control of an attacker, so yeah, the attacker is in control of your account in the exchange as well. |
|
|
|
Not really? Why would it be hard? The same way the device asks you to authorize a transaction it should be able to ask you to authorize a signature for a certain address. And if you are signing for a public key that a virus put there instead of the real public key, the hardware wallet signature wont be valid with that public key.
The virus could send his own signature to the exchange. You would confirm something on Trezor but its signature would never even reach the exchange. Without getting the correct signature the exchange would not send to that public key. But what would be a correct signature? How would the exchange know that the address really belongs to you? The signature could be provided by the virus, using the attacker's private key. |
|
|
|
By the way, I was talking to Chris (of BitSafe) at the conference and he brought up a good point we haven't considered before.
The combination of TREZOR/BitSafe and the payment protocol means you can get money out of the device safely, assuming the entity you're paying is signing their payment requests. But how do you get money into it? If your computer is compromised, this is hard.
Not really? Why would it be hard? The same way the device asks you to authorize a transaction it should be able to ask you to authorize a signature for a certain address. And if you are signing for a public key that a virus put there instead of the real public key, the hardware wallet signature wont be valid with that public key. The virus could send his own signature to the exchange. You would confirm something on Trezor but its signature would never even reach the exchange. A certificate per device is probably the best way to counter such risk indeed. But I'd prefer if it were something more reusable, not something bound to a single exchange. Your device's certificate could have your name or a pseudonymous you choose the moment you buy it. This way it could be useful not only when buying coins from exchanges, but when doing person-to-person transfers as well. I'm only wondering if it doesn't pose a problem privacy-wise. You'd sign all your addresses with the same certificate. This certificate should never end up on the blockchain so theoretically your privacy is not vulnerable to a random observer. But those who had previously sent you money will recognize you if they ever send something again.... I guess that's a reasonable trade-off, if I'm not missing anything. |
|
|
|
This is awesome. Transparent acrylic card with holograms, buttons, LEDs and NFC tag. How futurist is that?  $5 as cost seems too much for people to pass it around as they do with cash/coins, though. It's probably higher as amount than a significant number of all cash transactions done in the world. But it's still great as a gift card, or if anything, as a cool way to show people how real Bitcoin is getting. I want one.  |
|
|
|
|
This article is brilliant.
|
|
|
|
|
Important to note: they are resisting by forbidding their individual clients to wire money to MtGox.
This is an unprecedented attack. Previous attacks targeted the exchanges themselves.
|
|
|
|
But it still requires a level of trust ... we ask Betty kindly to only forward on our marked pages and not the whole session.
Yeah, but the whole idea of using escrows also depend on trust. You must trust your escrow won't collude with the other party. And btw, it seems in the example above Betty was both the person holding the encrypted data and the BTC-seller. It doesn't need to be the same person, there can be a second intermediary. It's hard to completely eliminate the need of trust, but you can make it much safer nevertheless. And eventually you could even have automated p2p exchanges (if your bank provide you an API to handle your fiat), what could be quite cool. Payment processors, for instance, could shift part or even all of their exchanges to this p2p system. |
|
|
|
Currently Mt Gox and other exchanges are the only source for price reporting. With a decentralized exchange, how will anybody know how much Bitcoin is worth? I would assume by tracking and processing the datafeed of the last few transactions that propagated over the network, similar to a blockchain explorer. Only skimmed the thread so far though, so I could be wrong. Plus, I don't think classic exchanges would disappear. They would keep operating, and arbitrage would guarantee no significant price difference would last long. |
|
|
|
How would the Integration with legacy banking be done?
Do we initiate the SEPA transaction via some sort of API or do we just tell the user to "go to his banking site and send money to XYZ"?
You might want to watch this thread: https://bitcointalk.org/index.php?topic=173220.0 |
|
|
|
|
Wow.... they simply deny you the right to spend your money, shamelessly.
This is serious. It's the most aggressive bankster attack on Bitcoin so far. Previous attacks focused the exchanges, this is targeting individuals.
I suppose Israeli people may continue using solutions as localbitcoin to counter such attack. But I wonder how easy it would be for Israelis to use this solution to bring and send bitcoins internationally. If it's not simple, that might provoke price differences.
|
|
|
|
Vandalism LMAO, no he a victim of his stupidity, he should have had it encrypted it before this, and he learned a lesson  Thank you, my ignore button is to the side please press it now. What a disgusting jerk... Leaving your car open with the keys on the contact are no justification for theft. Walking with short skirts on a shady neighborhood is no justification for rape. Reacting to an armed robbery is no justification for murder. And leaving your wallet unencrypted is no justification for destroying it. The person in the wrong is always the one that commits the crime. The one that did not see it coming (even if according to your rushed judgment, "was so obvious") is the victim. I'm currently working on that, but it seems bruteforcing will be my only option.
Pure brute-forcing only works against very weak passwords. You should attempt at least a dictionary attack first. There's no much point in trying totally random strings. |
|
|
|
I've made sure they were aware that it wasn't funny. Unfortunately, even if they would pay it back, they aren't able to.
It's not just "not funny". That's the equivalent of breaking into pieces a $500 TV or something. But anyway, I don't know how close the person is to you (your child, perhaps?) so I'll no longer say anything. It's your life. My advice: try to make the prankster remember the most he can about the password. Length, some characters, what words were in it etc. With enough information you can try to break it. |
|
|
|
Don't blame me for your stupidity.
Unless he's lying, he was the victim of vandalism. Stop blaming the victim, this is disgusting. |
|
|
|
|
Show Posts
