Use 4 coins and flip it 64 times and write down hex values. Much easier and it will still be random.  It seems to be much easier to do this with 4 coins, that's for sure. I don't know about the entropy concern, though. I think when you flip the coin, the entropy generated by this action is so poor if you compare with the entropy generated by computer...
It could be that tossing 4 coins further decreases the entropy with respect to tossing just 1 coin, I don't know. Anyhow, why would flipping a coin give poor entropy vs a computer?? Is it that people somehow do that in a predictable way, for example, the coin always rotates several times at the most? But if you really dont trust in machines, you can use this github.com/taelfrinn/Bip39-diceware ( http://github.com/taelfrinn/Bip39-diceware) and generate a 12 words seed with a dice and a coin that can be used to generate addresses derived direct from there. Thanks for the links, very helpful. |
|
|
|
I was thinking about NOT using any form of machine generated private key for my wallet. Not that I doubt the randomness of computer generated keys. There is plenty of debate already on this forum that I have been able to find. Simply, let's say that I wanted to do this outside of any computer environment, the old fashioned way. This was something I picked up in Andreas Antonopoulos's book "Mastering Bitcoin". Without too much detail, he mentions the possibility of creating a private key by flipping a coin. One simply has to flip a coin 256 times and record the private key in its binary form. Now, obviously one would have to convert it into a hexadecimal number, and that should be it (if I understand the process in the first place). Here's how I understand it (please feel free to correct me if something is wrong): 1. You flip a coin. If the outcome of the flip is heads, number 1 is recorded. If the outcome is tails, 0 is recorded. (or the other way around, but once you choose, stick to it till the end) 2. Repeat this 256 times, each time writing down the number (either 0 or 1). 3. After 256 flips, you get a long number of random zeros and ones, like this: 100111011101100011100001... (256 in total) 4. Next, you gather the ones and zeros in groups of four numbers, like this: 1001 1101 1101 1000 1110 0001... 5. Now, you just use a binary to hexadecimal converter (there are online converters, like this https://www.binaryhexconverter.com/binary-to-hex-converter), or I just use the following table: 0000 -->0 0001 -->1 0010 -->2 0011 -->3 0100 -->4 0101 -->5 0110 -->6 0111 -->7 1000 -->8 1001 -->9 1010 -->A 1011 -->B 1100 -->C 1101 -->D 1110 -->E 1111 -->F 6. The random number 1001 1101 1101 1000 1110 0001... is now four times shorter: 9DD8E1... (64 in hex format) All in all, you have generated a random private key without the help of a computer program. 7. You now carefully import this private key in a wallet! What are your thoughts on this? |
|
|
|
|
I have a very limited experience with trading, but even that was enough to notice the presence of bots when specifying a price. For example, within a few seconds of my bid, there's another one outbidding mine by a tiny amount. At first I was puzzled (no human could do that so fast), but it soon became clear to me that it has to be a machine.
Which brings me to the questions: should bots be allowed in the first place?
|
|
|
|
i agree with @ranochigo, i just want to add a little thing about Web of Trust [1]. the way using PGP should really be like is that you build a WOT of your own. for example you start from somewhere, lets say you know me personally so you meet me face to face and get my PGP pubkey and then go home and add it to your trusted signatures. then some day you want to install Electrum and since i have been around a long time and i know for a fact what the right pubkey of Electrum dev is, you ask me to confirm it. then what i do is that i sign 0x2BD5824B7F9470E6 with my PGP private key and give you the signature to verify with my public key that you already had. now your WOT is grown a little more. [1] https://en.wikipedia.org/wiki/Web_of_trustThis is new to me. If I understand this concept correctly, it should eliminate the need to trust an abstract website and its security setup. Rather, I could trust a real person that I know, or even better several individuals to verify that I have, e.g., an authentic electrum wallet. Has this concept been accepted to date? I mean, do you people use it when installing sensitive software from the internet? I haven't really heard about bitkey before. Is there a widespread use of it? Again I ask this question because of trust. For electrum, I can be pretty sure that (due to its widespread use) its source code has been thoroughly vetted before. So I just have to trust the signature. Sure, as you indicated, there's the source code of bitkey, but how many people have gone through the code to check it? On the other hand, bitkey seems to be similar to tails, which I have been considering to use as a form of more secure linux. How different bitkey is with respect to tails? |
|
|
|
I love seeing Newbies who post quality instead of just spamming like the majority, this is what the Merit system is designed to reward on this forum, and users like this are the ones who should be able to level up.
Thanks for noticing! Really appreciate your support. |
|
|
|
Round 3: Notes & Critique
Thank you Joe for for the kind words and for your encouragement. I really enjoyed the challenge, and I'm in it for another round. Congratulation to the winners, and to all participants. |
|
|
|
additional to visiting the wrong or malicious Electrum website you can never know whether Electrum.org (the real website) is compromised or not. for all you know, when YOU download the wallet a hacker might have hacked the website 10 seconds ago and replaced the files with his own malicious versions. which it also means that it is a good idea to check and see if you are really getting the real Public Key of the real author (Thomas V). like asking on the forum (0x2BD5824B7F9470E6), checking Github ( https://github.com/spesmilo/electrum/blob/master/pubkeys/ThomasV.asc) Great point. But, just for the sake of argument, what's the possibility of this forum or Github being hacked? |
|
|
|
(note that you should remember to verify the signature of the tarball here)
This would require to download a malicious version of electrum (with a smaller key space) or it would require the malware to somehow influence the entropy of electrum before the wallet is created.
The signature of the tarball was something I definitely didn't bother to check. Even though I downloaded the wallet from the electrum website, phishing/malware can never entirely be ruled out, right? To have a piece of mind (in view of the potentially malicious versions of electrum) checking the signature should be a must. Thanks. |
|
|
|
Myetherwallet is a good start. You can make a wallet on there and store ERC20 in that wallet as well. I would really recommend getting a hardware wallet like Trezor or Nanoledger though, you can use hardware wallets on Myeterwallet to store ERC20's and it's much more secure to store your crypto offline than it is online.
If you are going to use Myetherwallet, you can use it offline for increased security. Check this: https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.html |
|
|
|
In addition to the references above, here's one interesting discussion from this forum: Lightning network - when exactly is it going to happen?And another point if I may, I would suggest making your topic title longer, so that it reflects the content of this post, for example: Question About Bitcoin's Lighting Network"", or something along that line... |
|
|
|
|
Unfortunately, some of the earliest adopters of all new technologies have been criminals. Their activities involve high risk operations, so they are willing to use state-of-the-art technology. That has nothing to do with bitcoin per se. Every disruptive invention in the history of humankind has initially gone through this phase, so will bitcoin. The next phase is widespread adoption!
|
|
|
|
The worst case scenario would be that the virus managed to create an address that was somehow predictable and your addresses are weakened. I've never heard of any virus that is able to do this though so take that as a hypothetical scenario.
Aha, I would have never thought of that! If anything, you should be using a Raspberry Pi with Raspbian. Linux are pretty hard to have malware on it, especially if its a computer that you probably wouldn't use. It costs 35 bucks and its easy as hell to setup. I've done it in an hour.
Thanks. Point taken about Linux, also in combination with Raspberry Pi. Next on my to do list. And thank you all for helping me understand new tips and tricks about how to keep my wallet more secure. |
|
|
|
when we say "cold storage" it doesn't mean a wallet that is offline. that is an incomplete definition. instead Cold Storage means a wallet that (1) was created in a safe environment and (2) will remain in a safe environment...
... another part of the cold storage definition that is omitted is that this wallet is your cold wallet not hot wallet, a cold wallet is where you store funds that you don't want to use every day.
I see. I shouldn't use that terminology, that is, "cold storage". Especially given my use of USB, which violates the definition of it each time. Thanks for pointing that out. your wallet A was not made in a safe environment because your computer was connected to the internet before.
In fact, I thought of that myself, that my wallet A could have been contaminated before, while computer A was still connected to the internet. But here's my logic. Even if computer A was compromised before wallet A was installed, say, even if there was a virus, what could it do? It could steal my private key, but there's no network to transmit it. Wouldn't I still be safe? |
|
|
|
but sending my ID is something I dont want to do...
This is exactly why I never wanted to mine using the nicehash interface, since your options are very limited. You can always use other miners, like nemosminer, nplusminer, multipoolminer, etc. They are not so user friendly as nicehash, but once you manage to set them up, you can use any major mining pool you want. For now, just like mindrust suggested, mine more and withdraw to your address. Good luck. |
|
|
|
yes, but i will have to mine 2 more mBTC (minimum is 2,1 mBTC for withdrawal to normal wallet), so it will be nice if I can withdraw it sooner.
I see. Given how nicehash operates currently, it seems that you have only these 2 options at your disposal. Either you mine more BTC, or go via Coinbase. |
|
|
|
|
I'm afraid you have to verify your account on Coinbase first to be able withdraw funds to your wallet.
Do you have to go via a third party? Can't you withdraw BTC to your wallet directly from Nicehash?
|
|
|
|
|
Thanks for the reassurance, Abdussamad. I will try to implement the QR codes of the linux electrum wallet, as suggested by Xynerise, to try to deal with that last possible back door.
|
|
|
|
I think the safest way is to buy a hardware wallet.
Because the hardware wallet is known to be offline, it is currently the most secure.
Yes, hardware wallet is the most secure when it comes to bitcoin and some of the more important altcoins. However, hardware wallets don't support the majority of altcoins. Then, maybe you could consider cold storage wallets or even paper wallets? |
|
|
|
If you want to read QR codes, yes.
Scan the QR code from the offline computer with the online one.
Thanks for the advice. That would be much easier than dealing with a USB stick. |
|
|
|
|
Does that mean that this could work with QR codes on 2 linux computers?
|
|
|
|
|
Show Posts
