 Show Posts
|
|
Pages: [1]
|
in this step i can confirm that a cellphone light in a dark room is enough to make it perfectly clear to the human eye, so a good camera should be able to clearly pick it up.
Hi 413j0, Thanks for the testing out the design! I didn't think it would be feasible to 'pinch' apart the folded layers, at least not without damaging the tamper-evident tape. Honestly, I tried your technique for about 5 minutes, both with a needle and by manipulating the inner fold with some sticky tape on the end of a firm bit of cardboard, but I just couldn't get them to separate so as to attempt an illuminated photograph. I don't doubt you succeeded -- it's just that on my end I wasn't able to. Perhaps it's my paper stock (or even humidity!) that's making it difficult. In any case, I'll think on this challenge a bit and see if there's an improvement I can come up with on the design. In the meantime, your addition of extra duct tape (or as others have suggested, slipping in a bit of tin foil) are great ways to improve the light impermeability. As a thank you for your work on this, if you private message me your mailing address I'll send you some of the brand new tamper-evident stickers that include unique sets of serial numbers printed in white thermal foil (see image below).  i just used standard 75 g/m printing paper, but the folding part wasn't easy, and actually left the paper a little creased, it's easier to get about half off the qr at at a time and maybe photographing it with a good enough camera to joint it. but as you point paper stock should have a huge effect on this technique, it's hard enough with standard paper, so a thicker or stiffer one should make it much harder. |
|
|
|
|
i just generated a huge random qr an started randomly using gimp's clone tool (no face intended)
|
|
|
|
maybe oversimplifying things, but since you want just a moderate lvl of security, but ease off use just make a small app that generates the key on a trusted server, then encrypts it with symmetrical encryption, send the bitcoin address, secure delete it and then distribute the encrypted key along with a portion off the key so than whenever n out of m of the recipients join their parts there's at least one full copy off the symmetrical key. and another app that receives such parts and outputs the bitcoin key. that way you just have to trust the server in which the apps reside and generating the key is only a matter off imputing parameters of n, m, and delivery method for each member's parts and data. and receiving the key will be a matter of imputing one copy of anyone encrypted data, the minimum amount off decryption fragments and where to deliver the key and that way as long as the same code is running you don't even need to use the same server for getting the key back (although both will have to be trusted) edit: after goggling i realized my solution was already posted somewhere else, along with another great one: http://stackoverflow.com/questions/1719376/how-to-encrypt-something-so-that-can-be-decrypted-using-any-two-of-three-keysthe checksum one is great for your intention in my opinion, along with the best rated one (incredibly similar to mine) sorry for the edit, but i rushed to post |
|
|
|
also remember the web of trust is there for one reason, get some people with recognized signatures to sign your key, i will help a lot in telling it apart from a fake one. http://www.gnupg.org/gph/en/manual.html#AEN335and signing your gpg signature where you publish it via your most recognized bitcoin address gives users another way to determine it's really you signing on a side note, its way to easy to fake a creation date on a key (just mess with the clock), so being "the first one" means nothing. --edit: and a lot of end users will be confused giving them just a console command, instead you can instruct them to use a frontend or gui implementation of pgp like kgpg (linux), cryptophane (windows) or apg (android). |
|
|
|
my suggestion would be to change the back pattern which now i think its the most vulnerable, and besides its the one less likely to be confused with a qr for something like this:  Uploaded with ImageShack.us |
|
|
|
now candle it from the front, so the dispersion off the front obscuring pattern's light works in your favor, and if you did it correctly any part off the qr that touches the back obscuring pattern should be visible, but any part that is'n touching it should still scatter. before photographing make sure to press gently on the white surface on the back so all the qr touches the pattern and therefore becomes clear. in this step i can confirm that a cellphone light in a dark room is enough to make it perfectly clear to the human eye, so a good camera should be able to clearly pick it up. since i was already using duck tape, i though about using it to obscure qr, so i did this:  Uploaded with ImageShack.us Uploaded with ImageShack.us Uploaded with ImageShack.us Uploaded with ImageShack.us[IMG=http://img5.imageshack.us/img5/3336/38ki.jpg]http://[/img]Uploaded with ImageShack.us Uploaded with ImageShack.us Uploaded with ImageShack.usbut still wasn't enoug, because upon retriing one off my previos attemps at candling i used this old beast:  Uploaded with ImageShack.usnote: this thing actually can lift again a small piece off tinfoil falling towards it when it fires and actually i got the best picture i have been able to get from this particular flash on my phones camera:  Uploaded with ImageShack.usif you notice the black shadow at right it's because this flash is faster than my cameras frame rate (60fps) and i couldn't light the whole frame, so under this conditions it's imposible to get my cellphone to focus or at least get any detail at all proposed solution at next post.... |
|
|
|
actually i have a theory about the reddit flash way: i have noticed that in most cases laser toner is much less translucent that inkjet ink, so if the wallet was printed with a cheap color inkjet printer, and then the codes added with a laser one (seen it recommended for durability purposes) it's possible that such difference is enough to render useless the obscuring pattern when a bright enough light is used update: i managed to reproduce the effect on a wallet printed on inkjet in one go, but sadly my phones camera is unable to photograph any detail at such light conditions, but ill explain in detail: first thing is slightly pressing on the sides to separate the layers, so the light of the front obscuring pattern gets scattered before reaching the qr, so you will need to make the 3rd fold separate from the first two, which is actually quite harder than separating the first one, so you need to make a fold like this:  Uploaded with ImageShack.usmake sure you don't make it like this:  Uploaded with ImageShack.usand it should end up looking like this:  Uploaded with ImageShack.usnotice the small creases that show that it seems to be "inflated". front:  Uploaded with ImageShack.usnote:i used duck tape because i was doing several tries and it was easier and cheaper just using duck tape. in case there is the slightest gap between the edge off the tape and the edge off the fold you can insert a needle and it will make it much easier, so never make any wallet like this:  Uploaded with ImageShack.usbut alternatively you could just pierce a small and discrete hole on any crease and do the same continue in next post... |
|
|
|
That looks *neat*. Is it at all waterproof? Or does dropping a bit of water on it cause the ink to run? Maybe "alumajet" plus something like Krylon Preserve It spray would be an interesting combo. Speaking most generally though, isn't aluminum a pretty "reactive" metal? Not sure it's a good choice for long-term storage... But agree this would be gorgeous e.g. for gifting bitcoins short-term! It looks neat, but devil is in the details. You are right that aluminum in itself is extremely reactive - so much that it will immediately react with oxygen to form a layer of aluminum oxide on its surface. Any ordinary piece of aluminum you see around is at least self-passivated this way. Alumajet is claimed to be "anodized aluminum" - which means processed to increase the thickness of the oxide layer. While aluminum oxide - think of it as a ceramic - is relatively inert, it is far from durable. Both acids and basescan weaken it. Thermal expansion is ways different from that of underlying aluminum, leading to cracking from hot/cold cycles, then to related localized corrosion. Finally, to be inkjettable, ideally it needs to be somewhat porous. If porous, it's not good passivating layer. Even the manufacturer recommends laminating signs printed on alumajet. I like the idea behind the product, and might even try printing some photos (color management nightmare, probably), but would not trust it for btc wallet any more than paper. actually it has some sort of special covering on one side which is the printable one (has to be single face, but it folds nicely) because the ink doesn't stick well on the other side. and it can tolerate some water when printed with a regular canon printer |
|
|
|
PS: If you decide not to buy a laser printer, there are some ways you can make your inkjet-printed wallets more water-resistant. I'll be posting a report on this soon as I'm in the process of testing a bunch of different products/solutions.
I'm slightly curious how well it'd work to do a three-pass print and not a two-pass. ( which makes this even closer to the other project, but... ) Print the front and back in color without the QR codes on some printer [ color laserjet, color inkjet? I wonder how it'd work if those ink could bleed when wet when the QR code couldn't? ], and then print the QR codes on a cheaper black and white laser printer. This would probably also work for your "super paranoid" option, without having to buy a nice color laserjet and only use it for wallets. [ However, I imagine the pain this would be to align and calibrate across two different printers ] i would be wary of 3pass printing on a paranoid level, because a laser (like on the previos tests) with the correct frecuency coud candle the qr from 1 ink while the obscuring pattern having a different pigment could be transparent to that particular frecuency |
|
|
|
|
thanks for the service for newbs btw addres in my sig
|
|
|
|
mirense esto: https://en.bitcoin.it/wiki/Weaknesses para una idea de vulnerabilidades mas exacta, pero como la pag dice para transacciones pequeñas no es problema aceptar una 0 confirmaciones, porque el gasto de hacer esto seria mayor que la ganancia en la mayoria de casos |
|
|
|
Si la opcion de los lapizes estos ya ni la mencione es un tema para ricos.... lo que el tema de los chips si parece ser la unica forma a 0.80 bitcoins el chip, lo que faltaria saber el precio de ensamblaje, cuanto tiempo tarda a enviar el chip, cuanto tiempo tardan en ensamblar y el precio final de todo y el tiempo, creo que algun usuario que lo haya echo tendria que explicarnos un poco todo eso para terminar de rematar todas las posibilidades del tema
lo que veo algo dificil es que los de avalon dicen ser opensource, pero ahun no he visto ningun .eagle o algun equivalente que sea un open source hardware tambien, entonces en cuanto al ensamblaje ondemand o diy la cosa se puede complicar |
|
|
|
|
si tienes logs de tus transacciones deberias enviarselos a ellos para que puedan replicar el exploit y corregirlo antes de que a ellos o a otro trader puedan terminar costandoles mas que 4 btc
|
|
|
|
|
hola, soy alejandro y vivo en colombia, llevo solo un par de semanas en el bitcoin, pero ya ando ensayando la venta en bitmit y comenzando con el mining
|
|
|
|
|
![[IMG=http://img5.imageshack.us/img5/3336/38ki.jpg]http://[/img]](http://imageshack.us/photo/my-images/5/38ki.jpg/){kind=link}