 Show Posts
|
|
Pages: [1]
|
What could solve this types of hacks is by digitally signing the payment request. I recently found that there already is a BIP for this: https://bitcoinj.github.io/payment-protocol. The "magic feature" is at point number 7. This has to be implemented on both ends. So for example if you want to send money to an exchange, the exchange would create a request and sign it. Your wallet would verify the digital signature and allow you to confirm that this is what you want. And this could also work the other way around: if you want do withdraw funds from an exchange, your wallet would create a signed request and send it to the exchange. Then the exchange would verify the signature and only if it is valid it would release the funds. For this to work you would need to create a certificate and upload it to the exchange and also download their certificate and import it into the wallet. A more advanced solution would be to use certification authorities (CA) just like with https certificates but this would be a centralized solution, so I am not sure about that. I think this would be a very powerful feature but I am not aware of any wallet using this. Also this would be a very good proof of payment. |
|
|
|
...there were a few blocks that had a fork and the coins from those blocks were lost. What exactly do you mean here? How can coins get lost by a fork? I get your other point though. Thanks for clarifying. |
|
|
|
Is it correct that the following command will give you the current supply of bitcoin? bitcoin-cli gettxoutsetinfo
{
"height": 614643,
"bestblock": "0000000000000000000323e3aff59d74ab52e74f4dc5cfb9696ddb69e9857d9c",
"transactions": 38728071,
"txouts": 65228219,
"bogosize": 4902482106,
"hash_serialized_2": "a153439cccb341a5ac149562c90bca499e3a809ccf2075e2de17bc2b9d83d0ee",
"disk_size": 3922698456,
"total_amount": 18182867.32125828
}
I would assume that "total_amount" is the number I am looking for. However if you calculate the total theoretical amount of bitcoins mined you get this: Blocks 0 - 209999: 210000 x 50 = 10500000 Blocks 210000 - 419999: 210000 x 25 = 5250000 Blocks 420000 - 614643: 194644 x 12.5 = 2433050 Total: 10500000 + 5250000 + 2433050 = 18183050 So where is the difference of 182.67874172 bitcoins? I know that there was a situation where the miner didn't take the whole reward but this was in the satoshi range if I remember correctly. |
|
|
|
|
With enough care, this type of clipboard malware can be prevented. However, I am more concerned with the next type of malware that will change the address in the browser (source). For example, if you want deposit bitcoin to an exchange, the malware could change the address that the browser shows you to the attackers address. I don't think it is too difficult to create a chrome extension that does this (disguised under something else of course). You can compare the addresses (source and destination) and you will see no difference. How do you fight such an attack?
|
|
|
|
Logically the second transaction must pay more fees, otherwise miners will pick the first one from the mempool.
This can be a problem if the miners pick the first transaction (for example if the second transaction has the same fee (sat/byte) or for some other reason), then the second transaction is not valid anymore and it will fail and you have to redo the second transaction. If you want to make sure that this doesn't happen, then you have to set a higher fee for the second transaction which will negate the benefit that the "batch RBF transactions" has in the first place (save some fees). This may still work if you only slightly increase the fee for the second transaction but still you cannot be sure that this transaction will be confirmed first. |
|
|
|
|
Is this done automatically when I create the second transaction? Does it mean that whatever fee I choose for the second transaction will be actually for both transactions? I have to test this.
|
|
|
|
|
Does somebody know what this settings does? I know what RBF means, but I don't know what this "batching" means or how it works. Can somebody please explain this? Or is this documented somewhere? Thanks!
|
|
|
|
Just as a note, you don't have to use block height in the locktime. You can actually use UNIX timestamps which is more precise than using block height (you can't know for sure how many blocks will be mined in 18 years). A value over 500000000 for nLockTime will be a UNIX timestamp: https://en.bitcoin.it/wiki/Protocol_documentation#tx I already tested this and it works as expected. |
|
|
|
|
OK, I understand. This means that both on-chain and lightning transactions can be proved if the invoice is signed by the merchant. The approach with DNS that I proposed might not work very well because the merchant may change the DNS records (the public key) afterwards and then I cannot prove anymore that he signed the invoice. Another approach would be to sign with the private key of the SSL certificate the merchant uses on his website. Even if the merchant changes the SSL certificate, I can still prove that he signed the invoice because the certificate is signed by a certification authority. I only need to save his certificate and then present it together with the signed invoice (and the pre-image if it is a lightning transaction) to prove the payment. Would this approach work? I think this is an important step because today the bitcoin payments are not provable and it is only a question of when a merchant will start to scam people by using bitcoin. With credit cards, Paypal, bank transfers, etc. you can actually prove that you payed (bank statement) but with bitcoin this is currently not possible. What do you think?
|
|
|
|
Actually, there is a thing called payment pre-image. Once the invoice is paid, the payment pre-image is given to the payer. Any node involved in the payment routing also knows it. It can be used to prove that the invoice has been paid.
Is this pre-image in some way linked to the initial payment request of the merchant? I mean, if the pre-image only proves that I payed something but not the initial payment request of the merchant then this is not a good prove. If the initial payment request of the merchant and the pre-image are linked together then the same aproach with signed payment requests can be used. |
|
|
|
|
Let's suppose that you want to buy something Online using bitcoin. Is it provable (to a 3rd party) that you payed using:
1. Bitcoin on-chain - this may seem straight forward because the transaction is on the blockchain and everybody can verify. However, in a dispute, the merchant may claim he didn't receive the payment and that the address I am referring to in the dispute is not his.
2. Bitcoin lightning network - here I don't know if there is a way at all to prove the transaction to a 3rd party.
For on-chain, I am thinking of a payment request that includes a signature that everyone can verify. The public key could be included in a DNS record (TXT record for example) of that domain. For example if I am buying something from the site abc.com, this domain should have a TXT record with the public key of the merchant. When I pay, the merchant will show me a payment request that is signed with his private key. I verify the request using his public key, then save the request and pay (all these steps can be done automatically by the wallet). Later in a dispute I can prove to anyone by providing the signed request, that the request originated from the merchant and that the address is his. The transaction itself can be verified on the blockchain.
For lightning network, I have no idea if a similar approach is doable.
What do you think about that?
|
|
|
|
|
The OP doesn't have a 13 word seed but a 12 word seed + 1 custom word (extended seed). This is very different to a 13 word seed!
|
|
|
|
If I understand you correctly, you have the 12 words that were randomly generated by electrum + 1 extra word that you have chosen. If this is the case, then you can restore the wallet like this: 1. Click File -> New/Restore 2. Give a name for the wallet -> Next 3. Standard Wallet -> Next 4. I already have a seed -> Next 5. Enter your 12 word seed 6. Click "Options" 7. Check "Extend this seed with custom words" -> OK -> Next 8. Type your 1 extra word that you have chosen -> Next 9. Type a password for your new wallet -> Next 10. If the seed is correct you should have your wallet with you funds back Also make sure you have the latest Electrum version (download only from https://electrum.org/#download) |
|
|
|
Electrum.. wouldn't trust my main stack to be held by an Electrum wallet (too paranoid about the seed being derived somehow)
What's wrong with Electrum? I think you are very flexible with Electrum. You could use Electrum with 2 of 2 multisig (one seed on an online computer and another seed on an offline computer). You use the online wallet to watch your balance and to generate the transactions (including the first signature) then the offline wallet for the second signature and then again the online wallet to broadcast the transaction. You can do this very easily with Electrum. Or you could use 2 of 2 multisig with Electrum and a hardware wallet (one seed from Electrum and one seed from the hardware wallet). Or even 3 of 3 multisig with one Electrum online seed, one electrum offline seed and one hardware wallet seed. Besides, Electrum is the first and currently only wallet that supports native segwit (bech32 addresses that start with bc1...). |
|
|
|
|
