What is the quickest and easiest way to record such things?

I've been studying ECDSA from Royal Fork for a few weeks now, and I think I'm starting to get it. Some question remains.

Why is it that 256-bits of ECC only offers equivalent security of say, 128-bit AES?

Is it because of the birthday paradox? Or is it something else?

I've been studying ECDSA from Royal Fork for a few weeks now, and I think I'm starting to get it. Some question remains.

Why is it that 256-bits of ECC only offers equivalent security of say, 128-bit AES?

Is it because of the birthday paradox? Or is it something else?

I have 32GB of RAM. Armory uses 26GB of Memory on my PC  



I'm generous with my RAM, but I'd like to leave headroom and limit Armory's memory footprint to an arbitrary amount, like 16GB. I didn't see such options in settings using expert mode. Was there something I've missed?

26GB doesn't leave a whole lot for other power applications that I use. How do I go about changing Amory's memory footprint?

[Coinbase:]

Originally posted in another thread, the response was positive and I've taken the advice to create its own thread here.

Reviews of wallets I've used in chronological order:

--- --- ---

Coinbase: Started Feb 2014, after hearing from a friend about Mt. Gox's collapse. Wanted to get into bitcoins at its low point...
https://coinbase.com/signin

Good
+ Able to convert USD to BTC
+ Loads of features I haven't gotten around to fully appreciating
+ Good customer support
+ Also an exchange
+ Most trusted third-party wallet IMO

Bad
- Confusing interface, they need to improve the UI so that you're able to access similar features within one page, like security for example
- Trusted third-party. It's pretty obvious that Bitcoin's history of trusted third-parties makes a lot more sense when you add the prefix "un-" to the term. Let Coinbase be different.

Still in use?
YES, as one of the most trusted third-party wallet, an exchange, and loads of features I haven't gotten around to using, it's my go-to for purchasing large quantities of BTC.

--- --- ---

Bitcoin QT: Started Feb 2014, after hearing from a friend about Mt. Gox's collapse. I might have bought a bit high, but I did my homework and concluded that I wanted to control my own private keys. Coinbase's coins lasted about 10 minutes after they were delivered and whisked away to QT.
https://bitcoin.org/en/download

Good
+ Full node
+ Vanilla wallet, easy to understand, simple to use
+ Non-deterministic keys

Bad
- Non-deterministic keys, no HD keys
- Lacking in features
- Full node eats up a lot of computing resources

Still in use?
YES, contributing to the network and my personal transactional security is two birds with one stone.

--- --- ---

Mycelium Android: Started March 2014, wanted to trade bitcoins in person.
https://play.google.com/store/apps/details?id=com.mycelium.wallet

Good
+ SPV wallet == minimal resource footprint
+ HD seed backup
+ Excellent, highly polished UI, simple to understand and easy to use

Bad
- Thin client with specialized servers means having to trust a relatively small set of nodes relative to the bitcoin network to relay transactions. A minor negative, nothing that would steal private keys.

Still in use?
YES, with excellent production value and ease of usage, Mycelium is my hot wallet.

--- --- ---

Circle: Started July(?) 2014, despite all the flak that Jeremy Allaire's gotten from hyping Circle and his unpopular direction on bitcoin, Circle actually opened and I wanted to try out Coinbase's potential rival.
https://www.circle.com/signin

Good
+ The USD to BTC price has been, from my experience, always cheaper than Coinbase
+ Simpler to understand UI than Coinbase
+ Instantly purchase BTC via bank-linked account (Coinbase requires a Visa credit card, which I don't have)

Bad
- Not as established or feature-loaded as Coinbase
- Trusted. Third. Party.

Still in use?
YES, I use them to insta-buy small quantities of BTC.

--- --- ---

Electrum: Started July 2014. Wanted to practice offline signatures.
https://electrum.org/

Good
+ SPV wallet == minimal resource footprint
+ HD seed backup
+ Easy-to-use offline signature

Bad
- Thin client with specialized servers means having to trust a relatively small set of nodes relative to the bitcoin network to relay transactions. A minor negative, nothing that would steal private keys.

Still in use?
NO, I've advanced to Armory since then. I still recommend this wallet for newbies who wants to practice offline signatures and just secure their wallets without having to play with knobs and levers... or wait several hours for the blockchain to download...

--- --- ---

Bitcoin Wallet for Android: Started September 2014, after the developers implemented PIN security.
https://play.google.com/store/apps/details?id=de.schildbach.wallet&hl=en

Good
+ SPV wallet == minimal resource footprint
+ HD wallet, though no seed backup
+ I can set the PIN as long as I wish
+ SPV that uses bitcoin nodes, unlike specialized servers like the case of Electrum or Mycelium

Bad
- I had some issues during my course of usage that the developers were responsive to, and resolved them promptly. Since they were resolved, they won't be listed here.

Still in use?
NO, after finding out back in November 2014 that this wallet created unencrypted backups on my phone for two months without my consent, I immediately dropped it and came back to Mycelium. The developers have since fixed this security mistake. I may come back to it later.

--- --- ---

Armory: Started to actually use it in December 2014. I had installed Armory since the beginning of my bitcoin adoption in Feb 2014, but avoided it due to the daunting complexity of Armory's loaded features. It wasn't until I understood more about the technicals of a bitcoin transaction that I started to remember Armory and those exact features I wanted.
https://bitcoinarmory.com/

Good
+ Full Node
+ Loaded with technical features, from good coin control, to offline signatures, to encryption security control, Armory is for bitcoiners who knows what they're doing
+ HD wallet, though no seed backup
+ Excellent encryption security

Bad
- UI could use streamlining and pop-up instructions when you hover your mouse over certain features, this would help beginners better understand and take advantage of some of the niftier features of Armory
- Full Node takes up a lot of computing resources

Still in use?
YES. Armory is my favorite desktop bank by far.

--- --- ---

AWARDS

Easiest to Use: Mycelium Android
Most Secure: Armory

--- --- ---

POSTSCRIPT

I'm adding Jace's review of Breadwallet, as it is consistent with my fellow iOS bitcoiners' and my own experience:

Breadwallet: Started using this somewhere in 2014, after Apple ceased to ban Bitcoin wallet apps on iOS. Developed by Aaron Voisine.
https://itunes.apple.com/app/breadwallet/id885251393

Good
+ Very user friendly
+ Excellent backup procedure
+ Simple and clean GUI
+ HD wallet

Bad
- Nothing significant, but it doesn't allow specifying an amount when creating payment QR to receive bitcoins (it just contains your address)

Still in use?
YES, this is by far THE best, easiest, most user friendly, accessible and robust wallet on iOS.

After practicing some RSA math problems, I think I understand public key cryptography now. I want to practice PGP. Which PGP program is trusted and free?

I noticed while setting up a new Mycelium HD wallet, that I'm able to choose 12, 18, or 24 words as backup.

As far as I know from Electrum, 12 words is 128 bits of entropy. Does this mean that in Mycelium, I'm able to decide if my master private key is 128, 192, or 256 bits?

[1.]

After Mt. Gox's collapse and before Coinbase opened, the bitcoin exchange rate was dictated purely by a seller's market in the East. Though it has not been yet a month after Coinbase's opening, the market movement has changed noticeably in relations to bad news.

I've observed the Eastern world treatment of bitcoins versus Western, and hypothesize that China constantly dumps bitcoins because:

1. Bitcoin is banned as a purchasing instrument.
2. The majority of miners are located in China.

Considering the ban of bitcoin in China, a Chinese cannot purchase anything legally with bitcoins. Bitcoin then is relegated to being a speculative instrument in the East with short-term profit in mind.

The adopters in the West view bitcoin differently, while the public would not touch it with a 10 foot pole, there are distinctions from the East:

1. Bitcoin is allowed to grow as an economy and is a legally recognized asset / purchasing instrument.
2. Mining in the West is more expensive, therefore purchasing bitcoins is preferred.
3. The majority of bitcoin-related innovations and software development are in the West.

This incentivizes the forward thinking minority in the West to hold it as an investment. There is buying pressure in the West.

It's my observation that ever since Coinbase opened, it has been generating a large amount of buying pressure, and that's just from 26 of 50 states. No matter how many exchanges go down, the market just doesn't care anymore, and I think Coinbase has a non-trivial role in this change of market dynamics.

Most people in the US who wants bitcoins have to purchase them and hold. The West is a buyer's market as far as bitcoin is concerned.

Furthermore, I think this is just the beginning, as the Western mainstream media is just warming to the idea of digital currency. CNN's recent documentary is one example. Gemini has yet to open, that is another potential buyer's market waiting to open as well...

[1.]

I'm playing around with Armory's wallet creation, and noticed two parameters that the user can determine: "Target compute time" and "Max memory usage". Question:

1. What determines the target compute time?
(examples: number of AES rounds, key stretching derivations, etc.)

To test the wallet's encryption properties, I created a few test cases with the following parameters and recorded the following results:

Target Compute Time   250 ms      
Max Memory Usage   32 MB      
            
Password Length   32   64   128
Time to Unlock   249 ms   246 ms   246 ms
Unlock Memory   4 MB   4 MB   4 MB


Target Compute Time   250 ms      
Max Memory Usage   64 MB      
            
Password Length   32   64   128
Time to Unlock   164 ms   255 ms   165 ms
Unlock Memory   4 MB   4 MB   4 MB


Target Compute Time   500 ms      
Max Memory Usage   32 MB      
            
Password Length   32   64   128
Time to Unlock   332 ms   334 ms   501 ms
Unlock Memory   8 MB   8 MB   8 MB


Target Compute Time   500 ms      
Max Memory Usage   64 MB      
            
Password Length   32   64   128
Time to Unlock   336 ms   501 ms   498 ms
Unlock Memory   8 MB   8 MB   8 MB

2. From my limited testing, it seems like raising the target compute time increases the required unlock memory. In fact, I went and did more doublings of target compute times, and it seems like for every doubling in compute time, the unlock memory doubles as well. What is the reasoning behind this?

http://gavintech.blogspot.com/2012/05/neutralizing-51-attack.html

From Gavin's blog:

Something like "ignore a longer chain orphaning the current best chain if the sum(priorities of transactions included in new chain) is much less than sum(priorities of transactions in the part of the current best chain that would be orphaned)" would mean a 51% attacker would have to have both lots of hashing power AND lots of old, high-priority bitcoins to keep up a transaction-denial-of-service attack. And they'd pretty quickly run out of old, high-priority bitcoins and would be forced to either include other people's transactions or have their chain rejected.

It sounds like a simple thing to do, but has it been implemented yet?

If a bitcoin private key can be 256 bits of entropy, why is it then that most HD seeds choose to use only 128?

What does Bitcoin Core access to generate entropy?

[1.]

I've been using Bitcoin Wallet for Android for two months since you guys implemented a spending PIN. Things are going great until I discovered that the app automatically generated an unencrypted backup of my wallet!

I've been walking around with an unencrypted copy of my wallet for two whole months!

I have not been notified by the app at any point in usage, that it would generated an unencrypted backup. It was only when I accessed "RESTORE WALLET" that I became aware of the vulnerability.

1. Is there an option for me to turn off automatic wallet backup, especially upon creating a new wallet?
2. Should there be a future change that does not automatically backup without encryption?

Thanks

While auditing my wallet's backup, I noticed that there is an option to restore my wallet with an unencrypted backup!

First thing I did was sweep all my money out of there, second thing is to stop using that wallet... since I had inadvertently had an unencrypted backup of that for at least two months.

Where do I go to destroy that unencrypted backup? Is there a default behavior where I'm able to encrypt the wallet before it's generated? I hate the idea of having ANY unencrypted backup around, even for a few seconds.

Just wondering if Bitcoin Wallet for Android is Hierarchical Deterministic or not.
It's not completely obvious to me since it doesn't offer seed backup.

If it isn't HD, what are its methods of private key generation?

Thanks ahead of time.

I'm using Bitcoin Core 0.9.3. When I encrypt my wallet, what is the method of encryption? (e.g. SHA, AES, etc.) And how many rounds of them?

[1.]

I started using Bitcoin Wallet for Android after you guys implemented a spending PIN. Some questions about wallet security:

1. What is the encryption method for the backup wallet? (e.g. SHA, AES, etc.)

2. If I set a PIN before backing up my wallet, does the wallet backup, once restored, require the same PIN to spend as well?

http://phys.org/news/2014-11-largest-factored-quantum-device.html

"Researchers have set a new record for the quantum factorization of the largest number to date, 56,153, smashing the previous record of 143 that was set in 2012. They have shown that the exact same room-temperature nuclear magnetic resonance (NMR) experiment used to factor 143 can actually factor an entire class of numbers, although this was not known until now. Because this computation, which is based on a minimization algorithm involving 4 qubits, does not require prior knowledge of the answer, it outperforms all implementations of Shor's algorithm to date, which do require prior knowledge of the answer. Expanding on this method, the researchers also theoretically show how the same minimization algorithm can be used to factor even larger numbers, such as 291,311, with only 6 qubits."

If QC accelerates in the upcoming years, then perhaps even 10^77 may not be enough to guarantee our network security.

Not a quantum computing expert here... just wanted to hear from those in the field... what do you think?

message == private key

If Alice sends an encrypted "message" to Bob, and Mallory intercepts the message without ever having the means to decrypt it, would it be correct to say that the message doesn't exist (to Mallory) until Mallory has the key to decrypt it?

In turn, if my private key are encrypted before it gets stored online, would it be correct to approximate that my private keys do not come into existence unless I have the passphrase to it?

Blockchain.info has been acting flakey for me as of late, and I'm wondering what reputable blockchain explorer sites to use that is similar to blockchain.info.

Thanks!