Now you're getting it! Centralized fractional reserve banking is one giant scam.

Banks write off loans all the time. Once they've hounded you for as much as they can, they sell your debt on to some debt collector for cents on the dollar because it simply isn't worth their time or money any more.

I find it strange that you are in favor of this, but you are against student debt forgiveness when so many of the people being saddled with these ridiculous repayments are living in poverty or close to it.

Quite the opposite! Previously banks had to keep in reserve at least 10% of the assets on their books. In 2020 the Fed decided to lower that to 0% (where it still sits), meaning banks don't have to actually hold any assets whatsoever and are free to just endlessly lend out money that doesn't exist! Money printer goes brrrrr!

Yes, it is demonstrably less random. Whether it is less random enough to be bruteforced depends on your starting points and how many factors you use, I would assume.

As ranochigo has explained, the random number generators you would use on your computer or hardware wallet to generate a seed phrase perform a similar process of taking a bunch of different numbers and combining them. However, you are picking constants which can be known to anybody who looks them up. An electronic CSPRNG will draw entropy from things like interrupt timings and thermal noise, which are impossible for an outside observer to know. You are proposing simply multiplying these numbers together, whereas your CSPRNG will use a combination of functions, including things like XOR and one way hash functions to combine these data in more difficult to predict ways.

Ummm... I've been locked up for two weeks now and Foxxy's got the only key...

Help?

My point being only if an attacker has no idea how you generated the passphrase. And given that you've just shared this method on a public forum, that's no longer the case.

I prefer simply using truly random passphrases, just as your seed phrase should also be truly random and not generated from an easy to remember string. Taking SHA256(string) is simply a brain wallet, and we have tens of thousands of examples showing that brain wallets are horrendously insecure and having all their coins stolen.

Random passphrase, backed up on paper, stored separately to your seed phrase. Done.

As franky1 has explained, no money is actually changing hands. They are simply writing off liabilities. You know, just like they did for billions in PPP loans fraudulently taken out by billionaires.

I assure you it happens all the time. Only around 3% of new money is printed by the government. 97% of new money comes from regular banks being fractional reserve and creating new money out of thin air every single time they hand out a loan, a mortgage, a line of credit, and so on, just like when they handed out these student loans. If anything you should be angry about the student loans existing in the first place since they created a whole bunch of new money out of thin air.

But people aren't? Billions to bail out banks which are worth hundreds of billions, but let people be made homeless and starve because fuck them? Lol.

Not even close.

And now that banks know they can do anything they like and still get bailed out, they won't worry about playing by the rules at all.

Thin air. That's how banks make loans. Have a read of this paper from the Bank of England: https://www.bankofengland.co.uk/-/media/boe/files/quarterly-bulletin/2014/money-creation-in-the-modern-economy.pdf

Only if an attacker is attempting to brute force every possible combination, which no one will do. As soon as they learn you've used a repeating pattern, it becomes exponentially easier.

The point would be instead of having 5 individual wallets, you could have a single 2-of-3 multi-sig wallet. The security of each wallet is improved despite requiring fewer back ups.

You are mistaken here. You can combine a single seed phrase with as many different passphrases as you like to create as many different wallets as you like. If an attacker accesses your seed phrase, they will only be able to access the base wallet and not any of the passphrased wallets unless they also steal or bruteforce each passphrase individually.

Obviously it's not random in the sense it is a constant which can be reliably reproduced over and over. But it is random in the sense that its digits are randomly uniformly distributed (as far as we can tell).

On a tangent here, but I can tell you that's not a "quality" seed phrase because it has an invalid checksum.

It's more that if a human created it, then we know it will have less than 256 bits of entropy. The matching game ranochigo linked to on the first page shows that if you are manually picking 0s and 1s, you aren't random. If you randomly pick words from the list, there is an inherent bias and you aren't totally random there either. Even if you toss a coin, there is a human instinct that if you tossed TTTTTTTTTTTT to think "that's not random enough" and throw it out and redo those tosses. Will the seed phrase you end up with be completely insufficient and able to be hacked? Maybe, maybe not. But it will almost certainly have less than 256 bits of entropy.

If you want to follow that logic, then we should also be excluding every key which has already been used? In fact, if you want a 256 bit key, then you need to immediately exclude all numbers with leading zeroes, which is half the range from 1 to 2²⁵⁵.

To raw bruteforce with no knowledge of what you have done? No, probably not. But given that you've just typed all these things in to Google, there are now dozens of servers around the world that know you had a specific interest in these numbers at the same time for some reason.

If you don't trust your OS's /dev/urandom, then aside from getting a new OS, I would suggest the best way to manually generate a seed phrase is from coin flips, specifically using Von Neumann's algorithm as I have discussed here to remove any potential bias.

There is no such thing as a very secure cloud environment. Anything on the cloud is at risk.

I would point out that this passphrase could be better. There is no need to use repeating characters, no need to use a pattern, no need to have the second half an invert of the first half, and so on. Each of these things decreases the security. A better 23 character passphrase would look something like this:

L(9Nm>&@dn;+Ej_:e>!fnpd
k@T(4zadT:A~(aU'*[+nWk}
)d3}cx>c#'95g{\Q&Kp"~$Y

23 characters or 500 characters - if you are saving it online it makes no difference. It is at the same risk of being compromised, and is only as safe as the security of wherever you are storing it (which will likely be much less than the security of 23 random characters).

If you must back up something electronically, then I would suggest using an airgapped device, encrypting it, and storing it on a USB drive or SD card which will only ever be plugged back in to the same airgapped device. But then of course you now have the problem of where you back up your encryption key.

Personally, I would say sticking to bitcoin is the way to go.

But yeah, if you want to buy random shitcoins, then chances are any wallets supporting said shitcoins are going to be similarly shit. Multi-coin hardware wallets are your best bet, but I wouldn't recommend either Ledger or Trezor given recent events from both companies. I have no idea which other hardware wallets are reputable and also support shitcoins.

Well, it depends. In the case OP is discussing here, that is exactly what happened and multiple users had their funds stolen. If the RNG is weak but not weak enough to be compromised, we likely never hear of it.

Indeed in all integer bases greater than or equal to 2.

If it were possible to check if the numbers being outputted were indeed completely random and cryptographically secure, then there wouldn't be such a large field of research dedicated to random number generators, or so many cases of weak random number generators leading to wallets bring compromised. Testing a single output as you are suggesting is meaningless. Let's say I toss a completely fair coin five times and get the following results: HTHHT. Fine, that looks random enough. Now I do it again and get TTTTT. Wait, that doesn't look random at all! Why? Both of those sequences had exactly a 1/32 chance of occurring.

A Chi-squared test simply tests for bias. It cannot tell you whether you are generating actually random numbers. It also requires multiple observations for each expected value, so cannot be applied to 256 bit numbers.

This has been evident since they launched the Stax, a hardware wallet whose entire purpose is apparently to be shown off to as many people as possible while displaying information or a NFT on the front to highlight to everyone that you are worth robbing. Now give me bright flashy colored Nanos, so if an attacker sees them again they will think they are something valuable rather than just some bland piece of computer hardware or USB drive. But don't worry if your devices are stolen, your seed phrase is backed up on the cloud, remember! For the low cost of $10 a month!

Ledger are turning in to a meme at this point.

Thanks!

There are a few topics on this forum which are a good starting place.

Here is the post by Greg Maxwell introducing the concept of coinjoin for the first time: CoinJoin: Bitcoin privacy for the real world
And here is the post by Chris Belcher launching JoinMarket: [ANN] Joinmarket - Coinjoin that people will actually use

The bottom line is of the three current main coinjoin implementations - JoinMarket, Whirlpool, Wasabi - Wasabi is the only one cooperating with blockchain analysis, the only one supporting mass surveillance, and the only one implementing blacklists and censorship, not to mention suffering from address reuse and other flaws. There is literally no reason to choose Wasabi over either Whirlpool or JoinMarket.

No problem!

It depends.

Moving private keys or seed phrases between various hot wallets is generally not recommended. Every time you handle a raw private key (as opposed to it being stored encrypted within a piece of wallet software), you risk leaking it. Every wallet has its own attack vectors and weaknesses, so for every additional wallet you import the same private key in to you increase the number of potential attack vectors and therefore the risk of it being compromised. If, on the other hand, your private keys are created and stored on a permanently airgapped device, then this matters less.

If you are creating a new wallet and sending your coins over to it, and emptying your old wallet, then there is no real disadvantage to storing your old seed phrase and new seed phrase in the same place. I wouldn't shred your old seed phrase just in case (never delete a wallet!), but if your back up location is secure then you don't need a different location for your new seed phrase.

Maybe. Maybe not. We'll never know. Just pointing out that unusual uses cases like this do provide something for analysis companies to latch on to.

As I said above I've never used Jam, but I've been using JoinMarket via its own GUI for years and don't have any real complaints.

Not really. You would simply have to examine the source code to know for sure. Alternatively, sign a transaction in your chosen wallet and sign the exact same transaction in a wallet which is known to use RFC 6979 such as Electrum, and ensure the signatures are identical.

As with all technical things like this - weak javascript PRNGs, RFC 6979, and so on - the safest thing for the vast majority of users is to stick to reputable, well known, and open source wallets such as Core or Electrum. When people start playing around with closed source trash like Trust wallet or Coinomi, random websites like blockchain.com, or completely unheard of wallets like the Klever wallet that OP was discussing, that is when you run in to trouble. There is a very good reason that all the technical users on this forum use the former and avoid the latter.

Would you mind editing your previous comment to remove the link? Just in case anyone else skimming the thread clicks on it without realizing.

That is certainly the safest option. Since all coinjoin wallets need to be connected to the internet constantly in order to work (you can obviously disconnect but you won't be able to perform any coinjoins while disconnected), it is safest to have a separate clean machine dedicated to coinjoins if you are going to be coinjoining frequently or large volumes.

The other Wasabi thread already contains all his opinions if you care to read them. They are just the same nonsense Wasabi talking points repeated ad nauseum.

Yes. Samourai is the name of the team/wallet behind the Whirlpool implementation of coinjoin. Whirlpool is also accessible via Sparrow, with other wallets in the works I believe.

I'm 99% certain the link you have included there is a scam site. I've never heard of it before despite using JoinMarket for years, there is no mention of that site whatsoever on the JoinMarket github, and the download link directs to a .exe file which does not exist on the github releases (https://github.com/JoinMarket-Org/joinmarket-clientserver/releases).

You should only download JoinMarket from the releases link I have given above and verify the download with the provided PGP signatures before installation. I'm pretty sure that .exe file will be malware.

By examining the publicly viewable blockchain data. As I said above, coinjoin transactions are easy to identify.

For example, here is a recent JoinMarket coinjoin I just pulled from the blockchain: https://mempool.space/tx/98423f23138446f079442bda7856b87cba075d15142ae756e06dcbdc0eb6b61c
It has all the characteristics of being a JoinMarket coinjoin which makes it easily identifiable - large number of inputs and outputs, similar number of inputs and outputs, all inputs are from segwit addresses, multiple outputs of identical values (0.04416277 BTC in this case) in order to obfuscate which is which, and if you look back in time the majority of the inputs have come from similar JoinMarket coinjoins.

Similarly, here is a recent Whirlpool coinjoin I just pulled: https://mempool.space/tx/5a734035c9745820dc98ab79209a1e44d4fbd2b7a0ed1dd417131be31a7ad763
These are even easier to identify, since Whirlpool uses fixed pool values of 0.001 BTC, 0.01 BTC, 0.05 BTC, or 0.5 BTC, they always have the same number of inputs and outputs, and two inputs will always be slightly more than the pool size in order to pay the transaction fee.

As I said, the privacy gain from coinjoin transactions comes from it being impossible to link the inputs to the outputs, not from the coinjoin transaction itself being hidden or secret. A blockchain analysis company can easily watch where all the outputs of every coinjoin transaction go, but if they don't know who owns those outputs, which other outputs that person controls, or who owns the addresses they are being sent to, then they can't do anything with information. But if a very small number of outputs all go the same unusual and identifiable place, which I imagine would the case when taking outputs from one coinjoin implementation and sending them to a second coinjoin implementation, then they can infer common ownership. (I have no data on this, I am just postulating that moving coins from one coinjoin implementation directly to a different coinjoin implementation is not a very common thing to do.)

It is easy to identify coinjoin transactions when examining blockchain data. Coinjoin isn't useful because the transactions are secret - they aren't - but because it is difficult or impossible to know which inputs are linked to which outputs.

However, you need to be aware of how you spend those outputs. If you send outputs from a coinjoin to Binance, for example, then there are probably lots of other people who are also sending their outputs to Binance, so yours will blend in with the crowd. However, I imagine it's fairly unusual to send coinjoin outputs to a different coinjoin implementation. If you are the only user spending your outputs in this way, then a blockchain analysis company might make that connection. If there are 10,000 Whirlpool outputs spent today, and only 5 of them go directly to JoinMarket, then those outputs are potentially linked.

There is a difference between a centralized exchange responding to police requests, and a so called "privacy" wallet enforcing censorship based on secret blacklists. There is no presumption of privacy if you use Binance, and they certainly don't market themselves as the ultimate privacy solution as Wasabi do. For every criminal's coins which are seized, there are dozens of innocent users also having coins seized because Binance have decided they are tainted or some other such bullshit.

If you lose your coins, then that sucks for you and I'm sorry to hear it, but I will never defend compromising the privacy of everyone else who uses bitcoin to make up for your mistakes, just as I will never defend mass surveillance of an entire country to stop a single criminal.

This is true, provided you are lucky enough to get your coins in to a Wasabi coinjoin which does not have a critical flaw, of which there are many. But that's also the bare minimum you want from a coinjoin, and you can achieve it without using Wasabi spyware via either Whirlpool or JoinMarket.