I assume this is more than enough, to secure my coins privacy-wise, isn't it? Yes, that's more than enough, although I shudder a little at the thought of how much you have paid in fees to do all that. If it was me, I would probably have just left my coins in Sparrow for more free remixes. I imagine it is fairly unusual to take outputs from Whirlpool and immediately feed them in to JoinMarket, so that potentially gives blockchain analysis companies something to latch on to. |
|
|
|
It's worth noting that intentionally creating many low-fee or feeless transactions can contribute to network congestion and may be seen as spam behavior, which is generally discouraged by the Bitcoin community. As such, it's essential to use the Bitcoin network responsibly and pay appropriate fees for your transactions based on the current network conditions. It doesn't congest the network in any meaningful way. If you attempt to broadcast a transaction with zero fee or a fee below the dynamic lower limit set by individual node's mempool settings, then nodes will simply not relay that transaction. Repeatedly try to do this, and nodes will simply blacklist your IP and ignore you. You can send with a 1 sat / vb fee which will probably never get confirmed at this point. You can't really, at the moment. Given that the vast majority of nodes run with default settings, anything below around 2.9 sats/vbyte at the moment will simply not be relayed, let alone confirmed. You could of course manually connect to a specific node which has increased its mempool limits, but then your transaction will just sit in the mempool of that one node and not go anywhere, which obviously achieves very little. |
|
|
|
it is by and large an non-issue given how a lot of wallets have transitioned to deterministic nonce. I simply wouldn't touch any wallet that doesn't use RFC 6979. There is no reason not to, and failing to do so only introduces more risk. Is there still a problem even if they're using Crypto.getRandomValues? I actually had this exact conversation just a few weeks ago on another thread here: https://bitcointalk.org/index.php?topic=5458206.msg62488420#msg62488420There is also a post from Greg Maxwell discussing this here: https://bitcointalk.org/index.php?topic=5324030.msg56590276#msg56590276The bottom line as I see it is maybe it is secure, but there is no way to be sure, there is no way to test it, and there are a lot more things that can go wrong using some browser based javascript generator over using something like Core or Electrum which properly source from /dev/urandom. It's simply not worth the risk. |
|
|
|
I wasn't thinking about the binary representation, just in hex representation. Ahh ok. In that case 12 zeroes in a row from a set of 16 possible characters would indeed by exponentially more unlikely. My (quick) calculations put it at approximately 1 in 76,569,678,407. That's another problem you've touched on there. Pi, as far as we know, is random, uniform, and normal, although this hasn't been definitively proven. It could potentially be a good source of entropy, except that it is a widely known mathematical constant. And given that pi is infinite, random, and normal, then at some point in it you will find sequences of numbers which appear decidedly non-random. Since we are talking about 12 zeroes in a row, pi contains 12 zeroes in a row at position 1,755,524,129,973.  |
|
|
|
I freshly remember that I was also nearly a victim and almost compromise my Electrum wallet but luckily I know that it is safe to download on the official website. No, it isn't - not in isolation. Obviously you should only ever download from electrum.org, but an attacker could still compromise the Electrum website and upload malicious software there for users to download. The only way to be safe is to verify the software you download using the developers' PGP keys. I am so confused and don't know that should i use it. There are no backdoors or issues with Electrum itself. It remains perfectly safe to use provided you have downloaded the real version and verified prior to using it. OP has either downloaded a fake version or has leaked his seed phrase, and there is no issue with Electrum itself. |
|
|
|
Now, back to the topic. Sure, you can reject a result where you have 12 consecutive '0's in your key, but that is extraordinarily rare and it would prob never be executed in any code that you write. I would just point out that this isn't an accurate statement. 12 consecutive 0s has a 1 in 4,096 chance, which is definitely not "extraordinarily rare" to start with. But if you take a 24 word seed phrase with 256 bits, then there is actually around a 1 in 34 chance that you get 12 consecutive 0s somewhere in those 256 bits. And of course you can double that chance if you consider 12 consecutive 1s as well. So for roughly every seventeen completely random 24 word seed phrases you generate, you'll have a string of 12 consecutive 0s or 1s. This is why it is difficult to assess randomness like OP is proposing. Strings which look random may not be at all, and strings which look predictable can indeed be entirely random. |
|
|
|
OP is talking about this incident: https://twitter.com/klever_io/status/1679267565434986501There is no inherent flaw in BIP39. This tweet explains that the affected seed phrases were generated using insecure Javascript PRNGs. No good wallet should be using Javascript. Electrum and Sparrow certainly don't. I'm not aware of any hardware wallet which uses Javascript. Notably, any web based generator such as bitaddress or iancoleman are built on Javascript and should be avoided for the purposes of key generation. Sometimes, it was the only supplier of random data, sometimes it used an uncrypted HTTP connection to exchange data, which naturally led to many people losing their Bitcoin. It's actually worse than that. It tried to connect via HTTP, but random.org only allowed HTTPS, so it returned an error page. Blockchain.com then incorrectly tried to use this error page as a source of entropy, resulting in multiple users generating the exact same entropy and therefore the exact same address. |
|
|
|
|
Of course, and I'm sure theymos is more than capable of generating a suitable .onion address. Just pointing out it is easily done.
|
|
|
|
The Congressional Budget Office (CBO) estimates that the Treasury will run out of cash and borrowing authority by October or November 2023, unless Congress acts to raise or suspend the debt ceiling. If that happens, the US would face an unprecedented default on its debt, which could trigger a global financial crisis and a severe recession.
you can thank biden and the democrats for wanting to pay off everyone's student loans plus all the free handouts immigrants are getting plus probably alot of other free cash programs for all of this.  We have had this exact news story at least twice a year for decades. We raise the limit, we spend with abandon, we come close to the limit, we risk a shutdown (occasionally we do shutdown), we raise the limit, we repeat endlessly. This has nothing to do with Biden, and everything to do with our completely broken political system being bought out by the oligarchs who actually run this country. Let's blame this on the student debts, will we? Let's ignore the trillions in evaded taxes from said oligarchs? Let's ignore the trillions used to bail out the banks over and over again? Let's ignore the billions in PPP loans which billionaires took and then wrote off? Let's ignore that we have to subsidize people in full time employment because these billionaires won't pay them a reasonable wage? all the rhetoric about tightening up the spending belt was pure BS. Of course it was. Next time there is a bank needing bailed out, the money printer will start up again without hesitation. biden has to be the worst president ever in us history about how he doesn't care about the devaluation of the us dollar. Lol. Yeah, definitely Biden's fault. We'll just ignore the Trump tax cuts for the rich which cost 5x what student debt forgiveness is going to cost, shall we?  |
|
|
|
But what if I want to show an explicit difference between a non-custodial wallet like Electrum and a non custodial wallet that also runs a node like Bitcoin core. What better name should I call the later? You can call it a full node wallet. Unless you are some sort of techy person or a developer, you do not need to download the whole database on your system. Although I obviously agree more people will just use Electrum, you don't need to be technical to download Core. Anyone who wants the security of being able to verify everything locally or the privacy of not having to connect to third party servers should download Core. And it is very easy to set up. |
|
|
|
I've just generated the following, which theymos can have for free.  btctalkhfmnva2746gkwhsxpirz3w7bu3ocut7uzjlszsxlou4naruyd.onion |
|
|
|
Analysing incoming coins for naughty status isn't the biggest crime if it's designed to stop crime. This is the same old nonsense argument governments always use to erode your rights and surveil their population. Mass surveillance is designed to stop crime. Phone tapping is designed to stop crime. Banning encryption is designed to stop crime. Putting a government back door in all your devices is designed to stop crime. Reading all your emails and IMs is designed to stop crime. It is complete bullshit. There is no evidence that mass surveillance has ever managed to prevent a single incident of terrorism. It's not about preventing crime. It's never been about preventing crime. It's about control: The old cliché is often mocked though basically true: there’s no reason to worry about surveillance if you have nothing to hide. That mindset creates the incentive to be as compliant and inconspicuous as possible: those who think that way decide it’s in their best interests to provide authorities with as little reason as possible to care about them. That’s accomplished by never stepping out of line. Those willing to live their lives that way will be indifferent to the loss of privacy because they feel that they lose nothing from it. Above all else, that’s what a Surveillance State does: it breeds fear of doing anything out of the ordinary by creating a class of meek citizens who know they are being constantly watched. Which data's being stored by zkSNACKs in this transaction if I'm using Wasabi wallet. Wasabi pay Coinfirm to investigate the output you are registering for coinjoin. So Coinfirm will absolutely be looking at the history of that output and seeing where it came from. If any of the previous addresses have ever been linked to an identity (such as via KYC, via addresses being shared publicly, via connecting to third party servers, via other transaction heuristics, etc.) then that will be identified and Coinfirm will be storing, sharing, and selling, that information on to other third parties. |
|
|
|
But according to ledger FAQ, it can operate on MacOS 10.10(OS X Yosemite) quoted below Huh. I was reading from this page ( https://shop.ledger.com/products/ledger-nano-x), which says Big Sur / Monterey / Ventura, which are 11 / 12 / 13 respectively. Another thing to try would be running Electrum with root privileges. |
|
|
|
He said that he is using Mac OS. Yes, but Ledger state that the Nano X is only compatible with macOS 11, 12, and 13. If his OS is older than this, than that might be the issue. |
|
|
|
People are against zkSNACKs using blockchain analysis so they're getting a tough time in the Wasabi Wallet thread but is all of it justified? Yes, it is justified. You can't market yourself as a privacy solution while simultaneously directly funding entities whose only purpose is to tear apart of every shred of privacy they can. Contrary to the lies they tell, Wasabi are anti-privacy, anti-fungibility, pro-surveillance, and pro-censorship. My wallet tests were on Win 11 using good security solutions. It isn't the safest but it's the biggest OS. I would direct you to a previous post I made regarding Windows here: https://bitcointalk.org/index.php?topic=5190776.msg52685703#msg52685703. If you are using Windows, you should assume your privacy is zero. |
|
|
|
Privacy Concerns: Vanity addresses, by their nature, can reveal a portion of the private key during the generation process. No they don't. If you generate them yourself, they are completely private. If you use the split-key method, the other party knows one part of the process but that is irrelevant and does not decrease the security at all. It would only be a security risk if someone else generates your entire private key for you, and you should never use such a key or such a service. You also neglected to mention the fact that they encourage address reuse and thereby completely remove any and all privacy. This is their second biggest downside, after imitation addresses. On computer (CPU), for just 3 characters for uncompressed legacy address, it will take only few minutes like three minutes Your benchmarks are off. For a legacy 3 letter prefix, I can find ~1,500 in 1 second.  while 5 words for segwit will take just some minutes too. Again, I just did ~200 in 1 second. |
|
|
|
|
What OS are you using? Are Ledger Live, and the Ledger Bitcoin App both up to date? Are your USB drivers up to date?
Make sure you only have either Ledger Live OR Electrum open, and not both. They can conflict with each other if both trying to access your hardware wallet at the same time.
|
|
|
|
The fingerprint for the PGP key I hold for Craig Raw is below: D4D0D3202FC06849A257B38DE94618334C674B40 I have verified multiple versions of Sparrow successfully using this key. |
|
|
|
Even until now I am still looking for the best browser to access the internet. Tor or Firefox. There is really no debate to be had here. Chrome is provably awful in every way, from being filled with spyware, to insecurely storing passwords, to phoning home to Google constantly, to being resource hungry, to tracking everything you do, etc., etc. It is the absolute worst browser you can choose, but especially so for anything sensitive such as crypto. And every browser based on Chrome (Edge, Opera, Brave, Vivaldi, etc.) still has plenty of embedded Google spyware which is near impossible to remove. |
|
|
|
|
Show Posts
