Especially if you consider the following factors: As I said above, there won't be an address (or seed phrase) collision before the sun dies in ~5 billion years. The normal user generates in his life maybe 10 addresses and not always the sum times the number of people who live in 100 years make it very unlikely. Let's say all 8 billion people on the planet all generate 1,000 new addresses every second for the next 5 billion years non stop. After 5 billion years we will only have generated 0.00000000000000009% of all possible addresses. And I am so paranoid to trust the fewest companies. If you don't trust any software to generate a seed phrase for you, then generate your own entropy by flipping a coin and converting each 11 bits to the corresponding word. You'll still need to use a piece of software to calculate the checksum and import the seed phrase to generate a wallet, however. |
|
|
|
In sha256 or even sha128 you will never have the same output. You definitely will. Taking SHA256 as an example - the output is always 256 bits, so there are 2 256 possible outputs. However, the input can be anything up to 2 64 - 1 bits in length, which works out to any data up to 2 million terabytes in size. Therefore, there are exponentially more possible inputs than possible outputs, so collisions are guaranteed. And as I understand it, you always have access to all sub-accounts created in the main wallet, no matter what the first generated address is. I mean when I log into Metamask with the seeds I have the same address as Exodus or the recently tiled Atomic Wallet, that's what I mean by main wallet. The same seed phrase will always generate the same address at the same derivation path, regardless of what wallet you use (provided all the wallets are following the BIP39 standard and not doing something unique or non-standard). What do you think it is possible to get access to the same coins with different seeds? Or did I record there stupid stuff? Technically speaking, given the number of possible derivation paths, every seed phrase in existence is almost certainly capable of generating every possible address. But in practice, there will never be an address collision before the death of the sun. |
|
|
|
Dismissive goal post moving. Nope, haven't moved at all. Just waiting for an example: Now show me a Samourai address reuse since they implemented the fixes you linked to, and I'll be happy to tell everyone to swap to JoinMarket instead. What are you even talking about? The "doxxing" you are accusing Wasabi devs of is exposing SamouraiDev's use of sock puppets to deceive people on social media. No, I'm talking about this: https://nitter.it/SamouraiWallet/status/1647936591417995264 |
|
|
|
Ok, so that's a "No" to being able to provide any examples since the issues was fixed. Got it. Exposing this dishonest behavior is not "doxxing" Linking accounts together is fine. Linking accounts together and also linking those accounts to a real identity is doxxing. Your stupid wordplay does not change the fact that Wasabi devs actively dox people they disagree with. How anyone in their right mind could ever use a "privacy" service which actively funds blockchain analysis and actively doxxes people they don't like is absolutely beyond me. You are as far from cypherpunks as it is possible to be. |
|
|
|
And yet still preferable to paying for the privilege of your "privacy wallet" actively spying on you.  I assume you changed the subject because you have no response to this, just as you've dodged the question about why you think it's acceptable to dox people you disagree with. Now show me a Samourai address reuse since they implemented the fixes you linked to, and I'll be happy to tell everyone to swap to JoinMarket instead.
|
|
|
|
Wasabi, BTCPay Server, or Trezor. Thanks for alerting me that BTCPay is also now a supporter of mass surveillance and blockchain analysis. Another company to forever cross off my list of recommendations. |
|
|
|
*Note: it is hard to verify exactly whether it is true that they really named the method as such, because Ledger firmware is closed source and it's possible that obfuscation of exported function names is being used by the <closed-source, Ledger-internal> libraries. But the post says you can see it being used in Ledger Live, which is open source. A search of Ledger's GitHub provides zero matches for "gimme_da_seed". |
|
|
|
What possible reason could anyone have for splitting their UTXOs to themselves? Because I keep the majority of my coins in cold storage and only want to move small amounts at a time to a hot wallet. And sweeping an entire output with zero change provides zero privacy, although I guess that doesn't really matter if you are sending it to a wallet which cooperates with blockchain analysis, lol. But you only mention this flaw happening in Wasabi and never in Samourai. Why aren't you capable of being honest when comparing? At least you finally admit Wasabi reuses addresses! Now show me a Samourai address reuse since they implemented the fixes you linked to, and I'll be happy to tell everyone to swap to JoinMarket instead. |
|
|
|
That's not how it works. You have a UTXO of .5 BTC. It gets coinjoined and produces no unmixed change. There is no "sending .2 to Wasabi" required. Lmfao. So everyone in the world is storing all their coins on Wasabi all the time? No one ever sends a transaction to their Wasabi wallet which has a change output? Now I'm certain you are just trolling. Now, please answer my question: Why aren't you warning users about the address reuse in Samourai's Whirlpool when recommending it to them? You yourself linked to Samourai's disclosure and fixes, which were implemented years ago. Meanwhile Wasabi just deny their address reuse and dox anyone who talks about it.  |
|
|
|
There is no unmixed change in WabiSabi coinjoins I really don't know how to make this any simpler for you to grasp. I'll try. I have a UTXO of 0.5 BTC. I make a transaction sending 0.2 BTC to Wasabi, and 0.3 BTC to a change address. After Wasabi have thoroughly spied on the 0.2 BTC I sent and received permission from their blockchain analysis buddies and their government sanctioned blacklists, I am hopefully granted permission to coinjoin it. Ignoring Wasabi fees and transaction fees for the sake of simplicity, I now have a coinjoined output of 0.2 BTC. I then combine this 0.2 BTC output with my original 0.3 BTC in the change address. There is nothing Wasabi, or Samourai, or JoinMarket, or anyone else for that matter, can do to stop me from doing this. Samourai give the transaction a specific name and segregate the change in to a different account to help prevent the user from making this error, but there is nothing they can do to stop it entirely. Wasabi also cannot stop it, but apparently Wasabi contributors choose just to ignore it and pretend it cannot happen instead since they don't actually care about their users' privacy in the first place. |
|
|
|
If you did brute force a seed phrase which gave you the desired vanity address at m/84'/0'/0'/0/0 (for example), then bear in mind that only that single address would have your desired prefix, and every other address in that wallet would be completely random. Seems like a lot to go through for a single address, when you can already just use VanitySearch. Note that I would use VanitySearch ( https://bitcointalk.org/index.php?topic=5112311.0) over VanityGen. It is much faster. Also note that Bitcoin Core does not use seed phrases at all, so the concept of extending your seed phrase with a passphrase does not exist. As hosseinimr93 says, a passphrase in Bitcoin Core is simply the password for your local wallet file. |
|
|
|
The point of my post is not to scare and say that private keys are not secure anymore No! but to say that theoretically its not fully impossible to generate a key that did indeed existed. Here is a post I made a while ago comparing the likelihood or various pieces of security we all take for granted: It is impossible to have a security system which is impossible to hack, and as far as security systems go, bitcoin's is pretty darn good.
Given that most 2FA codes are 6 digits long, there is a 1 in 106 chance of someone guessing your 2FA code.
Assuming an average house lock has 8 tumblers, and each tumbler can adopt one of 10 positions, then there is a 1 in 108 chance that someone will be able to guess your exact house key shape and unlock your door.
Given a standard credit card has a 15 or 16 digit number on it, there is at most a 1 in 1016 chance that someone will be able to guess your credit card number.
If you use a password manager to generate a long and totally random 16 character password, drawing from the full ASCII 95 character set of upper and lowercase letters, numbers, and symbols, (e.g. CY\u4"=t{rV%;N9S), there is a 1 in 4.4*1031 chance of someone guessing it.
The chance of someone guessing your private key is 1 in 1.158*1077.
The chance of someone correctly guessing your password, your 2FA code, your credit card number, and the key to your house simultaneously is 4.4*1061, which is still around 2 thousand trillion times more likely than them guessing your private key.
If you are worried about someone guessing your private key, then you should be absolutely petrified of the security of everything else in your life. For every possible 16 digit credit card number, there are approximately 10 trillion trillion trillion trillion trillion possible bitcoin private keys. |
|
|
|
This is de-fi if I'm not mistaken "DeFi" is a meaningless buzz word. The majority (or indeed all?) of projects which style themselves as DeFi are not decentralized in the slightest. How can it be decentralized with a centralized third party can disappear with all your coins at any moment? Same as the term "DEX". I can count the number of exchanges which could genuinely be referred to as DEX on one hand, but there are hundreds of scam platforms out there advertising themselves as DEXs and enticing people to deposit their coins to buy the latest shiny shitcoin or stake for some obviously unsustainable return. Out of interest, here is a post I made about DeFi three years ago: I haven't spent a huge amount of time looking in to DeFi (so perhaps I shouldn't really comment at all), but from what I have seen, it seems to me to be exactly as you claim - unbelievable rewards and gains. Until someone can prove to me otherwise, as far as I am concerned it is essentially going to be the same as the ICO craze. A minority of lucky people will make very good returns, a lot of people will lose everything or almost everything they put in, and in a year or two 99% of the projects/coins/tokens will be dead and forgotten. Seems like I was proven right. NFTs are already well on their way to the same fate, and the craze of bitcoin ordinals seemed to be over within a few weeks. I'm sure it will only be a few months before the next craze of shiny trash comes along to help people rapidly lose their money. I've already seen the term "Centralized DeFi" or "CeDeFi" make the rounds, which is just outright hilarious. |
|
|
|
What do you mean "combining UTXOs outside of a Wasabi coinjoin", lol? If a user funds their Samourai wallet, then Samourai creates a Tx0 to segregated unmixed change. If the user chooses to then combine a coinjoin output with that unmixed change, then there is nothing the coinjoin protocol can do to stop them. If a user funds their Wasabi wallet, the transaction which funds that wallet will create unmixed change. If the user chooses to then combine a (surveilled and permissioned) coinjoin output with that unmixed change, then there is nothing the coinjoin protocol can do to stop them. If a user swaps some coins to monero, the transaction which funded that swap will create unmixed change. If the user then swaps some monero back to bitcoin and combines that new bitcoin with the unmixed change, then there is nothing monero can do to stop them. Every privacy service or protocol in existence has the same weakness of a user combining unmixed changed with mixed outputs. That is not the fault of the privacy service or protocol, but the fault of the user. On the other hand, the flaws in Wasabi such as constant address reuse, the largest party in the coinjoin receiving zero privacy, colluding with governments, supporting mass surveillance, attacking bitcoin's fungibility, directly funding the enemies of bitcoin, etc., are absolutely the fault of Wasabi. The deeply unethical behavior (sock puppeting) you are referring to was done by Samourai's developer, not Wasabi Nope, I wasn't referring to sock puppeting at all. I was referring to Wasabi actively doxxing people who disagree with them. That's the behavior of real privacy loving cypherpunks. |
|
|
|
If this user had used WabiSabi instead, none of these addresses would have ever been linked together because inputs are consolidated privately and all outputs are mixed. There is nothing stopping users combining UTXOs outside of a Wasabi coinjoin which compromises their privacy, just as there is nothing stopping them doing that with a Samourai coinjoin as has happened here, or a JoinMarket coinjoin, or any other privacy tool available. In every case, such behavior is not a flaw in the coinjoin protocol. This is a very simple concept you are failing to grasp (or deliberately ignoring to shill your pro-surveillance and pro-censorship software). This has been explained to you by multiple other users on Twitter as well. What is a flaw in the coinjoin protocol is when the coinjoin protocol itself actively reuses addresses, as I've linked to Wasabi doing multiple times. I couldn't care less about your drama, I'm simply explaining how WabiSabi protects your privacy. Lmao. "My drama". It is very much Wasabi's drama, and deeply unethical behavior. |
|
|
|
You really are a broken record. I refer you to my previous replies: Wrong. All you've actually done is follow some unmixed change - change which is deliberately segregated so as not to impact the privacy of the coinjoin. You haven't deanonymized a single Whirlpool output. Since this post is currently being used on Twitter as some kind of "gotcha" moment, it's probably worth repeating that it is no such thing. All it shows is unmixed change being spent - the same change Whirpool deliberately segregates so as not to impact the privacy of its coinjoins. It does not show a Whirlpool coinjoin being deanonymized in any way. The Wasabi shills repeating this example only show their own ignorance.
Also, nice of you to disappear for two months after I made the following post. On another note, and I am deliberately not going to link to any of the tweets, but in the last 48 hours there has been a bunch of Twitter drama due to Wasabi publicly doxxing their competitors. Says it all really. The landing page of wasabiwallet.io says in big font right at the start "Privacy is your ability to selectively reveal yourself to the world". And then the Wasabi devs completely ignore that statement and start doxxing people who disagree with them. Imagine trying to pass yourself off as pro-privacy as you fund blockchain analysis and dox people you don't like? Absolutely despicable behavior, and should show everyone just where the priorities of Wasabi lie. They don't care in the slightest about your privacy. Can't wait for our resident shill to come and tell us how doxxing people you don't like is actually fine. |
|
|
|
|
Change the word "Abra" to "Celsius" and that entire story could have been copy and pasted from a year ago. I am 100% certain we could post the same story this time next year with a dozen other platform's names substituted in instead.
It seems there is no shortage of people in this world who flat out refuse to learn any lessons from the past or pay any attention whatsoever to what is going on around them.
I have ran out of sympathy for people who still have their funds on these centralized scams exchanges and earning platforms. Absolute insanity by this point.
|
|
|
|
When you're registering on a centralized exchange, are you reading their Terms and Conditions? What about their Privacy Policy? I would point out that although you should obviously read Terms of Use and Privacy Policies, an exchange having good ones of these does not make you safe. Even the largest and most reputable centralized exchanges have been hacked or actively scammed their users. The only way to be truly safe is not to use centralized exchanges at all, and instead trade in a decentralized manner where you keep control of your own coins and you do not need to hand over your personal data at all. When you're downloading software like Electrum or Trust Wallet, are you verifying the downloads before executing files or installing? Trust wallet is closed source, Binance owned, trash. In addition to properly verifying your wallet software, you need to make sure you are picking a reputable, open source wallet to begin with. |
|
|
|
You'd have to go out of your way to make a watch-only wallet vs. just a few clicks of creating a regular wallet in most software.
It's still a very common way to scam someone. The scammer either talks them through setting up a watch only wallet, or sends them a pre-created watch only wallet so the user thinks they own the funds inside. If a user understands the difference between making a regular wallet and a watch only wallet, then they wouldn't fall for the scam in the first place. |
|
|
|
|
Show Posts
