I can't see any reason to do this. You should be using hardened paths at every level which does not require watch only functionality. The whole point of unhardened paths is to allow the export of an xpub to another wallet or service and the generation of new child public keys without needing any of your private keys.

By adding an unhardened path before a hardened one, you don't gain anything. You can't derive the hardened path without using the xprv anyway, and exporting the xpub at the unhardened path doesn't let you create a watch only wallet at the hardened path.

This has been talked about before, and it is an awful idea. It adds multiple steps of unnecessary complexity, where the mistyping of a single character could render your back up useless and mean you lose all your coins. You cannot save or print any images using the colors, since a change in format may change the color, and printing and scanning it back in will definitely change the color. This means you are limited to either backing it up electronically which is unsafe, or writing down the hex codes, which defeats the entire point and is riskier than just writing down a seed phrase.

In short, don't use this. If you need extra protection for your seed phrase, then your options are passphrases or multi-sig.

It wasn't. The transaction was broadcast publicly, meaning any miner could have mined it and claimed the fee.

Many wallets do implement some kind of sanity check if you select outrageous fees. But this is clearly an automated system and not some piece of wallet software, and whoever programmed it obviously did not include such a sanity check.

This is inaccurate. The term "millisatoshi" doesn't just mean "anything less than a satoshi". It follows the standard International System of Units definition. One satoshi is one thousand millisatoshis. This means a millisatoshi is 0.00000000001 BTC. That's 11 digits after the decimal point, 3 more than the usual 8. Even the Lightning network won't process 13 digits after the decimal.

Whenever you close a Lightning channel, your balance will be rounded down to the nearest whole satoshi to allow the transaction to be broadcast to the main layer.

Satoshi is the base unit in the code. Satoshi are not defined as 0.00000001 BTC, but rather 1 Bitcoin is defined as 100,000,000 sats. Here is the code in question:


The same is true for transactions. If you decode a transaction, all amounts are specified in satoshi, and not in bitcoin.

Since satoshi is the base unit in the code, then you cannot settle anything less than one satoshi on the base layer. If you want to use smaller units, such as millisats, then you'll need to move to Lightning.

It's certainly slower, but it definitely isn't slow and it definitely isn't considerably slower either. PBKDF2 is already pretty weak, and 2048 rounds is nothing. This is why tools like btcrecover can still check tens of thousand possible seed phrase combinations a second (even once you exclude those with an invalid checksum).

If you wanted actual protection against brute-force attacks, then you would need to up the iteration count to the millions or switch to an algorithm which is actually computational expensive. BIP39 survives without these things due to the initial entropy being at least 2¹²⁸, not because it is difficult to attack.

Lol.

They first refused to allow Laurent Salat to audit the code, simultaneously claiming that he was not a qualified expert, but then also claiming that he would steal their source code for OXT, which he runs. Amazing that he is both unqualified and too qualified at the same time.

Now they claim that a literal Bitcoin Core contributor is unqualified? The same people who as we saw earlier in this thread don't understand the different between legacy and segwit addresses and don't even understand the difference between bits and bytes are in no place to pass judgement on anyone, least of all a Bitcoin contributor. They are absolutely desperate that no one sees their code, and learns just how unscientific and deeply flawed it is.

Blockchain analysis is a scam.

Absolutely.

The address is obviously owned by some exchange or other service. It was first used fairly recently on June 22nd, and it seems to only have received funds from this address: bc1qlm0xlahpysq2v9yh5rhcc430xjz3xknqqnyvaf. The transactions are clearly automated. They've made 60,000 transactions without an error, and a few hundred more since this error occurred. I wonder what the error is? My only thought is someone tried to withdraw to the exchange's address and it somehow overwrote the change output.

F2Pool have said they will hold the funds for three days and return them to the rightful owner if claimed: https://nitter.cz/satofishi/status/1701042302238724512#m

Ideally, yes. In practice, no. I've said this before about security/privacy threads:


If Off Topic was actually as advertised, then yes, it would be a great place for such topics. As it stands, no serious members who would have meaningful contributions to such threads would ever see them since Off Topic is 100% low quality trash and no serious members even open that board. Put threads like this in Off Topic and they would just be filled with the usual word spun, low value, meaningless spam.

There is no "miner fee" and "transaction fee". These refer to the same thing. Bitcoin transactions pay a single fee, which goes to whichever miner includes that transaction in a block.

When a transaction is written out in raw hex, there is actually no field to specify the fee at all. You specify the inputs you want to spend, you specify the outputs you want to send money to, and you specify how much money you are sending to each output. You don't specify the fee. The fee is worked out from the sum of the inputs minus the sum of the outputs. It is essentially "whatever is left over". In previous transactions like this the error has been the creator not realizing this, forgetting to include a change address, and therefore everything that they didn't specify being used as a fee. What is unusual here is that the transaction involved does include a change address (the same address the coins are sent from), so the person who made this transaction has made some other mistake.

This is fairly easy for a blockchain analysis company to trace.

Blockchain analysis companies obviously know about the existence of these instant exchangers, and also know that they are popular for swapping bitcoin to other coins. They also know how they work, know the fees they charge, and probably have identified their wallet addresses on multiple chains. If they see you sending $100 worth of bitcoin to one of them, and then a few minutes after it is confirmed they see $98 worth of litecoin leave, then they can link those transactions together. If you send all the litecoin to the same address, then they can probably work backwards and link all your bitcoin transactions together too.

If you don't want to be traced, then you'll either need to mix or coinjoin your bitcoin first, or swap it for monero which cannot be traced in this way.

The amount of bitcoin you are transferring is irrelevant. What matters is how many inputs and outputs your transaction has, which is what dictates the size of the transaction in vbytes. Also note that you should be working in virtual bytes or vbytes, rather than raw bytes. This is the value that miners pay attention to when deciding which transactions to include.

16 sats/vbyte is an appropriate fee at the moment which will put you around 1 MvB from the tip. For a 246 vbyte transaction, this would be just under 4,000 sats, which is indeed around $1.05.

A 246 vbyte transaction could be transferring 0.0008 BTC or it could be transferring 8,000 BTC. It is the number of inputs which is important here, not the value of those inputs.

There have been multiple previous topics about the Press board. The whole board is low value trash which just serves to let people pad their post count for their campaign by simply copy and pasting an article from elsewhere, or for trash "news" sites like CoinIdol to spam with their shit articles. It's legalized plagiarism. I've reported the same bot accounts in that board literally hundreds of times each, and they are were never banned.

It would be trivially easy to clean that board up, but given there has been absolutely zero desire from admins or mods to do so over the many years this has been complained about, then we should simply close it. It serves no purpose.

This was suggested for the Press board already, but it would not stop the bot accounts owned by these "news" sites from spamming their links. Just moderate it properly. It's that simple. And if we aren't going to moderate it, then lock it.

Why? Why should we continue to have a board which hasn't been posted in in over 3 years for software which nobody uses, yet not have a board for a topic which is discussed around the forum multiple times each day?

What a lot of abuse being directed at OP for what is an entirely reasonable suggestion.

The Press board is a cesspit of legalized plagiarism and should have been closed years ago. In Wallets we have a board for Mycelium which has had about a dozen posts this year, and a board for BitcoinJ which hasn't had a single post in over 3 years. The New Forum Software is a meme at this point. These boards shouldn't be deleted, but they should absolutely be closed/locked/archived/whatever.

Meanwhile we have had many threads over many years with almost unanimous support calling for the introduction of some kind of "Security and Privacy" board. There are literally hundreds of threads every month spread across multiple different boards which would fit more appropriately in to such a board.

Why should we have boards which get a dozen posts in a year but not have a board which would get a dozen posts in an hour? It makes no sense.

It's not at all contradictory to want inactive boards closed and want topics which are widely discussed across the forum such as security/privacy to have a dedicated board. That would simply be the forum keeping up with the times, rather than continuing to be stuck in the past.

How did you get 1.1k permutations a second? Have you divided by an extra 60 by mistake?

12!/115/60 = 70k permutations a second, but that is assuming he had to search the entire space. Even assuming on average he would search half the space, that's still 35k/sec.

I can get around 100k/sec on my hardware for a BIP39 seed phrase, but 35k is not unreasonable by any means.

The old "addresses" field was initial depreciated in v22.0.0 and replaced with a new "sane addresses" field: https://github.com/bitcoin/bitcoin/pull/20286
The old field was then fully removed in v23.0.0: https://github.com/bitcoin/bitcoin/pull/22650

If you look at the RPC docs for anything from v23 onward (https://bitcoincore.org/en/doc/25.0.0/rpc/rawtransactions/getrawtransaction/), you'll see the address field now returns an address "only if a well-defined address exists". Given that the script you have shared is pay to pubkey, and not pay to pubkey hash, then you are not paying an address and so getrawtransaction will not return an address.

Not sure where you got half a billion from?

If you have a benchmark for calculating 12!, then to calculate 24 you would need to take that benchmark and multiply it by 13*14*15*...*23*24. More easily written as 24!/12!.

24!/12! is over 1 thousand trillion. With 115 minutes for 12 words, then it would be around 283 billion years for 24 words. (In reality it would be a bit quicker than this since with 12 words you can reject 93.75% of combinations as having an invalid checksum and with 24 words you can reject 99.61% of seed phrases, but that is not relevant.)

You are essentially describing "newbie jail", which the forum used to have. If you do a search for this term you'll find lots of old discussions about it, why it was scrapped, and why it would be a bad idea to bring it back.

That's an interesting approach for dice, and one I had not seen before. It is essentially the same basis as the Von Neumann debiasing algorithm for coins I linked to earlier in the thread, where you flip twice and discard the result if the two flips are the same, but adapted for dice.

Having said that, it's also far more complicated. I like to keep things simple and would just stick to coin flips.

You would never know unless you rolled them thousands of times and performed some statistical analysis on the results. Safer to just assume they are and use a debiasing method.

You still need to correct for physical bias, which is far more simple with a coin than with a die.

Flip the coin twice:
HT - 0
TH - 1
HH or TT - discard

Repeat until you have 256 bits. No matter how biased your coin is, you'll always get a completely random result.

Not wise to lock yourself to an old version. Although legacy wallets still work fine in v25, by the way.

You can turn your custom entropy in to a master private key you can import in to a descriptors wallet as I explained above, but you won't be able to do it without additional software.

Alternatively, have you considered using something like Electrum or Sparrow instead? You can turn your custom entropy in to a BIP39 seed phrase and then import that to these wallets offline, and then export the master public key from your offline wallet to move to your other machine and create your watch only wallet. Your Electrum or Sparrow watch only wallet can be synced using your own node.