|
I imported the private key into Bitcoin-QT using the importprivkey command in the console.
|
|
|
|
|
It really is ridicuous, a bunch of script-kiddies and wanna-bes just copying-pasting and calling themselves developers. Such an embarassment. The only alt-coins with any hope:
Litecoin: Added scrypt, the first to increase confirmation time, had first mover advantage to get critical mining mass.
PPCoin: The first Proof-of-work coin, though has not really caught on.
Novacoin: This copycat combined litecoin and PPCoin and it actually had a chance. Except the "developer" was a total scumbag, lied about pre-mining, bribed the exchanges and lost all credibility. Still trades at 0.35-0.4 NVC/BTC, though pretty illiquid.
eMunie: the most interesting new one, not yet released. Totally different codebase, not just a copy/paste hack job like most the others. Still, it's use of "interest" to early adopters is very ponzi-like and really will only harm the currency in the long-run. Looks though like it will not be "pre-mined" and have an open, pre-announced launch which is refreshing from most the other sh*tcoins.
|
|
|
|
|
So what makes your shitcoin so special? You just want to have them get some semblance of value from idiots so you can sell/trade your pre-mined shitcoins for bitcoins or fiat. Pathetic. And don't call yourself a developer script-kiddie.
|
|
|
|
|
I think we have a lot of bitter gpu miners who are erroneously blaming the BTC price fall on ASICs, when in fact it is completely unrelated. The hype is gone and speculator are leaving. Will not reinflate until adoption increases.
|
|
|
|
Btw, can someone expalin to me the difference between the compressed and uncompressed keys? Seems both are accepted by Bitcoin-QT (though uncompressed priv key cannot be used to access compress public or vice-versa). Is one type more secure than the other? In my example, the stfu! compressed version was not compromised, only the uncompressed version was (I channeled the BTC through both bitcoin addresses). The speed (seconds) with which the funds were redirected make it clear it was a bot.
Compressed or uncompressed only applies to public keys, not private keys. All private keys are the same, there is no compressed form. For every private key there is only one public key but the public key can be expressed in two different forms. Each form maps to a different public key address. So, every private key maps to two different public key addresses. Not a bot, it was just that the address you generated was already set up to sweep to another address long before you generated it - as explained in other posts. Btw, can someone expalin to me the difference between the compressed and uncompressed keys?
The public key is a 64 byte (512 bit) number derived by ECC algorithm from the private key. It consists of the X and Y coordinates of a point on the curve. However one of these coordinates is redundant, so the compressed key just uses the X coordinate which shortens the public key length by half. In practice both versions are hashed to 160bit hash value in the block chain. If you take a look at the script I linked above, you can see the procedure for generating both the uncompressed and compressed keys/addresses. I assume they are equally secure (others may correct me). The reason that only the uncompressed stfu! was compromised is (I guess) that most people just use this one and the hacker did not bother to build the rainbow table for the compressed one (lazy hacker as the ECC is the expensive part, so the only cost of having both is storage space). Hope this helps. (Yup, crosspost, but not on this topic so I'll post anyway) Almost. For completeness: Since every X coordinate in the finite prime field corresponds to exactly two Y coordinates in the finite prime field, one positive and one negative, it is possible to define the exact X,Y coordinate of the public key by using the X coordinate and a sign indicator to tell you which of the two possible Y coordinates to use. Both forms of the public key are equally secure in that a) they both describe exactly the same information and b) given the X,Y coordinates of a point in either form it is equally difficult to calculate the private key used to generate the public key point. Yes the ECC is the "hard part" of the calculation but going from uncompressed to compressed public key form is trivial and then the extra hashes to calculate the two different public key addresses is also trivial. I expect "lazy hacker" if the compressed form was not compromised. Thanks, it seems to me then compressed is more secure simply since less people use it so hackers less likely to include it in a rainbow table. Clearly, though, that is not a replacement for a strong passphrase.
Whether you use the compressed or uncompressed public key to generate the public key address does not matter at all since the issue here is the passphrase used to create the private key. Given a very large numer of private keys generated from a very large number of common/simple pass phrases they will simply set up sweeps of both versions of the public key address generated from each private key. I still think this thread is very useful - I know you feel people who are new and not tech savvy deserve to lose their bitcoins, but that is not an attitude that will lead to widespread adoption. I would be okay changing it to: "If you use Brainwallet.org - MUST READ! - Security Risk!" if you think that is more accurate. My post was not meant to be libel in anyway, it seemed like a security breach to me at the time and it is a vulnerability with brain wallets more people need to be made aware.
Yes, I think that you should (please) change the title to "If you use any brain wallet - MUST READ! - Security Risk!" as this issue of losing your BTC when using a common/simple pass phrase applies to any brain wallet, not just those from brainwallet.org. The most important thing new users should learn before using Bitcoin is how to protect their key.
+1 Keep your private keys private The issue here was that the passphrase for a brain wallet was too simple. Not that the private key was not kept private. Burt, I am not sure this is correct - when you go to http://brainwallet.org/ and toggle between compressed and uncompressed both the public and private key changes. You cannot use the compressed private key to access the uncompressed public key or vice-verse without changing between the two. |
|
|
|
|
I realize that, if I get a GTX I will not be mining at all.
|
|
|
|
|
Clearly a new solution for the security issues it required for mass adoption for laypeople - the hardware wallets, if they can be made very affordable, will certainly be a move in that direction.
|
|
|
|
|
I do not see how a BFL 60GHZ at 10k will ever make the 155BTC required to break-even - and that is assuming the usd/btc ratio does not continue to decline. The only way I see to be profitable would be to pre-order the next "new" ASIC so you get it before others and then you of course take on the risk of whether the company will actually deliver on time or at all. Not a great risk/reward ratio - seems buying ASICMINER shares a better risk then buying hardware directly.
|
|
|
|
|
Well, I want it to be at least a bit profitable since I would be putting in my 2nd choice graphics cards. The Nvidia GTX 790s are amazing for gaming but are terrible for mining. I am willing to use the Radeon 7990s, which are slightly inferior to GTXs for my gaming purposes, but only if it will have some economic benefit.
|
|
|
|
|
So people will be taking out the PSU and throwing away the rest? It makes it hard to justify purchasing an ASIC if you cannot be guaranteed to get one of the earliest versions of the newest technology. 100% depreciation is pretty unheard of in most investments.
|
|
|
|
|
I am building a high end gaming system. Gaming is its primary purpose, though sadly I work full-time so it will be idle much of the time. I am buying this system regardless of whether I mine a Bitcoin or alt-coin. However, I need to decide on the type of graphics cards to buy. If purely for the point of gaming, I would buy dual GTX 790s since they have higher benchmarks for the games I will be playing. However, dual Radeon 7990s with moderate overclocking will more or less match their performance in most situations for about the same cost.
Will it be profitable to mine bitcoins or another alt-coin with the system while it is idle if I get the Radeon's? Or will the power costs likely cost more than the coins produced, therefore I would just be better off getting the GTXs since I would then not bother mining and take the small gaming performance bonus instead. I do not expect this system to ever pay for itself. I just trying to figure out if I should put in the 7990s versus the GTX 790s if it will be even a little profitable. I keep hearing GPU mining is dead, does that mean power costs in such a setup will outstrip mining profits? My plan would be to sell the BTC needed to pay the increased power bills and then hold the rest of the BTC until they are easier to spend (I dream of amazon accepting them someday).
|
|
|
|
|
When one considers either buying ASIC hardware outright or investing in a mining company, it would be useful to have some idea of book value. You can safetly assume within 18 months (likely generous assumption), almost any ASIC purchased now will be non-cost effective to continue running. I believe if you purchase for example a BFL 60GHZ (I see one on ebay going for about 10k), the chances of making that back in 18 months just off of the coins produced is very little (even if we assume the exchange rate stays around 65BTC/USD which seems optimistic). In order to make a reasonable decision that buying an ASIC now can ever lead to a worthwhile ROI (to me that would be about 25% in 18 months), the question is will these ASIC units have any reasonable re-sale value?
For example, my friend had a GPU miner with 5 7950s, which he recently shut down and has sold the 7950s (just over a year old) for an average of $230 each on ebay - considering they only cost $320 each to buy, that is a pretty minute depreciation of only 30%. That is because these GPUs still have use in gaming and you combine a couple in Crossfire mode, and they can keep up with even the newest GPU cards and a lower cost (especially with some overclocking).
In order for ASICs to not drop to near neglible value, they would need to have some use after it is no longer profitable to mine bitcoins. If the Fiat/USD continues to decrease and the hash rate increase exponentially, this time will likely come soon for the "older" (ie a couple months old) Avalon and BFL units currently in use - especially some of these units are not very $/Watt efficient compared to the newer ASICs being developed. So, I guess the question is: are there any alternate valuable uses for ASICs once BTC no longer profitable. If not, then you need to base your entire investment on the Bitcoins produced assuming hardware resale goes to near 0, which is a much bigger challenge to face than the GPU miners ever had to since they can sell their hardware for about 70% if the original cost.
|
|
|
|
|
It seems to me their is one quick solution which would be to simply compress the blockchain with a known encryption algorithm such as rar (I as an exercise was able to shrink mine to 65% of its original size) and then the client can decrypt in the memory in the fly as needed. Hardly a very cpu intensive task for most modern processors and it can be made a feature that can be disabled at the user's option. It would result in 35% faster downloads and 35% less disk space used at the cost of using the cpu a bit more and some more memory.
This is not a replacment at all for pruning, however this strikes me as fairly quick to implement and should be a part of any solution. Is there any flaw here I do not see?
|
|
|
|
|
I still think this thread is very useful - I know you feel people who are new and not tech savvy deserve to lose their bitcoins, but that is not an attitude that will lead to widespread adoption. I would be okay changing it to: "If you use Brainwallet.org - MUST READ! - Security Risk!" if you think that is more accurate. My post was not meant to be libel in anyway, it seemed like a security breach to me at the time and it is a vulnerability with brain wallets more people need to be made aware.
|
|
|
|
|
Thanks, it seems to me then compressed is more secure simply since less people use it so hackers less likely to include it in a rainbow table. Clearly, though, that is not a replacement for a strong passphrase.
|
|
|
|
|
Btw, can someone expalin to me the difference between the compressed and uncompressed keys? Seems both are accepted by Bitcoin-QT (though uncompressed priv key cannot be used to access compress public or vice-versa). Is one type more secure than the other? In my example, the stfu! compressed version was not compromised, only the uncompressed version was (I channeled the BTC through both bitcoin addresses). The speed (seconds) with which the funds were redirected make it clear it was a bot.
|
|
|
|
|
As I said, it was a small loss - the equivalent of $12. Could have been worse and hopefully others will learn from my errors. Still, a warning on the website about the need to use a strong passphrase would be a good idea. Ninja's bitaddress generator will not even create codes for such short passphrases I see to protect newbs from themselves.
|
|
|
|
|
hey guys,
Sorry I just logged back on. As I said, I was just fooling around so I did use a very short passphrase "stfu!" just to see how it works and I imported in into Bitcoin-qt using the importprivkey command. I actually made two keys from this - one with Point Compression and one without Point Compression - only the uncompressed address was compromised.
Anyway, newbie mistake - glad I learned it on .178BTC as opposed to much more. Though this experience has taught me a brain wallet not for me - any phrase I could remember would not be secure and if I added enough misspellings and character substitutions I would likely forget it eventually. Will just stick to my paper wallets I generated offline using Ninja's script at bitcoinaddress.org
I feel better actually, since even though all my trojan scans came back negative, I was still worried maybe somehow my computer was compromised. The only compromise was my noobness! Hope others learn from me error.
mechs
|
|
|
|
|
I don't think you can download the script from the site. Regardless, whether it is the website author or a hacker, the site is compromised. I don't think it had anything to do with my wallet.dat password being compromised - it is a very long, secure password and I do not believe there are any trojans on my system.
|
|
|
|
I decided to mess around and make a brain wallet. I used the website www.brainwallet.org. Supposively, this javascript is client side only. Anyway, I made a brain wallet and decided to test it. I moved my spare change (I keep most of my BTC in cold storage) about 0.178 BTC to the new brain wallet I made "15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2". Literally within seconds, it was moved to a new bitcoin address not owned by me "1Lp3S4PajwhuFCyrAXSFdVGxLuqTsXtVQC" https://blockchain.info/address/15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2I am very security conscience and am certain my wallet file was not compromised. My only thought is the brainwallet website has been compromised instead and some bot is stealing the private keys generated there and then instantly transfering any funds deposited to these compromised wallets to their own bitcoin addresses. DO NOT USE www.brainwallet.org and if you have used it, then immediately move your funds to a new location ASAP. I am not complaining though, I only lost 0.178BTC - it could have been much worse. |
|
|
|
|
Show Posts
