Every transaction destroys old outputs and creates new ones to replace them.
The act of spending bitcoins destroys them.
|
|
|
Anyone know if the upcoming Trezor will fix this problem?
IF there are no hardware vulnerabilities which an attacker can exploit, it will fix the problem.
|
|
|
i know some people who are familiar with firmware and the best idea i've had so far is to use serial ports and then disconnect them when done. serial ports that run up to 115200 baud often have no (afaik) firmware that has an externally accessible attack surface.
Maybe I shouldn't have thrown away all my old motherboards that still had ISA slots so that I could build an offline machine with a non-soft modem.
|
|
|
Bitcoins can not really be stolen.
Private keys can be stolen via unauthorized access to someone's computer (malware).
Contracts can be broken, such as the implicit agreement between an exchange and the customers who deposit funds there.
That's all outside Bitcoin though. Bitcoin is just a timestamping and script processing engine.
Bitcoin has no concept of the validity of a transaction beyond the question of whether all the scripts evaluate correctly.
Legal theories are of limited use here, since they are geographically-limited and Bitcoin is global.
The only effective use of resources in this matter is prevention, not recourse.
|
|
|
The danger is that since nobody in the hardware industry gives a shit about security, it's conceivable for malware on your online machine to infect a USB stick at the firmware level, with malware that infects your offline machine's motherboard (also at the firmware level) as soon as you plug it in. All of this would happen at such a low level that your OS can't do anything about it.
Manually typing in the unsigned transaction is probably safe, but is the most tedious thing imaginable.
Printing it out and then loading via OCR is probably safe too, as long as the OCR app is thoroughly vetted for bugs and vulnerabilities.
Transferring the data via an audio cable might be ok, but since audio has never been security-sensitive before nobody has spent a lot of time auditing that subsystem for exploitable vulnerabilities so we don't really know how safe it is.
tl;dr: PC security is virtually non-existent right now, and not likely to improve any time soon.
|
|
|
I'm not an expert, but I'm pretty sure the only time you have to write anything is when the USB is in the offline computer. I'm talking about using Electrum or Armory offline, I'm not sure about other methods. You create the transaction offline and write the file it gives you to the USB. Then turn on write protection and put the USB in the online computer to finish the transaction. Pretty sure you don't have to write anything to the USB while it's in the online computer. Correct me if I'm wrong about this.
Nope. An offline computer by definition does not have access to the blockchain, therefore can not create a transaction. Transactions need to be constructed online, then moved to the offline computer for signing, then moved back to the online computer for broadcast.
|
|
|
In what way does a write-protected USB stick prevent malware from spreading between the online and offline machines?
The way I understand it is that you turn off the write protection when you put the USB in the offline computer (assuming you have an offline computer that has never touched the internet), so you can copy the signed transaction (using offline Electrum or Armory). Then you turn on the write protection when you put the USB in the online computer to complete the transaction, so no data can be written on the USB drive while it's in the online computer, it can only read data. This could protect against something malicious being written on your USB stick while it's in the online machine. And how do you get the unsigned transaction from the online machine to the offline machine in the first place?
|
|
|
In what way does a write-protected USB stick prevent malware from spreading between the online and offline machines?
|
|
|
So this is good for common chinese folks, but not good for big chinese corps who want to invest, why is government doing something that is not good for big corps? This is not common in western world that's for sure. How is chinese government going to profit from this, from common folk?
Can Chinese corporations not invest in commodities?
|
|
|
I thought part of the appeal of Bitcoin was that your coins couldnt be seized or frozen as long as nobody knows your wallet password...
One you hand your coins over to somebody else to manage for you (deposit them in an account on some web site), they aren't your coins any more.
|
|
|
Somebody is desperate to buy back in at a lower price...
|
|
|
Even if you can create a BTC-China account. You won't be able to withdraw to a chinese bank account anymore. Is that really the case? I wouldn't have expected Bobby Lee's statement to be as upbeat in that case. http://www.bloomberg.com/news/2013-12-05/china-s-pboc-bans-financial-companies-from-bitcoin-transactions.html“We’re happy to see the government start regulating the Bitcoin exchanges,” Chief Executive Officer Bobby Lee of BTC China, the largest Bitcoin exchange in the country, said today in a phone interview before the PBOC announcement was made. Regulations would be for “the good of the consumer,” he said. BTC is seeking recognition of the currency so it can be used to buy goods and services instead of being used for speculation, he said.
New rules for Bitcoin may not clarify Bitcoin’s legal status as regulators are divided over the issue, the people said. People are free to trade Bitcoin even as China refrains from recognizing it as a currency in the short term, PBOC’s Deputy Governor Yi Gang was cited by the 21st Century Business Herald as saying last month.
|
|
|
Can anyone tell me how this is going to affect BTC-China and other Bitcoin exchanges which operate from China? http://www.bloomberg.com/news/2013-12-05/china-s-pboc-bans-financial-companies-from-bitcoin-transactions.html“We’re happy to see the government start regulating the Bitcoin exchanges,” Chief Executive Officer Bobby Lee of BTC China, the largest Bitcoin exchange in the country, said today in a phone interview before the PBOC announcement was made. Regulations would be for “the good of the consumer,” he said. BTC is seeking recognition of the currency so it can be used to buy goods and services instead of being used for speculation, he said.
New rules for Bitcoin may not clarify Bitcoin’s legal status as regulators are divided over the issue, the people said. People are free to trade Bitcoin even as China refrains from recognizing it as a currency in the short term, PBOC’s Deputy Governor Yi Gang was cited by the 21st Century Business Herald as saying last month.
|
|
|
It's not even bad news, is it?
Individuals in China are free to trade Bitcoins. Banks can't offer Bitcoin-based services. Bitcoin exchanges will need to implement AML/KYC policies.
|
|
|
probably someone at reuters has a bunch of bids at 800 It was Bloomberg that had the most sensational Twitter post.
|
|
|
Well the message on BloombergNews twitter is "BREAKING: China bans financial institutions from Bitcoin transactions" which is different than "warned" so it's either bad/false reporting, a hack, or China have changed tactics and are outlawing something...
Or a Bloomberg employee wants cheaper coins.
|
|
|
Eh, this really doesn't seem like a big deal. It will be portrayed as a huge deal though, to attempt to incite a panic.
|
|
|
|