|
242
|
Bitcoin / Wallet software / Samourai Wallet is accessing to the Clipboard without permission (SOLVED)
|
on: October 27, 2023, 10:49:11 PM
|
Concerns about Samourai Wallet (Access to Clipboard without permission) Hi guys i just want to let you know that I am deinstalling Samourai wallet from my android device, an also i am moving my utxos from that Seed to my cold wallet Why? I just noticed that Samourai wallet is Accessing to the clipboard with permission and without asking and without trigger.. How? Some days ago I just activate one android option to alert me every time that an APP access to the clipboard, so when i do a long press in the touch to paste some informacion in the clipboard i get an screen notification " APPNAME pasted from your clipboard".  Almost all Apps work fine without any suspicious activity in this way, BUT i just notice that Samourai Wallet just do that at when you open it check the image:  When that notificacion pops? When I start the samourai wallet for the first time after unlock the pin screen, without doing anything else, that notification appears What do you thing about this behaivor of that APP ?
Edit: Looks like they do a clipboard check for your "security". In my Opnion this should be optional and only activated at the user request. |
|
|
|
|
244
|
Economy / Service Discussion / Re: Risk/AML score
|
on: October 27, 2023, 05:30:24 PM
|
damn, we need to urge to our acquaintances to start to use its own non-custodial wallet. The last weekend i teach to my brothers to use electrum, I send them some mBTC we play a little with it, also we start to playing cards and make some bets with amounts of 10000 sats, that was a little funny I don't think we need to check the risk/AML score when we're want to receive or trade, especially using P2P no KYC.
Agree with you, as i write before that maybe only be necessary if you want to cash out that balance through some CEX, but only if you have some suspicious about the source of it. |
|
|
|
|
245
|
Other / Beginners & Help / Re: UTXO Management Best Practices
|
on: October 27, 2023, 05:21:40 PM
|
I was simply wondering if there is a general idea of how large a UTXO should be.
How large? Did you reffer to the amount to put in each utxo? Well in that case it depents of how much are you willing to spend in the future, for example right now 100 USD are like ~296000 sats  So if you are going to expend less than 100 USD you can use utxos less around that amount, And maybe some 1 or 2 utxos with some x2 or x3 of that amount, just to get some options at the spending time. All of this is upto you and you are going to receive a lot of mixed opinions, so try to read all of them and form your own opinion Bluewallet wallet has coin control. Available both on Android and iOS. Also on MacOS. On mobile and other online wallets, little amount of coins is advised.
Thank you i am going to test it later  |
|
|
|
|
246
|
Other / Off-topic / Re: passwordstore an open source password manager
|
on: October 27, 2023, 05:10:41 PM
|
I don't know if that's enough. I have seen many cases where people faced hardware failures, software bugs, and other issues that caused them to lose their funds.
We never know who many its enought (Murphys law is always present), other may tell you that having a lot of backups is also worriedsome because you have multiple points where something can fail. Memorizing seedphrase can be seen as a bad idea. What if you get into an accident, or what if you get memory loss as you age?
I know that is why its not my only method. I had one question, though, how are your heirs instructed?
My wife had the seed, and I instructud to two of my friends (trusted ones) to help her in case that something happended to me, since she doesn't know much about technology You can lock your assets for a fixed amount of time. It can only be accessed after the lock period has ended.
I know this, i read the post of loyce about time lock transactions. And actually i alreay tested for me its good, but its a little complicated for my friends i teach them how to use a wallet like electrum and sparrow but i don't want to confuse them. I think the topic is getting a bit off track, Somebody had used password store? I think that i can made some video of how to use it. Also i thing that i can open a bounty for this tools to anyone who found some vulnerability to it. I don't have much but I can allow some sats for it. What do you think? |
|
|
|
|
247
|
Other / Beginners & Help / Re: UTXO Management Best Practices
|
on: October 27, 2023, 04:56:13 PM
|
|
This is some kind of repetitive topic, There are some two or three opions for this.
If you care about your privacity then some wallet like Samourai wallet can help you to automatically construc some Stonewall transaction but this may be some expensive when fees are high
If you are more worried about savings then you can use only one or two inputs in each transactions to one or two destinations (One of them your change address)
If you are using PC you can use Sparrow wallet that have a really good coin control, But also some other wallets can be helpful like electrum.
|
|
|
|
|
248
|
Other / Off-topic / Re: passwordstore an open source password manager
|
on: October 27, 2023, 04:02:23 PM
|
If you die, will your heirs have access to it?
Yes, they already had instructions to do it. Do you have a second back up I'm case your computer burns? Or if your house is on fire?
I have 2 backup, one in my house, and other in my parents house, also i memorize my 24 seed with some funny phrases I know that it is a difficult topic, a lot of opinions and ideas about this. And the debate is really good |
|
|
|
|
249
|
Other / Off-topic / Re: passwordstore an open source password manager
|
on: October 27, 2023, 03:18:01 PM
|
It is better in beginners and help. Move it to beginners and help.
Yeah, you are right it fits better here in Beginners & Help. Is there any script allowing us to generate GPG private/public key pair offline? What are the curve parameters for GPG etc?
Would this tool also store the GPG key as well? Isn't this a bit risky to keep all the keys/passwords you have in a single place? What if GPG has a backdoor?
GnuPG is a cryptographic suite that allows you to work with different cryptographic schemes. Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2 It can use some different Asymetric cryptographic suites like RSA, ECDSA and EDDSA and other... It can use some different Symetric suites likes AES256, BLOWFISH and others It is actually very secure, common more than 20 years in the Open Source comunity. |
|
|
|
|
250
|
Other / Off-topic / passwordstore an open source password manager
|
on: October 27, 2023, 02:04:22 PM
|
Note for the moderator, since there is no one cyber-security Board i put this topic here because i believe that this tool can be used to backup seeds, passwords, passphrases, privatekeys and other secrets
Hello everyone, I want to share with you one simple tool to store passwords securely.https://www.passwordstore.org/If you don’t know it, password store is an open source project written in bash that uses GPG to store passwords encrypted with your GPG private key, that means that only you will be able to decrypt them. I like this tool because it is a command line tool, i can use it on Linux, Windows (WSL) and Android (Termux) . It can be synchronized between devices with a git, so that means you can have a unique password repository in all your devices. You only need to have the same GPG private key between them. You can edit the password store using ordinary unix shell commands alongside the pass command. There are no funky file formats or new paradigms to learn. There is bash completion so that you can simply hit tab to fill in names and commands, as well as completion for zsh and fish available in the completion folder. The very active community has produced many impressive clients and GUIs for other platforms as well as extensions for pass itself.
So it’s a simple a bash tool to organize password stored in individual files encrypted with GPG Password store already have some years: Initial release: September 4, 2012; 11 years ago GnuPG also have more years: Initial release: 7 September 1999; 24 years ago With those years in the market most common bugs should be already fixed and almost all security flags also were already catched I am using this tools to manage my passwords and other secrets like seeds and private keys, maybe some of you will point to keepass or some other private solution like 1Password, but i like this because its originally a command line tool and I can use it on all my devices, Linux, windows and android. Obviously it needs to have its precautions, like backing up the GPG private key securely and other things all depending on how paranoid you are with all those things.
|
|
|
|
|
251
|
Local / Español (Spanish) / Re: Comenzando un mundo nuevo: Cryptos!
|
on: October 26, 2023, 09:23:39 PM
|
Buenas, antes que nada bienvenido, vi tu post en la seccion del Norte (En ingles) donde pides ayuda por tu situacion economica en Cuba. Veo que la recomendacion de escribir en la seccion en español no cayo en oidos sordos. Enhorabuena! Hablando de transacciones de en la red de Bitcoin voy a tratar de explicarlo de una manera sencilla y posiblemente omitiendo muchos detalles Para validar las transacciones se hacen mas o menos los siguentes pasos: - Se valida que la transacction tenga el formato adecuado - Se valida que los utxos que se incluyen esten sin ser gastados (No Doble gasto) - Se valida que las firmas en la transaccion sean validas y correspondan con la llave publica de la direccion que esta haciendo el gasto. - Sa validan otras condiciones variadas referentes al consenso de la red, ejemplos NO gastar mas balance del que se tiene, Apartar la cantidad de fee minima, entre otras. Las transacciones son registradas por los mineros, estas se incluyen en el bloque solo si pasaron todas las pruebas antes mencionadas. Si la transaccion paga una comision minima y la red esta congestinada es posible que tarde bastante en ser incluida en un bloque. Cualquier persona puede minar si, sin embargo hoy en dia se requiere mucho poder de computo para realizarlo por lo cual no es barato entrar al mundo de minado de bitcoin hoy en dia. Basicamente se requiere todo un centro de computo de gran escala y especializado para realizar la operacion. La Operacion que realizan los mineros es encontrar un hash de sha256 que contenga cierta cantidad de ceros a la izquierda, este hash debe de ser el resultado de hashear la cabecera del bloque la cual debe de incluir el hash del bloque anterior. Pero no quiero entrar en temas mas tecnicos para no confundirte Te recomiendo darle una leida al libro: Mastering Bitcoin 2nd Edition - Programming the Open Blockchain https://github.com/bitcoinbook/bitcoinbookSi tienes mas dudas preguntalas, aun que la mayoria podrian ser repondidas por el libro antes mencionado. Sin embargo si te atoras no dudes en pedir una mano por aqui. Saludos! |
|
|
|
|
253
|
Local / Español (Spanish) / Re: Un hombre asevera tener 100 BTCs inaccesible por no acordarse de su mejor amigo
|
on: October 26, 2023, 05:52:38 PM
|
Y luego se despertó y seguía lloviendo a cántaros en Inglaterra …
Todas estas noticias son una chapusa, venta que el hecho de no saber que direccion de bitcoin tenias en ese momento ya da mucho que sospechar... ejemplos como estos abundan: Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!?Sinceramente creo que es necesario que exista mas educacion al respecto sobre la administracion de passwords, secretos y demas datos importantes, tal vez hace unos años las contraseñas y cuentas solo servian para almacenar cadenas y fotos familiares, pero desde que la informacion se puede traducir en millones o ya minimo en algunos cuantos miles  Es necesario crear conciencia de que tu informacion es valiosa. |
|
|
|
|
254
|
Bitcoin / Bitcoin Discussion / Re: Bitcoin Surpasses Tesla, Ranks 11th Globally
|
on: October 26, 2023, 05:33:50 PM
|
This is not investment advice and you should make your own investments based on your own judgment.
hahaha good one. We all know that bitcoin will surpass all those companies. It is just a matter of time. Doesn't matter if it is at the end 2024 or 2026 at least it doesn't matter in the long run. At that time some users will regret not buying more sats back then. |
|
|
|
|
255
|
Local / Español (Spanish) / Re: Encuentra Criptomonedas Perdidas
|
on: October 26, 2023, 01:19:23 PM
|
según argumentaba, contenía todas las claves privadas de bitcoin del mundo mundial
He leido ese argumento varias veces, es gracioso por que mucha personas realmente piensan que si estan almacenadas ahi todas las llaves listas para filtrar por saldo y todo el rollo, incluso me han buscado para que le diga a ciertos admins que si pueden vender la base de datos  Imagina la cantidad de de Yottabytes que deberia de pesar una base datos asi. |
|
|
|
|
256
|
Economy / Service Discussion / Re: Risk/AML score
|
on: October 26, 2023, 12:34:33 AM
|
The Risk/AML score is just bullshit
It's a tool used by Governments and centralized exchanges
I totally agree with you, but just think in this, there are member in this forum on signature campaigns that need some income and they need to cashout that money to use in a daily basic spends. I hope none of them have problems by sending their balances to those CEX. I've reading a lot histories of people who get their balance frozen for months. In conclution if yuo aren't going to cashout your crypo then you don't need to worried about AML reports, but if you need to cash it out badly then you need to try to check that balance before get it frozen on those Exchanges |
|
|
|
|
257
|
Local / Español (Spanish) / Re: Encuentra Criptomonedas Perdidas
|
on: October 25, 2023, 04:47:26 PM
|
si quieres que el software corra mas rápido necesitas pagar entre $200 y $500 dolares para la versión premium, y no solo eso, sino que el software viene infectado con un troyano
Yo me pregunto en que punto no saltan las alarmas de que es una estafa por que aparte de pagar, terminas infectado y si tu tienes algua cartera en tu equipo esta muy probablemente va a ser enviada a los estafadores. Tan solo un es cosas de logica, si crackear carters fuerta tan facil el valor de las monedas como bitcoin fuera de CERO. Cualquiera que se haya leído lo básico sobre el tema sabría que el propósito de los algoritmos como SHA, son justamente ser resistentes a ataques de fuerza bruta.
Aqui el algoritmo al cual se le hace fuerza bruta es ECDSA + SHA256 + RMD160, lo cual es mas seguro. |
|
|
|
|
258
|
Economy / Scam Accusations / Re: Careful scammers and hackers using mail spoofing
|
on: October 25, 2023, 04:32:43 PM
|
So what happens when hackers somehow gain access to that password manager? That has made you very vulnerable.
Trusting a third-party app is never a good idea.
The files are encrypted with GPG and those can only be decrypted with my private key (I already tested it) , the private key that is also encrypted with a master password, the password manager is open source, I already checked the code and there is nothing suspicious on it. The security of this is that the GPG code is also opensource, and it is widely tested over time. |
|
|
|
|
259
|
Economy / Service Discussion / Re: Risk/AML score
|
on: October 25, 2023, 12:17:22 PM
|
The AML reports on bitcoin address are ambiguous, i requested some days ago a report over my public address: AML report This address has only received incomes from the Campain of Yo! mix  There are two exchange records, one with 58.3 marked as trusted source and other with 15.5% marked as suspicious. Maybe the second doesn't have implemented KYC or something like that. So at this point i don't know if cash that balance through a CEX or not. By the way why is this topic on Service Board? |
|
|
|
|
260
|
Bitcoin / Bitcoin Discussion / Re: Instagram Banned Bitcoin
|
on: October 25, 2023, 04:04:13 AM
|
|
I have mixed opinions
Actually I agree with some users that there is no need of discusion of bitcoin on a shitty Sotial network like instagram.
But remember that bitcoin needs mass adoption and reach more people in roder to get less volatility, also there is no such thing as bad publicity.
So as a bitcoiners we need that bitcoins become more popular outside of our circle.
|
|
|
|
|
Show Posts
