I thought about multisig, but I don't think it will really solve the problem. (Also not 100% sure but I think I can still add multisig even now if I wanted to, just need the public keys of the other signers)

Suppose I multisig 3 users together and then it takes say 2 of the 3 of us to withdraw the funds...then one day someone like Elon Musk drops $1,000,000 bitcoin.

It's going to be awful tempting for those 3 users to simply get together withdraw the funds and split it between the 3 of them.

Similar problem with smart contracts, I could do some type of script/contract then the funds are released when say a specific message is signed  with the private key, but again, if the bounty is high enough, can still work around it, setup a second wallet and 'impersonate' being someone else.

Technically once someone tries to convert the coin to fiat, that last transaction will have a real person associated to it, and the company, coinbase or whatever will know who that was, but it could have passed through hundreds of transactions before that.

It seems that while bitcoin provides transparency, and while I can 'prove' that I own a particular address, there is no way to 'prove' who made the withdrawal.

No matter what way I think of it, there still seems to be a need to have a 3rd party 'trust'

I fear Cory Doctorow might be right in his recent blog article -  https://onezero.medium.com/the-inevitability-of-trusted-third-parties-a51cbcffc4e2

A good point! - Although I have no intention of touching the bounties in any way


I am open to ideas/suggestions on how I could 'prove' I cannot withdraw things myself?

I could for example claim that I destroyed my copies, but is there a foolproof way of proving somehow a withdrawal doesn't come from me later?

The purpose of the keyfile is to 'simulate' what I hope a large security company would do when storing my data. ie: they would have a 'vault' of some sort with a 'master key' that all of their  encrypted dat for users is stored in above and beyond my storage itself.

Hindsight being 20/20 -- I should have used the keyfile on the truecrypt container, to better simulate the idea, but oh well.

Update 1 : Well as of today both wallet balances remain fully intact.

Update 2 : The receive QRCode/ addressees above for 1password and lastpass were reversed so I fixed it

Update 3 : KeePassXC Bounty added

Several people have recommended KeePassXC - Thanks - I have started using it and it is amazing. In addition to just storing passwords, it also does TOTP (Authenticator) and automatically pushes keys to an SSH-Agent.  

So, in that same spirit I created a new bounty for KeePassXC.

To simulate the 'secure online storage' I have put a KeePassXC wallet on dropbox. The login of the dropbox account is



The password of the dropbox is of the same size, and special characters as the 1password and Lastpass.

In addition, the keypass database is protected with a master keyfile. The keyfile is made up of up to 5 key####.dat all of which are also within the dropbox.  A specific order of the .dat files must be combined to make the master key, and not all of the keyfiles may (or may not be used).

For those who do not wish to attempt to 'hack' dropbox itself you can also grab the jpg image at this torrent - https://archive.org/download/keypass-bounty/keypass-bounty_archive.torrent

Inside that jpg image is a zip file, inside that zipfile is a Truecrypt container (keypass-bounty.img).  The password for the container was created from the GRC Perfect passwords - https://www.grc.com/passwords.htm  - 63 random printable ASCII characters:

Once the truecrypt volume is successfully accessed. The same Keypass database,password and 5 master key files exist as in the dropbox.

Inside the KeePass is 2 recovery phrases - one for a BTC Wallet, one for a BCH (Bitcoin cash) Wallet, and a $20 voucher to tryhackme.com

Unfortunately - I did not have as much bitcoin for this one, you can donate more through this QR Code



Note: If the 1password bounty is not successfully accessed within 1 year (Jan 2023), I will transfer the contents of  that bounty into the KeePassXC bounty (because i don't want to kee paying yearly for a 1password system I am not using)

The bounty balance (BTC) Can be found here : https://www.blockchain.com/btc/address/1ESYzsQzNQHXXpstzMiQB625Aptd7ZMgq4

The bounty balance (BCH) Can be found here: https://www.blockchain.com/bch/address/qpd8x8gu9tuhqqsvg6ft6e43e5h7gl3kgq9ete0sut

Good Luck!


I think this challenge will get very interesting as the price increases for all of these crypto's over the next couple of months  

Yep I agree, that is why I included QR codes for both bounties, anyone who wants can send to those addresses and increase the bounty.

Presently (and ironically be design), if you win the initial bounties you could use it to pay for a 1 year subscription to each service :-)

It's more about likelihood and trust in the service - then anything else.

All systems can be hacked, all data online can be stolen, but if the data is encrypted by the service provider using a complex password that only I know, then the time it takes to crack becomes technically unfeasible in a brute force attack (given a sufficient security model)

Neither service should have any knowledge of the master password, both services claim they have no knowledge of the master password. Therefore, if the information is stolen it is because of something I did wrong on my end that gave up the password (eg: phishing etc.)

Yep LastPass has been breached, and perhaps even copies of people's encrypted vaults stolen. Perhaps even some of those were stolen in 2005 such that 16 years later brute force was able to identify at least some of the users who had weak passwords.

It is my assertion that the time it would take to access the accounts created above would take more then my remaining lifetime on earth before the data can be accessed. If I am correct then LastPass/1password is providing the correct transparency and security as stated on the website/terms of service.

If I am incorrect, well then, I guess we shall see.

The question remains just how long will it take for someone to find out the keys

1 day
2 weeks
4 months?
1 year?
10 years?
100 years?

My personal bet is somewhere in the 70+ year range, though who knows what will happen in the next 70 years :-)

The other day I tweeted a security tip to remind folks not to use real answers to password reset security questions, and suggested they can store their answers in a tool like LastPass. No sooner did I tweet this then I got this response



I had never heard of this #LastPassHack so when I looked up to it - it send me to a hacker news article from Dec 26, 2021, apparently talking about the apparent compromise of users master passwords.

Except - This should be impossible - since LastPass should not be storing in anyway the users Master Password, so this brought into question a service I have been using and storing data in for many years... could they be lying to me?  should i switch to another service like 1password?

To help answer this question, I decided to setup a little crypto bounty.  If you know how to discover the master passwords of a LastPass or 1password account. I invite you to prove this yourself (anonymously)

I setup 2 accounts, one for LastPass and one for 1password. Inside each of them, I stored the backup phrase for 2 wallets. The 1password one is bitcoin, and the LastPass one is Ethereum.

Bitcoin Bounty Balance: https://bitcoinexplorer.org/address/1PKF8K1e1BFsBpkjXEWVoGgCdWuqqCKc5C ( 0.00107999 BTC at the time of deposit)

Ethereum Bounty Balance: https://www.etherchain.org/account/29cea040fAC4839DAc550558d1A88Afe27bb1466 (0.01702 ETH at the time of deposit).

All you have to do is discover the passwords used for either, access the crypto, and then do a withdrawal of the wallet to win the bounty and prove that one or more of these services are indeed leaking master passwords somehow.

The email addresses used for these vaults are:



The password length is the same for both accounts, and both use the same number of numbers and special characters.

Disclaimer - This is not an invite to hack either of these services, but if you do know how to exploit some type of security flaw this is your opportunity to 'put your money where your mouth is'

If you agree with and want to join in, feel free to make additional deposits to the bounty using these QR Codes



Warning: Money deposited here will not be refunded!

I have, what I think is a very simple proposal.

I belong to several exchanges including coinbase, and ndax.io.  All of them now implement the Know Your Customer (KYC), which require me  to provide several forms of proof of identity before allowing me to exchange/withdrawal my coins.

I need to go through this process several times with each exchange which means sending my identification issue multiple times.

I propose that once I successfully pass the validation that I be able to submit a certificate signing request back to the exchange.

The exchange would then grant me a personal X.509 certificate for signing.  The certificate would be signed by the exchange as a 'root certification authority'.

This would then allow me to use the certificate for signing documents which would then go up the chain to the root ca (ie: the exchange) which already verified by identity through KYC.

Additionally, when I wish to use a new exchange I can sign a document with my issued certificate and submit that to the new exchange, which can (if it trusts the other exchange) accept my credentials/identify as proven by the root CA (preventing submitting identity details over and over).

Any exchange can very easily set it self up as a root CA and they would be in the best position to issue / revoke the certs as needed.

I think it would be a win both for the exchanges and for the individual validating his/her/their identity.

Here is a good tutorial on how to make transfer work, it uses GoDaddy as an example

https://blog.hubspot.com/website/how-to-transfer-domain

Sadly  no one else pledged with me.

I sent 25 doge instead.

Maybe next time 🤔

https://chain.so/tx/DOGE/195fef580f830422a20711bacca844f24e0dfc98828b3fd4f3621baa1a08a04b

For my 50th post, I am pledging to donate 100 dogecoin to the Dogecoin Folding @ Home project - https://www.dogecoinfah.com/

I will donate if I can get at least 10 others to donate the same (or more)

Who is With me?

Donation will occur on Monday Aug, 30th 2021 12:00PM UTC - If enough people make the pledge in the comments below.

I have always been a fan of Folding @ Home which uses a distributed computing model to analyze 'fold' proteins applicable in a wide variety of scientific areas of study. (Particularly in fighting disease)

I realize it's a little wrong to answer my own question, but I figured it out with members of the Blackcoin discord channel.

With Blackcoin's Proof of Stake, each coin is like a 'lottery ticket'.  When you 'win' the prize of being allowed to commit a block, you get 1.5BLK

But what actually happens, is that a transaction is created (with both your address as the 'from and 'to') which includes the total amount you had staked plus an output for the 1.5BLK

This new balance then gets moved into a 'holding' area in your wallet, which is thy blackmore-cli getinfo returns 0 balance.

BUT blackmore-cli getwalletinfo still shows the correct total balance but it shows in the 'staking-balance' section

It shows therefor about 9 hours (ie: you can't play the staking game again until the 9 hours are up).  After which the coin goes back into your 'getinfo' balance and the staking occurs all over again.

So nothing was 'stolen', it's just the way the staking protocol works.

And I committed my first block to the chain 

The balance of getinfo is back now, and I wanted to let anyone else know in case they have a similar 'issue' perhaps this thread will help

So on August 20th, I was able to find some blackcoin on the Bittrix exchange.  I setup my own node on my system, and sent my blackcoin into it, and enabled it for staking.

Last night (at about 2AM), my balance went to 0.00

The ledger shows a transaction log b53f8847cf37de262455e2edfecccfc49dae6efe57b4a55e5853ecba33412c43

All my blackcoin was transferred to another account?

I am uncertain how this could happen or what went wrong. My private key was not shared with anyone, so how did my wallet get accessed and the transfer get accepted ?

Yeah! This worked. Thanks so much to everyone for the tips!

The only think I did different was import the private key into metamask, not trust wallet, and then add the Safemoon token details to it.

Much appreciated ! 

I wanted to try 'Safemoon' , so I bought some over at 'BitMart'.  I then setup a wallet on coinomi and entered the token details manually as per the instructions on the site using the contract key

I then transferred out of BitMart and to the coinoimi receive address.

The funds never showed up. 

Then I realized that I had setup the altcoin in coinomi on the ETH network and apparantly Safemoon uses the Binance (BNB) Network.

So the money does "sit" in the address on the BNB network, but does not show up in my coinomi wallet.

Is this a recoverable situation ? or just a dumb lesson learned?

Tks.
Brad D. :-)

How are 'wild' creatures under the control of man? - Isn't the fact they are not under the control of man what makes them wild?

Okay, but when consensual sex occurs, there is ALWAYS potential for pregnancy (whether contraception is used or not).

I would argue the goal of sexual intercourse is to reproduce the species, if you use contraception you may 'successfully' prevent that potential child from being born, if you do not use contraception and become pregnant and then instead take a morning after bill, you also prevent the child from being born.

Why is it 'more' acceptable to prevent the biological imperative of sperm and egg to connect at all, then it is to destroy the union of these two gametes ?

I believe many people if asked 'which species is the most evolved' would answer 'human'

But what is the measure of 'most evolved' ??

If "the most evolved" means the species with the most population, then 'bacteria' is likely the most evolved, as their are millions (billions?) more bacteria then humans

If "the most evolved" means the longest lifespan, again humans loose, their are many species of trees for example that have lived for well over 300 years (when humans are not cutting them down'

If "top of the food chain" is the answer, again, throw the average human out into a wild forest, it becomes clear that he is not at the top of the food chain. Often it takes multiple humans together to defeat other animals, OR a specific technology that human uses (eg: gun), but the human with the gun was not the human that invented it.

If mutations in genes lead to changes, some of which survive and some of which do not, is it even possible to rate a 'level' of evolution? Are some species even more evolved then others? Are the 'extinct' species the ones that were 'less evolved'??

First - ask yourself this question..

Can you change the expectations - the 'trajectory' of your life - simply by controlling what you choose to think about? - What you choose to let into your own mind ?

Second - to help on this journey, I suggest Dan Miller's book '48 days to work you love' and his related podcast.

Third - After completing the 2 items above, come back to your original question - and reframe it based on your new 'found' knowledge. I believe once you this you will be able to seek the crypto experience you are looking for.

Good Luck!

There are far worse consequences to sex without protection then pregnancy