Error opening file for writing
c\programme files\bitcoin\bitcoin-qt
Click abort to stop the installation
The same error comes up for each file the installation tries to install. May be my anti virus???
It usually happens when the program is still running and thus it cannot be replaced. Is the instance still running? Can you try rebooting your computer? |
|
|
|
Thank you so much for your answer this helps so much.
Please tell me then, when I want to target clients in Singapour should I use English, Mandarin or Malay?
English. All the best! |
|
|
|
I don't follow the logic of putting these files in the USB drive. If you put your wallet on the USB and then move the USB back and forth between your two devices, including the one which has internet access, then you have completely negated the whole point of an airgapped setup.
For transferring transactions back and forth, the most preferable solution is to use QR codes and a webcam, to eliminate the possibility of accidentally transferring malware or your private keys on the USB drive. You can buy a Raspberry Pi camera module for $25.
I'm not sure what's the configuration for the maximum size of QR codes in most wallets but I believe if the size of the transaction is too large, it would reach the limit of the maximum size allowable for the QR code after the error correction. Could be a bit difficult to scan for the QR code if the display/camera has a low resolution or if it's too small. You can probably use a different encoded string within the QR code for a larger size but can be slightly more complicated. |
|
|
|
I'm happy I have taken the correct precautions but was trying to avoid a full Bitcoin Core download and sync as I don't have enough room on my laptop to sync the blockchain. I'm not sure if I need to sync the whole lot as these would have been mined very early on. I'm also having trouble installing Bitcoin Core on my laptop for some reason?
Yes, but you can prune it to save the storage space, though you'll still take some time to synchronize. If you are absolutely sure you don't have any transactions after a certain timeframe, you can wait until Bitcoin Core synchronizes until that period of time and determine which addresses have Bitcoins. You can dumpwallet and import the addresses into a SPV wallet like Electrum. What errors are you having? |
|
|
|
But one important attack vector is the online machine it is used with. While in theory there shouldn't be any way to compromise the device from an online pc, this shouldn't be completely ignored.
Especially phishing attacks can work pretty well. And a vulnerability in the microcontroller and/or secure element can make the hardware wallet insecure when used with a compromised PC (which it is made for).
This attack vector only applies to hardware wallets, but not to air-gapped wallets.
I wouldn't consider a hardware wallet as secure as an air-gapped wallet solution.
Definitely, I won't consider anything impossible when it comes to security. If the attacker can compromise the hardware wallet with a vulnerability in a secure element and without physical access, then it would be terrible. I hope that it wouldn't happen and it's probably why some hardware wallets are able to be run with an airgap as well. If that's the concern, then I guess that'll make it more equal. Some APTs and malwares has demonstrated their ability to jump airgaps. Definitely possible and has been done but it's quite a lot of work, would've been easier to just compromise the OS itself. What I think could be a potential concern other than the sidechannel (I've mentioned that enough and I know secp256k1 mitigates some of it), is that despite the ability to encrypt the files, which should be viewed as a workaround other than a mitigation, there isn't any way to ensure that the files cannot be extracted from the device, I believe you can clone the HDD/SD card to try it again and again. As you've mentioned, the seeds are stored within the secure element and X failed attempts would brick it and render it unrecoverable in some HW wallets. |
|
|
|
|
1. You'll want to refer to BIP32 and BIP39 for commonly used HD standards and mnemoric seed phrase system. With BIP39, you'll have a seed phrase and the seed is used with PBKDF2 and HMAC-SHA512 to generate a seed. The 512bit seed will then be used with a derivation path and it can be used to generate the addresses with a child key derivation function.
2. Depends. If the checksum is enforced, then there's a high chance the seed will be rejected. If it's not enforced, then you will still get a working seed.
3. No. You have to compare the keys being generated with the ones that you're shown. That's the only certain way that you'll be sure.
4. The chances of you having a wrong key and still passing the checksum check is roughly 6.25% (checksum of 4 bits for a 12 word mnemoric), which is fairly high.
5. It is safe. If you're talking about 12 word BIP39 seed, you have 128bits of security which is more than sufficient.
6. Yes.
7. Your wallet can. I wouldn't put it in any online website though. I'm not sure about any online website that does this without it being a web wallet.
8. BIP 32 is the standards for hierarchical derivation wallet, BIP39 is the mnemoric system, BIP44 is the standardized derivation path for legacy wallet, BIP49 is the P2PWKH-P2SH wallet (those segwit addresses starting with 3), BIP84 determines the bech32 derivation path, BIP141 is Segwit.
9. See 5. For BIP39 mnemoric, there are 12^2048 2048^12 possible seeds for a 12 word seed.
10. Higher but potentially negligible security. There is an ongoing discussion in the Development & Technical Discussion section.
11. Nobody knows. Most dormant addresses are not derived from HD seeds because they didn't exist that early.
12. Derivation path. A seed can be used with many derivation paths and each derivation paths will yield different results. You'll get the same problem if you input it into a wallet that has a different derivation path. Most wallet lists their derivation path in their Support section.
13. Unlikely. The probability is astronomically low. There's a higher chance that it was compromised through other means.
Made a mistake with the numbers. Thanks @o_e_l_e_o.
|
|
|
|
Lets be honest for once with each other, since android version 2.0 I haven't seen where by a malware takes over an android smartphone, I've seen and heard about spywares on phones but not malwares, if you have seen one please kindly confirm and let's hear you out, everyone seem to be scared of malware but never seen one affecting a phone
Spyware is categorized under malware, if that's what you mean. I'm completely honest on the forum, I don't gain anything from lying. Malware are usually not designed to "take over" devices and they are usually quite specialized in certain things, in mobile phone's context that entails click fraud. Having a malware that takes over an entire device and having it evade detection is presumably tougher than one that aims to only achieve one thing. Zero day exploits are a thing and they were previously used in malware for it's privilege escalation vulnerability (CVE-2019-2215). A few reports that I've found within 5 minutes, report seems to indicate that there's more than one malware in the wild. https://www.mcafee.com/content/dam/consumer/en-us/docs/2020-Mobile-Threat-Report.pdfhttps://www.avira.com/en/blog/malware-threat-report-q2-2020-statistics-and-trends
Though I have to admit, sandboxing apps could try to mitigate the risk but it's evident that there are ways to go around it. |
|
|
|
I would choose 2FA over antivirus, I would choose to use strong passwords, fingerprint lock to secure my smartphone instead of antivirus
You usually have the 2FA apps on your phone right? What happens when your phone gets infected with the malware?
Tons of malware tends to get through the sieve and still gets posted onto the Play Store. That also means that most malware are made to specifically evade detection by the various AVs. You can probably get slightly more protection by installing an AV but keep in mind some are made to spy on their user. It's not terrible to have an AV but you can't get complacent from having one. If you want a decent level of security on your phone, there are features like Samsung Knox which tries to sandbox certain apps and could help enhance your security. |
|
|
|
While I'll admit they are easier to use, in many cases their security is vastly inferior. Trezor devices have an unfixable vulnerability which allows the seed phrase to be extracted. Ledger leaked a database of full names and addresses of 270,000 customers. We can not (and should not) rely on these third party wallet manufacturers for our security.
In an idealistic world, hardware wallets should be free from vulnerabilities given how some of them are so expensive. I don't think it's fair to shoot down hardware wallets just because of Ledger's terrible blunder. That's isolated to the company's practices and if anything, it just shows that users should take more precautions when giving out their information online. That doesn't directly affect the effectiveness of hardware wallets, even those made by Ledger. However, I think it's fair to criticize Trezor for their vulnerabilities. I also think it isn't cool to only have a workaround but not a mitigation. In many cases, the methods used for HW wallets to reveal a key seems to be quite intrusive and some requires the user's inputs while it is being hooked up onto an oscilloscope. The latter belongs to a sidechannel attack which is inexcusable but that's the saving grace. Cold storage are usually sufficient but they are not without their vulnerabilities. I think that for most of the vulnerabilities that are associated with the hardware wallets, they usually come after researchers persistently trying to exploit it but we won't usually see that for cold storage wallet. I agree that cold storage usually eliminates the attack vectors that most should be concern about but it still doesn't fully cover all of the possible attack vectors that is possible and that is what a *well designed* hardware wallets should be supplementing. Perhaps not Ledger or Trezor but devices like ColdCard does try to mitigate the other more novel attack methods.
I have been using a RPi as my cold storage for years now. I've found it sufficiently secure for my use but I'd like to have another layer of security. Arguably, it's similar to a RPi as it does act like an airgapped wallet so if anything that should theoretically give me more security over my existing set up. |
|
|
|
agree completely, but isn't that what hot wallets are for? to have wallet for your payments, that does not have all your funds in it
with fiat, you also do not hold all your funds, when you have to pay for bread and milk in the store
Depends on your needs, as with most stuff. Hardware wallets will undoubtedly protect you against physical and non-physical attacks. Plausible deniability baked into the device makes it a great device to be used to limit the losses from a $5 wrench attack. The bane is that you have to purchase a hardware wallet which depends on your holdings might be a big portion of your funds. thanks, that is what I thought as well, they are selling convenience, and that is ok, although if one has more funds, it is better to have several wallets, and use one or two for payments (or other type of hot wallet) and all the other store on the same way, as old laptop (for HODL purpose)
I have quite a few discussions on it but I've never really had an argument that refuted my point that HW wallets are at the very least as secure as cold storage, when you consider all the possible attack vectors. But I can stand by the fact that for most, they are considered as *equal* in terms of it's security. Hardware wallets are expensive, the secure element is useful. If you want a cheaper but not as sophisticated alternative, use a RaspBerry Pi offline. |
|
|
|
Thank you all for the thorough replies! I’m sold on cold storage now. I just purchased the Ledger Nano S.
Hardware wallets are not cold storage, though my take is that they provide roughly the same level of security and I would recommend hardware wallets over cold storage for newbies. I think the important distinction is that suppose any thing were to happen with your CoinBase account, for example malware attacks on your part and the coins got out of the account, they're not liable for the losses because the negligence is on you. It will not insure you for most attacks but rather, it'll insure you if THEY lose the funds. That makes it nowhere as beneficial a HW wallet/cold storage. |
|
|
|
Thanks for using the format. You don't need to have the log file. You can go to the chainstate folder and delete the folders/files which doesn't belong there. Don't delete those with .ldb extension, CURRENT, LOCK and manifest. If you want to select the data directory again, find your Bitcoin Core shortcut which is created by default during the installation. Or if you want, just go to Program Files/Bitcoin, right click on Bitcoin-qt.exe and select create shortcut. After finding the shortcut, select and right click on it, select properties and in the target field, add -choosedatadir at the end and click OK. Start your Bitcoin Core and it should prompt you for a new data dir. Afterwhich, delete the -choosedatadir from the target. You only have to do this once.  |
|
|
|
Right, but don't use online and closed source password manager or chrome (chrome has several problem with privacy and personal information) both Keepass [1] or Bitwarden [2]
[1] https://keepass.info/[2] https://bitwarden.com/Password managers has financial incentives to protect you and it's literally their business model. I agree open source stuff is good but it can only be beneficial if you choose to run your own server with your desktop client AND the code is also validated thoroughly. Otherwise, it'll be the same as Lastpass as it'll still send the encrypted information to the server and you have no idea what the server is doing. Setting up your own server and maintaining it with sufficient security is a difficult task for most. Sure, use an open source password manager but remember to build and validate it by downloading from github. |
|
|
|
So are you saying that I can take my seed phrase that was generated on Ledger and input it on Electrum wallet and recover my funds if ever needed - like if the Ledger device had a failure?
Thank you all for taking the time to respond to me, your insight in valuable and I appreciate it.
Correct. That's why people usually choose wallets that generates BIP39 seeds. It gives them the liberty of only backing it up once only while allowing them to generate essentially unlimited number of addresses to be used. On the other hand, I can't find BCVault using HD seeds but I think they're asking their users to back it up to an SD card and it can only be restored on another BCVault device. If your device fails, you'll probably have to buy another one. |
|
|
|
I need to translate content for Singapore, I think this is the correct language you are using there, not to mention Mandarin which is written like Chinese, am I correct?
English is the main language in Singapore. Malay is the national language but English is spoken everywhere in Singapore and a good bulk of the people don't understand Malay at all. Mandarin is Chinese, simplified Chinese is usually used in Singapore as well. |
|
|
|
The issue I am still having is that when a address sends btc and I look at the scriptsig and extract the last 130 hex characters and enter it it the tools suggested in this thread it doesn't have any relation to the address or it's an invalid public key.
Are you sure that it's an uncompressed key? Is it a bech32 or other forms of address type? Most of the keys are compressed public keys and you'll be looking at 66 hex characters or 33 bytes. Could you give an example of the transaction in question? |
|
|
|
After the pull request has been accepted, I think miners will also need to update their software accordingly. Right?
Miners are the ones who actually decide what the longest chain will be.
If they do not update, new blocks in the longest chain will be following old consensus rules.
The pull requests are usually merged and due to release in a Bitcoin Core version in the future. The rules are not changed that easily, soft forks in particular has to reach a certain threshold of miner's signalling for their readiness to accept the changes before rules are activated. Threshold for soft forks tends to be 95% in the last X blocks (to start rejecting blocks not following rules) and I assume consensus change would require a higher percentage. Segwit had various activation periods before it was finally activated. Miners will always have the ability to determine the longest chain. The nodes are the ones who decides which chain, no matter the length difficultywise they decide to follow. Miner's support is equally important as any possible forks would result in SPV wallets and/or wallet which are not upgraded/unaware of the new rules to be insecure. |
|
|
|
1) Use a reputable-brand USB stick (Sandisk, PNY, Kingston). Put portable electrum, veracrypt, and wallet files on it. Encrypt it with 20+ character password using AES.
2) Use 2 raspberry pi devices. One always offline. One online , but only for crypto transactions.
A MicroSD card would be required for both devices. USB Flash drive would be necessary if you're transferring raw transactions across the online to offline device and signed transaction the other way. 3) Display. Do I need 1 for each device?
If you're thinking of using the QR code to transfer the raw transactions, then possibly. If not, a monitor/TV screen would be sufficient. Could the online device get malware, transfer it to the display, and then display transfer it to the offline device?
Not that I've ever heard of. That'll have to be a very complex malware. 4) When transferring the transaction file between devices do I need to use an encrypted USB for this?
Depends. Are you afraid that the Flash drive could get stolen between the time the raw/signed transactions are deleted? If it's stolen, whoever opens that USB drive can see your transaction information and thus compromising your privacy. Security wise, it doesn't matter if it's encrypted or not. I would wipe my flash drive every time after using it so I wouldn't think of encrypting it. |
|
|
|
Can you please elaborate -- if you lose your original Ledger Nano device can you take the private key and input on any device and retrieve your coins?
Yes. But you're supposed to use the mnemoric seeds to restore your private keys. Also, the Ledger device gives you a pre-select list of words for the private key.... why is that? Why can't I create my own? Wouldn't that be safer? What if someone hacked in to all the list of private keys from the Ledger company... how is it that the pre-select list of words is really safe if it was loaded don to the device before I purchased it...?
No. The mnemoric seeds are generated by the device's with randomness, they're never preloaded or generated by Ledger and Ledger should never know or have access to your keys. Ledger uses their secure element as a source of randomness. Humans tends to be very bad at selecting words from the text. The biasness present in every selection, no matter how random you think it is will always result in your security being compromised. It is much safer for the device to generate the seed for you. |
|
|
|
|
Welcome! Glad you've bought early.
While you can send your Bitcoins across various exchanges, it doesn't guarantee that the intermediary exchange will not keep logs and it's thus not beneficial to the privacy.
You can use Wasabi wallet which can incorporate CoinJoin to obfuscate the path of the coins. Alternatively, you can look into using mixers like the one in my signature to get coins that are unlinked. Altcoins like Monero are designed for privacy but it'll mean that you would need to go through another exchange.
|
|
|
|
|
Show Posts
