 Show Posts
|
|
Pages: [1]
|
Hello everyone. Recently, I found a hard to swallow fact, or just a conspiracy (anyways, y'all can tell me better). I found some information concerning the Intel Management Engine (IME), basically a hardware device embedded to your mother board that allows backdoor attacks to be performed. Sorry for my poor description, but I am really not a specialist, so follows some videos I think are informative for this purpose: https://www.youtube.com/watch?v=HNwWQ9zGT-8, and https://www.youtube.com/watch?v=NwSm8GzqdBg. After some reading related to this issue, in what concerns securing your Private Master Key, I couldn't come to any conclusion. Some "specialists" say this IME can't do anything case your computer is off internet, others say it can store info in a cache for uploading it when internet connection available, others say it can keylog every keyboard entry, others say it may depends according to the computer brand, and others say ... So, the only "effective" solution I found, was to disable this IME directly in the hardware ( https://www.youtube.com/watch?v=lQ8k79yNH2A). My biggest concern about this issue, is on generating BIP39 mnemonics. Let's suppose you have a Seedsigner or a Krux, and thus you are allowed to perform transactions without ever connecting (unless for setting up the device) your Private Master Key to an online computer, and even to any computer with an IME. And that, you would like to ( i) use another BIP39 seedphrase generator, or simply to ( ii) measure the "quality" of your seedphrase (by measuring "quality", I am referring to inputting the seedphrase into another software, totally offline obviously, in order to measure how hard would be to crack the seedphrase). In order to perform task ( i) or ( ii) you would need to input your seedphrase into a computer with, eventually, an IME embedded, and, possibly, having the risk or having your seedphrase captured. Even if you are on an offline setup, and you decide to use a virtual keyboard for typing your seedphrase, (if this IME is so powerful as some "specialists" say) which guarantee do you have that this IME wouldn't be storing your seedphrase in a cache for later uploading? Is my reasoning right about this issue? Or am I just overreacting? If so, how would one person overcome the constraints imposed by this IME? Thanks for the attention, and I am sorry for any misunderstanding in my writing. |
|
|
|
|
Thank you very much folks. I really appreciate.
|
|
|
|
The offline wallet should be created on an airgapped device. This means that it should be created on a device which has been always offline and will be never online . Otherwise, it's not a cold wallet. If this reasoning is right, so, does it mean I will need to have a computer (with no internet connection at all, never) only for signing my transactions?
Yes. You need two devices. One should be offline and the other one should be online. Whenever you want to make a transaction, you should create an unsigned transaction using the watch-only wallet on the online device, sign it on the offline device and then broadcast it using the online device. Thank you very much. Do you have any recommendation on airgapped devices? Because, considering portability, it seems to be quite difficult to keep a whole computer always offline. Thus I would need some hardware wallet off-the-shelf, however, I must take a judicious choice when selecting a hardware wallet, considering open-source software and hardware, and besides that, I must also take into account the seller, in order to guarantee that the seller haven't corrupted the hardware. Going even further, I assume that, I also should not connect this device to any other device, even by USB, thus having a cold wallet that forbids any sort of external connection (other than through its buttons, of course) may be interesting. Please, correct me case my assumptions are wrong. Best regards. |
|
|
|
Hello everyone. I have a question about setting up an offline wallet containing the private key. After some duckduckgoing about techniques for securing my BTCs, I found a strategy based on maintaining two wallets, one for visualizing, and other for signing, transactions. In which the wallet for signing transactions should be maintained always offline, with the aim of avoiding any sort of capture of the Master Private Key from a hacker. I "think" I applied this setup correctly, but I want to make sure if my reasoning is right. So, let me explain step by step what I did. In a Linux Tails, I booted the OS in offline mode, and then I generated my pass-and seed-phrases and created my electrum wallet applying a password for encrypting my electrum wallet file. Still in the offline mode, I got the Master Public Key (MPK), from the Electrum dashboard, and then I created another wallet with the recently obtained MPK, this is my visualization wallet. After that, I restarted the computer, and this time I load Tails with internet connection, and then I can watch any on-chain transactions made over my addresses. If I load my computer allowing internet connection, and my wallet containing my Master Private Key is in this computer (even though encrypted by electrum), it means that my Master Private Key was, at least once, connected to the internet  . Is it right? My concern here is, even though I do not directly expose my Master Private Key to the internet, the fact of allowing my Master Private Key be present in a computer that had, or will have, access to the internet, already introduces a vector of attack. If this reasoning is right, so, does it mean I will need to have a computer (with no internet connection at all, never) only for signing my transactions? Thanks for the attention, case there is any misleading point, let me know. Best regards. |
|
|
|
Thanks for answers everyone. I really appreciate the effort  . Regards. |
|
|
|
Hello. Beforehand I clearly state that I am not, by any means, promoting advertisements. A few days ago, I found on reddit a post about Flash BTC transactions, what would be, according to the post, a strategy for transacting fake BTCs on-chain, in a way that the transacted BTCs could persist on-chain up to 6 months. After some hours, the post got banned  , no idea why  . That is the reason I am stating out loud I have involvement in any business related  . Although I am new in the environment of BTCs, I do not think this thing of Flash BTC transaction is legit, AFAIK, once something is stored on the blockchain, it is stored forever. So, how could that be, that a transaction would be stored for only 6 months? I would like to hear some comments of those more experienced in the area. Because, although it may be only a scam, what would be some arguments for oppositely proving the impossibility of these Flash transactions? Thanks and regards. |
|
|
|
Thus, I would like to know if there is one way of doing this input/output test without spending SATs, what would happen due to the on-chain fees.
After figuring-out the correct way to set-up, create a MultiSig wallet in Electrum testnet. You can start Electrum with --testnet command line parameter to start it in testnet, then claim testnet bitcoins from testnet faucets to use for your tests. But if you really insist on testing it in mainnet, you'll need a fully synced Bitcoin Core with preferably full blockchain. Create your transactions in Electrum, completely sign it. But instead of broadcasting the transaction(s), open Bitcoin Core and use the command testmempoolaccept to see if your node will accept it without actually broadcasting the transaction. About the command: https://bitcoincore.org/en/doc/24.0.0/rpc/rawtransactions/testmempoolaccept/Thank you very much, it really helps. Have heard of this testnet before, but never tried, I'll take a look at. |
|
|
|
Since I am dealing with a 2 of 3 multisig setup, I would like to perform this input/output test over my three wallets, which would require at least 4 on-chain transactions, for instance: What you have written here is wrong. All three of your multi-sig wallets (MW1, MW2, and MW3) should display the exact same addresses in the exact same order. This is the essence of a multi-sig set up. Each wallet generates the same addresses, but each wallet only holds one private key, so you need at least two wallets to fully sign a transactions. If you are seeing different addresses in each of your multi-sig wallets, then you have done something wrong. To do a test transaction, you should simply send a small amount of sats to the first address. That transaction should then be visible in all three of your multi-sig wallets, since they all contain the same addresses. Furthermore, what happens if I send a wrongly signed transaction? In any scenario, an incorrectly or incompletely signed transaction will be rejected by the network, and so the coins will not move and you will pay no fees. Thank you very much, I wasn't aware that each multisign wallet should have the same addresses. Regards. |
|
|
|
That's correct.
So open Electrum and create a new wallet.
Select "Multi-signature wallet".
Select 2 signatures from 3 cosigners.
Select "Create a new seed".
Back up the seed phrase it generates on paper.
Extend the seed phrase with custom words if you so choose.
Confirm the seed phrase.
Copy the Zpub, which you will call ZpubW1.
This is as far as you can get with the first wallet for now. For the next steps, you need to choose "Enter cosigner key" and then enter ZpubW2 and ZpubW3.
So now you have two options. If you are doing all of this on a single device (which as I explained above is not the best idea), you can save that Zpub electronically (with the associated seed phrase +/- custom words written down on paper), close Electrum, and repeat the process twice more so you have three seed phrases and three Zpubs. Once you have three seed phrases and three Zpubs, you can again follow the steps above to create each multi-sig wallet, using one seed phrase and the other two Zpubs each time. Alternatively, if you are doing this on different devices, you can just leave Electrum open at the screen asking for your cosigner key, repeat the process on your other two devices, and then transfer the Zpubs from each wallet to the other devices in order to create the multi-sig wallets.
If you want three wallets, each with a single set of private keys, then you need the following:
MW1 needs Seed Phrase 1 and ZpubW2 and ZpubW3
MW2 needs Seed Phrase 2 and ZpubW1 and ZpubW3
MW3 needs Seed Phrase 3 and ZpubW1 and ZpubW2
Still on this topic, but not so related . Is it possible to make a "test" on-chain transaction? Let me explain what I mean by test. Whenever I setup a wallet W, I send a tiny amount, a dust, of SATs (Satoshis) to an adress of W (input test), and then I send the received SATs to another address (output test), that is, an input and output test. Since I am dealing with a 2 of 3 multisig setup, I would like to perform this input/output test over my three wallets, which would require at least 4 on-chain transactions, for instance: - Departing from an address of the Unkown Wallet UW to an address of MW1;
- From an address of MW1 to an address of MW2;
- From an address of MW2 to an address of MW3; And finally,
- From an address of MW3 to an address of MW1.
Thus, I would like to know if there is one way of doing this input/output test without spending SATs, what would happen due to the on-chain fees. Furthermore, what happens if I send a wrongly signed transaction? Let's say, for example, that I create a transaction TX of X SATs from MW1 to the Unkown Wallet UW, and that only one of MW2 and MW3 sign TX, or that MW2 and Another Unkown Wallet AUW sign TX. Probably the on-chain would reject such a transaction, but, would the on-chain fees still be discounted? Thanks for the attention, and again, I am sorry for any vocabulary misuse. Regards. |
|
|
|
You can also use tools to convert them, but going through Electrum is a bit longer but also much safer.
Could you cite such tools? Electrum has such built-in feature. In the console, use the command convert_xkey()Example: convert_xkey(xkey="zpubAWgYBBk7JR8GiiZHRTJ.....hLMW34b5oGr9wCND7HYcZr",xtype="p2wsh") If you're using the daemon: electrum convert_xkey "zpubAWgYBBk7JR8GiiZHRTJ.....hLMW34b5oGr9wCND7HYcZr" "p2wsh" Although, I'd not recommend that method aside from recovery purposes like restoring another wallet to Electrum. Thank you man, really appreciate. |
|
|
|
That's correct.
So open Electrum and create a new wallet.
Select "Multi-signature wallet".
Select 2 signatures from 3 cosigners.
Select "Create a new seed".
Back up the seed phrase it generates on paper.
Extend the seed phrase with custom words if you so choose.
Confirm the seed phrase.
Copy the Zpub, which you will call ZpubW1.
This is as far as you can get with the first wallet for now. For the next steps, you need to choose "Enter cosigner key" and then enter ZpubW2 and ZpubW3.
So now you have two options. If you are doing all of this on a single device (which as I explained above is not the best idea), you can save that Zpub electronically (with the associated seed phrase +/- custom words written down on paper), close Electrum, and repeat the process twice more so you have three seed phrases and three Zpubs. Once you have three seed phrases and three Zpubs, you can again follow the steps above to create each multi-sig wallet, using one seed phrase and the other two Zpubs each time. Alternatively, if you are doing this on different devices, you can just leave Electrum open at the screen asking for your cosigner key, repeat the process on your other two devices, and then transfer the Zpubs from each wallet to the other devices in order to create the multi-sig wallets.
If you want three wallets, each with a single set of private keys, then you need the following:
MW1 needs Seed Phrase 1 and ZpubW2 and ZpubW3
MW2 needs Seed Phrase 2 and ZpubW1 and ZpubW3
MW3 needs Seed Phrase 3 and ZpubW1 and ZpubW2
Thank you very much. Now it is much more clear. Regards bro . |
|
|
|
Thank you very much for the support and attention. Thanks for the answer. So, if I want to sign a transaction from my W3 (multisig wallet), can I simply do it by signing the transaction with the private keys of W2 and W3? Or is there also another step?
If W2 is a standard single signature wallet, then no, it will not be that simple. This is why I said above you should not do this, because you will run in to significant problems trying to access your coins. You need to set up three new wallets, each of which is a multi-sig wallet. Ok, thanks. Now I am with another question . Let's call MW1, MW2, and MW3 the 2-of-3 multisig wallets for W1, W2, and W3 respectively, I can generate MW3 by following the steps outlined at the first comment of this thread by using the Zpubs ZpubW1 and ZpubW2 as cosigners MPK, but, how am I supposed to generate MW1, and MW2? Because, both, MW1 and MW2 will require 2 cosigners, that is two Zpubs each. Should I first generate the Zpubs ZpubW1, ZpubW2, and ZpubW3, and then use them for creating the MW1 and MW2? That is, - MW1 <- Cosigned with MW2 and MW3;
- MW2 <- Cosigned with MW1 and MW3; And
- MW3 <- Cosigned with MW2 and MW3.
Thank you and regards. |
|
|
|
The MultiSig created using Electrum doesn't allow P2PWKH wallet types and hence you can only use P2WSH Zpubs to generate the Multisig. The reason for this is to avoid ambiguity between the pubkey standards is that they want to avoid the scenario where the public keys for both P2PWKH and P2WSH are reused. To avoid this and further confusion about what type of keys to use, they just used a different version byte for the master key.
Thanks for the answer. So, if I want to sign a transaction from my W3 (multisig wallet), can I simply do it by signing the transaction with the private keys of W2 and W3? Or is there also another step? It has nothing to do with functionality or security but just to make it a more straightforward and less error prone process. You can also use tools to convert them, but going through Electrum is a bit longer but also much safer.
Could you cite such tools? Thanks and regards. |
|
|
|
Hello everyone. I am trying to understand how to setup my multisig environment, and I am with some doubts about it. Beforehand, sorry for the naiveness and ignorance of my question, but I am still a newbie. So, I have two native wegwit wallets, let's call them: - W1 with the MPK zpubW1; And
- W2 with the MPK zpubW2.
I was thinking in creating a new segwit wallet W3 with the MPK zpubW3, that would be my multisig wallet, and then I tried to do so by using Electrum 4.0.9. To do so, I followed the steps File > New/Restore >Type "W3" > Next > Multi-signature wallet > Next > 2 of 3 > I already have a seed > Type the W3 seed > Options: (Checkmark "Extend this seed with custom words"; Checkmark "BIP39 seed"; Ok) > Next > Type W3 seed extension > Choose "native segwit multisig (p2wsh)" > Choose derivation path "m/48'/0'/0'/2'" > Next > Copy the generated W3 Zpub > Next > Enter cosigner key > Type "zpubW1" > Next. However, when entering the zpubW1 or zpubW2 in the cosigner MPK field, the message " Wrong key type p2wpkh" appears. So, after some hours of duckducking, I dicorevered that, actually, the multisig native segwit cosigner MPK must start with Zpub (upper case) rather than zpub (lower case), and that, in order to "convert" my zpub to a Zpub, I have to create a multisig native segwit wallet for each one of the cosigners, that is, I have to follow the aforementioned steps in the Electrum by using the wallets W1 and W2 respective seedphrases, then save the respectively generated Zpubs (let's name them as ZpubW1 and ZpubW2), and finally use these Zpubs as cosigners MPKs. I am not sure if the above process is right, and, honestly speaking, it seems to be quite strange. Is this logic right? Why do I have to generate Zpubs for W1 and W2? Thanks for the attention, and sorry for any crypto vocabulary misuse . |
|
|
|
|
