Um.... international bank wire?

Yes.  That is the idea.  Just a suggestion but I would keep the secret/private area as simple as possible.  Something to indicate it should be cut and seperated, a warning, and the key itself.  The more there is there (like how to check the balance) the more likely a novice won't quite understand the important of the private key.

Anyways just an idea.  I like what you got.  Nice and simple.  The paper wallet version for accepting donations.


That is a good point.  Ok maybe just move any instructions (like how to check the balance, or where you can redeem the private key to a separate page.  With CSS you can control the printable version (one print button, two pages with layout exactly how you want).

Not sure if trolling or just dumb.  For those who don't know QRNG are the "next gen" version of hardware RNG (sometimes called true RNG).  QRNG are pretty cool but they have nothing to do with Quantum computing.   QRNG do have some interesting applications in Bitcoin (or any cryptographic system) though.  Being solid state costs are starting to become reasonable and could be "cheap" (<$10) in a decade.

Um I would say that is an absolute GUARANTEE.  Either underpowered hardware sold to meet price points accepted by the general public or otherwise decent hardware slowed to a crawl by software bloat.  Ever seen the amount of services and background processed launched by third parties in the average user's (think your mom not anonymous hacker) computer after say 3-4 years.

Assumming the risk of QC is real and an effective threat ....

you would need to transfer funds to new QC resistant addresses.  Funds remaining in "legacy" addresses would remain vulnerable although those which have never have funds spent from them (public key unknown to the network) may be immune.  The same transition may be needed if a serious cryptographic flaw is found in SHA-256, RIPEMD-160, or ECDSA.  The odds of this being necessary in the next decade or so is probably very low. Even when such a transition is made the risk probably will be only theoretical and the new addresses just a precaution.  Modern vetted cryptographic systems tend to not just go from secure to fatally flawed overnight.

One example:
https://bitcointalk.org/index.php?topic=89182.0

True it doesn't provide more security than a strong passphrase (not repeated on any other site) but it does provide irrefutable proof that your key was compromised.   It simply is not possible for a compromise on MtGox end to result in a properly signed message.  The hacked user and the community at large have absolute proof that the fault lies with the user.  2FA should be an optional security enhancement for PGP.  I would also point out that security conscious users can use smart cards with hardware independent keypad to protect PGP private key from keyloggers.

Glad to see you are at least considering it.  For the record if/when you ever implement a PGP signed message system I would prefer it be in addition to 2FA.  I.e. withdraw requires a PGP signed message PLUS sucessful 2FA challenge.  The PGP signed message creates irrevocable proof of the transaction and the 2FA (google authenticator) provides additional security in the event the PGP key is compromised.   While your at it throw in the ability to create multiple logins (w/ different security permissions) for a single account and optional dual authentication (not to be confused with 2FA) for withdrawals and you would have better security than most corporate banking platforms!

Also since you are reading this thread .... Generating a MtGox code can be properly protected by 2FA challenge (I love it you are one of the few exchanges which do it RIGHT) however one can view the "redeem code" page without 2FA authentication.  This create a potential method to compromise codes before redeemed.  User generates a code and before the counterparty redeems it the attacker (possibly alerted due to compromised email) logs in and redeems the code.  There are two simple solutions (one simpler and more limited).  The easiest method is perform a 2FA challenge when viewing the redeem code page.   The more comprehensive option would be to allow viewing the page but the code is redacted.  User can redeem code but clicking "view code" results in a 2FA challenge.

This.  Admitting she was wrong and in this case pointless and overzealous prosecution had horrible consequences may be the humane thing to do but all politicians (IMHO) are sociopaths to some degree. 

Politicians never admit wrong.  Ever.  It is the (not so) unwritten rule of politics.  If she admitted wrong she would rejoin the human race but here political career would be for all intents and purposes over. 

Defiant to the end.  In time people will forget about this case and she will have left the door for further public "service" open as a politician that doesn't make mistakes.

Keep us posted.  AFAIK if verified this would be the first fraudulent withdraw with 2nd factor authentication enabled.  A very clever hack indeed.  On edit: hmm looks like yubikey wasn't enabled.  Still interesting to see the history on this one.


I have never seen the chat work.  You need to create a support ticket ... and wait.  

Sadly it will work.  The siren's call of 8% "no risk" free money is too strong.

Can "someone" put 100% of their savings in Bitcoin?  Sure if they are young, and can handle the risk.

Should YOU?  No. You have no conviction.  You sold off based on a poll.  If you had 100% of your wealth in BTC you would be the proverbial weak hand and likely lock in a loss in any crash.

Ask yourself what is the most amount I can keep in BTC and simply not care.  Maybe it is 5% of your wealth?  Maybe it is only a handful of coins.  Whatever the amount is you shouldn't be holding more than that.

Sure.  However I already answered the question.  No such plugin exists.

" but regardless im not interested in the issue of chargebacks I just want to know if theres anything available for letting people sell BTC's."

Same reason there isn't a wordpress plugin which allows you to randomly corrupt files on your webserver or a plugin which will randomly punch the operator in the nuts.  There isn't much of a market in building things which ruin the user.


 Your belief that the legal process will protect you in the event of a chargeback is horribly naive.  The person making the chargeback doesn't have to PROVE anything.  You have to prove the customer's claim is wrong and prove to the standard accepted by the credit card issuer.  Note the credit card issuer, meaning the customer is THEIR customer.    You honestly think credit card companies care that you claim to have lost digital monopoly tokens.   The chargeback process is a rubber stamp.  Your chances of winning a dispute involving digital goods are roughly 0%.  

Can you sell BTC using reversible funding methods like CC?  Sure.  But it is very very risky and it can't be made easy enough for anyone without skill to do it via a plugin.  That is just a recipe for disaster.  The fact that you want to ignore this huge risk likely means the lack of a plugin will end up saving you lots of money.

No and the reason is it would be best named the "how to go bankrupt in 30 days or less".  CC are easily reversible.  No I don't mean elite identity theft organized crime ring could do it I mean your grandmother could do it with nothing more than access to a phone call and willingness to lie to the credit card company.

"There is this charge for $xxx to yyyy on zz/zz/zzzz.  I didn't make it."
funds reversed.  you lose.

Weird your wallet would indicate it is unconfirmed.  It was included in block #217371 which was almost 30 minutes ago.  If your bitcoin wallet up to date (has all blocks, most recent block at time of post is #217374).

There is no such thing as "more delays going on right now".  The time between blocks is random.  The time between any two blocks is random.  The time until the next block is random.  The only thing which is certain is that in the long run on average the block interval will be ~10 minutes.  BTW the last block was found ~1 minute ago however it may not contain your transaction.

FYPFY

I think you misunderstand it doesn't require someone to target you.  Hackers can simply target all possible addresses simultaneously.  Passphrases are relatively low entropy and without salt and key stretching hackers can just continually try all probable passphrases and steal funds from the addresses they find.

i.e. try a particular pass-phrase, generate the private key, compute the corresponding address, see if the address has value, if it does steal it, if it doesn't move on.  


Likely whoever brute forces the password doesn't even know who you are, nor do they care.  They are just looking for an address with value to steal.

Say this address (just grabbed it randomly from blockchain.info) is derived from a private key which is produced from the passphrase "password".
http://blockchain.info/address/14dnpgFWkqxsxb8ZbMVSTKVWofuUAD77rB

Who owns this address?  Who knows? Who cares.  As soon as the hacker determines they have a private key for an address with value they will spend it.   It is important to realize that with a brain wallet the funds can be stolen simply by discovering the passphrase.  With a random key, or even an encrypted bitcoin wallet that isn't the case.  It requires some physical or electronic access which is a significantly harder thing to achieve.



What Bitcoins?  Prove how many Bitcoins I have.

I would recommend against a brain wallet unless you are very confident in your knowledge of cryptography. 
It is unlikely any unsalted passphrase will have sufficient entropy to risk a brute force attack.  For long term off line storage a purely random private key stored in multiple locations would be better. The offline printed private key could be encrypted for additional security.