Bitcoin Forum
June 30, 2022, 11:41:32 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 319 »
1  Local / Anfänger und Hilfe / Re: Android wallet recover on: December 13, 2021, 12:42:30 PM
Du kannst ja mal den File explorer auf dem Handy nehmen und danach suchen.

Mit dem File Explorer kann man nicht auf Applikations-interne Pfade zugreifen. Das wäre ja zu schön  Grin
Androids gesamte Sicherheit basiert genau darauf.

Dazu müsste das Smartphone gerooted sein.

Da er aber die App bereits installiert hat und diese keine Dateien gefunden hat, werden auch keine vorhanden sein.
Beim Zurücksetzen werden diese Daten alle gelöscht.
2  Bitcoin / Wallet software / Re: Which wallets are the safest and what can go wrong? on: December 13, 2021, 12:39:02 PM
Generally:
No closed-source, web- or online wallets.
Your wallet can only be as secure as the system it is running on / the building it is placed in.
Agree with point 1, but point 2 is confusing.
A good hardware wallet is meant to reduce the need of trust in the OS and physical security of the device. So in my opinion, the safest wallets' security should not depend on the system it is running on / the building it is placed in.

That's their entire point: you stick that thing into an infected machine? Software can't do anything without you confirming a receiving address on the wallet's screen & entering some sort of passphrase. Someone breaks into your house or steals it from your bag? Can't do anything without passcode & reading out the memory isn't possible either.

Not all hardware wallets fulfill these requirements (e.g. ones without secure element can be read out), but any falling under the safest category should and do exist.

A hardware wallet is not running on your computer. The sensitive data is only handled within the secure element (speaking about hardware wallets which actually have such a security mechanism).
Therefore the 2nd point still applies. It is a concept applying to every software/hardware.

Just because you use your PC to communicate with your hardware wallet, the keys are not handled by the PC. The crucial system here is the hardware wallet. I could have made that clearer.


A hardware wallet can be only as secure as the hardware is (e.g. vulnerabilities in the MCU or SE).
The same applies to a software wallet, taking hardware, software, network connectivity etc. into account.
3  Bitcoin / Wallet software / Re: Possible Compromised Laptop With Seed in Password Manager? on: December 13, 2021, 12:32:30 PM
I think his seed was already saved in a password manager before he started asking if that is ok to do.

I remember telling him 2 or 3 years ago.



First off, I know you all say don't put your seed phrases on the password manager.  I understand that.  The thing is some seeds i want access to easily so that is why i stored it in password manager.

Do whatever you want to.
Then please also accept any consequences.

I really don't get what your problem is. If you coins got stolen, you kind of asked for it. If they weren't, you were lucky.
If it is the first, stop doing nonsense and listen to the valuable advices. If it's the latter, secure your coins and do whatever you want to.



So how do you protect yourself in situations like this?  Make sure you have kaspersky or bitdefender?  Does anyone here use these programs and it always protects them when visiting sites that might be dangerous?

How? By not clicking dumb shit.
Does this software protect you? No (as mentioned multiple times already).
4  Bitcoin / Bitcoin Technical Support / Re: Bitcoin Core 0.21 - error opening block database on: December 09, 2021, 12:21:51 PM
How do I get rid of the error?

As far as i can see in this thread, you fixed that problem already but it happened again due to another poweroutage?
You basically just need to do the same again (starting core with the reindex parameter). You probably just were in the wrong directory, that's why you were told there is no application.



Is the entire BTC blockchain from BitcoinQT available for download as a ZIP?

It is, but downloading the blockchain usually isn't the bottleneck. Processing is the bottleneck. So this wouldn't change much.
And i would highly recommend to build the chainstate yourself and to not trust on others data.


Can I install Win 10 over Win 7 without losing my data?

I am not sure about this since i'm not using windows, but i believe there is an "upgrade" option which keeps the data.
Even if there is not, you could just copy all of your data (blocks, chainstate, wallet, etc..) to a hard drive and then copy it back after installing Win 10. Then you don't need to downloaded and process the whole blockchain again.
5  Local / Anfänger und Hilfe / Re: Android wallet recover on: December 09, 2021, 11:41:57 AM
Um an diese BTC zu kommen brauchst man entweder:
1) das funktionsfähige und initialisierte Wallet oder
2) ein (ggf. verschlüsseltes) Wallet Backup

Da das Smartphone zurückgesetzt zu sein scheint, sind auch alle Daten des internen Speichers gelöscht worden.
Wenn also, wie -doubleU- schon sagte, kein Backup mehr auf einer SD-Karte (oder auch woanders) vorhanden ist sehe ich keine Möglichkeit der Wiederherstellung.
6  Bitcoin / Wallet software / Re: Possible Compromised Laptop With Seed in Password Manager? on: December 09, 2021, 11:18:57 AM
I truly hope this is a joke.

You are asking these questions for years now.
We have exchanged multiple PM's. And there were way more people in contact with you via PM to help you set up something secure.

Every single person told you to not store your mnemonic code / seed of the hardware wallet on your PC.. and you still did that?

You know.. you are probably lucky.
Simply visiting a phishing site doesn't result in your computer getting compromised. Especially since the people behind phishing sites usually aren't the smartest one. Definitely not smart enough to find an exploit for the browsers sandbox.
However.. how could you possibly store your mnemonic code on your daily computer? Didn't you listen to everyone talking to you?
7  Bitcoin / Wallet software / Re: Which wallets are the safest and what can go wrong? on: December 09, 2021, 11:13:25 AM
Basically everything you can imagine (and more) can go wrong.

Without any further information (e.g. what you define as "safe"), no one will be able to give you some useful advice for a specific software/hardware.
There are lots of attack vectors, it depends on which of them apply to you. Based on this, there are good and bad decisions for your case.

Generally:
No closed-source, web- or online wallets.
Your wallet can only be as secure as the system it is running on / the building it is placed in.
8  Bitcoin / Bitcoin Technical Support / Re: Bitcoin Core 0.21 - error opening block database on: December 09, 2021, 11:02:37 AM
I use Windows 7.

If you are using core for development, i guess that's fine.

But if you intend to store money on your PC, please don't use Win 7 anymore. It is outdated, vulnerable and won't get any security updates.
It is not just missing lots of security features which are available in Win 10, but it has known vulnerabilities too.

Do yourself a favor and update to Win 10.
9  Local / Anfänger und Hilfe / Re: Wallet splitten (mit 2 Ledgers?!) on: September 22, 2021, 09:21:45 AM
Bitte sei dir aber gleichzeitig bewusst, dass das Trennen der Coins auf 2 Hardware Wallets nicht automatisch bedeutet, dass die Aufbewahrung sicherer ist.
Hierbei kommt es darauf an wo du deine Mnemonic Codes aufbewahrst.

Wenn du diese am gleichen Ort aufbewahrst, hättest du dir das auch sparen können da der effektive "Gewinn an Sicherheit" praktisch 0 ist.

Das erhöht deine persönliche Sicherheit nur, wenn du die Mnemonic Codes auch getrennt voneinander aufbewahrst.


Oder was war denn die Intention dahinter? Oft gibt es noch bessere Wege um ein Ziel zu erreichen, dazu müsste dies aber erst klar formuliert sein.
10  Bitcoin / Development & Technical Discussion / Re: Who determines bitcoin transaction fees? on: August 13, 2021, 02:18:35 PM
For example, if the sender wants to increase the likelihood of miners including the senders transaction into the candidate block, then the sender can set a higher fee to compensate the miner? If this is the case, then how come most of the common exchanges have a fixed bitcoin withdrawal fee (usually around 0.0004 bitcoin or around $20), which I am unable to change?

Yes, the sender decides the fee.

Exchanges have a fixed fee which is higher than the actual transaction fee (keep in mind, they usually batch transaction and therefore pay less per withdrawal transaction than when sending them all one by one) because of multiple reasons.
First, you are not just paying for a single transaction. Your deposit transaction has to be merged with others and moved to the cold wallet. The hot wallet has to be topped up from the cold wallet regularly and in the end the actual withdrawal transaction has a fee.

Further, you are paying for the "work" behind these transaction. You can't just calculate the transaction fee and say that's what it should cost. They have algorithms checking stuff, doing sanity checks, making sure there are no bugs, vulnerabilities etc.
This all costs money (development costs, maintenance, energy, servers, etc..) which is priced into the withdrawal fees.
11  Bitcoin / Development & Technical Discussion / Re: Brute-forceable puzzle - free crypto for whoever manages to crack it [SOLVED] on: August 13, 2021, 02:04:59 PM
I already read the part where you gave those hint, but i still think it's quite short.

This indeed was way too easy.

If the probability of winning is larger than negligible (smaller than the inverse of any polynomial function), it is not cryptographically secure and therefore is a bad encryptio scheme.
So, even if this mechanisms wouldn't leak plaintext bits (which it does) and if it wouldn't be purely based on security through obscurity (which it does), it still would be a worthless scheme.
12  Bitcoin / Hardware wallets / Re: Trezor-Suite and OS tracks? on: August 12, 2021, 07:54:04 AM
It is not surprising that the AppImage itself isn't modified.

Did you check the folder /home/<user>/.config/@trezor/suite-desktop/
and /home/<user>/.config/@trezor/suite-desktop/ as mentioned in the notes from trezor regarding the trezor suite?

If no files are stored there, you might also just run your software and then check in your home folder for recent file system changes with the following command:
Code:
find /home/<user>/ -mmin 1

This command will find files inside the home folder which change within the last minute.
13  Bitcoin / Development & Technical Discussion / Re: Brute-forceable puzzle - free crypto for whoever manages to crack it on: August 11, 2021, 06:51:26 PM
That is one reason why it is bad.
Another one is that it leaks bits of the plain text.

Any of these 2 reasons is enough to deem that as a bad design.
So BIP-39 is a stupid and bad idea, saving the wallet's key in an easy and human readable format?

BIP39 is neither security by obscurity nor does it leak plaintext bits.



Still not getting it and missing the point. Your alternative is to write down 100-300 random characters on a piece of paper (have fun with that) and then require your family to be above-average computer literate to be able to decrypt it.

These are neither 100-300 chars, nor is it too difficult for an average person to decrypt it using a 3-5 step instruction.

It doesn't make any sense to create a shitty and insecure shift-cipher (which has to be taught how to use) instead for example just a BIP39 passphrase. Most proper wallets can handle this.
That would be way more easy to use than either AES or your shift shit cipher.

In the end it comes down to two pieces which have to be stored: the secret and the (encrypted) data.
Whether this is your plaintext-leaking-mnemonic [data] with the instruction and dates [the secret] or simply the securely (non-leaking) BIP39 passphrase protected mnemonic [data] and the passphrase [the secret] doesn't matter. The difference is, one is secure while the other one isn't.
I'd even argue that the passphrase protected mnemonic is easier to handle for non-techy people than your garbage.
14  Bitcoin / Development & Technical Discussion / Re: Brute-forceable puzzle - free crypto for whoever manages to crack it on: August 11, 2021, 03:28:40 PM
Go to https://aesencryption.net/ (something my or your mom would find on the internet), input the seed words, encrypt, count the number of characters.

I don't to visit any website. I know how AES works behind the scenes. I don't care what a random website outputs on an arbitrary input.



Your pRoPosEd method either involves a) external/online software to do

No, it doesn't. Check openssl for example. It comes with literally every linux distro out there.



b) storing it digitally in a file for easier copy-paste into said external software

Not true.


or c) writing down 100-300 random hard-to-read Base64 characters on a piece of paper, case-sensitive, and hoping for no human error when typing it into said external software (and on paper!).

As shown in my previous post, a 12 word mnemonic results in 48 byte which can be easily represented by 48 characters.



My method [...] and yes, security through obscurity [...]

That is one reason why it is bad.
Another one is that it leaks bits of the plain text.

Any of these 2 reasons is enough to deem that as a bad design.



A wrench attack is the only thing my method is really vulnerable to

It's not.
Simply cryptanalysis and even bruteforcing is enough to break your "scheme".


It might work for you, you can feel safe as much as you want.
Trust me, no one here cares about you and your coins.

Just stop pretending your "mechanism" is good. It is not even close to being acceptable.
15  Bitcoin / Development & Technical Discussion / Re: Brute-forceable puzzle - free crypto for whoever manages to crack it on: August 11, 2021, 12:03:45 PM
Ok, encrypt
Code:
bacon bitter goddess sheriff differ kit sock stomach rhythm skill trade drastic
with password "bla" on Windows 10 without downloading external tools, and then also decrypt it. Let me see the how-to so even my mom can understand.

To be honestly, i couldn't care less about your approach and whether your mom will understand anything.

My only concern here is that others might believe this is a gOoD iDeA. That's the only reason i am commenting here. I absolutely don't care about you and your BTC.



You still don't get it. AES encrypting the seed words will produce 100-300 gibberish characters [...]

AES is a Block Cipher which works on 16 bytes blocks.
Assuming a 12 word mnemonic code, that's 132 bit (=16.5 byte) which results in a 32 byte output. If you want to store the IV together with the cipher text, that would be another 16 byte resulting in 48 byte in total.
That's nowhere close to "100-300 gibberish characters".

A 24 word mnemonic would result in 16 more bytes (a total of 64 bytes).

Now, instead of trying to call other people out on "not getting it" where "it" equals your shitty approach every sane person in the crypto scene wouldn't even touch with a stick, learn the fundamentals. Only then, we can start talking about encryption schemes and security in general.
16  Bitcoin / Electrum / Re: Electrum Issue on: August 11, 2021, 11:48:48 AM
No one will know what you're doing if you connect to your electrum server through port 50002. Information won't be transparent, both your main & remote pc will communicate using encryption. Unless I missed something, it doesn't make sense to me. You'd use Tor if the server wasn't yours and you wanted to protect your privacy.

Actually everyone who can listen to the traffic inbetween (including the ISP) knows that you are communicating with the server. They just don't know what is being communicated.
TLS does not protect against metadata analysis in terms of knowing when does who communicate. It just protects the content.

If the Electrum server is actually connected to the bitcoin network (which it has to be to retrieve up-to-date information), then it is straight forward to deem that server and anyone connecting to it as a bitcoin user.
TLS does not protect against that since it does not hide your identity.


The main question here indeed is whether OP cares that other entities might know he has something to do with bitcoin. If the answer is yes -> Tor is required. If the answer is no -> TLS is definitely good enough.
17  Local / Anfänger und Hilfe / Re: Welches Wallet mit Karte in Deutschland? on: August 10, 2021, 10:33:16 AM
auf dem NFC-Chip sind die auf der Kreditkarte aufgedruckten Informationen unverschlüsselt gespeichert und können mit einer NFC Scanner App leicht und schnell ausgelesen werden. Praktisch alle Smartphones können RFID-Signale auslesen, wenn man nah genug an die Karte rankommt.

Hast du dazu irgendwelche Belege? Ich habe jetzt mal im Internet bischen geschaut und dazu keine aktuellen Informationen gefunden. Die meisten waren mindestens 2 Jahre alt und selbst da, ging es meistens nur, wenn die Karte nackig herumlag. Schon ein Fetzen Stoff reichte aus, um die Sendeleistung ernorm zu schwächen.


Er hat damit insoweit Recht, dass die Kreditkartennummer, der Name und das Ablaufdatum unverschlüsselt gespeichert und auch über NFC übertragen werden.

Klingt jetzt aber dramatischer als es ist.

Wie du schon gesagt hast, muss man damit direkt an die Karte hin. Auch 2-3 Karten übereinander sorgen dafür, dass keine davon mehr ausgelesen werden kann da sich die Signale überlagern.

Selbst wenn man an die Daten kommt.
Zum Bezahlen am Terminal reicht das nicht wegen des von mir oben erklärten Mechanismus. Der Chip enthält geheime Schlüssel die nicht übertragen werden und auch nicht anderweitig auslesbar/klonbar sind.
Zum Bezahlen im Internet reicht es ebenfalls nicht, weil die CVV auf der Rückseite nicht bekannt ist und nicht übertragen wird und dank Verified by Visa (VBV) und MasterCard Secure Code (MCSC) eine 2-Faktor-Authentifizierung stattfindet.
18  Bitcoin / Development & Technical Discussion / Re: Brute-forceable puzzle - free crypto for whoever manages to crack it on: August 10, 2021, 10:25:21 AM
And risk using these online encryption/decryption services who may save the results and steal funds as well? With my method you can do it by hand, you don't need any script.

Who said anything about online services?

You do trust your Operating System, right? Then just use the built-in tools. As easy as that.



I think it's you who didn't get it... With my method you don't have to rely on any external software or use online services (and risk theft) to decrypt anything, you can do it by hand. And with my method you can simply write down 12-24 BIP-39 words, not random gibberish 100-300 characters. The point is to write them down on a piece of paper, not store them on a computer in crypto.txt that my mother has access to and can simply copy-paste it. That's just extra risk right there.

You don't need any external software. You can just use your OS.
And you also don't need 100-300 gibberish character, it seems you still didn't get it. Just read my last 2 posts again. You can use the same secret which in your case are a few dates. No additional characters.
The difference is that you don't use a worthless and non-secure mechanisms which leaks the plaintext (your mnemonic code), but a secure algorithm which is used all over the internet to secure messages.

If you don't trust AES, why don't you just use your stupid and insecure shift cipher to communicate with websites instead of TLS?

You have been warned. What you are doing is bad and insecure. And that is not an opinion, but a fact.
You gain almost zero usability but lose tons of security.

I understand that people who don't understand anything at all regarding security and cryptography believe to be able to create a secure mechanisms. Simply because they don't know better.
But the truth is, they can't. Believe it or not. We don't care whether you lose your money. The important part is that everyone else reading this knows that your mechanisms is insecure.
19  Local / Anfänger und Hilfe / Re: Blockchain Problem on: August 10, 2021, 09:45:28 AM
So wie ich das sehe, wurde keine On-chain Transaktion durchgeführt.

Ich vermute mal du hast aus versehen eine Transaktion "innerhalb deines Accounts" bei blockchain.com durchgeführt.
Blockchain.com hat ein seltsames Konzept von verschiedenen "Wallets" (eigentlich keine echten Wallets) innerhalb eines Accounts.

Hast du denn beim Senden der Transaktion irgendeine Adresse angegeben? Oder hast du "BTC Account" o.Ä. ausgewählt?


P.s. Wenn sich das hier geklärt hat würde ich dir raten ein echtes Wallet zu verwenden und nicht so ein schreckliches Web Wallet.
20  Other / Off-topic / Re: A weird problem affecting my PC on: August 10, 2021, 09:35:06 AM
You should definitely give more information.

When does this happen?
When did this begin to happen (what did you install)?
What exactly do you mean with "affecting performance"?

With just an error message without any context, you won't get much help.
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 319 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!