Was ich danach aber erst festgestellt habe: Binance nimmt by default 4% transaction fee, um die BTC in ein Wallet zu schieben (sprich, denjenigen in BTC zu bezahlen). Es muss doch günstigere Möglichkeiten geben, oder?
Binance nimmt keine 4% Gebühren. Die haben eine fixe Abhebegebühr (0.0004 BTC). Wenn du dir 0.01 BTC auszahlen lassen möchtest, dann sind es 4%. Bei 0.02 sind es nur noch 2%, usw.. Vermutlich wäre es am einfachsten, mir mein eigenes BTC Wallet anzulegen. Von dort aus sind die Fees dann ja günstiger. Die Frage wäre: wie bekomme ich möglichst günstig BTC auf mein Wallet drauf?
Jein. Günstigere Möglichkeiten gibt es, ja. Von einer Handelsbörse auf dein eigenes Wallet und dann weiter senden gehört auf jedenfall nicht dazu. Die Abhebegebühr hast du ja sowieso, und dann kommt noch eine 2. Transaktion dazu -> Also teurer. Wenn du öfters BTC versenden wirst, dann lohnt es sich einmal mehr zu kaufen und ausszuzahlen (auf dein eigenes Wallet). Dann kannst du mit einer geringen Fee weitersenden. Wenn das jetzt eine einmalige Sache ist, dann entweder die fixen 0.0004 BTC bezahlen oder privat Handeln. Bei ~100€ (scheint zumindest in deinem Fall diese Menge zu sein), sind die Gefahren auch noch recht gering wenn du mit vertrauenswürdigen Leuten hier handelst.
|
|
|
Any updates? Any progress? Did you already shutdown your PC or is it still running?
Overwriting a file does usually not immediately mean the old one is inaccessible anymore. But since this was 3 days ago, i guess you gave up on it already?
|
|
|
So all sites that handle sensitive data should run only HTTPS (and activate HSTS to prevent HTTP from working), so people can identify fake copies of their websites!
So to OP: the way how you'd know how a website was compromised, is when the browser gives you an HTTPS warning. [...]
It is worth to note that while this mostly will be the case, it doesn't always have to be that noticeable. More precisely, if you get such a HTTPS warning, something is wrong -> either the site/server administrator made a mistake or there is an attack going on. But on the other hand, if there is no warning at all and HTTPS is "working as it should", there is no guarantee that you indeed are connected to the real server. If there is no certificate pinning, "all" an attacker would need would be "just" a signature from a CA. While this in theory shouldn't be possible to receive as a malicious actor, there have been several cases already where CA's got compromised. Just because you are connected to website.com via HTTPS, it doesn't mean that you indeed are connected to the real server.
|
|
|
I know next to nothing about the reliability of fingerprint tech as a means of using it as a "password" and your statement kind of surprised me. I would expect that if a device could recognize only your fingerprint, it'd be on point. Do you know what the problems are? Is it that fingerprint identification devices recognize other fingerprints than those it should be recognizing (like false positives)?
The problem is, that proper devices to detect fingerprints with an extremely low false positive rate cost lots of money (multiple thousands to tens of thousands of dollars). A hardware wallet for 50$ or a smartphone only have an extremely weak fingerprint sensor built in. There are already some blueprints available which can unlock a pretty nice percentage of fingerprint locked devices (smartphones). If i am not mistaken something between 70 and 90%, and that with a generic blueprint without any additional work involved.
|
|
|
[...]
Not yet. Is it worth watching? I agree, it is quite frustrating and frightening how sensitive data is handled. In the current times, some lectures regarding privacy / social media should be taught at school IMO. People too often do something they don't know anything about. Often that's fine. But the internet never forgets. If you leak personal information, you might never undo that.
|
|
|
I was just reading about using 12 words to encrypt a bitcoin core wallet!!
Are you sure that you actually understood what you have read? While encrypting a wallet(file?) with words is definitely possible, it is rarely done. And if done, it can be quite confusing. 12 words almost always are a mnemonic code which is the encoded seed which is used to derive the keys from a HD wallet.
|
|
|
War ein super Schritt den Ledger da gesetzt hat mit Changelly. Ich bin Fan von Prozessen die das tägliche Leben und den Einstieg für Neulinge erleichtern!
Das kann ja unter Umständen recht praktisch sein.. Aber.. - Das ist ein absoluter zentralisierter Ansatz - Widerstrebt dem Grundgedanken von BTC und anderen Kryptowährungen komplett
- Changelly hat die Möglichkeit die Auszahlung einfach zu verweigern (und macht davon auch genügend oft Gebrauch..)
- Solche Services blocken Zahlungen häufig aus "Sicherheitsgründen" und verlangen daraufhin KYC -> Keine Privatsphäre
- Neulinge werden denken, dass das eine good practice ist. Und irgendwann fliegen die dann auf die Schnauze damit.
- Solch eine Funktion hat in einem Wallet nichts verloren.
|
|
|
Or, as @BitMaxz has suggested there is a back door ...
he didn't suggest there definitely is a backdoor that you claim with certainty that there is and the funds are lost. Um... ok... I never heard about that tool for generating mnemonic seed phrase, I tried to check the tool it seems it's not a well-known script and there's a possibility that this tool has some backdoor, keyloggers or any related that can steal your BTC.
If I were you much better generate mnemonic seed phrase to any well-known wallet than using script that we don't know if it is safe or not.
Anyway, I found someone posted it here on the forum and maybe it can help.
- https://bitcointalk.org/index.php?topic=5139623.0 I must be reading a different thread from you. It seems like you are indeed misunderstanding something. The fact that the possibility - that a backdoor is included - exists, does not mean that there indeed is a backdoor included. Possibly malicious is not the same as proven to be malicious. Nowhere did he claim that it indeed contains some kind of malware. All he said was that there is a possibility (which is completely true).
|
|
|
Things (especially when talking about a PC and its user) don't "suddenly just happen". Either it was a watch-only wallet all the time, or you opened the wrong wallet, or someone else did.
Since you have the mnemonic code, you can simply create a new wallet file with your seed. However, you might just have opened a wrong wallet file (as mentioned by HCP). Wouldn't hurt to check this first.
Also, please confirm that you did not enter your mnemonic code on any website or shady software you have downloaded. If you did, move your coins ASAP.
|
|
|
I am convinced that at the present stage of the development of computers, hacking a bitcoin wallet is an almost impracticable and difficult task.
It is impossible to bruteforce used private keys / seeds. But only if there is no flawed random number generator used and the implementation doesn't include any other vulnerability. Further, theft mostly doesn't occur through cracking/bruteforcing of seeds/private keys/brain wallets, but through bad user habits and compromised personal devices which itself is definitely possible and not as difficult as people may think. The largest vulnerability is the human sitting in front of the computer. And it is being successfully exploited to steal private data including private keys.
|
|
|
BIPs are not standards, they are "proposals". that's also what the 'P' stands for [...]
I am indeed aware that these are Proposals. But they are nonetheless standards which either are or aren't implemented in wallets. There is no centralized authority which decides what is going to be implemented. It is a standard achieved by consensus. BIP 39 simply is a standard on how to generate a mnemonic code. Developers can either decide to implement it (like ~95% of all wallets), or they don't (e.g. electrum).
|
|
|
There were a couple of good seed wallets that used x of n for recovery like Armory which I used in the past. Unfortunately it looks like that wallet is no longer maintained. It seems you're more versed with current wallets - do you know of any wallet that does this well?
Armory is still maintained and actively being developed. Unfortunately i am not aware of a good wallet which does offer that option. But there are other tools available to actually split the mnemonic code like that. Especially Shamir's secret sharing scheme is pretty popular. You basically just need to enter the secret you want to split (in this case the mnemonic code) -> and you get M shares where N out of M are required to gain access to the mnemonic code.
|
|
|
I know, but IMO GNOME is less user friendly compared with other DE (such as Cinnamon and KDE) for user who used Windows previously.
True. I'd also always recommend KDE and/or Cinnamon for people coming from windows. Arch Linux is one of distro that have many (with good quality control) tutorial at https://wiki.archlinux.org/. Even if i don't use Arch Linux, there are few problems that i solved by using guide from Arch Linux wiki. It is probably the distro with the best wiki available. But on the other hand, there are less step-by-step tutorials for Arch. Ubuntu (and therefore also debian) seems to be the best distro for newcomers since there are tons of step-by-step guides on how to achieve specific things.
|
|
|
I mean the maximum bit length security (like for exact bitcoin private key it is 256bit, for final address 160bit only) - what is the maximum possible bit length for wallet.dat file encryption?
With encryption it doesn't always depend on the length of the password. Most encryption algorithms use a key derivation protocol. Therefore the max bit security is capped. For AES with a key length of 256, it is 256 bit. For RSA with a key length of 2048 bit, it is 112 bits.
|
|
|
Das macht nichts, aber Windows wird nicht die Wasabi Historie protokollieren oder?
Meinst du die Transaktionshistorie? Nein, die auf jeden fall nicht. Nur, dass die .exe ausgeführt wurde, zusammen mit dem Zeitpunkt und ggf. Netzwerkverbindungen (zumindest mittels zeitlicher Korrelation nachvollziehbar). Was innerhalb der Software gemacht wird, wird nicht protokolliert. Direkt nach dem beenden von Wasabi ist es aber gut möglich, dass noch etwas im Speicher vorhanden ist, und falls nicht genug RAM vorhanden ist, in der Auslagerungsdatei auf der Festplatte. Falls du nicht gerade versuchst dich vor staatlichen Behörden (oder ähnlich kompetenten Leuten) zu schützen, sollte das keine Rolle spielen. In solch einem Fall wäre Windows sowieso ein Schuss ins eigene Bein.
|
|
|
Make a mnemonic word seed and then store 1/2 or 1/3 of the 12 word or 24 word phrase in different locations.
That's actually a bad idea. If you want to spread the mnemonic, use some secret sharing scheme. These allow you to create redundant backups of data/information which does not leak any information about the actual data if less than the required amount of shares (N-1) are obtained. A 5 out of 6 scheme would then leak no information about the mnemonic. If you compare it to your approach, 5 from 6 shares would be enough to bruteforce the remaining words.
|
|
|
Can you please tell if you know - what is the bit security of the password from wallet.dat file? (i mean is it 160bit, 256bit, 512bit or more)
It depends on the chosen password. To be more specific, it depends on the used charset and length of the password. "abc" has a different security than "p4zzw0rd!".
|
|
|
You really need to be more specific. We can only guess what you exactly mean.
If you are talking about the passphrase to protect the wallet, yes. You can simply delete your wallet file. To recover your wallet you'd need your mnemonic code. However, if someone already got access to the wallet file and the passphrase, your coins (if there are any) are at risk. He'll also be able to check your transaction history. Nothing you can do against it.
If you are talking about the mnemonic code, then no. He already has access to all of your coins (if there are some) and your transaction history. Nothing you can do against it.
|
|
|
Did make run correctly? No error/warnings? Because it is not clear from your screenshot whether there were any errors / warnings when building.
Errors do not only appear at the end of the output.
|
|
|
I received these rewards and they were not propagated in the network correctly, they can be contained in my "wallet.dat".
That's not how it works. Why when i make "getbalance" i saw all these BTC's ?
Probably because your wallet file has been manipulated to do so. Let me ask you a question.. did you buy the wallet file? If so, i am sorry to tell you.. but you got scammed. There are no BTC and you won't be able to "recover" anything.
|
|
|
|