It also includes encryption, but don't rely on it. Encrypt your wallet in your Bitcoin program and GPG it too, so it ends up triply encrypted  There is no practical reason to encrypt something three times. You either have all the keys stored in the same place -> Results in the same security as just a single encryption or you have the keys stored in different places -> Then going for a secret sharing scheme after encryption is the better alternative. Either way, encrypting something twice, or even a third time, doesn't increase the security. |
|
|
|
Do you suppose there is a way to disable Electrum <3.3.4 from running entirely on a computer? There won't be much luck in Electrum itself but there should be some system administration tools that block specific programs from running on a computer.
As a system administrator, you definitely can whitelist or blacklist programs. But what would be the advantage for an enduser ? If you know that software X is vulnerable etc., you don't need to block it. You can simply uninstall it. Such administration software is used in companies to allow or block specific applications. |
|
|
|
I have witnessed a lot of people complaining how they were hacked due to not activating their 2FAs. It's sad to see them complain although they were warned that it's part of security measures and everyone should apply it.
And at the same time these people use the same device for logging in and 2FA, completely negating the whole purpose of it. The usage of 2FA for the purpose of using it, is not enough. You still need to think about the whole purpose of it and how to use it properly i.e. do not use the same device for logging in and generating the 2FA code. |
|
|
|
Such a loan can be handy in some specific situations (which probably don't appear that often). However, the site has been registered only a few months ago: Domain Name: ELQUIREX.NET
Registry Domain ID: 2509445083_DOMAIN_NET-VRSN
Updated Date: 2020-04-03T11:39:48Z
Creation Date: 2020-03-31T11:38:52Z
Where is the guarantee that you will get your cryptos back ? I'd be careful with such new services. The risk of getting scammed by simply not getting your crypto back, exists ans is not negligible. |
|
|
|
~snip~  ~snip~ The rates don't even make sense. You either commit for the longest amount of time (24 hours) with the lowest min/max deposit and gain 150% "profit" or you commit to the shortest amount of time (10 hours) with the highest min/max deposit and gain 200% "profit" or you choose the in-between with medium amount of time and medium min/max to gain the highest profit ? It seems like the scammers are getting more and more stupid. They can't even create a plan which looks "half-way legit". I hope no one falls for that.. Anyway, I still saw some of this ponzi advertisement in my social media account especially in Facebook. And many people are really investing in to it. Sometimes I'm just feeling sorry for them for not being properly educated about that scam. I'm so tired on commenting against since the only thing you can get are criticism from them.
You get criticized for pointing out an obvious scam ? The next time, message them after a few days. And ask how much money they made with their "investment"  |
|
|
|
i am use vpn.I've heard that using vpn is a security risk. But can it be true?
It depends. There are several things to consider. The most important thing is.. why do you use a vpn? A vpn itself does not secure you. With a vpn, you are basically moving the required trust towards your ISP, to the VPN provider. Depending on the country, this definitely can make sense. But in the western world, an ISP is usually more trustworthy than a VPN provider. |
|
|
|
Vielen Dank für deinen Input bob123. Ich habe deinen Beitrag mal unter einem neuen Punkt "Kritische Stimmen zur Verwendung von Privnote.com:" im OP verlinkt. So kann dann einfach jeder selbst entscheiden, ob er dem Service wirklich vertrauen möchte oder auf die von dir beschriebene Methode zurückgreift.
Vielleicht noch als kleine Anmerkung.. hatte jetzt nicht vor privnote zu verteufeln. Den Administrator des Servers wird es wohl herzlich wenig interessieren wenn dort mal eine Adresse auftaucht. Lässt sich ja auch sonst zu nichts zuordnen. Andere versenden vermutlich durchaus sensiblere Daten über diesen Kanal. Aber wirklich sensible Informationen (wie z.B. private keys) würde ich unter keinen Umständen über so einen Service versenden. Davon würde ich auch jedem abraten. @bob123 Ich glaube du bekommst heute gleich 2 Küsschen von Alice456 für die Beste aller Methoden und zwar Kostenfrei. Nur wenn Eve und Mallory nicht dazwischen kommen |
|
|
|
LottoBTCorg, if you fail to do it yourself, there is one good and legitimate service that has helped many in similar situations. [...]
[Link removed.]
No. Definitely a no.OP, do not trust any random "recovery services". A lot of them are either a scam or really bad. There is only one reputable and trusted wallet recovery service. And that's Dave's recovery service: https://www.walletrecoveryservices.com/Do not use any other service. |
|
|
|
Viele Leute scheinen privnote zu verwenden. Daher mal eine kleine Warnung. Man kann als Verwender nicht kontrollieren ob der Serverbetreiber diese Nachricht unverschlüsselt lokal aubewahrt, liest, etc.. Ihr vertraut mit privnote einer drititen Partei (dem Server).3 Parteien haben Zugriff auf die Daten: Stattdessen könntet ihr auch eine PM hier im Forum senden. Eine einfache unverschlüsselte PM resultiert im gleichen. 3 Parteien werden Zugriff auf die Daten haben: Um wirklich sicher zu kommunizieren, müssen die Daten lokal verschlüsselt und entschlüsselt werden. Dazu gibt es mehrere Optionen: - PGP verschüsselte Emails:
Dazu gibt es bereits viele Apps (Mail client + PGP key storage) die miteinander harmonieren. Das sind ein paar Klicks und man hatt alles eingerichtet. Dann kann man problemlos verschlüsselte Mails versenden.
- End-2-End verschüsselte Messenger:
Der beste (open-source) E2E verschlüsselte Messenger ist Signal. Aber sogar Whatsapp (ja, richtig gelesen.. Whatsapp) bietet eine E2E Verschüsselung an.
Einziger Nachteil hierbei ist natürlich, dass ihr eure Telefonnummer herausgeben müsst. Alternativ eignet sich Threema (closed source) auch. Dabei wird über ID's (keine Telefonnummern) kommuniziert. - Für die Nerds unter euch: Diffie-Hellman Schlüsselaustausch über einen unsicheren Kanal um einen gemeinsamen Schüssel zu erhalten und dann einfach symmetrisch verschlüsseln (z.B. AES). Gibt auch Open-source Tools dafür.
Bei diesen Methoden haben nur Sender und Empfänger Zugriff auf die Informationen. Das einfachste wäre vermutlich wenn sich beide einen PGP Schlüssel erstellen und die Public keys austauschen. Dann Adresse (oder andere zu schützende Informationen) mit dem Public Key des anderen verschlüsseln und die verschlüsselte Nachricht hier im Forum per PM versenden. |
|
|
|
Absolut nachvollziehbar. Wer seine Daten prinzipiell nicht teilen möchte, für den ist es natürlich am sichersten bei solchen Gewinnspielen gar nicht erst teilzunehmen.
Also mit postlagernd habe ich bis jetzt auch nur gute Erfahrungen gemacht. Um Briefsendungen anonym zu erhalten ist das ideal. Natürlich sollte man darauf achten, falls man in einem kleinen Dorf mit 2.000 Einwohnern wohnt, nicht die Postfiliale in diesem Ort zu nutzen. Dann doch lieber zur nächstgrößeren Stadt fahren. Oh je.. Schon wieder privnote.. Da ich den Thread hier nicht ins off-topic reißen möchte, werde ich dort nochmal seperat antworten. Aber allgemein: Bitte keine solche Seiten verwenden um (wirklich) private Informationen zu übermitteln. |
|
|
|
Yes, the user has to decrypt it with strong password first, and then every time the user want to spend something, has only one chance to enter the last X of characters or any other shorter password, which decrypts the quick unlock key. If not, then the quick unlock decryption key is removed from memory.
The security with this approach heavily relies on the implementation. What i am most concerned in is, where is the decryption key stored so that you can access it with entering only the last 3 chars. 1) If it is in memory and only used by the application if the 3 chars are correct, that would be prone to a memory dump. If someone would be able to gain access to your unlocked phone, he could, under given circumstances, extract a RAM dump to access the key while there has not been a wrong first attempt entering it. 2) If it is encrypted using a key which is encrypted with the 3 chars this should be fine. But this also means that the encrypted key has to be deleted securely after the first failed attempt. |
|
|
|
When I try to add XRP account to the ledger live, i get stuck on step 2 where it asks you to open the XRP app on your ledger.
So.. what exactly is the problem ? Is it that you can't open the XRP application on your nano ? Or can you open it, but ledger live doesn't do anything further ? And also please tell us which version of ledger live and which OS you are using. |
|
|
|
|
What about generally checking the transaction before sending it?
I feel like this should be taken for granted. Do you never check for typos in the amount/fee ?
Do you really need a warning box for that?
If you are that kind of a person, who doesn't check everything.. feel free to not use a hardware wallet.
The security with a hardware wallet is that you actually have to double check the transaction details on a trusted device.
If you don't check anything, you are going to approve everything. And this means that a simple malware on your online pc can send wrong transactions to your hardware wallet which will be approved by a user who doesn't check anything.
I'd assume every person has the ability to check the amount, the fee and the recipient of a transaction before hitting the send button.
|
|
|
|
The problem is that I've never used Linux before, I don't know how to create a virtual machine with Linux
Take a look here. [...] so I am better off someone doing this via rdp on my pc.
If you really care about building it from source instead of simply verifying the signature, you should at least do it yourself. I don't see the reason behind letting soemone else access your computer to compile electrum from source. You could either use the guide together with a tutorial on how to set up a virtual machine and therefore compile it yourself (which kind of is the reason to compile something yourself) or just verify the signature to be sure you are not using a malicious version of electrum. No one here wants your money to assist you. Just try it yourself. If you run into problems, there are a lot people here who are willing to help you without being paid for it. |
|
|
|
With news surrounding hacks and theft on PC the last thing I would want to use is an add-on or software for all my exchanges 2FA pass or codes, nope never going to happen, I'm better off with Authy or Google Auth app on playstore
The idea behind 2FA is that you actually use a second device. If you are using your desktop to access the exchange etc., storing the 2FA on the desktop system absolutely defeats the purpose. -> Use your mobile instead. If you however are using your mobile (for whatever reason) to always access the exchange etc, storing the 2FA on your mobile also completely defeats the purpose -> Store the 2FA on your desktop system. A generic answer like "i'm better off with ... on my smartphone" is wrong. It always depends on the context. |
|
|
|
If you are talking about ETH, this thread belongs into the altcoin section ( move-button in the bottom left of this page). Put your opinions about how to prevent.
Check your fees before sending and be sober enough to distinguish between the "amount" and the "fee" field. |
|
|
|
Miners will always mine your transactions
Not true. Transactions can be for example replaced if the RBF flag is set, resulting in the initial transaction being dropped from the mempool. This TX will never be included in a block since it would invalidate the whole block. using low Satoshi will make you wait for hours or even days before your transactions get approved in the block
Satoshi is the pseudonym of the creator of BTC. Even a low fee rate (sat/B) does not directly mean that you will need to wait for a long period of time. This always depends on how many transactions are in the mempool waiting to get confirmed. Roughly 5 hours ago the mempool cleared completely:  A transaction with 1 sat/B would have been included in the next block if it has been broadcastet at that time. |
|
|
|
They use a double system, having their own coins in their private wallets and other coins on the exchange.
When you send ETH to the instant exchange wallet, the same time they receive the coins they execute an exchange of ETH>BTC on Binance or Okex or whatever, and then they release your BTC from their own funds. At the end of the day, they deposit or withdraw coins to balance the pairs again and have funds available.
Definitely this. I can't speak for all of them, but the majority does indeed work like this. That's the only way to guarantee a specific conversion rate without waiting for a few confirmations where the rate could fluctuate. Oh, and since you are going to open source it, don't forget to include the random 0.1% chance of having your funds locked due to "security" reasons incl. required KYC to release the funds. Every proper instant exchange needs that. if (getRandomNumber(0, 999) == 666):
lockFunds()
requestKYC() |
|
|
|
|
Ledger Live is an interface for a hardware wallet. Honestly, they shouldn't integrate such services.
If people want to use such a service, they are free to visit the website directly and buy crypto that way.
If there is some kind of error happening on coinify's site, ledger will be blamed for that. Especially by new comers.
I am completely against integrating this service into a wallet. Since i do not user ledger live at all, i actually don't care.
However, i am interested to see how many people will complain in the hardware wallets sub about bad rates etc. blaming ledger.
|
|
|
|
Exodus Bitcoin wallet is good. If you use with Trezor, you get the nice design of Exodus with the security of hardware (no private key leak) If you would have bothered to at least halfway read the OP and to check what wallet he is talking about, you would have noticed that he is specifically asking for a mobile wallet.
@OP: You didn't mention which OS you are using and what kind of cryptos you want to store on your mobile device. There are quite a lot of good BTC wallets available for android. But only a few for ios. The two BTC wallets for android i like the most are mycelium and samourai. Both are open source, have a nice interface and work flawlessly. If you are privacy-orientated, you might want to take a look at samourai. It has some nice features built in. |
|
|
|
|
Show Posts
