Thanks! I used some Passphrase (not sure if it was BIP 38 in 2014) with my paper wallet. I guess it will be not that easy to import my private keys to Exodus, Electrum or a Hardware Wallet?
You could import it into electrum and send your BTC to a new wallet. You definitely can't import private keys into a hardware wallet (which would be completely against the reason to get a hardware wallet). As mentioned by BitCryptex, coinomi might be a good choice for you. It support a lot of shitcoin altcoins. You could easily access all of them. But, depending on the amount of BTC you have, you might want to use a more trusted wallet to move your BTC first.
|
|
|
Q2)when i generate a new address/privatekey on bitaddress.org, how do i know that it is not an already a used address ?
No, don't do that. Don't you any website to generate private keys. Use a proper wallet (desktop-, mobile- or hardware wallet) to generate keys / store your funds. Q3)if i use electrum to send some (fractions of) bitcoins to another address, how do i know that my privatekey will not be stolen and used by somebody else ? (i suppose that i have to trust the developers of electrum and the open source aspect ?)
Yes, you have to trust 1) electrum and 2) your own computer. If one of both is malicious or compromised, you can easily lose your private keys and funds. Q4)so a safe approach would be to have several addresses with small amounts rather than only one address with a big amount ? what do you think ? (in case a privatekey is stolen)
Not really. It depends on where the private keys are stored. If all are stored on the same machine, it doesn't matter at all. If you spread them between your mobile and your desktop, then yes (theoretically). The amount of lost coins in an incident is lower, although the probability increases of something happening.
|
|
|
Is it by chance possible to change the private key to that address?
No. The address is basically the hash of the public key. And the public key is derived from the private key.
|
|
|
Even if I have the most malicious software wallet in existence on my airgapped computer, there is nothing it can do to steal my coins.
Technically, this isn't completely true There are quite a few paper about how to exfiltrate data from air-gapped computers. Those techniques are highly sophisticated and the chances of happening to are close to zero. But some would include: - AirHopper: Malware to encode data into FM signals transmitted from a screen cable. This signal can be received by any smartphone with an FM receiver
- PowerHammer: Exfiltration via Powerline: With probes on the computer and the power control box, malware on the air-gapped computer can increase/decrease the cpu load by doing useless (but ressource heavy) calculations to transmit data via the power line.
- Another option requires a camers to be installed close to the computer: Using the hard disk led's to transmit data.
Those are not just theories, but they have been proven to work. There are a few more extremely fascinating ( and highly unlikely) attacks which could extract data from such an air-gapped setup. Quite a few paper have been published which cover exactly that: Exfiltrating data from air-gapped computers. They are quite exciting to read. It is obvious that no typical crypto holder will face such an attack, altough its interesting to know which techniques exist
|
|
|
Weird thing is that it only connects to ip format servers, for example 104.244.222.2281 ; 167.172.42.31 ; etc.
Of course, if I use Tor or change DNS to 8.8.8.8 it will connect to 10 nodes in a matter of seconds. Including DNS servers like 0.electrumx.ggez.win or electrum.bitkoins.nl
Since you actively changed the DNS server you are querying, it might be worth to check which one is set as the default one. You should find that in the settings of your router. If no default is set, it should be the DNS server of your ISP. But maybe there is a different server predefined ? Do you administrate your network? Or someone else?
|
|
|
sendbit.io (web wallet) is shady and might be malicious. $ whois sendbit.io Domain Name: SENDBIT.IO Registry Domain ID: D503300001183785123-LRMS Registrar WHOIS Server: whois.namecheap.com Registrar URL: www.namecheap.com Updated Date: 2020-04-16T18:15:20Z Creation Date: 2020-04-11T08:53:43Z
User LeonCrypto registered May 09, 2020, 10:55:24 AM, just to shill sendbit.io 10 minutes later. His one and only post yet. ( archived) 1) sendbit.io is deceiving potential customer:They claim: ( archived) However: - The encrypted file is stored on their server
- The password used to encrypt it is send in plaintext to their server
This concept is not similar to blockchain.com, where the keys are created and encrypted client-side and only are stored on the server. They have full access to the private keys. 2) sendbit.io is donating to themselves: sendbit.io donation address: 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq ( archived) Outgoing transaction to address 3AN8iJKd8VaVfczVY4Vvj8CQtMxZeNCFiP. The very next and only transaction from 3AN8i.. goes back to 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq and 34Yam2jeDX348v6KtN6d21psC1gxn1o9tD. The very next and only transaction from 34Yam2.. goes back to to 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq and 2 other addresses ( 34pVKwsP8YmyifjPBAWGnjcQKj4UNag3Gq and 38FrvmdxuHud75gQQqjA5fmp7rb3YxfrUy) which both again fund the sendbit.io donation address 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq and other address... and so on.. This continues. This seems very shady to me. The only reason one would do that, i can think of, is to increase their reputation or popularity by pretending there are a lot of donations coming in. 3) cryptotalk99 affiliated with sendbit.io3.1) He is heavily shilling sendbit.io: I don't know what programming language you're using based on PHP this is the best I could find https://sendbit.io/page/api-documentation other than coinpayments. Sendbit.io allows you to have private key access so you're in control of your funds. [...] In the future double-check the address before you actually send the payment. checkout https://sendbit.io they prevent clipboard hijacking and even give you private keys for each address you own. Sorry for your loss buddy. If you're looking for a secure online wallet check out https://sendbit.io or trezor.io Sendbit.io allows you to have access to your private keys... That's pretty cool and they have an awesome API Trezor.io you'll need to order their hardware device your private keys are inside that. Post history archived: https://archive.vn/gzNgd, https://archive.vn/3K73x, https://archive.vn/QWsQR3.2) Address used from cryptoworld99 to send out 40$ in a contest/donation : 3AkoGZo64KFZ6GrsjxDiwUoR5puAW1x9NZ ( archived). This address has: - 1 incoming transaction, from address 1hasanwdFRZkZn665PLrNMjsJyqWBuecy which has an incoming transaction from 38q7yuD28n7mQ6uecQRT6z9ux6ygLkPPK4, which also funds 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq and also received a transaction from an address which also funded 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq.
- 1 outgoing transaction which funded 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq directly and another address which also funded 32xTvYfrjf8KMemRfbmz9CrcBo6Q8YK6aq
The address used by cryptotalk99 (3AkoGZo64KFZ6GrsjxDiwUoR5puAW1x9NZ) seems to be included into the self-donation-circle.
This thread is used as a reference for a general warning towards this wallet.
|
|
|
I can't say from my own experience, but if you use a virtual machine you also seem to get a virtual IP address which explains why Electrum is blocked when you use your main OS.
The global IP is still the same (if using IPv4; and with IPv6 the whole block would have been censored). You might only get a different internal IP. If the censoring is done outside of your own network, this can't explain it. This might be an explanation if there is some network internal firewall dropping packages from his specific internal IP, but has nothing to do with the DNS or his ISP.
|
|
|
Big transactions were signed that I don't have knowledge of.
There are basically two possibilities: 1) You downloaded a malicious version of core (less probable) 2) Your system is compromised (more probable) I wouldn't store any sensitive information on your system until this is sorted out. If you suspect your system might be infected, backup important data and format your drive / reinstall your OS.
|
|
|
Are there any drawbacks if I keep my IPV4 8.8.8.8 and 8.8.4.4. on my main OS? Any security concerns?
Security-wise? No. Privacy-wise? Maybe. This depends on your country, ISP and who you trust more (Your ISP and government or google). You're letting our Google overlord sniff the websites that you're visiting
Simple DNS is not encrypted. Everyone can sniff the data. Not only the DNS server knows which site you are interested in, but every other person between you and the DNS server who is interested. Google is already supporting DNS over TLS. In this case only google knows which domains you are interested in. Whether the DNS server from your ISP supports DoT is completely dependent on them.
|
|
|
Lösungsversuch: BEE T Prof. Dr. Elisa Marie "Hoven"
1 => Beethoven 2 => Richard Wagner => Bayreuth 3 = §16
Beethovenstrasse 16 in Bayreuth
Fuchs => (Michael Fuchs Philosoph)
16.3.1988 Giftgasangriff auf Halabdscha Abdullah Goran (Dichter der Region)
Y Z Michael Abdullah Goran ------------------------------------------------------------------------------------------------- Gesuchter Fußballer: Goran Michael Abdullah
Bis Richard Wagner liegen wir gleich auf Wenn man bei Richard Wagner den Geburstort nimmt => LeipzigBeethovenstr. 16 in Leipzig: "Villa Schreiber" wurde 1891/1892 für den Bankier Georg Schreiber errichtet. Georg Oswald arbeitet am Institut für Philosophie der Uni Bonn (Kein Professor; daher höchstwahrscheinlich Tutor). Dieser ist seit 2018 dort. 16.03.2018: Schwerer Unfall auf der A1 in Höhe MoorfleetGooglesuche zu Georg (Y) + Moorfleet (Z) + Fußballer ergibt: Max Kruse oder aber auch Jann George. Sollte ich richtig liegen, dann behalte den Betrag bitte und leg ihn bei deinem nächsten Rätsel (was es hoffentlich geben wird ) drauf.
|
|
|
If you want to generate a paper wallet i recommend doing the following: - Download and install a bootable linux distribution using an USB drive
- Boot from your USB
- Download electrum and verify the signature
- Disable wifi / disconnect ethernet
- Generate a new wallet in electrum
- Decide whether you want the whole seed / mnemonic code as a paper wallet or just a single private key / address
- Write down (or print) the mnemonic code / seed / private key / address
- Shutdown your PC (all traces will be removed from RAM)
This approach is by far more secure than using a website (online or offline). I was thinking maybe getting a trezor one. But I worry about my ip address getting recorded is there a way to secure my information with using trezor one if i do decide to pick one? Like using a desktop or web wallet not recording your data?
You can use your hardware wallet with electrum. The electrum server will still see your IP, but won't know for sure which addresses belong to you, neither whether you have a hardware wallet.
|
|
|
Has anyone experienced any problems updating their Ledger Live to the newest version (2.3.2, I think)? For some reason it just wont update on my end.
I didn't use ledger live for quite some time now, but decided to start it up. Update from version 1.20 to the latest went without any problem for me (linux). What OS are you using? Windows 10 ?
|
|
|
~snip~
I was just trying to share my point of view. IMO BTC is a currency and should therefore be used as such. Just because people were ready to donate 50 BTC a few years ago and received a Donator tag, doesn't mean the value should be lowered because the USD value increased. My analogy with an old smartphone might not have been the best, i agree with that. You don't care how much Venezuela Bolivar you get for your USD. You care about your own currency and the buying power. While the buying power of bitcoin is a lot higher today than X years ago, the amount still stays fixed. And that's fine IMO. Also, i don't understand the reason for the whole topic. If someone wants to donate, just donate. I don't see the reason in donating just to get a tag which shows that you donated. This just doesn't make sense to me.
|
|
|
You need to trust the software you're using. It's a lot more difficult to compromise a coin flip than it is to compromise a recently sold paper wallet website.
That's why i said the following: Don't ever use websites to create a paper wallet (neither online nor offline).
Trust required towards the software is true. But i'd say you can pretty much trust an officially signed open source linux distribution and openssl (or electrum). Because that's basically all you need (or even less when generating it with coinflips). And that's what i was talking about. But i was curious regarding the coinflips from o_e_l_e_o, and why he chose to use them instead of the other possibilities (openssl / electrum / core) on an airgapped computer (which has to be used anyway).
|
|
|
[...] the quote tag was used in 2 of my messages so it may have been autoban from plagiarism [...]
There is no autoban for plagiarism. Someone found the posts (probably a bot) and reported them. You can be assured, the mods are not dumb. If there is a mistake with the quote tags (e.g. bracket missing), they won't ban you based on that.
|
|
|
Am I the only one who generates my paper wallets manually?
Flip a coin 11 times, turn the resulting number in to a BIP39 word from the word list. Repeat 22 more times. Flip a coin 3 times, calculate the checksum using a permanently airgapped computer, pick the last word. Write down on paper, import in to a wallet or iancoleman on your permanently airgapped computer to generate a receiving address (Optional: add in a passphrase and write that down on a separate piece of paper). Whole thing can be done in 15-20 minutes.
If you are calculating the checksum on an airgapped computer and generating the address on it, why not simply create the seed/private key on it as well ? That would be my approach. I'd rather spend 2 minutes typing commands than 15 minutes flipping coins Is there a specific reason to not gather the entropy from an electronic device? Or do you just like generating it from scratch ?
|
|
|
Keep in mind that there is currently no defined standard to sign and verify messages with segwit addresses. So any message signed with electrum will only be verifiable with electrum.
If you need a message to be verifiable with multiple tools (wallets / web sites), you need to use a legacy address.
|
|
|
here is a better thought: instead of using websites or even their source code you can use a popular wallet to create a paper wallet. wallets such as bitcoin core or electrum. just download them, verify their signature and then go offline on an airgapped machine. run the wallet and create a new key or better yet create a mnemonic with an HD wallet such as electrum. then write that down on a piece of paper as your paper wallet. if you like the design that those sites offer you can always find their source code (or even through the HTML in the site that is open) and save the picture which is usually a jpg file and print your key on that.
This is the way to go. Don't ever use websites to create a paper wallet (neither online nor offline). The most secure way to generate a paper wallet is to use a live linux distribution on an offline computer. Either use electrum or any other reputable open source software (signature verified) to generate a private key / mnemonic code or just use openssl from the command line. Both works. Just don't ever use a website. The risk is way higher and not worth it.
|
|
|
If you bought a watch for Bitcoin back when 1 BTC was worth $300, would you be ready to pay that same watch 1 BTC when the value of BTC increased to $18,000 during the last big bull run? I don't think you would. The amount of BTC is the same but there is big difference in the valuation.
If you bought a new Smartphone for 2000$ 8 years ago, would you still pay the same amount of money for that exact smartphone today? I don't think you would. The amount of $ is the same but there is a big difference in the valuation. Your argument is invalid
|
|
|
Whats the advantages of having your own email server in compared to a email service like protonmail?
I guess there is no real advantage for a regular user. It just lets me be in control of my mails and the service itself. And one of the neatest advantages is, that you are able to have an unlimited amount of mail addresses and your own domain. And additionally i am able to adjust my anti spam settings the way i want. Own email server requires your computer to be on all day and if your server hard drive fails then that means all the emails are lost?
I have a small raspberry pi running 24/7. It is hosting a small webserver with some services i regularly use (webmail, cloud, video conference software, anonymized google search, .. ). So that's not an issue for me. Since most mail services are using IMAP, this means that those mails are also saved on the clients. If the hard drive fails, all mails which haven't been yet pulled from the client are lost, yes. But since (my mobile for example) is pulling them each 5 minutes, the risk is pretty small. A short downtime of a mailserver also does not mean that you don't receive mails which are being sent in the downtime. Mail server usually are set up to repeat the process of sending a mail if it fails.
|
|
|
|