No.
There is a list for your node to initially find other nodes.

You could also just enter your own IP address to connect to. This doesn't change anything regarding the decentralization.




No.
Look at my previous answer, i explained what a node is two times already.

Once your computer is compromised, anything can be done which is not explicitly protected by cryptography.

While there is a lot of clipboard malware around, potentially this could have been more sophisticated malware compromising the whole system instead of just looking for the clipboard. So much more damage could have been done.

Once an attacker has made it onto your computer, basically everything is possible. Obviously there still is the challenge to get root / administrator privileges to actually be able to do everything.
The moment he achieved root/administrator privileges, he can change and modify any software you are using.

In this case, the answer to your question is yes. A malware could intercept and change everything. But generally speaking:
1) If he has full access to your computer, he might as well just extract your private keys / seed
2) This is easier sad than done.

Most malware you find is created by some script kiddie, who doesn't even know how to circumvent security measurements properly (e.g. AV evasion).
That's the reason they focus on easy to implement things like changing the clipboard (done with a few lines of code and doesn't require more than user privileges on the target system).


Long story short:
Yes this is possible. Just as encrypting a whole system or gaining access to a webcam is possible.
But you are more likely to encounter "dumb" malware (e.g. clipboard changing malware).
As long as you are not using the security nightmare OS (Win 7), you are relatively fine anyway.

I did.

Given the fact that the whole information is nonsense, i was a bit suspicious about the uploaded zip file.
So i downloaded, unzipped and checked the .exe for malicious activity.

While some things might be slightly suspicious (like accessing memory of other processes) it seems like there is no obvious evidence for it being malware.


But as HCP has mentioned, the program isn't doing anything relevant. So there is literally not a single reason to download and use this.  

Yes.



The process i have mentioned above. It roughly follows these steps (simplified):
- Resolve DNS names in the hardcoded list to IP addresses
- Query those IP addresses (nodes)
- Get more IP addresses from nodes
- Connect to these nodes
- Save IP's of active nodes into a list so you don't have to follow these steps again the next time you start core. The next time you directly connect to the IP's in the list.

Yes.


There is a list containing DNS names from nodes in the source for the initial bootstrap.
Once the node is connected to the network it will receive message from the nodes containing ip addresses of other nodes. All of these IP's will be saved into a list to connect to then the next time you start up core (without needing to use the hardcoded DNS list).

That's what i tried.
But the reference post has to be a link pointing towards a topic created on bitcointalk.org.




The link i used pointed towards a specific post in given thread.
However, somehow this simply gut cut off when creating the flag. So the real reference post is now the reference post of the red trust, which states the reason for the flag.

Weird behavior. Nothing i can do about now.
If i would have known that links to specific pages/posts get cut off, i would have created a separate thread.

That's my mistake, and i admit it.

But nonetheless, the flag itself is valid.
A user who offers a wallet recovery service while being an alt of an account which got negative trust for engaging in spreading risky/malicious links/files while also having an active flag seems pretty solid enough for a warning flag.


For clarification:
The reference link for the flag i entered was https://bitcointalk.org/index.php?topic=2544574.msg54255920#msg54255920.
This got cut off to https://bitcointalk.org/index.php?topic=2544574

That's just a fixed number.
2016 blocks have been chosen because it seemed to be a good number

2016 blocks with 10 minutes per block means 2 weeks. So there is an adjustment every 2 weeks (roughly).




In computer systems, everything is a number. It all depends on the representation of binary data.
Just think about it like that: The hash is being translated into a bit string and then interpreted as a number.




1) Other nodes can receive block files from you only if you allow incoming connections in the settings AND have the corresponding port open.
2) IP's are NEVER hidden when you communicate via the internet. IP's are needed to communicate. This is NOT sensitive information. You are most likely sitting behind a NAT of your ISP anyways. Whenever you relay blocks (automatically) or send a transaction, your IP is visible. This can not be prevented.
You can hide your IP by communicating via the TOR network tho.




Same answer as above applies here:
Other nodes can receive block files from you only if you allow incoming connections in the settings AND have the corresponding port open.

If you decide to do so, yes your internet connection will be slightly more occupied.

Nodes are computer who have the whole blockchain stored and are connected to the bitcoin network.
If you download bitcoin core, keep the whole blockchain synced with a connection to the network, you are a full (because you have the whole blockchain stored) node.

So you are downloading all the blocks from other computer storing the whole blockchain who are connected to the bitcoin network and allow incoming connections.

Since walletrecovery seemed quite sketchy to me, i did 5 minutes of research.

It turned out that he is an alt of percenter who has negative trust ratings and a valid flag open against him.

Check this post for more information.


I advise anyone to not deal with this user in any way.

2 Accounts connected:

walletrecovery and percenter

Both were using the same bitcoin address (3QjnBKZAdUK3MVfekycu2FhCpT3hvmYa5X) in their profile:

• Archived profile of walletrecovery: https://archive.vn/7UuGJ
• Archived profile of percenter: https://archive.vn/upP30

This address has been removed from percenter's profile at some point after 13.02.2020.

percenter has a valid flag and 2 negative trust ratings: https://bitcointalk.org/index.php?action=trust;u=2466240
Therefore this post will serve as a basis for a flag against walletrecovery.

Flag: https://bitcointalk.org/index.php?action=trust;flag=1677

Oh, i forgot. Obviously the conversation is about bricks falling from the sky:





Because of your (retarded) statement:


This statement is simply wrong.
Instead of telling you, that you obviously don't have any clue at all, i tried to be sarcastic since almost everyone knows that JPG and PDF files can get your computer compromised.

I apologize for assuming you would be able to do the mental task, understanding that wallet.dat files can do the same - yourself.

So, i'll repeat it for you:
Non-executable files, can get your computer compromised if they are being parsed or otherwise worked with.

The hash has to be below the target (which is directly related to the difficulty).
Both mean the same thing but are represented in a different way.

The highest possible target corresponds to the lowest difficulty and vice versa.




Miners build their block. Then afterwards they generate the hash.
If the hash does not meet the requirements (being below the target), they change the nonce which will result in a completely different hash.
They continue to do so until all possible nonce's have been used. Then they either change different fields in the header or chose to include other transactions and start again.




From others (full) nodes.

Es ist in der Tat unnötig. Wenn ich BTC erhalte und diese zurücksenden möchte, kann ich sie einfach an die Adresse, von der sie gekommen sind, zurücksenden.
Da muss man nicht erst nach einer neuen Adresse fragen.

Ich weiß zwar nicht worauf du dich mit "sk" beziehst, aber sensitive Informationen (also master seeds und private keys) sollten generell nie gelöscht werden.




Diese Frage solltest du aber schon versuchen zu klären.
Hast du die einfach von einer falschen Seite kopiert? Oder hast du vielleicht die richtige kopiert aber sie hat sich in deinem Zwischenspeicher geändert? Letzteres würde auf eine Kompromittierung deines Rechners hindeuten.

Hashing has nothing to do with encrypting.
That's not what hashing is for.



You can not unhash. The idea behind a hash function is, that it is a one-way-function.
In a transaction, the sender does not send any key to the receiver.



Hashing itself does not protect anything from 'hackers'.
Further, you don't decode hashes.

---

Good job. That was a A+ quality shitpost.
All mentioned information is wrong. No merits for you, sir.

Is this just a guess or do you have any evidence ?

Compromising a NAS does not necessarily mean your computer gets compromised. You either had to actively execute malware stored on the NAS or there were further vulnerabilities (maybe due to an unpatched system?)

What kind of NAS do have (vendor / model) ?


You definitely have to completely wipe your computer and NAS. Backup important files and format any disk.

And if he has access to your private keys (wallet file + your entered password), he also has access to any other password you have entered on this computer since you got compromised.
Make sure to change all affected passwords.

Just because you didn't have a car accident yet, it doesn't mean that it is impossible,
therefore you always drive carefully!

You are absurd.



You asked, we answered.



If "the way you need" is someone stating "this is impossible", then you will either never find this answer or someone who doesn't know what he is talking about will give you that "answer".
Look it up, how it works. You can find the source code on github.



No one writes that, because it is not true.
PDF files are no executable files, therefore they can't infect your system! (warning: sarcasm)
Image files are no executable files, therefore they can't infect your system! (warning: sarcasm)



What a given software does with a given filetype has nothing to do with the file system.

I wonder how you even dare to call yourself "walletrecovery" with little to no technical knowledge at all.

I don't really understand what you are trying to say, but.. if you are not executing the file, you are fine.

What OS are you using?
If you are using linux, as long as you don't execute the file or load it into an application which parses the content, you are fine.
For windows, thats a little bit more tricky. But a general rule is that if you don't actively do stuff with it, you are fine.

Whether or not you are vulnerable using a python script depends on what the script is doing. And in this case the attacker would have to actually target you and the script instead of bitcoin core.


The easiest method is to use a virtual machine. Set it up once, load the file into it, do whatever you want with it, reset the virtual machine. As easy as that.

Yes, it is open source: https://github.com/LedgerHQ/ledger-live-desktop



Probably as much as people want them to.
People want worthless shitcoins to be added, and they follow. Especially since developer create their application on their own and it only needs a security review from ledger.



Excuse me?
I only hear people crying who got their web wallet created by someone else and now lost x $.

I'd rather hear people crying because of some stupid bugs in a software you don't even need to use on a daily basis, than scams going on.

Please not that using another computer doesn't completely solves this problem in case of such a vulnerability in the application.

If (and this is a very big if) it is possible to run code injected through a bitcoin core wallet file, it could compromise your second computer.
The possibility of private keys being stolen from wallets being recovered afterwards on that computer does exist, but is very unlikely.

However, if someone can compromise your computer he might also compromise your whole network.


If you really deal with lots of wallet files in a professional manner, use virtual machines or at least sandbox the application (core).

Ledger decided to create a hardware wallet resistant against physical attacks by using hardware / firmware which is under NDA and can't be open sourced.
They are using a secure element.

The non secure MCU is completely open source (comparable to trezor) but not resilient against physical attacks (comparable to trezor). Thats what the (closed source) secure chip is for.

Think about that.