 Show Posts
|
|
Pages: [1]
|
How to join after page 50. Two ways
1. Pay a fee to join in
Send 80 NXT to the address 14343293611098709683
Send 0.008 BTC to the address 1Lk5Paws9T1YpoSeLeZT7ZeSQKW7UNq4TJ
After you send the fee, include the transaction hash in your reply post in this thread, then you have reserved a stake spot.
Donation is welcome but not necessary
Count me in, sent 0.008 BTC: e1a0db2e63267594dac44a8a8df4cdf27bbb2a40f19ec91401de66abe8bd24fa |
|
|
|
A user not familiar with the math of password strength, I believe, is highly likely to generate a set of passwords and then choose the most pleasing one. The result: Possibly a significant loss of entropy.
That makes no sense whatsoever. Except if the generator is broken. Well, picking one favourite password out of 10 random ones adds human emotion, which isn't exactly random, is it? Say, something like: "Hey, that one has my girlfriend's name in it, I'll choose that!". |
|
|
|
|
One thing the generator doesn't (and probably can't?) guarantee is that the user actually took the password the generator first gave out.
A user not familiar with the math of password strength, I believe, is highly likely to generate a set of passwords and then choose the most pleasing one. The result: Possibly a significant loss of entropy.
Have you considered adding an output of instructions and warnings about how and how not to use the generator?
|
|
|
|
|
OK, thanks for clarifying.
|
|
|
|
|
How about any derived private key, which is not the root key? How serious a leak would that make? Does it compromise all the other private keys as well, if the attacker knows the chain code? (which I assumed is the same for both, private and public chains).
|
|
|
|
Revealing any private key for any type of Bitcoin wallet software kind of lets the person you revealed it to steal all your money.
I don't understand. I don't think you meant that non-deterministic wallet's keys have some kind of relationship that would allow revealing all the other private keys if any one of them is revealed, did you? And I wouldn't use only one private key in my wallet. More like one per transaction. Did you assume a single-key wallet when saying this? I think that possibly the Bitcoin Magazine article has a mistake in it, or is maybe written in a way that gave you the wrong impression.
Did you have time to check out the article? If not, could you check it out, for example starting by searching for "crack_electrum_wallet(mpubkey,priv0,0)", a utility function Mr. Buterin mentions he has coded to demonstrate the issue? Perhaps the subject of a hierarchical wallet is more interesting in this context, but if it applies to Armory's wallet, too, I still believe an arbitrary wallet user could easily think sharing a single private key with someone wouldn't add any risk, which actually would. If you want to keep a backup for a gift to your friend, just keeping the private key won't be enough. You need the Chain Code too, as that determines all the addresses that the private key unlocks. The private key on it's own is like having a real-life key, but you don't know which lock it opens. When you know the house (think: address), and you have the key, then you can get through the door.
You are talking about deterministic wallets specifically, right? In case of Armory, I thought only the root key is something that fits all the wallet addresses. Do you mean that the rest of the private key chain can be figured out from any private address of the chain, even without the chain code? Or do you mean that Armory's wallet is hierarchical in such a way that not just the root key is something that works on multiple addresses, that any other private key had a similar property? |
|
|
|
I think you're mixing up the definitions slightly.
Armory wallet (offline or online) contains:
x1 private key
x1 chain code
infinite public keys (derived from the chain code)
Armory watching only wallet contains:
x1 chain code
infinite public keys (derived from the chain code)
Plus stuff like transaction comments and so on, but I'm sticking to the keys here. If you give someone else the chain code, they can indeed determine the amount of Bitcoin at every address in the wallet. But the Chain Code is always packaged up together with the private key, either in the same wallet file or in the same paper backup. You need both the private key and chain code for a paper backup.
Is the chain code the same thing as the "master public key"? In the case of the situation you're describing, there is no real need to panic.
If you're providing an individual public key to someone to pay you with, they know nothing about the rest of the wallet except that one address (represented by the one public key. "Public key" and "address" = same thing).
I meant revealing a private key. Say, I wanted to give my yet unenlightened friend a gift and keep the private key myself as well, for my friend's backup. There's no way to make a mistake and accidentally give them the Chain Code, it's not accessible in any part of the Armory application except for the paper backup feature. You'd never make that mistake.
I could have been more specific. What I was worried about was the issue mentioned in the article: Any one private key plus the master public key in single, wrong hands could compromise a whole deterministic wallet. Why I thought this was worth keeping in mind was that you probably should assume online wallet is pretty open to exposure eventually (therefore, the MPK/CC as well) and any private keys you shared aren't anymore under your control. |
|
|
|
After reading about the drawbacks of deterministic wallets from http://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/, it seems to me like Armory's watch-only wallets (and offline wallets as well, actually) have the "master public key" mentioned in the article, easily obtainable. Does this mean I should never reveal any of the private keys of my deterministic Armory wallet? If I did, I would risk compromising all the private keys when someone gets hold of both, the master public key and any single private key of my wallet. Someone, please verify! |
|
|
|
|
Hello fellow alt-coiners,
I'd like to share you what I came across in my quest for The Holy Cheapest Possible VPS Grail Out There.
The article outline:
Cloud mining in general, briefly (why, availability, profitability)
Cloud service comparison table
Detailed description of each service presented (five services)
Performance charts of a couple of those services
The article:
<see then link in 2nd below post>
Peace.
|
|
|
|
|
r4WZqfkuTk82BAFCgLgSPxgs9hyqMHcsjo
|
|
|
|
|
