|
mmgen-py
|
 |
August 18, 2016, 06:47:18 PM |
|
Thanks, Theymos, for the core devs' pubkeys + importing & signing instructions. I found that I also had to do a 'gpg --edit-key' on each key in question and trust it absolutely. Otherwise, 'gpg --verify' issues the following complaint:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
|
|
|
|
|
LoyceV
Legendary
 Offline
Activity: 3500
Merit: 17686
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
August 18, 2016, 07:00:06 PM |
|
Wouldn't it be cool to have the hashes of the downloads stored in the blockchain, in such a way that Bitcoin Core 0.12.1 can be used to verify the download for version 0.13.0?
Of course an attacker could add fake hashes to the blockchain again, so it has to be done by a - somehow - trusted address.
|
| | Peach
BTC bitcoin | │ | Buy and Sell
Bitcoin P2P | │ | .
.
▄▄███████▄▄
▄██████████████▄
▄███████████████████▄
▄█████████████████████▄
▄███████████████████████▄
█████████████████████████
█████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀███████████████████▀
▀███████████████▀
▀▀███████▀▀
▀▀▀▀███████▀▀▀▀ | | EUROPE | AFRICA
LATIN AMERICA | | | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
█████████████▀
▐███████████▌
▐███████████▌
█████████████▄
██████████████
███▀███▀▀███▀ | .
Download on the
App Store | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ | ▄▀▀▀
█
█
█
█
█
█
█
█
█
█
█
▀▄▄▄ |
▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀ | .
GET IT ON
Google Play | ▀▀▀▄
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▀ |
|
|
|
|
biggus dickus
|
|
August 18, 2016, 07:00:32 PM |
|
Is Electrum still safe to use?
It's help window says it connects to a single server to get your transaction history, and I assume that server is backed by a single Bitcoin core node.
In addition, its help says it connects to several nodes to get the headers and uses them to verify the transaction history sent from the single server.
Even if the server and all nodes a wallet uses were compromised I can't think of a way your Bitcoins could be at risk of theft if you sign Electrum transactions offline, and only transmit them through a watching only wallet connected to the internet.
|
|
|
|
|
theymos (OP)
Administrator
Legendary
Offline
Activity: 5376
Merit: 13420
|
|
August 18, 2016, 08:09:19 PM |
|
The suggested HashTab tool is not useful on Windows. If you get it and check the properties tab, the sha256 sum is not there. Either additional instructions to enable it are required or a different tool should be suggested: (such as http://www.labtestproject.com/using_windows/step_by_step_using_sha256sum_on_windows_xp.html) Otherwise, reddit and/or forum could get inundated with posts from windows users who will report that their windows system got a compromised 13th version when they download it. Thanks, I changed it to a built-in utility that SENPAI_NOTICES_YOU mentioned on Reddit. Is Electrum still safe to use?
Probably this most recent thing doesn't change much. I consider Electrum to be reasonably safe, though not very private at all. One way you can lose money is that the Electrum server can say that you received x BTC that you didn't really receive, and then you could irreversibly send out some product in response to this non-payment. (This might require some mining power to pull off, I'm not sure.) This is more of a threat for automated services, though. |
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
Bitware
|
|
August 18, 2016, 11:28:47 PM |
|
Thank you for this valuable information.
|
|
|
|
|
Itoo
Jr. Member
Offline
Activity: 33
Merit: 1
|
|
August 19, 2016, 03:52:11 AM |
|
...
PGP has the concept of a "PGP Web of Trust" that people are theoretically supposed to use to prevent this sort of thing, but it's complicated and doesn't work very well, so pretty much no one actually uses it. ...
Thanks for the info Theymos, very in-depth and helpful. I hope this isn't too far off topic but, related to the quote above, I've been thinking about the concept of a 'web of trust' and how bitcoin and the p2p blockchain are basically exactly that, it's a currency whose veracity is enforced by a web of trust (among other things of course, but nodes operate on a similar concept I believe, of course they rely on a percentage of participators to be rationally motivated to be good players). I've also been thinking of a post I just read by u/cannon-c on r/bitcoin about the need to decentralize data (such as the bitcoin repository, and any important open-source repository). It seems that both of those things (gpg signature storage and open-source software repositories) could benefit from a decentralized p2p storage model, and possibly the security of being written to a/the blockchain (side-chains come to mind, but I'm by no means a programmer so could be off in my expectations there). In any case, taking Namecoin as an example, I think open-source software and signature repositories are the exact kind of things that could benefit from bitcoin's model. I'm truly a noob so there could be things I'm not considering. Thanks for any thoughts you have |
|
|
|
|
Itoo
Jr. Member
Offline
Activity: 33
Merit: 1
|
|
August 19, 2016, 03:58:16 AM |
|
My thoughts about hash storage and actual storage of the sig's and software aren't fully articulated, but I understand they are separate and would need to be considered separately, though that's not to say a data storage model couldn't have a built-in hash storage/verification model as well. I just understand that space usage is an important consideration in a decentralized model that you want to keep as decentralized as possible. Thanks for reading my ramblings  |
|
|
|
|
|
luv2drnkbr
|
|
August 19, 2016, 08:48:54 AM |
|
What I want to know is, what "State" is sponsoring this malicious attack? Is it China? The USA? I would imagine a collective of countries conversing on this and funding the attackers with Bitcoin, since fiat is so traceable nowadays.
I think he found direct evidence of GFW doing a DNS MITM for bitcoin.org. That to me is the most reasonable and most likely explanation. Sure it could be another state sponsored attack, but all the other major state players just ban it and make it unpopular and whatnot. China's the only one to just implement technical measures first and do other stuff later. I think the GFW got updated to redirect bitcoin.org traffic. This is of course entirely speculation without any shred of merit. |
|
|
|
|
luv2drnkbr
|
|
August 19, 2016, 08:51:25 AM |
|
Is Electrum still safe to use?
Electrum is no more or less safe than it has always been. You should of course be PGP verifying your Electrum downloads. Animazing's key is 9914864DFC33499C6CA2BEEA22453004695506FD, and Thomas V's key is 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6. |
|
|
|
alani123
Legendary
Offline
Activity: 2590
Merit: 1512
|
|
August 19, 2016, 09:43:56 AM |
|
The news about the announcement spread like wildfire...
|
|
Duelbits | ██
██
██
██
██
██
██
██
██
██
██
██
██ | | TRY OUR UNIQUE GAMES!
◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
KENONEW
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄█ | | 10,000x
MULTIPLIER | | ██
██
██
██
██
██
██
██
██
██
██
██
██ | | ██
██
██
██
██
██
██
██
██
██
██
██
██ |
[/tabl |
|
|
|
Divorcion
|
|
August 19, 2016, 12:28:20 PM |
|
a very important post, thanks.
|
|
|
|
|
tutorialevideo
Legendary
Offline
Activity: 1161
Merit: 1001
Don`t invest more than you can afford to lose
|
|
August 20, 2016, 06:23:48 PM |
|
Thanks for the heads up!
|
|
|
|
Abiky
Legendary
Offline
Activity: 3388
Merit: 1407
www.Crypto.Games: Multiple coins, multiple games
|
|
August 20, 2016, 08:24:55 PM |
|
This post is very important in order to stay safe on the Bitcoin network. I've heard that soon we'll be getting the Seg Wit protocol so it will be a major improvement towards helping Bitcoin reach mainstream status. Scalability and security is the most important thing here so I hope that with Seg Wit we could finally get somewhere.  |
|
|
|
mamamae
Legendary
Offline
Activity: 1188
Merit: 1001
|
|
August 22, 2016, 08:48:19 PM |
|
i'm no expert but something like this can be used to certify the files for the wallets, even the code on github, the only problem is that need a source that certify the files are originals : https://eternitywall.it/notarize |
reality ? you fell to Scammers after being in an ICO , IPO
(more like any other stock and index in the world ICO or not got your portfolio down 25 % or 85 %)
Now SEC is helping you getting back up your lost money maybe....
|
|
|
|
lucky80
|
|
August 23, 2016, 07:48:34 PM |
|
Thankyou Sir for this helpful information...
|
|
|
|
|
|
Gumballinabattleaxeninja
|
|
August 23, 2016, 07:50:02 PM |
|
What I want to know is, what "State" is sponsoring this malicious attack? Is it China? The USA? I would imagine a collective of countries conversing on this and funding the attackers with Bitcoin, since fiat is so traceable nowadays.
I think he found direct evidence of GFW doing a DNS MITM for bitcoin.org. That to me is the most reasonable and most likely explanation. Sure it could be another state sponsored attack, but all the other major state players just ban it and make it unpopular and whatnot. China's the only one to just implement technical measures first and do other stuff later. I think the GFW got updated to redirect bitcoin.org traffic. This is of course entirely speculation without any shred of merit. Can you tell me what GFW is? I may know what it is, but I do not know that acronym. Apologies for my ignorance and thank you for the information. |
|
|
|
|
fitraok09
Legendary
Offline
Activity: 1049
Merit: 1009
TRX: TCRKDukYt2zDie9vJDhToKrP3tyTV29U48
|
|
August 24, 2016, 05:08:50 AM |
|
What does it mean the sentences of "Be extra vigilant when downloading binaries from our website for the upcoming 0.13.0 release". I found on https://bitcoin.org/en/downloadwhat happens with bitcoin core 0.13? why we must be vigilant  |
|
|
|
|
alani123
Legendary
Offline
Activity: 2590
Merit: 1512
|
|
August 24, 2016, 09:27:41 AM |
|
What does it mean the sentences of "Be extra vigilant when downloading binaries from our website for the upcoming 0.13.0 release". I found on https://bitcoin.org/en/downloadwhat happens with bitcoin core 0.13? why we must be vigilant Here's the relevant alert issued. It's based on suspicion from what it seems. It's still good to check the integrity of programs you're going to run on your system. |
|
Duelbits | ██
██
██
██
██
██
██
██
██
██
██
██
██ | | TRY OUR UNIQUE GAMES!
◥ DICE ◥ MINES ◥ PLINKO ◥ DUEL POKER ◥ DICE DUELS | | | | █▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ |
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀ | | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
KENONEW
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄█ | | 10,000x
MULTIPLIER | | ██
██
██
██
██
██
██
██
██
██
██
██
██ | | ██
██
██
██
██
██
██
██
██
██
██
██
██ |
[/tabl |
|
|
Steampunk
Newbie
Offline
Activity: 25
Merit: 0
|
|
August 24, 2016, 03:59:42 PM |
|
Can you tell me what GFW is? I may know what it is, but I do not know that acronym. Apologies for my ignorance and thank you for the information.
Great Firewall |
|
|
|
|
fitraok09
Legendary
Offline
Activity: 1049
Merit: 1009
TRX: TCRKDukYt2zDie9vJDhToKrP3tyTV29U48
|
|
August 25, 2016, 04:01:31 AM |
|
Here's the relevant alert issued. It's based on suspicion from what it seems. It's still good to check the integrity of programs you're going to run on your system. ok. I will look it. thanks for advance |
|
|
|
|
|
