casascius coins will be compromised as a medium of exchange.

[Isokivi]

First off I would like to state that I have huge respect and confidence toards casascius and he's wonderful product. I own some and use them to store bitcoin.
Out of this respect I attempted contacted him before making this post, I did not get a reply in what I consider a reasonable time.

1. The current and future bitcoin prices have made it viable to forge casascius coins. The way I see this happening is a malicious party aquires legit funded casascius coin and blanks. Or produces the blanks himself.
2. After that he proceeds to replicate the holographic, tamper proof seal. As I am sure some of you are aware there are services available online who forge concert tickes and likes.
3. Said party exchanges the forged coins and the original for fiat or goods.

I myself will nolonger be accepting physical coin as payment, before I move the bitcoin within under a different private key.

[justusranvier]

These coins are a great technical and aesthetic accomplishment, but I don't think the risk of storing bitcoins in addresses whose private keys were created by someone else is ever acceptable.

I expect at some point these coins are going to be so valuable they attract the attention of organized crime. At this point Casascius could be put in the position of choosing between selling out his customers by retaining and disclosing private keys, or risking the personal safety of himself, family, and/or friends.

[cbeast]

I keep mine with the envelope and original duct tape they were sent on for future ID purposes. Cassies are purely a collectable investment for me.

[nobbynobbynoob]

Aren't we trusting that Mike has destroyed the private keys he created? So no one could force him to disclose them anyway.

[justusranvier]

Aren't we trusting that Mike has destroyed the private keys he created? So no one could force him to disclose them anyway.

He could not be be forced into disclosing the private keys he has already destroyed, but he could be threatened into not destroying them anymore.

[nobbynobbynoob]

Aren't we trusting that Mike has destroyed the private keys he created? So no one could force him to disclose them anyway.

He could not be be forced into disclosing the private keys he has already destroyed, but he could be threatened into not destroying them anymore.

I suppose that's where two-factor key authentication comes in handy.

[justusranvier]

I suppose that's where two-factor key authentication comes in handy.

I have not been keeping up everything that's been going on with those. If he's found a way to make private key generation impossible for him compromise under any circumstances of malice or coercion I would change my position.

It would need to be provably impossible though. "Difficult" is a relative term that just means not profitable until the price of Bitcoins rises sufficiently.

[DeathAndTaxes]

I suppose that's where two-factor key authentication comes in handy.

I have not been keeping up everything that's been going on with those. If he's found a way to make private key generation impossible for him compromise under any circumstances of malice or coercion I would change my position.

It would need to be provably impossible though. "Difficult" is a relative term that just means not profitable until the price of Bitcoins rises sufficiently.

He has.  The private key has two components, call them k1 & k2.   The user generates one key (k1) and keeps it a secret from the issuer, the issuer does the same (k2).  Each of those sub private keys has a public key P1 & P2 which the counterparties independently create.  Now the security comes from the fact that both parties exchange public keys (i.e. P1 & P2) but never exchange private keys (k1 & k2).

With some ECDSA "magic" you can combine the P1 & P2 to produce the full public key (P) without either party (user or coin issuer) knowing the complete private key.  P (full public key) goes on the outside of the coin/token.  k2 is hidden inside.  The user adds k1 to the token (or keeps it separately secure).  Yes this is provably impossible.  The issuer never knows the full private key. Now there are a lot more steps involved so the trick is to find a way to mass produce the process in a cost effective manner.  I believe Cassius only uses two factor keys on the larger denomination tokens.


BTW I am pretty sure those tokens are more useful as  secure offline storage and maybe some casual trading between trusted parties then as a non-electronic currency.  The reality is that counterfeiting detection is a problem with any currency and nation states are able to subsidize that cost.  A $100 might really cost $104 when you add the printing, transportation, anti-counterfeiting R&D, and enforcement costs.  Now that $4 premium is subsidized by taxpayers so a bank will trade you $100 in digital USD for a $100 token (known as a federal reserve note) but no private currency has that option.   The costs can't be hidden and that makes them less attractive.  I am sure Cassius could make even higher security tokens but it is a never ending arms race and that makes the tokens more and more expensive (premium over face value).

[dg2010]

First of all, a physical 'bitcoins' as a medium of exchange has always been possible to compromise unless you process them digitally at the point of sale to be sure they contain the amount stated. If you aren't doing this then there are many different ways to get stung.

So this is nothing new and anyone thinking that exchanging bitcoins physically is a good idea needs to get their head checked.

IMO these coins are cool, fun and interesting collectables but not serious methods of payment.

So stop stirring shit where there is none.

[Isokivi]

First of all, a physical 'bitcoins' as a medium of exchange has always been possible to compromise unless you process them digitally at the point of sale to be sure they contain the amount stated. If you aren't doing this then there are many different ways to get stung.

So this is nothing new and anyone thinking that exchanging bitcoins physically is a good idea needs to get their head checked.

IMO these coins are cool, fun and interesting collectables but not serious methods of payment.

So stop stirring shit where there is none.

What is new is how profitable this could be, even in small quantities... and that is exactly the point of my post. I doubt anyone forges Zimbabwe's currency, but USD, EUR ... we are no longer in the shallow end of the pool.

[edit] This "stirring of shit" can be fairly informative to newcomers and we do have quite a few of them these days. I'd like to add something insluting here, but Im just in too good of a mood right now, please check back for updates and have a pleasant day.

[Gabi]

I don't think casascius coins are meant to be used for normal things, i see them more as a nice thing to have, show to friends and so on.

[Isokivi]

I don't think casascius coins are meant to be used for normal things, i see them more as a nice thing to have, show to friends and so on.

I completeley agree with you, but up to yesterday I would of also accepted one as a form of payment solong as the sticker was intact and the firstbits proved funds within. I believe I am not the only one.

[DeathAndTaxes]

I don't think casascius coins are meant to be used for normal things, i see them more as a nice thing to have, show to friends and so on.

Agreed that is how I always have used them.  I have even sold a few to friends but it was more a casual thing, an easy way to get friends "into Bitcoin" that didn't involve cryptographic theory and downloading a multi-GB blockchain on a secure linux computer.  I would buy one off someone ... if I trusted the person.  Pretty much no different than "going first" in any other Bitcoin trade.

If you don't know someone, or don't trust them, or they are offering physical tokens at an "unbelievable" price it likely is a good idea to walk away OR redeem the private key before completing the transactions.

[Isokivi]

If you don't know someone, or don't trust them, or they are offering physical tokens at an "unbelievable" price it likely is a good idea to walk away OR redeem the private key before completing the transactions.

Or a believeable one, not all scammers are stupid enough to give discounts.

[bg002h]

I think I would file this under "duh," and I'm not sure it's worthy of a thread on the main discussion. I think an appropriate time to wait for a response from Mike would have been 1 month.

Poor form aside, do recognize that it is not trivial to counterfeit these. But, like anything, of course it could be counterfeit.  I'm not aware of these generally circulating though.  They're more of portable piggy banks to be used amongst trusted parties.

[BTC Books]

First of all, a physical 'bitcoins' as a medium of exchange has always been possible to compromise unless you process them digitally at the point of sale to be sure they contain the amount stated. If you aren't doing this then there are many different ways to get stung.

So this is nothing new and anyone thinking that exchanging bitcoins physically is a good idea needs to get their head checked.

IMO these coins are cool, fun and interesting collectables but not serious methods of payment.

So stop stirring shit where there is none.

Yes, especially that last.

I would also point out, to the OP, that the word 'compromised' has an implied definition in the world of crypto that makes the sensationalistic title completely inappropriate.

[Isokivi]

First of all, a physical 'bitcoins' as a medium of exchange has always been possible to compromise unless you process them digitally at the point of sale to be sure they contain the amount stated. If you aren't doing this then there are many different ways to get stung.

So this is nothing new and anyone thinking that exchanging bitcoins physically is a good idea needs to get their head checked.

IMO these coins are cool, fun and interesting collectables but not serious methods of payment.

So stop stirring shit where there is none.

Yes, especially that last.

I would also point out, to the OP, that the word 'compromised' has an implied definition in the world of crypto that makes the sensationalistic title completely inappropriate.

Yes, if fail to read the complete sentence.

[Blinken]

Its hard and dangerous to pass a lot of forgeries, especially in a speciality commodity such as a casascius coin. Sure, you might be able to pawn off one or two bad coins, but its just a question of time before somebody catches you in the act by figuring out one way or another its a bad coin. Note that passing a bad coin is a type of fraud, so a person trying to pass bad coin opens themselves up to criminal charges.