Wall Observer BTC/USD - Bitcoin price movement tracking & discussion

[jojo69]

So guys, this is cool;

sirazimuth just merited my Neil Peart eulogy from a couple weeks ago pushing me to

2112

merit.  I'm not even sure if he planned it that way...

[lightfoot]

Well here we go: Who is going to grab Mario's Lambo? I've driven with him, and he is a very safe driver....

https://www.motorious.com/articles/news/306594/mario-andretti-lamborghini-diablo/

[El duderino_]

So guys, this is cool;

sirazimuth just merited my Neil Peart eulogy from a couple weeks ago pushing me to

2112

merit.  I'm not even sure if he planned it that way...

Whatever dude, I’m planning different

[xhomerx10]

So guys, this is cool;

sirazimuth just merited my Neil Peart eulogy from a couple weeks ago pushing me to

2112

merit.  I'm not even sure if he planned it that way...

[Hueristic]

Our great computers
Fill the hallowed halls

[bitserve]

12 July 2021

[kellrobinson]

asian culture has very crowded conditions and abysmal hygiene standards, (spitting everywhere, uncovered sneezes, hacking, washing hands infrequently, etc)

What hole did you crawl out of?
Asians clean their asses with actual water after taking dumps, instead of taking a piece of paper and smearing the shit around.  Have you used a toilet in Southeast Asia?  There's a hose with a spray nozzle.  We expats like to call them "bum guns."  It's fkn great to have a CLEAN ASS.
Asians take their shoes off indoors.
Asians don't go around spitting, sneezing and whatever your perfervid racist imagination requires.  Most of them cover their mouths just to use a toothpick, out of politeness.

[El duderino_]

HODLsleep is calling my name....

[JayJuanGee]

FUD ?

https://www.newsbtc.com/2020/01/31/bitcoin-investors-be-aware-kraken-finds-way-to-hack-into-trezor-hardware-wallets/

Nope, fucking scary actually.
But it seems not Trezors fault, the STM32 micro misbehaves when it is voltage "glitched".
Basically the device is useless as hardware wallet without replacement, except when the seed is protected by a BIP39 passphrase (which is what Kraken recommends as fix/cure).

^ Krakens blog article is really very detailed and well written. You need only a minimal electronic understanding to reproduce the attack. (<- Meaning the crims will be up to speed quickly).

On the positive side, it means that people who have forgotten their trezor pin can now get access to their bitcoins.

Wow.. yeah.. I had not really thought about that angle, until you mentioned it, lightfoot.

 There do seem to be some people that fall into the not remembering their pin camp.  From a few years ago, I can recall reading about examples of people who had been trying for very long periods of time to try to get into their trezors, and apparently, the trezor allows you to guess wrong, but then continues to increase the amount of time that is required before you can try to guess again...   

The ledger nano s was different in that regard because I think that it just locks you out from being able to guess your pin after a few wrong attempts....   so then you have to go to the seed.. so probably you cannot even get the ledger nano s coins if it locks you out... more secure?  perhaps? 

All of those hardware devices seem to have some vulnerabilities if they are in your physical possession, but yeah most of them promote the additional pass phrase as a kind of additional assurance.. but wouldn't you be more fucked if you forgot your additional pass phrase or that feature somehow got messed up in however it is stored through cryptography?

Anyhow, I recall that there were a decent number of people who had been locked out (or separated from their bitcoins) on that basis...   So, those would be examples of people who neither remembered their pins and did not take adequate precautions to back up (or safeguard) their seed phrase.  Funny that it took several years to  figure out this way into the device.. gosh the trezor one has been around since 2013/2014  I believe.  I think that it increased a lot more in adoption around the 2016/2017 price rise, and that is when Ledger Nano S came out.

[lightfoot]

Pretty much. I remember as a kid when Liberty7 was "lost forever in the depths of the ocean". Then in the late 90's they dropped a hook down, picked it up and that's that.

So if you do lose access to your wallet just put it away, chances are it may be recovered in the future. In terms of the passphrase I don't THINK it is needed if you restore from seed, so as long as you have that somewhere you may be ok. Have to check on that.

[bitserve]

FUD ?

https://www.newsbtc.com/2020/01/31/bitcoin-investors-be-aware-kraken-finds-way-to-hack-into-trezor-hardware-wallets/

Nope, fucking scary actually.
But it seems not Trezors fault, the STM32 micro misbehaves when it is voltage "glitched".
Basically the device is useless as hardware wallet without replacement, except when the seed is protected by a BIP39 passphrase (which is what Kraken recommends as fix/cure).

^ Krakens blog article is really very detailed and well written. You need only a minimal electronic understanding to reproduce the attack. (<- Meaning the crims will be up to speed quickly).

On the positive side, it means that people who have forgotten their trezor pin can now get access to their bitcoins.

Wow.. yeah.. I had not really thought about that angle, until you mentioned it, lightfoot.

 There do seem to be some people that fall into the not remembering their pin camp.  From a few years ago, I can recall reading about examples of people who had been trying for very long periods of time to try to get into their trezors, and apparently, the trezor allows you to guess wrong, but then continues to increase the amount of time that is required before you can try to guess again...   

The ledger nano s was different in that regard because I think that it just locks you out from being able to guess your pin after a few wrong attempts....   so then you have to go to the seed.. so probably you cannot even get the ledger nano s coins if it locks you out... more secure?  perhaps? 

All of those hardware devices seem to have some vulnerabilities if they are in your physical possession, but yeah most of them promote the additional pass phrase as a kind of additional assurance.. but wouldn't you be more fucked if you forgot your additional pass phrase or that feature somehow got messed up in however it is stored through cryptography?

Anyhow, I recall that there were a decent number of people who had been locked out (or separated from their bitcoins) on that basis...   So, those would be examples of people who neither remembered their pins and did not take adequate precautions to back up (or safeguard) their seed phrase.  Funny that it took several years to  figure out this way into the device.. gosh the trezor one has been around since 2013/2014  I believe.  I think that it increased a lot more in adoption around the 2016/2017 price rise, and that is when Ledger Nano S came out.

The Ledger nano wipes out the memory after the third failed pin attempt. So yeah, it is gone for good... at least in theory.

More secure? Maybe. I have always said in the past that I do like the Ledger architecture more because of their using a Secure element. In that sense it IS more secure. It could have other completely different flaws though.

Also, it is not new that the Trezor can be physically attacked to retrieve the private keys: https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/

This is all completely unsurprising. Anyways you could always (technically) be able to strip the chip and "read" the internal memory with an "electron microscope" or whatever that's named. It would be extremely costly though and by the time you are done, the rightful owner should have already moved their BTC to a safe address.

Again: Hardware wallets main function is to protect the keys to being exposed to the computer as the signing process is done internally. And to do that in a no-hassle convenient way. Whatever added protection against other type of attacks is just an "extra" feature.

[infofront]

asian culture has very crowded conditions and abysmal hygiene standards, (spitting everywhere, uncovered sneezes, hacking, washing hands infrequently, etc)

What hole did you crawl out of?
Asians clean their asses with actual water after taking dumps, instead of taking a piece of paper and smearing the shit around.  Have you used a toilet in Southeast Asia?  There's a hose with a spray nozzle.  We expats like to call them "bum guns."  It's fkn great to have a CLEAN ASS.
Asians take their shoes off indoors.
Asians don't go around spitting, sneezing and whatever your perfervid racist imagination requires.  Most of them cover their mouths just to use a toothpick, out of politeness.

It depends where you go.
I went to the Philippines for three weeks recently. The vast majority of public bathrooms had no soap. I seemed to be the only one washing his hands. This was the case in restaurants as well, so no employees washing their hands with soap after using the bathroom.

[bitserve]

Pretty much. I remember as a kid when Liberty7 was "lost forever in the depths of the ocean". Then in the late 90's they dropped a hook down, picked it up and that's that.

So if you do lose access to your wallet just put it away, chances are it may be recovered in the future. In terms of the passphrase I don't THINK it is needed if you restore from seed, so as long as you have that somewhere you may be ok. Have to check on that.

If by passphrase you mean the PIN, then yeah, it is not needed as such PIN only gives you access to the seed. Have the seed words... no need for PIN nor Trezor.

But, if it is the additional passphrase... then you need it. It is not stored in the hardware wallet (nor Trezor, nor Ledger) and it is used to derive the seed into a completely different private key. Of course if you got the seed and have some idea of the additional password used, you could try cracking it based on that information.

[JayJuanGee]

FUD ?

https://www.newsbtc.com/2020/01/31/bitcoin-investors-be-aware-kraken-finds-way-to-hack-into-trezor-hardware-wallets/

Nope, fucking scary actually.
But it seems not Trezors fault, the STM32 micro misbehaves when it is voltage "glitched".
Basically the device is useless as hardware wallet without replacement, except when the seed is protected by a BIP39 passphrase (which is what Kraken recommends as fix/cure).

^ Krakens blog article is really very detailed and well written. You need only a minimal electronic understanding to reproduce the attack. (<- Meaning the crims will be up to speed quickly).

Not a new exploit just old rehased FUD, use a passphrase (like we all do) and have to be able to defend from physical attacks.

Passphrase? Yet another password to lose/forget.
Seriously, though, if you already have corn on Trezor without a passphrase, then wouldn't adding passphrase simply create another wallet/account on the same Trezor?
If so, you would have to make an additional step of transferring corn from OLD (no passphrase) account to NEW (with passphrase) account.
Am I correct or not?

I did a quick fast forward ahead into the thread, and doesn't seem to be that any member gives a shit to answer your question, Biodom, or attempted to respond to your post.

I was not really about the answer, either.. but there must be some members who have played around with that password feature after they had already established a wallet, and then go to add a passphrase at a later date.

I did a quick search, and trezor does have a blog post from February 2019 that seems to present some scenarios pretty damned close to the ones that you described, Biodom, and your speculative answer seems to be correct, as far as I can tell from the blog entry.

https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925b

Edit:

Yes, that is correct. You could leave some corn on the unpassworded wallet as decoy, while no one else would know about the wallet with the passphrase.

There are still reasons to use hardware wallets, and remember, they still need physical access to the device.

If they have physical access to you (and that includes any member of your family), then no passphrase is going to protect your corns.

Woops,.... my fast-forward had seemed to have missed Dabs's response.. which seems to be saying similar things to you, Biodom.... except he also seems to be implying the possibility that family members might be ready, willing and able to carry out a technical attack, and my suspicion of the top of my head is that family members are NOT really going to be inclined to employ such attacks... but yeah, if they end up being hostile to you in some way, then they might engage in such nefarious activities... Of course, there needs to be some simple precautions around people who might get into your physical space, but I would not automatically presume family members to be meddlers.. even though of course, there are going to be legitimate reasons NOT to make things too easy for them, if they might have those kinds of meddling inclinations.

[bitserve]

Yup, Biodom is right. That's exactly how it works.

Just think about the additional passphrase as if it were more words for the original seed resulting in a completely different public/private key pairs.

As an added bonus you can have MANY unlimited "wallets" just by inserting a different additional password. With the same base seed.

And it is NOT stored in the hardware wallet. You need to provide it each time you reboot.

[LUCKMCFLY]

$10k is a psychological and necessary number for Bitcoin.

The weekly chart makes it easier to visualize Bitcoin’s channel pattern and recent breakout. If Bitcoin can clear the technical congestion from $9,400 to $14,000, it should open up the opportunity to gun for its late-2017 highs once again.

Source: https://www.forbes.com/sites/jessecolombo/2020/01/31/heres-what-to-watch-after-bitcoins-breakout/#274c20813df1

[JayJuanGee]

FUD ?

https://www.newsbtc.com/2020/01/31/bitcoin-investors-be-aware-kraken-finds-way-to-hack-into-trezor-hardware-wallets/

Nope, fucking scary actually.
But it seems not Trezors fault, the STM32 micro misbehaves when it is voltage "glitched".
Basically the device is useless as hardware wallet without replacement, except when the seed is protected by a BIP39 passphrase (which is what Kraken recommends as fix/cure).

^ Krakens blog article is really very detailed and well written. You need only a minimal electronic understanding to reproduce the attack. (<- Meaning the crims will be up to speed quickly).

wow, just wow. Hardware wallets only have one purpose, protect the private key. Is it really that hard to design a secure hardware? I wonder when they find a bug in ledger wallets which can not be fixed with a software update.

Good security is easy

Air gap, concrete, cameras, dogs, rapid response security contractors

There is "security through obscurity" too, which tends to be a decent practice for quite a few rich people who don't really seem to get fucked with... and even be able to move amongst the plebs and even to live a bit better than all of the plebs without the plebs really realizing it.

Of course, neighborhoods probably help somewhat too, and if the rich hypothetical person seems to have a lifestyle that largely fits in with the rest of the community, then not too likely that anyone is going to target that rich hypothetical person..   At the same time, I am not denying that some of those other HARD security measures might be helpful, too.. .

  Many of us, likely realize that almost any security system can be broken into, if there is a determined attacker... and I suppose security systems are going to carry a variety of trade offs.   About a month ago or so, I was speaking with a guy who is connected with the family, but who is amongst the better off of some of the connected with the family members.  He was kind of bragging about how great RING works for him, and I mentioned some of the security holes with it, but I did not really want to go into too many details.  Seems to me that he hardly had even thought about it.. because he was thinking that he does not have anything to hide... but then again, Ring brings on a variety of attack vectors, whether governmental, or that company or the hackers that get into the system.... So, maybe he will figure it out some day, and maybe he will not. I doubt that he has ever really had any security problems, even though he is pretty wealthy in comparison to other people in the community, but his Ring device could be inviting attackers from all over the world, without his even having had given much thought to it.

[bitebits]

Pretty sure that when someone technically skilled has physical access to whatever brand hardware wallet, they can extract the seed. Same for any phone or game console: they always get root access. To protect yourself against a physical attack (getting your hardware wallet and/or seed):


- Use a passphrase on top of the seed (see the above post of bitserve, it can be a single word to not overcomplicate things. More words are better though).

- Or/And use multisig, which is easy to setup using Electrum and multiple hardware wallets. I simply can’t move any of my coins myself, even when someone has my seed and passphrase, without multiple co-signers.


Edit: In case you want to do multisig with yourself (as two-factor authentication)
https://electrum.readthedocs.io/en/latest/multisig.html

[realr0ach]

Wuhan virus = world's first race specific bioweapon released into the wild?  More infectious to asian males - 2.50% ACE2 cells vs. 0.47% in other lungs.  Before anyone claims the US did it, I'd say the Chinese government is far more likely to kill off their own people than anyone else.  They have overpopulation and fear the communist party being overthrown in an economic downturn from having too many people and not enough jobs.  Chinese government solution = just kill off the extra people.  

The US government will even greenlight the operation and import the virus in on purpose to try and blame the collapse of global, Jewish Ponzi scams on it.

[JayJuanGee]

Pretty much. I remember as a kid when Liberty7 was "lost forever in the depths of the ocean". Then in the late 90's they dropped a hook down, picked it up and that's that.

So if you do lose access to your wallet just put it away, chances are it may be recovered in the future. In terms of the passphrase I don't THINK it is needed if you restore from seed, so as long as you have that somewhere you may be ok. Have to check on that.

I am pretty sure that once you created a passphrase, restoring from the recovery seed still requires that extra passphrase, as if it were one more word added to the recovery seed.

In other words, without the passphrase, you just get the regular wallet, so only wallet devices that enable (or can recognize the extra passphrase) can be used to recover a wallet that has a passphrase.  If you try to use a wallet device that does not recognize the ability (or enable the ability through the way it is designed) to use a passphrase, then you cannot get access to those wallets through that wallet device.

Seems to explain the functionality of that extra passphrase feature in the blog article that I cited earlier.

https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925b

Edit

Yup, Biodom is right. That's exactly how it works.

Just think about the additional passphrase as if it were more words for the original seed resulting in a completely different public/private key pairs.

As an added bonus you can have MANY unlimited "wallets" just by inserting a different additional password. With the same base seed.

And it is NOT stored in the hardware wallet. You need to provide it each time you reboot.

What bitserve said.  

Edit 2

Pretty sure that when someone technically skilled has physical access to whatever brand hardware wallet, they can extract the seed. Same for any phone or game console: they always get root access. To protect yourself against a physical attack (getting your hardware wallet and/or seed):


- Use a phassprase on top of the seed (see the above post of bitserve, it can be a single word to not overcomplicate things. More words are better though).

- Or/And use multisig, which is extremely easy to setup using Electrum and multiple hardware wallets. I simply can’t move any of my coins myself, even when someone has my seed and passphrase, without multiple co-signers.

What bitebits said.