Bitcoin Forum
December 09, 2016, 07:53:12 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: BTC up for grabs - a BOTG experiment - just claim the BTC!  (Read 3631 times)
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 03:48:07 AM
 #1

Game change.... Wink

It's a little experiment for testing BOTG (Bitcoin Off-The-Grid).
https://forum.bitcoin.org/index.php?topic=23081.0

For testing purposes the script does not need to be run on a Live CD -it's only a tiny amount of BTC- any popular current Linux distribution should be able to handle it. This will help test the algorithms.

What is does is:
-creates a secure address along with a key by which you can get your money back
-nothing is saved on the computer if it's done using a live CD - all the information to get Bitcoin is "Off-The-Grid" -no internet risks and no way anyone else can know the key!!
-if the script is run on a popular live CD it's immune to viruses, spyware, malware, and keyloggers, etc.
-source code can be read to eliminate doubt about what the script does and since there is no internet, nothing can be shared with another party
-the only method of getting the money back is using the key you manually wrote down -unless some hardware was recording your computer or a camera was recording you, baring having someone take the piece of paper from you, no one can get your BTC

Tip: Using blockexplorer.com can help to see if the BTC is still in that address or not.

To help test this I'm just giving the money away....

To get:
-import private key using sipa's import key function
-re-send the BTC to another address before anyone else claims it (this is only required because many people know the private key - in real life usage only one person will have the key)

I kind of want this tested so I have a really simple way to VERY safely store BTC with no chance of viruses, malware, etc taking it. Wink

So if an address contains BTC take it! casascius- you can take some. LOL. Just leave a bit for the experimenter!

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
1481269992
Hero Member
*
Offline Offline

Posts: 1481269992

View Profile Personal Message (Offline)

Ignore
1481269992
Reply with quote  #2

1481269992
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481269992
Hero Member
*
Offline Offline

Posts: 1481269992

View Profile Personal Message (Offline)

Ignore
1481269992
Reply with quote  #2

1481269992
Report to moderator
1481269992
Hero Member
*
Offline Offline

Posts: 1481269992

View Profile Personal Message (Offline)

Ignore
1481269992
Reply with quote  #2

1481269992
Report to moderator
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 03:49:43 AM
 #2

Not sure how long this one will stay in the game but:

Address:
1819MYYLmV8S6hgtcKErZ1FUcUAz5cn9S2
Private Key:
5JE6Wk3v9wMCBEdwZC5CNuYY4y68S1TSkGKCvY9zyysFU7xL3q3

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
June 28, 2011, 04:30:28 AM
 #3

This just gave me an idea, and I don't really know why this popped into my head when I read the OP, but it might be fun to start putting bitcoin wallets (printed private keys) in geocache locations with a few bitcoins in the wallet.  If you hid it in a good spot, and it isn't found for a long time, the person who ultimately finds it could be very, very lucky (or just end up with a worthless piece of paper, depending on the future value).
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 04:34:57 AM
 #4

This just gave me an idea, and I don't really know why this popped into my head when I read the OP, but it might be fun to start putting bitcoin wallets (printed private keys) in geocache locations with a few bitcoins in the wallet.
Yes! I'd geocache for Bitcoins! The ability to print out/write out an address and private key will allow many ways of giving money out and having prizes, scratch tickets, redeemable coupons, etc. You can use physical objects that give the codes needed to get BTC. There could actually be a lot of uses for this.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 04:44:41 AM
 #5

Which reminds me. Any *good* source for a compiled and patched linux version of Bitcoin that can import private keys. I don't know how many will be able to add this experimental feature and compile it themselves...

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 05:14:02 AM
 #6

Not sure how long this one will stay in the game but:

Address:
1819MYYLmV8S6hgtcKErZ1FUcUAz5cn9S2
Private Key:
5JE6Wk3v9wMCBEdwZC5CNuYY4y68S1TSkGKCvY9zyysFU7xL3q3

Grabbed it (into 1Fa5i8FrZBNecib45SPaaRDLA8EZrbzx3H, combined it with 100.00 from elsewhere to avoid a transaction fee)... thanks for the bitcent!  The 100 BTC came from an address off my Paper Bitcoin Wallet, so I started with a fresh wallet, imported two keys (mine and yours), and then sent the balance to another address (also on my Paper Bitcoin Wallet).

How did you generate the private key?  Did anyone find/fix the bug in my script addition that results in invalid private keys that start with K? (this happens 50% of the time because the leading 00 byte needs to be removed)

By the way, since it is clear not very many people can redeem private keys... I will redeem anyone's private key who is rated, in exchange for ratings, until doing this becomes much easier for everyone else.  It is really easy for me, but it would be nice if MyBitcoin/trading sites allowed you to enter a private key to make a deposit.  If sending me a private key, please encrypt with my PGP key on bitcoin-otc "casascius" and don't forget to send me another address where the BTC should go.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 05:24:52 AM
 #7

Cool it worked. I just added into the script to watch for a hex that starts with 00. If it does then re-run the script. It would be hard to miss. The PROPER way is to do a loop until that condition is met...If you want to attempt it, feel free then message me, and I'll add it into the script. I'm WAY to tired to mess with code right now.


*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 05:36:13 AM
 #8

Cool it worked. I just added into the script to watch for a hex that starts with 00. If it does then re-run the script. It would be hard to miss. The PROPER way is to do a loop until that condition is met...If you want to attempt it, feel free then message me, and I'll add it into the script. I'm WAY to tired to mess with code right now.

PS You know from the instructions to be on the "good" side you have to run the script then send the 0.01 to a new address for the taking! Smiley LOL.

There is still a problem with 00.  A private key could legitimately start with 00, you don't want a special case where 1 in 256 private keys are unusable and result in someone's bitcoins going into the ether.  The only time you want to shave off 00 is when you have more than 32 bytes (64 characters).

There is a wee bit of difficulty playing ping pong with 0.01 BTC, as a transaction fee must be paid each time it gets swatted to another address... because the system rightfully classifies it as potential penny spam.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 05:37:50 AM
 #9

Another 0.01 to move around in the game...

Address:
1FhANknfz5k4g3X3mLcekpwxikRKJavKbF
Private Key:
5J2PLx7Bu8hBAEjpJ3pzJ2wo2DVVrymZN7Jtqo1MBFsF3EzD4v3

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 05:41:09 AM
 #10

Cool it worked. I just added into the script to watch for a hex that starts with 00. If it does then re-run the script. It would be hard to miss. The PROPER way is to do a loop until that condition is met...If you want to attempt it, feel free then message me, and I'll add it into the script. I'm WAY to tired to mess with code right now.

PS You know from the instructions to be on the "good" side you have to run the script then send the 0.01 to a new address for the taking! Smiley LOL.

There is still a problem with 00.  A private key could legitimately start with 00, you don't want a special case where 1 in 256 private keys are unusable and result in someone's bitcoins going into the ether.  The only time you want to shave off 00 is when you have more than 32 bytes (64 characters).

There is a wee bit of difficulty playing ping pong with 0.01 BTC, as a transaction fee must be paid each time it gets swatted to another address... because the system rightfully classifies it as potential penny spam.
Ok. As it is the user just re-runs the script to avoid the problem for now. They are told not to use the key if it starts with 00 as it's not working right now...how much should I spend to move around?

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 05:51:52 AM
 #11

Here are two new 0.01's sent into addresses generated by your script:

 
5JPrWUqLodNbyN8Xt2qfX4tgVcSjC9u6kh6QAS5nNsJMuDfH7PN
1DvXZ7Uc1Gsk5rqZENvcJd2p5YUF8ya68K
 
5JcrEEsm5v6KL9zFAh6UAy1QqaNrV4j1XtZczWbLEY5YhMKL6Uz
1K7nQP7qWy58jhtuHVHsCmgNoJaEoZrjtQ


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 05:56:02 AM
 #12


Ok. As it is the user just re-runs the script to avoid the problem for now. They are told not to use the key if it starts with 00 as it's not working right now...how much should I spend to move around?

There's still a problem, in that any private key that legitimately starts with 0000 thru 007F will still get misprocessed, because it will be spit out as a 62-character string.

The criterion you need to look for is not whether the private key starts with 00, but rather, whether it is exactly 64 characters long.  This HAS to work 100% of the time; having it make people lose funds, even if rarely, is inviting disaster and liability.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
johanatan
Member
**
Offline Offline

Activity: 84


View Profile
June 28, 2011, 06:17:02 AM
 #13

Quote
-the only method of getting the money back is using the key you manually wrote down -unless some hardware
Or a low-level rootkit.

Quote
was recording your computer or a camera was recording you, baring having someone take the piece of paper from you, no one can get your BTC

LiveCD is *not* enough!  You should re-flash the BIOS/mb firmware/EFI firmware/etc if you want to be really certain of a secure system (or start with pristine hardware from a trusted (and competent) manufacturer [which is still no guarantee]).

Read this:
http://www.awgh.org/archives/27

Also, access to source is not enough either if the compiler or interpreter (or any layer under them or your program) is compromised:
http://cm.bell-labs.com/who/ken/trust.html

1GjRUzZfDCBHeCyJk6av3pXYS9VKjCvQTQ
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 06:34:32 AM
 #14

LiveCD is *not* enough!  You should re-flash the BIOS/mb firmware/EFI firmware/etc if you want to be really certain of a secure system (or start with pristine hardware from a trusted (and competent) manufacturer [which is still no guarantee]).

Read this:
http://www.awgh.org/archives/27

Also, access to source is not enough either if the compiler or interpreter (or any layer under them or your program) is compromised:
http://cm.bell-labs.com/who/ken/trust.html


This is overkill and totally unnecessary.  If the computer doesn't have a network connection, there's no way for the malware to get the stolen keys off the system.

BIOS/firmware viruses are extremely unlikely to take hold.  Every different kind of motherboard and computer has a different BIOS and there is no practical way for a virus writer to make a virus compatible with very many of them, let alone all of them.  If someone were to try, more than likely they would damage a few systems (like CIH virus from ~2000) and would definitely get noticed and made extinct quickly.

tl;dr - this is NOT a concern.

As a close second however, if a binary of OpenSSL on a rigged disc image were modified to generate random numbers that appear random, but are in fact are rigged to be predictable by an algorithm known by the scammer in advance.  Or if the kernel were modified to offer predictable numbers through /dev/random.  This COULD BE a concern.  A mitigating solution would be to have the user mash a long random string (hundreds of characters) on the keyboard and have the keypair generated based off a hash of that string, so someone could test the same string on a known reference build and ensure the same input results in the same output when run on a known clean build.  At which point they could vouch for the hash of the ISO file as being safe.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
johanatan
Member
**
Offline Offline

Activity: 84


View Profile
June 28, 2011, 06:42:43 AM
 #15

LiveCD is *not* enough!  You should re-flash the BIOS/mb firmware/EFI firmware/etc if you want to be really certain of a secure system (or start with pristine hardware from a trusted (and competent) manufacturer [which is still no guarantee]).

Read this:
http://www.awgh.org/archives/27

Also, access to source is not enough either if the compiler or interpreter (or any layer under them or your program) is compromised:
http://cm.bell-labs.com/who/ken/trust.html


This is overkill and totally unnecessary.  If the computer doesn't have a network connection, there's no way for the malware to get the stolen keys off the system.

BIOS/firmware viruses are extremely unlikely to take hold.  Every different kind of motherboard and computer has a different BIOS and there is no practical way for a virus writer to make a virus compatible with very many of them, let alone all of them.  If someone were to try, more than likely they would damage a few systems (like CIH virus from ~2000) and would definitely get noticed and made extinct quickly.

tl;dr - this is NOT a concern.

As a close second however, if a binary of OpenSSL on a rigged disc image were modified to generate random numbers that appear random, but are in fact are rigged to be predictable by an algorithm known by the scammer in advance.  Or if the kernel were modified to offer predictable numbers through /dev/random.  This COULD BE a concern.  A mitigating solution would be to have the user mash a long random string (hundreds of characters) on the keyboard and have the keypair generated based off a hash of that string, so someone could test the same string on a known reference build and ensure the same input results in the same output when run on a known clean build.  At which point they could vouch for the hash of the ISO file as being safe.

Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?  It was my understanding previously that the client had to be brought online at least once to download the blockchain and only then could the client create new 'valid' keys which the bitcoin network would recognize (based on a HOWTO guide I saw a few days ago for creating an offline wallet).

Also, while yes, the EFI rootkit or compiler/interpreter hacks are highly unlikely, with a sufficiently motivated attacker and a sufficiently high-value target it is not out of the question (just take Stuxnet for example).

1GjRUzZfDCBHeCyJk6av3pXYS9VKjCvQTQ
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 28, 2011, 06:55:32 AM
 #16


Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?

Yep...

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
johanatan
Member
**
Offline Offline

Activity: 84


View Profile
June 28, 2011, 07:00:07 AM
 #17


Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?

Yep...

Sweet! :-)

1GjRUzZfDCBHeCyJk6av3pXYS9VKjCvQTQ
iya
Member
**
Offline Offline

Activity: 81


View Profile
June 28, 2011, 07:46:50 AM
 #18


Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?

Yep...

Sweet! :-)

You don't even have to bring private keys online to recover the funds. You could sign transactions offline and then publish them from a different computer.
billyjoeallen
Legendary
*
Offline Offline

Activity: 966


Hide your women


View Profile WWW
June 28, 2011, 08:27:36 AM
 #19

This just gave me an idea, and I don't really know why this popped into my head when I read the OP, but it might be fun to start putting bitcoin wallets (printed private keys) in geocache locations with a few bitcoins in the wallet.  If you hid it in a good spot, and it isn't found for a long time, the person who ultimately finds it could be very, very lucky (or just end up with a worthless piece of paper, depending on the future value).

I really like this idea.

insert coin here:
1Ctd7Na8qE7btyueEshAJF5C7ZqFWH11Wc

Open an exchange account at CampBX: options, lowest commissions, and best security
https://campbx.com/register.php?r=0Y7YxohTV0B
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 28, 2011, 01:20:22 PM
 #20

Someone should grab all three:

5J2PLx7Bu8hBAEjpJ3pzJ2wo2DVVrymZN7Jtqo1MBFsF3EzD4v3
1FhANknfz5k4g3X3mLcekpwxikRKJavKbF

5JPrWUqLodNbyN8Xt2qfX4tgVcSjC9u6kh6QAS5nNsJMuDfH7PN
1DvXZ7Uc1Gsk5rqZENvcJd2p5YUF8ya68K
 
5JcrEEsm5v6KL9zFAh6UAy1QqaNrV4j1XtZczWbLEY5YhMKL6Uz
1K7nQP7qWy58jhtuHVHsCmgNoJaEoZrjtQ

and put the 0.03 BTC somewhere all together...

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!