jimbursch (OP)
|
|
July 22, 2013, 01:26:33 PM |
|
I am considering doing business with someone who claims to have 1000 BTC. What would be the simplest/easiest way to verify that this person indeed has 1000 BTC?
Here's my idea on how to do it:
Step 1: He gives me an address that shows a 1000BTC incoming transaction that is verified in the block chain.
Step 2: He then sends me a small transaction amount from that address to prove that he owns the address.
I think step 1 could be problematic. He probably doesn't have 1000BTC in one transaction -- he probably doesn't have 1000 BTC in one wallet.
Is there a simpler/easier way?
|
MyMindshare -- a commercial messaging system -- check it out at *Link Removed*
|
|
|
abrkn
|
|
July 22, 2013, 01:27:46 PM Last edit: March 15, 2015, 03:19:09 AM by abrkn |
|
-
|
keybase.io/abrkn/key.asc
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
July 22, 2013, 01:31:17 PM |
|
He can sign messages with addresses containing the bitcoins
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
jimbursch (OP)
|
|
July 22, 2013, 01:31:44 PM |
|
At this point we don't need to execute a 1000 BTC transaction -- I just want to verify that this person is honest in his claim to have 1000 BTC. Sort of like a credit check.
|
MyMindshare -- a commercial messaging system -- check it out at *Link Removed*
|
|
|
Rannasha
|
|
July 22, 2013, 01:31:55 PM |
|
Have the other party sign a message with the addresses that contain (significant parts) of his balance. You can then verify that he controls the addresses and use Blockchain.info to look up the balances.
|
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
July 22, 2013, 01:36:06 PM |
|
He can sign messages with addresses containing the bitcoins
Have the other party sign a message with the addresses that contain (significant parts) of his balance. You can then verify that he controls the addresses and use Blockchain.info to look up the balances.
This.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4851
|
|
July 23, 2013, 04:51:52 AM |
|
Make sure the message you have them sign is descriptive enough that they can't trick others into signing the message.
Examples:
Don't ask for a signature of the following message: "I have control of this address"
Instead ask for a signature of the following message: "I am providing a signature of this message to prove control of more than 1000 BTC which will be used in a future transaction with jimbursch. Here is the list of addresses that will be used to sign the message: 1myfirstaddress, 1mysecondaddress, 1mythirdaddress, etc"
|
|
|
|
marjamrob
|
|
July 23, 2013, 03:13:42 PM |
|
Make sure the message you have them sign is descriptive enough that they can't trick others into signing the message.
Examples:
Don't ask for a signature of the following message: "I have control of this address"
Instead ask for a signature of the following message: "I am providing a signature of this message to prove control of more than 1000 BTC which will be used in a future transaction with jimbursch. Here is the list of addresses that will be used to sign the message: 1myfirstaddress, 1mysecondaddress, 1mythirdaddress, etc"
Also, put the date in it, his username, and some random characters.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4851
|
|
July 23, 2013, 03:37:31 PM |
|
Make sure the message you have them sign is descriptive enough that they can't trick others into signing the message.
Examples:
Don't ask for a signature of the following message: "I have control of this address"
Instead ask for a signature of the following message: "I am providing a signature of this message to prove control of more than 1000 BTC which will be used in a future transaction with jimbursch. Here is the list of addresses that will be used to sign the message: 1myfirstaddress, 1mysecondaddress, 1mythirdaddress, etc"
Also, put the date in it, his username, and some random characters. What is the benefit of the random characters? I suppose username would make sense. I'm not sure the date is necessary for this use, but I suppose it wouldn't hurt.
|
|
|
|
marjamrob
|
|
July 23, 2013, 04:00:07 PM |
|
Make sure the message you have them sign is descriptive enough that they can't trick others into signing the message.
Examples:
Don't ask for a signature of the following message: "I have control of this address"
Instead ask for a signature of the following message: "I am providing a signature of this message to prove control of more than 1000 BTC which will be used in a future transaction with jimbursch. Here is the list of addresses that will be used to sign the message: 1myfirstaddress, 1mysecondaddress, 1mythirdaddress, etc"
Also, put the date in it, his username, and some random characters. What is the benefit of the random characters? I suppose username would make sense. I'm not sure the date is necessary for this use, but I suppose it wouldn't hurt. Random characters simply because it greatly reduces the chance of a coincidence, mostly paranoia... Just in case someone else happens to have signed the same thing. I wouldn't worry about it unless it is a large amount. After-all, 1000 BTC is ~$100k.
|
|
|
|
candoo
|
|
July 23, 2013, 04:11:24 PM |
|
Is he an old member here? Most 2009-2011 Users have more then 1k btc. Its still quite common here. But most of them keep their mouth shut.
|
Einer trage des andern Last, so werdet ihr das Gesetz Christi erfüllen.
|
|
|
Raize
Donator
Legendary
Offline
Activity: 1419
Merit: 1015
|
|
July 23, 2013, 09:42:46 PM |
|
The verifying can be done via signed messages. If they choose to remain anonymous, however, you've got a problem of trust regarding how to handle the transaction and verification. There's a few methods you can use then, one is having them escrow it to someone you and the anonymous person both trust. You don't seem to hide your identity at all, so it'd be easier to find an escrow that trusts you and could verify the cell # on your resume as well as verify you via your twitter.
At that point, the anonymous person could pass to the escrow somewhere along the lines of 10 BTC. You would then pay the amount to wherever they specify, then wait for them to confirm it was valid. After it's shown you can both handle a simple 10 BTC transaction, you then do a 100 BTC transaction. Assuming that goes well enough, they can probably trust you for a 250 BTC transaction, then another 250 BTC and etc. till you have it all wrapped up.
I know what you're both thinking. I don't even trust exchanges with handling 100 BTC or the fiat equivalent after the latest regulation hogwash. Not because I want to avoid regulation, but because I can't imagine what it would be like having that much wrapped up in some ridiculous exchange/regulation nonsense.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
July 23, 2013, 09:46:44 PM |
|
As others have pointed out the only proof is a signed message(s) and the signed message should be distinct enough that it can't be reused.
Having someone send you a token amount of coins is very weak security. Someone could simply be acting as a middle man. He tells a person who really does have 1000 BTC to send him a bitcent as "proof" and then supplies your address. You see an incoming "proof" transaction which isn't proof of anything at all.
|
|
|
|
jimbursch (OP)
|
|
July 24, 2013, 05:08:28 PM |
|
I may need to put this in another topic, but I'm not clear on what a "signed message" is.
My understanding is that a message can be included in a transaction, which goes into the block chain. Is this what you are referring to as a "signed message"?
Is there such a thing as a signed message that is not part of a transaction in the block chain?
|
MyMindshare -- a commercial messaging system -- check it out at *Link Removed*
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
July 24, 2013, 05:11:22 PM |
|
You can put a message in a transaction Look at the menus in bitcoin-qt
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
July 24, 2013, 05:40:35 PM |
|
I may need to put this in another topic, but I'm not clear on what a "signed message" is.
My understanding is that a message can be included in a transaction, which goes into the block chain. Is this what you are referring to as a "signed message"? No that is a transaction and you can't (without some really bad hacks) include a message in a transaction at least not in any standardized easy to decode method. Transactions are not messages. Messages are not transactions. Is there such a thing as a signed message that is not part of a transaction in the block chain?
Signed messages are never part of a transaction and never added to the blockchain.The client has the ability to sign any arbitrary text. Once again this has absolutely nothing to do with transactions.
|
|
|
|
jimbursch (OP)
|
|
July 24, 2013, 07:41:29 PM |
|
Signed messages are never part of a transaction and never added to the blockchain.
The client has the ability to sign any arbitrary text. Once again this has absolutely nothing to do with transactions.
Thank you! Now I understand.
|
MyMindshare -- a commercial messaging system -- check it out at *Link Removed*
|
|
|
Loozik
Sr. Member
Offline
Activity: 378
Merit: 250
Born to chew bubble gum and kick ass
|
|
July 25, 2013, 12:54:37 PM |
|
Signed messages are never part of a transaction and never added to the blockchain.
The client has the ability to sign any arbitrary text. Once again this has absolutely nothing to do with transactions.
Thank you! Now I understand. I don't (fully) understand. I just found ''sign message'' and ''verify message'' in Bitcoin-Qt. Can someone explain in plain English how both differ? Does ''signing / verifying a message'' involve paying a TX fee?
|
|
|
|
jimbursch (OP)
|
|
July 25, 2013, 01:43:37 PM |
|
Does ''signing / verifying a message'' involve paying a TX fee?
No -- there is no transaction that is involved in this messaging. Here's an example of how this messaging works, as I now understand it (please correct me if I'm wrong): Let's say that you bought a widget from me, and you have already sent me the bitcoin to pay for it, but you haven't given me your mailing address so that I can send you your widget. Let's also say that we don't know each other and the only information I have about you is the bitcoin address from which you sent payment, and an email address that I think is suspicous -- it may or may not be you on the other end of the email address. So, I ask you to send me a "signed message" that contains your mailing address. You then go into Bitcoin-Qt, under "Sign message", and enter the bitcoin address that was used in the purchase of the widget, then enter your mailing address in the text of the message, then generate the signature. You then email me those three things -- the bitcoin address, the text of the message, and the signature. When I receive those three things, I then enter them in "verify message" it it tells me if indeed this is a valid signed message. If it is, then I know that the mailing address in the message is from the person who owns the bitcoin address that paid for the widget. It's kind of a brilliant feature for supporting anonymous yet trustworthy messaging.
|
MyMindshare -- a commercial messaging system -- check it out at *Link Removed*
|
|
|
Loozik
Sr. Member
Offline
Activity: 378
Merit: 250
Born to chew bubble gum and kick ass
|
|
July 25, 2013, 02:24:43 PM |
|
No -- there is no transaction that is involved in this messaging. So, it's a messenger more or less. Good to know Let's say that you bought a widget from me, and you have already sent me the bitcoin to pay for it, but you haven't given me your mailing address so that I can send you your widget. Let's also say that we don't know each other and the only information I have about you is the bitcoin address from which you sent payment, and an email address that I think is suspicous -- it may or may not be you on the other end of the email address.
So, I ask you to send me a "signed message" that contains your mailing address.
You then go into Bitcoin-Qt, under "Sign message", and enter the bitcoin address that was used in the purchase of the widget, then enter your mailing address in the text of the message, then generate the signature. You then email me those three things -- the bitcoin address, the text of the message, and the signature. Okay, I have a few visible and a few invisible addresses in my Bitcoin-Qt. Bitcoin-Qt interface shows me only the balance (which is not broken down by respective addresses of mine). I bought a widget from you and my BTCs were either sent to you from one address or from many addresses residing in my Bitcoin-Qt. 1. When I ''sign a message'' containing my e-mail address and send it to your public address, how does Bitcoin-Qt know which of my visible and invisible public address(es) to include in the message for you? - I do not know the address from which I sent you the money (when I click in Bitcoin-Qt ''Transactions'' then ''Transaction details'' it doesn't tell me which of my public addresses was used for making the payment in your favour) so I cannot enter my public address by myself (am I correct or not?) 2. Are you the only person who can see my message?
|
|
|
|
|