Bitcoin Forum
September 19, 2018, 10:16:08 AM *
News: ♦♦ Bitcoin Core users must update to 0.16.3 [Torrent]. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Thoughts on the compromise of Casascius coin holograms  (Read 6123 times)
BitPappa
Sr. Member
****
Offline Offline

Activity: 425
Merit: 250



View Profile WWW
August 11, 2013, 04:10:29 PM
 #21

I think the publicized hack adds uncertainty to a buyer's mind. So I would think the average price (in BTC) of resold coins will creep down a bit, more so with the coins that show the least evidence of tampering. It will be interesting to see.

I am attracted to Casascius coins as a longterm collectible, and as a very cool physical embodiment of the idea of Bitcoin. I don't plan on selling the couple I own, at least not in the near future. But if I were sitting on a lot of coins with the intention of selling them, I would not be happy about an additional perceived risk in the minds of buyers that the coins could be drained of value after they were purchased.

Another concern I have for the coins is that someone will simply create great duplicates of the holographic stickers. If people can counterfeit governmental currencies, I assume they can counterfeit one of these stickers.

1537352168
Hero Member
*
Offline Offline

Posts: 1537352168

View Profile Personal Message (Offline)

Ignore
1537352168
Reply with quote  #2

1537352168
Report to moderator
1537352168
Hero Member
*
Offline Offline

Posts: 1537352168

View Profile Personal Message (Offline)

Ignore
1537352168
Reply with quote  #2

1537352168
Report to moderator
Make a difference with your Ether.
Donate Ether for the greater good.
SPRING.WETRUST.IO
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
zipmaster
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
January 15, 2014, 10:32:25 PM
 #22

Mike, I feel like the best thing to do would be to implement on your website a proof of ownership system of the coins.

All coins should also list a Mike Caldwell signed PGP key of their original buyer. When an original coin owner then sells his coins to someone else, they can sign the PGP key of the new buyer and have the site be updated with the new owner's PGP key.

This won't help against tampering of Casascius coins per se but would certainly render counterfeiting impossible since, for a given coin address, it is impossible to know what the private key of the real owner is. Ultimately, only Mike could counterfeit the coins.

This doesn't eliminate trust. What it does is keep trust over Casascius coins what it has always been: trust in Mike Caldwell.

It would certainly be a hassle to implement this mechanism for past coins since all original owners would have to be contacted and, furthermore, some coins have already traded hands so people would have to play catch-up on the PGP chain. However, the hassle would be very much worthwhile to many proud Casascius owners.

Furthermore, the whole mechanism could be automated on the website so that any coin sales can update the PGP chain. Within this framework, new buyers would conclude a sale by having their PGP key signed by the coin's previous owner and updated on the website.

This should seriously be taken under consideration for the benefit of both your business and the overall Casascius community. 
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1040


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 17, 2014, 10:47:38 PM
 #23

Mike, I feel like the best thing to do would be to implement on your website a proof of ownership system of the coins.

Keep in mind that the purpose of a Casascius Coin is an educational tool and functional proof of concept, aside from the collectible the market has decided it also is... and not intended to be money or a currency.  Although "trust in Mike Caldwell" is an important element of my product, the trust extends to my assertion that the coin contains the only copy of the correct private key as promised (and that I've taken adequate steps to ensure the keys are unreproducible, sufficiently random, and not duplicated).  I'm not a bank, and I feel implementing a system like that is far out of scope of my project.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
zipmaster
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
January 20, 2014, 05:22:50 AM
 #24

Mike, I disagree. You wouldn't be performing the role of a bank. Guaranteeing the chain of ownership of the coins is a logical extension of your "trust in Mike Caldwell" product. Furthermore, following with the educational philosophy, you'd be incentivizing people to accept and understand the fundamental concept of a digital signature: a "technology" foundational to the premise of bitcoin itself.

nubbins
Legendary
*
Offline Offline

Activity: 1386
Merit: 1000



View Profile
January 20, 2014, 03:14:45 PM
 #25

Mike, I disagree. You wouldn't be performing the role of a bank. Guaranteeing the chain of ownership of the coins is a logical extension of your "trust in Mike Caldwell" product. Furthermore, following with the educational philosophy, you'd be incentivizing people to accept and understand the fundamental concept of a digital signature: a "technology" foundational to the premise of bitcoin itself.

Of all the coins I've sold (and there have been many), only ONE buyer has taken me up on the offer to extend the chain of custody.

Bank or not, what you're asking him to do is pour tens of thousands of dollars and countless hours of effort into something that most people don't even want.

Buyers who want a chain of custody can find a seller that provides it -- I can think of several off the top of my head. Buyers who don't want a chain of custody can carry on as usual. It's not Mike's responsibility to track down every coin he's sold through a labyrinth of ownership in order to provide a service that most people don't care about.

No longer buying/selling Casascius coins. Beware scammers.
My OTC Web of Trust ratings / What's a PGP chain of custody?
zipmaster
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
January 20, 2014, 05:54:45 PM
 #26

Nubbins, how did you extend the chain of custody on your coin?
nubbins
Legendary
*
Offline Offline

Activity: 1386
Merit: 1000



View Profile
January 20, 2014, 08:49:27 PM
 #27

Nubbins, how did you extend the chain of custody on your coin?

Easy peasy. I take Mike's signed document, append text after his signature that identifies the new buyer, and sign the whole thing with my key.

For sake of illustration, Mike's original document is in blue, and mine is in red.

---Begin PGP doc---
- ---Begin PGP doc---

I, Mike Caldwell, sent coins a,b,c to nubbins,
and his PGP fingerprint is ABCD EFGH.

See attached document scanned-coins.pdf
with MD5 checksum blahblah

- ---Begin PGP sig---
234C%#@4fv524 <---PGP signature for Mike's key
- ---End PGP sig---


I, nubbins, sent coin b to zipmaster,
and his PGP fingerprint is IJKL MNOP.

---Begin PGP sig---
@%$Y#H/Rgef4e <---PGP signature for my key (ABCD EFGH)
---End PGP sig---


Then I just take this block of text and scanned-coins.pdf and send them along to the new owner.

No longer buying/selling Casascius coins. Beware scammers.
My OTC Web of Trust ratings / What's a PGP chain of custody?
Possum577
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250

Loose lips sink sigs!


View Profile WWW
August 06, 2014, 12:43:24 AM
 #28

This would work, it's just like signing over a check to a third party by endorsing it on the back and then handing it over to the third party.

Nubbins, how did you extend the chain of custody on your coin?

Easy peasy. I take Mike's signed document, append text after his signature that identifies the new buyer, and sign the whole thing with my key.

For sake of illustration, Mike's original document is in blue, and mine is in red.

---Begin PGP doc---
- ---Begin PGP doc---

I, Mike Caldwell, sent coins a,b,c to nubbins,
and his PGP fingerprint is ABCD EFGH.

See attached document scanned-coins.pdf
with MD5 checksum blahblah

- ---Begin PGP sig---
234C%#@4fv524 <---PGP signature for Mike's key
- ---End PGP sig---


I, nubbins, sent coin b to zipmaster,
and his PGP fingerprint is IJKL MNOP.

---Begin PGP sig---
@%$Y#H/Rgef4e <---PGP signature for my key (ABCD EFGH)
---End PGP sig---


Then I just take this block of text and scanned-coins.pdf and send them along to the new owner.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!