Bitcoin Forum
August 09, 2020, 08:41:55 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 [110] 111 112 113 »
  Print  
Author Topic: Trust No One  (Read 160538 times)
marcovaldo
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
December 08, 2013, 01:41:19 PM
 #2181

is katnisseverdeen a good password?  Cheesy

No, not at all...
Is it your password? Cheesy

BITEX
            ███     ███     ███
              ███     ███     ███
                ███     ███     ███
                  ███     ███     ███
                    ███     ███     ███
                      ███     ███     ███
                        ███     ███     ███
                          ███     ███     ███
                            ███     ███     ███
                              ███     ███     ███
                            ███     ███     ███
                          ███     ███     ███
                        ███     ███     ███
                      ███     ███     ███
                    ███     ███     ███
                  ███     ███     ███
                ███     ███     ███
              ███     ███     ███
            ███     ███     ███

The First Locally-Embedded, Yet Global, Crypto-Bank
TELEGRAM    FACEBOOK   TWITTER    YOUTUBE    LINE

                  ███     ███     ███
                ███     ███     ███
              ███     ███     ███
            ███     ███     ███
          ███     ███     ███
        ███     ███     ███
      ███     ███     ███
    ███     ███     ███
  ███     ███     ███
███     ███     ███
  ███     ███     ███
    ███     ███     ███
      ███     ███     ███
        ███     ███     ███
          ███     ███     ███
            ███     ███     ███
              ███     ███     ███
               ███     ███     ███
                 ███     ███     ███

WHITEPAPER | ANN
JOIN WHITELIST NOW!
1597005715
Hero Member
*
Offline Offline

Posts: 1597005715

View Profile Personal Message (Offline)

Ignore
1597005715
Reply with quote  #2

1597005715
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Andrewwattson
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
December 09, 2013, 01:08:19 AM
 #2182

Great advice thanks for the help.
Litisun
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 12, 2013, 12:43:33 PM
 #2183

I absolutely agree with the concepts expressed in the original post. 

It's not paranoia if they really are out to get you.

Thieverycorp
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
December 23, 2013, 09:24:05 PM
 #2184

Coming from the Silkroad scene, trust is a very important issue. Anything that can mitigate future damage should always be used. Be careful, guard your own back.
Richy_T
Legendary
*
Offline Offline

Activity: 1358
Merit: 1003


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
December 24, 2013, 02:39:06 PM
Last edit: December 24, 2013, 07:50:11 PM by Richy_T
 #2185

I like the individual responsibility, but ultimately the security boils down to the software used. While I agree in principle that "online wallets" should not be inherently trusted, there is trust built over time for anything that doesn't get violated on a regular basis.

This is how scam artists work. A little money at first then you get good returns/it's proven/whatever, then a little more money, then your friends' money. Hey, this is pretty good, let's borrow on the house... Boom, they're gone and you wonder what's happened.

Not that I'm saying that's the case with any particular online wallet service, just be careful with that whole trust thing.

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
TaaviHV
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
December 24, 2013, 06:57:25 PM
 #2186

Lot of help. Thanks.
Jaystar236
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
December 26, 2013, 10:23:42 AM
 #2187

Great post. Thanks for the info!
eazybram
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
December 27, 2013, 09:24:21 PM
 #2188


If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.


Best line from OP   Roll Eyes
revivalive
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
December 27, 2013, 10:34:06 PM
 #2189

excellent advice for us newbs. thanks!
braxx
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
December 27, 2013, 10:57:08 PM
 #2190

tnx 4 the advise
Forcecast
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
December 27, 2013, 11:30:53 PM
 #2191

Just so you know: http://bitcoinscammers.com/
bennylou
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
December 27, 2013, 11:52:23 PM
 #2192

Thanks for the advice..
Meuh6879
Legendary
*
Offline Offline

Activity: 1512
Merit: 1010



View Profile
December 28, 2013, 12:14:57 AM
 #2193

to react about the first post ... it's right, the only way to keep is bitcoin is the "bitcoin-QT" application with the 15Go of associate blockchain folder.

i use only android app with nothing more like 100 Euros (200mBTC).
singood
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
December 28, 2013, 01:44:44 AM
 #2194

Disagree, the scenario you outlined is far more unlikely than a memorable password being hacked.  Also still limits the suspects to people who could theoretically gain access to the passwords.

Perhaps, but it really depends on how the person chooses to generate his/her password. If the person is naive enough to use the same password or the same passphrase or same method always, then obviously he/she's going to be screwed. But the same person is also likely to be equally naive with physical security. In the end, the weakest link is still the user.


Quote
Even if you do simple letter substitution, the password should still be over 13 characters for any amount of security from rainbow tables. Very difficult to remember for the average person.

A password should always be long and safer if the code salts the password hash properly. The average person won't be able to remember a random sequence of letters, but a passphrase like "This is my password for getting into the bitcoin bank" and using "Timpfgitbb" is probably much easier. Of course the risk is again, a naive user might just end up using the same passphrase and effectively reducing it to a 2 letter password since only the last few letters would ever change.

Quote
Also- Micro screenshot loggers take images of the surrounding area of a mouse click.  Rarely do you have to worry about your entire screen being recorded since live recording of your screen would drag most computers down enough for the average person to be concerned anyways.  Even if they take an image of the entire screen with every mouse click, a simple solution would be to make the secure keyboard randomize positions with every entry.  Another level of complexity would be to have the keyboard scroll so only a line of characters was visible to click on at a time, so you could not use a process of elimination.

Only the last suggestion would be useful IMO because if the logger screenshots just the active window (or even a reasonably wide area such as 200px instead of just a few pixels around the cursor), it would be able to see the entire keyboard. Randomizing that on every click doesn't help since every click gets the logger a new picture with all the keys except the one you used.

The problem with the scroller is that the average users may get rapidly annoyed with it and give up using the system or find ways to get around it if they have to deal with it daily. That's what make users put password stick-it  on office monitors in places where they implement draconian password policies such as minimum 10 letters, no reusing of last 12 passwords, no similar passwords, new password every 2 weeks or 30 log ins.

Quote
As for firewalls, I'm most concerned with methods that don't involve configuration of your computer, since more secure wallets and merchanting programs 'out of the box' will assist in widespread adoption

Frankly speaking if the user's system isn't secured in the first place against information leak, nothing we do can be considered secured. Just the initial entry of the password during registration, or even receiving a generated password in the email, could be the time of the leak, rendering whatever physical measures or random onscreen keyboard useless.

sibilant_doge
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
December 28, 2013, 01:48:58 AM
 #2195

So, just out of curiosity what does encrypting my wallet do? because when I have the program open I can seem to send and receive as I please. Does it encrypt against outside tapping? What does it do against someone remote accessing my computer?
dbradley
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
December 28, 2013, 03:52:06 AM
 #2196

This is the sort of paranoia we need more of around here!

In this case, a less trusted forum member (me) was leveraging the trust of someone who was much more trusted. Michael Hendrix met all my requirements for how to choose someone to trust if you must (listed above), except obviously he had no insurance himself. In that forum thread I was telling the people placing bets that they don't need to trust me if they trust him, since he was holding my bond.

We could have been in cahoots, but there wouldn't be any point to doing that. Michael already has a lot of trust - he doesn't need my help to scam people if he decides he wants to do so.
infinitybo
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
December 28, 2013, 02:46:08 PM
 #2197

@Sibilant_doge It's alright to be curious anyways encrypting your wallet is a good security practice.
dbradley
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
December 28, 2013, 07:11:41 PM
 #2198

Some really good advice - and much appreciated!
Anyone have any thoughts on Mpex and the trustworthiness of the person who runs it?
CoinCidental
Legendary
*
Offline Offline

Activity: 1316
Merit: 1000


Si vis pacem, para bellum


View Profile
December 28, 2013, 07:23:51 PM
 #2199

Some really good advice - and much appreciated!
Anyone have any thoughts on Mpex and the trustworthiness of the person who runs it?

Trust No One
infinitybo
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
December 29, 2013, 03:02:41 PM
 #2200

@Dbradley Definitely something to say about because we'll give you the best advice here and that's good !
Pages: « 1 ... 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 [110] 111 112 113 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!