Eligius: 0% Fee BTC, 105% PPS NMC, No registration, CPPSRB

[davebodger]

Thanks for all the feedback, dose my computer need to be on 24/7 for a wallet to be installed on my system ?

No, not at all.
Turn it off as much as you want.

[mdude77]

Unless you are a high profile user, or do some really stupid things with your computer, your personal wallet on your PC is probably safer than an online wallet.

Maybe. It's a different risk profile, really.

Depends on what you consider "high profile". Depends on where you live. Depends on where you keep your PC. Depends if your PC is encrypted, and if you keep it running all the time. Depends on a lot of things.

Storing 20 BTC on your laptop which you leave running on the Internet pretty much 24/7, probably isn't safer than storing it on Coinbase behind a memorized password (not saved on your PC) and 2-factor authentication.

Maybe 20 BTC is "high profile". It's not an unrealistic amount, though.

And if your computer is compromised ... an online wallet won't help you anyhow.

It might. Depends on how badly it's compromised, whether or not you have 2-factor authentication set up, etc.

I don't think any online wallets currently have some sort of "limit me to 1 BTC of withdrawals per day unless I give 48 hours advance notice", but that's something else that could be done to make online wallets even safer.

2-factor authentication is mostly feel good.  Zeus is a good example of a trojan who knows how to get around 2-factor.

"I'm sorry, you entered the incorrect passcode."
<in the background it's logged in and is emptying your online wallet>

M

[CroverNo01]

Thanks for all the feedback, dose my computer need to be on 24/7 for a wallet to be installed on my system ?

No, not at all.
Turn it off as much as you want.

Cheers for the feedback, Will install Bitcoin-Qt let it catch up then trial moving over some coins.

Hopefully get a reply from blockchain about my missing BTC payment that is already confirmed on the network

Thanks

[Luke-Jr]

blockchain.info is probably going to be the next MtGox...

Bold statement. You just speculating or have some specific information?

Mostly speculating. They like to portray themselves as more secure, when they're really not.

How so? With Blockchain.info, I have my private keys. They cannot run away with the money!

You have your private keys, but who else does as well?

Do you check the html/javascript every time you use the site?

I'm not saying they're doing anything nefarious, but what's to stop a rogue employee (or group of employees, or anyone capable of faking an SSL certificate) from modifying the javascript and stealing the private keys?

... or any browser plugin, or any other software on your PC, or github gets compromised, or ...

Did you know that Javascript lets you redefine the Number class such that every constant is always 42?
Things are not always what they seem, even if you use their code-audit plugin...

Where would you suggest I store my BTC thats not on my local computer ?

Is there a way to store BTC on paper ?

Armory supports true paper wallets.

[baddw]

Storing 20 BTC on your laptop which you leave running on the Internet pretty much 24/7, probably isn't safer than storing it on Coinbase behind a memorized password (not saved on your PC) and 2-factor authentication.

I doubt this very seriously.  Of course, a few assumptions need to be made.  Firstly, how is your laptop connected to the Internet?  Is it behind a router?  How safe is its OS?  Do you keep it updated with the latest security measures?

Coinbase (or any other big exchange/wallet service) is a big fat target.  "Why did you rob banks?" "Because that's where the money was."  A random consumer PC connected to the Internet is pretty much invisible and anonymous.  Yes, it is vulnerable to attacks, but the chances of rewards are low.

Does Coinbase encrypt my wallet with a passphrase which only I know?  In other words, if I forget or lose my Coinbase passphrase, are my Coinbase holdings effectively lost forever?  If not, then Coinbase has independent access to my private keys.  Which means they can be stolen.  This is impossible if my private keys are encrypted and residing on my own PC.

[anth0ny]

Unless you are a high profile user, or do some really stupid things with your computer, your personal wallet on your PC is probably safer than an online wallet.

Maybe. It's a different risk profile, really.

Depends on what you consider "high profile". Depends on where you live. Depends on where you keep your PC. Depends if your PC is encrypted, and if you keep it running all the time. Depends on a lot of things.

Storing 20 BTC on your laptop which you leave running on the Internet pretty much 24/7, probably isn't safer than storing it on Coinbase behind a memorized password (not saved on your PC) and 2-factor authentication.

Maybe 20 BTC is "high profile". It's not an unrealistic amount, though.

And if your computer is compromised ... an online wallet won't help you anyhow.

It might. Depends on how badly it's compromised, whether or not you have 2-factor authentication set up, etc.

I don't think any online wallets currently have some sort of "limit me to 1 BTC of withdrawals per day unless I give 48 hours advance notice", but that's something else that could be done to make online wallets even safer.

2-factor authentication is mostly feel good.  Zeus is a good example of a trojan who knows how to get around 2-factor.

"I'm sorry, you entered the incorrect passcode."
<in the background it's logged in and is emptying your online wallet>

M

Just because there's one method in which 2-factor authentication can be compromised, I wouldn't call it "mostly feel good".

Being able to break into your house and plant a trojan on your computer without you realizing it is much tougher than breaking in and just stealing your computer. Also, Coinbase doesn't require your 2FA code every time you log in, only when you make a withdrawal (or, if you'd prefer, only when you make a withdrawal over $100 in a day). If you're just sitting on, say, 20 BTC, or you don't withdraw more than $100 in a day, then you might not enter that 2FA code while the trojan is installed and undetected.

But yeah, it's a possible attack vector, which is why I said limiting the amount that can be withdrawn without 48-hours notice would be even safer.

My brokerage house is going to call me on the phone to verify things before I can make a $12,000 withdrawal from my IRA. No reason why online wallets can't do the same thing.

[roy7]

Amazon web servers can do 2FA with a gemalto physical device, so it's not possible to defeat the 2FA without the actual little device fob.

[mdude77]

Just because there's one method in which 2-factor authentication can be compromised, I wouldn't call it "mostly feel good".

Being able to break into your house and plant a trojan on your computer without you realizing it is much tougher than breaking in and just stealing your computer. Also, Coinbase doesn't require your 2FA code every time you log in, only when you make a withdrawal (or, if you'd prefer, only when you make a withdrawal over $100 in a day). If you're just sitting on, say, 20 BTC, or you don't withdraw more than $100 in a day, then you might not enter that 2FA code while the trojan is installed and undetected.

But yeah, it's a possible attack vector, which is why I said limiting the amount that can be withdrawn without 48-hours notice would be even safer.

My brokerage house is going to call me on the phone to verify things before I can make a $12,000 withdrawal from my IRA. No reason why online wallets can't do the same thing.

Breaking into one's house isn't necessary to compromise a computer.  Most computers can be compromised pretty easily *unless* the user takes surfing seriously and practices some basic security precautions (like don't use IE).

That's why I argue your PC is probably safer than an online bank.  Presumably most people here have at least someone of an idea how to keep their PC safe.

BTW, I agree on the limit per withdraw.  However... you can have a 1BTC limit per transaction, and then have to do 20 transactions.  Or the online system has an exploit that bypasses the limit.  As Steve Gibson says, Trust No One.  (TNO)

M

[anth0ny]

Storing 20 BTC on your laptop which you leave running on the Internet pretty much 24/7, probably isn't safer than storing it on Coinbase behind a memorized password (not saved on your PC) and 2-factor authentication.

I doubt this very seriously.  Of course, a few assumptions need to be made.  Firstly, how is your laptop connected to the Internet?  Is it behind a router?  How safe is its OS?  Do you keep it updated with the latest security measures?

Coinbase (or any other big exchange/wallet service) is a big fat target.  "Why did you rob banks?" "Because that's where the money was."  A random consumer PC connected to the Internet is pretty much invisible and anonymous.  Yes, it is vulnerable to attacks, but the chances of rewards are low.

Does Coinbase encrypt my wallet with a passphrase which only I know?  In other words, if I forget or lose my Coinbase passphrase, are my Coinbase holdings effectively lost forever?  If not, then Coinbase has independent access to my private keys.  Which means they can be stolen.  This is impossible if my private keys are encrypted and residing on my own PC.

Yes, they're a big fat target. (*) But they spend many orders of magnitude more on security than I do.

Breaking into my house is trivial. Breaking into the bank where Coinbase stores their cold wallets is much tougher.

(*) Although, perhaps less of a fat target than you might think, as they surely don't store all their BTC in a single location.

[mdude77]

(*) Although, perhaps less of a fat target than you might think, as they surely don't store all their BTC in a single location.

And you know that how?

M

[anth0ny]

Just because there's one method in which 2-factor authentication can be compromised, I wouldn't call it "mostly feel good".

Being able to break into your house and plant a trojan on your computer without you realizing it is much tougher than breaking in and just stealing your computer. Also, Coinbase doesn't require your 2FA code every time you log in, only when you make a withdrawal (or, if you'd prefer, only when you make a withdrawal over $100 in a day). If you're just sitting on, say, 20 BTC, or you don't withdraw more than $100 in a day, then you might not enter that 2FA code while the trojan is installed and undetected.

But yeah, it's a possible attack vector, which is why I said limiting the amount that can be withdrawn without 48-hours notice would be even safer.

My brokerage house is going to call me on the phone to verify things before I can make a $12,000 withdrawal from my IRA. No reason why online wallets can't do the same thing.

Breaking into one's house isn't necessary to compromise a computer.  Most computers can be compromised pretty easily *unless* the user takes surfing seriously and practices some basic security precautions (like don't use IE).

That's why I argue your PC is probably safer than an online bank.  Presumably most people here have at least someone of an idea how to keep their PC safe.

I don't understand what you're saying, then. What's the reason my PC is probably safer than an online bank? I'm not a security expert, or anything, whereas many of the people working for the online bank are.

I'm assuming we're talking about a reputable online bank, of course.

[anth0ny]

(*) Although, perhaps less of a fat target than you might think, as they surely don't store all their BTC in a single location.

And you know that how?

http://support.coinbase.com/customer/portal/articles/628970-how-do-i-know-you-won-t-get-hacked-

[roy7]

(*) Although, perhaps less of a fat target than you might think, as they surely don't store all their BTC in a single location.

And you know that how?

M

http://antonopoulos.com/2014/02/25/coinbase-review/

[baddw]

Storing 20 BTC on your laptop which you leave running on the Internet pretty much 24/7, probably isn't safer than storing it on Coinbase behind a memorized password (not saved on your PC) and 2-factor authentication.

I doubt this very seriously.  Of course, a few assumptions need to be made.  Firstly, how is your laptop connected to the Internet?  Is it behind a router?  How safe is its OS?  Do you keep it updated with the latest security measures?

Coinbase (or any other big exchange/wallet service) is a big fat target.  "Why did you rob banks?" "Because that's where the money was."  A random consumer PC connected to the Internet is pretty much invisible and anonymous.  Yes, it is vulnerable to attacks, but the chances of rewards are low.

Does Coinbase encrypt my wallet with a passphrase which only I know?  In other words, if I forget or lose my Coinbase passphrase, are my Coinbase holdings effectively lost forever?  If not, then Coinbase has independent access to my private keys.  Which means they can be stolen.  This is impossible if my private keys are encrypted and residing on my own PC.

Yes, they're a big fat target. (*) But they spend many orders of magnitude more on security than I do.

Breaking into my house is trivial. Breaking into the bank where Coinbase stores their cold wallets is much tougher.

(*) Although, perhaps less of a fat target than you might think, as they surely don't store all their BTC in a single location.

Breaking into your house is trivial, but breaking into a house where there are 20BTC stored in an unencrypted wallet is pretty much astronomical odds..... there'd be less variance for the burgler breaking into 20 houses and stealing diamond rings.  As long as you're not advertising your real name and location in conjunction with your BTC address, I see no reason why this is something that one would reasonably fear.  (If you live in a high-crime area where break-ins commonly occur, and a computer is a likely candidate to be stolen just for its street value, you should make a copy of your encrypted private keys and put the copy somewhere safe, so if your computer is stolen then you will be able to recover them quickly and transfer the BTC to a new address.*) Whereas you can bet that there are literally hundreds of hackers (some intelligent, some not so much) trying to crack Coinbase, et al. on a daily basis.

*Actually, this is a good idea just for general security purposes, including protection against hardware failures.

[copyfile]

Can someone explain how the payout queue works? I have set the minimum for payout to BTC0,015 and reached that so i will enter the payout queue. But there are people that are 'waiting' for more than a month now. How does this work? Do i really have to wait that long before payout?

[mdude77]

I don't understand what you're saying, then. What's the reason my PC is probably safer than an online bank? I'm not a security expert, or anything, whereas many of the people working for the online bank are.

I'm assuming we're talking about a reputable online bank, of course.

You're less of a target.  Unless you advertise yourself... "hey, I do x, y, and z to protect my 100btc!"  and your facebook page is in your sig.



M

[Luke-Jr]

BTC0,015

FYI: BTC is always a period as a fractional separator, even in locales where comma is used for fiat.
This is important for Bitcoin to function properly as an international currency.

[baddw]

Can someone explain how the payout queue works? I have set the minimum for payout to BTC0,015 and reached that so i will enter the payout queue. But there are people that are 'waiting' for more than a month now. How does this work? Do i really have to wait that long before payout?

No, the people who have been "waiting a month" have not actually been "waiting a month".  They were last paid a month ago.  There is a difference.  Maybe they have a low hashrate.  Maybe they set their payout minimum to be very high.

The payout queue prioritizes people based on how recently they have been paid.  If you were last paid 24h ago, then anybody who was last paid 24h:01m or more ago, will be ahead of you in the queue.

So it is a bit of a trade-off.  If you set your payout threshold high enough that you will only be paid once a week, you will generally find yourself at the front of the queue when you hit your threshold.  If you set your threshold low enough that you expect to get paid daily, then you could easily find yourself at the bottom of the queue.  From my observations of the queue, I believe that most Eligius miners have set their threshold to be around once a day, given their hashrate.  

Of course, a good number of miners have a low hashrate, and therefore it could take weeks or even months to hit the minimum payout threshold.  These people won't be paid frequently, but when they hit their threshold, they will probably be paid in the next block mined.

[anth0ny]

Yes, they're a big fat target. (*) But they spend many orders of magnitude more on security than I do.

Breaking into my house is trivial. Breaking into the bank where Coinbase stores their cold wallets is much tougher.

(*) Although, perhaps less of a fat target than you might think, as they surely don't store all their BTC in a single location.

Breaking into your house is trivial, but breaking into a house where there are 20BTC stored in an unencrypted wallet is pretty much astronomical odds..... there'd be less variance for the burgler breaking into 20 houses and stealing diamond rings.  As long as you're not advertising your real name and location in conjunction with your BTC address, I see no reason why this is something that one would reasonably fear.

The odds that are important are the odds that someone is going to break into my house and steal my computer.

They're not high, but they're not astronomically low, either.

But while we're on this subject, if I'm going to store BTC at home, it's going to be in a fire safe, not on a computer, anyway. The risk that my house is going to burn down is also not high, but not astronomically low, either.

(The chance that a house where there are 20BTC stored in an unencrypted wallet will burn down.... Well that's irrelevant.)

(If you live in a high-crime area where break-ins commonly occur, and a computer is a likely candidate to be stolen just for its street value, you should make a copy of your encrypted private keys and put the copy somewhere safe, so if your computer is stolen then you will be able to recover them quickly and transfer the BTC to a new address.) Whereas you can bet that there are literally hundreds of hackers (some intelligent, some not so much) trying to crack Coinbase, et al. on a daily basis.

If you're going to do that, why bother keeping them on the computer in the first place?

That said, I'd say it's still more likely someone is going to break into my house and steal my fire safe (pretending for the moment that I have one), than that someone is going to rob the safety deposit boxes where Coinbase stores their wallets.

[anth0ny]

Whereas you can bet that there are literally hundreds of hackers (some intelligent, some not so much) trying to crack Coinbase, et al. on a daily basis.

That's why they store more than 98% of their funds offline in cold wallets. Even if the entire contents of all the hot wallets at Coinbase got emptied, customers would probably lose nothing.