[XMR] Monero - A secure, private, untraceable cryptocurrency

[phishead]

I know I should know how too... but how do I use moneroaddress.org offline.  Is there someway to download it onto a USB and stick it onto a computer that's offline?

Well I think the easiest way would be just to go to moneroaddress.org, to unplug the internet connection and to be sure that computer does not connect by itself to any other wifi, to click the create wallet button, to print the page with mnemonic seed, public address, spend key, view key and such, delete browser history and data, close the browser and restart the whole computer.

I am quite paranoid, so I boot my machine from Ubuntu DVD which cannot contain any malware, hopefully, and do the rest like described above. I also use a very simple printer which has no wifi and has just a very little memory to store any data. So I use very cheap printer. Which is great.

Good method. Slightly better would be a custom DVD with just a trusted OS and the moneroaddress page. You would not need to connect to the internet at all.

So you can take any old blank DVD laying around and burn these programs on there? Or maybe a flash drive?  What if the computer has been connected to the internet for a long time?

Also how would you go about monitoring your wallet and seeing what your account balance is, spend it, etc.?

[1714980569]

1714980569

[1714980569]

1714980569

[saddambitcoin]

Yes, you can burn a live OS onto a DVD. Something like Tails could be a good option (https://tails.boum.org/). It wouldn't matter if the computer had been connected to the internet before, the OS runs entirely off of the DVD and does not write any data to persistent media (unless you explicitly make it do so).

[smooth]

I know I should know how too... but how do I use moneroaddress.org offline.  Is there someway to download it onto a USB and stick it onto a computer that's offline?

Well I think the easiest way would be just to go to moneroaddress.org, to unplug the internet connection and to be sure that computer does not connect by itself to any other wifi, to click the create wallet button, to print the page with mnemonic seed, public address, spend key, view key and such, delete browser history and data, close the browser and restart the whole computer.

I am quite paranoid, so I boot my machine from Ubuntu DVD which cannot contain any malware, hopefully, and do the rest like described above. I also use a very simple printer which has no wifi and has just a very little memory to store any data. So I use very cheap printer. Which is great.

Good method. Slightly better would be a custom DVD with just a trusted OS and the moneroaddress page. You would not need to connect to the internet at all.

So you can take any old blank DVD laying around and burn these programs on there? Or maybe a flash drive?  What if the computer has been connected to the internet for a long time?

Also how would you go about monitoring your wallet and seeing what your account balance is, spend it, etc.?

Flash drive is writable, so in theory malware could infiltrate and maliciously store your wallet there. Best is to create the wallet on hardware with no persistent storage at all, but that is difficult to achieve in practice since there is flash firmware in most hardware.

In practice creating a USB stick with OS and the wallet generator, then booting on an offline system is probably good enough. For extra paranoia, completely wipe the stick before plugging it back into an online system for reuse. A burned DVD would be slightly better.

For monitoring payments to the wallet you can use a view key wallet. The goal of this method overall would be for long-term storage, so it would be unspendable. To (eventually) spend you would generally restore the wallet to an online system (then no longer consider the wallet suitable for long term storage). We're working on methods to sign transactions offline, but its not really usable yet.

[dEBRUYNE]

I know I should know how too... but how do I use moneroaddress.org offline.  Is there someway to download it onto a USB and stick it onto a computer that's offline?

Well I think the easiest way would be just to go to moneroaddress.org, to unplug the internet connection and to be sure that computer does not connect by itself to any other wifi, to click the create wallet button, to print the page with mnemonic seed, public address, spend key, view key and such, delete browser history and data, close the browser and restart the whole computer.

I am quite paranoid, so I boot my machine from Ubuntu DVD which cannot contain any malware, hopefully, and do the rest like described above. I also use a very simple printer which has no wifi and has just a very little memory to store any data. So I use very cheap printer. Which is great.

Good method. Slightly better would be a custom DVD with just a trusted OS and the moneroaddress page. You would not need to connect to the internet at all.

So you can take any old blank DVD laying around and burn these programs on there? Or maybe a flash drive?  What if the computer has been connected to the internet for a long time?

Also how would you go about monitoring your wallet and seeing what your account balance is, spend it, etc.?

Flash drive is writable, so in theory malware could infiltrate and maliciously store your wallet there. Best is to create the wallet on hardware with no persistent storage at all, but that is difficult to achieve in practice since there is flash firmware in most hardware.

In practice creating a USB stick with OS and the wallet generator, then booting on an offline system is probably good enough. For extra paranoia, completely wipe the stick before plugging it back into an online system for reuse . A burned DVD would be slightly better.

For monitoring payments to the wallet you can use a view key wallet. The goal of this method overall would be for long-term storage, so it would be unspendable. To (eventually) spend you would generally restore the wallet to an online system (then no longer consider the wallet suitable for long term storage). We're working on methods to sign transactions offline, but its not really usable yet.

Or just burn (no pun intended) it and buy a new one, USB sticks aren't that expensive anymore nowadays.

Best advice is probably to, in case of using an USB stick to generate an offline wallet, never bring it back online again.

[smooth]

I know I should know how too... but how do I use moneroaddress.org offline.  Is there someway to download it onto a USB and stick it onto a computer that's offline?

Well I think the easiest way would be just to go to moneroaddress.org, to unplug the internet connection and to be sure that computer does not connect by itself to any other wifi, to click the create wallet button, to print the page with mnemonic seed, public address, spend key, view key and such, delete browser history and data, close the browser and restart the whole computer.

I am quite paranoid, so I boot my machine from Ubuntu DVD which cannot contain any malware, hopefully, and do the rest like described above. I also use a very simple printer which has no wifi and has just a very little memory to store any data. So I use very cheap printer. Which is great.

Good method. Slightly better would be a custom DVD with just a trusted OS and the moneroaddress page. You would not need to connect to the internet at all.

So you can take any old blank DVD laying around and burn these programs on there? Or maybe a flash drive?  What if the computer has been connected to the internet for a long time?

Also how would you go about monitoring your wallet and seeing what your account balance is, spend it, etc.?

Flash drive is writable, so in theory malware could infiltrate and maliciously store your wallet there. Best is to create the wallet on hardware with no persistent storage at all, but that is difficult to achieve in practice since there is flash firmware in most hardware.

In practice creating a USB stick with OS and the wallet generator, then booting on an offline system is probably good enough. For extra paranoia, completely wipe the stick before plugging it back into an online system for reuse . A burned DVD would be slightly better.

For monitoring payments to the wallet you can use a view key wallet. The goal of this method overall would be for long-term storage, so it would be unspendable. To (eventually) spend you would generally restore the wallet to an online system (then no longer consider the wallet suitable for long term storage). We're working on methods to sign transactions offline, but its not really usable yet.

Or just burn (no pun intended) it and buy a new one, USB sticks aren't that expensive anymore nowadays.

Best advice is probably to, in case of using an USB stick to generate an offline wallet, never bring it back online again.

Good point. But again, we are talking about maximum paranoia mode here. Not necessarily what is needed for storage of moderate amounts by someone who isn't a huge target. Many individual failures have to happen for a wallet you generated and didn't even save to become compromised in this manner, but it is possible. Securing private keys, especially when high value, is serious business.

[nioc]

Of course I don't understand any of this which then results in fear, uncertainty and doubt on my part.

How about something I know?  I have the seeds to my wallets safely stored.  What if I delete my wallets and restore them from seed when needed?

[dEBRUYNE]

Of course I don't understand any of this which then results in fear, uncertainty and doubt on my part.

How about something I know?  I have the seeds to my wallets safely stored.  What if I delete my wallets and restore them from seed when needed?

You will still have all your coins, don't worry :-) When one restores his seed, simplewallet basically scans the blockchain from scratch looking for transactions that belong to your address (which is coupled to your seed). Therefore, if you restore your seed it will show the same balance as you have now.

[nioc]

Of course I don't understand any of this which then results in fear, uncertainty and doubt on my part.

How about something I know?  I have the seeds to my wallets safely stored.  What if I delete my wallets and restore them from seed when needed?

You will still have all your coins, don't worry :-) When one restores his seed, simplewallet basically scans the blockchain from scratch looking for transactions that belong to your address (which is coupled to your seed). Therefore, if you restore your seed it will show the same balance as you have now.

Then what is this talk about other more secure methods?  Again I don't understand the more secure methods or what situations they should be used for.

I guess my original question was, how does deleting a wallet created by "normal" means compare to the methods discussed above?

[dEBRUYNE]

Of course I don't understand any of this which then results in fear, uncertainty and doubt on my part.

How about something I know?  I have the seeds to my wallets safely stored.  What if I delete my wallets and restore them from seed when needed?

You will still have all your coins, don't worry :-) When one restores his seed, simplewallet basically scans the blockchain from scratch looking for transactions that belong to your address (which is coupled to your seed). Therefore, if you restore your seed it will show the same balance as you have now.

Then what is this talk about other more secure methods?  Again I don't understand the more secure methods or what situations they should be used for.

I guess my original question was, how does deleting a wallet created by "normal" means compare to the methods discussed above?

Could you first describe to me how you normally create a wallet? If I know that, I could elaborate on the other methods described and what their advantages and disadvantages are.

[nioc]

Of course I don't understand any of this which then results in fear, uncertainty and doubt on my part.

How about something I know?  I have the seeds to my wallets safely stored.  What if I delete my wallets and restore them from seed when needed?

You will still have all your coins, don't worry :-) When one restores his seed, simplewallet basically scans the blockchain from scratch looking for transactions that belong to your address (which is coupled to your seed). Therefore, if you restore your seed it will show the same balance as you have now.

Then what is this talk about other more secure methods?  Again I don't understand the more secure methods or what situations they should be used for.

I guess my original question was, how does deleting a wallet created by "normal" means compare to the methods discussed above?

Could you first describe to me how you normally create a wallet? If I know that, I could elaborate on the other methods described and what their advantages and disadvantages are.

On my one and only windows 8.1 computer that I use for everything, I open simplewallet and type a wallet name and a wallet is created. I choose a password/phrase and a seed is created in my language of choice.

In 15 years using windows computers I only got 1 positive report of some insignificant virus or malware.

[dEBRUYNE]

Of course I don't understand any of this which then results in fear, uncertainty and doubt on my part.

How about something I know?  I have the seeds to my wallets safely stored.  What if I delete my wallets and restore them from seed when needed?

You will still have all your coins, don't worry :-) When one restores his seed, simplewallet basically scans the blockchain from scratch looking for transactions that belong to your address (which is coupled to your seed). Therefore, if you restore your seed it will show the same balance as you have now.

Then what is this talk about other more secure methods?  Again I don't understand the more secure methods or what situations they should be used for.

I guess my original question was, how does deleting a wallet created by "normal" means compare to the methods discussed above?

Could you first describe to me how you normally create a wallet? If I know that, I could elaborate on the other methods described and what their advantages and disadvantages are.

On my one and only windows 8.1 computer that I use for everything, I open simplewallet and type a wallet name and a wallet is created. I choose a password/phrase and a seed is created in my language of choice.

In 15 years using windows computers I only got 1 positive report of some insignificant virus or malware.

The problem with bolded is that it is sufficient until it isn't, to the extent that one simple virus already has the possibility to steal your coins. Offline / cold wallets are created such that the coins only could get stolen by physical access. In other words, they are safe for any kind of virus / malware. Also, using your daily computer to create wallets makes you more prone to attacks. If you want I could explain to you how to make a secure cold wallet, so that you would never have to worry about your coins.

[nioc]

I know cold/view only wallets have been discussed before but I have no idea how to find that info.

Nothing ever detected on this comp.

But when I go to use a securely generated cold wallet aren't I at the same risk when I go to use it?

If I have created a wallet as I mentioned and then delete it while keeping the seed, is that comparable to a cold wallet?(assuming the comp is not infected)

I guess the possibility of infection the crux of the matter?  (I hear ArticMine's voice in my head)  How do you use any wallet in a secure way?

I guess it depends on what level of paranoia is used.  How about a reasonable one



Better yet, what if I just store all my Moneroj at MoneroDice?

[phishead]

Of course I don't understand any of this which then results in fear, uncertainty and doubt on my part.

How about something I know?  I have the seeds to my wallets safely stored.  What if I delete my wallets and restore them from seed when needed?

You will still have all your coins, don't worry :-) When one restores his seed, simplewallet basically scans the blockchain from scratch looking for transactions that belong to your address (which is coupled to your seed). Therefore, if you restore your seed it will show the same balance as you have now.

Then what is this talk about other more secure methods?  Again I don't understand the more secure methods or what situations they should be used for.

I guess my original question was, how does deleting a wallet created by "normal" means compare to the methods discussed above?

Could you first describe to me how you normally create a wallet? If I know that, I could elaborate on the other methods described and what their advantages and disadvantages are.

That would actually be awesome of you to write how tp store cold wallets for the multiple ways of doing it, and writing the pros and cons of each method. I'm still clueless.

[lebing]

Have you guys seen z.cash? Any thoughts on the differences in the codebase between that and Monero?

[GingerAle]

Have you guys seen z.cash? Any thoughts on the differences in the codebase between that and Monero?

https://www.reddit.com/r/Monero/comments/41vg68/monero_vs_zcash_eli5_fundamental_differences/

one is a cryptocurrency, the other is a taco cat, which is a palindrome. You get to decide.

[lebing]

Have you guys seen z.cash? Any thoughts on the differences in the codebase between that and Monero?

https://www.reddit.com/r/Monero/comments/41vg68/monero_vs_zcash_eli5_fundamental_differences/

one is a cryptocurrency, the other is a taco cat, which is a palindrome. You get to decide.

perfect. thank you

[jwinterm]

New version of LightWallet available: v0.2
https://github.com/jwinterm/LightWallet2
https://github.com/jwinterm/LightWallet2/releases

Now written in Java using Libgdx library, designed to work with Monero release v0.9.x.

To run:

• Download binary (jar or exe for windows).
• Put in same directory as simplewallet (and if on windows libeay32.dll, libwinpthread-1.dll, and ssleay32.dll).
• Import wallet or create new wallet following instructions in program (following instructions in program).
• Use default remote node or swith to http://localhost:18081 if running your own bitmonerod.
• Try to let wallet sync before closing for the first time.

You shouldn't be in any danger of losing coins, as you will either import a keys file or seed, or create a completely new wallet and then delete/encrypt the sensitive information.

There seems to be a possible issue in counting previous transactions in a wallet file. If your unlocked and locked balance are green in the wallet tab, those are the numbers you should trust, and if they're green it should be OK to send a transaction.

It can take quite some time to sync a wallet, especially an old wallet with lots of txs on a crappy computer using a remote node - it might take up to several hours.

Please let me know if you have any issues, by posting issues on github, PM here, PM on forum.getmonero.org, here: https://bitcointalk.org/index.php?topic=903579.0, or here: https://forum.getmonero.org/20/general-discussion/166/lightwallet-a-lightweight-monero-gui-account-manager

Thanks for checking it out

[pallas]

Hello! I've been away from this thread for long, sorry if I'm posting boring stuff now.
I've started mining xmr again (for the fun of it).
I'm using Wolf0's opensource miner and stock clocks.
Getting 678 H/s on 290x and 687 H/s on Fury, are these good hashrates?

[mutovin]

Hello. I sent to poloniex.com from the purse of xmr, I sent with mixin 0, earlier always so I sent. And mixin 6 was necessary. Transaction of not confirmed yet (https://minergate.com/blockchain/mro/transaction/f9e2551e60ec55c0caca725dd07c6e23c48175398387edfc35289f369d2cea08). It will be confirmed? or what to do?

That transaction probably will not confirm because it is too large. The first 0.9 release had that problem which was fixed in 0.9.1

You should try rescan_spent which may recover the funds back to your wallet and you can send them again after upgrading to the 0.9.1 release

If that doesn't work, check back here.

]: rescan_spent
Error: this command requires a trusted daemon. Enable with --trusted-daemon
what to do?

Restart simplewallet with --trusted-daemon added to the command line. That means simplewallet may send private data to the daemon (needed for rescan_spent), so your privacy could be compromised if using a remote daemon. If you are using your own deamon, this is nothing to worry about.

I made rescan_spent, xmr were reflected in a purse, was updated till 0-9-1-0, in attempt to send xmr wrote Error: transaction <feb341ebc7e9ed474ee1041a61dd82a67152f5ba07c6f2bc10f8cb8f8e1d2d93> was rejected by daemon with status: Failed, made once again rescan_spent, writes again that on balance these coins aren't present, and in show_transfers there is pending out 113.800000000000 f9e2551e60ec55c0caca725dd07c6e23c48175398387edfc35289f369d2cea08 0000000000000000 0.340000000000 how to return them? or to make that reached the destination?

[dEBRUYNE]

Have you guys seen z.cash? Any thoughts on the differences in the codebase between that and Monero?

I'll quote myself again:

I'll just quote myself again:

Relevant post of Monero vs Zcash. There was also a discussion on reddit, most of it is the same though.

https://www.reddit.com/r/Monero/comments/41vg68/monero_vs_zcash_eli5_fundamental_differences

Also, st0at check the last quote where IP obfuscation is mentioned.

zcash alpha has been launched

https://github.com/Electric-Coin-Company/zcash

http://www.wired.com/2016/01/zcash-an-untraceable-bitcoin-alternative-launches-in-alpha/

I'll just copy my reddit comment here:

I've made this list earlier:

List of possible pitfalls wrt ZeroCash/ZeroCoin:

[1] If ZeroCash/ZeroCoin is launched on behalf of a company, which seems the case here, the company can be given a gag order (e.g. to add a line of malicious code).

[2] If I recall correctly, the creator of the genesis block holds some kind of masterkey. As a result, you have to trust this person. Even if this key was held by a group, you still have to trust that particular group. In addition, you have to trust the program they run to create the Genesis block (the masterkey could be in there).

[3] It's too opaque in my opinion. If a bug existed that would create additional coins, there is no way you would see it.

[4] The math and cryptography backing it isn't peer reviewed yet and in an infancy stage.

[1] seems to be confirmed. They will be launching as a for profit company, see:

For its first four years online, a portion of every mined Zcash coin will go directly to Wilcox’s Zcash company

This could also invoke some legal issues, since they are basically not a decentralid currency and bear in mind they are **US** based (http://www.bizapedia.com/de/THE-ZEROCOIN-ELECTRIC-COIN-COMPANY-LLC.html). Just remember what happened with Ripple.

Basically, with Ring Confidential Transactions included in Monero it's basically pepsi vs coke (thanks to u/smooth_xmr for this analogy), where both have their advantages and disadvantages.

P.S. They are currently only on testnet, the "real-version" is at least 6 months away.

P.P.S. It seems like they transactions are also quit inefficient compared to Monero's. See this description on how to get from the basecoins (the transparent ones) to the zerocoins (anonymous ones):

This operation (called a pour) might take a minute or two depending on your hardware. It is producing a zero-knowledge proof. (This operation's performance will be improved in the coming months.)

Shen Noether (aka NobleSir), who is obviously more knowledgeable about this subject than me, also made a comparison on reddit:

I've done a little bit of comparison in the Ring CT paper / you can also look here for some facts on zcash- there are a few I've seen so far

[1] Setup: Monero (Trustless) vs Zerocash (Must Trust zcash company)

[2] Proof Generation: Monero (100's second ) vs Zcash (1/minute)

[3] Algorithm auditability: Monero (a decent number of people seem to understand ring signatures and confidential transactions) vs Zerocash (I'm not sure how many people actually understand the proofs besides the small group of authors) - although this point is certainly subjective.

[4] Poison-pill attack vulnerability: Monero (attacker would need 51%) vs Zerocash Vulnerable, (see zerocash extended paper section 6.4

[5] Anonymity set: Monero (although the zcash proponents note that a ring signature is a "smaller" anonymity set, they usually don't mention that the stealth address factor actually means that each transaction is masked, whereas the ring signatures provide additional plausible liability, furthermore, since keys appear in different ring signatures in different blocks in time, the anonymity set for when a given key is spent grows infinitely, and could eventually grow larger than the zcash anonymity set at any fixed instant in time) vs Zcash (anonymity set is the entire blockchain )

[6]Anonymous Multisig: Monero (yes! see "written up" link on ring ct sticky, this could make things like lightning potentially possible ) vs Zerocash (?)

[7] Mining: Monero (has it's own strongly decentralized mining process) vs Zerocash protocol from the paper lacks it's own mining (it's essentially just a distributed anonymous database), so there must be another coin which is mined to convert to zerocash tokens

--note that point 4. is an actual potential compromise of anonymity, which contradicts some of the statements the zerocash team has made.
.
Other Differences are slight: Slight differences in transaction size - however Monero transactions should end up being a bit larger when transmitted, but cost less in terms of storage (their eventual block-chain cost will be approximately 32 bytes* (n+1) where n is mixin + epsilon, where epsilon is the current tx size - ring signatures (Note in the recent Ring CT drafts, there is pruning mentioned for the range proofs, see the "written up" link)

https://www.reddit.com/r/Monero/comments/41vg68/monero_vs_zcash_eli5_fundamental_differences/cz63pqw

And:

TPTB_need_war has repeatedly been stating that Zerocash does not need IP obfuscation and therefore is not subject to I2P/TOR, which are, in his opinion, flawed.

However, it seems like Zerocash actually needs IP obfuscation as well and they seem to go with TOR, see -> https://twitter.com/ioerror/status/689958030859960321

I took out this excerpt from the discussion in this thread -> https://bitcointalk.org/index.php?topic=1139756.msg13623846#msg13623846 (starting point).

Look way back in 2014 when you launched Monero, I told you smooth and fluffypony that IP address correlation was the weakness. Fluffypony proceed to try to integrate I2P. I warned you all many times that was not an adequate direction. But you wouldn't listen.

I2P, and even somewhat Tor, is perceived as adequate by 99% of the market. The remaining 1% may be smarter but isn't obviously much of a market at all. Very niche-y.

By the speculators because they are clueless.

But the corporations do not use darknets. They want privacy on the block chain, like we have disk encryption. Mention dark nets, illegal drug trade, etc, and they won't touch it with a 100 foot pole.

I would guess that many corporations do use Tor now for certain things. I2P will be integrated and invisible. No one will know or care how it works, except that the obvious network level vulnerabilities having to do with broadcasting transactions will be removed, and it will pass routine (though not intelligence agency level) technical muster for being private sufficient to satisfy most of the market. That's my opinion, and you are welcome to disagree.

Zerocash still needs IP obfuscation for a lot of private usages in practice too. They acknowledge it in the paper.

Zerocash does not need IP obfuscation when all the transactions are in the private zerocoins. Cite the section of the paper. I think you must be misunderstanding something. You are probably conflating the use of the regular non-anonymous coins mentioned in the paper.

Here you are making excuses again. Corporations are not going to trust unprovable shit. And moreover, mixnets are always vulnerable to flood attacks. They are very, very unreliable. Not only do I disagree, but I also think you are ignoring basic fundamental realities about the technologies.

Edit: arguing for Tor/I2P is akin to arguing for Dash's off chain mixing. Now look in the mirror and remember your arguments for End-to-End Principled ring sigs (versus off chain mixing) and realize the same logic applies to why Zerocash is superior to using off chain mixnets. Hypocrite.

Edit#2: okay I see the section you are referring to:

6.4 Additional anonymity considerations
Zerocash only anonymizes the transaction ledger. Network trac used to announce transactions,
retrieve blocks, and contact merchants still leaks identifying information (e.g., IP addresses). Thus
users need some anonymity network to safely use Zerocash. The most obvious way to do this is
via Tor [DMS04]. Given that Zerocash transactions are not low latency themselves, Mixnets (e.g.,
Mixminion [DDM03]) are also a viable way to add anonymity (and one that, unlike Tor, is not as
vulnerable to trac analysis). Using mixnets that provide email-like functionality has the added
benet of providing an out-of-band notication mechanism that can replace
Receive
.
Additionally, although in theory all users have a single view of the block chain, a powerful
attacker could potentially fabricate an additional block
solely
for a targeted user. Spending any
coins with respect to the updated Merkle tree in this \poison-pill" block will uniquely identify the
targeted user. To mitigate such attacks, users should check with trusted peers their view of the
block chain and, for sensitive transactions, only spend coins relative to blocks further back in the
ledger (since creating the illusion for multiple blocks is far harder).

I will need to understand this attack better. Seems to me they are saying that you need to spend from a block where your pour transaction was the only transaction in the block. But the user would I think know this and thus not spend the coin any more. Thus I believe the anonymity remains provable without the use of any mixnet. I will need to understand this more deeply to be sure.

Bear in mind that I2P will be integrated in Monero, but you can always choose to run Monero over TOR if you want.