This forum is full of future millionaires

[Parazyd]

Online wallets are BAD.

[Raystonn]

Yes, traditional online wallets are very bad.  Bitgo is not one of these.

[piramida]

If there is a easy secure way to keep my coins then fill me in

http://www.bitgo.com is a multi-sig service.  Imagine a safe-deposit box.  There are 3 keys, and you need 2 of them to open the box.  Bitgo keeps only 1, so you are safe from their screw-ups.  But that one, along with a password hash approach to a key you have offers the safety of cold storage with the convenience of accessing your Bitcoins from any internet-connected device.

but that does not solve the problem of the user storing the private keys, which is the weak link. so it makes absolutely no sense, you can just as well store private key yourself and dont send any money to third party, because either way, if your bitgo keys are stolen, your bitcoins are, too.

You can store the private keys in a safe deposit box.  Yet you still can access your funds with one password plus Bitgo's key.  Safe and usable.

Does bitgo explain the user how to print out and save their secret key without it ever appearing on an internet-connected computer? I am afraid they don't, hardly possible.

In that sense, it's not much different from blockchain, which has a second pass. If the server is compromised / xss anything so that their part of the key can be used - only one user's key is needed to spend your money. So it is as secure as the server or the user, again, meaning, vulnerable.

[Raystonn]

Does bitgo explain the user how to print out and save their secret key without it ever appearing on an internet-connected computer? I am afraid they don't, hardly possible.

Yes, they do.  It's printed without being displayed to the screen.

In that sense, it's not much different from blockchain, which has a second pass. If the server is compromised / xss anything so that their part of the key can be used - only one user's key is needed to spend your money. So it is as secure as the server or the user, again, meaning, vulnerable.

Two keys are needed for the money to be spent.  This is multi-sig.  Please research before commenting.  This is not just a backup key.

[piramida]

Two keys are needed for the money to be spent.  This is multi-sig.  Please research before commenting.  This is not just a backup key.

Right, I need two keys to spend, so either I get both keys from the user, or hack user's browser to send a spend command with the stored key to the bitgo server (which conveniently adds their second key).

Don't get me wrong, I'm all for convinient solutions, people just need to understand that *any* online wallet is vulnerable to theft, because the server, your machine, and connection between them are all weak links.

It is ok to keep some change on bitgo or blockchain or coinbase, any 2FA wallet basically, but they don't approach cold storage in terms of deposit security.

[Raystonn]

Two keys are needed for the money to be spent.  This is multi-sig.  Please research before commenting.  This is not just a backup key.

Right, I need two keys to spend, so either I get both keys from the user, or hack user's browser to send a spend command with the stored key to the bitgo server (which conveniently adds their second key)

Both keys from the user: That would require accessing his safe deposit box.

Hack user's browser to capture the password: That would require accessing the 2FA code sent to your mobile phone.  If you saw the code sent to your phone and you didn't initiate a spend, you'd know your password was compromised.  You'd move to a new wallet immediately.  The hacker wouldn't be able to do anything before you could move to the new wallet as he'd need that code.

[piramida]

Two keys are needed for the money to be spent.  This is multi-sig.  Please research before commenting.  This is not just a backup key.

Right, I need two keys to spend, so either I get both keys from the user, or hack user's browser to send a spend command with the stored key to the bitgo server (which conveniently adds their second key)

Both keys from the user: That would require accessing his safe deposit box.

Hack user's browser to capture the password: That would require accessing the 2FA code sent to your mobile phone.  If you saw the code sent to your phone and you didn't initiate a spend, you'd know your password was compromised.  You'd move to a new wallet immediately.  The hacker wouldn't be able to do anything before you could move to the new wallet as he'd need that code.

Oh, they also use phone 2FA? That would be interesting, but I didn't see anything about that in the settings. Anyway, if you are paying from the phone sms is not an answer too, there were already real world cases of bitcoin hesists from compromised phones where both 2FA and wallet were on the same device.

[Raystonn]

Two keys are needed for the money to be spent.  This is multi-sig.  Please research before commenting.  This is not just a backup key.

Right, I need two keys to spend, so either I get both keys from the user, or hack user's browser to send a spend command with the stored key to the bitgo server (which conveniently adds their second key)

Both keys from the user: That would require accessing his safe deposit box.

Hack user's browser to capture the password: That would require accessing the 2FA code sent to your mobile phone.  If you saw the code sent to your phone and you didn't initiate a spend, you'd know your password was compromised.  You'd move to a new wallet immediately.  The hacker wouldn't be able to do anything before you could move to the new wallet as he'd need that code.

Oh, they also use phone 2FA? That would be interesting, but I didn't see anything about that in the settings. Anyway, if you are paying from the phone sms is not an answer too, there were already real world cases of bitcoin hesists from compromised phones where both 2FA and wallet were on the same device.

The answer there is not to enter the password from the 2FA device.  Login from another computer or phone.  To do otherwise defeats the meaning of "2 Factor".

[HurricanOday]

yea I'm even more confused with the last page of posts and that is why I will probably be keeping all my coins in/at Coinbase.

[piramida]

yea I'm even more confused with the last page of posts and that is why I will probably be keeping all my coins in/at Coinbase.

You must understand then that you don't actually own them. Same as money in the bank. Read about mtGox. When you dont own the private key of your address, you don't have the coins.

[pinksheep]

I'm thinking of taking a huge fucking loan but i'm kinda afraid that my money will get stuck in limbo somewhere/scammed.

I too am worried that my BTC will be stolen. I keep worrying that my private keys will be bruteforced.

You're still stuck on this?

Why? 

It's completely illogical. I explained the math to you in detail and why it's for all intents and purposes impossible.

I understand what you explained to me, but the one thing that still bothers me is this. As an example, if I told you my password, key etc to something was 6 digits long & that those 6 digits were all between 1-6, you'd be able to work it out a lot quicker than if I told you there were 6 digits chosen randomly from all across the computer keyboard. Surely the same would apply for a bitcoin private key - a supercomputer would more easily bruteforce keys made from the throw of a dice, than those made from any keyboard key. Am I wrong? I hope I am.

[MICRO]

Online wallets are BAD.

Actually they are great to use them as hot wallets (fast wallets) , and small amounts.
They are much faster. No need to waitvfor sync. Ajd if u do 2fa they are pretty safe to. But ofc always save ur keys.

[Parazyd]

Online wallets are BAD.

Actually they are great to use them as hot wallets (fast wallets) , and small amounts.
They are much faster. No need to waitvfor sync. Ajd if u do 2fa they are pretty safe to. But ofc always save ur keys.

Electrum doesn't need syncing...

[Ibian]

Online wallets are BAD.

Actually they are great to use them as hot wallets (fast wallets) , and small amounts.
They are much faster. No need to waitvfor sync. Ajd if u do 2fa they are pretty safe to. But ofc always save ur keys.

Electrum doesn't need syncing...

Nor multibit. It's not realistic to expect everyone to download dozens of gigabytes and hundreds of megs every day going forward. The future is light wallets that go through big nodes.

[jonald_fyookball]

I'm thinking of taking a huge fucking loan but i'm kinda afraid that my money will get stuck in limbo somewhere/scammed.

I too am worried that my BTC will be stolen. I keep worrying that my private keys will be bruteforced.

You're still stuck on this?

Why? 

It's completely illogical. I explained the math to you in detail and why it's for all intents and purposes impossible.

I understand what you explained to me, but the one thing that still bothers me is this. As an example, if I told you my password, key etc to something was 6 digits long & that those 6 digits were all between 1-6, you'd be able to work it out a lot quicker than if I told you there were 6 digits chosen randomly from all across the computer keyboard. Surely the same would apply for a bitcoin private key - a supercomputer would more easily bruteforce keys made from the throw of a dice, than those made from any keyboard key. Am I wrong? I hope I am.

Yes, you are wrong!

Like I said before, it doesn't matter if the key is derived from coinflips, dice rolls, or characters.
2^160 is the same size as 6^64... Is the same size as 10^49.... Is the same thing as 62^28.
In the end it's all the same huge number of combinations.....and when you really break things down
Inside how computers work, it's all 0 and 1 at the end of the day.

Since you seem to have trouble grasping this, imagine your password was only 2 characters  long, from a possible choice of 62 chars (26 uppercase letters, 26 lowercase and digits 0-9).  Your total combinations would be 62x62. That's 3844.  Now imagine I also offered you instead, the choice of 5 dice rolls.  That's 6x6x6x6x6.  That's 7776 combinations.  Almost double than with the characters.

[Parazyd]

Online wallets are BAD.

Actually they are great to use them as hot wallets (fast wallets) , and small amounts.
They are much faster. No need to waitvfor sync. Ajd if u do 2fa they are pretty safe to. But ofc always save ur keys.

Electrum doesn't need syncing...

Nor multibit. It's not realistic to expect everyone to download dozens of gigabytes and hundreds of megs every day going forward. The future is light wallets that go through big nodes.

Yes. Especially the people who aren't so good with computers.
We that know more don't mind using bitcoin-qt

[pinksheep]

I'm thinking of taking a huge fucking loan but i'm kinda afraid that my money will get stuck in limbo somewhere/scammed.

I too am worried that my BTC will be stolen. I keep worrying that my private keys will be bruteforced.

You're still stuck on this?

Why?  

It's completely illogical. I explained the math to you in detail and why it's for all intents and purposes impossible.

I understand what you explained to me, but the one thing that still bothers me is this. As an example, if I told you my password, key etc to something was 6 digits long & that those 6 digits were all between 1-6, you'd be able to work it out a lot quicker than if I told you there were 6 digits chosen randomly from all across the computer keyboard. Surely the same would apply for a bitcoin private key - a supercomputer would more easily bruteforce keys made from the throw of a dice, than those made from any keyboard key. Am I wrong? I hope I am.

Yes, you are wrong!

Like I said before, it doesn't matter if the key is derived from coinflips, dice rolls, or characters.
2^160 is the same size as 6^64... Is the same size as 10^49.... Is the same thing as 62^28.
In the end it's all the same huge number of combinations.....and when you really break things down
Inside how computers work, it's all 0 and 1 at the end of the day.

Since you seem to have trouble grasping this, imagine your password was only 2 characters  long, from a possible choice of 62 chars (26 uppercase letters, 26 lowercase and digits 0-9).  Your total combinations would be 62x62. That's 3844.  Now imagine I also offered you instead, the choice of 5 dice rolls.  That's 6x6x6x6x6.  That's 7776 combinations.  Almost double than with the characters.

But if my password was only 3 digits made from the numbers 1-6, anybody could crack it with a pen & paper, but if it was made from every character on the keyboard, it would be a LOT harder for them to do so. Do you see what I mean? But I trust what you're saying, so I won't generate new addresses; my BTC have been in there over 2 months so far & haven't been stolen. Let's hope it stays that way. I presume your phrase 'inside how computers work, it's all 0 and 1' may be the bit I don't understand. I've never had a computer lesson in my life!

[jonald_fyookball]

You're right that more choices (characters vs dice rolls) give you more combinations given the same exponent.  But that's why you roll the dice 64 times. It's a heck of a lot of combinations.

Why not roll the dice 1000 times?  Because 64 is all you need.  There's only 6^64 bit coin addresses!

[piramida]

You're right that more choices (characters vs dice rolls) give you more combinations given the same exponent.  But that's why you roll the dice 64 times. It's a heck of a lot of combinations.

Why not roll the dice 1000 times?  Because 64 is all you need.  There's only 6^64 bit coin addresses!

and to put it in perspective, amount of different 64 dice roll combinations is approximately equal to the number of atoms comprising our planet earth. so imagine you hide your wallet as one atom somewhere inside the planet's core and sleep well.

[keithers]

I would tend to agree that this forum has quite a few millionaires, or future millionaires (at least).  Not necessarily saying that they will be a millionaire due to BTC alone, but mainly because most of the people that have had the foresight to put a decent amount of money into this (as early as possible), are also very active in making their other money "work for them."

I would go out on a limb and say that at least 80-90% of the people here that have 15k or more invested in BTC, also have several other investments going on at the same time (i.e. real estate, precious metals, stocks, annuities, etc).

And...if they haven't already done that, then investing in BTC has opened their eyes in investing in other markets.