mayax (OP)
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
January 23, 2015, 06:19:12 PM |
|
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account. or you don't use Bitcoin for storing your funds. you convert it to cash and you can only keep a small amount just for speculating it
|
|
|
|
Beliathon
|
|
January 23, 2015, 08:20:45 PM Last edit: January 23, 2015, 08:32:44 PM by Beliathon |
|
OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP. If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/If you see a price above 0, cold storage can not be hacked.
|
|
|
|
mayax (OP)
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
January 23, 2015, 10:37:22 PM |
|
OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP. If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/If you see a price above 0, cold storage can not be hacked. well, you can say that you do not agree with me but why am I stupid? because I quoted a very intelligent man, Verbücheln? yes, anything can be backed including the shit cold wallet. this my opinion. Of course, I can have an opinion regarding to you, Beliathon too but I prefer to not say it in public Verbücheln said VERY clear how it can be done.
|
|
|
|
moriartybitcoin
|
|
January 23, 2015, 10:49:34 PM |
|
this is of course total bullshit
|
|
|
|
HarmonLi
Sr. Member
Offline
Activity: 350
Merit: 250
Honest 80s business!
|
|
January 23, 2015, 10:51:53 PM |
|
Not a real concern! It only affects systems whose way of generating the keys is already flawed! If you take a real entropy and solid hashing functions of deriving the private key, you're completely safe!
|
|
|
|
cheekychap
|
|
January 23, 2015, 11:34:46 PM |
|
Are all cold storages equally vulnerable or only the ones with the transactions ?
|
|
|
|
R2D221
|
|
January 23, 2015, 11:56:24 PM |
|
Are all cold storages equally vulnerable or only the ones with the transactions?
A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.
|
An economy based on endless growth is unsustainable.
|
|
|
PaulPierce
Member
Offline
Activity: 112
Merit: 10
|
|
January 24, 2015, 01:13:46 AM |
|
Are all cold storages equally vulnerable or only the ones with the transactions?
A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore. Yeah..!! turns into hot wallet I guess.!! Im not sure how the cold storage was hacked.!! some say they had left the key to it or something.!
|
¸,¤°^^°¤,¸..............¸,¤°^^°¤,¸..Cloud Mining Website..¸,¤°^^°¤,¸..............¸,¤°^^°¤,¸ ..............^°¤,¸¸,¤°^..............Start BTCitcoin Mining Instantly.............^°¤,¸¸,¤°^.............. 0.001 BTC/Ghs | Paying consistently since November 2014
|
|
|
mayax (OP)
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
January 24, 2015, 04:26:36 AM |
|
Are all cold storages equally vulnerable or only the ones with the transactions?
A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore. either ways, it is not safe
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
January 24, 2015, 04:47:09 AM |
|
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account. False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.
|
|
|
|
R2D221
|
|
January 24, 2015, 07:33:33 AM |
|
Are all cold storages equally vulnerable or only the ones with the transactions?
A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore. either ways, it is not safe If I create a private key using dice, and compute the public address manually ( yes, I'm that paranoid), how will you hack it? Please give me all the details.
|
An economy based on endless growth is unsustainable.
|
|
|
TCM
|
|
January 24, 2015, 08:27:27 AM |
|
If I create a private key using dice, and compute the public address manually ( yes, I'm that paranoid), how will you hack it? Please give me all the details. Since he doesn't even understand the article he linked to, that question should be viewed as purely rhetorical. "If you try all possible private keys, you can clean out ALL WALLETS IN EXISTENCE!!1 News at 11!"
|
|
|
|
Medow
|
|
January 24, 2015, 08:58:05 AM |
|
Hi:
Do you think that a 64 letter password phrase wallet is better than cold storage?
Is it possible to extract a private key or import my wallet to any program if i secure it with that kind of password?
|
|
|
|
TCM
|
|
January 24, 2015, 09:00:38 AM |
|
The length of your password doesn't matter if you have a keylogger on your machine. Nothing is more secure than a cold wallet. The key is using trusted software for the cold wallet.
|
|
|
|
XeloriA
Newbie
Offline
Activity: 16
Merit: 0
|
|
January 24, 2015, 11:09:41 AM |
|
huhu..thanks for the information
|
|
|
|
mayax (OP)
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
January 26, 2015, 02:28:13 AM |
|
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account. False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it. the online wallets are not safe
|
|
|
|
campycoin
|
|
January 26, 2015, 03:48:21 AM |
|
You need to create cold storage wallets and put maybe a bitcoin in each wallet. You do this when you are not connected to the internet of course. So, yes, you might need 10 wallets with 1btc each. Then when you need to spend, dump the entire 1btc into an online wallet and use it as pocket change or spending money.
It says in the OP that hackers get the info from one pay transaction... the thing is... you don't ever want to make more than one trx from your cold storage, otherwise yeah, you could get nipped. It is kinda like saying if you go to the ATM 6x a day, you probably have a better chance of getting robbed then if you went just once, right before you bought something
|
|
|
|
dsyahputera
|
|
January 26, 2015, 04:31:26 PM |
|
How about deep cold storage like this one provided by Xapo? Any comments? Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process. But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems. The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.
|
|
|
|
MrTeal
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
January 26, 2015, 04:53:20 PM |
|
How about deep cold storage like this one provided by Xapo? Any comments? Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process. But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems. The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.
That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
|
|
|
|
Lauda
Legendary
Offline
Activity: 2674
Merit: 2965
Terminated.
|
|
January 26, 2015, 05:54:53 PM |
|
That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'. The hack would be rather hard to deploy, especially on a larger base.
|
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion)
|
|
|
|