teflone
|
|
July 22, 2012, 11:08:25 PM |
|
I originally mentioned a fold as a norm..
once folded it hides a QR private key underneath.. as opposed to having a private key QR on both sides..
So, a folded bill would be in practive, the defacto way of carrying it..
|
|
|
|
|
|
|
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
da2ce7
Legendary
Offline
Activity: 1222
Merit: 1016
Live and Let Live
|
|
July 22, 2012, 11:17:44 PM |
|
just fold the bill in half when handling it. (maybe write on the backside of the bill how much it is worth, in pencil.).
|
One off NP-Hard.
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 23, 2012, 12:48:15 AM |
|
The stitching would require additional work and could not be AUTO DECRYPTED using built in QR software. So accidental spends would be somewhat avoided.
Think of it as a PIN to a debit card. Requires a little WORK to spend the money.
Unless I am completely off track.
Thoughts Mike?
I think this is a little bit like putting alarms on shoes to stop you from tying them together. But I could be totally wrong, it remains to be seen how it works out in practice. I guess it could be that I use a wallet and my cash is usually out of sight, but surely others don't and will have a different set of problems than me. I can say I would be impatient in the checkout line if the person ahead of me was having difficulty paying because he didn't cut or fold his bill just right.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 23, 2012, 01:29:23 AM |
|
The stitching would require additional work and could not be AUTO DECRYPTED using built in QR software. So accidental spends would be somewhat avoided.
Think of it as a PIN to a debit card. Requires a little WORK to spend the money.
Unless I am completely off track.
Thoughts Mike?
I think this is a little bit like putting alarms on shoes to stop you from tying them together. But I could be totally wrong, it remains to be seen how it works out in practice. I guess it could be that I use a wallet and my cash is usually out of sight, but surely others don't and will have a different set of problems than me. I can say I would be impatient in the checkout line if the person ahead of me was having difficulty paying because he didn't cut or fold his bill just right. Mike, I think we all need to step back and go back to your original post. From what we have all put in with ideas do you think you could put together a list of Standard Operating Procedures?
|
|
|
|
|
aq
|
|
July 23, 2012, 06:54:12 PM |
|
Once everyone has one of these, literally seeing such a banknote means owning it.
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 23, 2012, 07:43:42 PM |
|
Once everyone has one of these, literally seeing such a banknote means owning it. True! See Mike! THIS is why I am all paranoid
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 23, 2012, 08:05:28 PM |
|
Once everyone has one of these, literally seeing such a banknote means owning it. True! See Mike! THIS is why I am all paranoid I think covering the QR code with a Post-It note or a folded flap will be a lot more practical than a scheme where the bill has to be precisely cut or folded to be spent. Remember, the whole prototypical point of this is speed and convenience for laypeople at a retail checkout scenario. Anyone can rip off a Post-It note in less than a second, and anyone who can buy a printer can also buy a pad of Post-It notes anywhere in the world. Since this whole effort is going to be public domain / open source, it comes with a license for anyone to do near whatever the f- they want with it, so no one will stop you from making and publishing a bill that must be folded like MAD Magazine. But it's outside of the scope of my stated intent for this particular effort. I think I have just about got the reward payout scheme just about finalized. And the gracious donation of 10BTC, I think I am going to say should go to the person who successfully marries the BitAddress.org codebase with the SVG version of what is pretty much certainly the first-place winner: the banknote presented to us by Psy.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 23, 2012, 08:14:19 PM |
|
Once everyone has one of these, literally seeing such a banknote means owning it. True! See Mike! THIS is why I am all paranoid I think covering the QR code with a Post-It note or a folded flap will be a lot more practical than a scheme where the bill has to be precisely cut or folded to be spent. Remember, the whole prototypical point of this is speed and convenience for laypeople at a retail checkout scenario. Anyone can rip off a Post-It note in less than a second, and anyone who can buy a printer can also buy a pad of Post-It notes anywhere in the world. Since this whole effort is going to be public domain / open source, it comes with a license for anyone to do near whatever the f- they want with it, so no one will stop you from making and publishing a bill that must be folded like MAD Magazine. But it's outside of the scope of my stated intent for this particular effort. I think I have just about got the reward payout scheme just about finalized. And the gracious donation of 10BTC, I think I am going to say should go to the person who successfully marries the BitAddress.org codebase with the SVG version of what is pretty much certainly the first-place winner: the banknote presented to us by Psy. CONGRATULATIONS PSY! I can't WAIT to try it!
|
|
|
|
Timbo925
|
|
July 23, 2012, 08:25:27 PM |
|
Congratzz
|
|
|
|
paraipan
In memoriam
Legendary
Offline
Activity: 924
Merit: 1004
Firstbits: 1pirata
|
|
July 23, 2012, 09:05:24 PM |
|
Congratzz +1
|
BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
|
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 23, 2012, 09:14:38 PM |
|
Looking forward to perhaps established denominations like the Euro?
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 23, 2012, 09:27:25 PM |
|
Hang on a moment. You can scan the public address to see whether it holds coins, but you have no way to verify that the supplied private key will let you spend those coins. The only way you can possibly verify that the note holds value is to spend the note.
Therefore the public QR-code should not be labelled "Verify". Even "Load" is dubious, as you might be loading some scammer's address with your coins.
That's why you should print these yourself with a program you trust on a machine you know isn't hacked. You aren't going to be loading bills that others printed for you. When you actually spend the bill, all that matters is that they are able to sweep funds when scanning just the private key. Any shenanigans and you will inconvenience only yourself. Try going to Home Depot, put a tool in your cart, grab a new gift card off the shelf, and attempt to use the gift card to pay for the tools. It won't work, anyone can guess it will be because the gift card has a balance of 0.00, and you'll only be wasting your own time.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
nybble41
|
|
July 24, 2012, 06:59:18 PM |
|
Why not have just one QR-code, encoded in such a way that it cointains both the private key and the public key? This forces people to read both keys, and makes it easy to check that the private key can spend funds sent to a receiving address generated from the public key.
This would remove the temptation to scan only the "verify" address and assume that the balance associated with that address can be spent. I agree. There is no security advantage to having the public key if the private key is also visible. To verify the balance, or even load the address securely, you need to know that the private key matches the public key anyway, so the public key isn't sufficient. You might as well include only the private key, from which the public key can be generated; there is no need for a special encoding. That also simplifies the design (one QR code per certificate).
|
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1006
Let's talk governance, lipstick, and pigs.
|
|
July 24, 2012, 08:15:04 PM |
|
You might as well include only the private key
I think that's the way to go. And the design of the note should allow folding to conceal the key. Folding over a corner to conceal a substantial portion of the QR-code would be sufficient. All the public key does is to allow a payment to the bitcoin address for someone that doesn't own that address. If the bill is for a fixed amount then you do not need a public key and only need the value in BTC printed.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 25, 2012, 05:04:59 PM |
|
I agree. There is no security advantage to having the public key if the private key is also visible. To verify the balance, or even load the address securely, you need to know that the private key matches the public key anyway, so the public key isn't sufficient. You might as well include only the private key, from which the public key can be generated; there is no need for a special encoding. That also simplifies the design (one QR code per certificate).
I'd make it an option... like a checkbox... I could see others agreeing the bitcoin QR isn't needed while at the same time others saying it is needed. I would enjoy these particular advantages having the public key. * the ability to get the bitcoin address into a computer with a USB keyboard wedge barcode scanner without hand-pecking each character, so I can fund the note, or use block explorer, or e-mail the bitcoin address to somebody in anticipation of a payment. (Remember, just because the bitcoin address could be calculated, doesn't mean that anything will calculate it! And the keyboard-emulating barcode scanner is an example of something that sure isn't going to.) * the ability to use the note to accept change from a transaction, or incoming payments, without giving away the opportunity to claw it back * the ability to use a shared resource to confirm for my own benefit that the balance on the note is what I think it is (think similar to a price-check kiosk at Target) * the ability to fund notes that will be used for safekeeping/storage and have 100% assurance that the private key wasn't captured by the funding computer (this matters mainly for large amounts, not so much for smaller ones)
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 25, 2012, 05:15:19 PM |
|
I agree. There is no security advantage to having the public key if the private key is also visible. To verify the balance, or even load the address securely, you need to know that the private key matches the public key anyway, so the public key isn't sufficient. You might as well include only the private key, from which the public key can be generated; there is no need for a special encoding. That also simplifies the design (one QR code per certificate).
I'd make it an option... like a checkbox... I could see others agreeing the bitcoin QR isn't needed while at the same time others saying it is needed. I would enjoy these particular advantages having the public key. * the ability to get the bitcoin address into a computer with a USB keyboard wedge barcode scanner without hand-pecking each character, so I can fund the note, or use block explorer, or e-mail the bitcoin address to somebody in anticipation of a payment. (Remember, just because the bitcoin address could be calculated, doesn't mean that anything will calculate it! And the keyboard-emulating barcode scanner is an example of something that sure isn't going to.) * the ability to use the note to accept change from a transaction, or incoming payments, without giving away the opportunity to claw it back * the ability to use a shared resource to confirm for my own benefit that the balance on the note is what I think it is (think similar to a price-check kiosk at Target) * the ability to fund notes that will be used for safekeeping/storage and have 100% assurance that the private key wasn't captured by the funding computer (this matters mainly for large amounts, not so much for smaller ones) How about a design that is more descrete. Perhaps like a lottery ticket with a barcode instead of a qr code?
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 25, 2012, 05:29:39 PM |
|
How about a design that is more descrete. Perhaps like a lottery ticket with a barcode instead of a qr code?
A QR code is a barcode. Maybe you mean a 1-dimensional barcode rather than a 2-dimensional barcode. The whole point of 2-dimensional barcodes is to increase the amount of data you can fit. 1-dimensional barcodes aren't suitable for bitcoin keys due to their size. No commonly-used 1d barcode symbology supports mixed case text. 2d barcodes also add advanced error correction that can tolerate a total loss of a certain percentage of the code, something that would be desirable in a cash application, and something 1d barcodes don't offer.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
unclemantis
Member
Offline
Activity: 98
Merit: 10
(:firstbits => "1mantis")
|
|
July 27, 2012, 02:46:55 AM |
|
+1
|
|
|
|
|