redsn0w (OP)
Legendary
 Offline
Activity: 1778
Merit: 1042
#Free market
|
 |
February 20, 2015, 06:05:21 PM
Last edit: February 20, 2015, 06:28:18 PM by redsn0w |
|
It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end. Do I still miss something?
Sorry but I've edited my thread post , check the two link and if you want more info then google " how to sign a transaction offline". If they have connected on internet their cold wallet it is obvious you cannot "name" it " cold wallet" anymore . |
|
|
|
|
|
|
|
|
|
The trust scores you see are subjective; they will change depending on who you have in your trust list. |
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
tee-rex
|
|
February 20, 2015, 06:12:20 PM
Last edit: February 20, 2015, 06:27:08 PM by tee-rex |
|
It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end. Do I still miss something?
Sorry but I've edited my thread , check the two link and if you want more info then google " how to sign a transaction offline". If they have connected on internet their cold wallet it is obvious you cannot "name" it " cold wallet" anymore . I guess that the only possible way to really "sign a transaction offline" and be 100% sure that the keys are not compromised would be to write down all necessary TX info manually on paper and then enter it into the client connected to the Internet by hand. |
|
|
|
|
redsn0w (OP)
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 20, 2015, 09:20:09 PM |
|
It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end. Do I still miss something?
Sorry but I've edited my thread , check the two link and if you want more info then google " how to sign a transaction offline". If they have connected on internet their cold wallet it is obvious you cannot "name" it " cold wallet" anymore . I guess that the only possible way to really "sign a transaction offline" and be 100% sure that the keys are not compromised would be to write down all necessary TX info manually on paper and then enter it into the client connected to the Internet by hand. When you sign the transaction offline you have only to "broadcast" it on an "online machine". So you can transfer this "transaction" through email, or .txt on an usb, etc... It is not important how will you will transfer this signed tx, the only thing is the secure signing of the TX (offline). |
|
|
|
|
|
tee-rex
|
|
February 20, 2015, 09:44:47 PM
Last edit: February 20, 2015, 10:28:54 PM by tee-rex |
|
It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end. Do I still miss something?
Sorry but I've edited my thread , check the two link and if you want more info then google " how to sign a transaction offline". If they have connected on internet their cold wallet it is obvious you cannot "name" it " cold wallet" anymore . I guess that the only possible way to really "sign a transaction offline" and be 100% sure that the keys are not compromised would be to write down all necessary TX info manually on paper and then enter it into the client connected to the Internet by hand. When you sign the transaction offline you have only to "broadcast" it on an "online machine". So you can transfer this "transaction" through email, or .txt on an usb, etc... I t is not important how will you will transfer this signed tx, the only thing is the secure signing of the TX (offline). Perhaps, that's what the bter staff thought (and got burned). The method of transfer cannot be considered safe or "offline" if it can be used to secretly transfer your private keys as well. This way almost all means of electronic communications (email or a .txt file on an usb) should be deemed as potentially compromising and not far in effect from directly connecting a cold wallet to the net. |
|
|
|
|
redsn0w (OP)
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 20, 2015, 10:04:08 PM |
|
NEWS (an article of coindesk , 99%) : http://www.coindesk.com/bter-unable-to-repay-customers-following-alleged-exchange-heist/"This time, reimbursement of the platform’s various cryptocurrencies, including NXT and counterparty, remains uncertain. The spokesperson simply reiterated the company's earlier Twitter announcement that withdrawals would be running "soon", after BTER's wallets are declared safe."
|
|
|
|
|
|
tee-rex
|
|
February 20, 2015, 10:39:28 PM
Last edit: February 20, 2015, 11:20:37 PM by tee-rex |
|
Reimbursement?! Did other cryptocurrencies other than bitcoin get stolen too? They definitely should have taken that spokesperson hostage. |
|
|
|
|
Jcga
Legendary
Offline
Activity: 2590
Merit: 1089
|
|
February 21, 2015, 02:11:21 AM |
|
From twitter.com/btercom
"We are preparing for the withdrawals. CNY, USD and NXT withdrawals will be handled first."
|
|
|
|
|
tee-rex
|
|
February 21, 2015, 04:02:18 AM
Last edit: February 21, 2015, 03:41:04 PM by tee-rex |
|
From twitter.com/btercom
"We are preparing for the withdrawals. CNY, USD and NXT withdrawals will be handled first."
Smells very fishy, mildly speaking. As I understand it, they are "preparing for the withdrawals" of those assets over which they either can't have control or which would be worthless in the hands of a small group of people. In the case of Chinese yuan and US dollar they will inevitably inflict criminal prosecution upon themselves without a single chance of escaping if they try to cash out or transfer the money. And in the case of nxt coins, as we know from the previous hack, their price would fall next to nothing if they get accumulated in a few hands (that was the reason why the thief agreed to return the stolen nxt's). |
|
|
|
|
Bizmark13
Sr. Member
Offline
Activity: 462
Merit: 250
WikiScams.org - Information about Bitcoin Scams
|
|
February 21, 2015, 06:37:59 AM |
|
But there exist no decentral exchange for altcoins. the Assetsystem with nxt or bts i find to uncomfortable. we need something like a torrentsystem. but the blockchains are to slow for trading. And i dont see why i should hold altcoins without trading ...
There are decentralized exchanges in development and I think there might be some already working, but I personally think that centralized exchanges like Bter and Cryptsy are here to stay. They're simple and user friendly, they work with no technical expertise required, and you don't have to install anything on your computer to use them. And if you don't use them as banks and you're not into day trading then they're actually not that bad security-wise. Just put your coins in, swap them for some other coins, then withdraw. It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end. Do I still miss something?
Sorry but I've edited my thread , check the two link and if you want more info then google " how to sign a transaction offline". If they have connected on internet their cold wallet it is obvious you cannot "name" it " cold wallet" anymore . I guess that the only possible way to really "sign a transaction offline" and be 100% sure that the keys are not compromised would be to write down all necessary TX info manually on paper and then enter it into the client connected to the Internet by hand. When you sign the transaction offline you have only to "broadcast" it on an "online machine". So you can transfer this "transaction" through email, or .txt on an usb, etc... It is not important how will you will transfer this signed tx, the only thing is the secure signing of the TX (offline). That wouldn't be a cold wallet though right? I mean, if the machine containing the cold wallet is connected to the Internet, then it's not really a cold wallet. The moment a machine is connected to the Internet, it can be infected by viruses or trojans. So that rules out email. Malware can spread via USB drives too. In fact, the Iranian nuclear program had some of their centrifuges destroyed by malware that spread via USB drives: http://en.wikipedia.org/wiki/StuxnetRelevant part: Langner speculated that the infection may have spread from USB drives belonging to Russian contractors since the Iranian targets were not accessible via the internet. |
|
|
|
|
redsn0w (OP)
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 21, 2015, 10:14:48 AM |
|
It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end. Do I still miss something?
Sorry but I've edited my thread , check the two link and if you want more info then google " how to sign a transaction offline". If they have connected on internet their cold wallet it is obvious you cannot "name" it " cold wallet" anymore . I guess that the only possible way to really "sign a transaction offline" and be 100% sure that the keys are not compromised would be to write down all necessary TX info manually on paper and then enter it into the client connected to the Internet by hand. When you sign the transaction offline you have only to "broadcast" it on an "online machine". So you can transfer this "transaction" through email, or .txt on an usb, etc... I t is not important how will you will transfer this signed tx, the only thing is the secure signing of the TX (offline). Perhaps, that's what the bter staff thought (and got burned). The method of transfer cannot be considered safe or "offline" if it can be used to secretly transfer your private keys as well. This way almost all means of electronic communications (email or a .txt file on an usb) should be deemed as potentially compromising and not far in effect from directly connecting a cold wallet to the net. For example, I've generated this TX offline and it gives me this raw transaction "code" : 0100000001a4b577f54ea6b888653ce068639a76ecee0eceddafa7c35efe64853d8cc05709000000008a47304402207688102fe2466c7ddd57c843639b81adcae5699c962a4cb953cee17d50e5f3b502207ea95f78891ebd056e9e1317a823b8996f4460451f31bc2d122cb828d9c0f19c0141048eb34b798d112c5c60ae88436ae4c7b86d943dfc9178ce5cae18b02cb912531b6eb6a8978f389d73cd2d31a2d70241188c86ab3b28753d2055b3064794bcd2c6ffffffff0210270000000000001976a914b6a032713d13dc7d81e68cc1e3d78e0dc0e095e988ac80380100000000001976a91409113c8d4fd73a95e945dce5592a4d5de0ce799088ac00000000 So now everyone of you can "push/broadcast" it here : - https://insight.bitpay.com/tx/send- https://blockchain.info/it/pushtxSo it is impossible to "stole" a private key during this process (if the cold wallet is offline) . You generate the transaction and after broadcast it on another pc (connected on internet). |
|
|
|
|
|
tee-rex
|
|
February 21, 2015, 10:28:42 AM
Last edit: February 21, 2015, 03:39:57 PM by tee-rex |
|
It seems that "this way" your cold wallet still gets effectively "connected" (even through an intermediary) to the Internet in the end. Do I still miss something?
Sorry but I've edited my thread , check the two link and if you want more info then google " how to sign a transaction offline". If they have connected on internet their cold wallet it is obvious you cannot "name" it " cold wallet" anymore . I guess that the only possible way to really "sign a transaction offline" and be 100% sure that the keys are not compromised would be to write down all necessary TX info manually on paper and then enter it into the client connected to the Internet by hand. When you sign the transaction offline you have only to "broadcast" it on an "online machine". So you can transfer this "transaction" through email, or .txt on an usb, etc... I t is not important how will you will transfer this signed tx, the only thing is the secure signing of the TX (offline). Perhaps, that's what the bter staff thought (and got burned). The method of transfer cannot be considered safe or "offline" if it can be used to secretly transfer your private keys as well. This way almost all means of electronic communications (email or a .txt file on an usb) should be deemed as potentially compromising and not far in effect from directly connecting a cold wallet to the net. For example, I've generated this TX offline and it gives me this raw transaction "code" : So now everyone of you can "push/broadcast" it here : - https://insight.bitpay.com/tx/send- https://blockchain.info/it/pushtxSo it is impossible to "stole" a private key during this process (if the cold wallet is offline) . You generate the transaction and after broadcast it on another pc (connected on internet). Wasn't I telling you the same two posts earlier? You write down or print the transaction on paper (memorize it if you are that brutal) and then enter it into the client connected to the Internet (through a site or whatever) manually. |
|
|
|
|
redsn0w (OP)
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 21, 2015, 11:00:27 AM
Last edit: February 21, 2015, 11:12:41 AM by redsn0w |
|
Wasn't I telling you the same two posts earlier? You write down or print the transaction on paper (memorize it if you are that brutal) and then enter it into the client connected to the Internet (through a site or whatever) manually.
Yes, but once that you have created the transaction no one can "modify" it. So also if the hacker/malicious user catch it , he can't do nothing (only broadcast it  ). However if someone want to broadcast my transaction, it would be very appreciated (the destination address is : 18dysRPYmsmFz7tWM99TQ3F9pV7aa3Mqat "I think"; after the broadcast of the tx check it on the blockchain, thanks). 0100000001a4b577f54ea6b888653ce068639a76ecee0eceddafa7c35efe64853d8cc0570900000 0008a47304402207688102fe2466c7ddd57c843639b81adcae5699c962a4cb953cee17d50e5f3b5 02207ea95f78891ebd056e9e1317a823b8996f4460451f31bc2d122cb828d9c0f19c0141048eb34 b798d112c5c60ae88436ae4c7b86d943dfc9178ce5cae18b02cb912531b6eb6a8978f389d73cd2d 31a2d70241188c86ab3b28753d2055b3064794bcd2c6ffffffff0210270000000000001976a914b 6a032713d13dc7d81e68cc1e3d78e0dc0e095e988ac80380100000000001976a91409113c8d4fd7 3a95e945dce5592a4d5de0ce799088ac00000000EDIT: sorry this it the valid raw transaction : 01000000015c391dadc7d9d9f6e811d9e6a2e92d0bc2b149eb12042b782bbc424b6c314ef8010000008a47304402207de9caa7afe9a269d4da7e50cb3ca675f0b649cbaa3b29049057fc3601e50c8202201414bb50f43467941414d190001ea42a29cb3e7a11d67a3be1ba2b355161769d0141048eb34b798d112c5c60ae88436ae4c7b86d943dfc9178ce5cae18b02cb912531b6eb6a8978f389d73cd2d31a2d70241188c86ab3b28753d2055b3064794bcd2c6ffffffff02e8030000000000001976a91453c753c52ff4588063751c765215c5e6af25b87388ac34340100000000001976a91409113c8d4fd73a95e945dce5592a4d5de0ce799088ac00000000 |
|
|
|
|
|
tee-rex
|
|
February 21, 2015, 11:17:59 AM
Last edit: February 21, 2015, 11:30:12 AM by tee-rex |
|
Wasn't I telling you the same two posts earlier? You write down or print the transaction on paper (memorize it if you are that brutal) and then enter it into the client connected to the Internet (through a site or whatever) manually.
Yes, but once that you have created the transaction no one can "modify" it. So also if the hacker/malicious user catch it , he can't do nothing The matter in question is not about possibility of "modifying" transactions (or lack thereof) but about ways of stealing private keys. So, if your "cold" wallet is not connected to the Internet when you generate a new transaction (actually, even if it is never connected to the Internet, or was, or will), this in general doesn't guarantee that it can't be compromised in the end. That's all, and let's finally call it a day. |
|
|
|
|
redsn0w (OP)
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 21, 2015, 11:43:04 AM |
|
Wasn't I telling you the same two posts earlier? You write down or print the transaction on paper (memorize it if you are that brutal) and then enter it into the client connected to the Internet (through a site or whatever) manually.
Yes, but once that you have created the transaction no one can "modify" it. So also if the hacker/malicious user catch it , he can't do nothing The matter in question is not about possibility of "modifying" transactions (or lack thereof) but about ways of stealing private keys. So, if your "cold" wallet is not connected to the Internet when you generate a new transaction (actually, even if it is never connected to the Internet, or was, or will), this in general doesn't guarantee that it can't be compromised in the end. That's all, and let's finally call it a day. If the pc is clean, and it never has been connected on internet (after/before) the generation of the transaction I think you can be "sure" at 99% that it is safe. You have also to check every usb key before connect it on the cold wallet's pc , and also check all the other devices (but it is better to not connect any device in the cold wallet's pc). So at the end as you told there are a multiple things to check, and the 100% of security does not exist. |
|
|
|
|
|
tee-rex
|
|
February 21, 2015, 12:57:15 PM |
|
Bter.com has just opened for fiat withdrawals!
|
|
|
|
|
redsn0w (OP)
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 21, 2015, 01:04:51 PM |
|
Bter.com has just opened for fiat withdrawals!
Thanks for the info ! This is their last tweet :  and now it is opened, if someone have FIAT then withdraw it as soon as possible ( or better now !). |
|
|
|
|
mishax1
Legendary
Offline
Activity: 2898
Merit: 1017
|
|
February 21, 2015, 01:19:25 PM |
|
Bter.com has just opened for fiat withdrawals!
Thanks for the info ! This is their last tweet : and now it is opened, if someone have FIAT then withdraw it as soon as possible ( or better now !). Boom! Hacked again.. |
|
|
|
|
Picsou
Newbie
Offline
Activity: 23
Merit: 0
|
|
February 21, 2015, 02:08:31 PM |
|
Withdrawals are still closed for the moment.
waiting...
|
|
|
|
|
redsn0w (OP)
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 21, 2015, 02:12:30 PM |
|
They have to open Bitcoin withdrawals immediately. People patiently waiting for days.
My friend told me he can't withdraw his btc, can you confirm ? Do you have the same problem ? |
|
|
|
|
Cassius
Legendary
Offline
Activity: 1764
Merit: 1031
|
|
February 21, 2015, 02:19:50 PM |
|
They have to open Bitcoin withdrawals immediately. People patiently waiting for days.
My friend told me he can't withdraw his btc, can you confirm ? Do you have the same problem ? All their bitcoin were hacked. What would they have for you to withdraw?! |
|
|
|
|
|
