fillippone
Legendary
Offline
Activity: 2310
Merit: 16501
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
May 22, 2021, 09:19:26 PM |
|
Sorry to nitpick, but I think the whole point of this thread is securing the ownership of a bitcoin address. What is the point of signing a NEW address without proof of ownership of the OLD address? I think we should do like this: <Link to old verification>
Adding a new address: -----BEGIN BITCOIN SIGNED MESSAGE----- I am fillippone from bitcointalk.org forum. Today is March, 20th 2021 and I want to secure my bitcointalk.org account with this message.
I am using my old Staked Address to sign a message to add my new bech32address, which will become my new main one.
Link to old staked Address Verification. https://bitcointalk.org/index.php?topic=996318.msg51838443#msg51838443
My new Address will be: bc1qd7rqlrw5h4q3g2x45xacd72zshcm2dht2ztclh -----BEGIN SIGNATURE----- 1CfNL14Dm39RJqZsqHBk4gdbcs3G3PvbdP IAb+IwI0vmM4J1If6rF5QIUfmp2Z8zJ4qBJ0YgK3lmL5VE1CV0JM2wcN6eASAJ0hSsV95JfaP+sa4KtmZhkFMe0= -----END BITCOIN SIGNED MESSAGE-----
For added security, I also verified the new address: -----BEGIN BITCOIN SIGNED MESSAGE----- I am fillippone from bitcointalk.org forum. Today is March, 20th 2021 and I want to secure my bitcointalk.org account with this message. My new Address will be: bc1qd7rqlrw5h4q3g2x45xacd72zshcm2dht2ztclh -----BEGIN SIGNATURE----- bc1qd7rqlrw5h4q3g2x45xacd72zshcm2dht2ztclh IFzchQ/GYCbPFrWpeTJhpqVngYRRxu5sgQyDMr/c6MqAWsrN/3KqfyXRoi9ucaTU65jCV1xtDhfQ92/S0JxapI8= -----END BITCOIN SIGNED MESSAGE-----
Please verify and quote my new addresses.
|
|
|
|
shasan
Copper Member
Legendary
Offline
Activity: 2352
Merit: 1296
Need a Bounty Manager? t.me/shasan32
|
|
May 23, 2021, 06:48:27 PM |
|
What is the point of signing a NEW address without proof of ownership of the OLD address?
There might have two cases for signing with a new address without proofing the sign of old address. 1. the owner of the address lost access of old address/private key. Didn't know that need to proof by his/her old address first.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1666
Merit: 8218
Bitcoin is a royal fork
|
|
May 23, 2021, 08:44:11 PM |
|
Sorry to nitpick, but I think the whole point of this thread is securing the ownership of a bitcoin address. What is the point of signing a NEW address without proof of ownership of the OLD address? You may not want to sign a message from your old address. That's okay, but if you ever need to prove you're the owner you'll have to sign from the old one. You could do what you say if you want to get rid of the old address as a proof of ownership.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4466
Merit: 3391
|
|
May 23, 2021, 10:03:31 PM Last edit: May 23, 2021, 10:52:02 PM by odolvlobo Merited by fillippone (2) |
|
Sorry to nitpick, but I think the whole point of this thread is securing the ownership of a bitcoin address.
Here is my understanding: The point of posting an address is to give you the ability to use that address later to prove that you were the owner of the account at the time that the address was posted. Posting a address does not prove that the account holder controls the address, but that may be a reasonable assumption if a signed message stating that fact is posted. Quoting the post helps to ensure that any subsequent change to the post can be detected. Signing a message has a minor benefit. It allows the address owner to make a statement (but note that the statement can be false). Typically, the address owner asserts that they control the account and that a signed message is sufficient proof of ownership of the account. It is assumed that the account holder would not post the signed message if they did not accept it. In short, the user should post this signed message and it needs to be quoted: -----BEGIN BITCOIN SIGNED MESSAGE----- Today is <date>. I control the account with the user name, <user name>. Signing a message with private key for the bitcoin address, <bitcoin address>, is sufficient proof of my identity with respect to this account. -----BEGIN SIGNATURE----- <bitcoin address> <signature> -----END BITCOIN SIGNED MESSAGE-----
What is the point of signing a NEW address without proof of ownership of the OLD address?
I think we should do like this: ...
In posting a signed message containing the new address, the current account holder proves that they are the original account holder and presumably states that a message signed with the new address is also sufficient proof. This effectively makes messages signed with the new address as good as messages signed with the old address. Posting a new address not signed with the old address gives the current account holder a way to later prove that they owned the account, but it does not prove that they are the original account holder. I think your suggestion is good, but I would do it more like this because it is more secure. Note that the message signed with the new address is contained in the first signed message. This prevents anyone, including mods and hackers, from substituting a different new address. On the other hand, if the new address is signed with both addresses separately like you did, I suppose that works just as well. -----BEGIN BITCOIN SIGNED MESSAGE----- Today is <date>. I control the account with the user name, <user name>. Signing a message with the private key for the bitcoin address, <new bitcoin address>, is now also sufficient proof of my identity with respect to this account.
- -----BEGIN BITCOIN SIGNED MESSAGE----- Today is <date>. I control the account with the user name, <user name>. Signing a message with the private key for the bitcoin address, <new bitcoin address>, is sufficient proof of my identity with respect to this account. - -----BEGIN SIGNATURE----- <new bitcoin address> <signature> - -----END BITCOIN SIGNED MESSAGE-----
-----BEGIN SIGNATURE----- <old bitcoin address> <signature> -----END BITCOIN SIGNED MESSAGE-----
Edit: nested signatures work if the signing software modifies markers of the interior message as above.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
fillippone
Legendary
Offline
Activity: 2310
Merit: 16501
Fully fledged Merit Cycler - Golden Feather 22-23
|
|
May 23, 2021, 10:05:30 PM |
|
Sorry to nitpick, but I think the whole point of this thread is securing the ownership of a bitcoin address. What is the point of signing a NEW address without proof of ownership of the OLD address? You may not want to sign a message from your old address. That's okay, but if you ever need to prove you're the owner you'll have to sign from the old one. You could do what you say if you want to get rid of the old address as a proof of ownership. What if my account gets hacked and the new owner stack a new address? fillippone_hacked signs the old address. fillippone the new one. Would the situation be sorted with: the old address always wins? What if the old address gets compromised after I sign a new message? It's complicated...but signing a new address without having proof of ownership of the old one is a weak practice, in my humble opinion. EDIT: @odolvlobo posted a great suggestion of nested addresses while I was posting it. Wondering the technical feasibility of nested signature. EDIT2: @odolvlobo is that a typo? two <new bitcoin address> in the signed message? One of them should be the <old bitcoin address>, you might want to check it, I will eventually delete this edit.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4466
Merit: 3391
|
|
May 23, 2021, 10:21:41 PM Last edit: May 23, 2021, 10:51:28 PM by odolvlobo |
|
EDIT2: @odolvlobo is that a typo? two <new bitcoin address> in the signed message? One of them should be the <old bitcoin address>, you might want to check it, I will eventually delete this edit.
The new address needs to be signed with the old address. Nesting may be sufficient, but I was explicitly stating that the new address is also valid. I guess this would be sufficient: -----BEGIN BITCOIN SIGNED MESSAGE----- Today is <date>.
- -----BEGIN BITCOIN SIGNED MESSAGE----- Today is <date>. I control the account with the user name, <user name>. Signing a message with the private key for the bitcoin address, <new bitcoin address>, is sufficient proof of my identity with respect to this account. - -----BEGIN SIGNATURE----- <new bitcoin address> <signature> - -----END BITCOIN SIGNED MESSAGE-----
-----BEGIN SIGNATURE----- <old bitcoin address> <signature> -----END BITCOIN SIGNED MESSAGE-----
Edit: nested signatures work if the signing software modifies markers of the interior message as above.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
snipie
Legendary
Offline
Activity: 3304
Merit: 1141
DGbet.fun - Crypto Sportsbook
|
|
May 23, 2021, 10:27:33 PM |
|
-snip-
Mr X has stacked bitcoin address 1 here years ago for example. Mr X wants to add address 2 without signing a message with address 1, it is ok, he is free. Now when it comes to recovering his hacked account, he has to sign with the first stacked address. Now if he posted address 2 + signed a message with address 1 + asked to not consider addy 1 to belong to him anymore, then in case of hack, address 2 will be used to recover the account. The spirit of this topic is to stake 1 bitcoin address for recovering purposes. I don't see the point for staking another unless it will replace it. Normally the guy staking a 2nd address should be able to provide a signed message whenever asked to prove he is the real owner. Posting an address here even if it is years old without signing the older one won't make it as important as the first one.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17503
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
May 24, 2021, 02:09:33 PM Last edit: May 24, 2021, 03:09:37 PM by LoyceV |
|
There might have two cases for signing with a new address without proofing the sign of old address. 1. the owner of the address lost access of old address/private key. Didn't know that need to proof by his/her old address first. This made me curious how many posts have been deleted from this topic. I don't have full data on the oldest posts on this topic, but I do have the newest posts. I've temporarily adjusted LoyceV's Topic Details: highlight deleted and edited posts (forum wide) to scrape more than 250 pages. See: ** Please don't quote this link, it will trigger scraping 250 pages again **https://loyce.club/archive/details/topic_996318_2021-05-24_Mon_16.07h.html (6 MB) ** Please don't quote this link, it will trigger scraping 250 pages again **(CTRL-F "Deleted!")
|
|
|
|
adriaparcerisas
Copper Member
Member
Offline
Activity: 368
Merit: 12
|
|
May 25, 2021, 01:55:31 PM |
|
Hello, I think I succeeded! Please, can you verify it? Thank you! -----BEGIN BITCOIN SIGNED MESSAGE----- Today is May, 25th 2021. I control the account with the user name, adriaparcerisas. Signing a message with private key for the bitcoin address, 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN, is sufficient proof of my identity with respect to this account. -----BEGIN SIGNATURE----- 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN HMeJRAprme/V+P1ianEJ8rEBKeVLNjMNffKglj8ftzOQ1QrlqctXAaZ+FPSvwLoMDffdWkLMoVsgYOxgCfALP7c= -----END BITCOIN SIGNED MESSAGE-----
|
|
|
|
Xal0lex
Staff
Legendary
Offline
Activity: 2604
Merit: 2583
|
|
May 25, 2021, 02:36:42 PM |
|
Hello, I think I succeeded! Please, can you verify it? Thank you! -----BEGIN BITCOIN SIGNED MESSAGE----- Today is May, 25th 2021. I control the account with the user name, adriaparcerisas. Signing a message with private key for the bitcoin address, 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN, is sufficient proof of my identity with respect to this account. -----BEGIN SIGNATURE----- 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN HMeJRAprme/V+P1ianEJ8rEBKeVLNjMNffKglj8ftzOQ1QrlqctXAaZ+FPSvwLoMDffdWkLMoVsgYOxgCfALP7c= -----END BITCOIN SIGNED MESSAGE----- Quoted and verified.
|
|
|
|
jamyr
Sr. Member
Offline
Activity: 1792
Merit: 373
<------
|
|
May 25, 2021, 02:57:35 PM Last edit: May 25, 2021, 03:10:14 PM by jamyr |
|
-----BEGIN BITCOIN SIGNED MESSAGE----- "This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021" -----BEGIN SIGNATURE----- bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02 IFY+lFklLIxdEP+ZexhCL/o+WToKCMUULBA6CaLx6AHkDj1lmab4uvBRFTRSLrIHgYNSsjQvOnSVFyDOvHBcZa4= -----END BITCOIN SIGNED MESSAGE-----
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
May 25, 2021, 08:27:28 PM Last edit: November 14, 2023, 11:49:17 PM by HCP |
|
-----BEGIN BITCOIN SIGNED MESSAGE----- "This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021" -----BEGIN SIGNATURE----- bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02 IFY+lFklLIxdEP+ZexhCL/o+WToKCMUULBA6CaLx6AHkDj1lmab4uvBRFTRSLrIHgYNSsjQvOnSVFyDOvHBcZa4= -----END BITCOIN SIGNED MESSAGE-----
Quoted and verified with Electrum:
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17503
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
May 25, 2021, 08:35:36 PM |
|
"This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021" bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02 Any chance you can confirm this new address by signing from your old address? 1JAMYRoaPiqK4PStwMpKyWH3S5x6DvHRM
This other address is a blockchain.info address.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1666
Merit: 8218
Bitcoin is a royal fork
|
|
May 25, 2021, 08:55:05 PM Last edit: June 17, 2021, 06:51:50 AM by BlackHatCoiner |
|
What if my account gets hacked and the new owner stack a new address? If your account got hacked and staked a new address, the hacker would be asked to sign a message from your old address. The above post is an example of what I'm talking about.
|
|
|
|
jamyr
Sr. Member
Offline
Activity: 1792
Merit: 373
<------
|
|
May 26, 2021, 01:55:18 AM |
|
-----BEGIN BITCOIN SIGNED MESSAGE----- "This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021" -----BEGIN SIGNATURE----- bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02 IFY+lFklLIxdEP+ZexhCL/o+WToKCMUULBA6CaLx6AHkDj1lmab4uvBRFTRSLrIHgYNSsjQvOnSVFyDOvHBcZa4= -----END BITCOIN SIGNED MESSAGE-----
Quoted and verified with Electrum: Thank you. "This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021" bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02 Any chance you can confirm this new address by signing from your old address? 1JAMYRoaPiqK4PStwMpKyWH3S5x6DvHRM
This other address is a blockchain.info address. Address: 1JAMYRoaPiqK4PStwMpKyWH3S5x6DvHRM Message: "this is jamyr from bitcointalk and today is 05/26 may the best pizza win" G+Dui+4ZzfwRbgSn3AMrZRKZvumgnAO4uMX9xo+qptkYJFc2kuhBOr62aDb9Es/L243TR4/13twE/e3ao2q6UXw=
|
|
|
|
snipie
Legendary
Offline
Activity: 3304
Merit: 1141
DGbet.fun - Crypto Sportsbook
|
|
May 26, 2021, 03:14:52 PM |
|
-----BEGIN BITCOIN SIGNED MESSAGE----- "This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021" -----BEGIN SIGNATURE----- bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02 IFY+lFklLIxdEP+ZexhCL/o+WToKCMUULBA6CaLx6AHkDj1lmab4uvBRFTRSLrIHgYNSsjQvOnSVFyDOvHBcZa4= -----END BITCOIN SIGNED MESSAGE-----
Quoted and verified with Electrum: Thank you. "This is jamyr from bitcointalk, would like to stake this address. Today is 5/25/2021" bc1qjuruw650aqp0le6cq2v8yh7ur6pvujxsf4es02 Any chance you can confirm this new address by signing from your old address? 1JAMYRoaPiqK4PStwMpKyWH3S5x6DvHRM
This other address is a blockchain.info address. Address: 1JAMYRoaPiqK4PStwMpKyWH3S5x6DvHRM Message: "this is jamyr from bitcointalk and today is 05/26 may the best pizza win" G+Dui+4ZzfwRbgSn3AMrZRKZvumgnAO4uMX9xo+qptkYJFc2kuhBOr62aDb9Es/L243TR4/13twE/e3ao2q6UXw= Old bitcoin address is verified. The newer one was already verified by HCP. Quoted both for future reference.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17503
Thick-Skinned Gang Leader and Golden Feather 2021
|
Hello, I think I succeeded! Please, can you verify it? Thank you! -----BEGIN BITCOIN SIGNED MESSAGE----- Today is May, 25th 2021. I control the account with the user name, adriaparcerisas. Signing a message with private key for the bitcoin address, 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN, is sufficient proof of my identity with respect to this account. -----BEGIN SIGNATURE----- 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN HMeJRAprme/V+P1ianEJ8rEBKeVLNjMNffKglj8ftzOQ1QrlqctXAaZ+FPSvwLoMDffdWkLMoVsgYOxgCfALP7c= -----END BITCOIN SIGNED MESSAGE----- Your post popped up here, because the address you signed with is brainwalletx.github.io's demo address. Let me try mine: -----BEGIN BITCOIN SIGNED MESSAGE----- This isn't adriaparcerisas's address, it's private key is 5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss so anyone can use it to sign a message! Also: DO NOT enter your private key on any website to sign a message! If you do that, your private key is compromised. -----BEGIN SIGNATURE----- 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN HHQGALEoHhUiXkhb86J/4ifyyE2QWqHNauCFy4guqaVfh+MvLL1bafo4MuuLkTaEE8o6J4dOmAtY8EzKJ8qAe1s= -----END BITCOIN SIGNED MESSAGE----- You should sign a message from a wallet that you and only you control. You can for example install Electrum.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4466
Merit: 3391
|
|
May 27, 2021, 07:36:23 PM |
|
Hello, I think I succeeded! Please, can you verify it? Thank you! -----BEGIN BITCOIN SIGNED MESSAGE----- Today is May, 25th 2021. I control the account with the user name, adriaparcerisas. Signing a message with private key for the bitcoin address, 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN, is sufficient proof of my identity with respect to this account. -----BEGIN SIGNATURE----- 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN HMeJRAprme/V+P1ianEJ8rEBKeVLNjMNffKglj8ftzOQ1QrlqctXAaZ+FPSvwLoMDffdWkLMoVsgYOxgCfALP7c= -----END BITCOIN SIGNED MESSAGE----- Your post popped up here, because the address you signed with is brainwalletx.github.io's demo address. Odd. I wonder why adriaparcerisas would do that. It allows anyone to claim that the account was hacked and prove that they are the real owner of the account.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17503
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
May 27, 2021, 08:52:57 PM |
|
I wonder why adriaparcerisas would do that. It allows anyone to claim that the account was hacked and prove that they are the real owner of the account. He's not the only one, see NInjastic Space.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
May 27, 2021, 09:33:29 PM |
|
Odd. I wonder why adriaparcerisas would do that. It allows anyone to claim that the account was hacked and prove that they are the real owner of the account.
Because people are blindly following instructions without actually understanding exactly what it is they are doing... or why they are doing it. This often leads to people copy/pasting commands verbatim, ignoring "hints" like YOUR_PASSPHRASE_GOES_HERE etc... or leaving default values in web forms etc.
|
|
|
|
|