Pages:
Author

Topic: Bitcoin Checks : R3 - page 6. (Read 13562 times)

full member
Activity: 154
Merit: 100
May 27, 2012, 01:51:40 PM
#34
I had sent out a couple samples a few weeks ago but I haven't heard anything back. I still have a bit left to give away.
full member
Activity: 154
Merit: 100
May 11, 2012, 08:36:04 PM
#33
OK, first let me squash the "I have no idea what I'm doing" remarks. That check was already scratched out (because it was a misprinted, scrap check) and the purpose of the picture was to focus on the private key, thats it...

As for the firstbits, You and a few others have made your point and I will work on getting the firstbits verified and tied to the check since, as you said "If you provide it, they will use it", and that will also make them more useful if the QR code is not available to scan.

Sorry if I came across a bit harsh there, I didn't mean to call you dumb or anything, but you are (at present) on a newbie account in the newbie forums and the pic did seem pretty odd. Not trying to call you out, honestly, I'd rather offer help if there's some misunderstanding. I want to see Bitcoin succeed and the better people understand it at this stage of the game the higher the chances of that happening are.

I wasn't trying to beat a dead horse with the firstbits thing either, it's just that a lot of folks aren't aware of things like vanitygen and don't know that you can "steal" firstbits pretty trivially. I figured an actual in-practice example would be a good way to drive that home.

I know I come off strong but it's only because you look like you've got a good product if you can just recognize and patch a few simple problems before hitting a live market with them and I wish you the best of luck.
It's cool, if I didn't want feedback I wouldn't have asked for it. I am tryin to sell check to and for the community, if the community does not approve, my idea has already failed. I didn't think Firstbits were that crucial at the time and didn't focus on them so much. Obviously I was mistaken, but it is an easy fix and well worth it.
hero member
Activity: 742
Merit: 500
May 11, 2012, 08:26:58 PM
#32
OK, first let me squash the "I have no idea what I'm doing" remarks. That check was already scratched out (because it was a misprinted, scrap check) and the purpose of the picture was to focus on the private key, thats it...

As for the firstbits, You and a few others have made your point and I will work on getting the firstbits verified and tied to the check since, as you said "If you provide it, they will use it", and that will also make them more useful if the QR code is not available to scan.

Sorry if I came across a bit harsh there, I didn't mean to call you dumb or anything, but you are (at present) on a newbie account in the newbie forums and the pic did seem pretty odd. Not trying to call you out, honestly, I'd rather offer help if there's some misunderstanding. I want to see Bitcoin succeed and the better people understand it at this stage of the game the higher the chances of that happening are.

I wasn't trying to beat a dead horse with the firstbits thing either, it's just that a lot of folks aren't aware of things like vanitygen and don't know that you can "steal" firstbits pretty trivially. I figured an actual in-practice example would be a good way to drive that home.

I know I come off strong but it's only because you look like you've got a good product if you can just recognize and patch a few simple problems before hitting a live market with them and I wish you the best of luck.
full member
Activity: 154
Merit: 100
May 11, 2012, 08:21:36 PM
#31
hero member
Activity: 742
Merit: 500
May 11, 2012, 08:12:46 PM
#30
That is why I also have the full address listed on the check, If the merchant checks only the firstbits and does not validate the whole address that is their mistake, TBH. Don't get me wrong I had thought of that, but at the same time personal responsibility of your own payments is like Bitcoin 101.
What is the point of including the firstbits on the check then, if they aren't to be used to validate the check balance?
They are, but if I relied solely on the first bits the full address wouldn't be needed. Creating an address with matching firstbits also kind of defeats the purpose as well.

You're kind of missing the point. Most people will use whatever the easiest method you present them is. If they have a way to scan the QR code, then they'll do that - otherwise they'll default to firstbits. Nobody is going to enter a 34 character alphanumeric case sensitive string to check balance if they can type 6 or 7 non-case-sensitive firstbits instead. If you're printing the firstbits on the check, it's implied that the firstbits are inexorably tied to that piece of paper, which isn't necessarily the case. I've already demonstrated how someone could use this loophole to scam a merchant and saying "it's on the merchant if they don't take the time to type 34 alphanumeric characters" is not a valid excuse for doing things the right way. If we want Bitcoin to be accepted by merchants we have to make it easier than "1KvrFZYgwQe5D7cfMR1ndKL9zUzm9CAHzy and pray to god you don't make a typo" which is the whole point of firstbits anyway. But for the firstbits to be valid you HAVE to fund them or else leave yourself open to a collision attack like I described above. Merchant's won't use these if it's that trivial to scam with them. Again, you don't even have to fund them with a lot, you can spend a single satoshi which, at the time of this writing, is worth ~0.0000000494991 USD (about five millionths of a penny). To refuse to fund at 0.00000001 BTC before sending is either incredibly cheap or incredibly lazy and either way it completely invalidates the usefulness of printing the firstbits at all.

Also, for the record, it seems odd that you've scribbled over the address but left the privkey visible in your image; it seems to belie a very poor understanding of how Bitcoin actually works... From private key 5J7nDBQHbQ7u8MmLdHuxz2uqGCJdrKzZSMY7vcnZRnDeCEFqLs3 it's trivial to compute the scribbled-out address 1KvrFZYgwQe5D7cfMR1ndKL9zUzm9CAHzy with firstbits 1kvrfzy.

As a proof of concept I just did exactly what I suggested and made an address with vanitygen that collides with your firstbits: 1KvrFZyLX7dKpvYjzTWv3E9KfivR6fhBco and funded it with a satoshi just to prove that I can "steal" your firstbits if you don't fund them at the time of generation/purchase. I'm doing this from my work laptop so I didn't even have the benefit of OpenCL acceleration on a decent GPU to help me. This took less than ten minutes. With even a single 5830 it would take less than one.

Note: At the time of this writing there hasn't been a new block for nearly an hour so the transaction is 0/unconfirmed so I technically haven't stolen your firstbits just yet, but whenever the next block arrives you should see what I mean.

Update: Block finally hit, all your firstbits are belong to me.
Firstbits.com is annoyingly slow to confirm this but http://blockchain.info/address/1kvrfzy links to my address, not yours. I think that's an adequately solid proof of concept.
full member
Activity: 154
Merit: 100
May 11, 2012, 08:03:54 PM
#29
That is why I also have the full address listed on the check, If the merchant checks only the firstbits and does not validate the whole address that is their mistake, TBH. Don't get me wrong I had thought of that, but at the same time personal responsibility of your own payments is like Bitcoin 101.
What is the point of including the firstbits on the check then, if they aren't to be used to validate the check balance?
They are, but if I relied solely on the first bits the full address wouldn't be needed. Creating an address with matching firstbits also kind of defeats the purpose as well.
legendary
Activity: 1400
Merit: 1005
May 11, 2012, 07:30:36 PM
#28
That is why I also have the full address listed on the check, If the merchant checks only the firstbits and does not validate the whole address that is their mistake, TBH. Don't get me wrong I had thought of that, but at the same time personal responsibility of your own payments is like Bitcoin 101.
What is the point of including the firstbits on the check then, if they aren't to be used to validate the check balance?
full member
Activity: 154
Merit: 100
May 11, 2012, 07:28:43 PM
#27
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check, also the reason for 6 characters.
To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits.  I think it's a good idea to have the firstbits on the check, but better to be safe than sorry!  You can use sendmany for each batch to minimize fees.  It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate!  Otherwise, you'll keep being asked the same question over and over about the firstbits.  Wink
Yeah. This would work and guarantee that you don't ever have an incorrect firstbits.
I don't really want to send out funded checks and the firstbits are only ment as a reference number to check the transaction, not the sole means of funding.

Look, here's the problem: Say you have a check with firstbits 1qz80e7. I can go grab a copy of vanitygen and make a new bitcoin address with those firstbits. I then send money to that address and nothing ever gets sent to the actual address on the check. Since firstbits aren't case-sensitive generating a collision should be relatively easy. A merchant might then take the check, check the firstbits only and accept it since firstbits 1qz80e7 actually shows a balance. When said merchant attempts to redeem the check via the private key, they will find they've been given the privkey to an account holding no funds.
That is why I also have the full address listed on the check, If the merchant checks only the firstbits and does not validate the whole address that is their mistake, TBH. Don't get me wrong I had thought of that, but at the same time personal responsibility of your own payments is like Bitcoin 101.
hero member
Activity: 742
Merit: 500
May 11, 2012, 07:23:05 PM
#26
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check, also the reason for 6 characters.
To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits.  I think it's a good idea to have the firstbits on the check, but better to be safe than sorry!  You can use sendmany for each batch to minimize fees.  It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate!  Otherwise, you'll keep being asked the same question over and over about the firstbits.  Wink
Yeah. This would work and guarantee that you don't ever have an incorrect firstbits.
I don't really want to send out funded checks and the firstbits are only ment as a reference number to check the transaction, not the sole means of funding.

Look, here's the problem: Say you have a check with firstbits 1qz80e7. I can go grab a copy of vanitygen and make a new bitcoin address with those firstbits. I then send money to that address and nothing ever gets sent to the actual address on the check. Since firstbits aren't case-sensitive generating a collision should be relatively easy. A merchant might then take the check, check the firstbits only and accept it since firstbits 1qz80e7 actually shows a balance. When said merchant attempts to redeem the check via the private key, they will find they've been given the privkey to an account holding no funds.
full member
Activity: 154
Merit: 100
May 11, 2012, 07:20:43 PM
#25
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check, also the reason for 6 characters.
To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits.  I think it's a good idea to have the firstbits on the check, but better to be safe than sorry!  You can use sendmany for each batch to minimize fees.  It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate!  Otherwise, you'll keep being asked the same question over and over about the firstbits.  Wink
Yeah. This would work and guarantee that you don't ever have an incorrect firstbits.
I don't really want to send out funded checks and the firstbits are only ment as a reference number to check the transaction, not the sole means of funding.
I'd hardly call a satoshi "funded".  Just don't tell anyone it is there.  Anyway, I gave my opinion, you don't have to take it.  Best of luck, and I still want a free one!  Cheesy
Shoot me an email with your information or use the form provided at http://shop.psjb.me
legendary
Activity: 1400
Merit: 1005
May 11, 2012, 07:18:49 PM
#24
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check, also the reason for 6 characters.
To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits.  I think it's a good idea to have the firstbits on the check, but better to be safe than sorry!  You can use sendmany for each batch to minimize fees.  It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate!  Otherwise, you'll keep being asked the same question over and over about the firstbits.  Wink
Yeah. This would work and guarantee that you don't ever have an incorrect firstbits.
I don't really want to send out funded checks and the firstbits are only ment as a reference number to check the transaction, not the sole means of funding.
I'd hardly call a satoshi "funded".  Just don't tell anyone it is there.  Anyway, I gave my opinion, you don't have to take it.  Best of luck, and I still want a free one!  Cheesy
full member
Activity: 154
Merit: 100
May 11, 2012, 07:17:39 PM
#23
My site is really the biggest problem right now, using a MAILTO link, not being able to generate a payment address automatically, and also my emails are marked as spam by many clients. =/
full member
Activity: 154
Merit: 100
May 11, 2012, 07:13:22 PM
#22
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check, also the reason for 6 characters.
To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits.  I think it's a good idea to have the firstbits on the check, but better to be safe than sorry!  You can use sendmany for each batch to minimize fees.  It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate!  Otherwise, you'll keep being asked the same question over and over about the firstbits.  Wink
Yeah. This would work and guarantee that you don't ever have an incorrect firstbits.
I don't really want to send out funded checks and the firstbits are only ment as a reference number to check the transaction, not the sole means of funding.
hero member
Activity: 742
Merit: 500
May 11, 2012, 07:00:22 PM
#21
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check, also the reason for 6 characters.
To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits.  I think it's a good idea to have the firstbits on the check, but better to be safe than sorry!  You can use sendmany for each batch to minimize fees.  It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate!  Otherwise, you'll keep being asked the same question over and over about the firstbits.  Wink
Yeah. This would work and guarantee that you don't ever have an incorrect firstbits.
legendary
Activity: 1400
Merit: 1005
May 11, 2012, 06:16:23 PM
#20
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check, also the reason for 6 characters.
To be safe, I'd just send a satoshi to each of the check addresses to get them into the blockchain and have valid firstbits.  I think it's a good idea to have the firstbits on the check, but better to be safe than sorry!  You can use sendmany for each batch to minimize fees.  It wouldn't cost more than a few cents total, definitely worth it IMO if you want to have a product that seems completely legitimate!  Otherwise, you'll keep being asked the same question over and over about the firstbits.  Wink
member
Activity: 66
Merit: 10
May 11, 2012, 06:13:28 PM
#19
I would like some free if your still giving them away.
full member
Activity: 154
Merit: 100
May 11, 2012, 06:12:23 PM
#18
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.

But they will also have an unfunded check leaving them no reason to check the transaction, also the reason for 6 characters.
donator
Activity: 1218
Merit: 1079
Gerald Davis
May 11, 2012, 06:11:16 PM
#17
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.

However if someone else funds an address with same prefix before your customer funds his then the check will have the wrong firstbit.
full member
Activity: 154
Merit: 100
May 11, 2012, 06:09:51 PM
#16
How do you have firstbits printed on the bills before funding them?  That isn't possible.  You can't just guess what your firstbits will be. You have to get the address in the blockchain first.

When the address is used it will appear in the block chain, I currently use 6 characters to avoid any mismatches, if this proves to be a problem I will switch to 7.
full member
Activity: 154
Merit: 100
May 11, 2012, 06:08:13 PM
#15
Alot of the posts and updates ended up on Twitter and Google+ instead of on my site actually.

"I like it... but how do we trust you not to up and steal all the coins in the private key one day?"

I strongly feel a legit business model has a longer shelf life than a corrupt one...
I don't keep logs or copies of the information provided, not just for your sake but for mine as well. If I kept a copy of addresses/keys and that list got compromised I would get blamed anyhow (as I should be).

I know I have ZERO creditably right now which is the reason for the freebies, plus user reviews speak louder than my own.

Here is a Private Key example:
http://i.imgur.com/GCiucl.jpg
Key is clear and legible!
Why did you bother to redact the QR code and the bitcoin address? You can compute the address from the private key.
That was scrap check where the QR code was misprinted, I just scratched out the address with it.
Pages:
Jump to: