Can Bitcoin wallets be trusted? | Bitcointalksearch.org

minerpumpkin

hero member

Activity: 686

Merit: 500

A pumpkin mines 27 hours a night

Quote from: jonald_fyookball on July 17, 2014, 12:47:22 PM

Quote from: Anders on July 17, 2014, 04:06:15 AM

I wonder if Bitcoin could be updated to use public user IDs on the block chain. For example Twitter usernames. Then the need for private Bitcoin addresses is removed and the bitcoins always securely stored on the block chain with the unencrypted usernames.

As for anonymity, simply choose a Twitter username like @AnonBitcoinUser.

A) not going to happen.
B) would be bad for anonymity because now you have 1 username for many addresses
C) for what purpose/benefit?

Yeah, one of the main aspects of Bitcoin is, after all, that there are effectively no accounts. The addresses are one part of a crypto pair and that's it. Extending the whole system with changeable names or something is another application and may or may not be implemented on top of the system we're currently employing. Namecoin?

nahtnam

legendary

Activity: 1092

Merit: 1000

nahtnam.com

Quote from: DannyElfman on July 17, 2014, 12:52:56 PM

Quote from: jonald_fyookball on July 17, 2014, 12:47:22 PM

Quote from: Anders on July 17, 2014, 04:06:15 AM

I wonder if Bitcoin could be updated to use public user IDs on the block chain. For example Twitter usernames. Then the need for private Bitcoin addresses is removed and the bitcoins always securely stored on the block chain with the unencrypted usernames.

As for anonymity, simply choose a Twitter username like @AnonBitcoinUser.

A) not going to happen.
B) would be bad for anonymity because now you have 1 username for many addresses
C) for what purpose/benefit?

I agree that this would make no sense. It would also make it so that the block chain would not be secured cryptographically but rather with some central authority that houses all of the passwords.

If you want to be public, register at http://keybase.io and add your face to the BTC address.

nahtnam

legendary

Activity: 1092

Merit: 1000

nahtnam.com

If your wallet.dat is password protected, the software would have to wait until you typed in your password before it can do anything.

DannyElfman

sr. member

Activity: 406

Merit: 250

Quote from: jonald_fyookball on July 17, 2014, 12:47:22 PM

Quote from: Anders on July 17, 2014, 04:06:15 AM

I wonder if Bitcoin could be updated to use public user IDs on the block chain. For example Twitter usernames. Then the need for private Bitcoin addresses is removed and the bitcoins always securely stored on the block chain with the unencrypted usernames.

As for anonymity, simply choose a Twitter username like @AnonBitcoinUser.

A) not going to happen.
B) would be bad for anonymity because now you have 1 username for many addresses
C) for what purpose/benefit?

I agree that this would make no sense. It would also make it so that the block chain would not be secured cryptographically but rather with some central authority that houses all of the passwords.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: Anders on July 17, 2014, 04:06:15 AM

I wonder if Bitcoin could be updated to use public user IDs on the block chain. For example Twitter usernames. Then the need for private Bitcoin addresses is removed and the bitcoins always securely stored on the block chain with the unencrypted usernames.

As for anonymity, simply choose a Twitter username like @AnonBitcoinUser.

A) not going to happen.
B) would be bad for anonymity because now you have 1 username for many addresses
C) for what purpose/benefit?

meowdea

newbie

Activity: 17

Merit: 0

Quote from: acs267 on July 17, 2014, 04:07:27 AM

Yes. It depends more on if you make rational decesions or not.

What rational decision is? Because I can't imagine one if we are talking about bitcoins.

acs267

hero member

Activity: 644

Merit: 500

Yes. It depends more on if you make rational decesions or not.

Anders

full member

Activity: 126

Merit: 100

I wonder if Bitcoin could be updated to use public user IDs on the block chain. For example Twitter usernames. Then the need for private Bitcoin addresses is removed and the bitcoins always securely stored on the block chain with the unencrypted usernames.

As for anonymity, simply choose a Twitter username like @AnonBitcoinUser.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: giveBTCpls on July 16, 2014, 07:55:43 AM

Quote from: jonald_fyookball on July 14, 2014, 10:17:26 PM

Quote from: giveBTCpls on July 14, 2014, 07:03:02 PM

Ok maybe this is a bit off topic but I want to ask, when using a non Bitcoin Core wallet like Electrum (i've only used Bitcoin Core ever), can I use my wallet.dat file with Electrum and I will get the up to date balance and payment history plus all of my recieving/sending addresses on there?

I think wallet.dat files may be importable across wallets but
it is not guaranteed to work, may require special commands
or procedures, and may not preserve all of your history.

Also, if you import addresses into a deterministic wallet
like Electrum, those addresses wouldn't be derived from the
master seed, and therefore are not automatically backed up
or restorable from seed.

This seems like a pain in the ass to me. I'll stil to Bitcoin Core for now. I think they should work on full wallet.dat portability as one of the main priorities.

I'm not positive about the accuracy of my statement.

giveBTCpls

sr. member

Activity: 322

Merit: 250

Quote from: jonald_fyookball on July 14, 2014, 10:17:26 PM

Quote from: giveBTCpls on July 14, 2014, 07:03:02 PM

Ok maybe this is a bit off topic but I want to ask, when using a non Bitcoin Core wallet like Electrum (i've only used Bitcoin Core ever), can I use my wallet.dat file with Electrum and I will get the up to date balance and payment history plus all of my recieving/sending addresses on there?

I think wallet.dat files may be importable across wallets but
it is not guaranteed to work, may require special commands
or procedures, and may not preserve all of your history.

Also, if you import addresses into a deterministic wallet
like Electrum, those addresses wouldn't be derived from the
master seed, and therefore are not automatically backed up
or restorable from seed.

This seems like a pain in the ass to me. I'll stil to Bitcoin Core for now. I think they should work on full wallet.dat portability as one of the main priorities.

giveBTCpls

sr. member

Activity: 322

Merit: 250

Quote from: ?? on ??

Big disadvantage of Bitcoin: high rate of scam

I personally don't trust online wallets, exchanges, it's like staying still in the middle of a high speed road waiting to be winnowed.

Take as many precaution as you can, it is your money, real money that costs time and time is life.

Legit, I say I don't trust exchanges but I always end up leaving the coins there because basically lazyness and not wanting to miss good opportunities in the alt coin market.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: giveBTCpls on July 14, 2014, 07:03:02 PM

Ok maybe this is a bit off topic but I want to ask, when using a non Bitcoin Core wallet like Electrum (i've only used Bitcoin Core ever), can I use my wallet.dat file with Electrum and I will get the up to date balance and payment history plus all of my recieving/sending addresses on there?

I think wallet.dat files may be importable across wallets but
it is not guaranteed to work, may require special commands
or procedures, and may not preserve all of your history.

Also, if you import addresses into a deterministic wallet
like Electrum, those addresses wouldn't be derived from the
master seed, and therefore are not automatically backed up
or restorable from seed.

giveBTCpls

sr. member

Activity: 322

Merit: 250

Ok maybe this is a bit off topic but I want to ask, when using a non Bitcoin Core wallet like Electrum (i've only used Bitcoin Core ever), can I use my wallet.dat file with Electrum and I will get the up to date balance and payment history plus all of my recieving/sending addresses on there?

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Re: bitcoin the "hard way"... here is a "medium way"
solution:

Just wrote this python script:

https://bitcointalk.org/index.php?topic=694521.new#new

It is compatible with the Electrum wallet (my favorite wallet).
Basically, it is a stand-alone python script that will generate
your seed and addresses for you.

Once you use it to generate your seed, you can use Electrum
normally (OFFLINE -- you should ALWAYS be cold storage for any serious
amounts)... and you can verify the addresses generated to ensure the
seed was generated properly and that everything checks out,
with the added security of seeing the code first hand that
generates the random seed.

- Because the script is small, you can easily review it yourself, quickly,
so backdoors cannot be hidden in the source code.

- Because you run it from source, there is no danger of running
a malicious executable

- User friendly for slightly technical users

itod

legendary

Activity: 1974

Merit: 1077

Honey badger just does not care

Quote from: EtherCoin on July 14, 2014, 12:51:06 PM

Quote from: itod on July 14, 2014, 10:57:01 AM

Quote from: EtherCoin on July 14, 2014, 09:39:23 AM

h) Faraday cage... checked, will not damage your HDD in any way and will protect from random NKorea EMPs Cheesy

I believe original poster suggesting the Faraday cage didn't have in mind the protection of your equipment from the EMP, it's for protecting the electromagnetic spilling from your equipment being read outside of the building you are in. There are claims that there is equipment which can read the state of your screen from the car parked in front of your building. I won't mention USB keyloggers which send all your keystrokes to remote C&C servers, just waiting for the attacker's WiFi hotspot to appear on the horizon while he drives by your house. You've protected your machine from being opened while you are out of house and USB keylogger inserted directly on the motherboard, right? Right?!?

Hehe, a keylogger still requires some code to be executed inside the computer, about the equipment that can read your screen... Didn't know about it, interesting.

Still, faraday cages at affordable prices and with Alienware logo engraved seems like a business with future!

Eth.

Wrong! No software or drivers required, here's a simpler model which can not be mounted inside the laptop or computer case, so it's easily observable, and doesn't have it's own WiFi:
https://www.keelog.com/usb_hardware_keylogger.html
More sophisticated models may be in the computer next to you Grin

Edit:
Here's the WiFi version, 0.23BTC on Amazon:
https://www.keelog.com/wifi_hardware_keylogger.html

I can't find now the "inside the case" version, but Google is your friend.

minerpumpkin

hero member

Activity: 686

Merit: 500

A pumpkin mines 27 hours a night

Quote from: itod on July 14, 2014, 10:57:01 AM

Quote from: EtherCoin on July 14, 2014, 09:39:23 AM

h) Faraday cage... checked, will not damage your HDD in any way and will protect from random NKorea EMPs Cheesy

I believe original poster suggesting the Faraday cage didn't have in mind the protection of your equipment from the EMP, it's for protecting the electromagnetic spilling from your equipment being read outside of the building you are in. There are claims that there is equipment which can read the state of your screen from the car parked in front of your building. I won't mention USB keyloggers which send all your keystrokes to remote C&C servers, just waiting for the attacker's WiFi hotspot to appear on the horizon while he drives by your house. You've protected your machine from being opened while you are out of house and USB keylogger inserted directly on the motherboard, right? Right?!?

I see we've entered the realms of unreasonably high security measures again... Reminds of this recent xkcd:

(http://xkcd.com/538/)

EtherCoin

sr. member

Activity: 338

Merit: 255

Quote from: itod on July 14, 2014, 10:57:01 AM

Quote from: EtherCoin on July 14, 2014, 09:39:23 AM

h) Faraday cage... checked, will not damage your HDD in any way and will protect from random NKorea EMPs Cheesy

I believe original poster suggesting the Faraday cage didn't have in mind the protection of your equipment from the EMP, it's for protecting the electromagnetic spilling from your equipment being read outside of the building you are in. There are claims that there is equipment which can read the state of your screen from the car parked in front of your building. I won't mention USB keyloggers which send all your keystrokes to remote C&C servers, just waiting for the attacker's WiFi hotspot to appear on the horizon while he drives by your house. You've protected your machine from being opened while you are out of house and USB keylogger inserted directly on the motherboard, right? Right?!?

Hehe, a keylogger still requires some code to be executed inside the computer, about the equipment that can read your screen... Didn't know about it, interesting.

Still, faraday cages at affordable prices and with Alienware logo engraved seems like a business with future!

Eth.

juju

sr. member

Activity: 381

Merit: 250

Quote from: Anders on July 12, 2014, 12:11:44 PM

The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?

Generate your own address using the guide below on an offline computer without network card or network card drivers:

http://www.righto.com/2014/02/bitcoins-hard-way-using-raw-bitcoin.html

Live boot to an OS offline and use any wallet to generate a key or vanity Generator, backup the keys on a piece of paper, or to a USB drive after you encrypt the files containing the keys with PGP. If you don't want to live boot, be offline and just make sure too format the computer you used to generate the keys with while its offline before it ever goes back online or destroy the hard drive that generated the keys and buy a new one.

itod

legendary

Activity: 1974

Merit: 1077

Honey badger just does not care

Quote from: EtherCoin on July 14, 2014, 09:39:23 AM

h) Faraday cage... checked, will not damage your HDD in any way and will protect from random NKorea EMPs Cheesy

I believe original poster suggesting the Faraday cage didn't have in mind the protection of your equipment from the EMP, it's for protecting the electromagnetic spilling from your equipment being read outside of the building you are in. There are claims that there is equipment which can read the state of your screen from the car parked in front of your building. I won't mention USB keyloggers which send all your keystrokes to remote C&C servers, just waiting for the attacker's WiFi hotspot to appear on the horizon while he drives by your house. You've protected your machine from being opened while you are out of house and USB keylogger inserted directly on the motherboard, right? Right?!?

EtherCoin

sr. member

Activity: 338

Merit: 255

Quote from: souspeed on July 13, 2014, 05:14:09 AM

Quote from: EtherCoin on July 13, 2014, 05:05:32 AM

Quote from: souspeed on July 13, 2014, 05:00:25 AM

Stick with the most common used walles and you should be fine.

bitcoin-qt, electum, multibit or armory.

Choices enough.

Good point too, recap updated:

a) Download a well known, often used wallet from trusted source
b) Check MD5 hash
c) Check PGP signature
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet
f) Physically disconnect LAN cable when not in use for paranoia users.
g) Faraday cage... wait, wouldn't this also screw the HDD? Cheesy

Eth.

after
e) Encrypt wallet
comes
f) make backups, usb, hdd

So true.

so final recap:

a) Download a well known, often used wallet from trusted source
b) Check MD5 hash
c) Check PGP signature
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet
f) Backup, backup, backup
g) Physically disconnect LAN cable when not in use for paranoia users.
h) Faraday cage... checked, will not damage your HDD in any way and will protect from random NKorea EMPs Cheesy

Please feel free to bring more suggestions in for the ultimate safe-wallet-procedure

Eth.

Topic: Can Bitcoin wallets be trusted? (Read 3845 times)