Pages:
Author

Topic: decryption of wallet (Read 818 times)

legendary
Activity: 2268
Merit: 18771
October 22, 2022, 03:33:16 AM
#54
I thought the cloning could have an effect the Bitcoins.
It doesn't work like this.

The bitcoin themselves are never "in" your wallet or "on" your computer. The bitcoin never leave the blockchain. All that your wallet stores are the private keys necessary to allow you to tell the network how you want to spend or move those bitcoin. If you copy your wallet file, then you will have two wallet files containing the same private keys which will both have access to the same bitcoin on the blockchain, but the bitcoin themselves are not cloned.

Think of it like if an attacker cloned your bank card. Both the original and the clone can spend the same money from the same account, but the actual money in your account is not cloned.
newbie
Activity: 13
Merit: 0
October 21, 2022, 03:33:50 PM
#53
Hello guys, I'm a newbie. I'll love to know if it can be possible to rewrite the program of a Bitcoin wallet application software that has bitcoins in it?
Thanks

Please explain. What do you mean by "rewrite the program"?

If you have some programming skill, then it is possible to "rewrite" Bitcoin Core source code and make a clone of the program that can do everything that original program does and more. But there is no real benefit to doing so, because nobody will care about your clone. What exactly do you want to achieve?

By the way, bitcoins are not in the program but on the blockchain.


Thank you stalker22, that's the answer I needed. I thought the cloning could have an effect the Bitcoins. There's no telling what hackers and scammers are capable of.
legendary
Activity: 1526
Merit: 1359
October 21, 2022, 03:16:48 PM
#52
Hello guys, I'm a newbie. I'll love to know if it can be possible to rewrite the program of a Bitcoin wallet application software that has bitcoins in it?
Thanks

Please explain. What do you mean by "rewrite the program"?

If you have some programming skill, then it is possible to "rewrite" Bitcoin Core source code and make a clone of the program that can do everything that original program does and more. But there is no real benefit to doing so, because nobody will care about your clone. What exactly do you want to achieve?

By the way, bitcoins are not in the program but on the blockchain.
newbie
Activity: 13
Merit: 0
October 21, 2022, 02:16:05 PM
#51
Hello guys, I'm a newbie. I'll love to know if it can be possible to rewrite the program of a Bitcoin wallet application software that has bitcoins in it?
Thanks
legendary
Activity: 2268
Merit: 18771
October 15, 2022, 02:38:42 AM
#50
maybe but maybe it just means its not a proven scam. not 100%.
There are literally millions of sites out there which are 100% scams. Not just in bitcoin, but in general. Malicious clones of exchanges, platforms, mixers, wallets, shops, etc. MLM schemes. Fake charities, casinos, lotteries, marketplaces, etc. Fake investment companies. Fake employment companies. Fake companies in general. The list is endless.

You can report these sites if you want, but what incentive do web hosts have to take down these sites? Scammers pay them, and they don't take a hit to their reputation by continuing to host scammers because almost nobody even bothers to find out who is hosting these scams in the first place. Register themselves to the Seychelles or similar and they can pretty much do what they like. And even if you succeed in taking down a scam site, it will be re-hosted at a different address within hours.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
October 13, 2022, 07:42:48 PM
#49
Hard-core CLI transaction creation? I think you're right, there's not much of a market for that.
I was picturing a very minimal GUI, as presumably most people who are able to navigate CLI transaction creation from scratch would also be able to read code well enough to vet a wallet like Electrum.
I do like and support this idea! My main question would be how to handle the cryptography. Use existing ('tried & tested') crypto-libraries that have been around forever and avoid relatively hard to verify (the whole purpose of the project) code segments completely or attempt rewriting just the parts of the cryptography that are required, but make the code less trivial to understand and verify, thus allowing to verify the whole, compact, codebase, but making it a bit larger and a bit harder to understand in the process?
sr. member
Activity: 1190
Merit: 469
October 11, 2022, 08:21:42 PM
#48

Seriously tho, it's actually really difficult to get scam sites taken down a lot of the time... even 100% proven scams. Based on personal experience, about the only recourse you have is to complain to the DNS provider and/or webhost and hope that their complaints/abuse team care enough to do something about it Undecided

maybe but maybe it just means its not a proven scam. not 100%. you can't just go taking sites off line because you THINK they are a scam. and if you can't prove it then all you really got is anecdotal stories. not saying there isn't something to them but i think almost every software for bitcoin has some people that lose funds due to something they can't explain. some things have more complaints then others but does that mean some of them are scam and some arent?

now with that said, would i use some software to generate addresses that was not open source that had complaints about people saying they lost their funds? probably not.
HCP
legendary
Activity: 2086
Merit: 4363
October 11, 2022, 07:50:11 PM
#47
 
they can't allow a provable scam to continue operating and stealing peoples' money.
You must be new to the internet Tongue

Seriously tho, it's actually really difficult to get scam sites taken down a lot of the time... even 100% proven scams. Based on personal experience, about the only recourse you have is to complain to the DNS provider and/or webhost and hope that their complaints/abuse team care enough to do something about it Undecided
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 11, 2022, 08:27:27 AM
#46
presumably most people who are able to navigate CLI transaction creation from scratch would also be able to read code well enough to vet a wallet like Electrum.
I love CLI, but I can't read Electrum's code. I would guess that applies to more people, thoroughly checking a lot of code is much more work (and more complicated) than following CLI-instructions.
legendary
Activity: 2268
Merit: 18771
October 11, 2022, 08:24:48 AM
#45
Hard-core CLI transaction creation? I think you're right, there's not much of a market for that.
I was picturing a very minimal GUI, as presumably most people who are able to navigate CLI transaction creation from scratch would also be able to read code well enough to vet a wallet like Electrum.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 11, 2022, 05:41:38 AM
#44
i know it's still running today. the question is how and why? can i prove to myself somehow that the site is a scam? maybe that's why it never got took offline because they can't prove it 100%.
Scammers make a living by scamming people, of course they don't take their site offline.
What might work, is going through their registrar of web host, but in the latter case they'll just move somewhere else.

Perhaps there is a market for a bare bones wallet which can only generate segwit addresses, sign transactions, and nothing else, but I can't imagine it would be a very big market.
Hard-core CLI transaction creation? I think you're right, there's not much of a market for that.
legendary
Activity: 2268
Merit: 18771
October 11, 2022, 05:30:40 AM
#43
the question is how and why? can i prove to myself somehow that the site is a scam? maybe that's why it never got took offline because they can't prove it 100%.
I mean, it is a well known scam based on how many reports we have of people losing money on it, and reports of it generating addresses which have already been used. I suppose you could try to examine the back end (although since being sold and turning in to a scam then obviously the source code is no longer available on Github), or use it to generate some addresses to fund and watch your coins being stolen.

Being a scam is rarely enough to get a site taken down altogether, though.

which is why i like simple code minimal code. code that i can understand. code that isn't thousands of lines long when it doesn't need to be.
The thousands of lines of extra code are to program additional functions like a GUI, coin control, being able to choose a fee, different address types, multi-sig, Lightning support, and so on. The code usually isn't there for no good reason. Perhaps there is a market for a bare bones wallet which can only generate segwit addresses, sign transactions, and nothing else, but I can't imagine it would be a very big market.
sr. member
Activity: 1190
Merit: 469
October 10, 2022, 08:19:06 PM
#42
Your quotes are all messed up.
sorry about that. but i fixed it, they should make it easier to quote people without having to type in "quote" blocks manually.

Quote
No, it is still running today. The original owner (who was honest) sold the site, and the new owner turned it in to a malicious scam, which people continued (and continue) to use without realizing it due to the original site's good reputation.

i know it's still running today. the question is how and why? can i prove to myself somehow that the site is a scam? maybe that's why it never got took offline because they can't prove it 100%.


Quote
There is no way your validity checker could be accurate enough to guarantee safety without also declaring a lot of perfectly safe code invalid. If you are going to write a program that locks down your wallet software to only doing the absolute minimum with no deviation allowed, then better to just write minimalist wallet software in the first place, which even someone with a low amount of coding knowledge could verify themselves.
which is why i like simple code minimal code. code that i can understand. code that isn't thousands of lines long when it doesn't need to be.


Quote
I've spoken about this before: https://bitcointalksearch.org/topic/m.59983088
i replied on that thread.
legendary
Activity: 2268
Merit: 18771
October 10, 2022, 03:08:28 AM
#41
Your quotes are all messed up.

so they took the website offline then once it became a scam right? they can't allow a provable scam to continue operating and stealing peoples' money.
No, it is still running today. The original owner (who was honest) sold the site, and the new owner turned it in to a malicious scam, which people continued (and continue) to use without realizing it due to the original site's good reputation.

the validity checker could publish a list of methods that were allowed and then inside each method it would inspect to make sure that the only things that were happening were the standard bitcoin address generation process. anything that was there that did not belong would mean "invalid program". simple as that. a seed phrase inside the random number generator? invalid. some unknown decimal or hex number just being defined somewhere? invalid. an attempt to connect to the internet? invalid. anything unknown? need to write better code. invalid!
There is no way your validity checker could be accurate enough to guarantee safety without also declaring a lot of perfectly safe code invalid. If you are going to write a program that locks down your wallet software to only doing the absolute minimum with no deviation allowed, then better to just write minimalist wallet software in the first place, which even someone with a low amount of coding knowledge could verify themselves.

i would think rolling dice or flipping coins is better than any algorithm that produces pseudo random numbers.
Not necessarily. There are lot of things to consider when trying to extract entropy from a physical process, things which most people don't even know exist and so make the mistake of thinking it is a straightforward process. I've spoken about this before: https://bitcointalksearch.org/topic/m.59983088
sr. member
Activity: 1190
Merit: 469
October 09, 2022, 08:41:31 PM
#40
That sounds a lot like virus scanners, where companies make a living of selling updates for dozens of new virusses per day. It will never be secure.
well viruses are different since computers have to connect to the internet and be forced to interact with all different types of software that a user might decide to install. you can't just lock them down too much or else the user wouldn't be able to do anything.

I've seen people lose their Bitcoins because a once trusted paper wallet website got sold and turned into a scam. Even offline, it creates compromised paper wallets because it doesn't create random private keys.
so they took the website offline then once it became a scam right? they can't allow a provable scam to continue operating and stealing peoples' money.
imagine that website still existing on the internet and someone downloaded it before it became a scam and used it with no ill affects but then they decided to "upgrade" by downloading the latest version and then got scammed. that would really throw them for a loop  Shocked and it would be their fault though for not monitoring the situation.


Quote
If this were true, then malware would no longer exist because every possible workaround had been patched. There will also be a new workaround.

the validity checker could publish a list of methods that were allowed and then inside each method it would inspect to make sure that the only things that were happening were the standard bitcoin address generation process. anything that was there that did not belong would mean "invalid program". simple as that. a seed phrase inside the random number generator? invalid. some unknown decimal or hex number just being defined somewhere? invalid. an attempt to connect to the internet? invalid. anything unknown? need to write better code. invalid!

Quote
Depends on the random number generator on your computer. Is it better than some javascript RNG? Yes. Is it better than /dev/urandom? Probably not. However, it is also harder to do, easier to make a mistake, and easier to do in an insecure manner, so I wouldn't generally recommend it to most people.

i would think rolling dice or flipping coins is better than any algorithm that produces pseudo random numbers. now if you're talking about true random like linux /dev/random maybe that's different. windows doesn't have that though.

legendary
Activity: 2268
Merit: 18771
October 09, 2022, 06:48:29 AM
#39
but at some point they would have to really be clever to find more workarounds. at some point there might not be anymore.
If this were true, then malware would no longer exist because every possible workaround had been patched. There will also be a new workaround.

thats better than using the random number generator on your computer?  Shocked
Depends on the random number generator on your computer. Is it better than some javascript RNG? Yes. Is it better than /dev/urandom? Probably not. However, it is also harder to do, easier to make a mistake, and easier to do in an insecure manner, so I wouldn't generally recommend it to most people.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
October 09, 2022, 03:24:59 AM
#38
if someone did that and somehow found a loophole, then you patch it by adding their workaround as another item in your list. but at some point they would have to really be clever to find more workarounds.
That sounds a lot like virus scanners, where companies make a living of selling updates for dozens of new virusses per day. It will never be secure.

If you are completely paranoid about how your seed phrase was generated and do not trust any piece of software, then the best option would be to do it manually, using 128 coin flips and an airgapped Linux machine to calculate the checksum.
thats better than using the random number generator on your computer?  Shocked
Yes! It's very difficult to verify the randomness of your computer, but it's very easy to verify that a coin flip is random. It's not perfect, but it's not something anyone else can reproduce.

I've seen people lose their Bitcoins because a once trusted paper wallet website got sold and turned into a scam. Even offline, it creates compromised paper wallets because it doesn't create random private keys. That won't happen with coin flips. You should still make sure the software you use to create a private key out of it isn't compromised.
sr. member
Activity: 1190
Merit: 469
October 08, 2022, 08:21:07 PM
#37
There would be no way to write a piece of software which could detect every possible way a wallet could be malicious,
what you do is make a list of all the possible ways. then you have to have subroutines that check each way. the program will run the software through each subroutine.



Quote
and even if someone attempted such a piece of software, then an attacker could also download it and find a work around.
if someone did that and somehow found a loophole, then you patch it by adding their workaround as another item in your list. but at some point they would have to really be clever to find more workarounds. at some point there might not be anymore.

Quote
If you are completely paranoid about how your seed phrase was generated and do not trust any piece of software, then the best option would be to do it manually, using 128 coin flips and an airgapped Linux machine to calculate the checksum.
thats better than using the random number generator on your computer?  Shocked


legendary
Activity: 2268
Merit: 18771
October 08, 2022, 03:51:43 AM
#36
or maybe there's a software that you could run on a piece of other software to detect if it was malicious or not.
There would be no way to write a piece of software which could detect every possible way a wallet could be malicious, and even if someone attempted such a piece of software, then an attacker could also download it and find a work around.

If you are completely paranoid about how your seed phrase was generated and do not trust any piece of software, then the best option would be to do it manually, using 128 coin flips and an airgapped Linux machine to calculate the checksum.
sr. member
Activity: 1190
Merit: 469
October 07, 2022, 09:39:42 PM
#35
Up to the individual, probably. You need to differentiate between whether you are checking for accuracy or checking for maliciousness. If your copy of bitaddress generates one address accurately, then you can be pretty sure if it is non-malicious then it will generate all addresses accurately. However, a malicious piece of software may generate one or two addresses accurately and then start generating fake addresses.
Yeah I think we were talking about the former situation, not the latter. Detecting maliciousness is a whole different thing that you can't do by just comparing outputs.

Quote
However, given that any malicious software could generate addresses from predetermined seed phrases or private keys which are known to an attacker, then testing them in this manner does not protect against attack. That can only be done by reviewing the source code.

or maybe there's a software that you could run on a piece of other software to detect if it was malicious or not. it seems plausible that this would be a reasonable thing to want to do. because reviewing by hand not everyone has that type of expertise.
Pages:
Jump to: