Pages:
Author

Topic: I've just been robbed :-( - page 2. (Read 19258 times)

legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
May 29, 2013, 07:39:58 PM
Is it just me or was the only real problem here that the wallet had no password on it? If it had one there'd have been no theft right? Would it be sensible for the client to make passwords mandatory by default?
If you force people to use a password, they use a lame password or store it in a file right next to the data it's supposed to protect. An attacker can tell how many Bitcoins are in the wallet and can devote significant brute force resources to only those wallets known to have significant funds in them.
full member
Activity: 164
Merit: 100
May 29, 2013, 07:25:55 PM
Is it just me or was the only real problem here that the wallet had no password on it? If it had one there'd have been no theft right? Would it be sensible for the client to make passwords mandatory by default?

Condolences to the OP on the loss. it sucks.
member
Activity: 95
Merit: 10
October 11, 2012, 12:58:03 PM
Wallet makes sense to me
hero member
Activity: 784
Merit: 1000
Annuit cœptis humanae libertas
October 11, 2012, 12:17:12 PM
Wallet might not be a perfect analogy but I think overall it's still a fine nomenclature.
hero member
Activity: 588
Merit: 500
firstbits.com/1kznfw
October 11, 2012, 12:05:25 PM

How about spendkeys.dat or spendauth.dat
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 11, 2012, 10:46:14 AM

Perseus-Pouch.dat?


I like this one Smiley. Though not sure where the Perseus reference comes from.

Lets not confuse it with /etc/passwd.

privkeys.dat?


I was thinking that the keys were more like keys. Which leads to keyring or keychain. But that clashes with the whole PGP thing. Key pouch, keystore, keyfile keyvault? Keybook maybe? I don't know. The programs themselves also do more than just store keys so even that is not really a good representation (though your wallet does not monitor or initiate transactions either). Maybe go a little sideways: Sesame? (as in open sesame). Multipass? ( Cheesy )
legendary
Activity: 2940
Merit: 1090
October 11, 2012, 09:44:39 AM
Actually I too thought on first encounter with wallet.dat that wallet was a bad word to use for it.

But what would actually be better?

canofworms.dat?

HereThereBeMonsters.dat?

Perseus-Pouch.dat?

Lets not confuse it with /etc/passwd.

privkeys.dat?

-MarkM-
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 11, 2012, 09:21:49 AM
You put coins in wallets where you come from?

I thought most people put coins in purses or pockets and notes-aka-bills in wallets.

So much cultural variation! Biblical David or somesuch ancient carried bread in his didn't he? Or was that purse? Hmmm... Was Medusa's head carried in a purse or a wallet? Times change, cultures vary, but part also of my point was try focussing on the part of their wallet where they carry ID and/or credit cards, hotel room door swipe-cards and such.

-MarkM-

EDIT: Also, at first sign they are thinking of the wrong type or aspect of wallet, maybe try "no no no not billfold, not coinpurse, wallet!

(I have one that has a billfold section and a coinpurse (horrible to use, too bumpy/bulky in use) as well as normal wallet parts for IDs and cards etc...)

(See what I did there with that "normal" word? Cheesy)


I did know someone who had a coin-purse and used it. Of course, he was also pretending to smoke a pipe by age 10 so...

Even so, I'm just saying that the metaphor of a physical token is enough to cause confusion in the wallet metaphor, not to mention that you don't have to backup or encrypt your wallet and if you lose it, you haven't lost all your money (Though you shouldn't if you are properly managing wallets anyway. But there's another point, who has multiple real-world wallets in general use?). The wallet metaphor falls short well before a regular user comprehends enough to be able to use Bitcoin safely.
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
October 11, 2012, 05:40:03 AM
there could be a scheme like that with hierachical deterministic paper wallets, where you build up a paper chessboard, put 4 smaller chessboards on top, 16 on top, 64 on top... etc. then you can pick small denominations from the top and spend them, or the largest sheet from the bottom and spend all of them.
Mind boggling but as long as you're organised doable.

I'd think that a binary sequence of deposit values to addresses would work. Then you would just spend what combination of keys gave you the value you wanted. I suppose you would have to do a balance re-org after to keep it usable.  Wink

Over my head for sure.
legendary
Activity: 2940
Merit: 1090
October 11, 2012, 12:30:15 AM
You put coins in wallets where you come from?

I thought most people put coins in purses or pockets and notes-aka-bills in wallets.

So much cultural variation! Biblical David or somesuch ancient carried bread in his didn't he? Or was that purse? Hmmm... Was Medusa's head carried in a purse or a wallet? Times change, cultures vary, but part also of my point was try focussing on the part of their wallet where they carry ID and/or credit cards, hotel room door swipe-cards and such.

-MarkM-

EDIT: Also, at first sign they are thinking of the wrong type or aspect of wallet, maybe try "no no no not billfold, not coinpurse, wallet!

(I have one that has a billfold section and a coinpurse (horrible to use, too bumpy/bulky in use) as well as normal wallet parts for IDs and cards etc...)

(See what I did there with that "normal" word? Cheesy)
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 10, 2012, 10:29:46 PM
I was not being sacrastic, I was realising myself that although I recall wallets as being where one keeps money, who-ever named the private keys repository in bitcoin might well date from an era when wallets are not for keeping money in but, rather, for keeping the stuff you need for identifying yourself as being authorised to access money.

-MarkM-


Ah, I see what you mean. Good point. Though people do still put cash in wallets (not me. The different dollar bills all being the same size makes it too annoying) and the bitcoin is, after all, named after a currency token which further emphasizes the metaphor of "a bitcoin in your wallet". Even on this board, those who know better often talk as if the coins are in the wallet. Like I say, I understand why it was called that, I just think where the metaphor breaks (and it breaks easily) is where things fall apart.

Also consider that although credit/debit cards authorize your access to money, they very much behave like cash in actual use (Get items, hand token to cashier, the invocation and return of token are the main difference).

I'm actually thinking that the hardware wallets suggested elsewhere may provide a more friendly introduction to bitcoins.
legendary
Activity: 2940
Merit: 1090
October 10, 2012, 09:40:12 PM
I was not being sarcastic, I was realising myself that although I recall wallets as being where one keeps money, who-ever named the private keys repository in bitcoin might well date from an era when wallets are not for keeping money in but, rather, for keeping the stuff you need for identifying yourself as being authorised to access money.

-MarkM-
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 10, 2012, 09:35:53 PM
A wallet is the thing you keep your cards in, right?

The cards with the magic numbers on them that give you access to money?

What generation are you from? Maybe old enough to remember when people kept paper in their wallets instead of printing their wallets on paper?

-MarkM-

P.S. The cards that nowadays chances are have to be scanned/read-by or typed into a computer to get access to that money?


Nice sarcasm. Shame it's wasted, I have no problem with the concepts involved in the Bitcoin wallet. Do you really want me to spell out all the differences? These differences are what will make it troublesome for many to adopt. That is all I'm saying.
legendary
Activity: 2940
Merit: 1090
October 10, 2012, 09:26:16 PM
A wallet is the thing you keep your cards in, right?

The cards with the magic numbers on them that give you access to money?

What generation are you from? Maybe old enough to remember when people kept paper in their wallets instead of printing their wallets on paper?

-MarkM-

P.S. The cards that nowadays chances are have to be scanned/read-by or typed into a computer to get access to that money?
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 10, 2012, 07:39:53 PM

What's so difficult to understand about a paper wallet?

It probably starts with the fact that it's not a wallet.

I can understand why that word was chosen but it sets people up with totally the wrong basis to mentally work from. Given that many people don't even understand where the web or the internet are and some of them even make it to senator, well...

Though I'm sure that that's a discussion that's already been done to death on these boards already so I don't really want to get into a big discussion. But any documentation for the regular user will probably have to handily subvert the wallet metaphor on page 1, paragraph 1.
legendary
Activity: 2940
Merit: 1333
September 30, 2012, 11:57:14 PM
You can easily recover files from a formatted drive.  

A friend accidentally formatted my camera's memory card a few days ago.  I was able to recover all the files from the formatted memory card using "photorec" from Ubuntu's "testdisk" package.
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
September 30, 2012, 06:24:52 PM

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.
For python there is a module that is used by Electrum. One click turns on web cam, with live view window, and it waits til it sees a barcode. When it does, it closes and returns with the scanned code.

For C lib,
http://zbar.sourceforge.net/

and also,
python-zbar

Works great in Electrum send tab.
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
September 30, 2012, 01:52:37 PM
#99
Some one might already have your wallet since long time ago, but they just wait until it is big enough to harvest  Roll Eyes
hero member
Activity: 489
Merit: 505
September 30, 2012, 01:46:52 PM
#98
I would still like to know if its possible, how the original theft of the OP took place exactly so that I can make sure that it doesn't happen. Looks like the ssh login occured on a non-standard port so the OP's PC must have been scanned. If that is the case, then the OP must have had a public facing computer with no firewall between him and the internet? Assuming the attacker located the correct ssh port, then in order to login either

attacker had private key to authenticate with ssh server on OP's pc or
OP had a weak password that was brute-forced

The the OP says the attacker nicked his private key and then logged onto his work computer. htf did the attacker know to look on his work computer? I think that the OP's security environment must have been totally compromised somehow. Maybe something he said on an IRC channel perhaps? I worry that this can happen to anybody if some joe hacker decides he wants some bitcoin, he just breaks into some poor sod's non-standard ssh port and then navigates his way to his work pc in a space of a few minutes. what gives?
Still trying to figure that one out myself, will have more in a couple of days I guess.
hero member
Activity: 546
Merit: 500
September 30, 2012, 01:07:14 PM
#97

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.


Its in the works, but is being prepared for another use.
Pages:
Jump to: