Is it just me or was the only real problem here that the wallet had no password on it? If it had one there'd have been no theft right? Would it be sensible for the client to make passwords mandatory by default?
If you force people to use a password, they use a lame password or store it in a file right next to the data it's supposed to protect. An attacker can tell how many Bitcoins are in the wallet and can devote significant brute force resources to only those wallets known to have significant funds in them. 
Topic: I've just been robbed :-( - page 2. (Read 19185 times)
Is it just me or was the only real problem here that the wallet had no password on it? If it had one there'd have been no theft right? Would it be sensible for the client to make passwords mandatory by default?
Condolences to the OP on the loss. it sucks.
Condolences to the OP on the loss. it sucks.
Wallet makes sense to me
Wallet might not be a perfect analogy but I think overall it's still a fine nomenclature.
How about spendkeys.dat or spendauth.dat
Perseus-Pouch.dat?
I like this one
. Though not sure where the Perseus reference comes from.Lets not confuse it with /etc/passwd.
privkeys.dat?
privkeys.dat?
I was thinking that the keys were more like keys. Which leads to keyring or keychain. But that clashes with the whole PGP thing. Key pouch, keystore, keyfile keyvault? Keybook maybe? I don't know. The programs themselves also do more than just store keys so even that is not really a good representation (though your wallet does not monitor or initiate transactions either). Maybe go a little sideways: Sesame? (as in open sesame). Multipass? (
) 
Actually I too thought on first encounter with wallet.dat that wallet was a bad word to use for it.
But what would actually be better?
canofworms.dat?
HereThereBeMonsters.dat?
Perseus-Pouch.dat?
Lets not confuse it with /etc/passwd.
privkeys.dat?
-MarkM-
But what would actually be better?
canofworms.dat?
HereThereBeMonsters.dat?
Perseus-Pouch.dat?
Lets not confuse it with /etc/passwd.
privkeys.dat?
-MarkM-
You put coins in wallets where you come from?
I thought most people put coins in purses or pockets and notes-aka-bills in wallets.
So much cultural variation! Biblical David or somesuch ancient carried bread in his didn't he? Or was that purse? Hmmm... Was Medusa's head carried in a purse or a wallet? Times change, cultures vary, but part also of my point was try focussing on the part of their wallet where they carry ID and/or credit cards, hotel room door swipe-cards and such.
-MarkM-
EDIT: Also, at first sign they are thinking of the wrong type or aspect of wallet, maybe try "no no no not billfold, not coinpurse, wallet!
(I have one that has a billfold section and a coinpurse (horrible to use, too bumpy/bulky in use) as well as normal wallet parts for IDs and cards etc...)
(See what I did there with that "normal" word?)
I thought most people put coins in purses or pockets and notes-aka-bills in wallets.
So much cultural variation! Biblical David or somesuch ancient carried bread in his didn't he? Or was that purse? Hmmm... Was Medusa's head carried in a purse or a wallet? Times change, cultures vary, but part also of my point was try focussing on the part of their wallet where they carry ID and/or credit cards, hotel room door swipe-cards and such.
-MarkM-
EDIT: Also, at first sign they are thinking of the wrong type or aspect of wallet, maybe try "no no no not billfold, not coinpurse, wallet!
(I have one that has a billfold section and a coinpurse (horrible to use, too bumpy/bulky in use) as well as normal wallet parts for IDs and cards etc...)
(See what I did there with that "normal" word?
)I did know someone who had a coin-purse and used it. Of course, he was also pretending to smoke a pipe by age 10 so...
Even so, I'm just saying that the metaphor of a physical token is enough to cause confusion in the wallet metaphor, not to mention that you don't have to backup or encrypt your wallet and if you lose it, you haven't lost all your money (Though you shouldn't if you are properly managing wallets anyway. But there's another point, who has multiple real-world wallets in general use?). The wallet metaphor falls short well before a regular user comprehends enough to be able to use Bitcoin safely.
there could be a scheme like that with hierachical deterministic paper wallets, where you build up a paper chessboard, put 4 smaller chessboards on top, 16 on top, 64 on top... etc. then you can pick small denominations from the top and spend them, or the largest sheet from the bottom and spend all of them.
Mind boggling but as long as you're organised doable. I'd think that a binary sequence of deposit values to addresses would work. Then you would just spend what combination of keys gave you the value you wanted. I suppose you would have to do a balance re-org after to keep it usable.
Over my head for sure.
You put coins in wallets where you come from?
I thought most people put coins in purses or pockets and notes-aka-bills in wallets.
So much cultural variation! Biblical David or somesuch ancient carried bread in his didn't he? Or was that purse? Hmmm... Was Medusa's head carried in a purse or a wallet? Times change, cultures vary, but part also of my point was try focussing on the part of their wallet where they carry ID and/or credit cards, hotel room door swipe-cards and such.
-MarkM-
EDIT: Also, at first sign they are thinking of the wrong type or aspect of wallet, maybe try "no no no not billfold, not coinpurse, wallet!
(I have one that has a billfold section and a coinpurse (horrible to use, too bumpy/bulky in use) as well as normal wallet parts for IDs and cards etc...)
(See what I did there with that "normal" word?)
I thought most people put coins in purses or pockets and notes-aka-bills in wallets.
So much cultural variation! Biblical David or somesuch ancient carried bread in his didn't he? Or was that purse? Hmmm... Was Medusa's head carried in a purse or a wallet? Times change, cultures vary, but part also of my point was try focussing on the part of their wallet where they carry ID and/or credit cards, hotel room door swipe-cards and such.
-MarkM-
EDIT: Also, at first sign they are thinking of the wrong type or aspect of wallet, maybe try "no no no not billfold, not coinpurse, wallet!
(I have one that has a billfold section and a coinpurse (horrible to use, too bumpy/bulky in use) as well as normal wallet parts for IDs and cards etc...)
(See what I did there with that "normal" word?
)I was not being sacrastic, I was realising myself that although I recall wallets as being where one keeps money, who-ever named the private keys repository in bitcoin might well date from an era when wallets are not for keeping money in but, rather, for keeping the stuff you need for identifying yourself as being authorised to access money.
-MarkM-
-MarkM-
Ah, I see what you mean. Good point. Though people do still put cash in wallets (not me. The different dollar bills all being the same size makes it too annoying) and the bitcoin is, after all, named after a currency token which further emphasizes the metaphor of "a bitcoin in your wallet". Even on this board, those who know better often talk as if the coins are in the wallet. Like I say, I understand why it was called that, I just think where the metaphor breaks (and it breaks easily) is where things fall apart.
Also consider that although credit/debit cards authorize your access to money, they very much behave like cash in actual use (Get items, hand token to cashier, the invocation and return of token are the main difference).
I'm actually thinking that the hardware wallets suggested elsewhere may provide a more friendly introduction to bitcoins.
I was not being sarcastic, I was realising myself that although I recall wallets as being where one keeps money, who-ever named the private keys repository in bitcoin might well date from an era when wallets are not for keeping money in but, rather, for keeping the stuff you need for identifying yourself as being authorised to access money.
-MarkM-
-MarkM-
A wallet is the thing you keep your cards in, right?
The cards with the magic numbers on them that give you access to money?
What generation are you from? Maybe old enough to remember when people kept paper in their wallets instead of printing their wallets on paper?
-MarkM-
P.S. The cards that nowadays chances are have to be scanned/read-by or typed into a computer to get access to that money?
The cards with the magic numbers on them that give you access to money?
What generation are you from? Maybe old enough to remember when people kept paper in their wallets instead of printing their wallets on paper?
-MarkM-
P.S. The cards that nowadays chances are have to be scanned/read-by or typed into a computer to get access to that money?
Nice sarcasm. Shame it's wasted, I have no problem with the concepts involved in the Bitcoin wallet. Do you really want me to spell out all the differences? These differences are what will make it troublesome for many to adopt. That is all I'm saying.
A wallet is the thing you keep your cards in, right?
The cards with the magic numbers on them that give you access to money?
What generation are you from? Maybe old enough to remember when people kept paper in their wallets instead of printing their wallets on paper?
-MarkM-
P.S. The cards that nowadays chances are have to be scanned/read-by or typed into a computer to get access to that money?
The cards with the magic numbers on them that give you access to money?
What generation are you from? Maybe old enough to remember when people kept paper in their wallets instead of printing their wallets on paper?
-MarkM-
P.S. The cards that nowadays chances are have to be scanned/read-by or typed into a computer to get access to that money?
What's so difficult to understand about a paper wallet?
It probably starts with the fact that it's not a wallet.
I can understand why that word was chosen but it sets people up with totally the wrong basis to mentally work from. Given that many people don't even understand where the web or the internet are and some of them even make it to senator, well...
Though I'm sure that that's a discussion that's already been done to death on these boards already so I don't really want to get into a big discussion. But any documentation for the regular user will probably have to handily subvert the wallet metaphor on page 1, paragraph 1.
You can easily recover files from a formatted drive.
A friend accidentally formatted my camera's memory card a few days ago. I was able to recover all the files from the formatted memory card using "photorec" from Ubuntu's "testdisk" package.
That's where a barcode scanner comes in. Surely there must be something out there that makes a barcode scanner out of the webcam.
For C lib,
http://zbar.sourceforge.net/
and also,
python-zbar
Works great in Electrum send tab.
Some one might already have your wallet since long time ago, but they just wait until it is big enough to harvest 
I would still like to know if its possible, how the original theft of the OP took place exactly so that I can make sure that it doesn't happen. Looks like the ssh login occured on a non-standard port so the OP's PC must have been scanned. If that is the case, then the OP must have had a public facing computer with no firewall between him and the internet? Assuming the attacker located the correct ssh port, then in order to login either
attacker had private key to authenticate with ssh server on OP's pc or
OP had a weak password that was brute-forced
The the OP says the attacker nicked his private key and then logged onto his work computer. htf did the attacker know to look on his work computer? I think that the OP's security environment must have been totally compromised somehow. Maybe something he said on an IRC channel perhaps? I worry that this can happen to anybody if some joe hacker decides he wants some bitcoin, he just breaks into some poor sod's non-standard ssh port and then navigates his way to his work pc in a space of a few minutes. what gives?
Still trying to figure that one out myself, will have more in a couple of days I guess. attacker had private key to authenticate with ssh server on OP's pc or
OP had a weak password that was brute-forced
The the OP says the attacker nicked his private key and then logged onto his work computer. htf did the attacker know to look on his work computer? I think that the OP's security environment must have been totally compromised somehow. Maybe something he said on an IRC channel perhaps? I worry that this can happen to anybody if some joe hacker decides he wants some bitcoin, he just breaks into some poor sod's non-standard ssh port and then navigates his way to his work pc in a space of a few minutes. what gives?
That's where a barcode scanner comes in. Surely there must be something out there that makes a barcode scanner out of the webcam.
Its in the works, but is being prepared for another use.
Jump to: