). 
Topic: Show Me The Bitcoin! - use plain images as Bitcoin keys, send BTC via email - page 3. (Read 3236 times)
April 27, 2014, 04:44:32 PM
And the third one is gone, it was on MtGox (their logo on top left - the only image left on their website ).
). April 27, 2014, 04:28:06 PM
Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.
Could you be bothered to look at my post history to see what other projects I am involved in? Here, in case you can't find it: https://bitcointalksearch.org/user/drazvan-82497 . Also, that's me https://www.linkedin.com/profile/view?id=4926501 . That's also me http://www.theregister.co.uk/2004/06/03/pocket_rendezvous/ . And this http://www.othercoin.com/OtherCoin.pdf . Busy scammer, huh?
But hey, "scammer" is a nice hint word for the location of the last of the three bounties I've posted. Let's see if anyone claims it.
April 27, 2014, 04:20:34 PM
Quote
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.
No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else.
Better now?
Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.
April 27, 2014, 04:04:34 PM
Looks like someone claimed 2 of the 3 bounties I've posted (funds attached to images on the net). The first one was attached to the top-left image on Reddit (/r/Bitcoin), the second one was attached to our logo on www.veri.fi . Good work people! There's just one left!
. Good work people! There's just one left! April 27, 2014, 03:57:48 PM
Quote
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.
No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else.
Better now?
April 27, 2014, 03:37:19 PM
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.
Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either .
. Brain wallets are another bad idea. You are comparing your app to a known bad idea?
Why are they a bad idea? A properly done brain wallet is simple to remember and impossible to crack.
April 27, 2014, 02:46:19 PM
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.
Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either .
. Brain wallets are another bad idea. You are comparing your app to a known bad idea?
Give the guy a break. He tried to make something practical, and IMO he did. It is free, not like he's charging a BTC for it.
April 27, 2014, 02:31:02 PM
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.
Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either .
. Brain wallets are another bad idea. You are comparing your app to a known bad idea?
April 27, 2014, 01:33:35 PM
Ah, I don't. That is a good idea
April 27, 2014, 01:32:13 PM
Oh, one is 2.3.6, the other is 4.1.2. I got it working on 4.1.2, but when I go to deposit funds, it crashes. 
Do you have the Android Bitcoin Wallet installed? This one: https://play.google.com/store/apps/details?id=de.schildbach.wallet .
I should probably add some code to check if the Bitcoin Wallet is installed and if it's not, take the user to the download page.
April 27, 2014, 01:24:13 PM
Oh, one is 2.3.6, the other is 4.1.2. I got it working on 4.1.2, but when I go to deposit funds, it crashes.
April 27, 2014, 01:05:18 PM
Of course, this doesn't mean I can't add a password or a PIN into the mix - but I wanted to minimize the amount of extra information needed to claim the funds. If I have a channel to securely send you an extra PIN or password, I might as well send you the whole key.
And for storing personal funds, I wanted to be able to take a picture of my family for instance, then secretly add some funds to it, then tell my daughter when she's older to look for that family photo and find a little "surprise present" in it if she knows where to look.
And for storing personal funds, I wanted to be able to take a picture of my family for instance, then secretly add some funds to it, then tell my daughter when she's older to look for that family photo and find a little "surprise present" in it if she knows where to look
. April 27, 2014, 12:55:53 PM
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either. But instead of remembering it, you just save/secure an image that hashes to the key. It's not as secure as a true 256-bit random key and it's not meant to be - it's just way easier to covertly store and transfer.
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either
. But instead of remembering it, you just save/secure an image that hashes to the key. It's not as secure as a true 256-bit random key and it's not meant to be - it's just way easier to covertly store and transfer. April 27, 2014, 12:49:38 PM
So the private key is not encrypted in any way? It's just the sha256 hash of the image. What could possibly go wrong!
Also number 1 is people emailing the private key to others?!
Also number 1 is people emailing the private key to others?!
April 27, 2014, 12:46:09 PM
Oh, 1 more thing.
I have two android phones, neither are letting me download saying it is incompatable
I have two android phones, neither are letting me download saying it is incompatable
What version of Android are you running? It should install all the way down to 4.0.3. I have only tried it on 4.3 and 4.4 myself, but it's declared to support everything above 4.0.3.
April 27, 2014, 12:44:31 PM
I haven't thought about making this for altcoins, it shouldn't be too hard, as long as there's interest and the altcoin private keys are 256-bit values (or smaller, I can truncate the output of the SHA256 hash), they should be fine. And yes, it will eventually be open-sourced, just need to clean up the code a bit (it was essentially hacked together over the Easter holidays, it works fine but it reuses parts of my OtherCoin and VisualBTC projects).
April 27, 2014, 12:44:13 PM
Oh, 1 more thing.
I have two android phones, neither are letting me download saying it is incompatable
I have two android phones, neither are letting me download saying it is incompatable
April 27, 2014, 12:39:14 PM
Ah yes, that makes sense. Do you have any plan on A. Making this for altcoins, or B. making this Open Source?
April 27, 2014, 12:34:25 PM
Yes, anyone that has access to the image has access to the funds. The trick is that the image is not modified in any way, it's just an image, so an attacker that finds your phone would not know where to start (or even know that you've used this at all), unless they start hashing any and all images found on stolen phones to look for funds .
. April 27, 2014, 12:31:28 PM
Cool! But then you have to keep the image secret, right?
Jump to: