Pages:
Author

Topic: Show Me The Bitcoin! - use plain images as Bitcoin keys, send BTC via email - page 3. (Read 3241 times)

full member
Activity: 191
Merit: 100
And the third one is gone, it was on MtGox (their logo on top left - the only image left on their website Smiley ).
full member
Activity: 191
Merit: 100
Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.

Could you be bothered to look at my post history to see what other projects I am involved in? Here, in case you can't find it: https://bitcointalksearch.org/user/drazvan-82497 . Also, that's me https://www.linkedin.com/profile/view?id=4926501 . That's also me http://www.theregister.co.uk/2004/06/03/pocket_rendezvous/ . And this http://www.othercoin.com/OtherCoin.pdf . Busy scammer, huh?

But hey, "scammer" is a nice hint word for the location of the last of the three bounties I've posted. Let's see if anyone claims it.
legendary
Activity: 3682
Merit: 1580

Quote
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else.

Better now?

Ok this is just a whole lot of horse crap. I can only conclude that the OP is a scammer and he's got a lot of shill accounts supporting him in this. I am done with this thread.
full member
Activity: 191
Merit: 100
Looks like someone claimed 2 of the 3 bounties I've posted (funds attached to images on the net). The first one was attached to the top-left image on Reddit (/r/Bitcoin), the second one was attached to our logo on www.veri.fi Smiley. Good work people! There's just one left!
full member
Activity: 191
Merit: 100

Quote
Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

No, you are not sending them your private key! You are creating a private key for the purpose of that transaction, deriving a Bitcoin address from it, then sending only the funds you want to transfer to that newly created address. This is similar to the current payment process, where the recipient of the funds creates a new address to receive the funds - but it's the trusted sender that creates it, not the recipient. The recipient can not clean you out, they only have access to the funds you have attached to the image, nothing else.

Better now?
hero member
Activity: 552
Merit: 501
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley.

Brain wallets are another bad idea. You are comparing your app to a known bad idea?

Why are they a bad idea? A properly done brain wallet is simple to remember and impossible to crack.
sr. member
Activity: 364
Merit: 250
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley.

Brain wallets are another bad idea. You are comparing your app to a known bad idea?

Give the guy a break. He tried to make something practical, and IMO he did. It is free, not like he's charging a BTC for it.
legendary
Activity: 3682
Merit: 1580
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Attacker?? You expect people to send their private keys off to someone expecting money. Instead the recipient of their email is just going to clean them out.

Quote
Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley.

Brain wallets are another bad idea. You are comparing your app to a known bad idea?
sr. member
Activity: 364
Merit: 250
Ah, I don't. That is a good idea Smiley
full member
Activity: 191
Merit: 100
Oh, one is 2.3.6, the other is 4.1.2. I got it working on 4.1.2, but when I go to deposit funds, it crashes. Huh

Do you have the Android Bitcoin Wallet installed? This one: https://play.google.com/store/apps/details?id=de.schildbach.wallet .

I should probably add some code to check if the Bitcoin Wallet is installed and if it's not, take the user to the download page.

sr. member
Activity: 364
Merit: 250
Oh, one is 2.3.6, the other is 4.1.2. I got it working on 4.1.2, but when I go to deposit funds, it crashes. Huh
full member
Activity: 191
Merit: 100
Of course, this doesn't mean I can't add a password or a PIN into the mix - but I wanted to minimize the amount of extra information needed to claim the funds. If I have a channel to securely send you an extra PIN or password, I might as well send you the whole key.

And for storing personal funds, I wanted to be able to take a picture of my family for instance, then secretly add some funds to it, then tell my daughter when she's older to look for that family photo and find a little "surprise present" in it if she knows where to look Smiley.
full member
Activity: 191
Merit: 100
The hash of the image is the key, so no, it's not encrypted. The recipient is not meant to leave the funds there indefinitely, I expect them to sweep them to their own wallets on receipt. And unless an attacker has access to your email and starts hashing all image attachments and checking the blockchain for a match, they would not even know you're sending (or receiving) money.

Also, if you're using this to store your own funds, it's similar to a brainwallet - that is not encrypted with anything either Smiley. But instead of remembering it, you just save/secure an image that hashes to the key. It's not as secure as a true 256-bit random key and it's not meant to be - it's just way easier to covertly store and transfer.
legendary
Activity: 3682
Merit: 1580
So the private key is not encrypted in any way? It's just the sha256 hash of the image. What could possibly go wrong!

Also number 1 is people emailing the private key to others?!
full member
Activity: 191
Merit: 100
Oh, 1 more thing.

I have two android phones, neither are letting me download saying it is incompatable Sad

What version of Android are you running? It should install all the way down to 4.0.3. I have only tried it on 4.3 and 4.4 myself, but it's declared to support everything above 4.0.3.
full member
Activity: 191
Merit: 100
I haven't thought about making this for altcoins, it shouldn't be too hard, as long as there's interest and the altcoin private keys are 256-bit values (or smaller, I can truncate the output of the SHA256 hash), they should be fine. And yes, it will eventually be open-sourced, just need to clean up the code a bit (it was essentially hacked together over the Easter holidays, it works fine but it reuses parts of my OtherCoin and VisualBTC projects).
sr. member
Activity: 364
Merit: 250
Oh, 1 more thing.

I have two android phones, neither are letting me download saying it is incompatable Sad
sr. member
Activity: 364
Merit: 250
Ah yes, that makes sense. Do you have any plan on A. Making this for altcoins, or B. making this Open Source?
full member
Activity: 191
Merit: 100
Yes, anyone that has access to the image has access to the funds. The trick is that the image is not modified in any way, it's just an image, so an attacker that finds your phone would not know where to start (or even know that you've used this at all), unless they start hashing any and all images found on stolen phones to look for funds Smiley.
sr. member
Activity: 364
Merit: 250
Cool! But then you have to keep the image secret, right?
Pages:
Jump to: