I am looking to have four investments
silver
btc
fed bonds
real estate.
Nice photo of the guarantee/backup asset of fed bonds and democracy.
Topic: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion - page 1713. (Read 26716279 times)
September 09, 2023, 12:13:46 PM
I am looking to have four investments
silver
btc
fed bonds
real estate.
Nice photo of the guarantee/backup asset of fed bonds and democracy.
September 09, 2023, 12:07:32 PM
Poll has finally ended. 38 for Yes and 59 No. Not completely surprising, but for the 38 people who voted Yes, well let me just say I am proud of you.
There's been a considerable dropoff in merit farming in the WO since I opened this thread (although it still exists to a certain degree). I reckon I will re-open and bump it if it picks back up again.
At least Duderino seems like he's considering being more selective with merits, so that's good.
Just a reminder to all merit sources, you don't need to give away all your source merits! Ideally you are giving them out for good posts that demonstrate the slightest inkling of original thought, and not just for copy/pasted tweets about number going up, or because somebody expresses admiration for you or agrees with you. I dunno, I guess the takeaway is don't let yourself be so easily fooled and manipulated. Its happened to me a few times, nobody's perfect, but let's not consistently reward low effort copy/paste posts. It just leads to a multiplication of such posts in what is arguably the best thread on the forum.
There's been a considerable dropoff in merit farming in the WO since I opened this thread (although it still exists to a certain degree). I reckon I will re-open and bump it if it picks back up again.
At least Duderino seems like he's considering being more selective with merits, so that's good.
Just a reminder to all merit sources, you don't need to give away all your source merits! Ideally you are giving them out for good posts that demonstrate the slightest inkling of original thought, and not just for copy/pasted tweets about number going up, or because somebody expresses admiration for you or agrees with you. I dunno, I guess the takeaway is don't let yourself be so easily fooled and manipulated. Its happened to me a few times, nobody's perfect, but let's not consistently reward low effort copy/paste posts. It just leads to a multiplication of such posts in what is arguably the best thread on the forum.
Fuck off with your "last word" lecturing to imply that there might have had been some kind of need for merit source members in the WO thread to take some kind of action to tailor and/or improve their smerit sending practices in the WO thread in accordance with your baloney fantasy standards... and your bullshit implications that your thread had any kind of substantive/meaningful (or even desirable) effect in the direction of the WO in regards to your quasi-delusional wannabe a merit czar ideas of "troll problems" in the WO thread.**
**I would have said the same thing within that other thread, but you locked the thread after you set forth your fantasy-landia self-absorbed morality assertions.
September 09, 2023, 12:01:19 PM
September 09, 2023, 11:19:33 AM
I grabbed some silver.
I am stacking more btc.
I am stacking more btc.
Why silver? Physical silver comes at a premium you can't recover - it's nearly CA$10 an ounce on ounce coins right now (25%) and you'll get spot when you sell unless you're brave enough to do it privately but it's not worth the risk imo. Are you a closet prepper Phil?
I buy from sellers I know on btc talk
I grabbed 40 oz for 988.
which is 24.65 an oz
just A bit over spot.
I am looking to have four investments
silver
btc
fed bonds
real estate.
I do have some of each along with mining income and pensions.
It's nice to have trusted sellers here and that's a decent price. I'm still choking on silver I bought when my eldest was born... my thought was that it would cover a year's post-secondary tuition acting as a hedge against inflation. Nearly every stock index has done least 3x since I bought that silver. I would have been better off to pay my mortgage down... or put it into almost anything else but it's pretty and shiny. Likewise it's just a part of my investment mix. Maybe the next 5 years will be good for precious metals and bitcoin.
@jojo ha!
Brass and lead should always be part of any investment strategy; especially when you're the bank.
September 09, 2023, 11:07:53 AM
I am looking to have four investments
silver
btc
fed bonds
real estate.
September 09, 2023, 11:07:00 AM
It looks like FTX will be selling $200,000,000 worth of crypto every week for the next 17 weeks… This will start next week. This downward pressure on the market will likely hold prices somewhat in check until the end of the year. I’d imagine once this is behind us (and the mtgox coins are distributed) it should be the final hurdle before launch.
They only held Shitcoins, no-one cares.
When Shitcoins tumble all the tards run from the sinking ship.
And they run to King Daddy.
*edited for lack of coffee brain
September 09, 2023, 11:01:20 AM
September 09, 2023, 10:32:26 AM
It looks like FTX will be selling $200,000,000 worth of crypto every week for the next 17 weeks… This will start next week. This downward pressure on the market will likely hold prices somewhat in check until the end of the year. I’d imagine once this is behind us (and the mtgox coins are distributed) it should be the final hurdle before launch.
September 09, 2023, 10:10:20 AM
Multisig solves a lot of potential security issues without making things complex (which is a security issue by itself). It really should be the standard in case of managing anything else than pocket change.
https://www.youtube.com/watch?v=sjS5qF65Yos
Shamir Backup seems like the best option to me. for a casual anyway.
Pretty easy and safe and secure.
https://www.youtube.com/watch?v=p7WkAN0Gac4
September 09, 2023, 10:08:41 AM
I grabbed some silver.
I am stacking more btc.
I am stacking more btc.
Why silver? Physical silver comes at a premium you can't recover - it's nearly CA$10 an ounce on ounce coins right now (25%) and you'll get spot when you sell unless you're brave enough to do it privately but it's not worth the risk imo. Are you a closet prepper Phil?
I buy from sellers I know on btc talk
I grabbed 40 oz for 988.
which is 24.65 an oz
just A bit over spot.
I am looking to have four investments
silver
btc
fed bonds
real estate.
I do have some of each along with mining income and pensions.
September 09, 2023, 10:01:23 AM
September 09, 2023, 09:26:21 AM
So not bragging about your holdings is another easy security layer.
Part of the reason why 0.63 BTC will have to be downgraded, at some point.
@AlcoHoDL, Trezor vulnerability is something that has been known for years, there was a lot of discussion about it in the technical discussion boards, but luckily every user can protect himself by setting a passphrase, and there is also another option, which is the use of an SD card.
When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
A 128 bits PIN should do the trick as well, as it is used to encrypt the seed on the chip.When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
A physical access to a Trezor One, Trezor T, Keepkey, or B-wallet allows an attacker to extract the 12/24-words within a few minutes using a low-cost setup (~100$), with a very high reproducibility (we had 100% success). We finally proved it can be fully automated allowing anyone to use it in case someone would sell the Extraktor box (similar to old Playstation hacks). This attack can not be fixed. The only mitigation is to use a strong passphrase: we recommend 37 random characters to maintain the same level of security.
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
Quote from: https://blog.trezor.io/increase-your-security-with-the-latest-trezor-updates-6ed984fb5c18
The Wipe Code
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
(Please let me know if you think I'm wrong)
I still have problems with the need for 37 random characters for the 25th word.. and let's say if someone just has 10-15 somewhat random characters, then how long is it going to take to break into the Trezor?
Remember each time that we log into the device and sometimes we might get disconnected and have to log in again, it can take quite a bit of time to be logging in these 37 random characters each time...
I am not going to say how many digits that I actually use, and I also am not going to give any hints either... and it is bad enough that I said that I use such a device, in theory.
By the way, we have a long term member in these here parts that swears by that piece of crap, aka Ledger, and surely there are probably quite a few members who may or may not be in the closest about their use (and apparent belief) in the Ledger crap.
~snip~
A 128 bits PIN should do the trick as well, as it is used to encrypt the seed on the chip.
(Please let me know if you think I'm wrong)
You are definitely right, considering that I am not a user of Trezor, I was not even aware that in 2021 they increased the maximum PIN length to even 50 digits, and they say that 39 digits is quite enough to protect the seed from hacking. It's actually a good thing for those who for some reason don't want to use a passphrase or maybe don't even know such an option exists - although it's an option they always recommend to advanced users. A 128 bits PIN should do the trick as well, as it is used to encrypt the seed on the chip.
(Please let me know if you think I'm wrong)
Everyone should use the passphrase.. and it should not be considered advanced... and maybe using 37 random characters might be considered advanced.
But I still wonder if a relatively short password might just be considered a less advance version. and is better than no password at all.. so why do we have to have a need to overly complicate matters by suggesting so much complication, when surely it must add quite a bit of difficulty to just have a shorter 25th word in there (or 13th word seems to be more standard) rather than no extra word (passphrase) at all.
In other words, why let the perfect be the enemy of the good?
We have a lot of cases where users wonder why they don't see anything on their balance even though they have the correct seed, and then it turns out that they actually added an extra password without which the seed creates a completely new set of addresses.
It might be a bit impractical to enter a PIN that's 39+ digits long, but for the average user it's probably easier than setting a passphrase.
It might be a bit impractical to enter a PIN that's 39+ digits long, but for the average user it's probably easier than setting a passphrase.
Oh I see that the 39+ pin is different from the extra word...and that 39 character pin would resolve the other issue regarding a hacker getting ahold of the physical device and breaking into it.. so that still leaves the issue of the 13th or 25th word actually not needing to be very complicated, and a 8-15 character passphrase may well make it quite difficult to get at the wallet because they would first need to know (or suspect) that such a wallet (or extra portal to a wallet) actually exists in connection with the 12 or 24 word seed that was extracted from the device.
Some thoughts:
If nobody can access your seed your won't need any passphrase, if the seed was created with sufficient entropy ...which should always be questionable though!
Also, you are right, even a short passphrase will leave anyone who gets your seed in doubt if there even is a hidden passphrase wallet and if it makes sense to put in the work to
A 128 bits phrase can secure your seed with the same security the seed secures your BTC, if that's what you want/need for ease of mind.
Nice thing: totally independent from all that passphrase science is the PIN which can secure your Trezor 100% against seed extraction from the open source chip. If the PIN is strong enough, your device will be worthless to any attacker.
Multisig solves a lot of potential security issues without making things complex (which is a security issue by itself). It really should be the standard in case of managing anything else than pocket change.
September 09, 2023, 09:01:18 AM
September 09, 2023, 08:56:58 AM
I grabbed some silver.
I am stacking more btc.
I am stacking more btc.
Why silver? Physical silver comes at a premium you can't recover - it's nearly CA$10 an ounce on ounce coins right now (25%) and you'll get spot when you sell unless you're brave enough to do it privately but it's not worth the risk imo. Are you a closet prepper Phil?
September 09, 2023, 08:01:18 AM
September 09, 2023, 07:29:26 AM
I still have problems with the need for 37 random characters for the 25th word.. and let's say if someone just has 10-15 somewhat random characters, then how long is it going to take to break into the Trezor?
I think a lot of confusion has arisen about how strong a passphrase should be to protect someone's seed in case someone comes into physical possession and tries to extract the seed. What someone wanted to emphasize is that a passphrase of at least 37 random characters would provide the same level of protection as the seed itself (24 words) and is practically impossible to brute force, but that does not mean that 10+ characters are not resistant to brute force.
We can always check how long it actually takes to brute force a password on sites like https://www.passwordmonster.com
Only 9 characters in this password makes it virtually impossible to brute force ->
By the way, we have a long term member in these here parts that swears by that piece of crap, aka Ledger, and surely there are probably quite a few members who may or may not be in the closest about their use (and apparent belief) in the Ledger crap.
Ledger does not have the problems that Trezor has, but if we take into account that a few years ago almost the entire database of users with all the data was hacked, and that a few months ago they announced the revolutionary "seed recovery" service, they shot themselves in the knee by giving the possibility at all to one such device shares the user's seed with as many as three different companies.
Of course, the service is optional and you pay $9.99 per month, but when someone does something completely contrary to what they have been advocating for years, I wonder how to trust such a company.
Oh I see that the 39+ pin is different from the extra word...and that 39 character pin would resolve the other issue regarding a hacker getting ahold of the physical device and breaking into it.. so that still leaves the issue of the 13th or 25th word actually not needing to be very complicated, and a 8-15 character passphrase may well make it quite difficult to get at the wallet because they would first need to know (or suspect) that such a wallet (or extra portal to a wallet) actually exists in connection with the 12 or 24 word seed that was extracted from the device.
As I already wrote, I think that the passphrase I mentioned above is more than enough if we take into account today's computers and the time it would take for someone to brute force such a password. Of course, the whole thing doesn't matter at all if someone who knows what he's doing doesn't get hold of our hardware wallet.
Speaking of how to take care of our hardware devices, I always remember an interesting film on that very topic - it's worth watching if you haven't seen it already.
https://www.youtube.com/watch?v=hf97ofTlZhk (Schloss Bitcoin (2020) - deutscher Kurzfilm - Crime Black Comedy Subtitles in English, French & more)
Good post.
That was my point in my earlier post about giving ourselves enough time to restore the seed to another device and transfer the coins to another wallet, unknown to the thief. Practically, one needs just a few days/weeks of time, and in most cases the theft can be discovered immediately after the fact, so the transfer can be done in the first 24 hours. This means that the thief has to have a pretty powerful computer rig to be able to brute force a passphrase of 10+ ASCII characters in 24 hours, or even a week or a month.
I've tested variations of my passphrase (even shorter versions of it) in several different, and well-respected, passphrase strength testers, and they all report a crack time of centuries! Another thing to note is that the attacker does not have an immediate indication that the correct passphrase was found, because ALL possible passphrases (even "wrong" ones) result in valid (albeit empty) wallets. So, the attacker will need to check the blockchain against ALL passphrase candidates, and reject those that result in empty wallets.
I'm quite confident that even a modest, few-characters-only passphrase should be able to stall even the seasoned thief for sufficient time for us to transfer our coins to a fresh wallet. Using a 128-bit entropy PIN or passphrase is surely the safest option, but greatly reduces the usability of the wallet, as Jay has pointed out. Furthermore, using such a humongously long/complex PIN/passphrase, you run the risk of "locking yourself out" of your wallet, because you may forget part of it, which may prompt you to write it down somewhere, thereby defeating the purpose of using a PIN/passphrase in the first place.
I particularly liked vapourminer's "Trezor wipe-restore" method. Never thought of it, and it does make sense for those not using their Trezors often (myself included).
It's a trade-off, with potentially dire consequences at either extreme. I choose the middle ground, i.e., a PIN and passphrase that are complex enough to deter even a seasoned thief/hacker, but memorable enough to reside in the neurons of my brain -- that last part could potentially be dangerous in case of amnesia or head injury.
I'm glad we're having this discussion, it certainly helps us all be more aware of the potential dangers and act accordingly.
September 09, 2023, 07:01:22 AM
September 09, 2023, 06:39:46 AM
Technically he’s HODLing
September 09, 2023, 06:01:19 AM
September 09, 2023, 05:47:39 AM
I still have problems with the need for 37 random characters for the 25th word.. and let's say if someone just has 10-15 somewhat random characters, then how long is it going to take to break into the Trezor?
I think a lot of confusion has arisen about how strong a passphrase should be to protect someone's seed in case someone comes into physical possession and tries to extract the seed. What someone wanted to emphasize is that a passphrase of at least 37 random characters would provide the same level of protection as the seed itself (24 words) and is practically impossible to brute force, but that does not mean that 10+ characters are not resistant to brute force.
We can always check how long it actually takes to brute force a password on sites like https://www.passwordmonster.com
Only 9 characters in this password makes it virtually impossible to brute force ->
By the way, we have a long term member in these here parts that swears by that piece of crap, aka Ledger, and surely there are probably quite a few members who may or may not be in the closest about their use (and apparent belief) in the Ledger crap.
Ledger does not have the problems that Trezor has, but if we take into account that a few years ago almost the entire database of users with all the data was hacked, and that a few months ago they announced the revolutionary "seed recovery" service, they shot themselves in the knee by giving the possibility at all to one such device shares the user's seed with as many as three different companies.
Of course, the service is optional and you pay $9.99 per month, but when someone does something completely contrary to what they have been advocating for years, I wonder how to trust such a company.
Oh I see that the 39+ pin is different from the extra word...and that 39 character pin would resolve the other issue regarding a hacker getting ahold of the physical device and breaking into it.. so that still leaves the issue of the 13th or 25th word actually not needing to be very complicated, and a 8-15 character passphrase may well make it quite difficult to get at the wallet because they would first need to know (or suspect) that such a wallet (or extra portal to a wallet) actually exists in connection with the 12 or 24 word seed that was extracted from the device.
As I already wrote, I think that the passphrase I mentioned above is more than enough if we take into account today's computers and the time it would take for someone to brute force such a password. Of course, the whole thing doesn't matter at all if someone who knows what he's doing doesn't get hold of our hardware wallet.
Speaking of how to take care of our hardware devices, I always remember an interesting film on that very topic - it's worth watching if you haven't seen it already.
https://www.youtube.com/watch?v=hf97ofTlZhk (Schloss Bitcoin (2020) - deutscher Kurzfilm - Crime Black Comedy Subtitles in English, French & more)
Jump to: