Bitcoin Betrug DIESE Plattformen sind Abzocke 2020 ...

New Attack Against Electrum Bitcoin Wallets - Schneier on Security

New Attack Against Electrum Bitcoin Wallets - Schneier on Security submitted by nothingberg to TruthLeaks [link] [comments]

Schneier on Security: Insecurities in the Linux /dev/random - Does this effect every bitcoin wallet on linux?

Schneier on Security: Insecurities in the Linux /dev/random - Does this effect every bitcoin wallet on linux? submitted by redditNwork to Bitcoin [link] [comments]

Treasure Hunt! We put the key to $2000 worth of BTC on the Siacoin network

I've been thinking about this idea for a while. Some people think storing data on the Siacoin network is not secure, so let's put it to the test!
The Sia Network uses Reed Solomon Erasure Coding to split up the data and store it across multiple hosts. All Sia data is encrypted by default using Threefish, a modern symmetric cipher designed by Bruce Schneier. No practical attack on this cipher has ever been demonstrated. If you can steal my data from the Sia network, you can break Threefish encryption.

The Bounty

Here’s the Bitcoin wallet:
It’s simple. I have uploaded the private key for this Bitcoin to the Sia network. To make things even easier, I am announcing the hosts that I am storing this data with:
The tweet: The medium:
submitted by luxordevs to siacoin [link] [comments]

Quantum Computing and the Cryptography in Crypto
This article is a great intro to one of the big worries about the future of crypto. It talks about how cryptography works at a very basic level, the specific advancements of QC, and how it could effect certain types of crypto. A few examples of encryption types and their usage in cryptocurrency:
Hashing Function - Hashing is most commonly known for its use in secure password storage and authentication. In crypto this would be the one way hash function which miners are using to secure the chain. Bitcoin's SHA256 is the most famous example
Symmetric Encryption - Data encrypted with a password and decrypted with that same password. An example of this is the encryption of your wallet file
Asymmetric Encryption (Public/Private Key Crypto) - Data signed with a private key can be verified with a public key, data encrypted with a public key can only be read with a private key. This is highly simplified of course, but I highly recommend reading more on the wikipedia page as a next step. Some common uses of pub key crypto is in PGP or GPG as well as networking where it enables two parties to establish secure communications over an untrusted network (HTTPS utilizes this).
submitted by CryptoMaximalist to CryptoTechnology [link] [comments]

Posts everyone interested in cryptocurrency should read

Edit: WIP


Here are some great posts/articles everyone should read before speculating in cryptocurrency.
Post Date
50 Crypto Trading & Investing Lessons Learned Over The Past 5 Years January 2018
'Be Your Own Bank', A Cautionary Tale December 2017
I lost ~40k USD today. Reminder to keep coins off exchanges if you are not trading. February 2018
How the Bitcoin protocol actually works December 2013
Blockchain and Trust February 2019
Bitcoin: A Peer-to-Peer Electronic Cash System October 2008

Common Advice

Disclaimer Not my advice. Don't sue me.

Not your keys, not your Bitcoin.

This applies to all cryptocurrencies. The ownership of cryptocurrencies can only be determined using cryptography (hence "crypto" in the name). To be able to spend/receive and otherwise control units of a cryptocurrency you must have the corresponding private key. If you are using a cryptocurrency exchange to store your cryptocurrency you do not control the private key(s) corresponding to your coins, the exchange does. To control your private keys you must withdraw your coins to a local wallet stored on your phone/PC. It is highly recommended that you don't use a Windows computer to store your private keys (because Windows is very prone to malware). There are numerous examples of prominent exchanges stealing/losing their customers coins because the exchange had the private key(s) rather than the customer. The most well known such occurrence was Mt. Gox.
Being 'your own bank' (controlling your private keys) also means you are responsible for the safety of your coins. Use a deterministic wallet and write down your seed (on paper, not electronically) so that you do not lose your coins if your wallet is lost/corrupted. Encrypt your wallet so malware cannot easily 'scrape' your private keys. Be careful updating your wallets. Wallet updates are a known and actively exploited attack vector. Wallet updates may also contain bugs.

Do not invest more than you can afford to lose.

Cryptocurrency prices are extremely volatile and losses of 90% are common. The software is under continual development and so may contain bugs. If you chose to speculate, assume you will lose all of your money and so only speculate money you do not need to pay bills or debts.

Past performance does not guarantee future results.

If the price has behaved some way in the past, it does not guarantee it will perform that way again in the future. This is especially true on short timescales.

Don't HODL

A misspelling of the word 'hold'. A meme telling people not to sell. Do not base your financial decisions on memes. Have a rigorous plan of when you will sell and execute it without emotion/hesitation.

This time isn't different.

Past performance does not guarantee future results but past performance is the best indicator of long-term prices. Familiarize yourself with the graphs of the past, learn about how the price is cyclic and then only speculate once you are as familiar with the price history as someone who bought in 2013.
submitted by 4vWte1ovZK1i to u/4vWte1ovZK1i [link] [comments]

Bitcoin GUARANTEED to fail

I have been following Bitcoin since ~2011/2012, and I have considered myself a "bitcoin bug". I found a comment on Bruce Schneier's website that seriously made me think:
*Bitcoin is doomed, in at least two different ways...
First, because it is based on ECDSA, if and when someone invents a sufficiently powerful quantum computer, Shor's algorithm will enable someone with such a computer to steal bitcoins at will.
Second, if no one ever does create a sufficiently powerful quantum computer, there is a fixed upper limit on the total number of Bitcoins (21 million), and no one has the authority to make more. So if you lose your private key/wallet (and don't have a quantum computer) then the bitcoins in that wallet are lost forever.
In other words, the bitcoin system can be thought of as an absorbing Markov chain. Bitcoins leap from wallet to wallet (the non-absorbing states), but there is always a chance they will leap to the absorbing state of being lost. As an absorbing Markov chain, it is inevitable that eventually most and then all the bitcoins will become lost, and the bitcoin system will break down.
Together with the deflationary aspect of the bitcoin system, I sometimes wonder if it was carefully designed as a Pyramid scheme to extract wealth over the next decade or so from conspiracy theorists, paranoids, currency speculators, gold-bugs, and Ayn-Randian fanatics. Perhaps that is the reason why the creator used a pseudonym and is still anonymous...*
If those aspects are true, then there is only one valid reason left to invest in bitcoin, and it's not a good one: greed
submitted by jcoffy to Bitcoin [link] [comments]

[Table] IAmA: I was a professional password cracker who taught government agents who's now working on a secure distributed communications & computation platform with bitcoin instead of upvotes. AMA!

Verified? (This bot cannot verify AMAs just yet)
Date: 2014-05-03
Link to submission (Has self-text)
Questions Answers
a more serious question, what is password cracking like? Bruteforcing hashes, looking through source code for vulnerabilities, doing advanced maths or something fourth? First I'd try to figure out if the software was merely using access denial or encryption. With access denial, the data isn't encrypted, but the software won't show you the data without the password. For purposes of criminal forensics, you're not allowed to change the data in any way for it to be admissible in court, but getting access to the file before you have a password can often be helpful. To figure that out, I'd just look at the file in a hex editor; if I could read it, it wasn't encrypted. The next easy step is to scan the program for cryptographic constants; these are things like s-boxes or tables of rotation constants or such that tell me what crypto functions, if any, are being used. For example, if I see 637c777b anywhere, I know it's probably using AES. If I see 77073096, that's a CRC32. If I see 67452301, it's using MD5. After that I'd use a debugger and a program like IDA Pro to start at the point where you type the password and figure out what the program does with it. This is what often took the most time and was the most tedious. Early versions of MS Access, for instance, just XORed the password with a fixed constant; anyone could break those passwords immediately. The toughest one that I was able to break was the encryption on WinZip; it was much better than most stuff I ran into, but still weak enough that I could break it. That was the one I enjoyed the most, like an extra-challenging Sudoku or something.
The hash function wasn't cryptographically strong, so I was able to run a lot of it backwards and get a enough constraints on the input to skip most possibilities. What is this process called if I wanted to learn about it in an academic setting? Cryptanalysis.
WinZip; it was much better than most stuff I ran into Is it any better than 7Zip? My attack was on the old encryption method. WinZip has since upgraded to AES, like 7-Zip. The only way to attack an archive made by a recent version of either of these is with a dictionary attack, trying every password.
What was the biggest password you ever cracked? Nowadays, most software companies use strong crypto, so the difficulty of cracking the password increases exponentially with the length. Back in the late 90s, it was mostly "roll your own", so the strength depended a lot more on the software than the password chosen.
That said, the password I was most pleased with was a 60-character randomly chosen password on a WinZip file using the ciphertext-only attack that later got published.
Was the content worth the effort? What was the content? The content was irrelevant to me; the fact that I had broken the encryption so thoroughly on such an important file format was the exciting bit. When it was in beta, the FBI started sending us files with suspected child porn for us to open. Thankfully I never had to look at any of it---that was someone else's job---but it felt good to know that I was able to help with that. Once we integrated it into the toolkit, of course, the FBI would just use our software themselves.
Now, though, I think that it's more important that people be taught what is right and have freedom---even if such drimes still exist---than to have a society in which every activity is so policed that crime is impossible. I think we should make it hard for the government to do such enormous, sweeping surveillance as we've discovered they've been doing.
If there's sufficient evidence to suspect someone of a crime, the government has plenty of resources to target that individual, and no software will prevent them getting the information they want. Splicious, if it is funded, will help in preventing surveilllance at national scales.
It's funny how no one seems to be responding to the thing you're actually talking about... it seems to me you're raising awareness about splicious. Can you say more about that? EDIT: I need to make clear that it doesn't fully exist yet! We need money to continue to make it real.
As I wrote above, it's a platform for encouraging the creation and curation of content. The idea is to reward both those who create content and those who share it. You may have seen that picture of handing out Facebook likes to 3rd world kids; merely "liking" something or upvoting it doesn't actually help somebody make a living. So all likes/upvotes have real money behind them in this system. The originator of content gets 90% of each upvote, while the remaining 10% is distributed down the chain of resharers to the donator.
We want artists and musicians to use it, but also scientists, authors, and journalists. We think the journalists will be particularly interested both because of the potential to get supported directly in the wake of digital media, but also because of the security features we intend to implement, like perfect forward secrecy.
We hope scientists will like it, because big academic publishers like Elsevier charge tens of millions of dollars for bundled access to their journals and have something like a 36% profit margin. The scientists write and review the articles and edit the journals for free; Elsevier turns around and charges them for the privilege. Splicious would allow people to set up electronic journals quickly, while contributions go directly to the authors and the editors.
Could you inbox me my password if you wanted or felt the need? That would require getting Reddit's collection of password hashes. It would take some effort, but probably a lot more than would be worth my while.
Well, it used to be easier. Wow! Yeah, hopefully they learned something after that. :P.
Could you be a very rich man if you used your powers for evil? I could have in the 90s. I think the FBI are a lot better at dealing with crime on the internet now than they were then.
Hi, I'm a math/CS undergraduate and find this stuff fascinating. However, I haven't a clue how to get started. Any reccomendations on how to get into password cracking and hacking? As to your specific topics, the days of easy password cracking are largely over: any software worth spending money on will use strong crypto. The best one can usually do is a dictionary attack distributed over many computers.
Awesome! What is your ed background? When I got the job I was getting my undergrad degree in physics. I went on to get a MSc and have just finished my PhD.
How much were you taught on the job vs what you had learned through self study? All of the math I learned in school or from Schneier's Applied Cryptography. I taught myself the rudiments of programming as a kid and all my electives at university were computer science classes. I learned to read assembly code on the job.
What would you say is the most lucrative area of infosec (both for black and white hats)? If you want to make enormous amounts of money, you start a company and get bought out or have a successful IPO. That's very risky, though; if you want stable good money in infosec, go join Google's security team: I did and loved it!
Are you employed now by Google? No, I left last year to start working on splicious. I'd like to keep doing so, but we need funding!
Whats this splicious you keep referring to? It's a distributed secure communications and computation platform. It has features to encourage the creation and curation of new content, but is intended to be a general purpose secure distributed computation platform.
The computation framework is based on pi calculus; I've written a paper with Greg Meredith and Sophia Drossopolou showing that we can use Caires' sspatial/behavioral types as a security policy language and let the compiler check that the implementation fits the policy. (TL; DR: We can prove that we don't have security flaws of various kinds.)
Are you Hackers or War Games fan? I loved it when you nuked Las Vegas. Suitably biblical ending to the place, don't you think?
Have you ever hacked people? Not without their permission.
That sounds a bit weird. Hahahaha. It's not much weirder than tattooing: Link to
Of course they still had to get the hashes somewhere, but there are some pretty powerful tools in the public domain these days, who knows what is behind the curtains in the federal side of the house...(proposed quantum computing password cracking for instance) People simply don't have the ability to remember passwords that are strong enough to resist the password crackers. If your service has the option to use two-factor authentication, use it; when attackers steal gmail accounts, the first thing they do is turn it on, because it makes it virtually impossible for the owner to get it back. If your service doesn't have 2-factor auth, use a long passphrase. Here's some math: if you just use lowercase letters and have a 16-character password, there are around 1022 passwords to try. If you start using numbers, too, there are around 1024, so a hundred times harder. But if instead you double the length of the password, there are around 1044, which is a sextillion times harder. Quantum computation is certainly interesting to the NSA, but the technology isn't up to code cracking yet; scientists are just at the edge of beating the error bound necessary for quantum computations with more than a handful of qubits. Link to
How could a regular person like me learn the basics of this? What did you mean by "this"? Reverse engineering, password cracking, or secure distributed communications?
All of it and where should one start? I've done custom rainbow salt sables and attempted wpa2 attacks for fun and cracking hashes using Cain and Able. For reverse engineering, is the place to be. Get a copy of OllyDBG and IDA Pro; there is an older version available for free. Here's a reasonable intro to some of the techniques: Link to
Actual question how good is router security with passwords for example can you or have you hacked a router (guessing default passwords don't count)? I haven't ever tried breaking router passwords; I have my own router, so I don't need to use anyone else's.
Are you the guy that made this video: Link to ? Yep. In addition to the content creation and curation stuff, there's also a notion of controlling who gets access to personal information. In the video, I drew how Alice can prevent Bob from knowing her name or address while still proving that she's 21.
But we need money to make it real.
Are you in fundraising mode? Are you doing crowd funding? Do you have a site? Yes, we're doing crowd funding. The site is linked in the description.
How is there such a huge disconnect between you and I? I send hours on the computer and can't do shit with it other than reddit and excel spreadsheets. How do you get into it? Is it a lot of reading? How does it work? I think you become good at doing what you spend time on, and you tend to spend time on things that you like doing. I learned this stuff because it made me happy. I get a thrill out of this sort of thing, so I keep coming back.
That said, with enough hard work, you can become good enough at something that it's no longer a drag: playing piano for the first few years sucks. Who wants to sit there plunking out "Mary had a little lamb"? But once you have the skill to actually read music and play it, then you're free to explore all your musical tastes. After you've played a lot of the music you love, you get a feeling for chord changes and what sounds good to you, so you can improvise your own music.
It's the same way with math and programming: there's some hard stuff at the start, but once you become good enough at it, you can start behaving like an artist and do your own thing.
The equivalent of learning "Mary had a little lamb" is introductory programming sites like KhanAcademy or codeacademy or or a bazillion others.
What do you think of the new NSA, using the Patriot Act? I think the Patriot Act traded an enormous amount of liberty for what turned out to be virtually no increase in security.
Is that the same platform that this ex-Googler was talking about in this video Link to Yes, that's Vlad Patryshev. He was one of the guys who made Orkut. He was actually really excited about splicious and said, "I've been waiting for this since FidoNet."
Thanks. I'll look into all that. Lol, well that's a different story, a lucky one too. So you had no knowledge or experience with programming and they just hired you? What degree were you going to go after if you went to collee? Oh yeah, did you end up going to college after all or you just stuck with the job and learned from them? I had plenty of programming experience, but no crypto experience. I couldn't decide for a while between computer science and physics. Eventually I compromised and got a degree in applied physics; basically, all my electives were CS. I finished my bachelor's degree, then lost the job when the dot com bubble burst, went to New Zealand and got a MSc in CS, then started a PhD but ran out of money, went to work for Google's security team and started working on the PhD part time. I worked there for six years, then quit to work on splicious. I just finished the thesis and will defend later this year.
I might be late to the party, but what do you think of the XKCD password comic? This is the method I'm currently using with the help of Make Me A Passwords generator. It's spot on. When given the option, use long phrases rather than gibberish. LastPass can manage your online passwords by generating very long gibberish but only require you to use something memorable.
You actually suggest LastPass over KeePass(X)? I was using LastPass as an example of the genre, like how the southern US refers to any carbonated soft drink as "coke". I haven't made an extensive study of the offerings.
Are you Jesus? 'cause you look a lot like him. I was babysitting with another guy for a group of moms once, and when one of the moms dropped off her young kid---maybe four or five years old---he got really big-eyed and nervous. I thought he was afraid of the beard and hair: sometimes people would cross to the other side of the street when they saw me coming. So I invited him in, showed him the toys, and we all played and had a good time.
When his mom came to pick him up, he ran over and said, "Jesus is fun!"
Hey Mike, my understanding is that you've built a distributed platform and also adding on bitcoin support so that every post you make on splicious could potentially generate revenue. i would say that it's a new take on an alternate virtual economy and want to try as soon as they allow public use. are you planning to add some kind of reputation system to it? say, if i want to look for something a'la craig's list style rather than post my poetry? We've been thinking about reputation systems, but don't have any firm plans. Part of the problem with reputation systems online is that people do "pump & dump", using their reputation to steal something. If anyone has ideas or references about fighting this, please PM me.
Was most of your work just using parallelism brute forcing, or did you look for vulnerabilities in encryption standards. Also what is your opinion on the vulnerabilities of dual eliptic curve cryptography? Nearly all of my work was cryptanalysis of the relatively weak cryptography that was prevalent in the late '90s. We started turning to parallelism when MS Word improved its crypto to the 40-bit stuff that was the limit for software you could export.
The vulnerability in the PRNG for dual ECC was clearly inserted by the NSA and weakened everyone's crypto, even the US military and government's. I'm surprised that there's not more outcry from the other government organizations.
Last pass gotta remember that one. The o e thing I'm worried about though is my email is under yahoo and I've heard they are famous with being hacked because of crappy protection programs or leaks even is this true? Looks like Yahoo has 2-factor auth available. If you turn it on, then even if crackers do figure out your password, they won't be able to log in with it because they don't have your phone. That's the single best thing you can do.
Can you explain this like you would to someone who's never heard of hacking? There's no password you can remember that would stand up to modern cracking software. If you use a long passphrase, you might stand a chance. 2-factor auth is the only way to stay safe.
Can you tell me how to turn it on in a pm please. I'll just put it here, since everyone ought to know this: Link to
What's your computelaptop specs? I had a Macbook Pro, like most of Google security team, and got myself another when I left. It has all the benefits of unix with really nice hardware and good suport.
What makes one password cracker different than another? Edit: Wonderful beard. Generally it's how well they take advantage of the parallelism in the GPU. And thanks!
Do you feel That bitcoin as a currency will make it even with all of the theft and ease at which people are being hacked and having coins stolen. I have no particular attachment to bitcoin as a currency. Ben Laurie, for example, has some excellent points about how to keep bitcoin secure, you either have to trust the software authors or spend half of all computing power for the rest of eternity. If you're going to trust people, there are much more efficient ways to mint money. Link to
For our purposes, bitcoin provides a fairly simple micropayments service; any other distributed currency would probably work just as well.
We also don't store the wallets ourselves; we use
I feel the success will be based on micro payments. IE reading a Wall Street journal article for a .05 or .10 fee and not having to buy the whole newspaper or article. Just my 2 cents.. Exactly. A journalist would write an article and share it with WSJ. WSJ would reshare it, and readers could support the journalist by contributing a mBTC. WSJ would get a cut and the journalist would get the lion's share.
So how hard would it to be to break a password of say"iFuCkInGHate2001!!" If crackers get hold of the file with the password hashes, nearly all passwords will be cracked, even quite long ones like yours. A similar password (18 printable chars) that has been hashed once with SHA with no salt would take less than an hour to crack on a single PC. Adding salt makes it harder to build tables where you can just look up the password instantly, but no slower to just brute force.
People REALLY need to use 2-factor auth to be secure.
So what can a person like me who doesn't know much on how to make a password more secure, except making it super long and complex to do to " feel safer" of not getting hacked. First, choose reputable services like GMail, where they take security very seriously. A cracker who can't get to the database of password hashes is forced to attempt to log in repeatedly, which can be detected and throttled to a safe rate.
Second, use 2-factor auth if it's available.
Third, use something like LastPass that generates a long random password for each site and stores it encrypted under a single password that you remember. You never type that password into anything online.
I bet your computer is awesome It's a Macbook Pro.
Last updated: 2014-05-09 00:53 UTC
This post was generated by a robot! Send all complaints to epsy.
submitted by tabledresser to tabled [link] [comments]

Making a Wooden Bitcoin Wallet Bitcoin Wallet Cracking  Blockchain Caffe BITCOIN KORREKTUR ZU ERWARTEN? Standalone Bitcoin Offline Wallet Printer Demo Introducing 0.84mm Wireless bitcoin hardware wallet, FuzeW

So I found an old Bitcoin wallet on an old computer (from December 2010, back when BTC were about $0.50). I cannot recall how many BTC are on this wallet (might range between 1 - 50+). I have the "wallet.dat" file, tho not sure how to best view it. Can it be imported into Bitcoin-QT on my new system? Or would it be better to use something like this: I don't want to screw anything up. What's ... Andreas Schneider // 4. Mai 2017 um 9:34 // Antworten. Toll geschrieben! Evt. findest du ja unsere neue Bitcoin online Wallet auch interessant. Deutsche Wallet, schnell und sicher. Christoph Bergmann // 4. Mai 2017 um 10:06 // Antworten. Hi, erstmal, tolle Sache, dass ihr in Deutschland eine Wallet macht. Guter Name, sieht an sich auch nett aus. ... Selbsternannter Bitcoin-Erfinder Craig Wright vorerst aus dem Schneider . von Moritz Draht. Am 14. Januar 2020 15. Januar 2020 · Lesezeit: 3 Minuten. Moritz Draht. Moritz Draht hat Deutsche Literatur und Philosophie an der Universität Konstanz studiert. Sein Krypto-Engagement widmet sich den Zusammenhängen zwischen soziokulturellen und technischen Entwicklungen. Nach Tweet: EZB-Präsidentin ... hast ab jetzt 72 Stunden zeit 750€ in Bitcoin an die nachfolgende Bitcoin Addresse(„Bitcoin Wallet“) zu zahlen : 1166a4ic4ttgeWX1dSgPHrXPfUsKDCamd4. Sollte die Zahlung in dieser frist nicht eingehen, Wird Das Video automaitsch Veröffentlich, es wird an deine Freunde und Familie weitergeleitet und außerdem wir anzeige bei der Polizei erstattet. Solltest du aber wie geforder zahlen, so w On topic: The explanation is interesting, but I would have liked to have seen details on wallet security. From a brief reading, the wallet appears to be a serious weakness. Too bad the Bitcoin protocol didn’t go through a security review before everybody jumped onto it. Daniel • December 9, 2013 1:09 PM Part of the problem in understanding Bitcoin is a fundamental lack of comprehension of ...

[index] [1325] [29131] [50624] [46050] [37753] [33036] [23206] [31781] [9431] [6797]

Making a Wooden Bitcoin Wallet

In this video I'm making a wooden Bitcoin wallet on my cnc machine. I I printed a Bitcoin paper wallet and wanted to make a beautiful wooden gift box with and engraving to make it more personal. E' possibile crackare un wallet bitcoin? Strettamente parlando... si, dal punto di vista pratico no. A meno che... A meno che non ci sia un errore nella generazione dei numeri pseudo casuali che ... FuzeW is a wireless bitcoin hardware wallet. Supports Bitcoin(BTC), Ethereum(ETH), Bitcoin cash(BCH), DASH, Litecoin(LTC), Ripple(XRP), Dogecoin(DOGE), and every ERC20 tokens. Keep your bitcoin ... Dieter Schneider Recommended for you. 4:06. Test Scanning my Stainless Steel Bitcoin Wallet - Duration: 0:24. Brendan Erwin 4,153 views. 0:24. 101% Secure way to protect your Bitcoin/Litecoin ... Online Wallet: Offline Wallet: Hast du dir auch schon immer gewünscht, von Zuhause aus Geld zu verdienen, ohne etwas dafür zu tun? Ich habe nun ...