i watched that but couldn't see how the 24 words got translated into metal letters. any idea?
Gold collapsing. Bitcoin UP.
- Thread starter cypherdoc
- Start date
Norway
Well-Known Member
- Sep 29, 2015
- 2,424
- 6,410
He did just 12 words, even though he had a standard Trezor list with 24 words on his desk. I actually asked him about this a few months ago. The Cryptosteel has 2 sides, so it's room for exactly 24 words. But he cheated in the clip to make it look like it only takes 15 minutes to feed the frame. In reality it will take 30 minutes for 24 words. Probably more, because he has practiced. But I don't care. Do it once, and you have a backup for life of a HD wallet!
Wojtek is a very good guy, and he has worked with Satoshi Labs (Trezor) to get the design right. But as every salesman, he tries to make it appear even faster and better. (And you can actually have just a 12 word seed to Trezor. But it's a bit too weak in a recovery process. That's why they changed to 24 words.)
EDIT: If you want to see with your own eyes that it has two sides and the capacity of 24 words, watch this:
EDIT2: When I receive it, I'll bring it to Oslo Bitcoin Meetup that I organize. Some of the most weired, exentric, social clumsy ultra-nerds members have shitloads of bitcoin. And they need help to protect their fortunes. On many levels. Some are very naive, and don't realize that waterboarding is a very direct access to a brainwallet.
Last edited:
- Aug 22, 2015
- 1,558
- 4,693
@theZerg, @Norway
All good. BUIP002 is amended now.
BitPayAdaptive is added to the list which now becomes a recommendation list so that those finally supported are at the discretion of the BU lead developer.
https://bitco.in/forum/threads/buip002-multi-bip-scaling-enabler.689/
All good. BUIP002 is amended now.
BitPayAdaptive is added to the list which now becomes a recommendation list so that those finally supported are at the discretion of the BU lead developer.
https://bitco.in/forum/threads/buip002-multi-bip-scaling-enabler.689/
Last edited:
Norway
Well-Known Member
- Sep 29, 2015
- 2,424
- 6,410
@cypherdoc
1. Read my last edit. (We published simultaniously.)
2. What makes it open and insecure? Compared to what?
3. This is a very interesting theme I have been thinking a lot about. And I don't have all the answers. I just find security holes in almost every model/method of protecting BTC wealth. For a time, I believed that blockchain time locks was the answer. It isn't, but could be a very important part of it. I have some new thoughts about how it could be done. I have also discussed the issue of coercion with Andreas himself! Maybe I should start my first thread at bitco.in about the subject.
[doublepost=1452210112][/doublepost]@solex
Wow, that was quick!
EDIT: Told Stephen Pair (BitPay) about it in the comments field. https://medium.com/@spair/a-simple-adaptive-block-size-limit-748f7cbcfb75#.8oxmde4us
1. Read my last edit. (We published simultaniously.)
2. What makes it open and insecure? Compared to what?
3. This is a very interesting theme I have been thinking a lot about. And I don't have all the answers. I just find security holes in almost every model/method of protecting BTC wealth. For a time, I believed that blockchain time locks was the answer. It isn't, but could be a very important part of it. I have some new thoughts about how it could be done. I have also discussed the issue of coercion with Andreas himself! Maybe I should start my first thread at bitco.in about the subject.
[doublepost=1452210112][/doublepost]@solex
Wow, that was quick!
EDIT: Told Stephen Pair (BitPay) about it in the comments field. https://medium.com/@spair/a-simple-adaptive-block-size-limit-748f7cbcfb75#.8oxmde4us
Last edited:
"2. What makes it open and insecure? Compared to what?"
an encrypted, pwd protected digital file.
[doublepost=1452210456][/doublepost]someone's fighting
[doublepost=1452211187,1452210301][/doublepost][doublepost=1452211442][/doublepost]
an encrypted, pwd protected digital file.
[doublepost=1452210456][/doublepost]someone's fighting
[doublepost=1452211187,1452210301][/doublepost][doublepost=1452211442][/doublepost]
Norway
Well-Known Member
- Sep 29, 2015
- 2,424
- 6,410
@cypherdoc
You mean protecting a long password with a shorter?
Don't mean to be rude. But early adopters (loaded guys) could be at risk when bitcoin goes mainstream. Traces everywhere of who they are on the net... I could sell information and instructions today to mafia type organizations. But I won't do it. This is a problem without a current obvious solution. But I have some Ideas. I don't think Third key Solutions (Andreas Antonopoulus company) have really solved it, but I could be wrong. I don't know the details. An important part of a good physical security solution is that the model should be open. Like open source and bitcoin. Somebody should invest in me, he he.
EDIT: Maybe you didn't read my 2nd edit about waterboarding and brainwallets. I realize now that I should stop editing my own posts, just creating a mess. And I'm doing it now!
You mean protecting a long password with a shorter?
Don't mean to be rude. But early adopters (loaded guys) could be at risk when bitcoin goes mainstream. Traces everywhere of who they are on the net... I could sell information and instructions today to mafia type organizations. But I won't do it. This is a problem without a current obvious solution. But I have some Ideas. I don't think Third key Solutions (Andreas Antonopoulus company) have really solved it, but I could be wrong. I don't know the details. An important part of a good physical security solution is that the model should be open. Like open source and bitcoin. Somebody should invest in me, he he.
EDIT: Maybe you didn't read my 2nd edit about waterboarding and brainwallets. I realize now that I should stop editing my own posts, just creating a mess. And I'm doing it now!
Last edited:
One way to protect bitcoins from extortionists who might threaten you physically is to use distributed trusted third parties.
Take the seed for a deterministic wallet and split into n fragments. Spread these fragments around between close personal friends who ideally live on another continent. This gives you some deep savings that you aren't capable of accessing without outside assistance.
From there, you can add as many other protocols as you wish in terms of how you communicate with the other fragment holders so they know when you're in distress or not.
Take the seed for a deterministic wallet and split into n fragments. Spread these fragments around between close personal friends who ideally live on another continent. This gives you some deep savings that you aren't capable of accessing without outside assistance.
From there, you can add as many other protocols as you wish in terms of how you communicate with the other fragment holders so they know when you're in distress or not.
Norway
Well-Known Member
- Sep 29, 2015
- 2,424
- 6,410
SHAMELESS PROPAGANDA: Everybody, click the heart (like) at my comment to the blog from the BitPay CEO:
https://medium.com/@spair/a-simple-adaptive-block-size-limit-748f7cbcfb75#.hqly9ap5g
https://medium.com/@spair/a-simple-adaptive-block-size-limit-748f7cbcfb75#.hqly9ap5g
Norway
Well-Known Member
- Sep 29, 2015
- 2,424
- 6,410
@Justus Ranvier
Thanks for the input!
I know about splitting and m of n solutions. Weak parts in what you describe are:
- Close, personal friends (This can rapidly change)
- Two of your close friends/family sit in the same car in the same death accident. (Two keys lost)
- I guess people with these types of schemes tend to have a personal copy of the keys needed "just to be safe". But it actually makes them more unsafe.
- Protocols to reveal that you are in distress doesn't work under real threat. You must assume that the robber has exactly the same information that you do. In my opinion, the only check a second party should do, is that you are alive at some point in time.
- Secret schemes like this, may lead robbers to believe that they can take your coins. Even when they can't. And creating a dangerous situation.
BTW: Trezor has a "Fake account" you can activate and show stupid robbers. But it doesn't stop informed robbers.
There are several more aspects to this I haven't touched now. I think we have a lot to learn from banks, from timebased withdrawal limits to bulletproof glass.
I'll start a separate thread on this. "Be your own bank" isn't as cool as it sounds when gunmen threaten your children. But I have to write a good title and intro to the thread. Have to think about it for a little while.
Thanks for the input!
I know about splitting and m of n solutions. Weak parts in what you describe are:
- Close, personal friends (This can rapidly change)
- Two of your close friends/family sit in the same car in the same death accident. (Two keys lost)
- I guess people with these types of schemes tend to have a personal copy of the keys needed "just to be safe". But it actually makes them more unsafe.
- Protocols to reveal that you are in distress doesn't work under real threat. You must assume that the robber has exactly the same information that you do. In my opinion, the only check a second party should do, is that you are alive at some point in time.
- Secret schemes like this, may lead robbers to believe that they can take your coins. Even when they can't. And creating a dangerous situation.
BTW: Trezor has a "Fake account" you can activate and show stupid robbers. But it doesn't stop informed robbers.
There are several more aspects to this I haven't touched now. I think we have a lot to learn from banks, from timebased withdrawal limits to bulletproof glass.
I'll start a separate thread on this. "Be your own bank" isn't as cool as it sounds when gunmen threaten your children. But I have to write a good title and intro to the thread. Have to think about it for a little while.
Last edited:
@Norway, This is a good idea for a new thread, I raised a related question here:
https://bitco.in/forum/threads/bitcoin-apps-security.748/
I think we need to be thinking of these things - how to manage bitcoin security when a single private key might hold the equivalent of a billion of today's dollars in purchasing power.
Last edited:
Norway
Well-Known Member
- Sep 29, 2015
- 2,424
- 6,410
@Matthew Light
You touch many interesting points in your thread. Regarding the specific theme in the thread, I would use this hardware combo:
Trezor
Android phone with Mycelium
An OTG (On the go) cable between the Trezor and the phone
(Personally, I think Trezor should make a special edition with the OTG cable part integrated (not sure what it does, but I don't think it's just USB. Whatever...) And with the display upside down (or selectable). So you can just plug the trezor right into the bottom of your phone without cables. And sign all the transactions inside the Trezor hardware.)
However, as you say, this is a broader issue. I think it will be important to separate your coins in two stacks: Big bucks & Small bucks. (Maybe a level inbetween as well. But mid-level should probably be transaction rules from Big to Small.)
Small bucks: All you have to do in the shop, is hold your phone (or Fitbit or Apple Watch?) near the NFC-enabled cashier machine, read the amount on the device screen and click OK or Cancel. This is coins you can afford to lose. Like cash.
Big bucks: Nobody will try to rob you because the security is too good. And the robbers know the security system inside out before they consider it. If you want to spend this money, you have to prove to a second party that you are alive, and want to move the money. Then, four months (or some other period) later, you have to repeat that procedure before the funds are actually moved.
At the same time, you can have a customized amounts transfered from Big to Small at a time rate. Or have withdrawal limits with time restrictions.
I have not even started to talk about what this "Second Party" could look like.
I'll start a thread about this topic soon. Cheers!
PS. I hope I don't come across as arrogant or Mr. Know it all. But I am convinced that many people in the bitcoin community undervalue the security risk of holding lots of coins on a paper wallet. !00% risk free from hackers, but low hanging fruit for bad ass organized & informed criminals.
You touch many interesting points in your thread. Regarding the specific theme in the thread, I would use this hardware combo:
Trezor
Android phone with Mycelium
An OTG (On the go) cable between the Trezor and the phone
(Personally, I think Trezor should make a special edition with the OTG cable part integrated (not sure what it does, but I don't think it's just USB. Whatever...) And with the display upside down (or selectable). So you can just plug the trezor right into the bottom of your phone without cables. And sign all the transactions inside the Trezor hardware.)
However, as you say, this is a broader issue. I think it will be important to separate your coins in two stacks: Big bucks & Small bucks. (Maybe a level inbetween as well. But mid-level should probably be transaction rules from Big to Small.)
Small bucks: All you have to do in the shop, is hold your phone (or Fitbit or Apple Watch?) near the NFC-enabled cashier machine, read the amount on the device screen and click OK or Cancel. This is coins you can afford to lose. Like cash.
Big bucks: Nobody will try to rob you because the security is too good. And the robbers know the security system inside out before they consider it. If you want to spend this money, you have to prove to a second party that you are alive, and want to move the money. Then, four months (or some other period) later, you have to repeat that procedure before the funds are actually moved.
At the same time, you can have a customized amounts transfered from Big to Small at a time rate. Or have withdrawal limits with time restrictions.
I have not even started to talk about what this "Second Party" could look like.
I'll start a thread about this topic soon. Cheers!
PS. I hope I don't come across as arrogant or Mr. Know it all. But I am convinced that many people in the bitcoin community undervalue the security risk of holding lots of coins on a paper wallet. !00% risk free from hackers, but low hanging fruit for bad ass organized & informed criminals.
@Norway
I think for large amounts companies like https://www.sig3.io/ might be able to fill the need as long as they use good verifying procedures
I think for large amounts companies like https://www.sig3.io/ might be able to fill the need as long as they use good verifying procedures
Norway
Well-Known Member
- Sep 29, 2015
- 2,424
- 6,410
@dill
I don't think sig3 adress directly these hardcore coercion issues, allthough overlapping with some relevant techniques. I haven't checked them out properly, but it looks like a company that installs and configure a computer program for the customer. And let the software "autosign" as one of multiple keys based on custom rules, oracles and/or internal data.
We have to stop this discussion here now, lol!
I'll make a new thread soon. "Gold collapsing. Bitcoin UP." is just too legendary, important and broad to dive into this dark and detailed world of waterboarding, mistrust of trusted family members, recipes of how to rob early adopters... and how Hal Finney could be brought back to life from the fridge, just to be waterboarded to give up his brain wallet and then shot to death.
PS: I truly respect Hal, and I consider him as a patient in coma, not dead. I think Alcor (the cryonics company he use) have good philosophy and tech, and I will do the same as him if/when the time comes. http://lesswrong.com/lw/1ab/dying_outside/
I don't think sig3 adress directly these hardcore coercion issues, allthough overlapping with some relevant techniques. I haven't checked them out properly, but it looks like a company that installs and configure a computer program for the customer. And let the software "autosign" as one of multiple keys based on custom rules, oracles and/or internal data.
We have to stop this discussion here now, lol!
I'll make a new thread soon. "Gold collapsing. Bitcoin UP." is just too legendary, important and broad to dive into this dark and detailed world of waterboarding, mistrust of trusted family members, recipes of how to rob early adopters... and how Hal Finney could be brought back to life from the fridge, just to be waterboarded to give up his brain wallet and then shot to death.
PS: I truly respect Hal, and I consider him as a patient in coma, not dead. I think Alcor (the cryonics company he use) have good philosophy and tech, and I will do the same as him if/when the time comes. http://lesswrong.com/lw/1ab/dying_outside/
Last edited:
Christoph Bergmann
Active Member
Ah, I was not sure about it. So it would basically not break the chain between transactions, but make mixing nearly complete.
- Dec 16, 2015
- 2,806
- 6,088
This sort of thing is nicely abstracted through PR agencies hiring other companies now.
People don't even necessarily need to know who they're working for, the paper trail can always pretty much disclaim it. Oh, that nasty subcontractor.
I'm guessing this thing has become a profitable employment market given how IT professionals in developed countries are squeezed out of traditional employment due to outsourcing and globalization.
Yielding a sizeable segment of unemployed yet knowledgeable ex IT professionals which "simply don't exist" (there's always "a shortage of skilled IT professionals").
A boon to the corporations' marketing and dirty tricks departments.