Discussion about Bitcoin. BitcoinSV restores the original Bitcoin protocol, will keep it stable, and allow it to massively scale on-chain. BSV will maintain the vision laid out by Satoshi Nakamoto in the 2008 white paper - Bitcoin: A Peer-to-Peer Electronic Cash System.
Hey, I want to send some Bitcoins as gifts this christmas along with an A4 sheet explaining what bitcoin is and all that stuff and how to make their wallets and get the currency I want to send them ( 30$ as Bitcoins ). The thing is..how can I make this as easly as possible for them, is there a way to add bitcoins in a QR code and they would just have to scan in with their mobile app wallet and receive the bitcoins? Or any other ideas how could I do this? Cheers!
Hello, This post is to give you a quick introduction into Bitcoin security. While nobody can guarantee you 100% security, I hope to mitigate some problems you can run into. This is the “20% of effort to get you to 80% safe”. First of all, you have to determine how much money you want to hold in Bitcoin and how much effort are you willing to put in. If you are happy just holding a few dollars worth and don’t care if you lose them, that’s one approach to take. For everyone else, lets get started. Password strength A lot of the times how secure your money is will be determined by the strength of your password. Since in the worst case scenario we are talking about someone trying to brute force your wallet, casual online passwords are too weak. Under 10 characters is too weak. Common words and phrases are too weak. Adding one number to a password at the end is too weak. Moreover, you can consider your password much weaker if you:
use it for multiple online logins (especially if the site could’ve been hacked)
use a common phrase or words (song lyrics are bad)
If you want a really strong password:
Use a trusted website that creates a set of random words offline. For example, CarbonWallet. Go to that website, unplug your Internet, hit random button a few times, write down 10+ of these words, restart your computer, memorize them, destroy the paper once your done. This should make your password pretty strong.
If you are extra paranoid, you have to get creative. Do something with your password that you can remember - maybe add some numbers at the end, do some substitutions, capitalize some letters and so forth. As long as you are not removing words or changing unique words for more common ones, personalizing or extending your password can add more security.
Wallet security Now we are getting to the meat of things. There are a number of wallets available to store your hard earned bitcoins. If you have a decent amount of coins to store, you should look into software wallets - BitcoinQT, MultiBit, Armory or Electrum. They are among the best place to store your money safely (provided your computer is secure as well). Chose one you think best suits you, install it and encrypt your wallet file with your strong password. You should take your wallet file and back it up (location of the file is different for different clients, so you have to do some research as to where to find that file). Back it up on a CD, safe USB drive or the like. Keep them safe. If you lose that file, you will lose your money. A quick word on deterministic wallets. Electrum and Armory allow you to create wallets from a seed. If you use the same seed later, you can recreate your wallet on other machines. With deterministic wallets, you only need to keep that seed secure to have access to your money. In comparison, in BitcoinQT's traditional wallet, every address you use is random, meaning that after you send 50-100 outgoing transactions your backups can be obsolete. Always keep an up-to-date backup of such wallet file if possible. Okay, sometimes you need to have your Bitcoins with you when you leave your computer. In this case, you should look into either online or mobile wallets. A staple for both of those is Blockchain.info, but there are others to chose from. A good rule of thumb with these is to not store more money in them than you can afford to lose. They are best used as a convenient way of accessing some money, not storing your savings. Online wallets are especially vulnerable to their servers getting hacked and people’s money getting stolen. What to keep in mind while using online wallets:
Use a secure password (the more money you have in them the stronger the password should be)
Always keep a backup of your wallet in case you need to recover your money
Whenever possible, enable two factor authentication
Don’t use your online wallets from unsafe computers
Cold storage Sometimes you want to store your bitcoins for a long time in a safe place. This is called “cold storage”. There are a few ways one can do this. First of all, paper wallets. They are nice for giving people small bitcoin gifts, but also for long-term storage if properly used. What you want to do is generate and print them offline. You can save the linked page for example and run that offline. If you are really paranoid, you can put it on read-only media and access that from a different computer. For really long term storage, use archival-grade paper. Another approach to take is using a separate computer for storing your money that is offline 99+% of the time. You could set one up easily by buying an old laptop, reformatting it, installing Linux and a Bitcoin client. Generate an address on that machine and send money to it from your main wallet. Depending on how paranoid you are you can connect that computer to the Internet afterwards to synchronize data with the Bitcoin Network and then turn it off and put it away somewhere safe until it’s needed. Brain wallets Don’t. They are not for you. Unless you are a security-conscientious programmer, those are not for you. Diversifying Keeping all of your eggs in one basket is never a good thing. You should look into diversifying some of your Bitcoin assets in case your other storage methods fail. Some ways you can diversify:
Buy a physical Bitcoin. As long as you trust the coin creator such coins can be an effective cold storage
Invest - I wouldn’t recommend this for more than some trivial amount unless you know what you are doing, but investing in some Bitcoin stocks could be a way to get more money out of your bitcoins
How not to diversify:
Avoid keeping your bitcoins at exchanges or other online sites that are not your online wallets. Such sites can be closed down or disappear along with your money.
Alt-coins - there are few cryptocurrencies that are worthwhile, but most of them are just Bitcoin clones. If a currency brings nothing new, it’s worthless in comparison to Bitcoin. Namecoin is a distributed domain name server (although recently it had a fatal flaw uncovered, so be warned), Ripple is a distributed currency exchange and payment system. Litecoin will only be useful in case Bitcoin’s hashing algorithm gets compromised (very unlikely at this time). Beyond that there are few if any alt-coins that are a worthwhile way of diversifying.
Accepting payments and safety We’ve covered safe ways to store money, now a quick note about bitcoin payments and their safety. First of all, when you are sending a transaction, pay your fees. Transactions without fees can take forever to propagate, confirm and clear. This can cause you a lot of stress, so pay your fees. Secondly, when accepting large Bitcoin payments (say you want to suddenly cash in a gold bar into bitcoins), wait for at the very least 1 confirmation on those transactions. 6 is best, but having even 1 confirmations is a lot better than having none. This is mainly a rule of thumb for the paranoid (I wouldn’t be doing this for most casual transaction), but maybe it will save you if you are dealing with some shady people. Wrapping up... That should cover the basics. If you want to read more about Bitcoin’s security in general, here is my master thesis on the subject. A lot of questions about Bitcoin and security have also been answered on Bitcoin StackExchange - be sure to check it out. Comments and improvement suggestions welcome. EDITS:
PSA to new users due to reddit gold announcement: This is how Bitcoin works [Guide]
Due to the new Reddit Gold announcement it is possible that more and more users will stumble upon this subreddit and start using Bitcoin. I wrote this guide because I believe that an informed userbase is key to Bitcoin's success! Rough summary TL;DR:
User Bob creates a transaction by declaring: "I give Alice 10 BTC". (But in Bitcoin protocol language).
This transaction is digitally signed with the private key each address has and can't be forged.
The miners make sure the transaction is valid and record it in a public ledger that is distributed over the whole network.
Alice check this ledger to get her balance.
Bob can't cheat the system because everyone in the network can consult and check this ledger and would immediately refuse a transaction with double spent funds or funds he hasn't got in the first place.
You can start using Bitcoin in a matter of seconds and, although it is a very simple process, it is strongly recommended that you learn about how it works and what is happening to your coins when you make a simple transaction. With Bitcoin it is you who has control over the money and you need to take care of it responsibly. The following text is a very simple guide that will introduce you to the nature of the Bitcoin network and explain what happens during a Bitcoin transaction in a very simple way. The Story of Alice and Bob Once upon a time... there was a reddit user called Bob who wanted to send his friend Alice some bitcoins. He knows that Alice needs 10 BTC and so he decided to send them to her. Bob has got a Bitcoin Wallet with some bitcoins and before clicking the send button he wonders where his bitcoins are actually stored. "Is every Bitcoin a file on my computer? Or a serial number maybe?" Bob quickly notices that this would be very inefficient. What would happen if someone was spying on his connection and intercepted this files? And what would happen if the connection dropped? No. The way Bitcoin works is simple and elegant. When Bob sends Alice 10 Bitcoin, what he is actually doing is digitally signing a declaration of payment. In human language this would look something like this: "I, Bob, send the amount of 10 BTC to Alice". Of course, Bob is also worried that someone might actually forge such a declaration in his name. He also knows that bitcoins are impossible to forge. So how exactly are they protected? These declarations are protected by a mechanism known as Digital Signature. It is an implementation of mathematics and very strong cryptography that guarantees that only the owner can produce a valid signature. Else, the signature would be invalid and the transaction would be rejected by everybody. Digital Signatures You probably already know that in order to receive and send bitcoins you need a Bitcoin adress. Just like with email. And just like with email you need "your password" to be able to send and receive bitcoins. Bitcoin Adresses are generated using mathematics and they can be generated in a decentralized manner. You don't need to login anywhere nor do you need to be online. You just need a program capable of generating such an address. A Bitcoin address, just like your email account, is made up of two different things:
A public part - Give this to anybody so they can send you bitcoins.
A private key - This is what most users don't know. Each Bitcoin address has got it's own very unique key. Most Bitcoin programs don't tell you about this and they keep the keys hidden from the user, basically because it is very important that ONLY you have access to this key and showing them around is not a good idea.
This is the key used to digitally sign a transaction and to guarantee that only the owner of the key can emit a valid transaction and thus spend those bitcoins. Back to Alice and Bob Once Bob's bitcoin wallet has signed this transaction, he sends it across the Bitcoin P2P network. All people who use Bitcoin and are running a Bitcoin client, are connected to each other in order to receive and send these "declarations". Bob's transaction gets relayed from node to node. These nodes verify that the signature is valid and pass it on until, in a fraction of a second, Alice gets notified by her Bitcoin program that she got bitcoins from Bob! "Nice!" Alice thinks. But at the same time she's worried about something else. Alice knows how the Bitcoin network works and ponders whether it was possible for Bob to make up that amount. She knows for sure that it was Bob who sent the money because the digital signature matches. But what would have stopped Bob from writing down any arbitrary amount? What if Bob would have said "I give 1 Bazillion Bitcoins to Alice?". Whie Alice keeps thinking about it, she is unaware that the transaction that was sent to her is still hopping around the network and has a very important role to play... Meet Miner Steve As the transaction keeps hopping from node to node in the Bitcoin network, it will also reach this person who is playing a very peculiar game: a sort of racing game. Steve and many other people who "play" this same sort of game are called miners. Steve's objective is to collect all transactions and publish them in a sort of ledger. In order to guarantee Bitcoin's decentralized and open nature, this must be done in a very specific way. Miner Steve and other miners are running a program on their computer that helps them solve extremely difficult mathematical problems. Steve knows that only the miner who finds the solution to such a problem is authorized to publish the next block of this ledger that contains all the collected transactions. All miners are competing with each other because they want to be the first to solve the problem, publish the transactions and get a Bitcoin reward for it. (Actually more than a game it's a job). In order for Bob to have 10 BTC in the first place, he must have gotten them previously from someone else. Steve checks the part of the ledger that has already been published previously by other miners and makes sure that the transaction is there, recorded somewhere. This tells him that Bob had 10 BTC in the first place and is thus authorized to spend them. Then he just hopes that, with a little bit of luck, his computer program is the first one to find the solution. Guess what? Today's Steve's lucky day! He finds the solution and immediately publishes all the transactions he has collected. The rest of the network verifies that the solution is correct and watches dumbfolded as Steve gets the reward. But there's no time to lose because new transactions never stop arriving and new blocks of this ledger always await to be published. The blockchain This ledger is known as the Blockchain. It is called a chain, because all published blocks depend on the previous. They are protected by a cryptographic function known as hash. What if someone decided to maliciously edit a previous block and assign themselves thousands and thousands of bitcoins? Fortunately this is impossible. If one were to change one single digit, character or bit from the blockchain, all following blocks would be invalidated. Also, notice that not even Miner Steve can maliciously edit Bob's transaction because the digital signature would not match if he tampered with it. The openness, transparency and decentralized nature of the Bitcoin system together with the use of these protection mechanisms create a solid, strong and reliable Bitcoin network, where absolutely no one can cheat. Back to Alice As soon as Miner Steve published the next block of the blockchain, it was redistributed over the whole network until it reached Alice. Once it got to Alice, her Bitcoin Wallet Program checked it to see if there were any transactions that involved her and, as it was the case, made sure to inform Alice that her transaction was confirmed and is now a permanent part of the Bitcoin network. Transactions that are included in the blockchain receive a confirmation. Notice how Alice doesn't need to be online in order to receive bitcoins. She could be offline for hours, days or years and still receive bitcoins with no problem. As soon as she gets online, her program will download the latest blocks of the blockchain and inform her of any incoming transactions. Actually, the only thing Alice will ever need is her private key. She can even keep the private key printed on a piece of paper (paper wallet) and receive bitcoins at the same time. Once she wants to spend them, she would import the private key to a Bitcoin Wallet Program and the program would then read the blockchain to inform her about her balance. Also, since she's got her private key she will be able to digitally sign a valid transaction and spend them. Take a look at http://www.bitaddress.org . This is an online Bitcoin Adress generator that lets you see the private key. About Bitcoin Security As you can see, Bitcoin is extremely secure and absolutely no one who does not know the private key to a public address will be able to spend bitcoins without authorization. You are the sole owner of your bitcoins and it is thus your responsibility to keep the private key to those coins safe. Many bitcoin wallets will encrypt these keys using a password you provide. This is extremely recommended. Also make sure that your computer is free from keyloggers, trojans and malware. If you hold large amounts of coins you might want to consider creating a paper wallet, as no virus in the world can get in your drawer and printed documents. Where does Miner Steve get the reward from? He gets it from the voluntary fees that are included in each Bitcoin transaction. That's why he wants to collect and publish as much transactions as possible because he gets the fees associated with them. Also, every time he publishes a block he's allowed to write his name in the new block and assign himself 25 newly minted bitcoins. This is how new bitcoins get into circulation and injected into the economy in a decentralized manner. This reward will gradually decrease until there are 21 million bitcoins in circulation, which is the maximum amount that will ever be available. Are 21 million bitcoins enough? Yes, because they are divisible up to eight decimals. This amount of divisibility guarantees that there will never be a lack of bitcoins. Why does it take so long for my Bitcoin Wallet to synchronize? The first time you run a full Bitcoin Wallet, it'll need to download the Blockchain in order to read it and keep you updated on the Balance of your addresses. If you don't like this or can't wait, you should use a light client. These are Bitcoin Wallets that connect to a server to read the blockchain and don't need to download anything. This is it! Don't redistribute it until I've got feedback and corrected any mistakes. The whole text is Creative Commons BY - SA Donations appreciated: 18pYzN97CxB8qfUwoBbAFYvD3rGs9rjbH3
This is my handout for paranoid people who want a way to store bitcoin safely. It requires a little work, but this is the method I use because it should be resistant to risks associated with:
Bad random number generators
Malicious or flawed software
If you want a method that is less secure but easier, skip to the bottom of this post. The Secure Method
Download bitaddress.org. (Try going to the website and pressing "ctrl+s")
Put the bitaddress.org file on a computer with an operating system that has not interacted with the internet much or at all. The computer should not be hooked up to the internet when you do this. You could put the bitaddress file on a USB stick, and then turn off your computer, unplug the internet, and boot it up using a boot-from-CD copy of linux (Ubuntu or Mint for example). This prevents any mal-ware you may have accumulated from running and capturing your keystrokes. I use an old android smart phone that I have done a factory reset on. It has no sim-card and does not have the password to my home wifi. Also the phone wifi is turned off. If you are using a fresh operating system, and do not have a connection to the internet, then your private key will probably not escape the computer.
Roll a die 62 times and write down the sequence of numbers. This gives you 2160 possible outcomes, which is the maximum that Bitcoin supports.
Run bitaddress.org from your offline computer. Input the sequence of numbers from the die rolls into the "Brain Wallet" tab. By providing your own source of randomness, you do not have to worry that the random number generator used by your computer is too weak. I'm looking at you, NSA ಠ_ಠ
Brain Wallet tab creates a private key and address.
Write down the address and private key by hand or print them on a dumb printer. (Dumb printer means not the one at your office with the hard drive. Maybe not the 4 in 1 printer that scans and faxes and makes waffles.) If you hand copy them you may want to hand copy more than one format. (WIF and HEX). If you are crazy and are storing your life savings in Bitcoin, and you hand copy the private key, do a double-check by typing the private key back into the tool on the "Wallet Details" tab and confirm that it recreates the same public address.
Load your paper wallet by sending your bitcoin to the public address. You can do this as many times as you like.
You can view the current balance of your paper wallet by typing the public address into the search box at blockchain.info
If you are using an old cell phone or tablet do a factory reset when you are finished so that the memory of the private keys is destroyed. If you are using a computer with a boot-from-CD copy of linux, I think you can just power down the computer and the private keys will be gone. (Maybe someone can confirm for me that the private keys would not be able to be cached by bitaddress?)
To spend your paper wallet, you will need to either create an offline transaction, or import the private key into a hot wallet. Creating an offline transaction is dangerous if you don't know what you are doing. Importing to a client side wallet like Bitcoin-Qt, Electrum, MultiBit or Armory is a good idea. You can also import to an online wallet such as Blockchain.info or Coinbase.
Trusting bitaddress.org The only thing you need bitaddress.org to do is to honestly convert the brainwallet passphrase into the corresponding private key and address. You can verify that it is doing this honestly by running several test passphrases through the copy of bitaddress that you plan on using, and several other brainwallet generators. For example, you could use the online version of bitaddress, and brainwallet and safepaperwallet and bitcoinpaperwallet. If you are fancy with the linux command line, you can also try "echo -n my_die_rolls | sha256sum". The linux operating system should reply with the same private key that bitaddress makes. This protects you from a malicious paper wallet generator. Trusting your copy of bitaddress.org Bitaddress publishes the sha1 hash of the bitaddress.org website at this location: https://www.bitaddress.org/pgpsignedmsg.txt The message is signed by the creator, pointbiz. I found his PGP fingerprint here: https://github.com/pointbiz/bitaddress.org/issues/18 "527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A" With this fingerprint, you can authenticate the signed message, which gives you the hash of the current bitaddress.org file. Then you can hash your copy of the file and authenticate the file. I do not have a way to authenticate the fingerprint itself, sorry. According to the website I linked to, git has cryptographic traceability that would enable a person to do some research and authenticate the fingerprint. If you want to go that far, knock yourself out. I think that the techniques described in this document do not really rely on bitaddress being un-corrupt. Anyway, how do we know pointbiz is a good guy? ;-) There are a lot of skilled eyes watching bitaddress.org and the signed sha1 hash. To gain the most benefit from all of those eyes, it's probably worthwhile to check your copy by hashing it and comparing to the published hash. "But we aren't supposed to use brainwallets" You are not supposed to use brainwallets that have predictable passphrases. People think they are pretty clever about how they pick their passphrases, but a lot of bitcoins have been stolen because people tend to come up with similar ideas. If you let dice generate the passphrase, then it is totally random, and you just need to make sure to roll enough times. How to avoid spending your life rolling dice When I first started doing this, I rolled a die 62 times for each private key. This is not necessary. You can simply roll the die 62 times and keep the sequence of 62 numbers as a "seed". The first paper address you create would use "my die rolls-1" as the passphrase, the second would be "my die rolls-2" and so on. This is safe because SHA256 prevents any computable relationship between the resulting private key family. Of course this has a certain bad security scenario -- if anyone obtains the seed they can reconstruct all of your paper wallets. So this is not for everyone! On the other hand, it also means that if you happen to lose one of your paper wallets, you could reconstruct it so long as you still had the seed. One way to reduce this risk is to add an easy to remember password like this: "my die rolls-password-1". If you prefer, you can use a technique called diceware to convert your die rolls to words that still contain the same quantity of entropy, but which could be easier to work with. I don't use diceware because it's another piece of software that I have to trust, and I'm just copy/pasting my high entropy seed, so I don't care about how ugly it is. Why not input the dice as a Base 6 private key on the Wallet Details tab? Two reasons. First of all, this option requires that you roll the die 99 times, but you do not get meaningful additional protection by rolling more than 62 times. Why roll more times if you don't have to? Second, I use the "high entropy seed" method to generate multiple private keys from the same die rolls. Using the Base 6 option would require rolling 99 times for every private key. I'm a big nerd with exotic dice. How many times to roll? Put this formula in Excel to get the number of times to roll: "=160*LOG(2,f)" where f = number of faces on the die. For example, you would roll a d16 40 times. By the way, somewhat unbelievably casino dice are more fair than ordinary dice The "Change address" problem: You should understand change addresses because some people have accidentally lost money by not understanding it. Imagine your paper wallet is a 10 dollar bill. You use it to buy a candy bar. To do this you give the cashier the entire 10 dollar bill. They keep 1 dollar and give you 9 dollars back as change. With Bitcoin, you have to explicitly say that you want 9 dollars back, and you have to provide an address where it should go to. If you just hand over the 10 dollar bill, and don't say you want 9 dollars back, then the miner who processes the transaction gives 1 dollar to the store and keeps the remainder themselves. Wallet software like Bitcoin-Qt handles this automatically for you. They automatically make "change addresses" and they automatically construct transactions that make the change go to the change address. There are three ways I know of that the change problem can bite you:
You generate a raw transaction by hand, and screw up. If you are generating a transaction "by hand" with a raw transaction editor, you need to be extra careful that your outputs add up to the same number as your inputs. Otherwise, the very lucky miner who puts your transaction in a block will keep the difference.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the paper wallet. The change is not in the paper wallet. It is in a change address that the wallet software generated. That means that if you lose your wallet.dat file you will lose all the change. The paper wallet is empty.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the change address that the wallet software generated. If the transaction did not need to consume all of the "outputs" used to fund the paper wallet, then there could be some unspent outputs still located at the address of the paper wallet. If you destroyed the paper wallet, and destroyed the copy of the private key imported to the wallet software, then you could not access this money. (E.g. if you restored the software wallet from its seed, thinking all of the money was moved to the wallet-generated change addresses.)
For more on this, see here The hot paper wallet problem Your bitcoin in your paper wallet are secure, so long as the piece of paper is secure, until you go to spend it. When you spend it, you put the private key onto a computer that is connected to the internet. At this point you must regard your paper wallet address as hot because the computer you used may have been compromised. It now provides much less protection against theft of your coins. If you need the level of protection that a cold paper wallet provides, you need to create a new one and send your coins to it. Destroying your paper wallet address Do not destroy the only copy of a private key without verifying that there is no money at that address. Your client may have sent change to your paper wallet address without you realizing it. Your client may have not consumed all of the unspent outputs available at the paper wallet address. You can go to blockchain.info and type the public address into the search window to see the current balance. I don't bother destroying my used/empty paper wallet addresses. I just file them away. Encrypting your private key BIP 0038 describes a standardized way to encrypt your paper wallet private key. A normal paper wallet is vulnerable because if anyone sees the private key they can take the coins. The BIP38 protocol is even resistant to brute force attacks because it uses a memory intensive encryption algorithm called scrypt. If you want to encrypt your wallets using BIP38, I recommend that you use bitcoinpaperwallet because they will let you type in your own private key and will encrypt it for you. As with bitaddress, for high security you should only use a local copy of this website on a computer that will never get connected to the internet. Splitting your private key Another option for protecting the private key is to convert it into multiple fragments that must be brought together. This method allows you to store pieces of your key with separate people in separate locations. It can be set up so that you can reconstitute the private key when you have any 2 out of the 3 fragments. This technique is called Shamir's Secret Sharing. I have not tried this technique, but you may find it valuable. You could try using this website http://passguardian.com/ which will help you split up a key. As before, you should do this on an offline computer. Keep in mind if you use this service that you are trusting it to work properly. It would be good to find other independently created tools that could be used to validate the operation of passguardian. Personally, I would be nervous destroying the only copy of a private key and relying entirely on the fragments generated by the website. Looks like Bitaddress has an implementation of Shamir's Secret Sharing now under the "Split Wallet" tab. However it would appear that you cannot provide your own key for this, so you would have to trust bitaddress. Durable Media Pay attention to the media you use to record your paper wallet. Some kinds of ink fade, some kinds of paper disintegrate. Moisture and heat are your enemies. In addition to keeping copies of my paper wallet addresses I did the following:
Order a set of numeric metal stamps. ($10)
Buy a square galvanized steel outlet cover from the hardware store ($1)
Buy a sledgehammer from the hardware store
Write the die rolls on the steel plate using a sharpie
Use the hammer to stamp the metal. Do all the 1's, then all the 2's etc. Please use eye protection, as metal stamp may emit sparks or fly unexpectedly across the garage. :-)
Use nail polish remover to erase the sharpie
Electrum If you trust electrum you might try running it on an offline computer, and having it generate a series of private keys from a seed. I don't have experience with this software, but it sounds like there are some slick possibilities there that could save you time if you are working with a lot of addresses. Message to the downvoters I would appreciate it if you would comment, so that I can learn from your opinion. Thanks! The Easy Method This method is probably suitable for small quantities of bitcoin. I would not trust it for life-altering sums of money.
Download the bitaddress.org website to your hard drive.
Close your browser
Disconnect from the internet
Open the bitaddress.org website from your hard drive.
Forgive me, I am fairly new to all this and have been reading up lots. I currently only have a little Bitcoin (post fork) and it is still sitting on the exchange (coinfloor). I was going to transfer it to an electrum wallet, that I am using via USB TAILS linux. I am seriously considering using Bitcoin Cash as I think that is the vision of crypto currency I agree with more. Therefore, I was going to use the Electrum equivalent for BCC which is Electron Cash Wallet. My question is, is there any reason why electrum is not listed on this subs wiki part on wallets? What are you folks favouring for long term storage? PS. I looked at bitaddress.org for paper wallets... but I suspect I will mess up with change addresses and thus, I am resorting to an actual wallet.
bitcoins are the equivalent of Internet cash. You can send bitcoins over the Internet directly to anyone with no middle man. Like cash, A bitcoin transactions is irreversible. Bitcoins are traded worldwide.
Background: I've been reading about Brain Wallets last few days, wanting to make a secure wallet. Here, here, here, and here. After reading the above and a few other articles, I decided to make a brainwallet. Steps taken: 1) On my Windows 8, Internet-connect PC, downloaded bitaddress.org to USB Key 2) Plugged USB Key into non-Internet connected Linux (Ubuntu) machine 3) Firefox Private Browsing mode to open bitaddress.org off USB Key 4) Brain Wallet Enter Passphrase (~50 characters including capital letters, small letters, numbers, symbols, phrases that only I would know) 5) Pressed "View" 6) Wrote down the address generated, went back to my separate Windows machine, and sent some BTC to it. Questions: a) Can I feel pretty safe about my wallet? b) If I used Linux command line to SHA256sum my aforementioned 50+ character password before I put it into bitaddress.org (using these steps), would that make things any safemore secure? Because bitaddress.org SHA256sum's whatever you put in, is that now "doubly hashed"? Does that help at all? c) Are there ways to turn a SHA256sum into a Bitcoin private key without having to trust bitcoinaddress.org? Or should I even worry about that? d) I've heard people mention a "Side-Channel Attack". Can someone ELI5? Is that a possible vulnerability against bitcoinaddress.org? Or Bitcoin in general? Something else? Or no reason to worry at all? Goal: Apart from wanting to protect some of my own coins, which are now sitting in a web wallet, I feel like BrainWallets in general are getting a lot of bad rap. Some education/answers would go a long way in people becoming comfortable using them and taking advantage of their potential and benefits. Any answers/thoughts/links to other resources are greatly appreciated.
There is a lot of talk about stealth addresses recently. I find them a really cool idea too. However, in the meantime I came accross this website - http://www.bit2factor.org/. When I compare it to this description of stealth addresses - https://en.bitcoin.it/wiki/Sx/Stealth - it seems to me that it is the exact same idea, and it is already working. You can try it for yourself.
Choose a passphrase, click on "Generate intermediate code" and you get what Mr. Receiver calls an "Address" and in the article is SxjHZmrj1GrtuyW8dLmtYbNsLTEUGCQzpbk6iFRHEiBiZ5Z8Nq8EVt. On the bit2factor website it is called "Intermediate Code".
Click on "Generate Address, Confirmation Code and Private key", paste your intermediate code and click on "Generate all". You get a bitcoin address just like Mr. Sender from the article. You also get an encrypted private key, which plays the role of the Nonce of Mr. Sender.
Click on "Decrypt private key", paste the encrypted private key and type in your passphrase. You will get the private key to the bitcoin address. This corresponds to this part of the article: "Mr. Receiver kept his secret key from earlier which he can use to regenerate the private keys in order to send funds transmitted to him. Using the nonce, he attempts to recreate the address."
I'm pretty sure that Amir Taaki, Peter Todd and all the other brilliant guys working on the stealth addresses must have heard about the two-factor bitcoins. However, before their version is implemented, you can use this small website in different cool ways. For example, you can keep one intermediate code, create multiple bitcoin addresses from it and store the encrypted private keys on paper or some other media. Even if somebody finds your encrypted private keys, he will need your passphrase to decrypt them. This means that you can spread your bitcoin holdings accross multiple addresses, and have to remember only one passphrase in order to spend them. And the other obvious use case is that you can put the intermediate code on a website and get payments. The people who send you the payments will need to generate a bitcoin address themselves and send you the encrypted private key, which makes it more complicated, but nobody can check on the blockchain how much did you actually receive. I’m not affiliated to the author of http://www.bit2factor.org/. I just think he did a great job and it’s a pity if nobody uses it. The website works similarly to bitaddress.org, you can download it and use it offline on a clean linux computer not connected to the internet.
I can do paper wallets for day-to-day spending of my coin, but how to comfortably and securely store coins worth $1000s of USD? Perhaps this proposed solution is well-known, but I had to come across it myself. I am
distrustful of hot wallets
annoyed by hiding paper wallets and/or cold storage (my precious!)
Is any one else like me? I want to be able to sleep at night knowing my bitcoins are secure without having to hide shit. First, my specifications:
Guia de Segurança Básico para Bitcoin Olá, Este post é para lhe dar uma rápida introdução em segurança de Bitcoin. Enquanto ninguém pode garantir a você 100% de segurança, eu espero mitigar alguns dos problemas que você pode ter. Este é um “20% de esforço para conseguir 80% de segurança”. Em primeiro lugar, você tem de determinar quanto dinheiro você quer investir em Bitcoin e quanto esforço você está disposto a colocar nisso. Se você está feliz em investir uns poucos dólares e não se importa em perdê-los, esta é uma abordagem a se adotar. Para todos os outros, vamos começar. Força da Senha Muitas vezes o quão seguro seu dinheiro está é determinado pela força de sua senha. Uma vez que no pior cenário nós estamos falando sobre alguém tentando invadir sua carteira, senhas online casuais são muito fracas. Senhas com menos de 10 caracteres são muito fracas. Palavras comuns ou frases são muito fracas. Adicionar um número ao final da senha é muito fraco. Além disso, você pode considerar sua senha muito fraca se você:
a usa para múltiplos logins online (especialmente se o site já foi hackeado)
usa frases comuns ou palavras (letra de música é uma péssima escolha)
Se você realmente quer uma senha forte:
Use um site confiável que cria um grupo de palavras aleatórias offline. Por exemplo, o CarbonWallet [http://carbonwallet.com/]. Vá para aquele site, desligue a Internet, aperto o botão de “random” algumas vezes, escreva mais de 10 dessas palavras, reinicie seu computador, as memorize, destrua o papel uma vez que você termine. Isso irá deixar sua senha bem forte[http://xkcd.com/936/].
Se você é excepcionalmente paranoico, você terá de ser criativo. Faça algo com sua senha que você possa lembrar talvez adicionar alguns números no final, fazer algumas substituições, deixar algumas letras maiúsculas e assim por diante. Conquanto que você não esteja removendo palavras ou mudando palavras únicas por outras mais comuns, personalizar ou estender sua senha pode acrescentar mais segurança.
Segurança da Carteira Agora estamos chegando ao cerne das coisas. Há um grande número de carteiras [http://bitcoin.org/en/choose-your-wallet] disponíveis para guardar seus tão suados bitcoins. Se você tem uma quantia decente de moedas para guardar, você deve buscar softwares de carteiras - BitcoinQT, MultiBit, Armory ou Electrum. Eles são alguns dos melhores lugares para guardar seu dinheiro de forma segurança (uma vez que seu computador seja seguro também). Escolha um que você ache que melhor se adeque a vocvocê, instale-o e criptografe o arquivo de sua carteira com uma senha forte. Você deve fazer back-up de seu arquivo (a localização do arquivo é diferente para diferentes clientes, então você deve fazer alguma pesquisa para descobrir como achar aquele arquivo). Faça back-up em um CD, um USB seguro ou algo do tipo. O guarde em um lugar seguro. Se você perder esse arquivo, você perde seu dinheiro. Uma palavra rápida sobre carteiras determinísticas [https://en.bitcoin.it/wiki/Deterministic_wallet]. Electrum e Armory permitem que você crie carteira de um “seed” (semente). Se você usar o mesmo “seed” depois, você pode recriar sua carteira em outras máquinas. Com determinadas carteiras, você só precisa manter o “seed” seguro para acessar seu dinheiro. Em comparação, nas carteiras tradicionais do BitcoinQT, cada endereço que você usar é randômico, o que significa que depois que você enviar entre 50 ou 100 transações de saída seus backups podem ficar obsoletos. Sempre mantenha back-up atualizado de tal arquivo carteira se possível. Ok, às vezes você precisa ter seus Bitcoins quando deixa seu computador. Nesse caso, você deve procurar por carteiras online ou via mobile. Um exemplo para ambos é o Blockchain.info, mas existem outros para serem escolhidos. Uma regra de ouro para essas carteiras é não guardar nelas mais dinheiro do que você esteja disposto a perder. Elas são melhores usadas como uma forma conveniente de ter acesso ao seu dinheiro, mas não para guardar suas reservas. O que ter em mente quando for usar carteiras online:
Use uma senha segura (quanto mais dinheiro, mais segura deve ser sua senha)
Sempre mantenha um backup de sua carteira no caso de você precisar recuperar seu dinheiro
Sempre que possível, permita autenticações de dois fatores
Não use suas carteiras online em computadores não confiáveis
Armazenamento Frio (Cold Storage) Às vezes você quer guardar seus bitcoins por um longo período de tempo em um lugar seguro. Isso é chamado de “cold storage”. Existem umas poucas maneiras de se fazer isso. Em primeiro lugar, carteiras de papel [https://www.bitaddress.org/]. Eles são legais para dar pequenas quantias de bitcoin como presentes, mas também para armazenamento a longo termo se for usado propriamente. O que você precisa fazer é gerar e imprimi-los offline. Você pode salvar o link da página e a abrir offline, por exemplo. Se você for realmente paranoico, você os pode salvar como mídias de apenas leitura e os acessar de um computador diferente. Para armazenamentos realmente longos, use papeis especiais para arquivos. Outra abordagem a se tomar é usar computadores separados para armazenar seu dinheiro que ficam a maior parte do tempo offline. Você pode facilmente comprar um velho laptop, formatá-lo, instalar nele o sistema operacional Linux e um cliente Bitcoin. Gere um endereço nessa máquina e envie seu dinheiro para ela através da sua carteira principal. Dependendo de quão paranoico você seja você pode conectar esse computador à internet depois para sincronizar suas informações com a rede Bitcoin e então desligue e deixe-o de lado em algum lugar seguro até que você precise dele. Carteira na memória (Brain Wallets) Não. Essas não são para você. A não ser que você seja um programador em segurança consciente, essas não são para você. (Este tipo de carteira consiste em se guardar a senha da carteira na memória, logo caso a pessoa esqueça, morra ou fique incapacitada mentalmente, o dinheiro se perde) Diversificando Manter todos os ovos em um só cesto nunca é algo bom. Você deve buscar diversificar alguns de seus ativos em Bitcoin para o caso de um de seus métodos de armazenamento falharem. Algumas formas para você diversificar:
Compre Bitcoins físicos [https://www.casascius.com/]. Uma vez que você confie no criador de moedas elas podem ser uma forma efetiva de se fazer cold storage
Invista [https://www.havelockinvestments.com/]– Eu não recomendaria isso para mais do que certa quantia trivial a não ser que você saiba o que está fazendo, mas investir em ações pode ser uma forma de se conseguir mais dinheiro a partir de seus bitcoins.
Como não diversificar:
Evite manter seus bitcoins em bolsas ou outros sites online que não sua carteira online. Tais sites podem ser encerrados ou desaparecer com seu dinheiro.
Moedas alternativas – existem poucas cryptomoedas que são mundiais, mas a maioria delas delas são apenas clones do bitcoin. Se uma moeda não trás nada novo, não vale a pena em comparação com o Bitcoin. Namecoin é um servidor de nome de domínio distribuído (apesar de recentemente ele teve uma falha fatal descoberta, então tenha cuidado), Ripple é um sistema de distribuição de moeda e pagamentos. Litecoin será útil apenas no caso de um erro grave no algoritmo do Bitcoin (algo bem difícil de acontecer por agora). Fora essas, existem poucas ou quase nenhuma moeda alternativa que valha a pena usar para diversificar.
Aceitando pagamentos com segurança Nós tratamos formas seguras de se armazenar dinheiro, agora uma nota rápida sobre pagamentos com bitcoins e sua segurança. Em primeiro lugar, quando você estiver fazendo uma transação, pague suas taxas. Transações sem taxas podem levar uma eternidade para se propagarem, confirmarem e finalizarem. Isso pode gerar um monte de estresse, então, paga suas taxas. Em segundo lugar, quando aceitar pagamentos altos em Bitcoin (digamos que você, de repente, deseje vender uma barra de ouro em Bitcoins), espere a confirmação de pelo menos uma dessas transações. Seis é o melhor, mas tendo pelo menos uma confirmação é muito melhor do que não ter nenhuma. Esse é a regra de ouro para os paranoicos (Eu não faria isso para transações casuais), mas talvez isso irá protegê-lo se você estiver lidando com pessoas suspeitas. Resumindo… Isso deve servir para o básico. Se você quiser ler mais sobre segurança Bitcoin no geral, aqui está minha tese de mestrado no assunto[https://bitcointalk.org/index.php?topic=88149.0]. Um monte de perguntas sobre Bitcoin e segurança podem também ser respondidas no Bitcoin StackExchange [http://bitcoin.stackexchange.com/] – faça questão de dar uma olhada nele. Comentários e sugestões são bem vindos. Traduzido por: Sarah Alexandre Original em: http://www.reddit.com/Bitcoin/comments/1pxy4w/basic_bitcoin_security_guide/
edit: bitaddress is ok But there are a lot of MANIPULATED FAKE SITES what looks exactly like the original. This is a warning because fake websites - not to bashing original bitaddress. Before you ... แฟนเพจ https://www.facebook.com/SIAMw6Caster/ คลิปผมมีหลายคลิปนะ ดูเพริสให้ครบก่อน ... Mycelium Cryptocurrency Digital Wallet Sign Up and Getting Started Tutorial For Beginners 2018 - Duration: 5:28. Crypto Currency Enterprises 3,043 views HOW TO CREATE A BITCOIN WALLET FOR FREE. How To Create A Free Online Bitcoin Wallet - Youtube Bitcoin Wallet - Blockchain - Cüzdanınızı Seçin - Bitcoin - 3 W... I met Peter Kroll at a Bitcoin conference about a year ago. When I asked Peter what his involvement was with Bitcoin, he told me he created the original Bitcoin paper wallet at BitAddress.org. I ...