Showing posts from August, 2017

Bitching about Lightning Network won't help you stop it

All of you who keep bitching about Lightning Network, you need to realize that Lightning Network is a layer 2 technology, which by definition layer 1 doesn't know about and isn't affected by. Just like TCP doesn't know about the contents of the encapsulated SSH and HTTPS that it's transporting. Furthermore, the development of Lightning Network is permissionless, and anything that's permissionless and useful will inevitably come into existence due to market forces. There is literally nothing at this point that can stop it. Moaning about it, spreading lies and fud etc won't stop it. You are wasting your energy. Give it a rest already. Go do something useful with your life.

Forking of Bitcoin is good

Forking is good. Because THIS IS D-E-M-O-C-R-A-C-Y! You can vote with your wallet what to use as money. Also, there are hundreds of altcoins... This is good. Let's users decide which coin to use. Some cryptocurrencies have interesting features (not available by default on Bitcoin), like Monero (privacy). Some have very little transaction fees - they are good for permissionless micropayments (no need to rely on 2-nd layer like AdvCash, Payeer with free/cheap internal transactions).

It's happening! People are putting Bitcoins in ther IRA account!


Dealing with the anxiety related to the volatility of your porfolio

Follow the Nassim Taleb's advice - don't listen to noise. (The price changes you see every day are just noise (just like the "news" on the TV). Don't look at prices every day. Or even every month. Look at them once per year. And your life will be better.) I highly recommend Taleb's books. It change the way you perceive things (not only finance-related). (I also have hard time following this advice, but I accept this noise more calmly after I read the Taleb's books. Also,"The Antidote" by Oliver Burkeman might help with your anxiety.)

MaidSafe vs Storj vs Sia

Are small transactions not economically feasible?

You can make small transactions using "banks" like Coinbase, Xapo and most cryptocurrency exchanges (they have account-to-account free transfer feature). You should trust these "banks" only for amounts you can afford to loss. Don't store most of your assets in "banks", be your own bank. It is similar to how the legacy financial system works - if you make bank-to-bank transfer you pay a fee. If you transfer between accounts within the same bank - this usually is free.

SMS is not a proper form of 2FA - use Google Authenticator instead

SMS text messages sent to your phone are not a valid form of 2FA since the hackers will just call your phone company claiming to be you and your phone was damaged. They get a replacement SIM, access everything linked to your phone.

There is no need to smash your computer after generating your Bitcoin keys/seeds

No need of smashing, burning or even formatting if you are using some "Live" operating system like Ubuntu or Tails run from DVD (on computer with disconnected hard drive, SSD, flash drive).

Bitcoin exchange without KYC verification

Many exchanges require KYC verification only if wire transfers are involved. If only crypto is traded (i.e. Litecoin => Bitcoin) there is no requirement for verification. Some exchanges also don't require KYC verification if e-money are used (like PerfectMoney, PaySafeCard, SolidTrust Pay). Also, there are many "e-money exchanges" that do not require verification if you use their services to trade e-money and/or cryptocurrency. Verification is usually required only when using insecure payment methods like PayPal or SWIFT/SEPA wire transfers (because banks require KYC verification). If you want reliable provider of debit card for withdrawing your Bitcoins at any ATM:

Do not use default options for the scrypt utility and keepass2!

Here is example with more secure options: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt If you have several GB of free memory you can increase the memory usage several times. My tests confirm that the "-t" parameter is not working correctly - it takes less than 200 seconds to derive the key from your password. Archiving private keys - TLDR versionLearn more about key stretching. Keepass2 have the option to specify how slow should be the KDF. Click on "1 second" and then add one zero at the end of the number (10 seconds). This will slow down the opening of the database. However, it will also slow down the saving. After I tried to open the database made by Keepass2 with KeepassX I noticed that KeepassX is opening the database much faster than Keepass2 (it takes part of the second compared to 10 seconds with KeePass2). This means that you get false sense of security when your KDF hardness is set to 10 seconds (5701…

Archiving private keys - TLDR version

0. Make multiple encrypted copies. On DVDs (they are better than CDs and Blu-Ray discs; DVD+R are better than DVD-R), paper, cloud services like DropBox, OneDrive, Google Drive, e-mail it to yourself and to your friends, use P2P storage services like MaidSafe, Storj and Sia, etc. 1. Use proper font when printing PGP encrypted keys on paper. 2. Flash memory (SSD, USB flash drives, hardware wallets) is less reliable when not powered regularly (i.e. every week). 3. Use error correction methods like Parchive and ZFS. 4. Print on paper or store on digital media only encrypted data. 5. Your encryption software should use CPU/RAM-intensive KDF (i.e. scrypt with secure options - do not use defaults!). First, encrypt with scrypt and then encrypt it again with PGP (using different password!) in ASCII armor mode before print it (other methods like QR codes may not be reliable as multiple copies of the PGP ASCII armor).Do not use the same password for the PGP because it's easy to brute force…

The 'regulated' exchange Bitstamp would not return your money if you raise red flags for being a terrorist and/or money launderer

I have done transfers before and everything went smooth until 15 days back, right after i did the transfer they sent me requesting details for the KYC process, they take one or two days to reply to me and within 6 days I have sent everything they requested. Now after they have everything, they do not reply to my inquiries, they did not provide any timeline or clarity on the process and why they did not mention it before. I did the transfer 2 weeks ago and today I have no clue what is the status. I find it fishy that they are doing this and is concerned about my money. What can I do?I have been through KYC before with a bank but it was very different, they simply send me a list of mandatory documents that I have to send, for bitstamp i am their customer for almost a year now and i did transfers before. I am not a day trader and do not have that big volume. They kept the KYC running for 14 days back and forth, there was a statement needed from a bank in my home country which i could not…

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Flash memory is not a reliable medium for archives. Especially when there is no regular power. I have personal experience with usb flash drive not powered for weeks - one file became corrupted. (Read more here: Archiving private keys - TLDR version.) You should always back up on paper and other mediums. Flash memory is prone to failure if it is not powered for weeks or more and if there are ionizing radiation When you write your precious private keys you should use technologies like Parchive and ZFS. And make several copies of your files. It's OK if you use your USB flash drive for another backup, but don't rely on it! Always back up on DVDs (even small files!), paper and online (after encryption with CPU and RAM intensive key derivative function like scrypt). Here is example of using the scrypt utility: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt Do not use default values of "-M" and "-t", they are we…

FBI has your BTC-e password hash, 2FA codes and your public cryptocurrency addresses!

FBI or another three-letter-agency can use this hash to find out your password and crack your account at another exchanges and websites! Also they have your e-mail address. You may consider changing it or securing it!They may try to crack it! Do not reuse your password! They may try to find your password using dictionary attack. This is why you should not use words from a dictionary. If BTC-e become operational again you have some chance to withdraw funds before FBI to crack the new BTC-e website! American three-letter-agencies cannot be trusted! Maybe NSA will try to steal from you. Or another American agency will three letters. Or another American agency (with less or more than 3 letters in their name). Also corrupt agents may sell the database. Like the agent that stole coins from Silk Road. They have access to list of your public cryptocurrency addresses. Do not reuse addresses! You should be scared now! It will be very hard for BTC-e to verify that genuine users are tryi…

You will lose your BCC if you try to withdraw BCC to a BCH address!

Before trying to withdraw read carefully information provided by your exchange. Some symbols might be misleading. BCC is not Bitcoin Cash in some exchanges! Some exchanges use BCH for Bitcoin Cash, not BCC! I predict that there will be losses associated with this misunderstanding. Think before to deposit/withdraw! On exchange BCC is used for two different cryptocurrencies!

Do you trust your hardware?

Do you believe that your hard drive does not contain malware? I mean not what you maybe think. Malware can be installed on the hard drive's microcomputer. All hard drives contain another computer inside them - with his own processor, RAM, flash memory, etc. This computer have access to the main computer's RAM. Also your BIOS/UEFI may contain malware. Also your CPU contains entire computer (like hard drives). Search for "intel amt rootkit" for more info. Rootkit in your laptop: Hidden code in your chipset and how to discover what exactly it does [PDF] All anti-virus programs can not access and verify the memory of these separate computers, hidden inside your computer.Key phrases you may want to type into Google: hard drive firmware rootkit NSA hard drive firmware Intel AMT rootkit Intel ME rootkit BIOS UEFI malware BIOS UEFI rootkit Here is somewhat safe alternative, but this does not solve the problem with the CPU and the hard drives: is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to