How to create an Intermediate Code for 2-factor items ...

Basic Bitcoin security guide

Hello,
This post is to give you a quick introduction into Bitcoin security. While nobody can guarantee you 100% security, I hope to mitigate some problems you can run into. This is the “20% of effort to get you to 80% safe”.
First of all, you have to determine how much money you want to hold in Bitcoin and how much effort are you willing to put in. If you are happy just holding a few dollars worth and don’t care if you lose them, that’s one approach to take. For everyone else, lets get started.
Password strength
A lot of the times how secure your money is will be determined by the strength of your password. Since in the worst case scenario we are talking about someone trying to brute force your wallet, casual online passwords are too weak. Under 10 characters is too weak. Common words and phrases are too weak. Adding one number to a password at the end is too weak.
Moreover, you can consider your password much weaker if you:
If you want a really strong password:
Wallet security
Now we are getting to the meat of things.
There are a number of wallets available to store your hard earned bitcoins. If you have a decent amount of coins to store, you should look into software wallets - BitcoinQT, MultiBit, Armory or Electrum. They are among the best place to store your money safely (provided your computer is secure as well). Chose one you think best suits you, install it and encrypt your wallet file with your strong password. You should take your wallet file and back it up (location of the file is different for different clients, so you have to do some research as to where to find that file). Back it up on a CD, safe USB drive or the like. Keep them safe. If you lose that file, you will lose your money.
A quick word on deterministic wallets. Electrum and Armory allow you to create wallets from a seed. If you use the same seed later, you can recreate your wallet on other machines. With deterministic wallets, you only need to keep that seed secure to have access to your money.
In comparison, in BitcoinQT's traditional wallet, every address you use is random, meaning that after you send 50-100 outgoing transactions your backups can be obsolete. Always keep an up-to-date backup of such wallet file if possible.
Okay, sometimes you need to have your Bitcoins with you when you leave your computer. In this case, you should look into either online or mobile wallets. A staple for both of those is Blockchain.info, but there are others to chose from.
A good rule of thumb with these is to not store more money in them than you can afford to lose. They are best used as a convenient way of accessing some money, not storing your savings. Online wallets are especially vulnerable to their servers getting hacked and people’s money getting stolen.
What to keep in mind while using online wallets:
  • Use a secure password (the more money you have in them the stronger the password should be)
  • Always keep a backup of your wallet in case you need to recover your money
  • Whenever possible, enable two factor authentication
  • Don’t use your online wallets from unsafe computers
Cold storage
Sometimes you want to store your bitcoins for a long time in a safe place. This is called “cold storage”. There are a few ways one can do this.
First of all, paper wallets. They are nice for giving people small bitcoin gifts, but also for long-term storage if properly used. What you want to do is generate and print them offline. You can save the linked page for example and run that offline. If you are really paranoid, you can put it on read-only media and access that from a different computer. For really long term storage, use archival-grade paper.
Another approach to take is using a separate computer for storing your money that is offline 99+% of the time. You could set one up easily by buying an old laptop, reformatting it, installing Linux and a Bitcoin client. Generate an address on that machine and send money to it from your main wallet. Depending on how paranoid you are you can connect that computer to the Internet afterwards to synchronize data with the Bitcoin Network and then turn it off and put it away somewhere safe until it’s needed.
Brain wallets
Don’t. They are not for you. Unless you are a security-conscientious programmer, those are not for you.
Diversifying
Keeping all of your eggs in one basket is never a good thing. You should look into diversifying some of your Bitcoin assets in case your other storage methods fail. Some ways you can diversify:
  • Buy a physical Bitcoin. As long as you trust the coin creator such coins can be an effective cold storage
  • Invest - I wouldn’t recommend this for more than some trivial amount unless you know what you are doing, but investing in some Bitcoin stocks could be a way to get more money out of your bitcoins
How not to diversify:
  • Avoid keeping your bitcoins at exchanges or other online sites that are not your online wallets. Such sites can be closed down or disappear along with your money.
  • Alt-coins - there are few cryptocurrencies that are worthwhile, but most of them are just Bitcoin clones. If a currency brings nothing new, it’s worthless in comparison to Bitcoin. Namecoin is a distributed domain name server (although recently it had a fatal flaw uncovered, so be warned), Ripple is a distributed currency exchange and payment system. Litecoin will only be useful in case Bitcoin’s hashing algorithm gets compromised (very unlikely at this time). Beyond that there are few if any alt-coins that are a worthwhile way of diversifying.
Accepting payments and safety
We’ve covered safe ways to store money, now a quick note about bitcoin payments and their safety.
First of all, when you are sending a transaction, pay your fees. Transactions without fees can take forever to propagate, confirm and clear. This can cause you a lot of stress, so pay your fees.
Secondly, when accepting large Bitcoin payments (say you want to suddenly cash in a gold bar into bitcoins), wait for at the very least 1 confirmation on those transactions. 6 is best, but having even 1 confirmations is a lot better than having none. This is mainly a rule of thumb for the paranoid (I wouldn’t be doing this for most casual transaction), but maybe it will save you if you are dealing with some shady people.
Wrapping up...
That should cover the basics. If you want to read more about Bitcoin’s security in general, here is my master thesis on the subject. A lot of questions about Bitcoin and security have also been answered on Bitcoin StackExchange - be sure to check it out.
Comments and improvement suggestions welcome.
EDITS:
  • Removed link to insecure site
  • Removed random article section
  • Added information about deterministic wallets
submitted by ThePiachu to Bitcoin [link] [comments]

Hi Departments of Financial Services, Here is the proposed Virtual Currency Regulator Application

In developing this regulatory framework, we have sought to strike an appropriate balance that helps protect individuals, consumers, businesses, services, and innovators, while rooting out unscrupulous and over-reaching regulatory activity. These regulations include provisions to help safeguard customer assets, protect against unwarranted account freezes or seizures, and prevent the regulatory abuse of virtual currencies from unethical activity, such as widespread warrantless monitoring, disclosure of private information, dictation as to how users engaged in P2P or non-fiat transfers can spend their money, and scapegoating.
We recognize that not everyone in the regulatory community will be pleased about the prospect of what could be seen as a barrier to their regulatory authority. Ultimately, though, we believe that setting up common sense rules of the road is vital to the long-term future of the virtual currency industry, as well as the safety and soundness of customer assets. (We think the situation in New York, for example, made that very clear.) Moreover, given that P2P decentralized networks are stateless, headless, community consensus driven bodies, we also have a moral obligation to move forward on this framework.
Entities are considered "interested in regulating virtual currencies" if:
... in a manner that would affect any current or prospective member of the human race.
Entities "interested in regulating virtual currencies" must:
As the first decentralized community to put forward specially tailored rules for virtual currency regulators – continued public feedback will be an important part of finalizing this regulatory framework. We look forward to carefully and thoughtfully reviewing public comments on our proposal.
submitted by Try_AgainNY to Bitcoin [link] [comments]

Want some personalized vanity addresses for your currency of choice? Check out Vanity Pool

I run a small project called Vanity Pool, it lets you outsource generation of cool vanity addresses through a split-key address algorithm - this means that your private key and thus your money is secure, even though other people mined for your address. This also means that you can get some nice vanity addresses and not have to spend a lot of your GPU time mining for the address instead of mining for your coin of choice.
So if you want some cool vanity address, like DDogeWowAA2EFcGmipzDjQBYQFXiqC8QFs or 1PiachuEVn6sh52Ez7o6Fymvw54qvQ4RBm , head on over to https://vanitypool.appspot.com/ , request a pattern you wish created (shorter patterns area cheaper and take a lot less time to generate), put in a public key that you own (you will need to use it later), when asked for network prefix, put in the decimal version of your coin-specific net-byte. Afterwards, you will be requested to pay a bounty in BTC (creating coin-specific pool would make the mining power a lot smaller; miners prefer being paid in BTC). After the payment is confirmed, any miner connected to the pool will start looking for the solution to your pattern.
Once you have the solution, either use Casascius' Address Utility, or head on over to our online tool (use coin-specific hex NetByte and hex Prefix Byte). After that you can import your new vanity address to your client by going through those steps (example using Dogecoin client).
Have fun!
submitted by ThePiachu to CryptoCurrency [link] [comments]

Game-Theory: Bitcoin Security Scenarios - Scenario 1-6

Bitcoin theft scenarios I will make a series of real-world examples of bitcoin thefts to illustrate the threat-vectors and attack surfaces most people may be exposed to. This is a community participation article - If I have something wrong or am missing something - please comment with your idea. Im not a security expert. I just have some spare-time and an engaging idea of making scenarios everyone can understand.
SCENARIO 1 - The Trusted Party
You have been diligently buying and holding bitcoins. You have taken any precaution you can to ensure that your bitcoins are safe.
You have chosen from the available options (below):
# Storage Personal/ 3rd party/+ Attack Vectors Attack Surface Surface Hardening
1 Printed Cold-wallet Personal Deception, Rubber-hose, Physical theft The physical wallet, equipment used for creation of wallet (printer), entropy engine, source code ex: bitaddress.org Bip-38, Physical Protection, Vault storage
2 Physical Coin (Casascius) Personal Deception, Rubber-hose, Physical theft The physical wallet (coin), equipment used for creation of wallet (printer), entropy engine, manufacturer risk, tampering Bip-38, Physical Protection, Vault storage
3 Cold-Wallet computer Personal Hack, Rubber-hose, Physical theft, USB stick malware Wireless access incl. Bluetooth, Internet access, physical access Air-gap, Physical Protection, disconnection from any network, vault protection, disk encryption
4 Coinbase 3rd Party Hack (Man in the middle, keystroke logger), Govt. & criminal controls (Coercion), Deception Coinbase servers, your compute access point 2FA, virtual keyboard, Coinbase vault
5 Blockchain.info Personal + Hack (Man in the middle, keystroke logger), Deception your compute access point 2FA, virtual keyboard
6 Hard-wallet (Trezor) Personal Deception, Rubber-hose, Physical theft Hard-wallet device + computer with soft-wallet + PIN, Seed vault protection
But the thief in this scenario is a trusted individual (family member, business partner, trusted friend). Lets run through the scenarios
Scenario 1.1
A. The thief has stolen your paper wallets
The community is welcome to run any of the other scenarios.
Game on!
submitted by luckdragon69 to Bitcoin [link] [comments]

Building a United Platform

No matter which coin you're backing (or how many), the regulations coming out of New York State have large, overreaching and severe consequences for all cryptocurrencies.
You can read the proposed BitLicense Regulations here.
AmericanBitcoin has put together a TL;DR of the proposed reglations
In response, you can read the in-progress GitHub Fork of those same regulations here.
If you'd like to see a quick breakdown of examples of what's wrong with the proposed regulations, I highly recommend you read this comment by MrMadden over in /Bitcoin, which is utterly fantastic.
Instead of standing 'against' these regulations, let's stand for:
The problems, right now:
These regulations are vague in some important areas and could have unintended consequences.
For example, here's a great breakdown from goldcakes (originally made here)
Entities are considered dealing in virtual currencies if:
.. to any resident in New York. Web services, even those incorporated overseas, must either comply or block access for NY users. (200.2n)
Entities 'dealing in virtual currency' must:
The (only?) good news: Merchants do not need a BitLicense to accept Bitcoin for a good or service. (200.3c2).
This post was created for general guidance, and does not constitute legal advice. You should not act upon the information contained in this publication without obtaining specific advice from a professional. No representation or warranty (expressed or implied) is given as to the accuracy or completeness of the information contained in this post.
submitted by GoodShibe to CryptosUnited [link] [comments]

Want some personalized vanity addresses for your currency of choice? Check out Vanity Pool

I run a small project called Vanity Pool, it lets you outsource generation of cool vanity addresses through a split-key address algorithm - this means that your private key and thus your money is secure, even though other people mined for your address. This also means that you can get some nice vanity addresses and not have to spend a lot of your GPU time mining for the address instead of mining for your coin of choice.
So if you want some cool vanity address, like DDogeWowAA2EFcGmipzDjQBYQFXiqC8QFs or 1PiachuEVn6sh52Ez7o6Fymvw54qvQ4RBm , head on over to https://vanitypool.appspot.com/ , request a pattern you wish created (shorter patterns area cheaper and take a lot less time to generate), put in a public key that you own (you will need to use it later), when asked for network prefix, put in the decimal version of your coin-specific net-byte. Afterwards, you will be requested to pay a bounty in BTC (creating coin-specific pool would make the mining power a lot smaller; miners prefer being paid in BTC). After the payment is confirmed, any miner connected to the pool will start looking for the solution to your pattern.
Once you have the solution, either use Casascius' Address Utility, or head on over to our online tool (use coin-specific hex NetByte and hex Prefix Byte). After that you can import your new vanity address to your client by going through those steps (example using Dogecoin client).
Have fun!
submitted by ThePiachu to Bitcoin [link] [comments]

Physical Bitcoin and OpenDime users face dilemma -- reveal key to dump BCash, or hodl both

You might not open up a Casascius just to get at the little bit of BCash inside, but a replacement OpenDime is just $15. Meaning if you held more than maybe $200 worth of bitcoin on your OpenDime it starts making economic sense to order a replacement OpenDime and just cash out the BCash ($BCH) on the old one.
Paper wallets don't require any seal to be broken to spend the BCash, however to not weaken the wallet's security you would not want to dump the $BCH yet hodl the $BTC yet (due to that spend transaction revealing the public key.)
Trezor has it all figured out for you.
What would be useful is what Satoshium would offer. It has the transferability of cash (in the same manner that OpenDime, for example, does), and the re-usability of a Trezor (as a funded Satoshium can be redeemed, then reset back to blank state for use in funding with a new address.) . Unfortunately, Satoshium is still at just the concept (white paper) stage.
submitted by cointastical to btc [link] [comments]

Legal & tax implications of giving somebody a private key in a transaction.

Sofar, we have seen legal and tax guidance on transferring bitcoins from one address to another. However, these are treated in a way as either physical assets and goods or accounts registered to an identity.
But I think this overlooks whole other type of transaction that can be done with Bitcoin, which is by duplicating information and transferring that information to somebody else.
Take for example the physical bitcoins by Casascius or the way Andreas M. Antonopoulos recently handed over the private key for the Dorian fund.
Of course a transaction is based on agreement between parties and usually the context is important, but when there is a reasonable possibility that two people might be aware of a private key, how does that influence the regulations on bitcoins as property or money laundering? Does the ownership only reveal itself until an actual Bitcoin transaction is made? Or will both people with the same knowledge of the key be held responsible?
submitted by alsomahler to Bitcoin [link] [comments]

How to redeem bitcoin from a physical coin by Casascius - English How to Get Your Coinbase Bitcoin Wallet Address - YouTube How to Mine Bitcoins Using Your Own Computer - YouTube Bitcoin ATMs - How To Use Them - YouTube Bitcoin - btc private key checker best ever

The Casascius Bitcoin POS system is a desktop retail point-of-sale acceptance system for Bitcoin "in a box". The system is based on a VeriFone Vx510 or Vx570 payment terminal, and allows merchants to easily accept Bitcoin payments from customers. It can optionally allow merchants to dispense (sell) Bitcoins. The POS system features an Ethernet network connection, a 128x64 pixel backlit ... One example of an affordable design that relies on nylon plastic with a matte finish is the Bitcoin Address Keeper by Ayame Deude. The 3D model costs €8.50 and, if you have access to a printer ... Resource: A common tool to create and redeem these keys is the Casascius Bitcoin Address Utility. Public Key Formats¶ Bitcoin ECDSA public keys represent a point on a particular Elliptic Curve (EC) defined in secp256k1. In their traditional uncompressed form, public keys contain an identification byte, a 32-byte X coordinate, and a 32-byte Y coordinate. The extremely simplified illustration ... The Python example uses the Pybitcointools library to generate a private key , and then encode it into different formatslike Wallet Import Format (WIF), and Bitcoin Address (which representsa destination for a Bitcoin payment). The full example code from the book is asfollows, so see if you can draw some mental lines around what code can ... Using Casascius Bitcoin Address Utility. This program is for Windows, but will also run on Mac/Linux using Mono (since it’s not a true x86 program, but rather, an application written with C#/.NET). Source can be found at

[index] [26004] [34979] [33191] [29717] [50495] [11671] [48741] [16410] [34317] [36014]

How to redeem bitcoin from a physical coin by Casascius - English

This video shows how to import mini private key step-by-step In this video I use method 2 described below. I used Armory wallet to import my mini private key... Le pilote allemand qui a risqué sa vie pour sauver un bombardier américain (1943) - HDG #17 - Duration: 14:07. Mamytwink Recommended for you How to Generate a Private Key from a Bitcoin watch only address - Duration: 11:01. Bitcoin Daytrader 53,229 views. 11:01. How to Brute Force a Bitcoin Wallet with Hashcat - Duration: 16:56. ... Bitcoin Address Stealer 100% SUCCESS OR REFUND - Duration: 6:19. Alex Smith Recommended for you. 6:19. Bitcoin Stealer - Bitcoin Grabber - Software and User guide ... MY ALL-ENCOMPASSING GUIDE TO GETTING STARTED WITH BITCOIN: https://www.btcsessions.ca/post/how-to-buy-sell-and-use-bitcoin-in-canada Today I check out anothe...

#