bips/bip-0039.mediawiki at master · bitcoin/bips · GitHub
bips/bip-0039-wordlists.md at master · bitcoin/bips · GitHub
Discussion about Bitcoin. BitcoinSV restores the original Bitcoin protocol, will keep it stable, and allow it to massively scale on-chain. BSV will maintain the vision laid out by Satoshi Nakamoto in the 2008 white paper - Bitcoin: A Peer-to-Peer Electronic Cash System.
Hey guys, What's the best and safest way to gift bitcoin to someone who doesn't have a wallet yet. I was thinking about buying a ledger wallet and sending the bitcoins there and then gift the ledger. But that would mean the wallet is not that safe as i because i would have set it up for the person. Even though it's not in my intention to access the wallet once i gift it. Is there a way to just give a brand new ledger and maybe some way of automatically getting the bitcoin once the wallet is set up? or maybe a smart contract kind of stuff?
I’ve a few questions 1- Is it safe to generate any random 12 words using Ian Coleman tool? I mean, I just keep clicking on generate button until I like the 12 words generated which I can memorise them? Then restore them on Trezor Wallet and then create passphrase on Trezor. Of course, this will be done offline. 2- Would any generated 12 words from Ian Coleman give entropy if 128 bits? 3- I’ve come across this article and wonder if generating seed phrase from BIP39 word list is a good idea or not? https://github.com/bitcoin/bips/wiki/Comments:BIP-0039 Appreciate the input
What's the best term for the BIP39 "mnemonic" that's used to create a seed for a hierarchical determinstic wallet? In BIP39 it's called a "Mnemonic Code", whereas on bitcoin.it/wiki they call it a "Seed Phrase", because they believe word mnemonic is misleading (i.e. doesn't necessarily have to be memorized). The ones I've seen are:
Anyway, is there a standard term for it these days? What's the best term going forward?
Due to the fact(s) that... a) the BCH network supports P2SH (i.e. addresses starting with 3), but not segwit ... and ... b) the sending wallets thus have no way of knowing that P2SH-wrapped segwit addresses really are "hiding" a segwit redeemscript ... people are losing access to their BCH, there's currently no way to prevent this, and it will continue happening.
(These are just the ones that I've noticed, but I'm sure there are many more that go straight to the various wallet service providers' support teams instead of via Reddit.)
To add insult to injury, the unlucky BCH owners are routinely told that there's no way to recover the coins (including by myself at the start) due to BCH not supporting segwit. And while that's currently true, it is ultimately only a half-truth. After all, segwit opponents have often said that the satoshis in segwit addresses would be "anyone-can-spend" if the miners didn't enforce the segwit rules (i.e. ensuring that there's a proper witness/signature in the "segregated" part of the txs). And on the BCH network the segwit rules aren't being enforced!
A Partial Solution
So I did some digging (e.g. in the segwit documentation and P2SH specification, BIP16) and came to the conclusion, which I'm sure that many have before me, that in order to spend money sent to a P2SH-wrapped segwit address, you only need to know the public key of the address (or more precisely: the RIPEMD160 hash of the SHA256 hash of a the public key). Yes, a hash derived from the public key, not the private key. Luckily, the 3-addresses don't by themselves reveal this public key hash, or anyone could've made "signed" txs from these "BCH-segwit" addresses - and someone probably already would have.
So, given that it's relatively easy (for a technically inclined person, anyway) to get the public key corresponding to an address from their BIP39 mnemonic (aka wallet recovery seed), why aren't people re-claiming their BCH from these addresses? Well, the "signature" that's needed isn't really a digital signature in the normal sense. Regular cryptocurrency transactions include a digital signature that doesn't reveal the private key that was used to make the signature in question. What's needed to "sign" for BCH-segwit addresses, however, is just literally including the public key hash that was mentioned above instead of a proper digital signature. This means that anyone who sees such a transaction can just extract the public key hash from it - and then go on to create a conflicting transaction, using the same public key hash, that sends the same money elsewhere (to themselves, I would presume). Technically, the second transaction would be a double-spend of the original and, as with all double-spends, it's the miners that would be the final arbiters of which transaction gets recorded in the block chain. Additionally, a malicious miner could just create their own version of the transaction, either overtly redirecting the money to themselves, or covertly by changing the transaction to have no monetary outputs (i.e. all the money would go to the miner as "fee"). But the problems don't stop there. These segwit-spending transactions would be non-standard and as such wouldn't be relayed to the miners in the first place, nor would it be mined by miners even if it reached them (provided that the nodes and miners run with the default policy of ignoring non-standard txs, that is).
What we need is one or more trustworthy (yes, trust would unfortunately be required) miners to step up and make a BCH Segwit-Recovery Service for this particular purpose, in a somewhat similar way that they provided acceleration services for the BTC network (example1 and example2).
So... Does anyone know if a) miners are already working on this or b) know how to get in touch with them about this? Or are there any benevolent miners here, that would like to:
get good publicity and community goodwill by helping with these "segwit casualties"
earn a decent fee for this service (e.g. 10 %, but this can be announced and enforced by the service itself - it only needs the public key (or its hash) to generate and mine a transaction, including a ToS-compliant fee)
/btc users, feel free to notify any miner contacts you may have - let's make this happen!
Update 1 (2017-09-11)
Update 2 (2017-11-21)
It looks like some greyhat/vigilante, working with an unknown miner, was able to unilaterally claim some of the BCH that were "stuck" in BTC-segwit addresses (namely, the ones for which the public keys were revealed by the owners spending BTC from the same addresses), as explained in this post and comments: https://np.reddit.com/Bitcoin/comments/7eixcu/recovering_bch_sent_to_segwit_addresses/ For those that are affected by this, it means you no longer control your BCH (they were "stolen" by the greyhat), but he seems to be offering to give them back if you agree to letting him keep 30 % for his service (or "service", however you look at it). Either way, and given the alternative (100 % loss), you should certainly check if you're affected and decide how you want to proceed. As if that wasn't enough to deal with, there seems to be a ~2 week deadline, until "December 5th, 2017 at 23:59:59 UTC", after which it seems he's decided he's entitled to keep your money. :(
Update 3 (2017-11-28)
It looks like the greyhat has turned white! He's now offering to give back, for free, any and all BCH that were transferred to him (yes, 100 %!). Read his new update post and check if you were affected by this transfer.
Securing your Crypto with a Ledger - Things to Consider
I wrote this for a friend. This is how you should setup, verify, and secure your wallet/keys. The Nano is a hardware wallet. It generates the private key inside the USB dongle. It has a very limited API set and the private key is locked away in the hardware only accessible from the the OLED display on the device in the form of a 24 word BIP39 "seed" https://en.bitcoin.it/wiki/Mnemonic_phrase . When you setup the ledger you copy that down from the device screen. I made a table with two 12 row numbered columns to write down the seed words (to mirror the metal seed backup layout). Then you have to re-enter it to verify. Then you can load wallets which also generate self-deterministic keys in the ledger H/W. The Seed can restore the wallet to any other ledger, or to any BIP39 standard software wallet. Of course once you load a software wallet onto a computer, it means your key is no longer secure because it's stored digitally and a hacker can potentially access it. The Nano uses a 4-8 digit pin, if you enter it wrong 3 times it wipes the device and it must be recovered from seed. Once the wallet is setup, it's a good idea to test a small deposit, reset the nano and restore the wallet from the seed. This ensures you will be able to do it should the need arise. The seed phrase must never be shown to anyone, have a picture taken of it. don't do it in front of a laptop or with a phone in the room. If anyone gets the seed they can load the wallet and transfer all your coins/tokens into their own wallet. To protect from fire use titanium plates (crypto steel or similar) to punch the 24 word seed into the metal plate. The Nano will cost $100, the Plates ~20, the Punch Set $15 and a jeweler's plate ~$15 (4x4x3/4 works great). It won't rust or melt in a fire. Once punched, burn the paper seed word completely. The nano should eventually be kept in a safety deposit box at the bank. The pin protects it even from the state (and you could always have a contingency plan others could enact to move your funds should it get seized by one of the alphabet agencies), and it protects you from home invasion to steal your crypto (there are several brutal cases of this - do not keep that shit at your home if it has significant money on it). The seed should be kept with another person (preferably far away) you trust at a separate location from your home. You could put it in a safe (time locked) or bury it in a garden. A comment below suggests using plasti dip spray paint to coat the metal and disguise it. The same person or another person should know what it is, and how to recover it or who to take it to in the event something should happen to you. There's currently a billion plus in lost XRP because a millionaire investor died on the way to drug rehab and his family can't recover it. You can deposit to the address without the ledger, but to spend you need the nano plugged into an internet connected computer and it requires a button press on the nano to confirm any spend. At the bank you can bring in a laptop, plug in your nanno, and transfer to your brokerage, credit card account, and wallets for the week/month, and lock it back up. When it comes time to spend you will have a credit card with an account that you load up with XRP to spend directly into fiat and mobile wallet for direct XRP purchases. For larger fiat withdraws you can go back through uphold or similar and into a bank account. https://uphold.com/en/blog/uphold-and-libra-credit-bringing-crypto-backed-credit-to-uphold-members (Now Wirex and others)
Electrum 3 is probably the first wallet to support native segwit (bech32) addresses. There are a few misconceptions regarding the different formats of segwit addresses that are in use right now. This post aims to clarify the consequences of using each type and explains advantages and disadvantages.
bech32/BIP173/"native segwit" Bech32 is a brand new address format that has a few advantages over the current address format:
Addresses are case-insensitive
Better error detection
More compact QR codes
Most importantly, bech32 segwit addresses enable native segwit transactions for Bitcoin. Those addresses always start with bc1. With such an address you can send to any and all wallets, exchanges and websites. However, currently (September of 2018) support from exchanges and some wallets to send to your wallet is still somewhat lacking, see Bech32 adoption. Please decide for yourself if that's enough for your needs. To use these addresses, simply create a new wallet and choose "Segwit" as the seed type in the creation wizard.
segwit-in-p2sh/P2SH-P2WPKH This is the address type that hardware wallets like Trezor or Ledger use. Addresses look like regular P2SH addresses, they start with 3. Without going into too much detail, this uses an old address type and uses segwit to spend from it. The advantage is that virtually all wallets already know how to send coins to this kind of address. One disadvantage is that to spend from those addresses, additional complexity is added to the transaction which makes those transactions slightly bigger (and thus more expensive) than native segwit transactions. Electrum also supports this kind of addresses but you need to manually import a BIP39 seed with a BIP49 derivation path.
tl;dr. electrum's segwit wallets are GREAT! but for the short term, until other wallets upgrade, they will be a pain to use
Affine cipher - Tool to encrypt your mnemonic seed with paper and pencil
If anyone is familiar with modular arithmetic and finding inverses then an Affine cipher is a simple paper and pencil way to encrypt your seed before putting it in a safe. Affine ciphers: https://en.wikipedia.org/wiki/Affine_cipher Some videos on modular arithmetic and finding inverses: https://www.youtube.com/watch?v=Eg6CTCu8iio https://www.youtube.com/watch?v=shaQZg8bqUM BIP39: https://github.com/bitcoin/bips/blob/mastebip-0039/bip-0039-wordlists.md With BIP39 indexed from 0 to 2047 we can use Affine ciphers the following ways: To encrypt the word we would use: E(word) = a*word + b mod 2048 a and b are the key. It is necessary that gcd(a,2048) = 1 and that b is an integer To decrypt the word we need to find the inverse of a (say a') and use: D(word') = a'(word' - b) mod 2048 To give a simple example use a = 1 and b = 3 using the word atom which is indexed at 114 E(atom) = 114 + 3 mod 2048 = 117 mod 2048 = attitude In this case a' = 1 so, D(attitude) = 117 - 3 mod 2048 = 114 mod 2048 = atom Non-trivial example use a = 13 and b = 18 E(atom) = 13*114 + 18 mod 2048 = 1500 mod 2048 = rocket In this case a' = 1733 so, D(rocket) = 1733(1500 - 18) mod 2048 = 114 mod 2048 = atom Hope this helps!
Mike Hearn posted this on the Bitcoin Developer Mailing List:
I'm pleased to announce the release of bitcoinj 0.11, a library for writing Bitcoin applications that run on the JVM. BitcoinJ is widely used across the Bitcoin community; some users include Bitcoin Wallet for Android, MultiBit, Hive, blockchain.info, the biteasy.com block explorer (written in Lisp!), Circle, Neo/Bee (Cypriot payment network), bitpos.me, Bitcoin Touch, BlueMatt's relay network and DNS crawler, academic advanced contracts research and more. The release-0.11 git tag is signed by Andreas Schildbach's GPG key. The commit hash is 410d4547a7dd. This paragraph is signed by the same Bitcoin key as with previous releases (check their release announcements to establish continuity). Additionally, this email is signed using DKIM and for the first time, a key that was ID verified by the Swiss government. Key: 16vSNFP5Acsa6RBbjEA7QYCCRDRGXRFH4m Signature for last paragraph: H3DvWBqFHPxKW/cdYUdZ6OHjbq6ZtC5PHK4ebpeiE+FqTHyRLJ58BItbC0R2vo77h+DthpQigdEZ0V8ivSM7VIg=
Thanks to Mike Belshe, the wallet can now send to P2SH addresses.
Thanks to Matt Corallo, the network layer was rewritten from scratch. It no longer depends on Netty, and it now supports both blocking and non-blocking sockets. In practice that means Java's built in support for transparent SSL and SOCKS becomes available again, which in turn means connecting via Tor is now possible. The new framework is lightweight, easy to understand and has been running a DNS seed crawler for some months now.
Thanks to Kevin Greene, we've added some support for the BIP70 payment protocol. Wallet authors can now consume payment requests, check their signatures and submit payments with the new easy to use PaymentSession class. The wallet-tool command line UI has support and an article explains how to use it.
Thanks to Miron Cuperman, the wallet can now watch arbitrary addresses and scripts. The wallet could previously watch an address as long as the public key was known. Now it's possible to watch for addresses even when the public key is not known.
Also thanks to Miron, Bloom filtering was also improved. The system now tracks false positive rates and cleans the filter when FP rates get too high. Unfortunately, some privacy bugs in Bloom filtering remain, which could (amongst other things) allow a malicious remote peer to test whether you own a particular key.
Thanks to Alex Taylor (bitpos.me), a new PostgreSQL based pruning block store was added. This block store is fast, and indexes the UTXO set, allowing for fast lookup of the balance of any given address.
A Java 8 based wallet template app is now included. The template is designed for people writing contract based applications. It provides a simple app that can be copy/pasted, which connects to the P2P network, manages a wallet, and provides a GUI that shows progress, balance, address+qrcode for receiving money and has a button that is used to empty the wallet out. It's designed to have an attractive and modern look, with tasteful animations and artwork.
Micropayment channels got many big improvements to the API and implementation. The release in 0.10 can be seen as a beta, in this release the micropayments code has been taken for a test drive for a couple of real apps and many rough edges polished as a result.
The default USER_THREAD executor can now be replaced, allowing a 1-line switch of all callbacks onto a thread of your choice instead of needing to override each callback, each time. This should simplify and clean up the GUI code of wallet apps significantly.
The WalletTool command line app has a more convenient user interface now.
A new DNS seed has been added. The seed is run by Christian Decker, from ETH Zurich.
bitcoinj 0.11 will shortly be available via Maven Central. Please use the dependency verifier plugin and/or check the PGP signatures on the uploads, if you use this!
We finished adding nullity annotations to the API. You should now be able to assume that any method not annotated with @Nullable won't ever return null values.
The WalletAppKit got a bunch of new features and convenience APIs.
The wallet will now create inputs with dummy signatures if the private key for an output is missing, rather than throwing an exception. You can then edit the input later to substitute in a real signature. This is useful when the signing is being done elsewhere, outside of the library.
In full verification mode, execution of scripts (i.e. checking signatures) can now be switched off. This is useful if you trust the source of the chain and just want to calculate the UTXO set.
The wallet risk analysis code is now pluggable, better documented and checks for finality in a more sensible way.
Various memory usage and flow control optimisations were made to allow much larger wallets to sync on Android.
The transaction broadcast algorithm was changed to be more robust.
Double spend handling in the wallet was improved.
Generated signatures now use canonical S values. This will aid a future hard-forking rule change which bans malleable signatures.
Some fixes were made for enable usage with the Orchid Tor library. Further support for Tor is planned for future releases.
Notable bug fixes
Some hard-forking full verification bugs were fixed.
Thanks to Miron, PeerGroup now performs exponential backoff for peer connections, for instance if we cannot connect to them or if they disconnect us. This resolves an annoying bug in which if the library was configured with a single peer that was down, it would spin in a tight loop consuming battery.
Some functionality of the Wallet class was moved into separate classes under the wallet package.
The micropayments API and protocol changed. New clients/servers are not compatible with apps running against previous releases.
The Wallet sendCoins/completeTx methods no longer return booleans or null to indicate failure, they now throw InsufficientMoneyException?or a subclass if the transaction cannot be completed. The exception object typically contains information on how much money is missing.
Some mis-named methods in the HD key derivation API were renamed.
The WalletEventListener interface has an extra method for watching scripts now.
Peer discovery classes moved under the net.discovery package
Any APIs that relied on Netty are now different.
An article on the networking API
Info on testing your apps, and how to use regtest mode to make a private Bitcoin network that allows you to mine blocks instantly.
A reference table showing which API's implement which Bitcoin Improvement Proposals (BIPs).
Im currently studying the seed generation of various wallets, and as part of my research i wanted to know what world list does GreenAdress use when generating the mnemonic passphrase for the private key ? This site says: "Where are my Bitcoin keys stored?
Your private keys are not stored. They are derived on demand from your mnemonics as a seed to a BIP32 hierarchical wallet."
Electrum 2.0 has been tagged | Thomas Voegtlin | Mar 01 2015
Thomas Voegtlin on Mar 01 2015: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Bitcoin devs, I just tagged version 2.0 of Electrum: https://github.com/spesmilo/electrum/tree/2.0 The electrum.org website will be updated later today. The release notes are a bit dense, due to the large amount of changes and new features in this release. In the coming weeks we will be adding more detailed documentation to the wiki and to the website. There has been a very long hiatus in Electrum releases, because it took me a lot of time to decide about the new seed derivation method and wallet structure. Now that this part is done, I hope that we will resume to a faster release pace. I would like to thank all the people who contributed to this release, developers, beta testers, but also people from this list who provided useful feedback. Cheers, Thomas RELEASE-NOTES
Before you upgrade, make sure you have saved your wallet seed on
New seed derivation method (not compatible with BIP39). The seed
phrase includes a version number, that refers to the wallet structure. The version number also serves as a checksum, and it will prevent the import of seeds from incompatible wallets. Old Electrum seeds are still supported.
New address derivation (BIP32). Standard wallets are single account
and use a gap limit of 20.
Support for Multisig wallets using parallel BIP32 derivations and
P2SH addresses ("2 of 2", "2 of 3").
Compact serialization format for unsigned or partially signed
transactions, that includes the BIP32 master public key and derivation needed to sign inputs. Serialized transactions can be sent to cosigners or to cold storage using QR codes (using Andreas Schildbach's base 43 idea).
Support for BIP70 payment requests:
Verification of the chain of signatures uses tlslite.
In the GUI, payment requests are shown in the 'Invoices' tab.
Support for hardware wallets: Trezor (Satoshilabs) and Btchip (Ledger).
Two-factor authentication service by TrustedCoin. This service uses
"2 of 3" multisig wallets and Google Authenticator. Note that wallets protected by this service can be deterministically restored from seed, without Trustedcoin's server.
Cosigner Pool plugin: encrypted communication channel for multisig
wallets, to send and receive partially signed transactions.
Audio Modem plugin: send and receive transactions by sound.
OpenAlias plugin: send bitcoins to aliases verified using DNSSEC.
New 'Receive' tab in the GUI:
create and manage payment requests, with QR Codes
the former 'Receive' tab was renamed to 'Addresses'
the former Point of Sale plugin is replaced by a resizeable
window that pops up if you click on the QR code
The 'Send' tab in the Qt GUI supports transactions with multiple
outputs, and raw hexadecimal scripts.
The GUI can connect to the Electrum daemon: "electrum -d" will
start the daemon if it is not already running, and the GUI will connect to it. The daemon can serve several clients. It times out if no client uses if for more than 5 minutes.
The install wizard can be used to import addresses or private
keys. A watching-only wallet is created by entering a list of addresses in the wizard dialog.
New file format: Wallets files are saved as JSON. Note that new
wallet files cannot be read by older versions of Electrum. Old wallet files will be converted to the new format; this operation may take some time, because public keys will be derived for each address of your wallet.
The client accepts servers with a CA-signed SSL certificate.
ECIES encrypt/decrypt methods, availabe in the GUI and using
the command line: encrypt decrypt
The Android GUI has received various updates and it is much more
stable. Another script was added to Android, called Authenticator, that works completely offline: it reads an unsigned transaction shown as QR code, signs it and shows the result as a QR code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU8y7fAAoJECvVgkt/lHDm78oP/2uIqCyOwLsAJGkAI3CPFxtw WssFJlnCnFiA4tPv5pd7HdOgxQkTaPbUHftexfdd/lpfmFvxZVoHcA/32IIKFH63 BU2bnEyYOaW1A4XfNDQH6VG7eT2er1HOlHCtIgzRl0KJNmVggU6DnXnHkUs1PVvg pyEIR7Xv3GiK7rcS4qCS/9COroqQGFOXJAiLnOaQP5KszT1bMUdoL7mBPTfavnla LM+2MgKJOWv+JpHQCDp3XwAXX62LLsS2BjdK1Jt6OpGA6IuVQGBSaTIn5K81S+Yh M6RDKbP3kObYQ+bzLvtWrzgUD3sdht/V8L5ZPS3+Jibvmhae2zRrm/YpJZ77Yjd4 7QliCFGH0+Gwle72yOempFGWULwq7p6yo4dVZXpj1G3XmbZXuvFg4jYeC/usCx+T kQgMBPWME2m80fCzhJew1pRChSs/lzVreB0Lh6Tm/5Pibmy721J4oUr6oLkaR9Uy NMrYqnSy0+tCEOXHrpCYhqogyzzdjOlv0gWKqB2uSkO5TkEHv2eyHeiZttAn11qO sb85q/k0kYQBZZEvKJ9022eyKHjejDhQjKsCVIHhb81BJ1QYnZFIxBiKkVMxf0u5 sT2TTi18eOrYCUGD2WJ+ALyI1zN1sHO0/sn5+XzlC0jg+1KUXoo0j8NYnzmHb0Yx 5lbdlcaw0Uo7iWkFdMYT =IGGP -----END PGP SIGNATURE----- original: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-March/007620.html
Why aren't the BIP38 words easy to visualize and memorize?
Memorizing your 12-word recovery phrase is not a bad idea, in case something happens to your backups. Of course, you should have multiple backups, but being able to remember the recovery phrase is useful. And there are various techniques to memorize lists of words easily. And thankfully, most of the BIP39 words can be visualized. But some are rather abstract; examples:
And others are too close together, e.g. "fun" and "funny", despite BIP39 claiming that an ideal wordlist should avoid similar words: How were these words chosen, and was ease of memorization a criterion? If not, why not?
I am finally trying to setup a SegWit address for my Ledger Nano S to start converting. I always like to independently generate the key pairs in an offline computer to ensure I can recover them correctly and the addresses match the Nano. Unfortunately, I cannot figure out how to do using a BIP44 mnemonic code converter. Bitcoin segwit does not seem to be a separate coin type, but do I need to use a seperate "account" or "purpose" as defined on the github wiki? Also, I am using this mnemonic code coverter. It does not have that many coins and I would have to edit the source code to support this. Is there something better out there?
I understand that the 12 word bitcoin mnemonic is completely secure - that even if someone decided to spin up a huge army of Amazon EC2 instances and set them to work guessing mnemonics, trying to "recover" random wallets by brute forcing the system, they would expend much more on their effort than they would manage to steal. But unlike cracking a password, where you have to combine it with the correct username, this effort - like an attack on brain wallets longer used since they are insecure, could be brute forced and I presume that eventually with enough computing power, wallets would be recovered. I'd like to know if there is a great explanation of this technology available, and if not, why? Perhaps users of bitcoin wallets, when asked to entrust their balances in a few words, have some level of doubt that this is "good enough" for them to secure their bitcoins with, and makes them question the security of the system more than they need to. What would be really great would be a high quality animated video, with references and mathematical proofs, posted on YouTube, that you could refer people to who are not technically or mathematically minded, to set their minds at ease. Because I do think, as adoption outside of the extremely tech literate grows, this question will come up more and more. Sorry I'm not posting this video myself, I'm not a great animator and don't know others who are. I also don't understand all the facts behind this. Perhaps, in leiu of such a video, others could write competing "best explanations for the layman" of this backup tool, and together we could form a really fantastic explanation. Here are some resources on the subject: https://www.reddit.com/Bitcoin/comments/2twczy/how_are_mnemonic_words_secure_only_12_words/https://blog.blockchain.com/.../understanding-mnemonics-and-the-blockchain-wallet/http://bitcoin.stackexchange.com/questions/30879/pros-cons-limitations-of-mnemonic-phrases-bip39http://www.explainxkcd.com/wiki/index.php/936#Explanation People do know that computers are very fast, and the thought of their backup phrase needing to withstand an attack from a supercomputer, or some unknown entity called "hackers" that are out there on the Internet, breaking into things, the better we can explain how insanely well protected they are by mathematics, the better. And maybe, some people would like the option to encrypt their mnemonic with a password of their own choosing - they just might believe by securing it with 1023albertstreetGod, like they do their bank account, will make this OK. Lastly, where are people advised to keep their mnemonic passphrases? Not everyone has a safe. They shouldn't be written down in Google Keep, or saved in an e-mail. Maybe they can write them down in the back of their diary, but what if their house burns down? Personally, mine is buried in the ground. I couldn't think of a fireproof solution (my flat burned down a few years ago, this is a real problem). Some people live in areas that might flood, though, or just not feel like buying a small gardening trowel. There are reasons people would rather trust their money to a bank - the bank guarantee that you can show up, and show them your ID, and get access to your money. And that if your money is stolen by hackers, you'll get a refund. We can secure our own money, but it's new to us, having something we can't just buy an insurance policy for, or give to a third party to look after for us, these aren't things a lot of people are used to dealing with themselves. Custodial accounts are not the answer, as BitFinex and countless other custodial accounts at exchanges demonstrate (some people would have trusted that because BitFinex had "upgraded" their security with BitGo, their funds were maybe safer there than in their own hands). I appreciate that it was BitFinex's setup, not BitGo, that was at fault here, but the point stands - who knows what security some third party are using, better to have trustworthy ways of securing your money aside custodial control. Trezor is great, but still has a backup mnemonic incase your house burns to the ground (or something much less likely). EDIT: Andreas Antonopolous on some of what I wrote here: "Welcome. I’d like to know your take on brain wallets. Most consider brain wallet bad for newbies. Do you think it’s good for cold storage when applied by hardcore bitcoiners? Say, to mix the private key in the password-generation phrases to get a secured address. By the way, I personally use this method for most of my own bitcoins, is it ok? Many thx. No, I think it is a terrible idea to try to make your own brainwallet or try to make complex security solutions if you are not an expert. Even for an expert, the best security is standardized, peer-reviewed, well-tested security. For cold storage I use BIP39 mnemonic phrases and standardized BIP32/BIP44 wallets built on top of those. I do not try to invent my own and I do not use brainwallets." Source: https://docs.google.com/document/d/1BEqEhxJjN05HgAZ_OYvVUJ6kxDvEDxGebLvea7XqP-c/edit?ts=57958319&pref=2&pli=1
From Bitcoin Wiki. Jump to: navigation, search. This page describes a BIP (Bitcoin Improvement Proposal). Please see BIP 2 for more information about BIPs and creating them. Please do not just create a wiki page. Please do not modify this page. This is a mirror of the BIP from the source Git repository here. BIP: 39 Layer: Applications Title: Mnemonic code for generating deterministic keys ... The Bitcoin reference client uses randomly generated keys. In order to avoid the necessity for a backup after every transaction, (by default) 100 keys are cached in a pool of reserve keys. Still, these wallets are not intended to be shared and used on several systems simultaneously. They support hiding their private keys by using the wallet encrypt feature and not sharing the password, but ... This BIP describes the implementation of a mnemonic code or mnemonic sentence -- a group of easy to remember words -- for the generation of deterministic wallets. It consists of two parts: generating the mnemonic and converting it into a binary seed. This seed can be later used to generate ... Bitcoin Improvement Proposals. Contribute to bitcoin/bips development by creating an account on GitHub. <pre> BIP: 39 Layer: Applications Title: Mnemonic code for generating deterministic keys Author: Marek Palatinus <[email protected]> Pavol
✍️ Wie funktionieren kryptographische Signaturen? Bitcoin Transaktionen erklärt.
Continuation of bitcoin python series, this time I'm generating master extended private (xprv) and master extended public (xpub) keys using python3. I am going through the implementation of BIP32 ... Global Crisis Meets Macro & The Future of Crypto (w/ Raoul Pal & Dan Morehead) - Duration: 1:03:30. Real Vision Finance 95,264 views In this video, we will start a new series - coding bitcoin wallet in python. Using python3 I am going through the implementation of BIP39 - deriving a mnemonic 24-word sentence from given entropy ... Single-Coin Wallets, z.B. das Bitcoin Core Wallet, verwenden meist nur BIP32, also eine lange Zeichenkette. Grundlagen: Die 24 Wörter Mnemonic (Wortliste mit 2048 Wörter) oder der BIP39 Standard. Domingão do Bitcão, Analise de Bitcoin e Criptomoedas AO VIVO Augusto Backes 189 watching Live now Blockchain tutorial 28: Bitcoin Improvement Proposal 39 (BIP-39) mnemonic words - Duration: 17:45.