Posts

Showing posts from August, 2017

Are small transactions not economically feasible?

You can make small transactions using "banks" like Coinbase, Xapo and most cryptocurrency exchanges (they have account-to-account free transfer feature). You should trust these "banks" only for amounts you can afford to loss. Don't store most of your assets in "banks", be your own bank. It is similar to how the legacy financial system works - if you make bank-to-bank transfer you pay a fee. If you transfer between accounts within the same bank - this usually is free.

SMS is not a proper form of 2FA - use Google Authenticator instead

SMS text messages sent to your phone are not a valid form of 2FA since the hackers will just call your phone company claiming to be you and your phone was damaged. They get a replacement SIM, access everything linked to your phone.

There is no need to smash your computer after generating your Bitcoin keys/seeds

Image
No need of smashing, burning or even formatting if you are using some "Live" operating system like Ubuntu or Tails run from DVD (on computer with disconnected hard drive, SSD, flash drive).

Bitcoin exchange without KYC verification

Image
Many exchanges require KYC verification only if wire transfers are involved. If only crypto is traded (i.e. Litecoin => Bitcoin) there is no requirement for verification. Some exchanges also don't require KYC verification if e-money are used (like PerfectMoney, PaySafeCard, SolidTrust Pay). Also, there are many "e-money exchanges" that do not require verification if you use their services to trade e-money and/or cryptocurrency. Verification is usually required only when using insecure payment methods like PayPal or SWIFT/SEPA wire transfers (because banks require KYC verification). If you want reliable provider of debit card for withdrawing your Bitcoins at any ATM:

Do not use default options for the scrypt utility!

Here is example with more secure options: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt If you have several GB of free memory you can increase the memory usage several times. My tests confirm that the "-t" parameter is not working correctly - it takes less than 200 seconds to derive the key from your password. Archiving private keys - TLDR version

Archiving private keys - TLDR version

1. Use proper font when printing PGP encrypted keys on paper. 2. Flash memory (SSD, USB flash drives, hardware wallets) is less reliable when not powered regularly (i.e. every week). 3. Use error correction methods like Parchive and ZFS. 4. Print on paper or store on digital media only encrypted data. 5. Your encryption software should use CPU/RAM-intensive KDF (i.e. scrypt with secure options - do not use defaults!). 6. Avoid writing on the hard drive (some printers have too) non-encrypted keys. By default your OS writes all printed pages on your hard drive (and then "deletes" them non-securely). Use Live Linux system like Ubuntu Live or Tails (run from DVD or flash drive in read-only mode; with hard drive disconnected from your computer).

The 'regulated' exchange Bitstamp would not return your money if you raise red flags for being a terrorist and/or money launderer

I have done transfers before and everything went smooth until 15 days back, right after i did the transfer they sent me requesting details for the KYC process, they take one or two days to reply to me and within 6 days I have sent everything they requested. Now after they have everything, they do not reply to my inquiries, they did not provide any timeline or clarity on the process and why they did not mention it before. I did the transfer 2 weeks ago and today I have no clue what is the status. I find it fishy that they are doing this and is concerned about my money. What can I do?I have been through KYC before with a bank but it was very different, they simply send me a list of mandatory documents that I have to send, for bitstamp i am their customer for almost a year now and i did transfers before. I am not a day trader and do not have that big volume. They kept the KYC running for 14 days back and forth, there was a statement needed from a bank in my home country which i could not…

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Image
Flash memory is not a reliable medium for archives. Especially when there is no regular power. I have personal experience with usb flash drive not powered for weeks - one file became corrupted. You should always back up on paper and other mediums. Flash memory is prone to failure if it is not powered for weeks or more and if there are ionizing radiation When you write your precious private keys you should use technologies like Parchive and ZFS. And make several copies of your files. It's OK if you use your USB flash drive for another backup, but don't rely on it! Always back up on DVDs (even small files!), paper and online (after encryption with CPU and RAM intensive key derivative function like scrypt). Here is example of using the scrypt utility: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt Do not use default values of "-M" and "-t", they are weak! If you want to print your encrypted secret you can en…

FBI has your BTC-e password hash, 2FA codes and your public cryptocurrency addresses!

Image
FBI or another three-letter-agency can use this hash to find out your password and crack your account at another exchanges and websites! Also they have your e-mail address. You may consider changing it or securing it!They may try to crack it! Do not reuse your password! They may try to find your password using dictionary attack. This is why you should not use words from a dictionary. If BTC-e become operational again you have some chance to withdraw funds before FBI to crack the new BTC-e website! American three-letter-agencies cannot be trusted! Maybe NSA will try to steal from you. Or another American agency will three letters. Or another American agency (with less or more than 3 letters in their name). Also corrupt agents may sell the database. Like the agent that stole coins from Silk Road. They have access to list of your public cryptocurrency addresses. Do not reuse addresses! You should be scared now! It will be very hard for BTC-e to verify that genuine users are tryi…

You will lose your BCC if you try to withdraw BCC to a BCH address!

Image
Before trying to withdraw read carefully information provided by your exchange. Some symbols might be misleading. BCC is not Bitcoin Cash in some exchanges! Some exchanges use BCH for Bitcoin Cash, not BCC! I predict that there will be losses associated with this misunderstanding. Think before to deposit/withdraw! On YObit.net exchange BCC is used for two different cryptocurrencies!

Do you trust your hardware?

Image
Do you believe that your hard drive does not contain malware? I mean not what you maybe think. Malware can be installed on the hard drive's microcomputer. All hard drives contain another computer inside them - with his own processor, RAM, flash memory, etc. This computer have access to the main computer's RAM. Also your BIOS/UEFI may contain malware. Also your CPU contains entire computer (like hard drives). Search for "intel amt rootkit" for more info. Rootkit in your laptop: Hidden code in your chipset and how to discover what exactly it does [PDF] All anti-virus programs can not access and verify the memory of these separate computers, hidden inside your computer.Key phrases you may want to type into Google: hard drive firmware rootkit NSA hard drive firmware Intel AMT rootkit Intel ME rootkit BIOS UEFI malware BIOS UEFI rootkit Here is somewhat safe alternative, but this does not solve the problem with the CPU and the hard drives:

TedJonesWeb.blogspot.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com