1/ This article enumerates the inefficacy of modern wallet solutions (and why I recently wrote a three-part series titled, 'Why You Don't Need a Hardware Wallet' <-- being released today in an hour or so).
2/ If you read the quoted tweet above and thought to yourself, 'Wait a minute, I thought that Bitcoin & blockchain were supposed to be unhackable!', then you're on the right track.
Its more so that the *cryptography* used for Bitcoin cannot be reasonably cracked.
3/ However, these cryptographic primitives (i.e., ecdsa) are only as strong as their implementation and only as secure as their execution environment.
The idea of encrypting 'wallet.dat' files (a default standard for $BTC by Core), is unnecessarily dumb & unnecessary.
4/ Here is a 'StackExchange' response that breaks down how to actually change the contents of something that's been encrypted
at this point in time.
source = crypto.stackexchange.com/questions/8578…
5/ Anyone can correct me if I'm wrong...but it appears that the hash (SHA-512) in unsalted? (not seeing anything about a KDF here in these specifications).
5a/ This + encrypted master key being stored in memory (yielding cipher txt) & encryption being done with a non-random input [i.e., a user-generated password], which leads me to believe that rainbow tables / dictionary attacks would be viable here
6/ I'm not sure why the Keybase wallet version of BIP38 has not been adopted for use as a standard by modern Bitcoin wallets.
BIP38 specifications are a step in the right direction, but ultimately suffer from the same inherent weakness ... stealable private keys
7/ Keybase's warp wallet (influenced by the 'MemWallet'), simply utilized the concept of 'Brainwallets' (without some of the more asinine, generalized assumptions included within the Bitcoin Wiki; link = en.bitcoin.it/wiki/Brainwall…)
This *does not mean use mnemonics*
8/ Conversely, Keybase(.)io created the 'warp wallet', which utilizes 'Scrypt', a memory-hard hash function [i.e., they actually introduce a KDF into the equation].
9/ The effectiveness of this solution vs. the 'brainwallet' outlined via BIP38 (in the specs + Bitcoin Wiki) derives from Keybase taking advantage of the deterministic property of Bitcoin wallet generation (secp256k1) with same *seed*
10/ Net result is that Keybase was able to create a Bitcoin wallet with only 8 characters (only number & letters, no symbols), with 20 bitcoins up for grabs (since 2016) --- they have yet to be stolen
11/ Notably, the Vice article that is linked in the quoted tweet (at the top of this thread), insists that the wallet in question with $690M+ in it was being passed in hacker circles; so there's no reason to believe that this simplistic PW by the Keybase wallet wouldn't as well
12/ Guess that's the conclusion of this thread / rant on ineffective (unnecessary) wallet 'solutions' that persist in lieu of *much better alternatives* that have been proposed and shelled out (and are still available as an open source solution).
• • •
Missing some Tweet in this thread? You can try to
force a refresh
1/ Once upon a time, CZ promised us that he would never list 'shitcoins'.
Not even if they "pay 400 or 4,000 BTC".
He forgot to mention (about the coins that he did list on his exchange "without fee", that he has extensive ties with each project's community)
2/ $NEO was probably listed because of @cz_binance's relationship with Da Hongfei (head of NGC Capital whom is also a seed investor in Binance); these guys go way back - maybe that's why @binance tends to list *almost all* of Da Hongfei's projects.
2a/ Attached, we can see Da Hongfei listed as one of the seed investors in Binance (source: Binance exchange whitepaper ; not the exchange token, but the actual exchange itself)
2/ The fact that Ethereum has an account-based transaction system (vs. UTXO) means that all Ethereum wallets must have an incrementally increasing 'nonce' value; the downside here is that this requires one to 'sync' with a node / API running *somewhere* on planet earth
3/ More so to that API point that I made above, the disadvantage here for Ethereum users (in comparison to Bitcoin; don't worry I'll bring up an advanage).
Metamask users, for instance, have their wallets pointed at Infura(.)io's API endpoint.
1/ Since nobody has mentioned this, figured it should be said here : "JPCoin" / J.P. Morgan's digitized bank note (which is essentially what it is), completely fried Ripple's supposed value offering as a blockchain.
2/ For years, @Ripple has fed us all the narrative that their token $XRP will one day become the *dominant* solution for cross-border payments by financial institutions.
3/ They espoused the same logic in one of their recent blog posts (published September 2020), titled, 'Why Real-Time Cross-Border Payments Are Poised To Breakthrough'
1/ Recently we decided to look at $USDT / #Tether - an entity that consistently outdoes itself with the level of rampant fraud that perpetrated by them in the blockchain space.
2/ Specifically, we want to look at the troubling number of Tether tokens that have been 'minted' over the past two months.
Specifically, from mid-April to mid-May (just one month) - over *3 billion tokens were minted*.
2a/ Perhaps even more troubling is the fact that over one 24-48 hours span, we saw the supply for USDT increase by 2.5 billion.
1/ After looking deeper into this issue, there is *enormous cause for concern* as the entity in question on the Bitcoin Cash blockchain essentially has full control over the chain at this point in time. (thread)
1/ We decided to waste no time in heading directly to the documentation of Hedera Hashgraph - found here: docs.hedera.com/docs/
Specifically, we're going to look at 'key generation'
Ed25519 > secp256k1 (ECDSA) [what Bitcoin uses]
2/ Providing an eclectic range of signatures is somewhat worrisome because the biggest source of compromise among users as it pertains to key generation using these signatures is user error / incorrect implementation.