Bounty: 1.5 Million DOGE for the first person to create an electrum equivalent for dogecoin.
Houston, we have a problem. The current dogechain over 1.4gb in size. This is incredibly bloated. As time goes on, the size of the blockchain will only continue to increase, making sync times longer. Long sync times are bad because they may scare off newcomers who may need to download for hours or days before using dogecoin. For obvious reasons, this is very bad. Bitcoin has solved this problem by creating electrum and multibit, which are wallets that stores the blockchain online, but the wallet data locally. This allows for very small wallet sizes, with all the security features of having a local wallet. We must do the same thing. We have therefore decided to offer millions of dogecoins for anyone that can create an electrum equivalent for dogecoin. If any shibes wants to help increase the size of this bounty, please donate to DMxCwo7qJphRVeC6pHcoDHaizk55pg6iNt . This address will only ever be used for the pot. Please do not tip me directly, because I need to keep track of money meant for me vs. money meant for pot. tl;dr: Wow. Downlod much difficult. Hueg fil. need fix 2 get 2 moon. Such payment 4 fix. Such gud 4 new shibe. Bark bark.
Current Pot Size: Zero. Bounty has been paid out. See this for history Note: I only control a portion of the total size of the pot. The rest are by individuals who have promised to give directly. Much Generous Shibes who have contributed to the Pot: Tuxedage, [-wolong-] (1m, give directly), thatslifeon (0.5m, give directly). tohaz (0.5m, GD) Shibe_Tabsa @ Teamdoge. mljsimone @ Hashdogs, Keebler64 , McPingvin, TheDoctor , need4doge , ummjackson, Faxon, UltraHR, UnsureSherlock, cpt_merica Please message me with your name and donation amount if you want to get on this list.
IMPORTANT ANNOUNCEMENTS -- If you are working on this project, please check here for important updates every few days
1: I see a lot of people tipping. I've already said this once, but I'll say it again. Please don't tip if your intention is to add to the pot. Send directly. I bear no responsibility if your funds are misplaced or accidentally lost.
2: I am now aware that an android wallet exists. Although I thought it was obvious from context, let me reaffirm this: I would like a wallet that works on Windows/Mac/Linux, and has an easy to use installer, rather than necessitating some kind of android emulator to port it over to a computer. It must be newbie friendly.
4: 15th of February is the final deadline for wallet entree submissions. Please message me with FULL DETAILS (including name, download information, website, user guide, other info, and so on) of your wallet to submit. Users will then get 1 week to try out different wallets and form an opinion of them. A week later, I will open up a poll for voting on which wallet is the best. Whichever wallet gets the most votes will obtain the prizepool. About 400k of the pot will be reserved for consolidation prizes, to be distributed at discretion. (So that shibes who didn't win won't feel sad).
If you do not see your name or entree on here within 48 hours of messaging me, please message me again until I add it. Final Update: Given the incredibly close results of the poll, the Developers and I have privately discussed how best to distribute the bounty. They have mutually agreed to a 50-50 split. The bounty has been paid out. Cheers. People who have pledged to directly donate to the developers, please message me. Thank you
This is my handout for paranoid people who want a way to store bitcoin safely. It requires a little work, but this is the method I use because it should be resistant to risks associated with:
Bad random number generators
Malicious or flawed software
If you want a method that is less secure but easier, skip to the bottom of this post. The Secure Method
Download bitaddress.org. (Try going to the website and pressing "ctrl+s")
Put the bitaddress.org file on a computer with an operating system that has not interacted with the internet much or at all. The computer should not be hooked up to the internet when you do this. You could put the bitaddress file on a USB stick, and then turn off your computer, unplug the internet, and boot it up using a boot-from-CD copy of linux (Ubuntu or Mint for example). This prevents any mal-ware you may have accumulated from running and capturing your keystrokes. I use an old android smart phone that I have done a factory reset on. It has no sim-card and does not have the password to my home wifi. Also the phone wifi is turned off. If you are using a fresh operating system, and do not have a connection to the internet, then your private key will probably not escape the computer.
Roll a die 62 times and write down the sequence of numbers. This gives you 2160 possible outcomes, which is the maximum that Bitcoin supports.
Run bitaddress.org from your offline computer. Input the sequence of numbers from the die rolls into the "Brain Wallet" tab. By providing your own source of randomness, you do not have to worry that the random number generator used by your computer is too weak. I'm looking at you, NSA ಠ_ಠ
Brain Wallet tab creates a private key and address.
Write down the address and private key by hand or print them on a dumb printer. (Dumb printer means not the one at your office with the hard drive. Maybe not the 4 in 1 printer that scans and faxes and makes waffles.) If you hand copy them you may want to hand copy more than one format. (WIF and HEX). If you are crazy and are storing your life savings in Bitcoin, and you hand copy the private key, do a double-check by typing the private key back into the tool on the "Wallet Details" tab and confirm that it recreates the same public address.
Load your paper wallet by sending your bitcoin to the public address. You can do this as many times as you like.
You can view the current balance of your paper wallet by typing the public address into the search box at blockchain.info
If you are using an old cell phone or tablet do a factory reset when you are finished so that the memory of the private keys is destroyed. If you are using a computer with a boot-from-CD copy of linux, I think you can just power down the computer and the private keys will be gone. (Maybe someone can confirm for me that the private keys would not be able to be cached by bitaddress?)
To spend your paper wallet, you will need to either create an offline transaction, or import the private key into a hot wallet. Creating an offline transaction is dangerous if you don't know what you are doing. Importing to a client side wallet like Bitcoin-Qt, Electrum, MultiBit or Armory is a good idea. You can also import to an online wallet such as Blockchain.info or Coinbase.
Trusting bitaddress.org The only thing you need bitaddress.org to do is to honestly convert the brainwallet passphrase into the corresponding private key and address. You can verify that it is doing this honestly by running several test passphrases through the copy of bitaddress that you plan on using, and several other brainwallet generators. For example, you could use the online version of bitaddress, and brainwallet and safepaperwallet and bitcoinpaperwallet. If you are fancy with the linux command line, you can also try "echo -n my_die_rolls | sha256sum". The linux operating system should reply with the same private key that bitaddress makes. This protects you from a malicious paper wallet generator. Trusting your copy of bitaddress.org Bitaddress publishes the sha1 hash of the bitaddress.org website at this location: https://www.bitaddress.org/pgpsignedmsg.txt The message is signed by the creator, pointbiz. I found his PGP fingerprint here: https://github.com/pointbiz/bitaddress.org/issues/18 "527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A" With this fingerprint, you can authenticate the signed message, which gives you the hash of the current bitaddress.org file. Then you can hash your copy of the file and authenticate the file. I do not have a way to authenticate the fingerprint itself, sorry. According to the website I linked to, git has cryptographic traceability that would enable a person to do some research and authenticate the fingerprint. If you want to go that far, knock yourself out. I think that the techniques described in this document do not really rely on bitaddress being un-corrupt. Anyway, how do we know pointbiz is a good guy? ;-) There are a lot of skilled eyes watching bitaddress.org and the signed sha1 hash. To gain the most benefit from all of those eyes, it's probably worthwhile to check your copy by hashing it and comparing to the published hash. "But we aren't supposed to use brainwallets" You are not supposed to use brainwallets that have predictable passphrases. People think they are pretty clever about how they pick their passphrases, but a lot of bitcoins have been stolen because people tend to come up with similar ideas. If you let dice generate the passphrase, then it is totally random, and you just need to make sure to roll enough times. How to avoid spending your life rolling dice When I first started doing this, I rolled a die 62 times for each private key. This is not necessary. You can simply roll the die 62 times and keep the sequence of 62 numbers as a "seed". The first paper address you create would use "my die rolls-1" as the passphrase, the second would be "my die rolls-2" and so on. This is safe because SHA256 prevents any computable relationship between the resulting private key family. Of course this has a certain bad security scenario -- if anyone obtains the seed they can reconstruct all of your paper wallets. So this is not for everyone! On the other hand, it also means that if you happen to lose one of your paper wallets, you could reconstruct it so long as you still had the seed. One way to reduce this risk is to add an easy to remember password like this: "my die rolls-password-1". If you prefer, you can use a technique called diceware to convert your die rolls to words that still contain the same quantity of entropy, but which could be easier to work with. I don't use diceware because it's another piece of software that I have to trust, and I'm just copy/pasting my high entropy seed, so I don't care about how ugly it is. Why not input the dice as a Base 6 private key on the Wallet Details tab? Two reasons. First of all, this option requires that you roll the die 99 times, but you do not get meaningful additional protection by rolling more than 62 times. Why roll more times if you don't have to? Second, I use the "high entropy seed" method to generate multiple private keys from the same die rolls. Using the Base 6 option would require rolling 99 times for every private key. I'm a big nerd with exotic dice. How many times to roll? Put this formula in Excel to get the number of times to roll: "=160*LOG(2,f)" where f = number of faces on the die. For example, you would roll a d16 40 times. By the way, somewhat unbelievably casino dice are more fair than ordinary dice The "Change address" problem: You should understand change addresses because some people have accidentally lost money by not understanding it. Imagine your paper wallet is a 10 dollar bill. You use it to buy a candy bar. To do this you give the cashier the entire 10 dollar bill. They keep 1 dollar and give you 9 dollars back as change. With Bitcoin, you have to explicitly say that you want 9 dollars back, and you have to provide an address where it should go to. If you just hand over the 10 dollar bill, and don't say you want 9 dollars back, then the miner who processes the transaction gives 1 dollar to the store and keeps the remainder themselves. Wallet software like Bitcoin-Qt handles this automatically for you. They automatically make "change addresses" and they automatically construct transactions that make the change go to the change address. There are three ways I know of that the change problem can bite you:
You generate a raw transaction by hand, and screw up. If you are generating a transaction "by hand" with a raw transaction editor, you need to be extra careful that your outputs add up to the same number as your inputs. Otherwise, the very lucky miner who puts your transaction in a block will keep the difference.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the paper wallet. The change is not in the paper wallet. It is in a change address that the wallet software generated. That means that if you lose your wallet.dat file you will lose all the change. The paper wallet is empty.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the change address that the wallet software generated. If the transaction did not need to consume all of the "outputs" used to fund the paper wallet, then there could be some unspent outputs still located at the address of the paper wallet. If you destroyed the paper wallet, and destroyed the copy of the private key imported to the wallet software, then you could not access this money. (E.g. if you restored the software wallet from its seed, thinking all of the money was moved to the wallet-generated change addresses.)
For more on this, see here The hot paper wallet problem Your bitcoin in your paper wallet are secure, so long as the piece of paper is secure, until you go to spend it. When you spend it, you put the private key onto a computer that is connected to the internet. At this point you must regard your paper wallet address as hot because the computer you used may have been compromised. It now provides much less protection against theft of your coins. If you need the level of protection that a cold paper wallet provides, you need to create a new one and send your coins to it. Destroying your paper wallet address Do not destroy the only copy of a private key without verifying that there is no money at that address. Your client may have sent change to your paper wallet address without you realizing it. Your client may have not consumed all of the unspent outputs available at the paper wallet address. You can go to blockchain.info and type the public address into the search window to see the current balance. I don't bother destroying my used/empty paper wallet addresses. I just file them away. Encrypting your private key BIP 0038 describes a standardized way to encrypt your paper wallet private key. A normal paper wallet is vulnerable because if anyone sees the private key they can take the coins. The BIP38 protocol is even resistant to brute force attacks because it uses a memory intensive encryption algorithm called scrypt. If you want to encrypt your wallets using BIP38, I recommend that you use bitcoinpaperwallet because they will let you type in your own private key and will encrypt it for you. As with bitaddress, for high security you should only use a local copy of this website on a computer that will never get connected to the internet. Splitting your private key Another option for protecting the private key is to convert it into multiple fragments that must be brought together. This method allows you to store pieces of your key with separate people in separate locations. It can be set up so that you can reconstitute the private key when you have any 2 out of the 3 fragments. This technique is called Shamir's Secret Sharing. I have not tried this technique, but you may find it valuable. You could try using this website http://passguardian.com/ which will help you split up a key. As before, you should do this on an offline computer. Keep in mind if you use this service that you are trusting it to work properly. It would be good to find other independently created tools that could be used to validate the operation of passguardian. Personally, I would be nervous destroying the only copy of a private key and relying entirely on the fragments generated by the website. Looks like Bitaddress has an implementation of Shamir's Secret Sharing now under the "Split Wallet" tab. However it would appear that you cannot provide your own key for this, so you would have to trust bitaddress. Durable Media Pay attention to the media you use to record your paper wallet. Some kinds of ink fade, some kinds of paper disintegrate. Moisture and heat are your enemies. In addition to keeping copies of my paper wallet addresses I did the following:
Order a set of numeric metal stamps. ($10)
Buy a square galvanized steel outlet cover from the hardware store ($1)
Buy a sledgehammer from the hardware store
Write the die rolls on the steel plate using a sharpie
Use the hammer to stamp the metal. Do all the 1's, then all the 2's etc. Please use eye protection, as metal stamp may emit sparks or fly unexpectedly across the garage. :-)
Use nail polish remover to erase the sharpie
Electrum If you trust electrum you might try running it on an offline computer, and having it generate a series of private keys from a seed. I don't have experience with this software, but it sounds like there are some slick possibilities there that could save you time if you are working with a lot of addresses. Message to the downvoters I would appreciate it if you would comment, so that I can learn from your opinion. Thanks! The Easy Method This method is probably suitable for small quantities of bitcoin. I would not trust it for life-altering sums of money.
Download the bitaddress.org website to your hard drive.
Close your browser
Disconnect from the internet
Open the bitaddress.org website from your hard drive.
Hello! Welcome to our awesome /Dogecoin community! Here you can find very useful information about Dogecoin, Cryptocurrency and more! Let's start from the beginning. What is cryptocurrency? Probably you know Bitcoin, Litecoin, and Dogecoin they are cryptocurrencies. Cryptocurrency is a blockchain-based digital asset that uses cryptography to secure its transactions. How to start? Here is a list of things:
Wallet Why? You need to store your dogecoins somewhere. Types of wallets:
Paper wallets - Easy setup, secure, you are the owner of the wallet
Light wallet - Easy setup, secure, you are the owner of the wallet, Require PC/servephone, NOT RECOMMENDED
Core wallet - Hard setup, secure, you are the owner of the wallet, Require Good PC/ VPS, you are the owner RECOMMENDED
Cloud wallet - Easy setup, not secure, you aren't the owner of the wallet.
I need to set up linux server for web service that could generate bitcoin addresses and check the balance on them, etc (basically, receive payments in BTC). And I do not want to use third-party online wallets and services. Original bitcoind client is too large now, you need almost 30 GB just to store blockchain files, and that'd be pretty expensive even for VPS. Are there any thin command-line (or with API, JSON or other) linux clients for this purpose? Electrum is GUI-based, Multibit too.
Are we overlooking pgp verification of wallet installation files?
I am curious how many people use pgp to verify the new version of their favorite wallet software every time a new version comes out? To me it seems like pgp verification isn't taken very seriously. Most, but not all vendors will put out new pgp signature files with each new release however if you are relatively unaware of security this could mean you are unknowingly missing a very important step. Importing the authors pgp key, downloading the associated signature file and then verifying the executable isn't very obvious to those who aren't security savvy. However it is an obvious security hole and a potential honeypot for anyone looking for some easy coin. One thing I find disturbing is how few of the major wallet developers put any significant effort into educating their users on the first step of securing their hot wallet. Multibit and armory are the only two clients I know of that give any information on pgp verification, but even multibit misses this important step on their "How to install" page. Electrum doesn't even provide a signature file for their linux version instead providing a hyperlink with an md5 hash appended to it. Bitcoin-qt from what I can tell only provides sha256 hashes of their files with zero instruction on how to use them. To me it seems like the pgp step of securing a wallet is looked at as the boring minor tidbit that you have to have that nobody really wants to put time into resulting in most vendors throwing up some hashes/signatures with little to no information on how to use them. I think that all vendors should have a section with instructions on how to verify their software, put this as the second step in getting started with their software right after the download step and make sure to provide pgp signatures for each installer package and not just hashes. For me, not being a security expert, I feel much safer verifying a pgp signature vs checking that a hash matches. With bitcoins being targeted on a daily basis through incredibly creative means this seems to me like a giant gaping hole that could be fought with a very small amount of education. Just a thought. Edit: because I suck at the grammarEdit: after digging around I found the electrum signature files for linux. There is no direct link to the page from their website but they can be found here: http://download.electrum.org/
GPG instructions and public key list for verifying Bitcoin clients.
I have noticed their is a growing problem of fake bitcoin clients, and I expect the frequency and elaboratness of these fake clients to increase. Verifying the signatures for these clients will detect if you are receiving anything other than what the signer the of the software signed. The exception to this is if the attacker acquires the signer's private key, which should be a lot more difficult than tricking users to visit the wrong site or hacking servers. This can also be addressed by using multiple signatures per client. An important part of this process is acquiring the public keys for the sofware signers in a secure manner. To help with this I have included a signed list of fingerprints and where to acquire the public keys to act as another source to verify the keys used to sign bitcoin clients. I have also included instructions for verifying the fingerprint list and bitcoin clients. To deal with the issue that posts and comments on Reddit can be easily modified I suggest other users (especially well known ones) post a signature of the fingerprint list in a comment in this thread, or at least a hash of the fingerprint list (not as secure but still better than nothing). List of Fingerprints: +++ Bitcoin-Qt: Signer: Gavin Andresen (CODE SIGNING KEY) [email protected] Fingerprint: 2664 6D99 CBAE C9B8 1982 EF60 29D9 EE6B 1FC7 30C1 Key ID: 1FC730C1 Key Link: bitcoin.org/gavinandresen.asc Electrum: Signer: ThomasV [email protected] Fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 Key ID: 7F9470E6 Keyserver: pool.sks-keyservers.net Signer: Animazing [email protected] Fingerprint: 9914 864D FC33 499C 6CA2 BEEA 2245 3004 6955 06FD Key ID: 695506FD Keyserver: pool.sks-keyservers.net Multibit: Signer: Jim Burton (multibit.org developer) [email protected] Fingerprint: 299C 423C 672F 47F4 756A 6BA4 C197 2AED 79F7 C572 Key ID: 79F7C572 Keyserver: pgp.mit.edu Armory: Signer: Alan C. Reiner (Offline Signing Key) [email protected] Fingerprint: 821F 1229 36BD D565 366A C36A 4AB1 6AEA 9883 2223 Key ID: 98832223 Keyserver: pgp.mit.edu +++ My Key:
Hashes for fingerprint list: SHA-256: 7A6B9841 355B1127 E5639A9D 7040D81C F395D382 884376C2 31829C63 6FCF1B80 SHA-512: 04A49A60 A1645479 ED0B3CE9 AE32E156 E9768CC2 0D4EF393 814162BE BFA6FAF5 6C520769 C654467F 6B61EBD4 4A5A5C93 9DF81B7D AA468A50 2DD7FFF3 F637A49C Verifying the fingerprint list: Save fingerprint list, from the first plus to the last plus, to a text file called fingerprints.txt Next save my key to a file called dcc4e.asc and my signature to a file called fingerprints.txt.asc In terminal or command line run:
I've been using the Satoshi client on OSX for a couple years now for my main wallet, aka long term storage. However lately, it's become an enormous pain in the ass. Any time I have to close the client, when I reopen it there's some "corruption" somewhere and I have to re-index the entire blockchain, which takes 2-3 days. I'm getting tired of it, and help does not seem to be on the way. That said, I'm wondering how safe or trustworthy alternative clients are. I know Armory requires a functional Qt client, so that' out, but I Multibit and Electrum are recommended by Bitcoin.org. Other than not being a "full node" and having to trust the blockchain I'm connecting too, are there any other security concerns with running multibit? Can I install and copy my wallet.dat file with it? (I know from some usage on Linux that Electrum works differently)
MultiBit is a bitcoin wallet for your desktop. It’s available for Windows, Mac, and Linux. Find out how the software works today in our MultiBit review. What Is MultiBit? MultiBit, found online at MultiBit.org, is a bitcoin wallet for desktop operating systems like Windows, Mac OS, and Linux. The wallet promises to offer easy setups, a straightforward UI, and KeepKey support. A Linux distribution designed to securely handle bitcoin wallets. BTC Vault is based on Slax and thus contains a full Linux installation including the KDE desktop environment and the Firefox webbrowser. Also, BTC Vault includes the Electrum bitcoin client and the MultiBit bitcoin client that you can use to manage your coins. Bitcoin client has to continuously synchronize itself with the entire network. The different types of Bitcoin client are Full client: It is also called as a full node. In the early days, even a basic laptop could run a full client. Today full clients are run on specialized hardware. It takes about 2 days to sync with the Continue reading >> The all-new ShapeShift is your complete crypto management platform: send, receive, trade, track, and hodl bitcoin and other major cryptos. Hardware-secured. Non-custodial. Sign up today. MultiBit is a lightweight "thin client" Bitcoin wallet for Windows, MacOS and Linux based on bitcoinj. Its main advantages over the original Bitcoin client include support for opening multiple wallets simultaneously, ... How to Create a Bitcoin Wallet with MultiBit;
Install Kadu 1.5 ( Gadu-Gadu Instant Messenger Client) for Linux Mint by linuxforever. 3:01. ... Get Bitcoin Wallet In Linux Mint ( Ubuntu ), No Installation Required by linuxforever. In this video, I talk about a much asked question, which wallet should I get the bitcoin.org multibit or the bitcoin core version? Well my friend in this video I will explain just that and cover ... To follow this part of the tutorial you'll need any copy of linux. (either on virtualbox/vmware or on a physical computer/raspberrypi) If you found this video helpful, please donate to my bitcoin ... In this tutorial I will show how to set up a portable version of the bitcoin core client using window 7. This method allows you to store a full client on a usb drive as well as provides a easy way ... If you're new to Ubuntu and Linux, here's a beginner's guide to installing the newest version of the Armory wallet software along with the newest version of the underlying Bitcoin Core daemon. For ...