[Cryptography] [ANNOUNCE] HashCash Digital Cash

Ashish Gulhati crypto at ashish.neomailbox.com
Thu Jun 22 17:34:18 EDT 2017 

I was just thinking about why I don’t often use BTC directly, normally 
preferring to use it via a Xapo account. Didn’t have to think long, and 
the answer makes a great illustration of the difference between BTC 
and [#] from a user’s perspective. 

So, here goes:

Steps to send a BTC payment securely using a Trezor:

- Get Trezor out of safe storage, Woe be you if you don’t have it handy. 
  You can’t send your payment. Game over.
- Find a micro USB cable to use. Woe be you if you don’t have one handy.
  You can’t send your payment. Game over.
- Connect Trezor to desktop or laptop computer (mobile phone won’t do, 
  so, y’know, woe be you if you can’t afford a computer or don’t have it 
  handy).
- Get address from payee (let’s assume payee has BTC wallet already 
  or this list will not terminate).
- Input receiver's address
- Visit some site to figure out what a good fee rate is today - woe be you
  if you didn’t know to do that, or if you get it wrong and your tx gets 
  stuck for days in mempool, or if you pay way too much because you 
  got bad info or interpreted it wrong. Also, if the site and your wallet
  give you wildly different fee suggestions, spend more time thinking
  which one to go with.
- Enter the payment amount and the fee amount
- Click send
- Get wallet passphrase from offline password list
- Type in wallet passphrase
- Get Trezor pin from offline password list
- Click in Trezor pin on onscreen numeric keypad - woe be you if you
  accidentally type it in instead, you just gave it away to keyloggers
  I’m an infosec geek and I've done this
- Confirm payment on Trezor - woe be you if malware changed the
  address and you don't double check it on the Trezor
- Confirm fee on Trezor - woe be you if malware changed the fee
  and you don't check it on the Trezor. Also I'm not sure if there’s any
  defense at all against malware altering the change address, which
  Trezor doesn't show you.
- Unplug Trezor, return to safe storage.
- Wait an hour or more for tx to be confirmed

And that's if everything goes smoothly. Woe be you if you run into
compatibility issues with your Trezor because you upgraded your
wallet, or if you misplace the Trezor, passphrase, or PIN. Or if 
ransomware encrypts your wallet. I may also have missed a step 
or two as I’m recalling the process from memory.

Also, woe be you if BTC splits into two chains and you’re left
scratching your head trying to figure out WTF just happened and
which chain to go with. You never heard of coins splitting themselves
before.

Also, woe be you if you sent a big payment and then BTC price
goes up 20%. You now waste more time thinking if maybe you 
should have used fiat for the payment and held on to your BTC for 
speculative bubble-riding like everyone else. 

(Yeah, you’ll have the last 2 problems with BTC-backed [#] as well, 
but not with gold-backed [#]).

Steps to send a [#] payment securely with offline wallet:

- Click Export
- Enter payment amount
- Click OK
- Optionally enter a passphrase to encrypt the coins with, click OK
- Scan QR code from offline wallet using mobile phone camera
- Send coins by SMS, whatsapp, whatever
- Optionally, send coin passphrase to payee via different medium
- Enjoy a 20 minute break in the time you just saved yourself by 
  not sending the payment with BTC

Also the Trezor is only useful for payments, but your Raspberry Pi
based offline [#] wallet device is also useful for secure, offline note,
password, and photo storage, Unsnoopable messaging, and as
a camera (and tons of other stuff), at a price similar to that of
a Trezor. It's useful enough to keep on you most of the time, along 
with your mobile phone, unlike a Trezor. 

Plus it also holds your coins and your wallet, so you don’t need 
those on another device where they could get locked up by 
ransomware. You don’t need a laptop or desktop computer at all. 
The only thing you need other than the offline wallet is any 
smartphone with a camera and any standard QR reader app. The
smartphone might be riddled with malware and it wouldn't matter. 
Coins are safe as long as they’re exported with encryption.

You really don’t even need to carry around the offline wallet device
if you prefer not to. You could just print out coins of various 
denominations and put those in your physical wallet like regular 
banknotes. When you want to make a payment, you pull out the 
appropriate denomination coins from your wallet, scan them into 
your phone and send by SMS or any other messaging system 
(or, in-person, just hand them to the payee).

Cheers

#!

More information about the cryptography mailing list