[Cryptography] [ANNOUNCE] HashCash Digital Cash
Ashish Gulhati
crypto at ashish.neomailbox.com
Thu Jun 22 17:34:18 EDT 2017
I was just thinking about why I don’t often use BTC directly, normally
preferring to use it via a Xapo account. Didn’t have to think long, and
the answer makes a great illustration of the difference between BTC
and [#] from a user’s perspective.
So, here goes:
Steps to send a BTC payment securely using a Trezor:
- Get Trezor out of safe storage, Woe be you if you don’t have it handy.
You can’t send your payment. Game over.
- Find a micro USB cable to use. Woe be you if you don’t have one handy.
You can’t send your payment. Game over.
- Connect Trezor to desktop or laptop computer (mobile phone won’t do,
so, y’know, woe be you if you can’t afford a computer or don’t have it
handy).
- Get address from payee (let’s assume payee has BTC wallet already
or this list will not terminate).
- Input receiver's address
- Visit some site to figure out what a good fee rate is today - woe be you
if you didn’t know to do that, or if you get it wrong and your tx gets
stuck for days in mempool, or if you pay way too much because you
got bad info or interpreted it wrong. Also, if the site and your wallet
give you wildly different fee suggestions, spend more time thinking
which one to go with.
- Enter the payment amount and the fee amount
- Click send
- Get wallet passphrase from offline password list
- Type in wallet passphrase
- Get Trezor pin from offline password list
- Click in Trezor pin on onscreen numeric keypad - woe be you if you
accidentally type it in instead, you just gave it away to keyloggers
I’m an infosec geek and I've done this
- Confirm payment on Trezor - woe be you if malware changed the
address and you don't double check it on the Trezor
- Confirm fee on Trezor - woe be you if malware changed the fee
and you don't check it on the Trezor. Also I'm not sure if there’s any
defense at all against malware altering the change address, which
Trezor doesn't show you.
- Unplug Trezor, return to safe storage.
- Wait an hour or more for tx to be confirmed
And that's if everything goes smoothly. Woe be you if you run into
compatibility issues with your Trezor because you upgraded your
wallet, or if you misplace the Trezor, passphrase, or PIN. Or if
ransomware encrypts your wallet. I may also have missed a step
or two as I’m recalling the process from memory.
Also, woe be you if BTC splits into two chains and you’re left
scratching your head trying to figure out WTF just happened and
which chain to go with. You never heard of coins splitting themselves
before.
Also, woe be you if you sent a big payment and then BTC price
goes up 20%. You now waste more time thinking if maybe you
should have used fiat for the payment and held on to your BTC for
speculative bubble-riding like everyone else.
(Yeah, you’ll have the last 2 problems with BTC-backed [#] as well,
but not with gold-backed [#]).
Steps to send a [#] payment securely with offline wallet:
- Click Export
- Enter payment amount
- Click OK
- Optionally enter a passphrase to encrypt the coins with, click OK
- Scan QR code from offline wallet using mobile phone camera
- Send coins by SMS, whatsapp, whatever
- Optionally, send coin passphrase to payee via different medium
- Enjoy a 20 minute break in the time you just saved yourself by
not sending the payment with BTC
Also the Trezor is only useful for payments, but your Raspberry Pi
based offline [#] wallet device is also useful for secure, offline note,
password, and photo storage, Unsnoopable messaging, and as
a camera (and tons of other stuff), at a price similar to that of
a Trezor. It's useful enough to keep on you most of the time, along
with your mobile phone, unlike a Trezor.
Plus it also holds your coins and your wallet, so you don’t need
those on another device where they could get locked up by
ransomware. You don’t need a laptop or desktop computer at all.
The only thing you need other than the offline wallet is any
smartphone with a camera and any standard QR reader app. The
smartphone might be riddled with malware and it wouldn't matter.
Coins are safe as long as they’re exported with encryption.
You really don’t even need to carry around the offline wallet device
if you prefer not to. You could just print out coins of various
denominations and put those in your physical wallet like regular
banknotes. When you want to make a payment, you pull out the
appropriate denomination coins from your wallet, scan them into
your phone and send by SMS or any other messaging system
(or, in-person, just hand them to the payee).
Cheers
#!
More information about the cryptography
mailing list