security Archives -
ON TODAY’S SHOW Cardi B & Offset: The Shocking Breakup Kim Kardashian: Absolutely Swarmed By Fans Jessica Simpson Calls Out Natalie Portman Justin Bieber & Hailey Baldwin Get Cute
It pays to protect Tekashi69 – especially these days — ’cause he spared NO expense when it came to hiring muscle to cover his ass in La La Land … TMZ has learned. Tekashi hired a small army from 2 different security companies during…
On Nov. 20, the Bitcoin Cash developer Awemany announced the first code proposal for a concept called Zero-Confirmation Forfeits (ZCF), a protocol that adds a layer of security to zero-confirmation transactions. The ZCF mechanism allows faster payments and is designed to reduce the risks involved with double-spend attacks.
For a while now the Bitcoin Cash community has bolstered the idea of zero-confirmation transactions, but proponents have also discussed the security issues involved with them. Just recently Awemany proposed the idea of ZCFs so people can test the possibilities of shielding transactions against double-spend attacks.
Awemany is the anonymous BCH developer who found the bug in the Bitcoin Core (BTC) client just a few weeks ago. Zero-confirmation transactions are basically transactions that have been broadcast to the network and are sitting in the mempool (transaction queue), but can still be accepted by users or merchants. Traditionally, services have had to wait for a single confirmation (or more), which means a transaction must be forged into the public ledger before settlement. The ZCF scheme proposed by Awemany involves using the new opcodes that were added to the code on Nov. 15. By using these opcodes, users can add a “forfeit to the transaction in an automated way” by adding a layer of security to the zero-confirmation transaction.
— BitcoinUnlimited (@BitcoinUnlimit) November 20, 2018
The Code Is Ready for Testnet Experimentation
and Miniscule Amounts of BCH
After discussing the idea at the Satoshi’s Vision conference on Nov. 20, Awemany released the preliminary code in order to execute ZCFs with the Electron Cash wallet. The developer stated that the mechanism can be used as a testing ground for developing the concept further and act as a possible reference implementation, so specifications can be added later. The proposal emphasized that the developer enjoys a “bottom-up approach of first writing code and then writing a specification that matches the code and all the pitfalls that were encountered writing it.” Right now the developer states there are four ZCF protocol schemes that work.
Awemany’s new protocol includes:
- Transactions that can be generated with a forfeit output. The forfeit output is currently set to 1.0 from the send transaction amount.
- Receiving transactions and extracting the forfeit amount, by checking for enough
- Display of forfeits in the transaction dialogue, history list tab and addresses tab
- Spending forward of the forfeits by assembling the right inputs to the P2SH forfeit contract
BCH Proponents Excited About
the Zero-Confirmation Solution
The developer has also explained that there are still bugs to iron out and the code needs a lot more polish. “Sometimes the value parser seems to miss the forfeits,” he explained. After sharing the code, he strongly emphasized that it “is by no means production ready.” However, programmers can experiment with the protocol using testnet or by using the main chain with a very small fraction of BCH.
The BCH community on Reddit has shown excitement toward the improvement of the concept and has congratulated the developer on the subreddit r/btc. Awemany seems pleased with the response and has since discussed the project further on the forum. He said there is still a lot to do in order for it to be more reliable for Electron Cash and other wallets. For example, the ZCF mechanism would be very “interesting for vending machines,” he explained. The BCH developer listed the work that still needs to go into the protocol and noted that any help would be “very much appreciated.”
What do you think about Awemany’s ZCF mechanism for zero-confirmation transactions? Let us know what you think about this subject in the comments section below.
Images via Shutterstock, Pixabay, and Jamie Redman.
At news.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.
The post Zero-Confirmation Forfeits: Adding Security to Unconfirmed BCH Transactions appeared first on Bitcoin News.
Vice President Mike Pence and Chinese President Xi Jinping presented conflicting visions for trade and security in the Asia-Pacific, as the U.S. and China vie for influence.
WSJ.com: What’s News Asia
Kanye West was deeply moved by the story of a Chicago security guard who was murdered by the cops after he subdued a gunman … and has stepped up big time to help his family. West heard the story of Jemel Roberson — who was gunned down by police…
2018 was meant to be the year of security tokens. The number of projects seeking to launch security token offerings (STOs) would mushroom, we were told, and a string of accredited trading venues would emerge where these instruments could be exchanged. The release of two new reports into the STO market provides an opportunity to reflect on whether security tokens have lived up to the hype.
The Quest to Securitize the World
When the utility token craze took off in 2017, raising billions of dollars through initial coin offerings (ICOs), skeptics predicted that the mania couldn’t last. Many of these so-called utility tokens, it was claimed, were actually securities, and it was only a matter of time until a lettered agency such as the U.S. Securities and Exchange Commission stepped in to call a halt to proceedings. In the event, the demise of the utility token has had less to do with enforcement, and more to do with market conditions that have made it virtually impossible for ICOs to raise funds. A string of underperforming ICOs, including several that were outright scams and others that simply failed to deliver, have blunted public appetite for this fundraising mechanism.
STOs have the potential to overcome several of the drawbacks to ICOs, including the regulatory uncertainty. Because security tokens represent a claim to an asset, such as equity, investors have a degree of reassurance that, in the event of the project faltering, they will have legal redress. This contrasts with utility tokens, which are sold on the understanding that they may be worth nothing and that holders have zero claim to any sort of assets. Two new reports from Hashgard and ICOrating.com provide an insight into the health of the nascent security token market.
STOs See Modest Growth in Q3
ICOrating.com reports that STOs saw a steady increase in interest during Q2 and Q3 of 2018. The share of projects offering a security token increased by a slender 1.66 percent in Q3 over the previous quarter, while the number of projects offering utility tokens decreased by 10 percent. One impediment to projects seeking to launch an STO is a shortage of platforms that are capable of listing their token. Until traditional cryptocurrency exchanges, including a number of Malta-based entities, receive approval to sell securities to accredited investors, a handful of platforms will hold sway.
Leading security trading platforms and frameworks include Tzero, Polymath, Swarm, Harbor, Securitize and Securrency. Different exchanges often use different token standards to facilitate the trading of security tokens. In the case of Polymath, for instance, it’s the ST20 protocol for Ethereum-based tokens. Startengine, meanwhile, has introduced its own ERC1450 standard for digital stock certificates. “To date, we have issued ERC1450 tokens to all 3,500 Startengine shareholders, and there are 165 more eligible companies that use Startengine Secure and are expected to be listed on the ERC1450 smart contract,” explained CEO Howard Marks.
2019 — the Real Year of Security Tokens?
Significant progress has been made over the last 10 months in developing security token standards, trading platforms, and obtaining regulatory approval. In terms of capital raised, however, STOs have yet to make any major headway. Singapore’s Blockchain Capital raised $ 10 million via STO, while other security token projects include high-tech investment fund Spice VC and incubator fund Science Blockchain. Many other aspiring STO projects are still waiting patiently for the SEC to approve their Reg A+ application that will enable them to sell security tokens to the public.
As demand for utility tokens continues to decrease, expect to see security tokens outstrip them and become the preferred fundraising method for tokenized projects. From a building perspective, this year has recorded plenty of headway in the security token market. Predictions of 2018 being the year of the security token look to have been overstated however. It seems likelier that accolade will go to 2019 instead.
Do you think security tokens will eventually replace utility tokens as the leading fundraising mechanism? Let us know in the comments section below.
Images courtesy of Shutterstock, ICOrating.com and Hashgard.
Need to calculate your bitcoin holdings? Check our tools section.
The police officer who fatally shot a black armed security guard as he held down a gunman outside a bar in Chicago’s suburbs on Sunday, had told the guard to drop his gun and get on the ground before ultimately firing his weapon, according to witnesses cited by Illinois State Police.
Nearly two years after his extradition from Mexico, notorious cartel boss Joaquin “El Chapo” Guzman Loera faces an American jury on Tuesday in the most significant criminal trial in decades.
CNN.com – RSS Channel – World
President Trump and French President Emmanuel Macron sought to thaw recent tensions over the future of transatlantic security ties, agreeing that Europe needs to share more of the burden for defending the continent.
WSJ.com: What’s News Europe
There has been an explosion of hardware wallets recently, with new models shipping on a weekly basis. What’s more, many of these units are more than mere Ledger or Trezor clones, offering unique form and features compared to the market leaders. This week news.Bitcoin.com took delivery of Coldcard, a BTC wallet that promises to be “cheap and ultra-secure.”
Coldcard or Cheap Calculator?
The Coldcard looks like a cheap calculator, and it feels like one too. It’s light and plasticky in the palm of the hand, more akin to the sort of mass-produced gadget you could bulk order off Alibaba than the latest must-have hardware wallet (HW). In fact, the Coldcard that reached this U.K. reviewer from Canada had been marked as a calculator on the shipping label. That didn’t stop customs imposing a $ 20 tax, however, which I was obliged to pay before taking receipt of the $ 70 device. The translucent design, which exposes the Coldcard’s circuitry, won’t be to everyone’s tastes, but I like its nakedness. Peer closely and you can just make out the words “Genuine Caution” printed above the micro SD card slot. Wise words indeed.
Out the box — or rather the packet, since the Coldcard didn’t even come with so much as a cable, let alone a box — the wallet looks disarmingly flimsy. This is not necessarily a bad thing, though. In the design stakes, there are two types of hardware wallets: those so beautiful you wanna show them off to all your friends, and those so ugly you wanna chuck them in a drawer and never look at them again. Guess which one is likelier to be resistant to theft? The Coldcard is not a “coffee table” HW then, and for the sake of your bitcoin, that’s probably a good thing.
Warming up the Coldcard
The Coldcard uses the BIP39 standard for seed phrases, based on a 2,048-strong word list. In effect, this provides 128-bit security, which ought to be ample for securing a BTC wallet. There’s an even more interesting Bitcoin Improvement Proposal that the device uses, though: BIP 174. It’s the first HW to adopt this multisig standard for partially signed bitcoin transactions, which also allows air-gapped wallets such as the Coldcard to sign transactions without needing to connect to the web.
Connect the Coldcard to a computer using a micro USB and it comes to life, with instructions displayed on the tiny yet decipherable 128×64 OLED screen. The diminutive size of the text is not a problem. The responsiveness of the buttons is, however. Unfortunately, buttons do not always respond at the first, second, or even third time of asking, with the problem exacerbated by the absence of any sort of haptic feedback to serve as a guide. Hopefully this is just a production problem in early devices, as it’s liable to alienate users accustomed to more responsive buttons, such as those found on the Ledger Nano.
Early Days But Positive Signs
The Coldcard has just launched, and there’s already quite a buzz about the wallet in cryptocurrency circles, despite its unprepossessing appearance. This may be because it’s the product of Coinkite, which is also responsible for the Opendime USB stick that enables BTC to be spent like a “bearer bond,” gifted from one person to the next, without being unsealed to preserve its value. By the company’s own admission, it’s early days for the Coldcard, and by the time new features have been introduced and minor bugs eradicated, the wallet should be a lot better to use.
Setting up the device calls for creating a two-part PIN and noting down the two anti-phishing words that are displayed on screen. After that, you’ll be shown a range of options, including the ability to create a new wallet or import an existing one. After selecting the former, you’ll need to note down the 24-word seed, which calls for scrolling down repeatedly since the screen can only accommodate three words at a time. Once the seed phrase has been recorded, you’re prompted to recall the words, with each of the 24 words shown in a random order, with three options to choose from each time. It’s a laborious process, exacerbated by the button pushes occasionally not registering, though there is an option concealed within a submenu to adjust the touch sensitivity.
There’s another surprise lurking within the Coldcard’s submenus: It also operates as a litecoin wallet. While the controls and menu options to be found on the device aren’t always intuitive, the quickstart guide clears up a lot of the confusion. It’s not immediately apparent, for example, how you go about creating a new BTC address in order to receive funds. As it turns out, this calls for downloading the Electrum desktop wallet and then connecting it to the Coldcard, either by USB or, for those wishing to keep the Coldcard offline at all times, by writing a new-wallet.json file to a micro SD card, which serves as the relay between the HW and the Electrum desktop software. This might seem excessive, and for most cryptocurrency users it will be, but for those who desire ultra-security, an air-gapped Coldcard is the way forward.
Simple When You Know How
After a bit of trial and error, I successfully connected the Coldcard to Electrum, created a BTC address, and tried to send a small amount of bitcoin to the wallet for testing purposes from an exchange account. Unfortunately I received an error amount when attempting to withdraw funds from the platform. This is because many cryptocurrency exchanges still don’t support the bech32 address format, although this is starting to change, with Kraken being the latest platform to begin integration. I started again, creating a new Electrum wallet using the legacy address format, and this time everything worked smoothly: My deposit of 2.5 mBTC arrived and, when I tried to send a portion of the sum to a new address, I was prompted to sign the transaction using the Coldcard.
Aside from some minor issues with the buttons, and the acknowledgement that physically, it’s one of the more fragile devices on the market, the Coldcard is an impressive piece of kit. It’s not for novices. But more experienced heads, who wish to completely isolate their funds from internet-connected devices while retaining the ability to sign and broadcast transactions, will relish the Coldcard.
What are your thoughts on the Coldcard wallet? Let us know in the comments section below.
Images courtesy of Coldcard.
Disclaimer: Bitcoin.com does not endorse nor support this product/service.
Readers should do their own due diligence before taking any actions related to the mentioned company or any of its affiliates or services. Bitcoin.com is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
The post Review: Coldcard’s BTC Hardware Wallet Is Air-Gapped for Added Security appeared first on Bitcoin News.