Highest Voted 'bitcoin' Questions - IT Security Stack Exchange

1

vote

1 answer

Are eavesdropping attacks possible on Ledger Nano S hardware wallets?

Regarding the Ledger Nano S hardware wallet for cryptocurrencies, I've heard it claimed that the private keys for the wallet are securely stored on the physical device and protected even if the PC is infected with malware. However, isn't it…

hardware bitcoin ethereum

asked Jan 08 '18 at 03:27

Simon East

440
5
10

1

vote

1 answer

CoinHive Bitcoin Mining

2 clients (call them Client R and Client B) reported users of their websites complaining about their anti-viruses detecting a trojan called: CoinHive.js. This seem to be a bitcoin mining malware, that starts threads when a user accesses the website…

malware trojan bitcoin

asked Nov 17 '17 at 12:45

Jurgen Cuschieri

113
4

1

vote

1 answer

BlockChain private key leakage

I am trying to learn blockchain by learning and analysing source code of bitcoin from here. https://github.com/bitcoin/bitcoin . I can see that encryption is relying on Operating system internal encryption libraries. But it is possible to extract…

bitcoin

asked May 27 '17 at 08:07

Shailendra Bhardwaj

100
4

1

vote

0 answers

Why isn't there any Cryptocurrency for fuzzing well-known softwares?

Looks like automated fuzzing is a great idea to find security vulnerabilities, bugs: http://seclists.org/oss-sec/2017/q1/471 , ex.: syzkaller ( https://news.ycombinator.com/item?id=13705833 ) For the Cryptocurrency part.. why aren't the great…

fuzzing bitcoin

asked Feb 22 '17 at 18:35

PeterBill

31
2

1

vote

1 answer

How to verify the authenticity of a download?

On the bitcoin.org website it says: verify your download using signatures I have found some vague instructions on how to do this, but was wondering if anyone has written clear and concise step by step instructions? I am using Linux/Ubuntu. This…

digital-signature gnupg bitcoin

asked Aug 31 '16 at 08:56

oshirowanen

705
3
10
21

1

vote

0 answers

Curve25519xsalsa20poly1305 key derivation

I'm working on batch-encryption of files, for a small project of mine. The files are stored encrypted on a removable drive, and the keys are stored on a trustful server. For enhanced safety, I'd like to use ONE key for ONE file. Files are encrypted…

encryption asymmetric ecc bitcoin

asked Oct 17 '15 at 06:32

Perceval

53
3

0

votes

1 answer

blockchain.info exploit - Random number flaw

"The problem that led to the vulnerability was reportedly wallets generated with previously used 'R-values' in formulas that generate random numbers, meaning a hacker could use the public address to calculate its private keys. If R-values are…

bitcoin

asked Dec 10 '14 at 17:56

Greed

1
1

0

votes

1 answer

compromising DVRs to become bitcoin mining bot

I read this article, about an exploit which highjacks a DVR to become a "bitcoin mining bot". The heart of the attack is to send a binary using just echo comands to the device, which acts as a trivial wget (the device does not have any wget on its…

exploit botnet honeypot bitcoin

asked May 06 '14 at 08:24

Martin Vegter

1,826
4
27
39

0

votes

2 answers

Is it safe to use a ECDSA public key as a password seed for GCM/AES?

Two peers already exchanged their ECDSA (curve secp256k1) public keys using a secure channel. They want to establish an authenticated encrypted channel between them. They will use CCM mode and with the AES block cypher (as implemented in the SJCL…

encryption authentication key-exchange bitcoin

asked Apr 30 '14 at 11:23

ematiu

95
1
6

0

votes

1 answer

Is a one-time, paper wallet Bitcoin transaction anonymous if you never link personal info? Can one begin with anonymity/end with anonymity too?

Say I buy bitcoins from someone with cash (no bank, name, trace, etc.) and have them send it to a paper wallet/offline address. Yeah, there's a "trace" but to WHAT/WHO? It's bought with cash, etc. With this offline address I receive it and send it…

anonymity tracking bitcoin cryptocurrency

asked Jul 13 '22 at 20:48

Ergo Not

1
1

0

votes

1 answer

How do I turn an 88 byte ECDSA public key into a 65 byte uncompressed or 33 byte compressed key for use with bitcoin

In my situation my private key is in an HSM. I cannot access it for use with the various bitcoin golang libraries. Most of the functions require the private key "in-use". Although in my case, I can generate the signature later used for signing with…

bitcoin ecdsa

asked Sep 28 '21 at 21:51

Pete

3
1

0

votes

2 answers

Are Bitcoin Scam Recovery business a scam?

I have an acquaintance that has lost USD 10k - 20k in a Cryptocurrency Investment scam. I strongly suspect he is about to get involved in what in my mind would be a "Crypto Currency Scam Recovery Scam" - which I posit to be a thing. Although…

scam bitcoin recovery

asked May 17 '21 at 07:36

davidgo

593
5
11

0

votes

0 answers

WordPress, a Security Risk for Bitcoin Application?

Asked this question on Bitcoin SE was told to post it here. I'm developing a custom Bitcoin service. Besides for the core application (which is written in PHP) I'm going to install a blog for updates and news. Although I would never try to tweak…

cryptography php wordpress bitcoin cryptocurrency

asked Feb 08 '21 at 02:57

Design X

1

0

votes

1 answer

secp256k1 GPG key?

Given that secp256k1 is used to underpin the entire Bitcoin network (worth $174B as of today) -- it appears to offer demonstrably better security than other EC curves as no one has yet taken the bounty. It also stands to reason that researchers…

gnupg ecc openpgp bitcoin bug-bounty

asked Aug 28 '19 at 20:49

Jonathan Cross

1,548
1
12
25

0

votes

0 answers

Multi-Boot & BIOS Attack Vector Risks For Bitcoin Wallet Storage

I'm trying to emulate a cold storage computer for crypto assets with a multi-boot computer. If I have multi-OS boots & the 'cold storage' boot is never connected to the internet when it is booted, is it possible for a compromised BIOS to store…

bios bitcoin

asked May 24 '19 at 03:06

Emily

121
2

Questions tagged [bitcoin]