That's a classic HYIP scheme, scammers are looking for different ways to catch their bait.

The app definitely can be upgraded to use AES 256-bit, the feature was implemented back in 2002 when 3DES was still fresh and new. The code hasn't ever been tested, so it's implementation might be as secure as a Lego safe. The question is whether it's worth it and if it isn't easier to write a proper cold wallet app for Palm OS instead.


The solution is simple: code in C/C++, so that it will both on ancient 68k and more modern ARM Palms alike. I don't have any advanced knowledge of Palm programming, but knowing that some apps from 68k era still work on ARM Palms, it should be feasible.

I guess that we did some hard work, it should be possible to develop a one-way cold wallet that doesn't need to communicate with the crypto spending file. Even the Coldcard, which says that it's truly airgapped, requires you to use SD card from your computer. So if you are ultra-paranoid, you might decide to spend all at once and replace your Coldcard every time.

As Palm OS PDAs are touchscreen-based, it is possible to develop a companion app for current Android/iOS smartphones and Windows/Mac/Linux computers that will guide you with the progress of entering information on PDA by hand. If you don't want to enter everything by hand with Graffiti, you can use a keyboard, camera (QR) or audio modem (speaker and microphone) modules. The last feature is in Electrum, so implementing it probably wouldn't be a problem, but how you will input/output the sound? Again, modules are the answer, but there are no commercial modules such as this available and we need to hack one at home.




This is not impossible, as there have been external keyboards and camera module produced for Palm PDAs. That's for über-paranoid people and I don't need this kind of security, so it can communicate with computer through serial or IrDA. Again, I was speaking about air-gapped security, but the user should be able to use the program wired or this paranoid way if they want to.

The problem is how to get the signed transaction out of PDA. Again, serial or IrDA can be used. But again what the person is extremely paranoid again? We have a screen, so the user can either retype the user-friendly text back to the computer (as long as it's not too long) or display a scannable QR code with a transaction ready to be sent to the Bitcoin network.


Hardware wallets are also pretty secure for cold storage of low amounts of cryptocurrency (below $10000), but it is also possible to split your HODLings between hardware wallets so the compromise of one would keep at least remaining hardware wallets secure. Anyway, don't keep more crypto in hot wallets than you would carry in your real-life wallet. Bitcoin is electronic cash, not a bank, so treat it as such.


Of course I said that the program can lock you out of the rest of the OS unless you explicitly exit an app (preferably with explicit warning to avoid using it pseudo-hardware wallet as your PDA). Palm OS, while primitive in today's standards, is much more flexible than currently existing mobile operating systems as it doesn't have sandboxing, permissions, etc. You can do everything you want straight out-of-the-box and we can use it to our advantage.

Sometimes the more secure option is a more convenient one, but not always. For example graphical PGP overlays and e-mail plugins can be safer than their command line counterparts as you don't need to save decrypted files on your hard drive. If your computer is compromised, you're fucked anyway.

I think that since the PDAs (Personal Digital Assistants) aren't dedicated to cryptocurrencies but rather using them as a pocket computer, it would be therefore more secure. I don't really understand security through, so correct me if I'm wrong.

TL;DR is above

First, the device is more user-friendly than a ColdCard. That's for sure as touchscreen is infinitely easier to use compared to clunky UI straight out of old dumbphones.
Second, you can use a more complicated password on a PDA compared to dedicated hardware wallet.
Third, there is extremely low risk (but not zero) that you will accidentally leak your private keys, as the device doesn't have any out-of-sight communication methods such as Wi-Fi, Bluetooth, etc. Of course, there remains IrDA, but it does require direct sight and it can be taped over or removed if you are paranoid.
Fourth, it can be truly air-gapped, as after installing a wallet program on the PDA it doesn't require to be connected to the computer anymore. It can transmit relevant information to your phone via generating QR codes. If you accidentally use IrDA or connect it wired to the computer, it should automatically wipe data in order to protect it from leakage. Of course the feature should be optional (for example to update the app), but should require password and display a very explicit warning to turn it off (preferably with dialog to ask user to check if they have a backup and wipe data for uber-paranoid, again optional).
Fifth, many (but not all) of the security features of a ColdCard (such as duress PIN, BIP39 passphrases/25th word, Brick me PIN (that 'kills' the RAM and ROM if entered), dice rolls for provable Bitcoin seed generation, etc.) can be implemented in the app.


An old PDA lying somewhere is much less suspicious than a hardware wallet. If you happen to be in danger, with the old Palm models that store their data in RAM and have removable batteries you can just pull out them knowing that your Bitcoin/cryptocurrency savings are safe. There is a problem that you might lock out of your Bitcoins whether either when battery goes zero accidentally or deliberately, so it shall support a paper and pen based backup (BIP39).

PGP Inc. doesn't sell or even give away free licenses of PGP for Palm OS today. It's also next to impossible to find binaries of PGP for Palm OS back in the day. I think that PGP for Palm OS was used mainly by journalists with their AlphaSmart Dana digital typewriters (that run Palm OS) to encrypt messages before sending them to the central office, so maybe you can ask one if you know one who used this device.

There is a password manager called Keyring for Palm OS: http://gnukeyring.sourceforge.net/index.html, but the webpage and the app has remained nearly unchanged since 2003.


Also, the website states:
What? Triple-DES is secure? Do you know that NIST has deprecated 3DES in 2017?


You can program PalmOS at least in C , C++ and assembler, but I guess that any programming language is able to be used given enough work.

Also, libraries written in C and C++ already exist, so porting them to the Palm OS won't be a huge problem. There is MathLib.prc shared Palm OS math library ,which itself is based on the Sun Microsystems' libm: https://github.com/fidian/MathLib

Maybe we can take the existing code for generating secure cold wallets, including appropriate libraries and port them to Palm OS. The only hard work that remains is programming an user interface to allow usage of the program and additional security features such as locking access to the rest of the OS without explicit user's consent.

Being a hardcore gamer doesn't automatically mean you are addicted. I know, I used to be one several years ago, but I still managed to get good grades and I was able to have a balanced life. It lasted one and a half a year for me, sure it's fun, but eventually you will get bored.

True, while flight simulators can't teach you actual flying, it can be useful for learning basics about the instruments, maps, weather, VOR and ATC. But the in-game ATC is just artificial intelligence speaking to you. You don't get the feel of a real plane. There is no fear in the comfort of sitting in front of your computer. There a infinitely more room of error because if you crash in-game, you don't die.

It is still useful in training some emergency procedures that you wouldn't intentionally put yourself IRL. Also, a good amount of IFR training can be done in a flight sim, however, the knowledge gained from flight simulator is useless unless you have skills necessary to fly IRL.

And that's me saying as a flight simulator enthusiast - I once flown a Cessna 182 under the eye of an instructed pilot, and it was a lot harder than in-game.

I would say that it's possible for some gamblers who only appear to be addicted to beat their "addiction" through sheer self-control, as it's purely psychological, while an alcoholic would have more trouble as alcohol addiction is mostly physiological. Again, some people are able to beat their video game addiction and 

If you was tech-savvy like me in 2000s, you probably knew at least one person that had a PDA (Personal Digital Assistant). If you don't know what it is, it was a pocket touchscreen computer that was similar to smartphones today, except you couldn't call and it didn't connect with the Internet (well, unless you had an extension card).

This is a photo of a PDA:



Pretty similar to modern smartphones, no? Since these thingies didn't had an Internet connection and the only built-in communication methods were cable and IrDA, I thought up that it is possible to write a specialized app for old PDAs that allows it to be used as a cheap cold wallet.

I choose Palm OS, since they are easy-to-use even today, they are easy-to-find and there were only very few viruses ever released. Also, there is wide variety of Palm OS PDAs - from prehistoric Palm III from 1998 up to Palm TX from 2005.

Is there any app for Palm OS that allows me to use my old Palm Vx as a cold wallet? It must be open source, we all know why.

FTFY

Sorry for replying almost 3,5 years later, but I've just noticed this warning in my Trust.

Somebody has hacked me. Bitcointalk should seriously consider implementing 2FA.

Yes, it's legit, but please use it carefully. If you do some illegal shit, law enforcement will do everything to correlate and find you because nothing is truly anonymous in the Internet (or anywhere else). Tor Project should do the more visible warning about abusing Tor that they have already written a long time ago: https://support.torproject.org/abuse/#what-about-criminals

Back in the pleistiocene, I used a combo of Orbot and Orweb on my phone just like everyone else. Then I switched to Orfox when that came. Now it's Tor Browser, probably the same thing as Orfox, but I don't know whether it has a built-in Tor bundle since I didn't need to use Tor on mobile for long time.

If you are so afraid, maybe considering using Tor on your computer running Linux (Windows/MacOS are pretty dangerous computing platforms for privacy these days).

If you think so, then why we still have this pandemic? Claims that budesonide can cure COVID-19 are premature: https://heavy.com/news/2020/07/budesonide-coronavirus-covid-19/ and with your hydroxychloroquine there are mixed opinions. I'm with you that media is too controlling and manipulative these days and media giants like Google, Facebook and Twitter all try to censor this material in the disguise of "protecting us from fake news".

Everyone knows that your average 50 cent masks protects you only from fines, as these producers aren't up to the task of engineering a virus-proof mask for that price.

But then, I suspect that while COVID-19 might really be as dangerous and scary as media says it to be, it will affect less than 1% of population. My estimation shows that the real IFR of COVID-19 is 0.2%. Not much, right?

I'm a gamer and while I'm not addicted to video games, I think that the problem is overblown as most people should be able to beat their video game addiction through sheer self-control.

True, so if you make multiple steps for decryption like I said, use different programs and leave extensions at the end of a file. You will see which program you need to use at each step of decrypting your file.

And test it every few months to check if it's still decryptable. If not, you better transfer your coins and renew a backup in order to ensure safety of your wallet.dat.

Agreed, but some people might want to add a paper backup to traiditional backup methods. You shouldn't rely solely on this program to back up your wallet.dat file, but it might be useful when all else fails.

This program isn't meant to replace backing up to different storage media such as CDs, DVDs, BDs, USB sticks and HDDs, SD cards, cloud storage but rather to complement them.

True, although this program is meant for users who want to backup their hot wallet to the paper, as Bitcoin Core doesn't offer any feature to allow users to backup their wallet to the paper. Hot wallets aren't as secure as cold storage, hell, even 10% of it.

If you want to make a cold storage backup, then just use a handwritten seed. You can generate it with the Tails operating system, which is designed for preserving your anonymity and security, just to be on safe side.

Yes, but at least in this case your chain is as stronger than it would be if you had done it with only a single tool, because as long as you use different passphrases with same entropy, the encryption chain is as strong as the passphrase used in the strongest encryption program from this chain. If all three programs are secure, the attacker would have to crack three different passphrases in order to get to your wallet.

However, if you use the same passphrase, the encryption is as strong as the weakest link. In this case, the weakest link is going to be your passphrase used by your weakest program.

TL;DR: Yes, encrypting triple times can greatly increase your security, although it doesn't have to.

It's possible to encrypt your wallet in Bitcoin-Qt, but you shouldn't rely on that alone. You should add an additional layer of encryption with TrueCrypt, with a different password of course, so it will end up doubly encrypted. And if you are paranoid, use 7-Zip and GPG (symmetric) over the file and put it in SpiderOak/Tresorit/any other online encrypted storage. This way, when one of encryption tools and/or algorithms gets compromised, your Bitcoins are still safe. Sure, that's 5 passwords to remember, but it's not impossible.

And I didn't say about storing your wallet copies in the tool, I just told about storing copies of PaperBack program in your cloud account.

I understand that most people here are tech savvy.

I'm an power user when it comes to computers in general, including Bitcoins. Recently I wanted to offer a computer help to people who might have difficulty doing something on their computers and smartphones. People would pay me in Bitcoins if I manage to fix something. Of course it's going to be escrowed so the people can't try to scam me.

I'm aware of TeamViewer screen sharing, however, the risk is that people might call me a scammer because it allows me to control the computer which I'm connected to, even though I have no malicious intentions. So what app should I use instead?

How high should prices be?