Mit dem File Explorer kann man nicht auf Applikations-interne Pfade zugreifen. Das wäre ja zu schön 
Androids gesamte Sicherheit basiert genau darauf.

Dazu müsste das Smartphone gerooted sein.

Da er aber die App bereits installiert hat und diese keine Dateien gefunden hat, werden auch keine vorhanden sein.
Beim Zurücksetzen werden diese Daten alle gelöscht.

A hardware wallet is not running on your computer. The sensitive data is only handled within the secure element (speaking about hardware wallets which actually have such a security mechanism).
Therefore the 2nd point still applies. It is a concept applying to every software/hardware.

Just because you use your PC to communicate with your hardware wallet, the keys are not handled by the PC. The crucial system here is the hardware wallet. I could have made that clearer.


A hardware wallet can be only as secure as the hardware is (e.g. vulnerabilities in the MCU or SE).
The same applies to a software wallet, taking hardware, software, network connectivity etc. into account.

I remember telling him 2 or 3 years ago.




Do whatever you want to.
Then please also accept any consequences.

I really don't get what your problem is. If you coins got stolen, you deserved it. If they weren't, you were lucky.
If it is the first, stop doing nonsense and listen to the valuable advices. If it's the latter, secure your coins and do whatever you want to.

As far as i can see in this thread, you fixed that problem already but it happened again due to another poweroutage?
You basically just need to do the same again (starting core with the reindex parameter). You probably just were in the wrong directory, that's why you were told there is no application.




It is, but downloading the blockchain usually isn't the bottleneck. Processing is the bottleneck. So this wouldn't change much.
And i would highly recommend to build the chainstate yourself and to not trust on others data.



I am not sure about this since i'm not using windows, but i believe there is an "upgrade" option which keeps the data.
Even if there is not, you could just copy all of your data (blocks, chainstate, wallet, etc..) to a hard drive and then copy it back after installing Win 10. Then you don't need to downloaded and process the whole blockchain again.

Um an diese BTC zu kommen brauchst man entweder:
1) das funktionsfähige und initialisierte Wallet oder
2) ein (ggf. verschlüsseltes) Wallet Backup

Da das Smartphone zurückgesetzt zu sein scheint, sind auch alle Daten des internen Speichers gelöscht worden.
Wenn also, wie -doubleU- schon sagte, kein Backup mehr auf einer SD-Karte (oder auch woanders) vorhanden ist sehe ich keine Möglichkeit der Wiederherstellung.

I truly hope this is a joke.

You are asking these questions for years now.
We have exchanged multiple PM's. And there were way more people in contact with you via PM to help you set up something secure.

Every single person told you to not store your mnemonic code / seed of the hardware wallet on your PC.. and you still did that?

You know.. you are probably lucky.
Simply visiting a phishing site doesn't result in your computer getting compromised. Especially since the people behind phishing sites usually aren't the smartest one. Definitely not smart enough to find an exploit for the browsers sandbox.
However.. how could you possibly store your mnemonic code on your daily computer? Didn't you listen to everyone talking to you?

Basically everything you can imagine (and more) can go wrong.

Without any further information (e.g. what you define as "safe"), no one will be able to give you some useful advice for a specific software/hardware.
There are lots of attack vectors, it depends on which of them apply to you. Based on this, there are good and bad decisions for your case.

Generally:
No closed-source, web- or online wallets.
Your wallet can only be as secure as the system it is running on / the building it is placed in.

If you are using core for development, i guess that's fine.

But if you intend to store money on your PC, please don't use Win 7 anymore. It is outdated, vulnerable and won't get any security updates.
It is not just missing lots of security features which are available in Win 10, but it has known vulnerabilities too.

Do yourself a favor and update to Win 10.

Bitte sei dir aber gleichzeitig bewusst, dass das Trennen der Coins auf 2 Hardware Wallets nicht automatisch bedeutet, dass die Aufbewahrung sicherer ist.
Hierbei kommt es darauf an wo du deine Mnemonic Codes aufbewahrst.

Wenn du diese am gleichen Ort aufbewahrst, hättest du dir das auch sparen können da der effektive "Gewinn an Sicherheit" praktisch 0 ist.

Das erhöht deine persönliche Sicherheit nur, wenn du die Mnemonic Codes auch getrennt voneinander aufbewahrst.


Oder was war denn die Intention dahinter? Oft gibt es noch bessere Wege um ein Ziel zu erreichen, dazu müsste dies aber erst klar formuliert sein.

Yes, the sender decides the fee.

Exchanges have a fixed fee which is higher than the actual transaction fee (keep in mind, they usually batch transaction and therefore pay less per withdrawal transaction than when sending them all one by one) because of multiple reasons.
First, you are not just paying for a single transaction. Your deposit transaction has to be merged with others and moved to the cold wallet. The hot wallet has to be topped up from the cold wallet regularly and in the end the actual withdrawal transaction has a fee.

Further, you are paying for the "work" behind these transaction. You can't just calculate the transaction fee and say that's what it should cost. They have algorithms checking stuff, doing sanity checks, making sure there are no bugs, vulnerabilities etc.
This all costs money (development costs, maintenance, energy, servers, etc..) which is priced into the withdrawal fees.

This indeed was way too easy.

If the probability of winning is larger than negligible (smaller than the inverse of any polynomial function), it is not cryptographically secure and therefore is a bad encryptio scheme.
So, even if this mechanisms wouldn't leak plaintext bits (which it does) and if it wouldn't be purely based on security through obscurity (which it does), it still would be a worthless scheme.

It is not surprising that the AppImage itself isn't modified.

Did you check the folder /home/<user>/.config/@trezor/suite-desktop/ as mentioned in the notes from trezor regarding the trezor suite?

If no files are stored there, you might also just run your software and then check in your home folder for recent file system changes with the following command:

This command will find files inside the home folder which change within the last minute.

BIP39 is neither security by obscurity nor does it leak plaintext bits.




These are neither 100-300 chars, nor is it too difficult for an average person to decrypt it using a 3-5 step instruction.

It doesn't make any sense to create a shitty and insecure shift-cipher (which has to be taught how to use) instead for example just a BIP39 passphrase. Most proper wallets can handle this.
That would be way more easy to use than either AES or your shift shit cipher.

In the end it comes down to two pieces which have to be stored: the secret and the (encrypted) data.
Whether this is your plaintext-leaking-mnemonic [data] with the instruction and dates [the secret] or simply the securely (non-leaking) BIP39 passphrase protected mnemonic [data] and the passphrase [the secret] doesn't matter. The difference is, one is secure while the other one isn't.

I don't to visit any website. I know how AES works behind the scenes. I don't care what a random website outputs on an arbitrary input.




No, it doesn't. Check openssl for example. It comes with literally every linux distro out there.




Not true.



As shown in my previous post, a 12 word mnemonic results in 48 byte which can be easily represented by 48 characters.




That is one reason why it is bad.
Another one is that it leaks bits of the plain text.

Any of these 2 reasons is enough to deem that as a bad design.




It's not.
Simply cryptanalysis and even bruteforcing is enough to break your "scheme".


It might work for you, you can feel safe as much as you want.
Trust me, no one here cares about you and your coins.

Just stop pretending your "mechanism" is good. It is not even close to being acceptable.

To be honestly, i couldn't care less about your approach and whether your mom will understand anything.

My only concern here is that others might believe this is a gOoD iDeA. That's the only reason i am commenting here. I absolutely don't care about you and your BTC.




AES is a Block Cipher which works on 16 bytes blocks.
Assuming a 12 word mnemonic code, that's 132 bit (=16.5 byte) which results in a 32 byte output. If you want to store the IV together with the cipher text, that would be another 16 byte resulting in 48 byte in total.
That's nowhere close to "100-300 gibberish characters".

A 24 word mnemonic would result in 16 more bytes (a total of 64 bytes).

Now, instead of trying to call other people out on "not getting it" where "it" equals your shitty approach every sane person in the crypto scene wouldn't even touch with a stick, learn the fundamentals. Only then, we can start talking about encryption schemes and security in general.

Actually everyone who can listen to the traffic inbetween (including the ISP) knows that you are communicating with the server. They just don't know what is being communicated.
TLS does not protect against metadata analysis in terms of knowing when does who communicate. It just protects the content.

If the Electrum server is actually connected to the bitcoin network (which it has to be to retrieve up-to-date information), then it is straight forward to deem that server and anyone connecting to it as a bitcoin user.
TLS does not protect against that since it does not hide your identity.


The main question here indeed is whether OP cares that other entities might know he has something to do with bitcoin. If the answer is yes -> Tor is required. If the answer is no -> TLS is definitely good enough.

Er hat damit insoweit Recht, dass die Kreditkartennummer, der Name und das Ablaufdatum unverschlüsselt gespeichert und auch über NFC übertragen werden.

Klingt jetzt aber dramatischer als es ist.

Wie du schon gesagt hast, muss man damit direkt an die Karte hin. Auch 2-3 Karten übereinander sorgen dafür, dass keine davon mehr ausgelesen werden kann da sich die Signale überlagern.

Selbst wenn man an die Daten kommt.
Zum Bezahlen am Terminal reicht das nicht wegen des von mir oben erklärten Mechanismus. Der Chip enthält geheime Schlüssel die nicht übertragen werden und auch nicht anderweitig auslesbar/klonbar sind.
Zum Bezahlen im Internet reicht es ebenfalls nicht, weil die CVV auf der Rückseite nicht bekannt ist und nicht übertragen wird und dank Verified by Visa (VBV) und MasterCard Secure Code (MCSC) eine 2-Faktor-Authentifizierung stattfindet.

Who said anything about online services?

You do trust your Operating System, right? Then just use the built-in tools. As easy as that.




You don't need any external software. You can just use your OS.
And you also don't need 100-300 gibberish character, it seems you still didn't get it. Just read my last 2 posts again. You can use the same secret which in your case are a few dates. No additional characters.
The difference is that you don't use a worthless and non-secure mechanisms which leaks the plaintext (your mnemonic code), but a secure algorithm which is used all over the internet to secure messages.

If you don't trust AES, why don't you just use your stupid and insecure shift cipher to communicate with websites instead of TLS?

You have been warned. What you are doing is bad and insecure. And that is not an opinion, but a fact.
You gain almost zero usability but lose tons of security.

I understand that people who don't understand anything at all regarding security and cryptography believe to be able to create a secure mechanisms. Simply because they don't know better.
But the truth is, they can't. Believe it or not. We don't care whether you lose your money. The important part is that everyone else reading this knows that your mechanisms is insecure.

So wie ich das sehe, wurde keine On-chain Transaktion durchgeführt.

Ich vermute mal du hast aus versehen eine Transaktion "innerhalb deines Accounts" bei blockchain.com durchgeführt.
Blockchain.com hat ein seltsames Konzept von verschiedenen "Wallets" (eigentlich keine echten Wallets) innerhalb eines Accounts.

Hast du denn beim Senden der Transaktion irgendeine Adresse angegeben? Oder hast du "BTC Account" o.Ä. ausgewählt?


P.s. Wenn sich das hier geklärt hat würde ich dir raten ein echtes Wallet zu verwenden und nicht so ein schreckliches Web Wallet.

You should definitely give more information.

When does this happen?
When did this begin to happen (what did you install)?
What exactly do you mean with "affecting performance"?

With just an error message without any context, you won't get much help.