I'd just point them to http://www.timemarker.org/

.... another random thought:  I wouldn't be surprised if you could get tricky with nonces to get any https-enabled web server to act as a free timestamping service, too...

Is there a lot of demand for timestamping? Are people willing to pay for it?

There are already free, centralized services that will timestamp arbitrary hashes for you. Besides the risk that they might go away (which you could mitigate by getting timstamps from several of them), is there any real advantage to using the blockchain?

If I can already get timestamps for free, why would I bother to pay a transaction fee to get a blockchain timestamp?

I'm often wrong, so feel free to ignore me, but blockchain timestamping seems to me like one of those gee-whiz ideas that appeals to us techies but isn't "enough better" than existing solutions to be interesting to non-techies.

Because it is critical that YOUR passphrase be different from EVERYBODY ELSE'S passphrase.

Adding your email address or driver's license number or some other certainly-unique-for-you information makes that work.

That shifts the problem from "attacker is trying to guess EVERYBODY's passphrase" to "attacker happens to know that you have a bunch of BTC in a brainwallet and is trying to attack YOUR brainwallet, specifically."


Nicely said.

Again: we are really bad at thinking up good, unique passphrases. We share so much experience and culture that whatever you think of, somebody else will probably think of, too.  Or some attacker will think of something similar enough to crack your passphrase.

And we are really bad at imaging what it means that an attacker might try a few hundred BILLION passphrases to try to crack everybody's brainwallet.

Humans are pretty bad at being original. REALLY bad at being random. And we are terrible at comprehending huge numbers.

So if you ask the average person to create a secure passphrase, they're very likely to create something that a "determined attacker" with a lot of computing power can crack.

I think if people start to use quotes from obscure literary works as their brain wallets, then they're going to lose their bitcoins sooner or later. Attackers can try MILLIONS of passphrases per minute, to crack EVERY SINGLE brainwallet that has ever been created.

So: if you absolutely, positively won't be dissuaded from using a brainwallet, here is my advice on how you might be able to come up with a secure passphrase:

Think of two passphrases that you think you can remember. And think of a government-issued number that you can easily lookup or remember (like your driving license or social security number).

Create a brainwallet passphrase that is:

the first passphrase,the government id number,the second passphrase

Then create a 'sentinel' brainwallet that is just the first passphrase, and send a small number of bitcoins to it. When those bitcoins get spent (or more bitcoins are sent to it by somebody else), you know that the first passphrase you chose isn't good enough any more.  Choose a more complicated passphrase and create a new 'sentinel' and real brainwallet, and move your old brainwallet there.

The reference implementation patch is scheduled for the (real soon now!) 0.8 release:
  https://github.com/bitcoin/bitcoin/pull/2223

No. It is perfectly possible for multiple people to provide inputs to a transaction, each signing their input but without knowledge of the other people's keys.

That is extremely rare now, but that is exactly what you would do to implement a peer-to-peer coin-mixing service, which I suspect may be a very popular way of paying for things since it increases your privacy significantly.

20.11

It is very high on the priority list, yes. Miners already support it, but there are still a couple of steps to go before you can create a wallet split between Bitcoin-Qt running on your desktop computer and an app running on your iPhone.

I think Dev&Tech == generic technical discussion, then sub-forums for discussion of development of the popular clients makes sense (including 'Reference Client (Bitcoin-Qt/bitcoind)' ).  And a catch-all for any not-yet-popular (or used-to-be-popular) clients.

"sort of expensive" ?  Really expensive and getting more expensive all the time.  And absolutely impossible for a lightweight hardware or mobile-phone wallet, which I think a lot of people will use as their second-factor device.

RE: what's my role in the core team:  I try to do whatever needs to get done, that isn't getting done.  Today I'm cross-compiling the 0.8 release and testing it on Windows, trying to track down a crash-at-exit issue and an excessive-memory-use issue that seems to only happen on Windows.

When I'm not doing nitty-gritty things like that, I try to work on big, what-is-most-likely-to-make-Bitcoin-succeed problems.

RE: why pay me a salary?  "why pay for the cow if you can get the milk for free?"

I told myself (and my wife) a couple of years ago that I wasn't going to sink dollars into Bitcoin-- that I'd sink time into it, and that I'd EARN bitcoins by starting a bitcoin-related startup.

Well, there's enough core development work to keep me busy full time. I wasn't very happy doing core development work AND trying to make ClearCoin happen; I'm happier when I can concentrate on one thing.  Besides, having my own startup introduces potential conflicts of interest (ClearCoin sparked conspiracy theories about why I push for multisig transactions so hard).

RE: what if I get hit by a bus?

Then the other core developers will carry on without me. I'm not indispensable.

RE: Why should you join the Foundation?  What is in it for you, personally?

That is a hard question, because you can "free ride" -- if we're successful making Bitcoin successful, everybody will benefit. Personally, I don't respect people with that kind of "I'm not going to do it because I'm sure somebody else will" attitude, and I think in the long run the people who take the risks and roll up their sleeves and do the work needed tend to win in the end.

Really, the main benefit of joining the Foundation is it is an organization full of people who are rolling up their sleeves and doing the work. If you're smart, you'll realize that networking with those types of people is to your long-term benefit.

I started working through a GUI design for secure multi-device wallets a couple months ago:
  https://moqups.com/gavinandresen/no8mzUDB/p:afbbfb850

But to be secure, I think we need the payment protocol first, because otherwise an attacker can simply replace the bitcoin address given to the first device and trick you into paying them.

... and because bitcoind's wallet code hasn't been optimized for massive wallets.  "patches welcome"
(although I think the wallet code needs a complete rewrite, we've learned a lot over the last couple of years and need wallets that are much easier to back up and keep secure).

But a transaction with a 0.005 BTC output triggers this rule:

... so you're back to paying 10kilobytes * 0.0005 BTC / kilobyte == 0.005 BTC to spend those 0.005 BTC.

Yes, if you have a large-value, well-aged input then you can combine it with tiny transactions, have a single output greater than 0.01 BTC, and probably get into a block for free.

If you want to prototype a smarter coin-selection algorithm, you might start with the 'spendfrom.py' code I wrote as an example of using the raw transactions API:
  https://github.com/bitcoin/bitcoin/pull/2162

With the current transaction fee rules, inputs of less than about 0.00005 BTC will cost more to spend than they are worth.

(somebody check my arithmetic, I'm good at dropping digits:  MIN_TX_FEE is 0.0005 BTC per kilobyte, an extra input is a signature+pubkey+a few extra bytes = 100 bytes, so minimum fee per input is about 0.00005 BTC)

Wallet software should probably display micro-inputs as zero to the user (they really are worthless right now, since they cost more to spend than they are worth) and ignore them when computing the wallet balance or getting inputs to spend.

Oops, sorry, update the github page, all the bounties are claimed.

Thanks to everybody who tested, you were extremely helpful.

What did you think about the bounty amounts:  too much?  too little?  just right?

Let me google that for you.... ah, here's a nice chart:
  http://dollardaze.org/blog/?post_id

There is about 5 trillion dollars in currency in the world.

So 2.1 thousand trillion satoshis is PLENTY.

Successful technology companies do not waste their time solving problems that they THINK they MIGHT have in 20 years.

They don't even spend much time thinking about problems that they might have in four years.

I don't spend any time worrying about the strength of 256-bit ECDSA or 160-bit RIPEMD, and I spend even less time worrying about the strength of those two combined.

The only completely and utterly decentralized bitcoin-like system I can think of would have every person using it write and run their own code.

On computers that they built themselves.

Communicating over a wireless mesh network where each node in the mesh was controlled by a single person who wrote all the code and built all the hardware....