address – Is it safe to say that all bitcoin that is mined is staying in the bitcoin adresses that is generated between 2^0 and 2^256?

First of all, since a single key can be represented by tons of different address types, let’s assume what you meant to ask is about private keys.

But you are basically correct, the security of ECDSA is based on really big, really random numbers that are so big and so random no one will ever generate the same number as you.

A few details though, from my understanding:

The order of the curve is 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

ref 1
ref 2

So there is a slightly lower number of possible private keys than just 2^256

Also, not all Bitcoin outputs require a single key for spending. There are multisig scripts and more complicated spending policies. Assuming you had “all” the private keys and could look them up in a practical way, I suppose you could assemble multisigs where necessary. But that’s not all – plenty of transactions are HTLCs which require the pre-image to a hash in addition to a valid signature to spend.

Another thing is that some Bitcoin addresses really are black holes (burn addresses). If an address represents a point that is not on the secp256k1 curve, then there is literally no private key.

Some Bitcoin may also have been sent to unrecoverable scripts like OP_RETURN or scripts that require finding a hash collision.

online resources – Iraqiairways.com.iq website is safe or not?

Is it safe?

Well, it’s certainly not safe enough for me to send my credit card details over this site. Here’s why:

  • Website is not encrypted and does not allow encryption:enter image description here

  • It does not matter that the flight selection site (https://booking.sita.aero/itd/itd/Air) is encrypted, you will afterwards be redirected again to a page for the credit card payment which is again partially unencrypted (verified with a http proxy tool).

  • A Whois lookup reveals the following: enter image description here

  • I suspect that this site is highly susceptible to being hacked (IIS 7.5 has at least one known vulnerability: https://www.exploit-db.com/exploits/15803)

  • The server located on UAE territory will invariably collect your personal information.

Even though they claim differently:

All credit/debit card transactions are carried out on behalf of Iraqi
Airways (www.ia.com.iq) by Barclays EPDQ Merchant bank PLC (after
ticketing confirmation the user is forwarded to a secure payment
system guaranteed by Barclays EPDQ Merchant bank PLC where the user
may pay for their booking).


Can you print the issued ticket immediately after the purchase?

No. It will be processed first and you likely have to wait up to 24 hrs before you get an email confirmation with the ticket issued.


Solution: Normally in such cases I call the UK office (+44 207 724 8455) and book through the agent, or I use a local travel agent service asking them to book the segments through their direct GDS connection. Last but not least (in case your inquiry is about domestic flights), flying in Iraq used to be cheaper with hard cash (USD) paid upon arrival after some negotiating.

bitcoin core – How safe is BitcoinCore since it is using owner’s passphrase?

No, not all passphrases are used to generate the private keys for a wallet. Only specifically brain wallets do that.

Passphrases in actual wallet software like Bitcoin Core and Electrum are used to encrypt the wallet. The private keys are still randomly and securely generated. Your passphrase is only used as an encryption key so that the private keys are stored encrypted on disk.

It is safe and recommended that you encrypt your wallet with a passphrase. If you choose to not encrypt your wallet, then the private keys will be stored unencrypted on disk and any person or malware with access to your computer can steal your private keys and thus your Bitcoin.

encryption – Android: How safe is PBKDF2 with a 4 digit pin?

Our Product Manager wants a 4 digit pin for login in our app, obviously for UX reasons, so user don’t have to remember their password each time when they login.

A refresh token can be retrieved from backend to obtain a session token, which have access to the API. On our app, we encrypt the refresh token with AES and PBKDF2. A random salt and IV are generated plus the 4 digit used as password for PBKDF2.

After the encryption, I store the salt, IV and the cipher text base64 encoded in private shared preference.

The encryption code looks like this:

const val CPR_TRANSFORMATION = "AES/CBC/PKCS7Padding"
const val ALGORITHM_TYPE = "PBKDF2WithHmacSHA1"
const val ITERATION_AMOUNT = 12000
const val KEY_SIZE = 256

private fun encrypt(passCode: String, data: ByteArray): Encrypted { //e.g.: passCode = "0000"
    val salt = ByteArray(256)
    SecureRandom().nextBytes(salt)

    val iv = ByteArray(16)
    SecureRandom().nextBytes(iv)

    val cipher = Cipher.getInstance(CPR_TRANSFORMATION)
    cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(passCode, salt), IvParameterSpec(iv))
    val raw = cipher.doFinal(data)
    return Encrypted(salt.encodeBase64(), iv.encodeBase64(), raw.encodeBase64())
}

private fun getSecretKey(passCode: String, salt: ByteArray): Key {
    val pbKeySpec = PBEKeySpec(passCode.toCharArray(), salt, ITERATION_AMOUNT, KEY_SIZE)
    val keyBytes = SecretKeyFactory.getInstance(ALGORITHM_TYPE).generateSecret(pbKeySpec).encoded
    return SecretKeySpec(keyBytes, KeyProperties.KEY_ALGORITHM_AES)
}

Now my question is: How secure is this implementation?

  • How could an attacker retrieve the refresh token from shared
    preference and decrypt it?
  • Is the symmetric key inside secure element?
  • How safe is this implementation against malware or root?
  • How easy can the key be brute forced? (except that user tries 10k
    times manually to insert the correct pin)

json – Shared Text Content – XSS Safe

I have a bulletin on my site that all valid users have access to (read and write). User input posted to this bulletin is stored in JSON. Because of these qualities there is definitely some concern for XSS. Im hoping to figure out the best way to protect my app and its users when using this feature.

Some thoughts:

Validation – because this is a bulletin/message board I would prefer to allow users access to any character they can type. One user might need to say Boss says "Specials for ages < 12 & > 65 are as follows...". Because of my requirements, validation does not seem possible.

Sansitization – this has the same issues as validation, we would lose functionality.

Encoding – Im fairly new to this and do not know how one might encode user input to make it safe within the DOM (or JSON). If this is the preferred route I am interested in links to documentation or examples.

More Context:

I am adding to the content by doing something similar to the following; where obj is the full entry and message is the user supplied input.

var body = $('<p>').text(obj.message);

Because I am only adding user input in the text context does that mean I can avoid concern?

Lastly, I am newer to using JSON to store user supplied info. I have not been able to find much on JSON security but if you have any topics related to the above, I would appreciate links to documentation.

EDIT: a user here said the following:

Note that this function also does the reverse – so calling it on
already escaped data will result in it being unescaped which can
inadvertently result in an XSS

Is this correct?

safety – How Does An Beginning Photographer Appear Safe and Serious To A Model?

So, I’ve decided to take up photography on the side. I’m starting w/ some simple Urban Exploration and Astrophotography stuff but I know the projects I want to do will eventually require working w/ models.

However, given that I’m 50 years old w/ no track record of working w/ models I’ve pretty much got all the warning signs of ‘GuyWithCamera’.

So what are the things that models would be looking for to see me as a safe and serious amateur? I’m assuming shooting in public locations and encouraging them to bring a friend would go a long ways. But are there other things models look for?

If it helps, my target audience for a model would probably be in the 30-45 year old range. I’m not looking to do nudes or anything along those lines. More ironical themes like a fashion shoot in front of a house w/ a foreclosure sign or a black wedding dress shoot in an abandoned church.
Thanks –

Am I safe if 16 words in my 24 word seed are leaked?

Other answers correctly state that leaking 16 words of a 24 word key significantly compromises security. I would add that you have an alternative option which wouldn’t compromise security.

Using Shamir’s Secret Sharing, you can encode your key on three separate pieces of paper such that:

  • You need at least two pieces of paper to recover the original key
  • If someone gets just one piece of paper, they can’t learn anything (not even with unlimited resources) about your key from it

It looks like there’s at least one easy to use command line implementation of the algorithm for encoding strings, sss-cli. Note that I have not verified its implementation.

Safe YouTube Promotion via world-wide real users and fast delivery for $1

Safe YouTube Promotion via world-wide real users and fast delivery

40 YouTube channel subscriber Or 110 video likes only $1.

welcome to my YouTube channel promotion service. Are you looking to promote your YouTube channel Or video? Don’t worry, you’re in the right place. All subscriber or likes comes from real active verify account. so your channel Or video 100% safe and promote.

please select my extra service and enjoy my high quality work.

quality of my service


1. 100% organic and safe promotion

2. on time delivery

3. some extra bonus

4. friendly customer support

5. professional service

6. 100% clients satisfaction

If you have any questions, please feel free to inbox before placing your order

.

display – Is it safe to connect external screen to macbook via USB-C from the warranty perspective

Is it safe to connect external screen to MacBook via USB-C from the warranty perspective

Why wouldn’t it be safe?

The idea behind standardizing on USB is so that you can plug in 3rd party devices to expand and enhance the functionality of your computer. If plugging in devices voided your warranty, they wouldn’t put the port there and instead we’d still have (our cherished) MagSafe power connectors.

If it wasn’t safe to do something, the manufacturer wouldn’t market that function as a feature of the product.

Since power is supplied to MacBook there is a (small) risk to damage the laptop.

Technically speaking, anything you plug into your laptop has the potential of damaging it.

Since USB 1.0, power has always been supplied – 5V @ 500mA. It is only since the USB Power Delivery Specification was implemented that more power can be delivered; up to 100W or 20V @ 5A.

This is why you should always stick to known brands and avoid the cheap knockoffs1. It’s a timeless adage, you get what you pay for, but still holds true today. That said, it still doesn’t rule out the possibility of a manufacturer defect. While very rare, they do happen; your expensive Dell or LG could potentially damage your MacBook.

Technically we’re plugging in a non-standard power adapter, can it void the warranty?

If you are plugging in a display that provides power and conforms to the USB PD specification, especially if it’s USB-IF certified it’s not “non-standard.” That device is designed to connect, interface with, negotiate, and accept power. You plugging in this device, does not void your warranty.

Warranties

Do screen manufacturers such as DELL or LG have any agreement with Apple?

Speaking as someone who worked in product management for a hardware manufacturer (in a past life), there are no agreements between companies the spell out any sort of liability assignment or otherwise with respect to each other’s hardware. From a practicality standpoint, this would be absurd – think about how many display vendors there are. That alone would be next to impossible to manage. Now, expand that to all the different USB devices and accessories. There’s no way to manage warranty reciprocity agreements to that scale thus making it totally unfeasible.

From the perspective of the manufacturer, the warranty generally covers the products fitness or in other words, it’s ability to do what it says it will do. If you read the fine print, there will always be a clause exempting coverage for misuse/abuse.

This Warranty does not apply to any non-Apple branded hardware products or any software, even if packaged or sold with Apple hardware. Manufacturers, suppliers, or publishers, other than Apple, may provide their own warranties to you – please contact them for further information 2.

What Voids Your Warranty

In short, misuse, abuse, and anything that’s covered in the warranty language. It comes down to what you can prove.

Software distributed by Apple with or without the Apple brand (including, but not limited to system software) is not covered by this Warranty. Please refer to the licensing agreement accompanying the software for details of your rights with respect to its use. Apple does not warrant that the operation of the Apple Product will be uninterrupted or error-free. Apple is not responsible for damage arising from failure to follow instructions relating to the Apple Product’s use.


1Cheap USB-C Cables Could Kill Your Phone or Laptop; Gizmodo, Feb. 2016.

2Apple One Year Limited Warranty- US ; https://www.apple.com/legal/warranty/products/embedded-mac-warranty-us.html