The Lightning Network is a Layer 2 solution that allows you to create micropayment channels with other Bitcoiners. It allows instant and trustless peer-to-peer transacting while limiting the amount of data needed on-chain. You can read more about how it works in our post here.

Any two individuals on the Lightning Network can transact without needing a direct payment channel open with one-another. …

Attackers have well-defined tactics for targeting your online accounts. Following these simple steps will improve your security posture.

#1: Disable SMS Account Recovery

Your email provider likely allows you to set a Recovery Phone Number. That is, if you click Forgot Password? on the sign-in page, your email provider will text the phone number associated with your account a one-time code that, when entered, allows you to reset the password and log in to that account.

If you don’t know if you have this enabled, there’s a good chance you do, and having it enabled is a bad idea. Attackers can get control of your phone number via phone porting, where they call your phone carrier, pretend to be you, and ask them to start sending all calls and SMS texts to a phone they own. …

The Lightning Network is a Layer 2 solution that allows you to create micropayment channels with other Bitcoiners. It allows instant and trustless peer-to-peer transacting while limiting the amount of data needed on-chain.

In this post, I break down exactly how it works, as well as a newly proposed update protocol within it called eltoo (named after L2).

Unidirectional Channels

Unidirectional payment channels are the simplest to implement in the Lightning Network because money only flows in one direction. The most common use case is streaming money; for example, a micropayment for each minute of a video you watch.

Say you want to start such a channel with Netflix. First, you create a funding transaction, which is you locking up a certain amount of your money that you are willing to pay to Netflix (but have not yet paid them). …

These are the 7 ways I can attack you if you use any form of two-factor authentication other than Universal Two-Factor (U2F).

If you use SMS instead of U2F…

SMS 2FA is arguably the weakest kind possible. Instead of the second-factor being tied to your physical device, it’s tied to your phone number.

Attack #1: Retrieving codes by attacking voicemail systems

Many services like Gmail and LinkedIn allow SMS-based account recovery. If you forget your password, you can receive a text to your phone with a code that allows you to log in.

Some services let you receive that code via phone call as well. …

Trezor’s firmware is open-source. Its crypto library is used widely by companies like TrustWallet for generating wallets in Bitcoin and Ethereum. Let’s examine how the Trezor crypto library generates mnemonic seed phrases for Bitcoin and Ethereum.

If you’re not already aware, mnemonic seed phrases pull from a well-defined wordlist containing 2048 words. Secure mnemonic phrase generation is a function of how you index into that wordlist to select words from it. Since there are 2048 words, you need 11 bits to reach every possible word.

The first function the Trezor firmware calls to generate a mnemonic seed phrase is mnemonic_generate(), which accepts a strength (the amount of entropy to encode, where 256 bits produces a phrase of 24 words). This function ultimately returns the character array which is your mnemonic seed phrase. …

Unlike other cryptocurrencies, Grin does not use addresses. To send or receive Grin, the sender and recipient must send information back-and-forth between one-another.

One way to do this is through a file. This file can be shared over a period of seconds, days, years, or anything else.

Let’s examine the contents of this Grin transaction file as it gets passed around.

Before reading this post, I recommend reading “Grin Transactions Explained, Step-by-Step” to understand some of these fields.

Exploring Grin Transaction Files

Say you want to send 10.25 Grin to Bob, and you two want to exchange the necessary information for this transaction through a file. …

Grin is an exciting new cryptocurrency leveraging the MimbleWimble protocol. But tutorials on Grin are notoriously nondescript.

This post aims to share exactly how Grin transactions work.

An output in Grin is a Pedersen Commitment. Any output will take the following form:

A Pedersen Commitment is a clever way to hide information. If this is your first time hearing about commitments, think “shielded value” any time you see that word.

The following, taken from the Grin wiki, is an excellent primer as to what’s happening here:

If we pick a very large number k as a private key, k*H is considered the corresponding public key. Even if one knows the value of the public key k*H, deducing k is close to impossible... …

TL;DR:

Do you notice anything about these two ideas?

1. Creating a government that can never become too powerful.
2. Creating a currency that can never be corrupted or seized.

They’re identical. And the word motivating both?

Tyranny.

Context

The Founding Fathers declared independence against the British because of what they deemed tyranny.

When they won, they wrote a Constitution to create a form of government that could never be too centrally powerful.

The U.S. Government is Bitcoin is practice. Let’s look at how.

Yes, It’s Trustless

Because the U.S. Constitution is not technically enforced like Bitcoin, the government “promising” to behave a certain way (like separating powers) is simply not enough. …