In this special “splinter” episode of the “Smashing Security” podcast we take a look at Bitcoin and Blockchain. What’s all the fuss about cryptocurrencies? How can you protect your Bitcoin wallet? And how does the Blockchain work?
Lots of questions, and Graham offers to sell his family.
Listen to the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Peter Ullrich of the “Explain Blockchain” podcast.
Show notes:
Please check out the show notes for this episode of the podcast on the Smashing Security webpage.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Sorry, would you consider yourself a privacy wonk?
Are you asking me or Peter?
Well, you, Graham, because you just mentioned—
I think in some ways I am. Yes, absolutely.
You just said it disparagingly and I was thinking, well, you're in that group, I think.
Oh no, there's nothing— don't be ashamed if you're wonking.
Nothing to hide, right?
No, nothing to hide. Exactly.
Everything to hide. Yeah.
Smashing Security, Episode 59: An Intro to Bitcoin Phishing and Blockchain with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 59. My name is Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 59. My name is Graham Cluley.
I'm Carole Theriault.
Hi, Carole. And well, hey, new year.
Happy New Year to you, Mr. Graham.
Thank you very much. And what better way to celebrate 2018 but then with another episode of Smashing Security, a special episode.
And we are joined by a special guest, an expert this week, actually. We brought with us— everybody say hello to Peter Ullrich. Have I said that correctly?
And we are joined by a special guest, an expert this week, actually. We brought with us— everybody say hello to Peter Ullrich. Have I said that correctly?
Yes, you did. Well, kind of a little bit. Hello.
Hello.
Now, Peter, Peter is an expert in all things blockchain and bitcoin related. Is that fair? Is that a fair way to introduce you?
Expert is a very— I don't know, a term that is used too much by people who I don't actually know that much, but I wouldn't call myself an expert.
But I'm a computer science student and I follow this topic already for a while. And I think I have some things to talk about.
But I'm a computer science student and I follow this topic already for a while. And I think I have some things to talk about.
I trust him more now already because he says he's not an expert, don't you? It's perfect rhetoric.
And more than that, though, Peter, you're the host of a podcast called Explain Blockchain.
You've got a few episodes out already, and I imagine some more are on the way where you are trying to explain blockchain and bitcoin in plain English, and that is the purpose of our podcast here on Smashing Security today.
There's been so much excitement, particularly around bitcoin, I think, during 2017.
You've got a few episodes out already, and I imagine some more are on the way where you are trying to explain blockchain and bitcoin in plain English, and that is the purpose of our podcast here on Smashing Security today.
There's been so much excitement, particularly around bitcoin, I think, during 2017.
Well, December, December 2017, it went crazy. Just last month, bitcoin went nuts.
It went bonkers, didn't it? I mean, the price, did it ever get past $20,000 per bitcoin? It was certainly close.
I was down $19,000.
It just scratched the $20,000 and then just dropped to, I think, $15,000 again.
Yeah.
Yeah. So it zoomed up so high and it has sort of gone back down a little.
But certainly compared to January 2017, anyone who invested in bitcoin way back then has made themselves quite a tidy packet, haven't they?
The price has absolutely soared over the course of the year. And so I think one of the things that I really want to know, Peter, is whether I should be— I should be, shouldn't I?
Whether I should be buying bitcoin right now, should I have invested in it back in January? Should I be kicking myself for not having done so, or is the bubble about to burst?
But certainly compared to January 2017, anyone who invested in bitcoin way back then has made themselves quite a tidy packet, haven't they?
The price has absolutely soared over the course of the year. And so I think one of the things that I really want to know, Peter, is whether I should be— I should be, shouldn't I?
Whether I should be buying bitcoin right now, should I have invested in it back in January? Should I be kicking myself for not having done so, or is the bubble about to burst?
Yeah, no pressure, Peter, no pressure.
Yeah, no pressure.
Absolutely, you should just take all your savings, your retirement, your college funds, put everything into bitcoin, and then either be a millionaire next year or, you know, live on the street.
Jump in blind, I say, Graham.
That's the smart way to do it.
Exactly right, yeah. Okay, so sell the house, remortgage the house, and put all of my money into bitcoin. Sell my children.
Yes.
And just, you know, clothes off my back. Why not? Let's just do it.
Maybe not. Maybe not. Maybe we should hold off and actually ask him a few questions first, and then you can make the decision whether you want to do this.
All right.
All right.
Okay. Let's go back to basics before we kick off and find out that particular answer.
I guess we have to ask the really fundamental questions because this is something which was happening to me over the Christmas break.
I was with members of the family and meeting other people. Parties and so forth, and everyone wanted to talk to me about bitcoin.
I guess we have to ask the really fundamental questions because this is something which was happening to me over the Christmas break.
I was with members of the family and meeting other people. Parties and so forth, and everyone wanted to talk to me about bitcoin.
Seriously?
Yes.
Well, it sounds fun at your place. No, for real. It's like, let's talk about the weather. Let's talk about bitcoin. It's taking over small talk everywhere.
Well, bitcoin is the new weather, I think. Everyone wants to know what is it?
Yeah.
What's all the fuss about? And can I make myself a millionaire? So let's start off with the first of those questions. What is bitcoin and why is there so much fuss about it?
Yeah, so bitcoin is actually a digital currency that is a direct peer-to-peer payment system.
So before that, you always had, if you want to send, let's say, Graham, you want to send some money to Carole.
So before that, you always had, if you want to send, let's say, Graham, you want to send some money to Carole.
Yes, you do.
Unlikely.
Then, you know, from your bank account, it goes to your bank and the bank sends it to Carole's bank and they deposit it to the account.
So there are a lot of middlemen in between, a lot of institutions. But with bitcoin, all these middlemen are taken out.
It's a very direct connection, a direct payment system, kind of an email.
So there are a lot of middlemen in between, a lot of institutions. But with bitcoin, all these middlemen are taken out.
It's a very direct connection, a direct payment system, kind of an email.
Yeah. So it's quite efficient as a system then, I guess.
It is.
It is.
Yeah, it is. It is because it's a digital currency. There are no physical representations. It's only ones and zeros.
Yeah.
So you can send it around the world within minutes and the fees of it, it's a tiny fraction of what you would normally pay, especially for international transactions, because you don't have all these fat cats in the middle taking their cut.
Absolutely.
Absolutely.
Yeah.
Picking, taking the money out of your pocket and into theirs.
So that makes it sexy to lots of people, I bet. Right. Because you, A, you have no middlemen to pay off. So it's cheaper, it's fast, and it's efficient.
And there's no kind of— I guess because it's decentralized, it's kind of resistant to censorship.
And there's no kind of— I guess because it's decentralized, it's kind of resistant to censorship.
It is. Yes, it is a very borderless system. So no central entity or no central country owns this currency and can regulate it. What you can regulate is the access to it.
And this is happening more and more over the years. So because you have to buy bitcoin somewhere. You have to exchange your fiat money, your normal currency for bitcoin.
And these access points are regulated more and more. But everything in between, the direct connections, the actual payments cannot be regulated.
There are a lot of people living abroad and working hard and then sending back the money to their families to support them.
And they really rely on these centralized systems that are not that efficient and that are highly regulated. And all these regulations make it very slow, this whole system.
And this is happening more and more over the years. So because you have to buy bitcoin somewhere. You have to exchange your fiat money, your normal currency for bitcoin.
And these access points are regulated more and more. But everything in between, the direct connections, the actual payments cannot be regulated.
There are a lot of people living abroad and working hard and then sending back the money to their families to support them.
And they really rely on these centralized systems that are not that efficient and that are highly regulated. And all these regulations make it very slow, this whole system.
Yeah.
And with bitcoin, you can just send it within a minute for a fraction of the fee you would normally pay.
So I can see why using Bitcoin would be attractive to people who are sending money overseas and the sort of scenarios you described, maybe where you're sending it back to your family if you're having to work overseas to make some cash.
I can see how it's attractive to people who maybe want to keep under the radar, shall we say, and maybe they're privacy wonks and so forth who just don't like the idea of other people knowing what they're buying.
I can see how it's attractive to people who maybe want to keep under the radar, shall we say, and maybe they're privacy wonks and so forth who just don't like the idea of other people knowing what they're buying.
Sorry, would you consider yourself a privacy wonk?
Are you asking me or Peter?
Well, you, Graham, because you just said it disparagingly and I was thinking, well, you're in that group, I think.
Oh no, there's nothing. Don't be ashamed if you're wonking.
There's nothing to hide, right?
No, nothing to hide. Exactly.
Everything to hide.
Yeah.
The other group of people who maybe might be interested in Bitcoin as well are those naughty people, people maybe who want to do some criminal things or maybe want to get hold of something which maybe you shouldn't put on your credit card.
Just how much is that for? I mean, is that mostly what Bitcoin's about buying?
The other group of people who maybe might be interested in Bitcoin as well are those naughty people, people maybe who want to do some criminal things or maybe want to get hold of something which maybe you shouldn't put on your credit card.
Just how much is that for? I mean, is that mostly what Bitcoin's about buying?
Actually, this connection was made a couple of years ago when Bitcoin was used a lot on a black market called the Silk Road, where people bought mostly drugs and other things, naughty things for Bitcoin because of the privacy it offers.
Ever since then, Bitcoin is used much more in everyday life.
When the transaction fees were quite low a couple of years ago, a lot of stores, a lot of supermarkets, a lot of cafes were actually using Bitcoin because they can offer their products for a cheaper price because they don't have to pay all these fees to the credit card companies and so on.
And actually, one big retailer like Amazon, for example, is rumored to use maybe not Bitcoin but their own currency, their digital currency, to speed up their payment processes and also I mean, Amazon sells a lot over here and they always pay these high fees to credit cards particularly.
And if they can lower the cost a lot by using something like Bitcoin or even Bitcoin itself, they will definitely use it.
So at the moment it is not used that much in a very visible way so that you really know what you can buy with it. But in the next years it will definitely come. Maybe 2018. Yes.
Ever since then, Bitcoin is used much more in everyday life.
When the transaction fees were quite low a couple of years ago, a lot of stores, a lot of supermarkets, a lot of cafes were actually using Bitcoin because they can offer their products for a cheaper price because they don't have to pay all these fees to the credit card companies and so on.
And actually, one big retailer like Amazon, for example, is rumored to use maybe not Bitcoin but their own currency, their digital currency, to speed up their payment processes and also I mean, Amazon sells a lot over here and they always pay these high fees to credit cards particularly.
And if they can lower the cost a lot by using something like Bitcoin or even Bitcoin itself, they will definitely use it.
So at the moment it is not used that much in a very visible way so that you really know what you can buy with it. But in the next years it will definitely come. Maybe 2018. Yes.
Well, maybe because that will be round about 10 years since Bitcoin really started, won't it?
2008, yeah.
By the way, interesting that Silk Road was run by someone called Ross Ulbricht, and your name, Peter, is Peter Ullrich. It's not very different, is it, Peter? I notice.
I don't think you should accuse our guests of that, Graham.
Of making hundreds of millions out of criminal—
Bad thing.
Oh okay, that's a bad thing to do. So you've mentioned the blockchain, and this is the underlying technology really behind Bitcoin and all cryptocurrency.
Yeah, other cryptocurrencies as well.
So maybe you can explain to us what blockchain is and why people are getting so excited about it and what potentially it might mean for other areas of security, how it may have an impact.
Yeah, other cryptocurrencies as well.
So maybe you can explain to us what blockchain is and why people are getting so excited about it and what potentially it might mean for other areas of security, how it may have an impact.
Absolutely. So blockchain is not unlike any database, you know, but it is a decentralized database and a distributed database.
So instead of having one copy of, for example, the balances of accounts in one system, so at your bank, mostly every node, every computer that is connected to the Bitcoin network holds a full copy of every transaction of every balance.
So instead of having one copy of, for example, the balances of accounts in one system, so at your bank, mostly every node, every computer that is connected to the Bitcoin network holds a full copy of every transaction of every balance.
Now that in itself sounds kind of terrifying, doesn't it?
The idea that all of that information is freely available for anyone to look at, but it's protected and it's not something which is easy, for instance, to alter and to meddle with that ledger.
The idea that all of that information is freely available for anyone to look at, but it's protected and it's not something which is easy, for instance, to alter and to meddle with that ledger.
Exactly. So first of all, the privacy factor actually have a lot of privacy because everything is hidden between account addresses and these addresses are just random numbers.
So it's not that you have an IBAN number or any traditional bank number where you are easily identifiable, but actually it's just a random number.
So one random number sends bitcoins to another random number.
All these use cases where you want to have something that cannot be— that is fixed and cannot ever be changed again, then you could use a blockchain for it.
So it's not that you have an IBAN number or any traditional bank number where you are easily identifiable, but actually it's just a random number.
So one random number sends bitcoins to another random number.
All these use cases where you want to have something that cannot be— that is fixed and cannot ever be changed again, then you could use a blockchain for it.
I'd like to talk a bit about the idea of the mining. Lots of machines are involved in this, aren't they?
Yeah, so mining is fascinating, isn't it? Because that's one of the things which really sort of drives the blockchain.
My understanding is that the miners, and you'll correct me, Peter, if I've got this wrong, that the miners are actually doing some of the calculations to confirm that the transactions which are being added to the blockchain are legitimate.
And so they're doing some complex calculation in terms of looking at the encryption and so forth. And this is part of the thing which really makes sure that it's immutable.
But there is also this challenge, which is at some point the number of bitcoins is limited, isn't it?
My understanding is that the miners, and you'll correct me, Peter, if I've got this wrong, that the miners are actually doing some of the calculations to confirm that the transactions which are being added to the blockchain are legitimate.
And so they're doing some complex calculation in terms of looking at the encryption and so forth. And this is part of the thing which really makes sure that it's immutable.
But there is also this challenge, which is at some point the number of bitcoins is limited, isn't it?
Yeah. So the bitcoin mining protocol, you said they solve complex problems to validate the transactions and such. It is not quite correct.
I mean, the validation of transactions are made on every single node in the network. It's different from the proof-of-work consensus protocol.
And the proof-of-work consensus protocol is basically hashing the block header over and over again until you get a number out of this hashing algorithm that is lower than the global target.
So it's not, it's you have, you know, I totally understand this. Always that people say you have complex mathematical problems to solve, which is really not the case.
You just really hash information, change something, hash it again. It's just brute force.
I mean, the validation of transactions are made on every single node in the network. It's different from the proof-of-work consensus protocol.
And the proof-of-work consensus protocol is basically hashing the block header over and over again until you get a number out of this hashing algorithm that is lower than the global target.
So it's not, it's you have, you know, I totally understand this. Always that people say you have complex mathematical problems to solve, which is really not the case.
You just really hash information, change something, hash it again. It's just brute force.
Yes, yes, yes. So you keep on going until you get a number which is within the range which it needs to be.
Yeah. So then the more hashes you can create within the 10 minutes that it should take to create this hash, the more reward you will also get eventually.
Which is why people are piling on the computing power to be first.
Absolutely. And they also created specified hardware for this, which are called ASICs.
And this hardware really only does create hashes all the time over billions in a minute and so on until you really get this hash number that is lower than the global target.
And then every two weeks, every around every two weeks, this global target is adapted, is changed by the consensus protocol, automatically, so that it should also take in the next two weeks, always around 10 minutes on average, until one of the miners in the whole network finds the hash that matches the criteria.
And this hardware really only does create hashes all the time over billions in a minute and so on until you really get this hash number that is lower than the global target.
And then every two weeks, every around every two weeks, this global target is adapted, is changed by the consensus protocol, automatically, so that it should also take in the next two weeks, always around 10 minutes on average, until one of the miners in the whole network finds the hash that matches the criteria.
Yeah, but just the model— I mean, whilst I can see there's many efficiencies we've talked about, it's the security aspect of it and the speed of it, it's incredibly wasteful environmentally and electrically.
You know, you've got all these machines all miners are trying to solve the same problem at the same time, and there's one winner, and then it goes back to zero again.
Another big problem is put out to the miners, and they all try and solve it.
You know, you've got all these machines all miners are trying to solve the same problem at the same time, and there's one winner, and then it goes back to zero again.
Another big problem is put out to the miners, and they all try and solve it.
And, Carole, if you want to, you can set yourself up a little windmill. You can have a solar-powered miner if you want to. You can live somewhere on a river with a water wheel.
Don't worry about it. Oh, I see.
Don't worry about it. Oh, I see.
Just don't worry about myself. Okay.
No, no, I'm saying, I'm saying it doesn't have to be— it doesn't have to be, you know, fossil fuel-powered electricity which is being used for these things.
I'm just thinking that 1.3 billion people around the world don't have electricity, but so it's kind of annoying that a system has such a high demand for electrical power in order to function.
That's all I'm saying. That's all I'm saying.
That's all I'm saying. That's all I'm saying.
In the moment, unfortunately, a lot of mining farms are situated in southern Mongolia where the prices are really low for electricity, but it is located in China and they have problems with the regulators, or it's uncertain what the regulators might do with these mining farms in the future, which is why a lot of these farms plan on moving to countries more in the north that have colder environments like Canada or Russia or Sweden or Scandinavia in general, where there's—
Cut the fan costs.
Exactly. To cut the fan costs, where also there's a lot of cheap electricity.
For example, in Quebec, in Canada, you have hydroelectric power, which is also very cheap and it's renewable.
For example, in Quebec, in Canada, you have hydroelectric power, which is also very cheap and it's renewable.
Well, it does. It just dams a lot of important rivers and stuff and ruins natural habitats. But yes, true.
Carole, always sticking up for the beavers.
I know I'm on my soapbox, but I'm just saying it's not pain-free hydroelectricity.
No, absolutely not.
But also when the Bitcoin reward will be low enough, Bitcoin reward will decrease over time, then it's also not that feasible anymore to mine this much, to use this much energy.
So then it will also come down a little bit.
But also when the Bitcoin reward will be low enough, Bitcoin reward will decrease over time, then it's also not that feasible anymore to mine this much, to use this much energy.
So then it will also come down a little bit.
And that's why it takes so much energy, Graham.
Yes.
Boom. What Peter said.
So it's not just Bitcoin, is it? There are more cryptocurrencies out there. There's Ethereum, there's Litecoin, there's Dogecoin. There are hundreds of these things, aren't there?
And there seem to be all the time new coin offerings being made on the internet, sometimes backed by celebrities as well.
I mean, is there just going to be an unlimited number of these things popping up?
And there seem to be all the time new coin offerings being made on the internet, sometimes backed by celebrities as well.
I mean, is there just going to be an unlimited number of these things popping up?
Absolutely. It's like it's as easy as forking any GitHub repository to create your own digital currency.
And there's always this joke that somebody complains that there are like 14 versions of something, so they want to fix it and they make the 15th version to fix everything.
And that's kind of the same idea behind these other cryptocurrencies.
Every single one of them has a certain goal that they want to fulfill, whether it's lower transaction fees or whether it's to enable people to have these smart contracts as in Ethereum, for example.
But eventually, it's always the idea that it will— now it's an expansion and explosion of added digital currencies.
But over time, these currencies might not be— cannot sustain themselves. And also it's a free market.
So then also the losers will drop out and there will be new newcomers and so on. It's a free market.
And there's always this joke that somebody complains that there are like 14 versions of something, so they want to fix it and they make the 15th version to fix everything.
And that's kind of the same idea behind these other cryptocurrencies.
Every single one of them has a certain goal that they want to fulfill, whether it's lower transaction fees or whether it's to enable people to have these smart contracts as in Ethereum, for example.
But eventually, it's always the idea that it will— now it's an expansion and explosion of added digital currencies.
But over time, these currencies might not be— cannot sustain themselves. And also it's a free market.
So then also the losers will drop out and there will be new newcomers and so on. It's a free market.
So I think we're getting close to answering the question, which I really want answered. Let's quickly summarize what we've had so far. We've got cryptocurrencies.
Bitcoin is the one which we focused on today, a digital currency without middlemen, open source. Strong emphasis on anonymity, peer-to-peer.
It's not just being used for buying naughty things online, although clearly that is going on.
And as Carole said, you know, there are concerns as well about the impact there could be on the environment through using so much energy to participate in some of these things.
But generally, you know, this is an exciting thing and lots of people are getting interested in it.
Some of the banks are even beginning to take it more seriously as well, and they're certainly interested in blockchain technology and what that might bring to their business.
But maybe other banks are also feeling threatened by this decentralized currency too.
Bitcoin is the one which we focused on today, a digital currency without middlemen, open source. Strong emphasis on anonymity, peer-to-peer.
It's not just being used for buying naughty things online, although clearly that is going on.
And as Carole said, you know, there are concerns as well about the impact there could be on the environment through using so much energy to participate in some of these things.
But generally, you know, this is an exciting thing and lots of people are getting interested in it.
Some of the banks are even beginning to take it more seriously as well, and they're certainly interested in blockchain technology and what that might bring to their business.
But maybe other banks are also feeling threatened by this decentralized currency too.
Hey, I just read, you know, just last month, the UK and EU are basically saying, hey, digital currencies like Bitcoin are being used to evade tax, and they want to bring in legislation to bring cryptocurrencies in line with anti-money laundering and counter-terrorism financing legislation.
So basically, that means you need to identify yourself as a Bitcoin user, which kind of threatens the whole ecosystem of privacy.
So basically, that means you need to identify yourself as a Bitcoin user, which kind of threatens the whole ecosystem of privacy.
That's already the case.
So whenever you want to buy Bitcoin here in Europe or in America, then you have to— if you want to buy larger amounts of Bitcoin, more than I think $50, then you also have to send in your ID so that they can do a KYC, know your customer.
And more and more exchanges, I mean, they want to participate or they want to collaborate with the regulators, right?
So they openly now have audits from third parties, from third companies that audit their books and also look for money laundering and try to prevent that.
So whenever you want to buy Bitcoin here in Europe or in America, then you have to— if you want to buy larger amounts of Bitcoin, more than I think $50, then you also have to send in your ID so that they can do a KYC, know your customer.
And more and more exchanges, I mean, they want to participate or they want to collaborate with the regulators, right?
So they openly now have audits from third parties, from third companies that audit their books and also look for money laundering and try to prevent that.
When I opened an account to buy some Bitcoin, I had to upload a scan of Carole's passport to it in order to—
As long as it wasn't my driver's license picture.
That is the worst picture.
They stretched my face somehow.
Yeah, sure they did. So I'm guessing that our advice actually as to whether you should buy Bitcoin or not is tread carefully and only invest what you are prepared to lose.
This is ultimately a gamble. We're in uncharted waters here.
This is ultimately a gamble. We're in uncharted waters here.
Yeah, just because Graham's planning to throw his son's shirt into the mix doesn't mean anyone out there should follow suit.
Not just his shirt, his video games, his Lego. It's all going. Let me tell you, he doesn't need that.
Just give him a piece of paper with some ones and zeros on it.
Have fun. Have fun.
Don't lose it.
Don't turn into a paper airplane.
Don't invest your retirement plan like Graham did.
So if you do invest in Bitcoin, how can you best protect it? Because we know that some of the cryptocurrency exchanges in the past have been hacked. Mt.
Gox perhaps most famously, but we've seen other ones being hacked in the past or allegedly hacked, and people have lost their Bitcoin wallets.
What's your advice regarding how to protect your Bitcoin wallet?
Gox perhaps most famously, but we've seen other ones being hacked in the past or allegedly hacked, and people have lost their Bitcoin wallets.
What's your advice regarding how to protect your Bitcoin wallet?
First of all, don't leave your bitcoins on any exchange after you buy them.
Maybe leave a little part of it if you want to trade with it, then you can take 10-20% something and just leave it there.
But always try to take the bitcoins away from exchanges because they have your private keys, which are used if you want to make a transaction.
Then you need to have your private key. So if the exchange is hacked, your private key is gone and your bitcoin is also gone. It's just gone and you will never get it back.
So what you want to do is when you buy bitcoin, always use either a hardware wallet, which Graham Cluley and Carole Theriault talked about in a previous episode, which are little devices that just store your private key.
It's just a random number as well. It's just stored on a physical device. And if you keep this physical device secure, then you will not get hacked.
Maybe leave a little part of it if you want to trade with it, then you can take 10-20% something and just leave it there.
But always try to take the bitcoins away from exchanges because they have your private keys, which are used if you want to make a transaction.
Then you need to have your private key. So if the exchange is hacked, your private key is gone and your bitcoin is also gone. It's just gone and you will never get it back.
So what you want to do is when you buy bitcoin, always use either a hardware wallet, which Graham Cluley and Carole Theriault talked about in a previous episode, which are little devices that just store your private key.
It's just a random number as well. It's just stored on a physical device. And if you keep this physical device secure, then you will not get hacked.
Yeah.
Don't lose it.
Exactly. And really don't lose it. Don't put it— you can also use a paper wallet, which is really only your key printed out on a piece of paper.
But I had so many friends that lost their money because they lost this piece of paper. Yeah, it's crazy.
But otherwise, what is maybe the easiest way now and also the cheapest way is to use a mobile or a desktop wallet, which are, for example, my recommendation would be Jaxx, J-A-X-X, for iOS and Android, wherever.
That is an open source project, an open source software that you can just download for free. And it is a full wallet. So you can receive and send bitcoins with it.
You can also exchange bitcoins for other coins like Ether or Bitcoin Cash or Litecoin. And it's on your own physical device, on your own smartphone.
And as long as your smartphone is secure, then also your wallet is secure and your bitcoins are secure.
But I had so many friends that lost their money because they lost this piece of paper. Yeah, it's crazy.
But otherwise, what is maybe the easiest way now and also the cheapest way is to use a mobile or a desktop wallet, which are, for example, my recommendation would be Jaxx, J-A-X-X, for iOS and Android, wherever.
That is an open source project, an open source software that you can just download for free. And it is a full wallet. So you can receive and send bitcoins with it.
You can also exchange bitcoins for other coins like Ether or Bitcoin Cash or Litecoin. And it's on your own physical device, on your own smartphone.
And as long as your smartphone is secure, then also your wallet is secure and your bitcoins are secure.
Okay.
And it's—
Can I give you a scenario? Absolutely. So I'm in a cab with my phone. I leave the cab, but my phone stays in the cab. What happens then?
This is entirely hypothetical. This would never have actually really happened.
This has never happened.
Never happened to anybody. No.
Never.
I mean, first of all, they need to hack your phone. They need to get into your phone. And that's already quite hard with some phones nowadays.
And then second of all, they need to go into your wallet, your mobile wallet. And you can also protect it there with a PIN, which is not as good as two-factor authentication.
Yeah, it is a PIN at least. And they can't just send your bitcoin.
And then second of all, they need to go into your wallet, your mobile wallet. And you can also protect it there with a PIN, which is not as good as two-factor authentication.
Yeah, it is a PIN at least. And they can't just send your bitcoin.
Just one moment.
I'm not familiar with Jaxx, but my concern would not be so much someone stealing Carole Theriault's private key, but simply that she no longer has access to it if she loses her mobile phone.
Is there any way of regenerating that private key or something? Because I have one of these hardware wallets.
I've got a thing called Trezor which is plugged into my computer, which contains my hardware bitcoin wallet.
And what I can do is if I lose that device, I also have a passphrase or 20 random words or something which I've stored away securely.
So if I get another device, I can actually regenerate my private key.
So what I'm thinking is the scenario maybe with these mobile wallets, and I don't know how exactly they work, is if you lose the device, does that mean you've lost your private key?
If you physically never get hold of your mobile phone again?
I'm not familiar with Jaxx, but my concern would not be so much someone stealing Carole Theriault's private key, but simply that she no longer has access to it if she loses her mobile phone.
Is there any way of regenerating that private key or something? Because I have one of these hardware wallets.
I've got a thing called Trezor which is plugged into my computer, which contains my hardware bitcoin wallet.
And what I can do is if I lose that device, I also have a passphrase or 20 random words or something which I've stored away securely.
So if I get another device, I can actually regenerate my private key.
So what I'm thinking is the scenario maybe with these mobile wallets, and I don't know how exactly they work, is if you lose the device, does that mean you've lost your private key?
If you physically never get hold of your mobile phone again?
No, that's not the case. It's the same case with the hardware wallet as well.
Okay.
You can just have these words, these mnemonics, and you can just import them into, for example, also a hardware wallet.
So if you have a mnemonic from a mobile wallet and you want to then use a Trezor or Ledger Nano S or something, a hardware wallet, then you can also import it there.
So as long as you keep these 20 or 24 or 12 words, then you can always regenerate the keys and you have access to your wallet again.
So if you have a mnemonic from a mobile wallet and you want to then use a Trezor or Ledger Nano S or something, a hardware wallet, then you can also import it there.
So as long as you keep these 20 or 24 or 12 words, then you can always regenerate the keys and you have access to your wallet again.
Fantastic. Well, I've kept them securely because I make sure I never lose them. I've got them tattooed actually on my arm, and so as long as I always wear a lot— I'm joking.
In Klingon?
In Klingon, yeah. In Wingdings, actually. That's the ultimate encryption, isn't it? Okay, well, thank you so much, Peter. This has been really interesting.
Where can people learn more about blockchain? What would you recommend as a great source of resources? Because we should put some links in the show notes.
Where can people learn more about blockchain? What would you recommend as a great source of resources? Because we should put some links in the show notes.
Absolutely. So there's a book about Bitcoin which is called Mastering Bitcoin. It is written by a very great educator in the field, which is Andreas Antonopoulos.
He's very well known, and the book really takes you through all the technical details of Bitcoin and so on.
So if you're more interested in the technical details, I'd recommend Mastering Bitcoin. It's also freely available on GitHub, or you can buy the book and support the author.
Otherwise, there's a great list about Bitcoin resources created by a Bitcoin Core developer, and he also put it freely on his website, and we will also link to it in the show notes, I guess.
He's very well known, and the book really takes you through all the technical details of Bitcoin and so on.
So if you're more interested in the technical details, I'd recommend Mastering Bitcoin. It's also freely available on GitHub, or you can buy the book and support the author.
Otherwise, there's a great list about Bitcoin resources created by a Bitcoin Core developer, and he also put it freely on his website, and we will also link to it in the show notes, I guess.
Excellent.
And let's not forget as well that people should sign up and subscribe to your podcast, Explain Blockchain, on iTunes and all other great places where you can find podcasts as well.
So thank you so much, Peter, for joining us today. It's been tremendous as you've walked us through the issues of Bitcoin and blockchain.
I guess the only other thing which we might be interested in is the future of Bitcoin. What does that look like? Sorry, I hadn't thought of asking about that.
So thank you so much, Peter, for joining us today. It's been tremendous as you've walked us through the issues of Bitcoin and blockchain.
I guess the only other thing which we might be interested in is the future of Bitcoin. What does that look like? Sorry, I hadn't thought of asking about that.
It's going to be grand.
Yeah, it's the same answer we used to say when journalists would go, crystal ball, what's security going to look like in five years?
It's just going to grow. Yeah, I don't know. It's just grand.
All right. Well, thank you, everybody, for tuning in. If you know someone who might like the Smashing Security podcast, please tell them about it.
Go to smashingsecurity.com for past episodes.
Go to smashingsecurity.com for past episodes.
And if you don't, make some friends.
Even if people aren't your friends, tell them about it.
It's a new year, new resolution. Yeah, why not?
Yeah, 2018, make it your resolution. Listen to more podcasts, not just ours, Explain Blockchain, all the other good ones out there too. Until next time, cheerio. Bye bye.
Happy New Year.
Bye bye.
And just to reiterate, you're not related to Ross Ulbricht of the Silk Road.
I'm blocking my ears. I don't even want to know the answer.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Peter Ullrich – @PJUllrich
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
