Peter, can BIP32 be changed to a status of Final on the wiki now?
|
|
|
I'm confused as to why the PIN code is entered into the wallet application, rather than the device itself - surely that increases the risk of a successful physical theft. Assuming the PIN code is not changed on a regular basis, using the device on an infected workstation would essentially render the PIN code useless if attacked through a combination of both digital and physical means. On the other hand, if the code was to be entered on the Trezor itself, such a scenario is not possible unless the PIN code is provided by the owner under duress.
I believe the PINs are one time use only. The reason it's not entered on the Trezor is that it only has two buttons. edit... Whoops, I was confusing the PIN with the OTP. Still... 2 buttons = annoying to type a decimal PIN.
|
|
|
is it only possible with the software from BFL to mine on eclipse MC or on other pools too? You can mine on any pool that bfgminer or cgminer support.
|
|
|
Maybe because the Trezor protocol requires the computer to be able to build transactions and thus know the contents of your wallet, including your root public key and so your balance + past/future transactions ?
Come on stick. You know as well as I do that Trezor does not mean "you don't have to trust the computer". It means "the computer cannot steal your money". That is NOT the same thing. The computer still gets to have a lot of private, sensitive financial data that I wouldn't want random coffee shop baristas to have.
I hadn't considered this aspect of using the Trezor in such a way. I agree that it makes this use case pretty unlikely to occur. Though people happily hand their credit cards over to total strangers, giving them all the information they would need to empty their checking accounts... In order to get the full benefits of the (normal) payment protocol, does the Trezor itself need to understand it, or can the host computer (even possibly infected) do so an reliably pass the payment information to the Trezor? I'm thinking it wouldn't be useful to the Trezor since it can't independently grab and verify the X509 certificate. Is that correct?
|
|
|
Ok well I've already bought one. I don't intend using it like that and I'm sure it's safe. I just don't think it's good to get comfortable sharing usb devices. As said earlier, you can quickly infect your computer or the merchant with a fake device. Even if this device is bullet proof which I don't think anything can be when you have physically possession, I can quickly infect a merchant using a fake usb device and a 0 day. It will be hacked http://www.securitydirectornews.com/commercial-and-enterprise/researchers-hack-popular-smartcard-used-access-controlhttp://m.slashdot.org/story/131116Tpm had been too and that's identical to this. But they need physical access and you're giving it to them. Without physical access, you're safe. Buy one! I did! Just use it responsibly! The network is a condom, be safe. There's no reason to be transferring keys. If we could rely upon our personal computers not having malicious software, then the Trezor would be pointless. If the Trezor cannot protect against malicious software running on your (or a merchant's computer), then it is also pointless. If a merchant could target the Trezor, then so could malicious software running on your own computer. I'll give you that a merchant probably won't let people plug random USB devices into their computer system. So, nobody will probably have the opportunity to use the Trezor in this way, but if it is unsafe for the user to do so, then it is unsafe to plug it in to your (potentially infected) personal computer.
|
|
|
It's a far fetch but it could be exploited to give up the private keys, exactly whats in its limited memory.
Either the device is secure or it isn't. If it isn't, then it's pointless. If it is, then it is safe to use on your own (presumably infected) computer or a merchant's.
|
|
|
I received order 3421 (1 Jalapeno) from BFL on Friday, June 7th.
|
|
|
The reason I set the Buy Now price so high is that Ebay was misreporting an auction for a Jalapeno @ $4500 as sold, when it was in fact not. So... yeah. We'll see how the auction goes.
|
|
|
As far as I can see, Ripple is no worse than any other centralized exchange in that respect. Sure, but it's not, as the quote I was responding to said, a far better system for the transfer of money. The properties of gold and Bitcoin are very similar. In the past I believed the biggest differentiation was the "transportability". Now, with a blockchain of almost 3GB it looks like Bitcoin is getting as "heavy" as gold and becomes very difficult to transport. You are mixing some seriously incompatible metaphors here. Moving bitcoin from person to person is still as easy as ever. If you want to run a full node, the block chain takes up 9 GB of hard disk space, which is nothing. I have games on my hard drive that take up as much space as the entire history of every bitcoin transaction ever. To put it in perspective, a 1 TB hard drive costs less than $100, which means the block chain takes up less than $1 of hard disk space.
|
|
|
For money transfers an open-source Ripple system would be far better. I'm not so sure. I'm not a Ripple hater, I think it's interesting... but I think it may be based far too much on trust. I'd have to constantly worry that for any debt I was owed, the issuer did not default. This would basically split the public function of "money" as a way to exchange and the private function to store value (hoarding). I'm not so sure that can even happen. What good is a store of value unless you can easily exchange it for other goods? I guess gold is sort of like that today, but I think in part because it is difficult to transfer except for face to face transactions.
|
|
|
I was going to install armory some time ago, but whenever I go back at the site, I see this warning message about 6 GB of RAM and it stops me from downloading and finally starting using this software. If I have 4 GB RAM, it won't even start, eh? Should I try installing now or just sit back and whait until this will be fixed? Thanks for answers.
I used to have 4 GB of RAM and Armory took forever to load. The reason for this is that it would start using swap space which is much slower than main memory. So yeah, I would hold off for now. Etotheipi should have an update soon that will trade the need for memory for disk space.
|
|
|
why is the public key of my bitcoin address on blockchain.info 130 character while the scriptPubKey on bitcoind is 50 characters?
The name scriptPubKey (despite its name) is only a hash of the public key with some op codes. The scriptSig (on the input) is what contains the full public key. The standard transaction is like OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG and the scriptSig is like ( source).
|
|
|
Sorry if this is a stupid question but why do you need kickstarter? If it's up front money you need to begin mass production couldn't you just ask for donations with BTC and whoever donates gets their BTC back plus a bit extra back within a time frame?
No, because they can't use bitcoin to pay for production and don't want to be exposed to risk caused by price fluctuations.
|
|
|
Peter and Timo, it was great getting to meet both of you at the conference! Now Peter, where are those test vectors!?
|
|
|
I just updated Armory: cd /opt/BitcoinArmory/ git checkout testing git pull origin testing make clean make ..and am now on 0.88.2. After scanning it says "Armory is online!", shows the balances of the wallets, shows no tx, and says "connected (0 blocks)". On another note, I played with message signing a bit, before I updated. It seems like I can't sign with keys in encrypted wallets (not asked for password, nothing happens). When trying with an offline wallet, Armory closes completely. Again, this was not the most recent version. Now, with 0.88.2 and "0 blocks", signing doesn't work. Which is no surprise, I'll check again when I have it online and connected ;-) Thank you for hints. Tomorrow I'll try to dig a bit deeper, sorry for no log yet. Ente Have you made any commits to you local repository?
|
|
|
I should start a bounty to have someone with real Makefile experience rework that Makefile. I know it sucks. It works on Ubuntu 12.10-, and requires only small deviations for other OS, but I don't know how to do it "right". Instead of a bounty, how about the model Gavin (or was it Jeff) mentioned during one of the panels... find someone who can do it and contract directly with them. If you give a price that it's worth for you, I'm sure someone around here knows a makefile expert who would be interested. Maybe you could offer a tiny bounty for the first person to get you in contact with a makefile developer who contracts with you. At least that's a simple and well defined requirement. Or maybe I'm over thinking this and a bounty would work fine for this purpose.
|
|
|
Android No Meego love? (Nokia N9 here). What sort of user base does Meego have? It probably wouldn't make sense for etotheipi to spend a lot of resources on developing a client for a platform very few (relatively) people use. Given that Armory is open source though, you could develop one or pay to have one developed yourself. Is it possible for Amory to just watch an address? The reason I ask is I use a few paper backups, and send coins on occasion to them, so it would be nice to see the total balance/transactions of them. This is not possible with Armory currently. In the past he has expressed opposition to this idea based on the threat model that someone could insert a watching only public key into your wallet and you would have no way of telling it was not yours. Then, someone sends funds to it, making it look like you've been paid, but you have no way to spend those funds.
|
|
|
Question: what banks do people use for personal accounts that offer same-day wire transfers, preferably initiated online?
My credit union SUCKS when it comes to this (and anything online-banking related), so I'm strongly considering switching.
|
|
|
|