generating new addresses is currently not feasible due to "the backup" problem. also we need some more server infrastructure to handle this correctly. we have a plan how to solve this but its complex to execute. but it will be fun to work on it
|
|
|
BitcoinSpinner / Mycelium Wallet
An update has been prepared for Mycelium Wallet and is being pushed out via the Play Store. If you use BitcoinSpinner you are encouraged to upgrade to Mycelium Wallet, which is maintained by the same people.
I just removed Spinner and installed Mycelium. It reports version 0.7.0 beta, is this one safe regarding this problem? yes it is. it also features a migration wizard if you generated a key inside Mycelium prior to 0.6.5.
|
|
|
0.7 is live and kicking. apart from minor spelling issues, please report any inconsistencies.
|
|
|
So even if you generated your key in a secure way, as soon as you generated one transaction with one of the affected clients *bam!* anyone could steal all your funds.
I don't think this was the case with old, versions with weak SecureRandom, since Mycelium Wallet re-seeded the weak SecureRandom for each transaction. But hopefully we will never know I suspect (don't know) that the issue of duplicate R values had not occurred with our software. Nevertheless the theoretical weakness of the private keys themselves warrant a key change. btw, play store has updated the latest apk now. feel free to update. To upgrade to more secure keys move your old keys to archive, create a new one and move funds over.
|
|
|
If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com if you download it from mycelium.com, you can check the sha1sum dba000cad4cbf94a7b4c621f57482322c0a96678 mbw-v0.6.5.apk
There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses. - generate a new key
- backup this key (to sdcard or similar)
- manually send funds to the new secure address.
- move your empty old key to the Archive category
Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
|
|
|
If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com if you download it from mycelium.com, you can check the sha1sum dba000cad4cbf94a7b4c621f57482322c0a96678 mbw-v0.6.5.apk
There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses. - generate a new key
- backup this key (to sdcard or similar)
- manually send funds to the new secure address.
- move your empty old key to the Archive category
Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
|
|
|
If you are using Mycelium Wallet, a fix has been published to the play store (still pending review) and to mycelium.com if you download it from mycelium.com, you can check the sha1sum dba000cad4cbf94a7b4c621f57482322c0a96678 mbw-v0.6.5.apk
There will be a wizard guiding you through the process in an upcoming version, but for now, you can simply download version 0.6.5 (or greater) and move the keys to newly generated addresses. - generate a new key
- backup this key (to sdcard or similar)
- manually send funds to the new secure address.
- move your empty old key to the Archive category
Please take care. The most likely chance of lost bitcoins is the loss of private keys. Don't use our wallet without a backup of the keys.
|
|
|
please don't make any announcements that translate to "in about two weeks" - we already know how this ends.
|
|
|
impressive tech demo.
what should be the standard way to store+discover different colored coins? a central website? DHT? blockchain abuse? rss feeds? is it necessary to sign newly issued colors somehow?
|
|
|
it would be interesting to see a total market cap over time, with now dead currencies included. it would also be nice if you could toggle individual currencies in that sum.
and what about XRP? any plans to include it?
|
|
|
same here. password is fine but google auth failed a few days ago.
|
|
|
i thought about this: what about using a generative grammar to encode the information. that way you could take a hash of decent size and encode it into a grammatically correct sentence. the syntax tree encodes part of the information as well as the verbs, nouns, etc.. this helps with information density but it also helps to memorize it because it is grammatically correct. you just have to be careful that the generated sentence is always parsed back correctly.
if this works, you could have a working brain wallet with enough entropy.
|
|
|
currently in the beta channel but will be available soon:
v0.6.3 Cold Wallet spending wizard Consolidated key view support for BGN currency optional autopay threshold change now goes to one of the originating addresses improved exception reporting don't act as a barcode reader eligius-style mining transactions one-step removal of private keys
|
|
|
niko, this is an interesting observation, thanks.
Mycelium Wallet uses almost the same codebase as Barcode Scanner, but as an internal code - for security reasons.
We do hide all scanner preferences, i will take a closer look what it assumes about the autofocus. my first test on my device indicates that autofocus is fully enabled. if it helps, i could bring autofocus to our settings.
|
|
|
Wieder mal gibt es eine neue Folge des Bitcoinupdates. Andreas+Andreas unterhalten sich ca 38 Minuten darüber was sich in der Welt von Bitcoin getan hat - und streuen dabei eine gute Portion persönliche Meinung ein. http://bitcoinupdate.com/index.php?id=27Wie immer freuen wir uns über eure Mails an feedback -a- bitcoinupdate.com. Danke an Levin Keller für das wertvolle Feedback. Wenn ihr automatisch über neue Folgen Bescheid bekommen wollt abonniert unseren RSS feed. - Link auf der Homepage http://bitcoinupdate.comDie Themen diesmal: - SEC verklagt Pirateat40 - Troubles mit Mtgox - Troubles mit Bitinstant - Paypal verbietet Bitcoin Hardware - Block erupter billiger - O'Reilly Buch über Bitcoin - Gavin schlägt 2-Faktor für Wallets vor - Interview mit Fidor Bank * mit erratum - Währungsbalance im Wandel - Inside bitcoins conference
|
|
|
someone should come up with a cryptocurrency inflation index, which combines market cap + block rewards of all known cryptocurriencies.
|
|
|
for the record, all my claims were paid in full.
|
|
|
"once a trusted third party has downloaded and verified the build it is released to the general public" <- making this part of your release process doesn't keep you from changing the release process and sneaking in malicious code anyhow, does it?
if that was the release policy any attempt to circumvent this could be detected, since you can not release a different APK on google play with the same android:versionCode. A release that was checked in the beta channel can not be released in a modified way in the regular channel with the same android:versionCode. the play store policy forbids that.
|
|
|
your issue is the same with any wallet software of course. bitcoin-qt multibit, bitcoiJ based wallet for android, and even more blockchain.info.
it would make sense to have an independent service out there that downloads the apk from play store and verifies they correnspond to the source. unfortunately i don't know any such service.
what we can look into is signing of apks from multiple people. i will look into how android handles those.
|
|
|
|