 Show Posts
|
|
Pages: « 1 [2] 3 »
|
|
I'm experiencing the same problem in Win7 with 1.8, I haven't open the client for a few weeks but now it doesn't open with my "wallet.dat" file as argument, if I don't use my wallet.dat then the client opens normally asking to create a new wallet.
I couldn't figure out any trace of the error, the application simply appears and disappears in the win task manager.
Luckily I had a copy of the previous version and that one opens without any problem my existing wallet.
|
|
|
|
Great and very useful links, thanks for sharing  |
|
|
|
I'm confused as to why the PIN code is entered into the wallet application, rather than the device itself - surely that increases the risk of a successful physical theft. Assuming the PIN code is not changed on a regular basis, using the device on an infected workstation would essentially render the PIN code useless if attacked through a combination of both digital and physical means. On the other hand, if the code was to be entered on the Trezor itself, such a scenario is not possible unless the PIN code is provided by the owner under duress.
I recommend watching this speech from Bitcoin 2013 conference https://www.youtube.com/watch?v=3t18a-wXBnwThe guy explains the Trezor and shows how the PIN code works and why it's there. |
|
|
|
Whoa, weird. I never noticed that. There is actually two slashes prefixing each line in the HTML, but it very much looks like a single slash when the page is rendered by Chrome (at least). I'll play around with it. Though, the entire website will be overhauled, soon, anyway Solved! Thanks!!! The first problem was that I started using the single dash according to what I read on the website, then when I started using the double dash the problem is that in "--settings=R:\Armory\data\Armory" it wasn't clear if I had to point to the file or the folder so when I put the folder the application starts and closes immediately. |
|
|
|
Don't forget the -logfile argument. Not that it will help run armory. I'm not sure what the problem is, but I had all sorts of Armory problems until I ran bitcoin-qt first then opened armory (disable the appropriate setting in armory). Maybe loading them separate will help diagnose your issue.
I played also with this parameter but I couldn't make Armory write to a separate logfile neither, it's simply ignored like previous parameters  |
|
|
|
|
I have a doubt about the construction of the operation and confirming the information on the Trezor.
The images and videos I saw so far show that Trezor displays the address you send money to and the amount you send, but there are several things in that transaction that a malicious client (modified by an attacker) can modify and I need to review in the Trezor in order to accept the transaction.
My doubt is, how do I know when signing on the Trezor that the fee is not incredibly high or the change address is not mine (attacker redirecting the founds to another address)?
|
|
|
|
I'm having trouble with the launch parameters in 0.88.1-beta. I've changed the bitcoin-qt folder using the GUI and it worked. Now I want to change the wallet, logs and setting files location to an encrypted drive but I can't get it to work. This what I've tried so far R:\Armory>Armory.exe -datadir=R:\Armory\data\Armory -settings=R:\Armory\data\Armory -satoshi-datadir=R:\bitcoin\data (parameters are ignored)
R:\Armory>Armory.exe --datadir=R:\Armory\data\Armory --settings=R:\Armory\data\Armory --satoshi-datadir=R:\bitcoin\data (application does not start)
(the second option is what it looks to be using in the python code -armoryengine.py-, the first option is the one showed in the information of the official web https://bitcoinarmory.com/troubleshooting-armory/) Here is the execution log: http://pastebin.com/uF1aStRAI saw the code that loads the folder is python so I tried to modify it to debug what's happening but it doesn't get executed, I imagine that the python code needs to be compiled and maybe signed to run, not just edited and hacked by an stranger like me  Can someone give me a hint on what I'm doing wrong or where is the problem? Thanks in advance. |
|
|
|
|
+1 preorder of the plastic model.
I'm curious to know what happened to the Kickstarter campaign, does anybody know?
|
|
|
|
After the BFL debacle, I'm very wary of pre-ordering anything BTC-related, especially since this isn't slated for release until October / November.
Why pre-order? These things can't be difficult to make - once they have made one - they can make zillions. Pre-order queues are only their for the companies' benefit:
1) Cash in the bank to fund development (plus interest)
2) To judge customer demand
And of course if its a scam, its just a way of taking people's money, never to be seen again. Not saying these are, just a fair % of bitcoin services have been scams.
I'd love a hardware wallet, don't get me wrong. But I'll buy mine when they are available and have been reviewed by peers. Customers gain nothing from pre-ordering, you are just risking your own capital for no reward.
If they wanted to reward customers that pre-order, they would offer incentives such as a discount or "limited edition" for first 100 orders.
Preoder money in a hardware project makes sense to be used for the setup of the production line. Creating the first production line is a very expensive process and a factory has to be adapted to start producing the hardware only once the factory is ready it's very cheap, as you said, to produce zillions. Preordering in BTC has proven to be a bad choice for the consumer, I consider this kind of preordering more like a donation... |
|
|
|
Well he already said Armory is ready and Electrum is coming. Such babies
WTF are you saying? Asking for basic information on how to use a product one is looking to buy (to determine, for one thing, if it is even something one 'can' make use of it) is an unreasonable request? I've already read through all the thread to find out the information I was looking for but I still made the request on purpose to make life easier for the next person searching for the same information, specially in the product page where it's much more difficult to find this thread. |
|
|
|
|
Congratulations for finishing the product and launching the pre-order.
I'm interested in the client support but there is no information in the FAQ on the webpage about which computer software supports the hardware wallet and how to use it. Can you guys add this information in the product page?
|
|
|
|
3rd July is now my calendar, looking forward to meet I'll wear a Pebble watch so it's easy to spot the geek among the normal crowd  |
|
|
|
Sending large amounts of data using QR-codes is a pain. However, you can compress an unsigned transaction pretty well is both sides agree on a simple protocol.
...
Unless I have forgotten something crucial this should work.
Unfortunately, it can't be that simple. In fact, even for the simple case you describe, it is dramatically more complex. Why? Allow me to explain how offline wallets work in Armory, and why data sizes will never be that small. Satoshi decided not to include the input values of the inputs being spent in the transaction inputs or explicit declaration of the fee in the transaction data to be signed. This sounds arbitrary, because that information is located in the blockchain, so the node only needs to go look it up the OutPoints in the blockchain to know. Right? Well, offline wallets can't do that. And part of the value of Armory for offline transactions is that the offline computer doesn't need the blockchain. You might say "okay, well just throw that information in with the tx to be signed so that the offline computer knows." If only it were that simple... gmaxwell expressed concern, rightly, that if your online computer is infected, the next transaction you make might have a devastatingly malicious modification: it completes your transaction, but sends the rest of the balance of your wallet to transaction fee. But you don't know this, because the attacker also modified the "supplementary" information in the transaction, so that the offline computer thinks it's only signing a 1.01 BTC input, with 0.5 to recip, 0.5 to change, and 0.01 to fee. But the attacker actually put a 300 BTC input on the tx-to-be-signed, but put in the "supplemental" information that the input is only 1.01 BTC. The result will be the offline computer showing you that you are sending 0.5 BTC to the recipient with 0.01 fee. But when you send the transaction, it's actually 299 BTC fee. THEREFORE: my BIP 0010 "protocol" includes the entirety of each transaction which supplies inputs to the transaction-to-be-signed. For each input in the tx-to-be-signed, Armory sees the OutPoint (txHash, txOutIndex), and verifies that it was passed a transaction with the same TxHash. From that transaction, it can verify the value of the input and the final tx fee. - If the attacker changes the recipient or the amount sent to recipient -- the user should notice because they can see the list of recipients and values before they sign it
- If the attacker changes the value specified on the supplementary tx -- the suppl tx hash will no longer match the OutPoint on the tx-to-be-signed, verification will fail
- If the attacker changes the supplementary tx value and the OutPoint hash -- the transaction is no longer valid, because that OutPoint doesn't actually exist
In fact, that pretty much clears up every possible avenue for tricking the offline computer. Now, every piece of important information is verifiable by the offline computer. If there is manipulation, the either the tx won't be valid, or the user will notice when they look at the transaction details.
Okay, so that gets us back to the original question of "how much data do we have to transfer between online and offline computer?" Unfortunately, the simplest case is not relevant to this discussion: you have to design the protocol around the 99.9'th percentile case: which is the case that someone has an offline donation address that they want to clear out. Let's say they have received 40 donations. So the transaction will have 40 inputs and 2 outputs. The bulk of the data is the supporting transactions which can be anything (transactions created by the donors). Each one itself may have dozens of inputs, and the signatures are necessarily included! Let's assume 30 "standard" supporting transactions, and the other ten have 10 inputs each. - Tx-to-be-signed: 30 inputs (unsigned) of 48 bytes each, and two outputs of 40 bytes each = 1.5 kB
- 30 standard supporting tx: 250 bytes each = 7.5 kB
- Ten larger tx: 180 bytes for each input (signed), so about 2 kB each = 20 kB
So the online computer needs to communicate 30 kB to the offline computer in this case. And the offline computer needs to transfer back 30 signatures, which is, at best, 2 kB at a minimum. The "maximum" a QR code can handle is 3 kB of binary, so that's 10 QR codes from online to offline. 1-2 QR codes the other way. So the protocol should handle 30 kB without causing a lot of pain. If the user has to wait a little bit because of a slow communication rate, that's okay because this case is abnormal and waiting 60s for the transfer isn't the end of the world. But if they can't succeed because it's confusing and they can't figure out how many and which QR codes have been scanned, or which webcam they're supposed to be pointing at which device, and frustrated there are wires everywhere, etc. Then there's a problem... As you can tell, I'm very sensitive to the "convenience" of a given feature. I think the biggest barrier to security is convenience -- users just don't use things that are inconvenient. But I also don't want to sacrifice security, at all, no matter how much work it is for me. Which is why there are so many recommendations here that are great, but don't quite the bill. But I'm pretty sure a solution exists where the user can actually have both, in which case everyone wins Hi etotheipi, I also had the same idea of using QR codes to transfer data between online and offline machines but I have a very specific use case that should solve the transaction size problem, using a unique input address in the cellphone as a small wallet to pay on a merchant's point of sell where the cellphone doesn't have network connection. I have described the use case here: https://bitcointalk.org/index.php?topic=230010Do you think this is feasible? I would like to implement the idea in a light phone client in combination with a full client like Armory used as merchant's POS to broadcast the transaction. Armory could provide all the elements for the transaction in a QR code and send to phone: - Merchant's payment address - Information required for the transaction from the blockchain, including fees The thin client will take: - Ingredients from Armory QR code - Put together with the unique wallet address - Sign transaction Then present all information requesting user to confirm transaction details (including fee) and then send the QR code with full signed transaction back to Armory to be broadcast. |
|
|
|
|
Thanks for sharing and translating, very interesting info for dutch and European citizens.
|
|
|
|
This link has not much to do with the problem proposed in the thread  |
|
|
|
This is very similar to what Armory is currently doing for offline wallets but the transference method through usb stick is not as simple as the QR code,
But Armory's offline signing isn't standalone. That's all the offline computer does: lets you confirm the transaction details, and sign it. It still needs the connected instance to create the unsigned transaction which is than brought over to the offline system for signing. And here's the reason you wouldn't want to trust the merchant to build the unsigned transaction for you: - http://bitcointalk.org/index.php?topic=68482.msg1187718#msg1187718I haven't looked at this closely but the approach is interesting VisualBTC - Android-based hardware offline wallet using animated QR codes - http://bitcointalk.org/index.php?topic=210371.0Thanks for the feedback, very interesting limitation and great to see that someone already put the idea to practice. |
|
|
|
|
3 of July sounds good to me, count me in.
|
|
|
|
|
The transaction fee on percentages sounds good but I'm not convinced about the message system, I believe it's already possible to send messages with each BTC transaction and if you want a more comprehensive messaging system you could use existing messaging systems or new ones like Bitmessage and even combine them with BTC, e.g. send a BTC transaction and in the small message include the link to a Bitmessage.
Good luck with the project.
|
|
|
|
First I'll explain the problem and then my proposed solution: The problem is that if you want to go on holidays or somewhere where you don't have data connection in your cellphone (ey! I'm on holidays in Berlin http://tinyurl.com/bwg33vf and I want to use my bitcoins), it's not possible to pay in any shop where they accept Bitcoins because you can't broadcast the transaction from your cellphone. Of course, you can access WiFi or pay the data-roaming cost but I imagine a much easier scenario for the end user by using the shop's Point of Sell to broadcast the transaction. Here is the explanation: 1. When paying, the user scans the QR code of the shop address where the payment has to be sent to 2. The user includes the amount to pay and signs the transaction in the phone (android/iphone/etc) wallet 3. Now the transaction gets converted into a transaction QR code in the user's phone -> Offline broadcasting 4. The shop seller can now scan the transaction QR code in the shop's POS which has to be connected to internet5. The shop's POS broadcast the client's transaction and immediately verifies the payment Remarks: - Size of transaction: QR codes can't handle too much data (less than 3Kb according to http://www.qrcode.com/en/faq.html) but if the user were to use a specific address only for this offline portable wallet, like the physical wallet you take with you, the transaction size should be quite small as there is only one address to take the funds from and one to send funds to (usually). - Security: The portable wallet should have it's own address and private key separated from the rest of the wallets, therefore, if the phone gets compromised/stolen, only one address with the day to day cash amount is lost. This is very similar to what Armory is currently doing for offline wallets but the transference method through usb stick is not as simple as the QR code, specially in the mobile environment. I haven't seen this already implemented in any of the wallets but maybe I'm mistaken and some android wallet is already able to do this transference of offline transactions. Let me know what you think of the idea and if there is any extra trouble you can think of. |
|
|
|
I believe in this idea so I contributed founds to the bounty. Let's go for it  |
|
|
|
|
