Of course, please heed jim618's advice. But that aside for a moment... # be carefulz w ur keys
# 5... T..Z
# end of private keys
But then multibit gets to decide whether to use the compress or uncompressed address for this key The "WIF" format encodes whether or not the public key generated from a given WIF-encoded private key should be compressed. See step 2 in the wiki: https://en.bitcoin.it/wiki/Wallet_import_formatAs a result of that step, the WIF-encoded private key will always start with a 5 if the public key should be uncompressed, or with an L or K if the public key should be compressed. If you're dealing with old or unmaintained software, you might find that importing a private key for a compressed public key may be misinterpreted as uncompressed, or may be broken in some other unpredictable way, so please be careful.... |
|
|
|
Do you have your seed words written down somewhere?
Are you only using the one default account, or did you create more than one?
It would not recognize my seed. I get the impression that the app doesn't work without their back end servers and both their servers are down and the app is pulled from the App Store. That's what I think is going on. Sorry, didn't answer your other question: I only used the one account for that app, and yes I have the seed words written down from the last back up. I can't speak to why it's not currently working, but if you just want to get the funds out of your wallet and transferred to a different one easily, there is an option for you. Install MultiBit HD Beta from here: https://beta.multibit.org/When you first run it, choose "Restore wallet" (not "Restore password from seed", that's something different), and in the next screen be sure to choose Mycelium in the "which wallet created this seed" drop-down box. Just please be aware that: - Multibit HD is still in Beta, and the devs don't advise using it for much beyond testing purposes (although it works for me FWIW)
- If you've created multiple accounts in Mycelium, this will only recover the first
- Multibit HD isn't free; it has a 0.00001 BTC per transaction fee which helps support development
There are other ways to get to your bitcoin, but this way is probably the easiest option. just import the private key into another client like electrum  Electrum is not compatible with Mycelium seeds. MultiBit HD and Mycelium for Android are the only wallets I'm aware of which are compatible (see here: https://bitcointalk.org/index.php?topic=1000544.0) |
|
|
|
Hey has anyone else run into a problem with Mycelium on iOS in the last couple days? I can't spend my Bitcoin, or back up my wallet, and it's not even showing in the App Store anymore. What's going on, and how can I get my Bitcoin out of this wallet now?!
Do you have your seed words written down somewhere? Are you only using the one default account, or did you create more than one? |
|
|
|
|
This sort of question has been asked and answered quite a bit (not trying to be rude) -- there are a lot of bits of code in various wallets / products that will do this sort of thing if you know where to look.
If you don't want to deal w/a compiler, what language did you have in mind? If for example your answer's Python I could probably point you to a few places to look.
|
|
|
|
EDIT2: Are my private keys safe should someone get a hold of the "normal" wallet file?
Yes, with the same caveats as most other wallets-- - Weak passwords can be brute-forced (but Armory's KDF is one of the best among Bitcoin wallet software, so it takes longer/costs more to perform brute-force attacks).
- Your privacy is lost / transaction history is viewable (this is true of most, but not all, wallets).
- If your wallet file is stolen by malware, that same malware can probably wait for you to type in your password and then steal it as well.
- If you lose your wallet file with its encrypted private keys and any single private key associated with that wallet, then all of the private keys in that wallet are compromised (can be computed). This is true of many deterministic wallets.
Another great answer, thanks! Just wanted to know if it was safe to send around fairly publicly (for backup intentions). If you're paranoid (like me), you may want to look for a zero-knowledge backup provider. I use SpiderOak myself; their software has always been a little bit twitchy (I probably spend an hour or so troubleshooting it every 6 months), but their security model appears to be pretty good, and their pricing is fair but there are cheaper ones out there. (I do let my wallet files get backed up to them). |
|
|
|
EDIT: So if I get this straight the encrypted wallet version is basically the same as the normal wallet just that I manually created it using the program. So the "encrypt"-text is just there to clarify it?
Exactly. EDIT2: Are my private keys safe should someone get a hold of the "normal" wallet file?
Yes, with the same caveats as most other wallets-- - Weak passwords can be brute-forced (but Armory's KDF is one of the best among Bitcoin wallet software, so it takes longer/costs more to perform brute-force attacks).
- Your privacy is lost / transaction history is viewable (this is true of most, but not all, wallets).
- If your wallet file is stolen by malware, that same malware can probably wait for you to type in your password and then steal it as well.
- If you lose your wallet file with its encrypted private keys and any single private key associated with that wallet, then all of the private keys in that wallet are compromised (can be computed). This is true of many deterministic wallets.
|
|
|
|
Who could've predicted that Windows is a really insecure VM host?  I guess it wouldn't be difficult to create the kind of script btcchris posted for OSX and Linux too. Do it for Xen Generally things are easier when using Linux (Host-wise or Guest-wise) thanks to its better coverage of different filesystems and generally easier scripting (PowerShell works great if you're dealing with all Microsoft products (e.g. HyperV), but bash is probably easier in other cases). Also, just about all modern virtualization technologies are designed to be fairly easily scriptable. Having said that, I suspect that running a Hypervisor such as Xen (open source) or vSphere (closed source but free for some uses) with no IP interfaces / no remote management, and then running multiple guests under that (e.g. one for bitcoin and one for general use) probably would add a decent amount of security. Hypervisor breaks aren't unheard of, but Hypervisor devs attempt their best to prevent them. I'd never heard of Qubes before CB mentioned it above, but it looks like this is its approach -- it's definitely something I'll be taking a look at. |
|
|
|
Ok thank you, it doesn't really bother me as long as everything works. Everything seems to work fine anyways. I have a bunch of addresses under the receiving tab though, is that how it's suppose to be? Also, I added a password for my wallet but it doesn't ask me for one when I open the program.
The receive tab displays the oldest unused address, but if you need to give out a bunch of addresses at the same time, you should give out different ones. In that case, you can choose from the 20 addresses displayed on the addresses tab (IOW yes it's normal). As you use addresses, they will be moved to a subsection of the addresses tab labeled "used" and new ones will be generated to replace those that have been used once. For your password question (and several other FAQs), see here: https://electrum.orain.org/wiki/Frequently_Asked_Questions#Why_can_I_open_the_wallet_without_entering_my_password.3F |
|
|
|
What is the difference between these two: - armory_xxxxxxxx_.wallet
- armory_xxxxxxxx_encrypt.wallet
That one is encrypted is fairly clear but isn't the normal file "encrypted" as well? Does the first file really contain private keys in plain text? The armory_xxxxxxxx_.wallet file is your "normal" wallet file; it's what's used by Armory. Its private keys are always encrypted by Armory. The armory_xxxxxxxx_encrypt.wallet file is an private-key-encrypted "digital backup" file which you made at some time in the past; you probably simply forgot that you (manually) made this backup (check its last modified date, it will be whenever you created that backup). It is safe to move this file to another location if you like (or delete it... you did make a paper backup, right? ) You can also make a completely unencrypted "digital backup" (by default it would be called armory_xxxxxxxx_decrypt.wallet); if you choose to do so, you'll get a strongly-worded warning about the dangers of making it unencrypted. I think it's binary, or a binary map. Just as usable to someone who's motivated to take the BTC inside (i.e. just as much raw information as a plain text privkey)
The wallet format (the "1.0" format) is pretty well documented over here: https://bitcoinarmory.com/wallet-format/The optional encryption (which is always used for normal wallet files and for encrypted digital backups) individually encrypts each 32-byte private key (and only the private keys). Each private key is encrypted with AES-256 in CBC mode with no padding, and a randomly generated IV (stored alongside each private key). The single encryption key is derived from the user's password with a custom KDF based on Colin Percival's ROMix function, except it uses SHA-512 as the mixing function instead of BlockMix Salsa20/8 as originally specified in Percival's scrypt paper (and it also has a few other tweaks compared to ROMix). The KDF uses 16 bytes of salt. (ROMix is the memory-hard part of scrypt.) |
|
|
|
How to Import Multi privkey into bitcoin core at same time , not separately ?
I don't think this has been answered yet; apologies if I missed it. See here for details on the importwallet RPC command, which imports a bunch of privkeys from a single file at once, and does a single rescan for them at the end: https://bitcointalk.org/index.php?topic=712047.msg8051822#msg8051822 |
|
|
|
Hello all, new on the forum and had a question about my Electrum wallet. First off, I'm not even sure that I've set up my wallet correctly.
Everytime I open Electrum, I'm getting a Microsoft Visual C++ Runtime error? It says "An application has made an attempt to load the c runtime library incorrectly. Please contact the application's support team for more information." Does anybody know why it's giving me this error?
The application opens and I do see a wallet address under receiving tab. I also see a bunch of addresses under the address tab and receiving tab. Is that normal? I'm running a Windows 8 64-bit machine.
Thank you in advance.
Did you download the Windows installer or the Standalone Executable? I haven't seen this issue though Win7. I am using the Executable FWIW... I believe this is a known issue with the standalone executable on some individuals' Windows PCs. It's only a cosmetic problem -- Electrum should otherwise work fine. If it bothers you, you can AFAIK use the Windows installer to install it locally, and this issue should go away. Everything else you described sounds normal to me. |
|
|
|
WHAT could have gone wrong here, really? What am I missing?
No bright ideas from me.... The only other troubleshooting step I can think of would be to extract the shared secret from Google Auth, and check to see if it matches the shared secret on GA's side. Doing so would require your phone be rooted, and would require some work on your part (and on GA's). So... anyway, if the GoogleAuth thing can't be fixed somehow, what's next?
Do I have to wait for the 90 days time-out and get the coin out of this wallet that way? That'll be around end of June or early July I guess.
How exactly do I do that? OR would it be better to wait until then and address it in another forum topic?
First step: log in, go to Settings -> Security, and click the "Send all nLockTime transactions by email", and save the nlocktimes.zip file you receive via email in a safe place (and be sure to keep your mnemonic around somewhere too, it'll also be required later). Second step: figure out when you can perform the recovery. Use a block explorer to determine the date and the tx height (in blocks) of your most recent tx (inbound or outbound). Assuming you haven't changed the defaults, add 12960 to this tx height, and add 90 days to the date. Set a reminder on your calendar for this +90 days date. Step three: visit here: http://greenaddress.github.io/gentle/, and do a "File -> Save as" to save the web page recovery tool to your PC. Keep it along side the file you saved from the first step. Step four: Wait.... when your reminder date comes nears, check the block height of the most recent block at your favorite block explorer, and if it exceeds the the height you recorded in step two, open the page you saved in step three and follow the instructions. You'll need your full mnemonic at this point as well. The recovery page only works with Firefox and Chrome (but see here to work around a problem when using it with Chrome). I've tested this procedure once in the past, and had no trouble getting it to work (except for the Chrome issue I just mentioned). |
|
|
|
You will need to do it for each of the private keys you exported from your MB wallets.
I have tons of private key i can't do it separately . See here: https://bitcointalk.org/index.php?topic=712047.msg8055660#msg8055660As I said above, I believe that the MultiBit key export format is the same as the Bitcoin Core dumpwallet/importwallet format. |
|
|
|
Sorry, my bad, I have the pro version and didn't remember it wasn't available without it. |
|
|
|
Both my devices are rooted. I tried this here: http://android.stackexchange.com/a/86861but I'm totally unfamiliar with these things, and when I tried the adb pull thing, it just gave me "device not found." I haven't tried this answer yet, which is in the same thread: http://android.stackexchange.com/a/92140Instead, I might just create a new 2fa wallet, get the QR code with both of my devices, and then send all my bitcoins in my current 2fa wallet to this new 2fa wallet. I imagine that's easier than messing around with android root stuff that's beyond my head. Plus, theoretically, copying and pasting the android files that contain my Google Authenticator stuff into my desktop seems like an extra security risk. Titanium Backup is the exact method I was going to suggest if they were both rooted, but if you're uncomfortable with it, then your last method above seems best to me. (FYI Titanium Backup offers encryption, but only for the paid "Pro" version.) Also if they're rooted, you may want to consider SuperSU as your su app, it can PIN-protect root access which may be more secure if you're using it for 2FA or with an Android wallet. Just be sure to read the docs if you ever decide to uninstall SuperSU to avoid losing root. |
|
|
|
For BIP44, multiple account support is mandatory. So strictly speaking, MultiBit HD doesn't support BIP44 (if the "Multiple Accounts" column is right).
At least for Beta 7 the "Multiple Accounts" column is correct. I updated the sheet, and while I'm sure you're technically correct, I think it's slightly more confusing now, but I've no strong preference either way. |
|
|
|
Yeah, Authy does feel easier to use. The choice/process to use it on multiple devices was pretty simple. But interestingly, perhaps this relative "airtightness" of Google Authenticator makes it more secure, according to this: http://android.stackexchange.com/a/92915In any case, I'd like to know if there's any way I can "access" or "get a glimpse" of the QR code of the 2fa that my Electrum wallet is associated with, or some other way to use Google Authenticator/trustedcoin on 2 devices. Agreed that Authy vs Google Authenticator (or FreeOTP if you prefer, which is open source) is a convenience vs security & privacy decision. I don't think there's any way to replicate your Google Authenticator into another device unless your first device is rooted (and even then, it might be a little tricky unless your second device was also rooted). |
|
|
|
It is a lot safer than an online machine, but significantly less safe than a true offline machine. I use it myself for a small day-to-day wallet, and have a larger one on an offline machine. The VM is very convenient. Of course a determined hacker who is controlling the online machine can run with the funds. But the random wallet-stealing and password sniffing piece of malware cannot. It requires a specialised piece of malware written for the specific setup.
So this kinda rubbed me the wrong way. I mean nothing personal when I say this, but calling a VM "a lot safer" is IMO a really dangerous statement. Even if it's true that today's malware doesn't try to reach inside VMs to extract sensitive info (and I'm not so sure about that), trying to guess about how sophisticated malware is a year or two down the road is awfully difficult. To prove a point over just how "specialised [a] piece of malware written for the specific setup" needs to be, here's a (PowerShell) script which *almost* grabs all wallet.dat files from any (unencrypted) VirtualBox VMs on a Windows host (whether they are currently running or not). It's got plenty of limitations (it requires that Vagrant and Git for Windows are already installed, it has zero error-checking, etc.), but it's just a proof of concept which hopefully gets the point across. # Add VBoxManage and Git for Windows ssh to the path
$env:Path += ';' + (Join-Path $env:ProgramFiles Oracle\VirtualBox)
$env:Path += ';' + (Join-Path ${env:ProgramFiles(x86)} Git\bin)
# Retrieve the UUIDs of all current VirtualBox VMs
$vm_uuids = VBoxManage list vms | Select-String '{(.*)}$' | ForEach-Object {
$_.Matches[0].Groups[1].Value
}
# Configure Vagrant to prepare a CoreOS VM (relatively small, ~200MB)
mkdir coreos
cd coreos
vagrant init yungsang/coreos
# Modify the CoreOS VM to use a 30-port SATA controller
Add-Content Vagrantfile @"
Vagrant.configure(2) do |config|
config.vm.provider 'virtualbox' do |vb|
vb.customize ['storagectl', :id, '--name', 'SATA Controller', '--portcount', 30]
end
end
"@
# Download and start the CoreOS VM
vagrant up
$coreos_uuid = Get-Content .vagrant\machines\default\virtualbox\id -Head 1
$next_port = 1 # the next available SATA port
foreach ($uuid in $vm_uuids) { # for each VM
# Create a (copy-on-write) clone of the VM (works even if it's currently running)
VBoxManage snapshot $uuid take $uuid-snap --live
VBoxManage clonevm $uuid --snapshot $uuid-snap --options link --name $uuid-clone --register
# Add all of the clone's SATA drives to the CoreOS instance
VBoxManage showvminfo $uuid-clone | Select-String '^SATA .*\(UUID: ([^)]*)' | ForEach-Object {
VBoxManage storageattach $coreos_uuid --storagectl 'SATA Controller' --port ($next_port++) --type hdd --medium $_.Matches[0].Groups[1].Value
}
}
Start-Sleep -Seconds 10 # give CoreOS some time to finish recognizing the new drives
# Try to mount every partition found
vagrant ssh -c 'cd /dev ; for D in sd[b-z]?* ; do mkdir /media/$D ; sudo mount -r $D /media/$D ; done'
# Record all found wallet.dat files
vagrant ssh -c 'sudo find /media -name wallet.dat -ls' > ..\wallet-files.txt
# Remove the CoreOS VM and the Vagrant cached image and config
vagrant destroy -f
vagrant box remove yungsang/coreos -f # comment this out if you intend to run this multiple times to avoid the download step
rmdir -Force -Recurse .vagrant
rm Vagrantfile
cd ..
rmdir coreos
# Remove the VM clones
foreach ($uuid in $vm_uuids) {
VBoxManage unregistervm $uuid-clone --delete
VBoxManage snapshot $uuid delete $uuid-snap
}
Get-Content wallet-files.txt
Write-Host -NoNewline Press any key to exit ...
$host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown') > $null
So in just 66 lines of Windows shell code, it lists out all found wallet.dat files -- just one step away from actually uploading them somewhere. This plus a keylogger on the host, and it's game over. Now I'm not even a software dev by trade (or at least haven't been one in a while), so I have to assume that proficient malware authors are going to be a lot more sophisticated about this sort of attack. I don't mean to claim that there's zero advantage to using VMs (more so when their encryption requires an interactive password), but advocating them as a lot safer (or as any kind of alternative to cold storage) sounds really troubling to me. |
|
|
|
I need to sign a message from an address created on breadwallet. Seems like neither MultiBit nor Electrum accept seeds from breadwallet... I though all of these clients accepted the same BIP 32 seeds? What do you recommend for this? What client should I use to restore the breadwallet seed and sign my message?
breadwallet is compatible with Hive (mobile and web, not Hive for OS X), but that doesn't help much since Hive can't sign messages. breadwallet will be compatible with MutliBit HD once MultiBit HD Beta 8 is released (or if you want to compile it yourself), but it is not seed-compatible with Beta 7 due to this bug. Edited to add: those are the only wallets I know of that are compatible with breadwallet. Electrum 2.x is definitely not seed-compatible with breadwallet (Electrum 2.x has chosen to not use BIP-39). In general, compatibility between deterministic wallets is a complex issue. There's a compatibility table available here if you'd like more info: https://bitcointalk.org/index.php?topic=1000544.0 |
|
|
|
|
Show Posts
