Also, you rely on single point (bc.info) so if they fail to provide service you wouldn't be able to spend your coins. (SPoF)
There are many reasons to avoid Blockchain.info, but to be fair this isn't one of them. As long as you back up your wallet (whenever you create a new receiving address), you can regain access to your funds should they one day disappear. |
|
|
|
Nothing would happen just make sure you have 2FA + Antivirus and don't visit malicious websites.
In a perfect world that'd be true, but realistically speaking it's too optimistic. There's always a delay in the cat-and-mouse game of malware vs antimalware. Sometimes it's days, and sometimes it's months... antimalware is never 100%. Also, just for the record Blockchain.info's 2FA is almost useless when it comes to protection from malware. It's perhaps useful against online brute-forcing, but that's about it. A lot can happen, it's not all about the client. blockchain.info always can be hacked even if you have 42FA in your account.
Yup, in which case your wallet is only as safe as the strength of your password, so use a really good one (even less safe if an attacker replaces the JavaScript app with one that steals bitcoin). At least try to use a cloud that keeps your data encrypted on their servers (Tresorit, Spideroak).
Good advice. |
|
|
|
In that case every possible way of collecting randomness is a scheme. What is probing /dev/urandom everytime you need a random number, if not a scheme?
It's very difficult to convince someone that they're not as smart as they think they are. What it really comes down to is this: if you're not a cryptographer, you shouldn't be coming up with your own cryptography (and that definitely applies to coming up with your own RNG). To do otherwise is simply hubris. I don't mean any disrespect in what I wrote above, it's just that cryptography (and by extension CSPRNGs) is an extremely complex subject which is studied by experts who devote their entire professional life towards that study (and even they frequently make mistakes!). I know I'm not in that league, and I can only presume you're in the same boat, therefore the best advice is to follow the advice of people who know better than either of us. All of this is why using /dev/urandom is a good idea: it was developed by experts, and it's also why any scheme developed by you or I is fraught with serious risk. (I did not develop the "feed a shuffled deck into a hash function" scheme by the way, i just wrote that simple python script.) |
|
|
|
|
Electrum 2.x HD wallets may not contain loose keys. You can still create a separate wallet which contains loose keys, but it will not be an HD wallet and you're on your own when it comes to maintaining backups (there's no seed).
To create a loose-keys wallet, go to the restore wallet option, and enter one or more private keys (base58check strings starting with L or K). You can import additional keys into this wallet later if you like (the Import Keys menu item won't be disabled).
I suspect this was done to avoid any confusion where a user might believe that imported keys in an HD wallet might somehow be protected by the seed, when of course it's not.
|
|
|
|
I didn't realize people have been implementing multisig. For example, GreenAddress.it has 2of3 accounts, and so does Coinbase, which they call Vault. GreenAddress and Coinbase Vault are both intended for individuals, or for individual employees (the multisig for these wallets is intended to keep individuals safer from malware, it's not intended to prevent embezzlement). There is multisig software designed for companies or groups of individuals though. You may want to look at Armory (lockboxes), mSIGNA, or perhaps the recently released Electrum 2. |
|
|
|
And thank you for the kind words  That creates-4-billion-addresses thing was sure a surprise to me. I actually just opened a PR on their repo with a one-line type check to catch anyone who happens to try passing in a string. |
|
|
|
1. m/0/i for external chain (receive addresses) and m/1/i for change addresses. 'i' being index. Hardening is not used  Does any wallet use hardening at the internal/external (change) level? That's the only level there.... (if you're disappointed by the lack of account support, that's more understandable) wallet.change_gap_limit( '100' )
Yikes, you meant this with no single quotes: wallet.change_gap_limit( 100 )
(Yikes because Electrum doesn't type-check the argument, and will surprisingly try to create all 4 billion addresses if you pass it a string  ) Just copy the master public key from wallets menu to the online device and use the restore switch to create a watch only wallet:
Just FYI you can also start a wallet restore, and paste the master public key into the place where you'd normally paste a seed. |
|
|
|
This version of HashCheck (full disclosure: this is my repo 1) supports SHA-256, and can be used to check hashes on Windows: https://github.com/gurnec/HashCheck/releasesJust download the .asc file from https://bitcoin.org/bin/bitcoin-core-0.10.0/SHA256SUMS.asc and/or https://bitcoin.org/bin/bitcoin-core-0.10.0/SHA256SUMS.asc into the same directory as the installer or archive, and double-click it.  Verifying the PGP signatures (as Blazr detailed) is more secure, though. What if the website has been hacked and the hacker has replaced the download with one that contains a backdoor and then changed the hash?
If you want to be sure your copy of a Bitcoin client hasn't been tampered with you really need to verify it is signed with a trusted key.
Agreed. [1] It's my repo, but all credits for HashCheck go to its original author, Kai Liu. I only added SHA-256 support. |
|
|
|
Yes, but after he will import his "wallet" to the new electrum 2.0 he will not be able to send bitcoin without the password or am I wrong?
I don't understand what you're asking.... OP never mentioned anything about importing a wallet, and restoring from a seed does not require a password. |
|
|
|
|
Just create a new wallet and choose restore, then use your seed and set whatever password you'd like for the new wallet.
|
|
|
|
Just wondering, has that been tagged on GitHub yet?
I tend not to tag the testing versions, though I have done so a couple times in the past. This particular testing release was really to test that the fix works for those reporting problems, before we commit to an official release. So far it is very promising, so we will probably convert this to an official release soon, with a proper signed tag. Makes sense, thanks for explaining. |
|
|
|
|
Just wondering, has that been tagged on GitHub yet?
|
|
|
|
Thanks for your post Btchris. I looked over the thread for the link you provided and it seems to describe the same problem I am currently experiencing. You mentioned in the thread you had the bugfix installed and were not experiencing any problems. Will the bugfix automatically install or do we have to download it from the Armory website and install it ourselves? Thanks in advance.
Unfortunately, it requires that you download the current source code and build it yourself with Visual Studio on Windows or some other compiler on Linux (g++ I'd imagine). I don't know how long it will be before an official release, but I get the impression that it will be on the order of several days, and not several weeks (again, I'm not an Armory dev and I could be wrong). Waiting for an official release would be safest.... |
|
|
|
|
I've been running a4561d1 since my last post. No issues, however no "repair" log entries either (nor any other unusual log entries).
|
|
|
|
You can do this with electrum 2.0 using the command line: electrum --entropy=<decimal number> make_seed
electrum --entropy=3959389439878943984398743 make_seed
Please be careful if you use this feature. The entropy integer replaces some of the entropy which Electrum would normally use; if the entropy integer is long enough (39 digits for a 128 bit seed), it will replace almost all of the entropy which Electrum normally uses. If your integer comes from a good source of entropy, then none of this is any concern. But if not, you're asking for trouble. My favorite way of creating keys is manually feeding a very long string of gebrish to a brain wallet tool.
If by gibberish you mean dice roles, a well-shuffled deck, or similar, I'd say that's a very good way to generate a wallet. If you mean "banging on the keyboard for a while", I'd be concerned. If you're going to go through all the effort to make your own entropy and store it cold, please take the extra step of using a real entropy source. Otherwise, your "banging on the keyboard" may end up making your wallet weaker than if you had just used the default OS-provided source of pseudo-entropy in the first place (as most wallets do, including Electrum). If you're getting your entropy from a good source, you can do something like this do convert it to an integer for use with Electrum 2.x (at the command line; if you're on Windows, you need to download Python 3 first, and it's called python.exe instead of python3): python3 -c "import hashlib;print(int.from_bytes(hashlib.sha256(input('entropy> ').encode()).digest()[:int(input('bits> '))//8],'big'))"
entropy> ks 3s 9c jc kh 3c td tc 4c 9h 4h 7c 2c 6d ac 9d qc 3h as ts 8s 5d ad 2h 5s
bits> 128
183982767129046887860016900583690846407
In that case, I used a well-shuffled deck. You only really need the first 25 cards, but a few more wouldn't hurt. I entered "128" for the estimate of bits, this number should be somewhere between 8 and the seed length in bits, usually 128. If you're using a well-shuffled deck, entering 128 is fine, but if you're using something else and if you overestimate how much entropy you've got, you'll end up decreasing the security of your wallet (because of what I described above), so just be careful . For 6-sided dice, you'd need 50 rolls for 128 bits. For 20-sided, 30 rolls. If you're feeling lazy, you can decrease this, but you must decrease the bit count proportionally (and then Electrum will fill in the rest from the OS's pseudo-entropy). |
|
|
|
There are alternative solutions for this if you want to try one. I've been using RBTray for years now for this, you may want to check them out (no affiliation). It's open source, and works on XP all the way up to 8.1. You simply run it, and then right-click on any window's minimize button to send it to the tray. |
|
|
|
I am using greenaddress.it and have been for awhile now and it's been good, apart from being a little slow it works well and show's accoun balance in AUD.
I have since moved to wallet 32 for a daily hot wallet just due to the speed.
I will try green bits and it may win me back.
Will the new greenbits app auto swap my old account or do i have to do a bunch of stuff?
I have passords and memoric written down if needed.
Greenbits should be faster since it's written in Java instead of Javascript. You'll need to enter your entire mnemonic the first time you use it, after that you can set a PIN if you prefer, just like the original app (or continue using the entire mnemonic each time). There's no trouble having both installed at the same time if you like. |
|
|
|
|
Show Posts
