I've added your ip slush, not able to connect yet but as soon as a few nodes leave I should be able to. Added yubikey support to My Wallet. For more info see https://blockchain.info/wallet/yubikeyAs far as i'm aware My Wallet is the only wallet service to offer two factor authentication (other than Mt. Gox). Existing Mt. Gox yubikeys should be compatible. |
|
|
|
Maybe you explained it already, but why exactly it's hard to detect blocks from my pool?
I can't seem to locate the ip addresses correctly. Here are the ip addresses I have down. 81.95.121.13 Slush 46.105.119.41 Slush 192.168.176.137 Slush 178.86.239.19 Slush 178.79.178.173 Slush 178.79.177.146 Slush 178.79.170.65 Slush 178.79.168.31 Slush 178.79.155.53 Slush 178.79.155.33 Slush 178.79.154.170 Slush 178.79.147.99 Slush 178.79.130.99 Slush 109.74.195.190 Slush Are any incorrect or am I missing some? It could be that I cannot connect to your node, are you at the connection limit? |
|
|
|
The is possibly an issue related to My Wallet, I have disabled new transactions while I investigate. If there is an issue it seems to be isolated to one particular address. Edit: This has now been fixed and transactions re-enabled. |
|
|
|
|
this does involve blockchain.info's address, I don't think it was made through the site though.
|
|
|
|
That's a feature I was thinking might be useful -- a service that would import a wallet and all its keys.
This is second on my list of things to add, native import and export in wallet.dat format. Although why does the mainline client even need to use berkelydb for wallet.dat? Surely it would be better to use a human readable format to make it easier to repair in case of corruption. JSON would probably suffice. First I want to make sure security is tight enough so yubikey and SMS two factor authentication are my priority for the moment. Can't open my wallet on iPhone, when i click the "Open wallet" button, it just stuck there.Anyone has the same issue ?
btw: should i clean my cache? will private key stored on my disk?
Haven't tested it on an iPhone yet, I'll have a quick look this afternoon. You are free to clear your cache, any private keys you have added will be safe on the server. |
|
|
|
Could you explain outputs or provide a link? The wiki Transactions doesn't cut it for me. To me, when I send bitcoins, I collect a bunch of addresses, add up their balance, and using each address, sign the fact that I am redirecting their total balance to a new set of addresses. The 'output' is just the amounts, the destination addresses, the same tiny script 99% of all transactions use, all wrapped in my address signatures. As long as I know my address balances have not changed, what state change could have happened? My understanding of 'output' must be horribly naive.
Your understanding is correct, you are the only one that can effect the state of outputs for your wallet. One though clarification when you create a transaction you redeem specific outputs which target your address so you can't make a transaction just by knowing the address balance. Is it possible to take a minimal wallet and encrypt it with the recipient's public address and send it to the recipient side channel? In theory, couldn't the recipient use the associated private key to decrypt it? (Are elliptic keys reversible in the same way as RSA?) If this were common, wouldn't bitcoin truly be anonymous, every transaction plausibly deniable?
In theory would work, but the problem comes with distribution. To anyone other the recipient the transaction would look like gibberish so how would they know it i the transaction is spam/ddos attack etc. And then how would miners verify the transaction without the private key. |
|
|
|
|
Back up now, Mining pools stats are going to be messed up for a while.
|
|
|
|
any eta on when it's back up?
Not as yet. Hopefully should be backup this morning but I rang the datacenter company and doesn't look like there even up yet. Considering how much I pay them they have pretty crappy support. |
|
|
|
|
Just to let everyone know the site is down because I've screwed up the firewall settings, I'll be going down to the datacenter shortly to repair the machines.
|
|
|
|
Has anyone else noticed a huge amount of transactions coming from this address?  Over 50,702 BTC and 1500 transactions in the past 24 hours, that is nearly 20% of all transactions. They don't look like spam, is this a Mt.Gox address? |
|
|
|
Your innovations/implementations are fantastic. While I hope for your sake that you can monetize this somehow. I also hope others will follow in your footsteps. I would like to see the data formats and interfaces all standardised.
Thank you for your support netrin. It would be nice if this was profitable but it's not a priority at the moment. Others are welcome to you my api's if they want to implement a similar service. Don't you use QR codes in the PDF? I'd think the 3-7K capacity of a version 40 QR (left) is more than enough for a single key wallet.
No not yet. I still don't understand offline transactions. I don't understand why they aren't already common, why they are difficult to implement, and how then you are able to do them (there is something fundamental about outputs that I don't understand, but I don't know what I don't know/understand).
They are not difficult to implement, the only problem is knowing which outputs to send without an internet connection or access to the blockchain. You can cache a list of unspent outputs but the longer you keep the list the more likely the state of the outputs will change cause your transaction to be rejected. Then you have to submit the transaction to the network offline, again not hard to implement, just a bit cumbersome. The offline wallet is brilliant. But beyond a proof of concept, I don't think I would use them unless I could download a zip (html, js), pull the plug and only then generate keys. Its a position born from misunderstanding and distrust.
I think this can be done, I have an idea. Finway, as netrin explained explained the green address technique cannot be used for this wallet. Terrytibbs, I add the css you suggested but it didn't seem to help the browser seems to be ignoring it. racerguy, don't think I can help with that won't, probably won't work as there is no form submitted. HostFat, I added sipa support. Couple of small updates Added rejected inventory so you can check if your block / transaction has been rejected @ http://blockchain.info/rejectedPush tx now has a form @ http://www.blockchain.info/pushtx |
|
|
|
ok. the other request is for translations. this site -- particularly with the javascript wallet, is just as useful to those who read german, spanish, japanese, etc.
that would work. i'm not sure why there's a concern though to require date of birth or other filter -- if it is encrypted the password i used to encrypt it is still required, right?
Posted as i was replying  I am not bilingual so can't help much here. If anyone wants to volunteer then great. The fear is that someone with the encrypted wallet might be able to brute force it, I think your right is not too much of a concern. I upped the minimum password length to 10 characters and implemented it anyway. |
|
|
|
Yes it should be. Vanity gen is base58 i think so copy the 'Privkey' text in 'Import Private Key' text box and it should work. Let me know if it doesn't. I mentioning this as a matter of style. I have not yet seen your PDF, but it could look like a cheque or certificate with your brand ("In Puik we Trust"), rather than just an archival artifact. I am suggesting that users could generate a one time wallet simply to create fixed denomination cheques. Each cheque presumably contains a unique encrypted wallet. You can give the cheque to someone and they would need the passphrase to decrypt and transfer the funds. The passphrase is thus the activation 'signature'.
Interesting idea, it could done fairly easily. But to redeem the cheque you would have to type in the private key by hand and the private key address would need to have the exact balance of the cheque. So that I can generate a private key offline, create offline transactions, but send the public address to your server for balance tracking?
Yeah exactly. I've implemented kinda sorta offline mode now you can generate a transaction offline after you have gotten the unspent outputs from the server. So at the point at which you need to enter the private key you can go offline. You'll see something like this.  A general use case: You have a 'current' account where you keep a limited amount of coins to do whatever it is you do with bitcoins. Then a 'savings' account which you keep the majority of you holdings. For the current account you keep both the bitcoin address and private key in the wallet, so you can send and receive transactions quickly. But with the savings account you keep only the bitcoin address and have a paper backup of the private key. So you can see the transactions and balances of both accounts but there is absolutely now way your savings account private key can leak. To move money from the savings account to the current account you would create an offline transaction, typing in the private key by hand. That way the private key touches only your browser for a few seconds and it not transmitted over the internet, even in encrypted form. New Features Tonight- Aliases for new wallets as suggested by koin
- 'Add to my Wallet' on blockchain.info address pages
- Offline transactions
- firefox bug fixes
|
|
|
|
Puik, I could foresee creating a wallet with a single address, adding some funds, printing it out as a pdf, and then I would like to be able to delete the record from your servers. I'll add this in the next update. Following that train of thought, your PDF could produce DIY PuiKash or, the analogy I prefer, traveller cheques. Writing the password on the cheque is equivalent to activating or signing it anonymously.
No sure i'm following you, you mean some kind of printable cheque which you then sign? What is a multi-recipient transaction? First come, first serve?
No, i meant, you an create a transaction with more than one receiving address e.g.  Public key only address?
Probably should have worded it "Address without private key". e.g. If you add just a bitcoin address to your wallet if with be labeled like this:  So you will be able to see transactions, balances, etc. But when you try and send funds from that address you will be prompted to enter the private key. Before you enter the private key you can unplug your internet and instead of relaying the transaction immediately it will output a string which you can copy and paste into http://bitsend.rowit.co.uk/ when your ready to send it. |
|
|
|
All pools with less than 2 blocks relayed to avoid cluttering the pie chart. They are listed in the Known blocks table. |
|
|
|
Awesome site!
can I make 1 suggestion? On the main page, instead of saying "unconfirmed transactions" can you call them "new transactions" ? the term unconfirmed (to a new user) may give the impression that they are somehow invalid.
Glad you like the site. They are not necessarily new though, I've seen some unconfirmed transactions sit in that list for 24 hours or more. I'll put a paragraph up on the page explaining what unconfirmed means. it is odd to go to a site named BlockChain.info for managing my hybrid javascript wallet. and then this thread gets polluted with wallet-related topics. wouldn't it be a better idea to separate the two?
the question i had though is what happens when i want to access from a different computer but don't have a link to the wallet url? isn't there a way i can give an alias so that i don't need to keep the wallet identifier?
I will be integrating the wallet into the site (nothing too intrusive). Fro example when you visit a address page you will be able to click 'Add to my Wallet' and have the address added in public key only mode. + I can't be bothered to setup a new domain  Good idea, but people would likely pick aliases which are easy to guess e.g. 'my-wallet' which would then exposed your encrypted wallet data. What do you think about an alias with a security question something like simple like 'What is your date of birth?'. New features added- Save JSON data to file
- Save Wallet as printable PDF
- Import Encrypted JSON, PlainText JSON and pywallet -dumpwallet
- Multi recipient transaction.
- Address book
- Transaction summary and client status
- Confirmation before send
 Coming shortly- Public key only addresses
- Offline Transactions
- Upload and download wallet.dat (Java applet)
|
|
|
|
Thanks for your clarification. Does the client cycle through a pool of pre-generated addresses, or does it create a buffer of keys (I see only one pair in my wallet)? Are those guaranteed to be encrypted and stored on the server before they are ever used (I suspect not unless change is returned to the sending address)?
I've put up a technical FAQ with answers to some of your questions. http://blockchain.info/wallet/faq. Initially the client generates a single address only and change is returned to that address. It is not clear to me what transaction data (API call) the client needs to request immediately before signing and sending a transaction back to the server.
The client calls /unspent?address=HASH60 to get a list of available unspent outputs otherwise the client would not know which outputs are spent or not. Do you have any future intension to implement deterministic addresses from seed?
Possibly although I don't know if the average user can be trusted to keep a seed, wallet identifier and password safe. I'm trying to simplify the process a bit. I've never understood how transactions work. Why does the sending entity (your server in this case) need to join the network, with an up-to-date blockchain. It doesn't need an up to date blockchain, it doesn't need a blockchain at all. The javascript client cannot talk with bitcoin nodes directly so it has to go through the server. I could make a Java applet to relay the transaction without touching the server. I look forward to transparent plaintext import/export/split/encrypted block standard formats between all clients. I'm curious why you store the private key in decimal - why not base58? They are in base 58. What is the practical difference between the address and hash160? What is the hash160? No real difference, both can be determined from the other. I meant a difference between public key which cannot be determined from the hash. Suppose a user gave a single key pair to another user of your system. Would that expose the first user's entire wallet to the second? Could the first user remove the key pair from his wallet? Could he create a new wallet and mix and match key pairs from an older wallet. Do you mean sharing the private key? No, as wallets are not deterministic any other keys would be safe. If you meant wallet identifier then no also, as long as the password is not shared the second user can cannot decrypt the wallet. |
|
|
|
Why not have a ≈ character instead of ~ for the USD evaluation?
Do you use servers that you already own for other things? Do you plan to make money on this (not just donations), or is it just a hobby?
I would suggest changing the bottom bar so it does not merge with the background and become confusing.
x ≈ y means x is approximately equal to y.
This may also be written ≃, ≅, ~ or ≒. ~ Iis the symbol I associate with approximation. The site runs on 3 i7 Quad core Mac mini's which are collocated in a locked cabinet at a datacenter with a dedicated security guard. I am the only one with access to the servers but I do use them for other things - Backend's for a various iPhone applications, git, afp and email server. Just a hobby site for the moment, if it could pay for itself with advertising that would be great. Thanks for the suggestion. |
|
|
|
Are the wallets deterministic? Are newly generated keys (addresses) stored on the server (even in encrypted form)? Does the server keep track of all public addresses for each identifier? Can the client pull the network plug and continue working, sending transactions and updating balances later?
No the wallet is not deterministic, keys are generated randomly. The generated keys are stored AES encrypted on the server. The server does not know the public addresses of a user but does require the hash 160 of an address to get transaction data. These calls are made using the publicly available api @ http://blockchain.info/api. The wallet identifier and hash 160 is is not included in any queries together. Currently you can't send transactions offline because transaction data is lost if the client cannot reach the server, but it is possible with a few minor modifications. The basic protocol structure is: For new transactions| Server | Client | | Client Requests encrypted wallet data for an identifier | | Sever responds with encrypted payload | | | Client decrypts wallet in browser | | Client requests transaction data using methods at http://blockchain.info/api | | Client creates and signs transaction in the browser | | Client pushes transaction to http://blockchain.info/pushtx | | Server relays transaction to mining nodes | |
| Server | Client | | Client generates identifier and private key | | Client encrypts a json payload of keys | | Client requests payload is stored on server with a provided identifier | | Server stores encrypted payload | |
Here is the SQL structure for the wallet table CREATE TABLE `bitcoin_wallets` (
`guid` char(36) CHARACTER SET latin1 NOT NULL,
`updated` bigint(20) unsigned NOT NULL DEFAULT '0',
`created` bigint(20) unsigned NOT NULL DEFAULT '0',
`payload` text NOT NULL,
`last_access` bigint(20) unsigned NOT NULL,
`shared_key` char(36) DEFAULT NULL,
`notifications_email` varchar(255) NOT NULL,
PRIMARY KEY (`guid`)
) ENGINE=ndbcluster DEFAULT CHARSET=utf8; So what's the difference between this and StrongCoin for example?
I have to say I did not know about strongcoin, essentially it the same thing. I guess they now have some competition blockchain.info can be more tightly integrated the block explorer site so we can provide a slicker interface which feels like a fully functioning client. |
|
|
|
|
Show Posts
