Bitcoin Forum
April 17, 2014, 06:25:09 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
  Home Help Search Donate Login Register  
  Show Posts
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
1  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: Today at 08:40:56 AM
I want to use mycelium on two devices.  
How can I sync them?

create a backup on one phone, enable expert mode on the other phone and restore the backup.

(the key that was already generated there before is most likely not needed any more so you can delete it or move to archive)
Not having much luck syncing mycelium on the extra tablet.
Can't scan the qr code from the pdf (this tablet has no back camera), and I can't copy and paste the text key.  I had the pdf up on the tablet's screen and tried to copy the key by long press, but it wouldn't highlight, so I went and opened up the pdf on my laptop, copied the key and sent the key to myself in an email.  That worked.  In email, I was able to highlight and copy the plain text key.  So it's on the clipboard, but when I go to mycelium keys > add key, the clipboard button is still greyed out.  The mycelium app doesn't see the clipboard.  I was using gmail on a Nexus 7, if that helps any.  And the text definitely made it onto the clipboard, because I was able to paste it in other places, just not the mycelium app.
Do you have any suggestions?

there is also a known bug when you put something from Gmail to clipboard (but only on certain devices, Samsung S4 and apparently also Nexus 7) on my nexus 5 it works fine.
 there is most likely a workaround for this. but i haven't debugged it yet.
2  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 16, 2014, 02:43:08 PM
I want to use mycelium on two devices. 
How can I sync them?

create a backup on one phone, enable expert mode on the other phone and restore the backup.

(the key that was already generated there before is most likely not needed any more so you can delete it or move to archive)
3  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 15, 2014, 01:00:55 PM
Is there an ETA for the buying/selling platform?
Yes. basically, it is launched already if you join the beta testers group or if you compile it from source yourself. there you will be able to create offers and trade already.

it will be pushed via the official channel very soon. we are just coordinating on the media releases.
4  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 15, 2014, 12:54:41 PM
I just installed mycelium on my android tablet and I have a question about the backup.  

The pdf says it contains "keys."  Does it contain keys or does it contain one key?  Basic users (who don't operate in expert mode) only have one key, from what I understand.
A previous post in this thread seems to indicate that the backup does include other imported keys.
The pdf wording is pretty skimpy.  If it's backing up the entire wallet, it should say so.  Could you please explain it better?

The "Keys" tab is really only needed if you want to do complicated things in expert mode, or if you want to restore a backup.

If you have a default install you have only one key. Yes, the PDF could be nicer and more precise in its wording. We have good reasons to rewrite the PDF rendering (UTF support) but we are still looking for the right library to do this. most libraries which do it properly use proprietary closed source binaries.
the very nice PdfDocument is unfortunately only for Android 4.4:

And to answer your question: YES, it backs up the entire wallet, and if you verified the backup you don't need anything else. unlike bitcoin-core you will not be required to repeat the backup process.
5  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: April 08, 2014, 08:27:53 AM
Our systems have been patched to be protected from CVE-2014-0160. Nevertheless, we must assume that - for 8 hours after publication of this bug - it was theoretically possible to extract the ssl private keys. therefore, we will exchange the hard-pinned SSL keys on the clients to continue to protect the privacy of our users.

see also:

of course, this has nothing to do with the user private keys. even if we kept that bug open, your funds would still be safe.
6  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 27, 2014, 10:55:42 PM
link to the offline desktop is online now, source is also on github. it is in fact a simple tool:

github source for this tool:
7  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 27, 2014, 04:50:16 PM
If someone were to steal my phone, what would be the fastest way to use my backup to recover the coins without another android device?

You have to send the bitcoins to another wallet before the thief does.

Note that it may take the thief some time, because he first has to cut through your protection, like a 6-digit PIN.

For this you need a computer or smartphone. With a Mycelium backup the easier route is to use another smartphone, install Mycelium on it, restore the backup, and send all bitcoins to other wallets, for example to new wallets you create.

You could ask a trustworthy friend with a smartphone to do it for you, if you cannot obtain another new phone quickly enough.

There is a way to restore the wallet to a computer from the Mycelium backup, but I believe it is much more work.

i did create a backuputil.jar that allows you to restore the encrypted key to a desktop unencrypted. i will post a link to this tomorrow

the link will be: but i did not upload it yet Wink
8  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 22, 2014, 08:36:24 PM
Just hitting back and getting to the main wallet screen is enough to wipe the Cold Storage key from memory.
the key is also deleted if you finish the wizard successfully.
9  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 17, 2014, 01:31:28 PM
Think I disovered a small backup related bug. (Does not affect integrity of backups)

My wallet currently has 1 active address, 8 watch only addresses and an archived address. In the backup, the active one is listed as 1 out of 9, and then the 8 watch only addresses are listed as 1-8 of 9. There is no 9 out of 9.
Any comment?

I know we had a bug in the labels of the PDF. i assume just the numbering is wrong and the actual backup is fine.

if so, i'll put it in the low-prio bug category. we will eventually fix it someday or sooner if we get a pull request for it.

(what is more annoying is the lack on UTF-8 support in the pdf... ) this needs a major rewrite with a different PDF generation engine.
10  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 13, 2014, 11:18:07 PM
as this story develops, it looks like it might be exaggerated reporting. apparently, you would need a modified kernel that this needs to be exploited:

accoring to these articles, only the Galaxy S would be really affected.

Anyways, this serves as a reminder that one should store significant amounts on Paper only, and verify that the backup works.
11  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 13, 2014, 11:00:57 PM
Let me add that you need to install an app that exploits the back door to be vulnerable (or update an existing app which adds an exploit)
This is not true. The exploit gives access to anybody broadcasting a pirate signal from capable equipment also. Correct?

As far as i understand, you need to have actual malware installed, which in turn can bypass the process isolation. Of course, this malware can request access rights to Internet, Bluetooth or whatever, which could be used to abuse this remotely. But this is still quite fresh now, maybe i'm wrong.
12  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 13, 2014, 01:13:49 PM

One more thing: I had the chance to use message signing for the first time the other day, and it got me thinking - it's currently only possible to do this for keys that are stored on the device - would it be possible to integrate this feature with the cold storage spending functionality, so that we can sign messages on an ad-hoc basis, without needing to fully import the private key?

yes. this makes a lot of sense. it is just a question of how to integrate it in the UI.
13  Bitcoin / Development & Technical Discussion / Re: Berkeley Database version 4.8 requirement unsustainable on: March 07, 2014, 03:28:39 PM
if there is any remote plan to move to a new format, it is a good idea to include that change early, and already migrate.

so if you some day drop BDB completely from the standard distribution, you can say, wallets v0.XX or later do not need a migration.
14  Economy / Speculation / Re: REAL SATOSHI SPEAKS OUT ON P2P FOUNDATION WEBSITE on: March 07, 2014, 02:04:49 AM
but no double-space sentence ending.  how do we know the posting from feb.11 was not someone else?  
15  Bitcoin / Project Development / Re: [ANN] btchip : a Smartcard wallet - now with HD wallets support on: March 07, 2014, 01:54:49 AM
A sample desktop video of an integration in KryptoKit : (webm, so Chrome only ... just like KryptoKit  Grin)

This shows a bit better how the second factor works
how exactly did you obtain the pin that you had to enter later?
16  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 04, 2014, 10:29:03 AM
Would it be considered "unsafe" to test a cold wallet address (properly generated, live USB, BIP 38, dumb printer etc.) with the Mycelium cold storage spending function. All this on a dumb smartphone (factory reset, not connected to GSM network, just connected to wpa2 secure wifi to D/L mycelium to make the test spend)

Or should I be more paranoid and this address should be considered not "cold" anymore by having touched breifly the network? And using Armory is the only solution ?

that depends on your paranoia level. i'd say it is cold enough.
since i don't know anything about root exploits of that dumb smartphone, be sure to ONLY install mycelium.
17  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 03, 2014, 04:17:18 PM
Security question here: I store my backup online, but the 15 character password locally. If someone were to get ahold of my encrypted backup, how quickly could they bruteforce it? With 26 characters to choose from, there is 26^15 possibilities, but how long does it take to test each one?

I just measured it using this program:
   public void testSpeed() throws InterruptedException {
      long start = System.currentTimeMillis();
      int tries = 1000;
      for (int i = 0; i < tries; i++) {
         KdfParameters params = new KdfParameters("123" + i, TEST_SALT_1, MrdExport.V1.DEFAULT_SCRYPT_N, MrdExport.V1.DEFAULT_SCRYPT_R, MrdExport.V1.DEFAULT_SCRYPT_P);

      double duration = (System.currentTimeMillis() - start)/1000.0;
      System.out.println("duration:" + duration+" s");
      double speed = (double) tries / duration;
      double secondperTry = 1/speed;

      System.out.println("secondperTry "+ secondperTry+" / s ");

duration:104.771 s
secondperTry 0.10477099999999999 / s

i ran it with -server VM in sun JDK

so it does about 10 tries/second under near-optimal conditions on a fast CPU. (i7 4770K) in single-thread mode, with JIT compiler.

this means a single core takes 390 times the age of the universe to crack a single backup. when you speed that up to graphics cards, asics if becomes shorter but still outside human lifespans.
18  Bitcoin / Development & Technical Discussion / Re: Request for Comments on Audit Protocol on: March 03, 2014, 03:49:56 PM
this is an important topic.

without having read the full spec, i have to comment the following:

1) make liabilty proofs decoupled from asset proofs
liabilty (user balances) can and should be updated in real-time, while cold storage signatures can be updated manually each time the cold storage is accessed, or even less frequently. this does not protect against "losing the keys" but i cannot see how you can have a millisecond accurate proof when we are talking about cold storage.

2) it would be enough to sign+publish an HD wallet pubkey for the cold storage. a smart application could be checking the proofs by expanding the keys with a known lookahead window.

3) the asset proofs must include unique identification for an exchange, otherwise the exchanges

4) the liability proofs must include user email/id in a meaningful schema (part of the spec?)

5) the spec could also provide a target of cold storage funds (90% 98% etc) - the signed cold storage should typically be slightly lower than the stated liabilities, except if you commingle fees there.

Mycelium would love to see this implemented on exchanges, and we would implement an independent audit client, since our software already provides some of the needed infrastructure to query addresses.
19  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: March 01, 2014, 06:18:10 PM
I would like to make a simple feature request, if it's not already available (I was not able to find it): give the possibility to copy to the clipboard a public key in the address book or in the wallet.

Use case is when I'm chatting with someone or browsing a site requesting an address to make a payment I would be able to choose one of my addresses and give it to them.

Keep up the excellent work!
When you press receive you can copy your address to clipboard
20  Bitcoin / Alternative clients / Re: Mycelium Bitcoin Wallet on: February 27, 2014, 03:05:07 PM

v1.1.10  published.

(changes from 1.1.6)
*) message signing (go to Keys tab)
*) Hebrew, French, Korean, Polish translation
*) canonical S-values in signatures.
*) improved handing of exchange rates
*) remove Mtgox
*) added Kraken, Bitpay, Coinbase
*) new high-res launcher icons

Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!