If you're having issues syncing with 0.9.2.16: in src/version.h, change: static const int MIN_PEER_PROTO_VERSION = 70002;
to: static const int MIN_PEER_PROTO_VERSION = 70003;
I would imagine there will be a future update to make this official... |
|
|
|
...
A properly set up .conf file is by far the best approach and can increase your security by directing your client to only connect to trusted peers.
Curious. Are you stating that you should be explicit about what nodes to connect to? The only two instances I can think of off the top of my head where you could have problems is if: 1) Every peer you're connected to is on a forked chain. 2) Every peer you're connected to will not relay transactions. Each of these would seem unlikely, so am I missing something? |
|
|
|
...
The only funny business is that with the latest few versions of OSX it defaults to hide the library folder and you have to do something to make it visible. anyone can google "show library folder OSX" and find out how to do this though. its not fucking rocket science, but i dunno, maybe all these words i am saying just do not register in mind of a cave man?
...
 |
|
|
|
The final 1/2 of the fund has been sent to HashEngineering as stated in their requirements. If you need any support for the Android app please contact Hash via PM or on their thread. If you find the app useful I would urge you to occasionally drop Hash a donation to keep their interest and support (there is an address in the app). My care of the project is now complete, please direct future questions/comments to HashEngineering. |
|
|
|
...
You should always verify the sums to ensure that it is genuine and signed by cryptap.us and hasn't been changed. That step is absolutely necessary. True, but I've never signed that code... Something I still need to do when I find the time.... Would be appreciated. You have a lot of useful tools. Agreed, I'll prioritize that... Thanks! The paperwallet generator is now signed. My fingerprint is: 692C 0756 E57D 2FA1 7601 3729 010B 717F 231C E7AA |
|
|
|
This Friday will be 1 month since the Android wallet has been published to the Google Play store, and at that time the final 1/2 of the fund will be sent to HashEngineering as stated in their requirements. Does anyone have any showstopper bugs to report to Hash? If so, I urge you to contact Hash via PM or on their thread. Showstopper bugs would be ones that prevent the wallet from sending/receiving funds in some way. |
|
|
|
Thank you for the help everyone. I think I will try to disconnect from the internet after opening the wallet generator as cryptapus suggested. I'm assuming I will need to close the browser, reconnect, and reload the page for each new address generated, that's not a big deal though.
...
There is a "Bulk Wallet" tab that you can use to generate multiple addresses from the entropy created in the initial mouse movement step. You shouldn't need to reload for each address.
I'll donate a little UNO to cryptapus soon, he's been a big help and runs a great site.
Thanks! |
|
|
|
...
cryptapus: I'm in possession of a non-wifi-enabled printer now. Looks like I can print the keys but it seems a little extreme to destroy the printer...There is no way to wipe the memory? Also you said it must be Tails-compatible, I'm sure this one wouldn't specifically be but maybe most are, I'll give it a try.
...
How certain are you that the printer firmware was not written to store private keys then phone them home when the driver queries it? Is the firmware audited by a trustworthy source? I'm giving you the best advice I can think of, but as you stated earlier security risk is like a rabbit hole... For transparency, I certainly don't go through all those steps but I don't run Win or Mac and only use an open source OS/software that CAN be audited. That doesn't mean I have the time or skill to audit it all myself. At some point down this rabbit hole you may just decide that the level of security you're at is where you're comfortable, I'm just trying to share knowledge on what I've learned in the hope that it's helpful to you getting there...  |
|
|
|
I hope not. coinwallet.co should not be used to store money as they hold the private keys to the web wallets and can walk away any time. That's no different than an exchange. We need to remember that if you aren't the sole owner of the private keys, they aren't your coins... |
|
|
|
Update on my quest for pure cold storage:
Successes
I was able to import a private key from one of my brain test wallets into the 0.10b UNO client. It took a little longer to scan than I expected but worked perfectly.
I burned Tails onto a DVD and verified the download using Kleopatra.
I was able to save a text file in the Tails 'word editing software' to a flash drive and open it in microsoft word through my normal OS, this means I will be able to save the private keys and addresses easily.
I was very impressed with Tails.
Issues
I was not able to save the paperwallet.html file anywhere using Tails, it said 'permission denied' whenever I tried to access a place to save it to. I attempted to alter the properties>permissions but didn't know what I was doing and it didn't seem to work anyway. It appears that because of the default 'amnesia' properties of Tails you need to enable 'persistence' which can only be done when Tails OS is being used from a USB drive and not from a DVD. Sigh, I just bought DVDs for this and didn't want to free up a flash drive for this. For now I will download paperwallet.html through my normal OS onto a flash drive and attempt to open it through Tails.
Hmmm... Maybe "/tmp" in the tails live OS is writeable(?). If not, couldn't you use your flash drive as writable storage in tails or was that not writable either? Another option would be to browse to the site, but before you generate the keys by moving the mouse, disconnect the network cable/Wifi and do not connect it again until after you reboot since paperwallet.html does not need a network connection to generate the keys. That way the entropy happens after there is no networking. Security risks: (1) My verification of the Tails download is apparently imperfect because it relies on standard HTTPS. I looked into the verification options listed here: https://tails.boum.org/doc/get/trusting_tails_signing_key/index.en.html however I'm not sure how to find a "terminal" in Windows to correlate several downloads & it sounds like a lot of effort to download it from various locations and computers. Edit: There seems to be a "terminal" in Tails, I could probably download the OS from multiple locations and devices, move them all to a flash drive and use the Tails terminal to confirm that they are identical, but again, how paranoid do I want to get? (2) The download of the paper wallet program from cryptap.us will apparently still be vulnerable to a "man-in-the-middle attack" even when downloaded through the Tails browser. Probably not, that would require the ssl CA certs installed for the browser in the tails .iso file to be compromised when you downloaded it. Certainly possible, but not likely. (3) Downloading paperwallet.html through normal OS and browser without verification keys.
(4) Burning tails onto a DVD-RW which means it can be altered. I'm not sure if physical access would be required to do so, it was warned against on the Tails website but this seems like an extremely remote risk.
Seriously though, what level of paranoia are we talking here? What are the odds that somebody is intercepting connections with modified code of the unobtanium wallet generator and swapping files while avoiding a message warning me that I'm not protected by SSL?
Note: An average person reading this would probably think I'm a programmer or at least have experience with this stuff, but I'm just a normal guy with google and the help of smart people on bitcointalk. Thankfully all of this stuff is broken down into simple steps so with a little time and reading it's manageable. Though obviously most people, even most cryptocurrency users, would not bother going through this (seriously, if you had to guess what % of UNO is in proper cold storage?), so it would be nice if eventually more straight-forward cold storage programs are created for Unobtanium.
Another Question: Will the process of opening the flash drive file folder through my normal OS to access the private key word documents potentially compromise the files? I will place each key+address in its own document, however I will need to insert the flash drive whenever choosing to import one of the wallets into my client. I will also need to insert the drive when copying the files to my actual encrypted backup drives, although perhaps I can do that within Tails.
Certainly a risk if your OS is compromised. You could perhaps purchase an cheap (USB only, no wireless) printer to print out the keys in Tails (find one with compatibility with Tails) then destroy the printer. EDIT: Why was I able to save the text file to my flash drive but not the paperwallet.html file from the browser? Maybe there is a way around the persistence requirement by properly changing permissions.  |
|
|
|
Should I wait for you to sign that code or just download it through Tails for now and make changes later if needed? Edit: I've also never worked in the UNO console before. Before importprivkey apparently I need to decrypt the wallet. The command could be: wallepassphrase mypassphrase 120 Then that will allow me to import private keys for 2 minutes? Sorry for all the questions but I'm scared of messing something up, scared I will accidentally invalidate my passphrase or something  I'm learning a lot though, thanks again Until I have it signed you're welcome to use it as is. As I mentioned previously, it might be best to download a copy of it from a browser on your live CD to have less of a chance of it being altered by your os/browser. Just check to see if you're connecting to my domain via ssl (should be, I believe all non-ssl connections are forwarded to the ssl port). I believe your "walletpassphrase" command is correct. It should not damage your wallet.dat in any way. |
|
|
|
...
You should always verify the sums to ensure that it is genuine and signed by cryptap.us and hasn't been changed. That step is absolutely necessary. True, but I've never signed that code... Something I still need to do when I find the time.... Would be appreciated. You have a lot of useful tools. Agreed, I'll prioritize that... Thanks! |
|
|
|
Okay, this sounds like it may go pretty fast. You two were very vast to respond, thank you. I'll post again with an update or if I run into problems.
There is no risk with importing several private keys into my wallet while testing even when it is still holding considerable funds? If not, that would also be a smoother way to move funds from my brainwallet test addresses rather than through the transactions tab at cryptap.us, just import them into the wallet then send to one consolidated address.
There should be no risk. "importprivkey" simply imports the private key into your wallet.dat and scans the blockchain for transactions associated with that key. Edit: I've seen some folks recommend that if you do this not to import the private key into another active wallet.dat, perhaps some versions of bitcoind had issues with transactions showing up that were not originating from your wallet.dat, but I've not looked into that... I believe I've tried it before and not noticed any issues.... but memory is fuzzy in this area... |
|
|
|
OKAY I've done some reading thanks to cryptapus and BitcoinNational and I'm nearly prepared to properly secure my UNO for long term storage. > At https://cryptap.us/uno/paperwallet.html , right click, 'save as..', save to USB drive. > Burn Tails to DVD > Restart computer through Tails OS. > Open cryptap.us program, generate 10 addresses with 10% of my holdings designated for each. > Save the public addresses and private keys to two encrypted flash drives using a strong but memorable passphrase. Store each drive hidden in different locations. > importprivkey 1 of the addresses in control panel of 0.10b encrypted wallet. Do I have that right? Did any of you do this? I have never used Tails so I'm not yet sure if it will be easy to access and open the wallet generator using that OS. I'm also not sure how to copy>paste the addresses into a document to be saved to the flash drive, is there some kind of wordpad-like program in Tails?Cryptap.us also says this "If you are familiar with PGP you can download this all-in-one HTML page and check that you have an authentic version from the author of this site by matching the SHA1 hash of this HTML with the SHA1 hash available in the signed version history document linked on the footer of this site." but that seems like something that is not necessary if I'm saving it directly from the site? Of course I will test with small amounts first, but I want to be sure I have this right before starting. The PGP message is a vestige of the original bitaddress.org pointbiz version, it's not relevant to my alterations for the UNO network. The fact that you're connecting to my https://cryptap.us site via ssl should be sufficient to prove that you're getting the latest version of my code. I should elaborate here a little bit... As long as you've connected to https://cryptap.us and you have TRUSTED certs installed I believe the above is true. However, if your OS/browser has been compromised and an UNTRUSTED cert is installed in your browser the above would be false... Be wary here. Perhaps using the Tails cd to connect and download the paperwallet.html site would be best...
Tails should have all that you require, but in the off chance that it does not, you could also use an Ubuntu live cd in place of Tails. It's my understanding that Tails will remove items in physical memory when it shuts down and thus is theoretically more secure, but it's my opinion that that's probably not necessary as long as you power down fully and maybe remove the battery as well to make sure the memory has no power to hold a state. Forensics entities might be able to go back and find what was in memory, but more than likely you'll power back on to your old OS and it will overwrite it... Depends on how paranoid you are I guess...
Very wise to test this on a small amount until you're familiar with the procedure, highly recommended.
|
|
|
|
OKAY I've done some reading thanks to cryptapus and BitcoinNational and I'm nearly prepared to properly secure my UNO for long term storage. > At https://cryptap.us/uno/paperwallet.html , right click, 'save as..', save to USB drive. > Burn Tails to DVD > Restart computer through Tails OS. > Open cryptap.us program, generate 10 addresses with 10% of my holdings designated for each. > Save the public addresses and private keys to two encrypted flash drives using a strong but memorable passphrase. Store each drive hidden in different locations. > importprivkey 1 of the addresses in control panel of 0.10b encrypted wallet. Do I have that right? Did any of you do this? I have never used Tails so I'm not yet sure if it will be easy to access and open the wallet generator using that OS. I'm also not sure how to copy>paste the addresses into a document to be saved to the flash drive, is there some kind of wordpad-like program in Tails?Cryptap.us also says this "If you are familiar with PGP you can download this all-in-one HTML page and check that you have an authentic version from the author of this site by matching the SHA1 hash of this HTML with the SHA1 hash available in the signed version history document linked on the footer of this site." but that seems like something that is not necessary if I'm saving it directly from the site?Of course I will test with small amounts first, but I want to be sure I have this right before starting. You should always verify the sums to ensure that it is genuine and signed by cryptap.us and hasn't been changed. That step is absolutely necessary. True, but I've never signed that code... Something I still need to do when I find the time.... |
|
|
|
OKAY I've done some reading thanks to cryptapus and BitcoinNational and I'm nearly prepared to properly secure my UNO for long term storage. > At https://cryptap.us/uno/paperwallet.html , right click, 'save as..', save to USB drive. > Burn Tails to DVD > Restart computer through Tails OS. > Open cryptap.us program, generate 10 addresses with 10% of my holdings designated for each. > Save the public addresses and private keys to two encrypted flash drives using a strong but memorable passphrase. Store each drive hidden in different locations. > importprivkey 1 of the addresses in control panel of 0.10b encrypted wallet. Do I have that right? Did any of you do this? I have never used Tails so I'm not yet sure if it will be easy to access and open the wallet generator using that OS. I'm also not sure how to copy>paste the addresses into a document to be saved to the flash drive, is there some kind of wordpad-like program in Tails?Cryptap.us also says this "If you are familiar with PGP you can download this all-in-one HTML page and check that you have an authentic version from the author of this site by matching the SHA1 hash of this HTML with the SHA1 hash available in the signed version history document linked on the footer of this site." but that seems like something that is not necessary if I'm saving it directly from the site? Of course I will test with small amounts first, but I want to be sure I have this right before starting. The PGP message is a vestige of the original bitaddress.org pointbiz version, it's not relevant to my alterations for the UNO network. The fact that you're connecting to my https://cryptap.us site via ssl should be sufficient to prove that you're getting the latest version of my code. Tails should have all that you require, but in the off chance that it does not, you could also use an Ubuntu live cd in place of Tails. It's my understanding that Tails will remove items in physical memory when it shuts down and thus is theoretically more secure, but it's my opinion that that's probably not necessary as long as you power down fully and maybe remove the battery as well to make sure the memory has no power to hold a state. Forensics entities might be able to go back and find what was in memory, but more than likely you'll power back on to your old OS and it will overwrite it... Depends on how paranoid you are I guess... Very wise to test this on a small amount until you're familiar with the procedure, highly recommended. |
|
|
|
Great stuff in the UNO TECH link in your signature BitcoinNational. I'm satisfied about how much of that I've already figured out and implemented piece by piece on my own previously. There are a few things though that I'd like to have clarified.
1) Say you make 5 addresses and send funds to them, then place the encrypted backup on an encrypted USB in the secondary location. Then I make five new addresses and send funds to them. Does the secondary backup still access the original 5 addresses? I'm not sure if adding new addresses invalidates the entire old private key, or if we're warned about that just because the newest addresses wouldn't be backed up. Say if the first 5 addresses contain 1,000 uno but the next 5 contain only 10 UNO, then I won't fuss about it as long as the original 5 are still covered. I suppose it shouldn't matter, I should just make 50 new addresses, label them then I can leave the secondary backup for years and not have to worry about it.
If you have 1000 coins in an address in Unobtanium-qt/unobtaniumd and you send 1 coin, the change will typically NOT be returned to the previous address (unless you specify it with the coin control features). It might be best to create two wallet.dat files, one with most of your funds that you don't plan on spending from and another wallet.dat for daily spending with a small amount. You could even split up your "stash" wallet into addresses that hold, let's say, 1/10th of your stash. Each time your spending wallet runs out just "importprivkey" one of those address private keys to refill your hot wallet. 2) In regards to keyloggers. I've gotten a bit paranoid that you can never really know if you're free of keyloggers. I went to the extent of placing a basic Linux program on a USB drive to initialize my ledger wallets offline. Although I do use ESET NOD32, which it seems literally updates my virus signature about 10 times per day. I do visit sites cragv warned against, things you wouldn't tell your grandmother about or torrents or w.e. So my two questions here are: Should I be able to feel at least 98% confident that my computer is safe from keyloggers while using ESET NOD? I know I have never had any breaches from the 50+ websites I've logged into or wallets I've used in 15 months, but I'm sure that's not evidence to conclude I've never been infected. Even then I'm not happy with 98%, so am I able to create true offline wallets despite having only one laptop?
Probably, a tails live cd, a copy of the paperwallet index.html file on a flash drive, and your disconnected laptop I think is a good recommendation. 3) Would downloading the html of the cryptap.us brainwallet program be an improvement in security despite my computer still being used online? Bonus stupid question: would it help at all (guard against keyloggers) simply to disconnect from the internet when using the program? Does Cryptapus prove that the website can not store which brain wallet phrases are typed in? (I know, people have told me he's trusted, just asking).
You certainly could download the brainwallet html, just don't forget to also grab the javascript files referenced in it. You will lose the "transactions" capability since you can't grab unspent transactions from a block explorer. It might be easier to just grab the paperwallet.html file since the brainwallet functionality is also built in and it's just the one file. Verifying that no keylogging is taking place can be done by examining the javascript. Not really an easier way to prove a negative in this case. But it's probably best to not trust anyone, myself included, with your money. The best advise is to examine the code in detail to prove to yourself that no monkey business is going on... |
|
|
|
An Unobtanium brain wallet with the pass phrase "nebula" stayed untouched for 3 days until I used it in a giveaway challenge on my twitch stream. Another wallet with the pass phrase "photograph tropical" survived for 14 days until just now when I moved the funds. It seems nobody is scanning for UNO brain wallets at this point. This is only a test though, I will leave many test wallets scattered about with phrases of varying difficulty. Any brain wallets that I may use for actual storage would be highly complex, test amounts are only 0.0099 UNO.
I guess I should setup brainflayer |
|
|
|
blockchain.info has been hacked (probably).... It was showing Satoshi's block 1 coins move but all other explorers say it's not true... |
|
|
|
|
Show Posts
