Yeah, that's more like it. 38 bytes is what I expect for compressed private keys:
0x80 + 32-byte private key + 0x01 + 4-byte checksum
The 0x01 indicates it's a compressed key, and the address is computed differently. In a way that Armory doesn't understand yet. Another thing that will be supported in the new wallet format when it's done.
I actually have a chunk of code in the import dialog that detects you put in a compressed private key, but apparently that is malfunctioning. I just tried it, and it gave the too-big error instead of telling you that it's a format Armory doesn't support yet. I'll spend a couple minutes looking for that.
Cool. I'm looking forward to that new wallet format. Thanks for looking into this!
|
|
|
It's because that's not a standard private key format. In fact, I'm not sure what format it's in, because it's 36 bytes, and unless I did something wrong, it does not look like the last 4 bytes are a checksum. Therefore, Armory interpretted it as a 36-byte integer, which is clearly larger than that 32-byte integer shown there.
I'm not sure what's going on with that key...
Oops, I screwed up with the copy/paste. The real private key is: Kz9Eyg1rL27RnkUmmkofeyxdbWSn7ARQTdCiVKHLKxdhrMGNjTAp I did some more digging and this is a "private key associated with a compressed public key": "Private keys associated with compressed public keys are 52 characters and start with a capital L or K." https://en.bitcoin.it/wiki/Private_key
|
|
|
I'm trying to import the private key from a Bitcoin Wallet address. The private key is as follows (don't worry, I'm deleting the address from my wallet): Kz9Eyg1rL27RnkUmmkofeyxdbWSn7ARQTdCiVKHLKxdhrMGNj When I try to import that into my Armory wallet, I get the error message: The private key you have entered is actually not valid for the elliptic curve used by Bitcoin (secp256k1). Almost any 64-character hex is a valid private key except for those greater than:
fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141
Please try a different private key. This imports fine into applications such as brainwallet.org, however, and even display the correct public address. The associated public address is: 1N6TrY9HKhwS4G1AmAB1V7BjckqD7BtT2F
|
|
|
Are you printing/giving out any more of these? I got one with my Bitmit order the other day, they look great and I would love to give some out to friends.
I've still got a bunch from the original batch. I'll send you some for the cost of the shipping. PM me.
|
|
|
We're working hard on a production prototype and we're making good progress. As soon as I have something more concrete to show, I'll post here.
|
|
|
Back at the Pao Cafe in Newmarket, Matthew Carrano says he’s more than happy when his customers pay in Bitcoin:
“I believe in Bitcoin as a long term money supply. I don’t know if you’ve seen it, but Bitcoin has gone up in value versus the dollar quite a lot. I don’t have a lot of Bitcoin customers but when I do I’m content to hold on to the Bitcoin.” http://www.nhpr.org/post/digital-cash-finds-foothold-nh
|
|
|
Awesome, I'm gonna try this. Well, you guys were too slow and I just did it anyway. I also left out one critical reason: I really wanted this feature for myself! And I don't want to wait 2 months for it! I knew it would take me a day, and I'm sure someone would benefit from it, now. Also, it's not wasted effort -- it's more sample code for other users, and I got the fragment data structures ironed out which will be recycled when I implement it in the GUI.
|
|
|
My 2 cents Thanks for the options but . . . . I know that my current paper backups are safe and I don't plan on writing my last will and testament for a few decades. Take your time.
+1 I think you should take your time and keep to your development goals. When I posted the feature ideas, they were just things I'd like to eventually see in the software, and I'm glad that you'd already been planning them all along.
|
|
|
The annual Porcupine Freedom Festival (PorcFest), put on by the folks from the Free State Project in New Hampshire, is now accepting bitcoins for the registration fee (35 USD). Last year, PorcFest was one of the biggest celebrations of real-world Bitcoin commerce the world has seen, and this year it will take on a whole new level. Check out the thread from last year, and come join us in the White Mountains of New Hampshire. https://bitcointalk.org/index.php?topic=89714.0http://porcfest.com/register/bitcoin-registration/
|
|
|
I've ranted about this before, and I'll resist the urge to ramble about it again, but the gist is: if there is an encrypted backup option, everyone who's not thinking deeply about it will just use it because it sounds better, and they will end up with no plaintext backup anywhere.
You're right. I actually just read that rant, but my mistake was looking at this from my point of view rather than from a typical user's point of view. I would use it by printing an unencrypted paper backup, and then just printing out this encrypted backup as another layer of insurance in case the unencrypted backup gets lost/destroyed while I still remember my password. But as you pointed out, the typical user would probably not bother with the unencrypted backup. The other solution you offered, where you'd hand-write an additional code, would do the trick for me.
|
|
|
I don't expect to forget my password anytime soon
Nobody does, yet it happens all the time. Much better in my opinion is 2-of-3 paper backups: Three pieces of paper hidden three places. You need any two of them to recover the backup, but alone they are useless. I think they are on their way into Armory. I agree, but that's why I said I'd keep a plaintext backup, as well. Just not in a safety deposit box. There are always going to be tradeoffs, so it's important to have layers of security againsts both theft and loss. 2-of-3 is also my preferred solution, but this might contribute a beneficial layer of security, and it might be quicker to implement into the GUI.
|
|
|
I know this has been discussed before, but here's why I think encrypted paper backups would be a good idea. Possibly the most realistic failure mode is that the original binary wallet will get corrupted. You could make a few copies on flash drives, but those aren't that reliable either. You could put it on the cloud, but that opens up some more risk. Of course that's why we have paper backups. But I personally wouldn't want to put an unencrypted paper backup in a safety deposit box in a bank. I do think that's a pretty good place for an encrypted paper backup, though.
I don't expect to forget my password anytime soon, so if my digital backups fail, I can always go get that paper. I'll also keep my unencrypted paper backups, in case I do forget my password, but I feel I have to be much more careful with those. Since I don't want to make multiple copies of the unencrypted paper backups, they're more susceptible to loss and damage.
|
|
|
Yes, there will be QR codes everywhere. But I don't have plans to implement a QR reader in Armory unless someone basically does it for me... it's annoying to type in paper-backup stuff, but it should be a once-every-3-years kinda thing for most users.
It's true that that's the use case, however I believe there's one other important use case: testing the system in order to feel comfortable with the process. If someone puts their savings into their armory wallet and prints out three pieces of paper, the first thing they're going to want to do is try to restore the wallet from the pieces of paper. The QR code makes that much easier. To be fair, I did that test by typing in the words, and it wasn't that bad. It's also important to keep in mind the most likely failure mode. For instance, you could have a fantastic cryptographic system, an unhackable password, and a netbook that's completely isolated from the internet. And then the cable guy could slip a keylogger in your usb port, copy your encrypted wallet file, and come back a few days later to fix your router and take your password. That may be highly unlikely at this point, but infinitely more likely than somebody breaking a 160 bit password.
|
|
|
You're ridiculous! I was going to keep this a secret until I released the new wallets, but that may still be a while, and the feature is technically already done. If you hadn't specifically requested exactly what I just finished a few days ago, I was going to leave it to be part of mega-release with the new wallets That's amazing! Actually, one of the reasons it would be great to have this in the GUI is that you can create a QR code for each sheet of paper. That way it doesn't matter as much how much data there is. Netbooks have built in cameras and can easily scan the codes. Meni, you're right about m-of-n transactions, they are certainly much more flexible and powerful. However, it's going to take a while for them to be properly implemented and managed by the Bitcoin community, and I see this as a great temporary solution. Btw, etotheipi, I had the pleasure of meeting you at the Bitcoin Summit in Philly -- we were on the panel together at the end.
|
|
|
I've been playing around a lot with Armory as an offline wallet, and the one thing that would make me sleep better would be a 2-of-3 series of paper wallets. Right now you can only print a single wallet page, so if somebody breaks in to your house and gets it, they have all your coins. If Armory used something like ssss-split to print out three pages, where any two of them were needed, you'd be able to put them in three different places, making it very unlikely any thief would get to two of them. At the same time, you could lose one of three and still be able to reconstruct your wallet.
Does anybody else feel this would be a cool feature?
|
|
|
Thanks so much for sharing your experience! The more we know, the better off we'll all be.
To summarize, is it fair to say Dwolla is still growing into a Paypal like scary beast, but may have some slightly cheaper/better processes in place?
Still need to be aware that they can hault your funds in an instant, but hopefully it all works out in the end?
Last question for ya: Has Dwolla won your business back, or will you be sticking to wire transfers from here on out for Mtgox?
For me Dwolla is currently better than PayPal, because PayPal is useless for buying bitcoins and Dwolla isn't. Wires to MtGox have no advantages over Dwolla and several disadvantages: they're much more expensive, they're harder to execute, and they're harder to track. So I'll probably keep using Dwolla in the future. I'll probably just restrict it to MtGox transfers.
|
|
|
UPDATE: Just received this email from Dwolla. I don't have a recording of the phone call with their customer support but I do remember the agent saying that my account was suspended due to a violation of their TOS and that my transactions had all been cancelled. Still, it's nice that they apologized. Dwolla Support JAN 25, 2013 | 02:08PM CST Dear Josh, First, we are very sorry for what happened, we take full responsibility for any miscommunication. Let us try to explain: your account was never suspended. You were placed in a "verification" state, which reflected the conversation you had with our fraud team, to provide a [bank] statement, due to the increased transaction volume. We noticed you've since cancelled these transactions and had previously submitted a photo ID, and we've moved you out of the verification state. This state may have appeared to be confusing, as it does in some ways limit your actions within the Dwolla system. This is something we need to improve our messaging on. However, at no time were you suspended from using the service. We apologize for the inconvenience and confusion this may have caused. Let us be clear, that your account is fully verified, and may be used in accordance with our terms of service. Best, Dwolla Sincerely, Dwolla Support www.dwolla.com www.trydwolla.com (Send someone free money on us to get them started)
|
|
|
Mind me asking how much the wire transfer cost you? I'm guessing for me the fact that wire transfers cost more than zero is still the reason I'm ok with dealing with Dwolla thru their idiocracy...
It is pretty expensive. My bank charges a $45 flat fee, and I think MtGox charges about $10 on their end. However, I do know there are banks that will do it for $20. It's also less convenient than the Dwolla interface (come banks will still make you fax them a form), and it's hard to track where the funds are. It may even be slower, on average.
|
|
|
gotcha, but it sounds like there's no news...
You had your account verified and the transaction went thru...
did I miss something?
Okay, let me fill in some details. Throughout the last week I had to send in the same photo of my ID twice, after already submitting it last September, as their system repeatedly verified and unverified my account. At the time, I thought it was just a software glitch. Then, after waiting about a week for my funds to clear, they suspended my account before even trying to contact me, and cancelled those transactions. On the phone, I was led to believe that they wouldn't reinstate my account unless I sent them my latest bank statement going back 30 days, which I am not willing to do. At this point, even if I had confidence that they won't suspend my account again (and I have no such confidence), it would take another week for those funds to clear. Instead, I've wired the funds directly to MtGox. Hope that clears it up.
|
|
|
|