|
I see a lot of questions here about which keys are affected and which not.
As far as Bitcoin Wallet goes, it will rotate your keys no matter how you created them and if you used them for signing. This is because there is no supported way of importing keys from other sources than itself (backup), so all keys must have been created using the flaky random number generator.
I can't tell about the other apps, but I hope they will rotate all keys as well.
|
|
|
|
Sorry for not replying for a few days, had to prepare the update. Please read: https://bitcointalk.org/index.php?topic=271846.0Forget about all those trivial issues above. I think this is a much more important issue to discuss: Hello, The problem is that the bitcoin application generates bad signatures, reusing random numbers. In this case this transaction was the culprit: https://blockchain.info/de/tx/54ac98e2301b9c7fdab5cfe93907032cc1248f9d5995cee70f38e98ba93d2d7fCan you confirm that the transaction (sending 0.02 BTC to 1DzUV...) was generated by the android app? You should send a bug report to the author of the app you used to generate this transaction. The problem is that it uses the same r-value b8e6c364b50eada68923eb07930b294411826e6068f0dcbe7514154881d75812 twice in the signature, which is enough to break the ECDSA signature scheme and reveal the public key (5HrE9sgmeWu6mW...). Everyone can break the key with this information. This problem occurs more and more frequently in recent times. Usually there is a transaction to the 1Hkywx.. address within a few hours after the bad transaction, so it seems someone has a script that monitors this problem. At the moment there are 147 exposed keys. The recent ones usually have a lot of transactions before the problem occurs, so it seems to occur rarely, but it occurs several times a month (worldwide). I hope this post sheds some light into the problem. Technical discussion of this specific issued moved to here: https://bitcointalk.org/index.php?topic=271486.0 |
|
|
|
Please read the post quoted below. A fixed version 3.15 of Bitcoin Wallet is rolling out now. If you don't want to wait for the Google Play update, you can install directly from these links: Mainnet: http://code.google.com/p/bitcoin-wallet/downloads/detail?name=bitcoin-wallet-3.15.apkTestnet: http://code.google.com/p/bitcoin-wallet/downloads/detail?name=bitcoin-wallet-3.15-test.apkAs soon as you upgrade, it will create a "rotate transaction", sending your funds over to a fresh, secure key. Important: You need to backup your wallet again, because of the added key. The old keys will not be included in the backup, so keep your old backups around just in case. Generally, do not use old addresses/keys for receiving payments any more. Also make sure to not import old backups into any wallet. If you have a wallet with unconfirming transactions or if the rotate transaction does not confirm for a long time, consider replaying the blockchain. After replay, your funds should be rotated without problems. Thanks to everyone contributing to fixing this very serious issue! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 http://bitcoin.org/en/alert/2013-08-11-androidWe recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet. In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one. If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup. Updates for other wallet apps should be released shortly. Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.orgiQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74 svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7 lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24= =AFBd -----END PGP SIGNATURE----- |
|
|
|
|
Afaik the block count is just an advertised number. It can be wrong. If the node cannot prove that he actually knows the block in question then the others will not take that for granted, so they stay at the lower number.
Much less likely: The node has actually found a block but did not broadcast it.
|
|
|
|
I'm wondering if I set this wallet up, it will have a diff address than the wallet I have on my desktop right? Is there a way to clone the wallet so I can use both devices with the same wallet? (:
It's not a bug, it's a feature (-: Rather than "cloning" a wallet just keep two wallets and move funds between them using standard transactions. It's like with cash money: You either have it in your wallet with you, or stored at home in a cupboard, or stored in the safe at your local bank. It's not at all these places at the same time. |
|
|
|
|
Ich wünsche euch viel Spaß auf dem Stammtisch.
Viele Gruesse von der OHM!
|
|
|
|
Can't set "Restrict background data" on a per-app basis, it's global. Unless there's a mod/tweak somewhere that I don't have.
I'm on stock Android 4.2.2 (Galaxy Nexus). And, besides, if the data is restricted, wouldn't that just cause the app to be thrown in a loop also?
Not necessarly. If Android correctly notifies the app that network is down, the app will act appropriately and not fire up Peers/PeerGroup. I've never tried because I think it's worth to invest 1 MB of my 200 MB monthly mobile quota in being synched with the chain as much as possible. But since you're so convinced about the usecase - why don't you try? Btw. was just thinking about the looping connect bug again. I was exaggerating. It will not connect endlessly but only for 2-3 minutes at a time - there is a timeout built into the app. Still you want to avoid running into that bug if possible. |
|
|
|
I want to restrict this app's usage, though, not set a global setting in Android which would apply to all apps.
As I said, it's not global. Go into "Settings", enter Trusted Peer of "127.0.0.1", and check the checkbox "Skip Regular Peer Discovery".
This will keep it from making any unwanted connections whenever it wakes up.
It will drain your battery, as it will endlessly try to connect. Also see: http://code.google.com/p/bitcoinj/issues/detail?id=296 |
|
|
|
1. When paying, the user scans the QR code of the shop address where the payment has to be sent to
2. The user includes the amount to pay and signs the transaction in the phone (android/iphone/etc) wallet
3. Now the transaction gets converted into a transaction QR code in the user's phone -> Offline broadcasting
4. The shop seller can now scan the transaction QR code in the shop's POS which has to be connected to internet
5. The shop's POS broadcast the client's transaction and immediately verifies the payment
Let me know what you think of the idea and if there is any extra trouble you can think of.
This idea is implemented in Bitcoin Wallet since about 2 years. You can even use NFC for transmitting Bitcoin requests and transactions. Problem using QR: Some transactions are too big (in bytes) for QR codes. There is even a branch "bluetooth-offline-payments" that pairs a Bluetooth channel with requesting Bitcoins and uses that for sending the tx. Advantage: You don't need to scan a code twice (or use NFC twice). |
|
|
|
How/when are the exchange rates updated?
I can't find a way of doing it manually.
Rates are taken from Bitcoincharts, and if that's not available blockchain.info. Its refreshed every 10 minutes. What do you want to do manually? |
|
|
|
Any ETA on when HD wallets will be implemented?
Support for the algorithm has been merged for bitcoinj 0.10, which I think will be released shortly. However, it does not yet contain any wallet integration. I hope (but cannot know) that integration will happen in bitcoinj 0.11. At about the same time, I will try to roll first previews of HD wallets in Bitcoin Wallet. For a release, some more plumbing needs to be done, for example adapting the backup format. I'd say its at least 2-3 months away. But don't take my word for it. |
|
|
|
|
The problem with "just that option" is that it adds to the overall complexity of the app. Needs to be tested, maintained and supported. There is already far too many special cases. So generally I'm trying to remove options that are not needed any more.
My overall focus on the app is safety and being easy to use. I do not priorize rather specific needs of power users. I think those are better off using specialized tools. That said, maybe someone should start a branch of the app aimed at power users? It's all open source.
The "single trusted node" model is not supported - it's missing authentication. Including dust in blocks is something I don't want to encourage or support at all. Rather than donating via the transaction fee why don't you just use a separate transaction?
|
|
|
|
I very much want to be able to control the fee myself.
Why? |
|
|
|
|
Sounds like you might want to try the "Restrict background data" option in the Android settings. That can be set on a per-app basis I think.
Let me know the app behaves using that. If something fails badly, I'll try to fix.
In the same prefs, you even have the choice to add specific Wifis to a list of Mobile hotspots which can get a special treatment. You might want to explore into that feature for your corporate network.
|
|
|
|
|
Since a few weeks, the correct fee is now calculated automatically. So don't worry about your tx ending up in limbo.
|
|
|
|
|
First of all, there never was a "Sync on Wifi" checkbox.
If you want to spare your data plan, I suggest disabling mobile data in the Android settings. The "Sync on Power" setting was never good at that. Besides, the apps data usage is negliable nowadays (if you don't do a lot of blockchain replays).
|
|
|
|
Im using Version 3.13. Is this app downloading the blockchain to my phone to sync?
It only downloads a tiny fraction of the chain, just as much as it needs to provide the security of your wallet. |
|
|
|
As I said, I will change this with the HD wallet rework.
Will I still be able to have own imported keys (I have some old addresses I would like to keep) in my wallet after this change? Yes, this is planned. Either you will be able to mix one seed with several random addresses in one wallet, or you will be able to have different wallets (either deterministic or random). |
|
|
|
|
Show Posts
