I'm having difficulty getting it to run. Here's what I'm getting after installing from git on OSX Yosemite. $ hashmal Traceback (most recent call last): File "/usr/local/bin/hashmal", line 13, in <module> import hashmal_lib File "/usr/local/lib/python2.7/site-packages/hashmal_lib/__init__.py", line 5, in <module> from main_window import HashmalMain File "/usr/local/lib/python2.7/site-packages/hashmal_lib/main_window.py", line 8, in <module> from dock_handler import DockHandler File "/usr/local/lib/python2.7/site-packages/hashmal_lib/dock_handler.py", line 4, in <module> from docks.addr_encoder import AddrEncoder File "/usr/local/lib/python2.7/site-packages/hashmal_lib/docks/__init__.py", line 6, in <module> import tx_deserializer ImportError: No module named tx_deserializer
|
|
|
Yes but there is a choice - the Trezor finds the addresses on demand and send to server via the web-page, or the webpage, knowing the XPUB, sends the addresses to the server, or the server gets the XPUB. Three possibilities. I looked over the bitcointrezor.com site in hope of finding the answer, but I didn't. So you are probably right, the XPUB is sent from the Trezor all the way to the server.
It's not #1, the Trezor doesn't know which outputs it owns, or which addresses are used. Pretty sure it's #3, it makes the most sense. Otherwise the JS client would either have to send the server a large number of addresses at once, or check them a few at a time. Looking at the source code here, it seems to support this.
|
|
|
I thought they changed it.
They extended the Chrome app so that you can configure the Trezor without sending any data to Satoshi Labs (or anyone). However, myTREZOR (or the wallet of your choice) still needs to know which addresses have been used in order to determine your balance and history.
|
|
|
mytrezor.com wallet sends xpub to server to retrieve transaction history. However Chrome extension does the device management without revealing any information to our servers. It is completely standalone application, so it does not even reveal your IP to us.
and just to be clear i understand the terms, xpub means "master public key", correct? thanks for clarifying. The master public key for the account, not the entire tree of accounts.
|
|
|
is there a way to initialize a Trezor seed w/o revealing the master pubkey to mytrezor.com? is that what python trezor is for? can it be done through Mycelium?
The only way I know of currently is using python-trezor. Theoretically you could do it using any software though.
|
|
|
What am I doing wrong?
Using MyTrezor Lite. It's kind of crap. Try Mycelium instead, all you need is a USB OTG cable and you can even spend from your phone when your Trezor is connected.
|
|
|
Is this Trezor Bridge official? Or is it some kind of beta?
I don't think official and beta are antonyms. It's official SatoshiLabs software, if that's what you're asking. It's very simple and works, so if it's a beta I don't think it really matters.
|
|
|
Thanks! That fixed it in Chrome for me, and it seems to work well now. But as you mentioned, I expect that this option will be removed fairly soon so I should probably migrate to Electrum or something similar for using my Trezor.
Have you tried using Trezor Bridge? It replaces the browser extensions. Bridge is basically just a tiny standalone web server that certain whitelisted sites can use to communicate with the Trezor.
|
|
|
So you can have infinite and separated set of addresses at your own disposal based on the passphrase while having one single private key in the form of the seed? That's neat. Thank you.
That's not quite right. There's one mnemonic, that's the 24 word string. Combined with any (or no) passphrase, the mnemonic gets turned into the seed, and then the root private key. Each passphrase you use with the same mnemonic will generate a different root private key.
|
|
|
Is the public key protected by PIN or confirmation preventing rogue websites from stealing it? Having your public key leaked would link all your transactions for the life of the seed.
This is actually a good point in the context of Trezor Bridge. It's not an issue with the extension because you have to manually allow it to run on every website that tries to use it. With Bridge though, it's a tiny web server that is potentially always running on your computer, allowing anyone to connect. Perhaps Trezor Bridge should require the PIN to be entered before a new connection can be made?
|
|
|
We have a labeling feature more or less ready, but it sits in the merge queue and needs to be properly merged in and tested first. The labels will be stored in cloud storage of your choice and securely encrypted via TREZOR.
This is literally the perfect solution. Will this work for both account and address labeling?
|
|
|
How I did it: CARD A: words 1-16 CARD B: words 9-24 CARD C: words 1-8 + 17-24 you can add some dummy words to get 24 words on the card and make it look like a full seed if you are paranoid That is not a secure replacement for Shamir's secret sharing scheme. Specifically, with SSSS, having less than N pieces of the split secret provides no information about the secret itself.
|
|
|
why do you think they are switching away from the current backend...
Slush is one of the founders of Satoshi Labs, so I think he would know what they're working on... would satoshilabs be willing to sell me a first edition metal Trezor for 1.0 BTC ?
They've stated repeatedly that they have no plans of ever offering the metal Trezors again.
|
|
|
It is actually a good idea. It shouldn't be too expensive. So I assume you plan on running one for the community then?
|
|
|
I don't understand why don't Satoshi Labs just run 2 or 3 instances of the web site. You could use the other one when the first one is down and also the spread load would mean less race conditions in the backend code. You don't even have to have a load balancer, just make it www1. www2. etc.
They don't want to and never intended on running even one. myTrezor only exists because by the time the Trezor was ready, no wallet software had integrated it yet.
|
|
|
BIP70 only supports request. What about send? There's no good way to embed a message in a bitcoin transaction. Sorry. Why do you require that? BIP70 also requires request party has a CA and url. A lot of p2p won't have those.
It doesn't require a SSL certificate, it's extensible so you could use GPG identities, but trust networks aren't very well established. Perhaps if you told us what exactly you were trying to do, we could be more helpful?
|
|
|
What's the best way to embed a note in the transaction? And the note can only be read by receiver. thanks Yes, please don't create lots of unspendable scriptPubKeys. There are more prunable ways of embedding messages into transactions. And there are even better ways of associating messages with transactions, so only people involved with the transaction can read the message (if that's desired).
In other words, lets figure out how to do this the right way. The way you're doing it now will stop working as soon as the network upgrades anyway (0-value outputs are nonstandard as of the 0.7 release).
The method Gavin was probably talking about is the Payment Protocol, which was still in development at the time of his comment.
|
|
|
Exactly. AFAIK Trezor plans to implement this BIP once it's accepted (It's in the final draft stage now). But provided that BIP70 is used, device may be able to protect you against address replacing malware.
It is and has been active for a while. Final is final, the reference implementation has been completed and accepted by the community. See here.
|
|
|
|