1. windows 7 64 bit - I needed to install drivers and reboot the machine before the greenaddress app would recognize the wallet. Wasn't clear I needed a reboot
a reboot is probably not necessary (with Windows you never know though) but for sure it's necessary to kill all Chrome windows (so all Chrome process) - I'll mention that in the installation page 2. On my windows 8 machine it would recognize the wallet but it would also store my pin on the computer so it seemed like it didn't even need the card to access any funds until I went into settings to turn the pin remembering feature off.
that one is weird. Did you log previously with your mnemonic on that computer ? 3. On my windows 7 - 32 bit machine (company laptop) with some restrictive settings running the drivers never installed correctly.
that's kind of expected and will be a thing of the past once Chrome 38 is released - then we can move to Generic HID instead of WinUSB for the communication protocol (the dongle already supports both - we just configure it for WinUSB by default because Chrome 38 is still in beta)
|
|
|
sure, it shipped last wednesday 17
|
|
|
Coming from a fake italian, thanks for the review and the translation
|
|
|
Can someone explain to me how this improves the security of GreenAddress. As I am new to BTChip and GreenAddress.
Process to use GreenAddress/BTChip a) The GreenAddress seed is generated on the live machine. b) I store a backup of the seed and notedown PIN c) A copy of the seed is written to the BTChip d) BTChip is able to sign transactions e) However, the GreenAddress login can easily be done using the PIN. (without the need for a seed or BTChip). So, I assume the Green address seed is being stored somewhere on my PC. f) Even if you were to use the BTChip for login. The mnemonic can be easily accessed from the Green address GUI, once the login is accomplished. If it can be accessed using the GUI, I assume the malware can access it as well.
e) the PIN is disabled if you create the account when using the card - and you can delete the PIN if you decide to onboard an existing account into the card, which solves the problem. f) that part might be a bit confusing - you see the mnemonic on wallet creation, because it's not disabled right away, but you won't see it if you log in using BTChip after that. Then you can login with the btchip, if you lose the btchip you will lose all of course, for me it's easier to lose the btchip with my car keys than to lose a seed phase written in a paper and stored properly.
I'm not sure I get what you mean here - that might be because I don't drive, but you keep a seed backup in any case (whether the seed is generated by the GreenAddress client during setup, or generated by the dongle), that you can use if you lose the card - the point is that you never have to type the seed or the PIN into a potentially vulnerable computer again to log in or move funds. Nobody explain it but I think this works that way, if I'm wrong please correct me show me a user manual and then I won't have to suppose how.
the user manual is a bit lagging behind, we'll update the FAQ with specific BTChip security details soon
|
|
|
I'll pass it to GreenAddress to investigate. Did you create the seed on the device or externally ? Should not have any consequence though.
|
|
|
Yes, you can skip the X - it just marks the end of the seed, making sure you got everything (I'll update the documentation regarding that)
Then you can use any PIN you want - the PIN protects access to the dongle and is not related to the seed in any way
|
|
|
If you kept the seed backup, yes, it can be recovered. I don't understand how you're reaching that state though (other than by typing invalid PINs in a row). Are you confortable with Python ? Here's how you can restore the seed to a dongle with Python after installing https://github.com/btchip/btchip-python and replacing YOUR_SEED by your hexadecimal seed backup, with PIN 1234 from btchip.btchip import * from btchip.btchipUtils import *
SEED = bytearray("YOUR_SEED".decode('hex'))
dongle = getDongle(True) app = btchip(dongle) app.setup(btchip.OPERATION_MODE_WALLET, btchip.FEATURE_RFC6979|btchip.FEATURE_NO_2FA_P2SH, 0x00, 0x05, "1234", None, btchip.QWERTY_KEYMAP, SEED)
Use the same dongle and if it doesn't work please provide the commands log also, GreenAddress will add a mechanism to log on with the raw seed and restore the seed to a dongle, so you can directly do it from the web interface. bottom line, if you keep your seed, your money is never lost.
|
|
|
works for me after you ask for the seed generation you'll end up with this screen you can then click the "confirm" box then continue (note that if you read the seed on the same computer, you need to disconnect / connect again the dongle after reading the seed) Are you going through the same steps ?
|
|
|
No problem, you can use this thread, especially for information that's useful for everybody.
The second factor is indeed the 64 bytes seed that you can provide in the setup command.
The documentation might not be up to date regarding the final X, I'll have a look - this was added recently
|
|
|
Nothing if you received a fresh card - it's a way to update previously distributed test cards (after the San Jose 2013 conference - I still don't have a clean way to update those) to the latest firmware.
|
|
|
It is telling that order is expired even after sending BTC. Can you tell me why it is showing like that? Is it because of the confirmation? Will it be okay after it get some confirmations? Order reference : 06e84be6-4dfc-454f-8f8f-6be1f368f521 . TX : 0fa9d42f3704b22796cd7c494d0dfa4de236f401de5b9fbc1cb26049ba0e2013. Thanks! ~~MZ~~ yes, that transaction seems weird. Was it "pushed" by blockchain.info ? It seems that's the only reference seeing it. The firmware update for the 64 bit Windows drivers doesn't work, the zip file appears to be an HTML page saved under the wrong name. I also noticed that the FAQ is out of date, it says that the firmware cannot be updated.
the driver part should be fixed, thanks
|
|
|
Is it still possible to mix in some entropy of your own?
no, that was removed as it was not done properly and not that useful. Either you trust the RNG and it can generate the seed, or you don't trust the RNG and you can push it yourself (not supported by GreenAddress yet, I think)
|
|
|
yes, already in first post, thanks
|
|
|
Thanks to our great hosts in Prague for the party and to you for the review. Also note that BTChip uses a special mode when working with GreenAddress : the chip own second factor is disabled to create a smoother user experience, because we assume that the user set up GreenAddress second factor in a secure way (i.e. GreenAddress second factor is sent to an external device, such as a dumb-phone that won't be used to connect BTChip either, not an e-mail account viewed on the same computer) - so it "just" makes it less likely for you to get your part of the seed stolen by malware and abused when the chip is not connected, and that's about it. It is still possible to have the chip confirm every transaction using its own internal keyboard second factor (that'll require the unplug / replug dance) Future firmwares will improve the login & transaction signing speed significantly, and yes, we're considering a dual NFC+USB solution, with the same feature set. Have fun and enjoy more secure bitcoin transactions (even in the woods)
|
|
|
faut mettre des balises quand on trolle, tout devient plus simple après
|
|
|
Will you ever make an NFC version?
it's very likely. We already have picked a vendor that can do USB + NFC in one single package (our trademark ), and might even have a test form factor. Let's see how popular this can be and how it works (NFC might also not prove to be reliable enough, power stability wise) If not, there is always Helioscard too.
that might be right when they have a specification, an HD Wallet, deterministic signatures and proof that the card understands what it's signing, at least to be able to use some hard limits such as maximum amount / maximum fees / maximum change if not using a second factor to display the full transaction information (which is totally doable with NFC only if you check the 'open source' link in my signature). sorry, I have huge respect for Trezor and what they built from the ground up only with community roots, but I'm going to go back to my old trolling self on Helioscard as we obviously come from the same world
|
|
|
it would be great that the hw1 had its own enviroment like trezor with mytrezor
that's not planned - as it, not in a production environment, rather as an integration test. It's good enough to get additional third party wallets support, in my opinion.
|
|
|
|