btchip (OP)
|
|
January 06, 2013, 10:36:09 AM Last edit: December 05, 2014, 06:37:03 PM by btchip |
|
Revamped first post old first post content stays after the line below, for historical purposes only as the scope and supported features changed quite a lot - you don't need to read below the line if you're new to the projectBTChip is a bitcoin/altcoin hardware wallet in a USB smartcard - low cost, secure, and available now - buy from https://buy.hardwarewallet.com (limited promotional offer, 2 cards for 20 €, payable in bitcoins) See installation and setup instructions on http://www.hardwarewallet.com - BTChip works out of the box with GreenAddress (Chrome application & Android wallet) and Electrum (upcoming release) For developers : Updates are always posted on twitter : https://twitter.com/btchipUser tutorials :User reviews : ------------------------------------------------------------------------------------------------------------------------------------------------------------------- (Word of warning for people who got a sample at 29c3 and plan to attack it - there will be some chip spoilers during this post)Hi Hardware bitcoin related projects look quite alive & kicking in 2012, which is great here is my take on the topic of smartcard wallets, with a real world implementation Smartcard wallet vs hardware walletFirst an hopefully unbiaised comparison between smartcard wallets and hardware wallets : Pro smartcard wallet- Hardware security : making sure an attacker who got the device will have a very hard time extracting something useful from it. Also protection against side channel attacks, especially during known-to-leak cryptographic operations.
- Cost : not considering an additional reader, an initial target cost per unit between 0.5 and 1 BTC is realistic (not considering large volumes). Shipping costs will be lower too, as sending an hardware wallet in a simple letter envelope seems harder.
- Durability : limited failure options with a single hardware component.
Against smartcard wallet- Not Open Source : smartcard chips and associated toolchains are heavily covered by NDAs, which makes sharing the source a pain. It's of course possible to release an Open Source smartcard wallet application running on an open smartcard platform, but you still need to trust the platform.
- Limited protection against custom malware attacking bitcoin transactions : a hardware wallet will offer a display or buttons to review transactions. It is still possible to offer some protection against this in a smartcard as we will see, but not as extensively.
- Limited code options : modern smartcards f.e. SC000 based look more and more like typical microcontrollers, if you don't consider the RAM size - however that's still not what you get in a typical secure product. Moreover coding on an "open" platform such as Java Card limits you to what the cryptographic API can offer, which can be an issue for the bitcoin protocol (f.e. ECDSA signature is only offered over SHA-1 for one of the most recent Java Card version, considering the card supports ECDSA first)
BTChip project http://www.btchip.com1.4.4 firmware specificationThis project started as a more or less 2 weeks hack of a generic smartcard OS to offer bitcoin friendly APIs. The initial motivation was to see if it could be done, and also the pleasure of tweaking a project initially dedicated to banking applications to support something outside the system The chip used is an ST23YT66 which is your regular smartcard microcontroller with a twist : USB support. Which means it can be directly connected into a USB port with no reader necessary. It features an implementation of the basic smartcard wallet described below an advanced smartcard wallet described in the specification, using USB HID as transport protocol - because it's more convenient than CCID for a general public application. Here's the roadmap for the coming weeks, which will be updated as things get done : Release the first samples at 29c3 - done- Improve the key generation & signing speed.
Target is less than 2s, maybe less than 1s Now 900 ms to generate the keypair / 900 ms to sign Maybe support the advanced wallet model (discussion below check the specification), but that's unlikely.- Support additional rich clients - so far there's a prototype for bitcoinj and integration into the official client is in progress. If you're a client developer and want a sample to play with, don't be shy and drop me a PM
- Support web clients -
even if Java security has been a bit controversial in the past months (and Java browser support turned into a sick joke on OS X) I've had good success with javahidapi running in an applet container and Java should still be available on public computers, so it can be a starting point. since I wrote this Java security got even worse (hats off to Oracle, that's quite an achievement), so browser plug-ins here we come Exposing hidapi through FireBreath is quite easy, so that's the preferred approach so far. A few words about GlobalPlatformThe GlobalPlatform Card Specifications are a set of specifications implemented by most recent multi application smartcards - they define how the card applications and cryptographic materials are isolated, as well as how to establish a secure transport channel (Secure Channel - think TLS with authentication and optional confidentiality using only symmetric keys) between the card and an external entity. The smartcard wallet implementations will rely on GlobalPlatform concepts to : - Define how keys are inserted into the card
- Authenticate the user to validate access rights to access specific keys
- Optionally authenticate the card responses
Smartcard wallet architectureWe assume the user store a lot of keys, not necessarily related to each other (i.e. not necessarily generated by a deterministic wallet) To support this model, no ECDSA key will be stored on the smartcard and the smartcard will only manipulate the private component of an ECDSA key (S, 32 bytes) in an encrypted form. A key used to encrypt private component of an ECDSA key is called a Context Key. Context Keys are stored on the smartcard itself and never revealed. The suggested encryption algorithm is Triple DES in CBC mode (because Triple DES capable cryptoprocessors are still way more common than AES capable cryptoprocessors nowadays on smartcard chips). A bitcoin client stores the private key in an encrypted form along with the reference of the Context Key used to access it. It then sends SHA-256 hashes to sign to the smartcard for a non transaction aware smartcard wallet, or each component of the transaction to sign for a transaction aware smartcard wallet, along with the encrypted private key to sign with. A Context Key can be associated to a specific GlobalPlatform Secure Channel. In this case, the user should be authenticated to the Secure Channel before being able to sign a transaction. Basic smartcard wallet (non transaction aware)The basic smartcard wallet just knows how to generate a keypair over the bitcoin ECDSA curve, and sign something. It is not aware of anything else bitcoin specific, and does not need to support SHA-256 either. The following APIs are defined : Generate Keypair : takes a Context Key reference, generates a keypair over secp256k1, returns the public component of the key (W) and the encrypted private component of the key (S') using the Context Key. Import Private Key : takes a Context Key reference and a cleartext private key component (S), returns the encrypted private component of the key (S') using the Context Key. Sign : takes an encrypted private key component (S'), the SHA-256 hash to sign, and returns the ASN-1 encoded signature components. Verify (optional) : takes a public key component (W), the SHA-256 hash to verify, the signature and returns ok or not ok. Advanced smartcard wallet (transaction aware) (old version, check the posts below for the updated version)The following description is mostly outdated and kept only for reference - check the firmware specification insteadThe advanced smartcard wallet proposal uses a simple concept to defeat useful malware : all output addresses must be authenticated by the card when included in a transaction. In this model, before starting a transaction you'd take the output addresses, provide them to the card to be encrypted on a trusted computer or a different platform, then go on with the transaction signing. Two new type of keys are defined, the Address Key, which is used to encrypt an address, and the Secure Hash key, which is used to encrypt a SHA-256 context. In this implementation the smartcard needs to support SHA-256 and optionally RIPEMD-160 if automated keys generation for change is desired The following APIs are defined : Generate Keypair For Change : takes a Context Key reference, an Address Key reference, generates a keypair over secp256k1, returns the public component of the key (W), the encrypted private component of the key (S') using the Context Key, and the associated encrypt address. Encode Address : takes an output address, an Address Key reference and returns an encrypted address that the smartcard will authenticate later. Secure Hash Generic : takes a generic part of the transaction which is not an Output script, a Secure Hash context (or nothing if creating a new hash), a Secure Hash key reference and returns an updated (or new) Secure Hash context. The Secure Hash context holds the context of the SHA-256 hash, encrypted by the smartcard. It is sent back to the host instead of being kept in RAM in case people are interested to have a distributed implementation. This function must validate the provided data i.e. make sure that no Output script can be hashed by this function (f.e. by fragmenting it into meaningless parts). Secure Hash Output Script : takes an Output script, a Secure Hash context, a Secure Hash key reference, a list of encrypted addresses and associated Address Key references and returns an updated Secure Hash context. The Output script structure is parsed and only accepted if the given address matches one of the encrypted addresses passed. Sign Secure Hash : takes an encrypted private key component (S'), a Secure Hash context, a Secure Hash key reference and returns the ASN-1 encoded signature components. Protecting against custom malwareCreating multiple Context Keys can be effective protected by a Secure Channel can help fragmenting the risks for large wallets - supposing an all powerful malware grabbed the authentication key of the Secure Channel and can play transactions, the risks are limited to the private keys linked to this Context Key. Another simple method to protect against custom malware using an USB implementation can be to rely on an annoying fact : powering off a USB device by software is painful. Using this model, we can choose to accept one signature per session and force the user to unplug/plug again the device for each signed output - a cheap way to check that no additional outputs were added, but requires free fingers to count and doesn't prevent a malware that'd just replace a legitimate transaction by a fake one rather than adding outputs to a legitimate one. Feel free to comment and improve on this
|
|
|
|
|
|
|
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
finway
|
|
January 06, 2013, 01:34:35 PM |
|
Cool
|
|
|
|
paraipan
In memoriam
Legendary
Offline
Activity: 924
Merit: 1004
Firstbits: 1pirata
|
|
January 06, 2013, 02:19:32 PM |
|
Kick ass! Read half of your post and had to comment (goes back reading...)
|
BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1128
|
|
January 06, 2013, 06:17:46 PM |
|
I saw your clone of bitcoinj, great to see this announced. It sounds very cool.
I have some questions.
Firstly, you state that this chip can be attached directly to a USB port without any reader necessary, but the image you provide looks like a regular smartcard, which won't physically fit. So how does this work, exactly? Could you post a photo of one attached to your computer?
Secondly, I'm still a little confused as to use cases. As you admit, because it simply signs hashes in the standard mode, this is security-wise equivalent to having an encrypted wallet on a PC. If malware gets onto the machine it has to wait until the user makes a transaction, and can then steal all the funds. So a BTChip seems to have same security as a strong password, with the downside that you cannot back it up and you have to carry it around. Could you elaborate more on where you see this product fitting in? For instance, could it store time horizons (block time of earliest transaction, latest transaction) and be used as a kind of card-based wallet?
|
|
|
|
btchip (OP)
|
|
January 06, 2013, 08:10:25 PM |
|
I saw your clone of bitcoinj, great to see this announced. It sounds very cool.
I have some questions.
Firstly, you state that this chip can be attached directly to a USB port without any reader necessary, but the image you provide looks like a regular smartcard, which won't physically fit. So how does this work, exactly? Could you post a photo of one attached to your computer? Hi, sure. First you cut the shape in the center Then you fold it Then you can insert it Secondly, I'm still a little confused as to use cases. As you admit, because it simply signs hashes in the standard mode, this is security-wise equivalent to having an encrypted wallet on a PC. If malware gets onto the machine it has to wait until the user makes a transaction, and can then steal all the funds. The basic use case is indeed very similar to an encrypted wallet, but offers some additional security in my opinion. One thing is that once a malware obtains the passphrase to an encrypted wallet, it can grab the private keys and use them later without requiring any interaction from the user. Using a smartcard wallet, the malware can request the smartcard to sign something using those keys, as long as the smartcard is connected and agrees to sign (you could set a session based limit according to the number of outputs you plan to sign, for example, and after this the card would have been to be removed / inserted again to be operational, or other creative countermeasures). The biggest difference is that the private key is never manipulated in a usable form by the host. You could also make the malware attack less successful by using different encryption keys for the private keys, each one using a different PIN. So a BTChip seems to have same security as a strong password, with the downside that you cannot back it up and you have to carry it around. You can back it up, and it's very important to do so the idea is to generate the context keys (encrypting the private keys) on a trusted computer when you first use the card (or decide to create a new context key), and keep the Triple DES key value in a safe place (printed / gpg encrypted ...). Thus you can exchange keys between another client implementation and the smartcard if you wish. Could you elaborate more on where you see this product fitting in? I can see it fitting some space between the pure software approach and the hardware wallet for people wanting some additional security, as it's cheaper to produce and distribute. And rebrand, if you consider the BTChip form factor (f.e. a web based wallet providing this to its users). Also as a side note more secure if physically attacked. Now if the consensus is that basic mode is not secure enough, then I'll see how this can be improved and we can discuss it. For instance, could it store time horizons (block time of earliest transaction, latest transaction) and be used as a kind of card-based wallet? yes it could do that, although it has a very limited storage capacity (on this version, 16 kb). Can you elaborate more on this ?
|
|
|
|
paybitcoin
Member
Offline
Activity: 85
Merit: 10
1h79nc
|
|
January 06, 2013, 08:37:38 PM |
|
Secondly, I'm still a little confused as to use cases. As you admit, because it simply signs hashes in the standard mode, this is security-wise equivalent to having an encrypted wallet on a PC. If malware gets onto the machine it has to wait until the user makes a transaction, and can then steal all the funds. So a BTChip seems to have same security as a strong password, with the downside that you cannot back it up and you have to carry it around. Could you elaborate more on where you see this product fitting in? For instance, could it store time horizons (block time of earliest transaction, latest transaction) and be used as a kind of card-based wallet?
I can see it adding a bit more trust in a centralized, cloud-based card-provider scenario. The customer wins because the card provider doesn't have any way of getting at the funds directly as only the encrypted private key is stored (short of breaking 3DES.) They can also backup the funds directly in case the card provider goes defunct. If you add more verification in the card itself to only allow signed transactions from the card provider, then the card provider and customer are secure in the fact that the signed transactions are not affected by malware (except if the recipient/merchant generating the transaction is infected, but at least someone can see it before it is signed.) The customer would still have to trust the card provider not to spend all the funds as part of the next transaction, but then the card provider would also have to be cooperating with the merchant terminal/ host software provider to hide this fact when showing the receipt before signing. Another note on this smartcard, there will always be some sort of cloud provider/host in the mix as the actual private key is _not_ stored in the card itself. Therefore (and as btchip just posted) it needs to be transferred to the card for signing. btchip, if there is 16 kb of storage space available, is there a way to store and transfer out the encrypted key directly? Then you could do offline signing, as long as you trust the host software. Also, is it kilobits (Kb) or kilobytes (KB)? I see in the chip posted there is 66 Kbytes of User EEPROM...
|
|
|
|
btchip (OP)
|
|
January 06, 2013, 08:48:11 PM |
|
btchip, if there is 16 kb of storage space available, is there a way to store and transfer out the encrypted key directly? Then you could do offline signing, as long as you trust the host software. Also, is it kilobits (Kb) or kilobytes (KB)? I see in the chip posted there is 66 Kbytes of User EEPROM...
16 kilobytes. There are 66 Kbytes indeed, which are mostly used by the bitcoin patch in this implementation so yeah, you'd be able to store a few private keys, too. It's just less convenient when the card is lost, and less interoperable with other clients. another idea for a (stupid) countermeasure against malware : generate a one time pad, and when signing, ask the user for a random value.
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1128
|
|
January 06, 2013, 09:17:24 PM |
|
By time horizons, I mean, if I buy a card and put some keys in it and then load up those keys with some coins, if I give it to somebody else I want them to be able to quickly load up a usable wallet. For sites that have a full index of the blockchain (like blockchain.info or things that use their API) you don't need any other data, but most nodes don't have such an index. For them knowing the block span which may be useful to scan can speed up synchronization immensely. It means storing two extra ints, so hardly a big deal if you have 16kb.
|
|
|
|
btchip (OP)
|
|
January 06, 2013, 09:27:05 PM |
|
ok I see, just for synchronization purposes. Yes, no problem doing that, creating extra files is already supported in the current version (and security restrictions can apply for read / update / delete access). I just need to map it in the client API.
|
|
|
|
btchip (OP)
|
|
January 10, 2013, 01:28:19 AM |
|
Some news ... On the key generation/signing speed, things are definitely improving. More interestingly, we found a way to reclaim more free space on the chip. Which means the advanced scenario is definitely possible, and I'd like to improve it a bit. The target is to have something that is easy to use and difficult to impersonate, of course, and define a protocol that could be applied to any hardware device without a display and buttons. The previous advanced protocol is a bit too complicated to use if all new addresses have to be encoded, IMHO. So, a new idea, authenticating only the addresses : When the device is received, a table is generated and can be printed. The table is a 0...255 index with values associated to user actions to perform. Values are assigned randomly to the indexes - From 1 to 34 : enter char 1 to 34 of the address
- From 100 to 157 : enter number of time the character 0..57 of base58 is present in the address
When requesting a signature to an address, the dongle will generate a few challenges (number can be fixed by the owner) - each challenge is a 0...255 random number, and the user has to perform the action matching this index to proceed The client software can display all information needed for computation, and the user can recheck its validity easily.
|
|
|
|
btchip (OP)
|
|
January 21, 2013, 10:51:57 PM |
|
Some news ... Key pair generation and signature are both at 900 ms each now. Rather than adding a new giant wall of text to this forum the specification for the upcoming new firmware release has been published on github : btchip 1.4.1 firmware specification (do not use the table of contents on this link, clone it locally if you want to do that) Description of the challenge mechanism used to authenticate addresses - I've tried my best to be confusing for an automated malware, and hopefully not too confusing for the user, but let me know Now development of the firmware goes on and the first integration of the new features (including some absolutely non nice UI to play the challenge game) will be done for bitcoinj.
|
|
|
|
btchip (OP)
|
|
January 27, 2013, 08:28:50 AM |
|
Another thread reminded me of a use case for this smartcard wallet which might not be obvious to everybody - server side security. When you read the specification you might wonder why during the hashing process the hash-in-progress is sent encrypted to the host rather than staying on the chip - this is done to support transparent load balancing with several chips. You can then support X * chips transactions per second on a server with a very good security level for cheap - an attacker will need to keep connected to the server in order to do something useful. Of course if you plan to compete with Visa and Mastercard, old fashioned Hardware Security Modules are still recommended, but don't come with the same price tag
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1065
|
|
January 27, 2013, 05:20:24 PM |
|
- Not Open Source : smartcard chips and associated toolchains are heavily covered by NDAs, which makes sharing the source a pain. It's of course possible to release an Open Source smartcard wallet application running on an open smartcard platform, but you still need to trust the platform.
OK, lets assume that I have no reservations against signing NDAs and developing wholy closed source. Could you please answer the following questions: 1) What is the cost of one complete development seat for the target platform? 2) Would the toolchain vendor even be willing to consider NDA from an one or two person shop (and no personal assets pledged) as valid?
|
|
|
|
btchip (OP)
|
|
January 27, 2013, 06:19:57 PM |
|
ok, I assume you've already explored the "open" alternatives such as Java Card which are easier to design for and want to go native for your projects. Then 1) is probably not the issue. I'd say less than 10k$ whatever the vendor. Often less than 5k$. 2) is more tricky. It's fine for a small shop if you can show references (preferred use case, but it might be a chicken and egg issue for you) or are extremely convincing, and in all cases can justify a business plan of a large amount (I'd say 1 million should be fine) of sold units for the next few years, most likely including a large pre-paid order. I'd recommend attending a specialized industry show such as Cartes where you can find all vendors and see who's the most interested in your project.
|
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1065
|
|
January 27, 2013, 06:37:56 PM |
|
ok, I assume you've already explored the "open" alternatives such as Java Card which are easier to design for and want to go native for your projects. Then 1) is probably not the issue. I'd say less than 10k$ whatever the vendor. Often less than 5k$. 2) is more tricky. It's fine for a small shop if you can show references (preferred use case, but it might be a chicken and egg issue for you) or are extremely convincing, and in all cases can justify a business plan of a large amount (I'd say 1 million should be fine) of sold units for the next few years, most likely including a large pre-paid order. I'd recommend attending a specialized industry show such as Cartes where you can find all vendors and see who's the most interested in your project. Thank you very much. I was mostly courious if the situation had changed since the last time I researched it. Only costs went somewhat down, other than that things haven't changed much.
|
|
|
|
btchip (OP)
|
|
February 25, 2013, 11:41:02 PM |
|
In case some bitcoiners are attending Mobile World Congress 2013, I'll have a few samples available on the 26th and 27th with an intermediate firmware version (faster than the one distributed at 29c3, but without the anti malware features) - just leave a message. Then development of the new firmware will resume faster, hopefully
|
|
|
|
btcusr
Sr. Member
Offline
Activity: 405
Merit: 255
@_vjy
|
|
March 15, 2013, 10:30:01 AM |
|
Is it possible to use two different keys in such a way that either of those keys could sign? Just for the single key failover case / redundancy. Hope it would act like duplicate door keys..
|
|
|
|
btchip (OP)
|
|
March 15, 2013, 06:54:57 PM |
|
Is it possible to use two different keys in such a way that either of those keys could sign? Just for the single key failover case / redundancy. Hope it would act like duplicate door keys..
yes, as long as two chips share the same context (triple DES) keys, they can be exchanged.
|
|
|
|
yokosan
|
|
March 15, 2013, 08:00:04 PM |
|
Contact Kim Dotcom. He has a job for you.
|
|
|
|
btchip (OP)
|
|
March 16, 2013, 05:32:12 AM |
|
Contact Kim Dotcom. He has a job for you.
don't worry, we thought about that (this space reserved for a not really useful but fun device picture)
|
|
|
|
drazvan
|
|
April 15, 2013, 04:40:02 PM |
|
Hey guys, I've sent you an email (contact (at) btchip (dot) com ). I think I might have a solution for your problem with the fact that the smartcard doesn't have a display and keys. We have a service called VeriFi ( https://www.veri.fi) that receives HTTP requests and calls you on the phone to ask you a question (it could be like "Rosie's shop wants to charge you $5 for shoes, do you want to authorize this transaction?" - you would say "yes" or "ok" and the transaction would go through. If you say anything else, it doesn't. So if your BTChip smartcard asks the card reader to establish an encrypted (or maybe just signed) channel to our server, it can ask it to call the user and tell him the amount and the merchant name, then get his/her authorization to proceed and sign the transaction. It could work something like this: 1. Terminal sends AMOUNT + MERCHANT_NAME to the smartcard. 2. Smartcard generates a signed request like "smartcardid:AMOUNT:MERCHANT_NAME:nonce:signature" and sends it to the terminal. 3 .Terminal sends request to VeriFi (it can't modify it, it's signed) 4. VeriFi calls the user, gets his response, then sends back "smartcardid:nonce:ANSWER:server_signature". 5. Terminal sends the signed response back to the smartcard. Even if the terminal is hostile, it can't modify a request. Even if it replays a request, VeriFi will ask the question again but the answer will be useless since the smartcard will compare the returned nonce with the one it expects - so it won't accept the answer. So it would essentially be like your smartcard wallet calling you on the phone to authorize the transaction. Pretty cool, huh? Razvan
|
|
|
|
btchip (OP)
|
|
April 15, 2013, 09:07:57 PM |
|
Yep, thanks for your inputs, that's interesting. I should browse that e-mail as often as I browse this forum However I'd like the service to be as simple, cost effective and standalone as possible - so the new (to be published soon) specification provides a somewhat similar scheme, which is intended to be validated by a smartphone application in order to check the payment destination, amount, fees and change, to avoid having a malware gaming any part of the protocol - as well as profiles to automatically authorize transactions fitting authorized limits / authorized addresses. I'll definitely keep your proposal in mind in case the smartphone use case proves too difficult to deploy though.
|
|
|
|
btchip (OP)
|
|
April 24, 2013, 05:15:21 PM |
|
Specification updated to 1.4.2, which should be really close to the really final thing (yes really ) - featuring full transaction control, done automatically for user specified limits or with a manual confirmation from another device (such as a smartphone). BTChip specification 1.4.2Also, two of us will exhibit at Bitcoin 2013, don't hesitate to drop by, say hi and grab a sample.
|
|
|
|
btchip (OP)
|
|
May 02, 2013, 05:14:30 PM |
|
Random show teaser
|
|
|
|
btchip (OP)
|
|
May 19, 2013, 08:07:30 AM |
|
For those who picked a sample at Bitcoin 2013 during the last 2 days, thanks - for the others, there is still plenty of time to pick one today I've updated the http://www.btchip.com/wallet.html page of the website so that you can check if the browser Plug-in is working fine for you. After enough people report I'll make a dedicated announcement as this can be used by all other HID based wallets (let's keep the spam level to a minimum for the time being) Very impatient developers might also peek at the /jsapi directory on the website, at your own risks
|
|
|
|
|
|
btchip (OP)
|
|
May 30, 2013, 11:24:47 PM |
|
The browser plug-in has been updated to fix Windows-64 issues, it should work fine now.
|
|
|
|
Luke-Jr
Legendary
Offline
Activity: 2576
Merit: 1186
|
|
June 13, 2013, 03:19:47 AM |
|
Hmm, I presume you're aware Bitcoin usually needs at least 2 outputs (and often more than 1 input) for transactions.. is that broken as implied by "Only a single point-to-point output"? It would make sense to support sending to any arbitrary script equally - not just the (semi-deprecated!) pubkeyhash form It might also be wise to *not* expose IMPORT PRIVATE KEY to untrusted users (at all), as this is an attack vector in ordinary wallets.
|
|
|
|
btchip (OP)
|
|
June 13, 2013, 05:47:37 AM |
|
Hmm, I presume you're aware Bitcoin usually needs at least 2 outputs (and often more than 1 input) for transactions.. is that broken as implied by "Only a single point-to-point output"?
Sure, we might want to make this more clear in the specification then - I meant "one chosen no-change output" here. So one change output, one payment output, and multiple inputs are supported. It would make sense to support sending to any arbitrary script equally - not just the (semi-deprecated!) pubkeyhash form you can do that, but then lose the anti-malware protection you get when the card is able to check the content of the script - of course I'll gladly look into any better future proof format you can point me to provided it can be parsed easily - plus it'd be a great opportunity to test a firmware update It might also be wise to *not* expose IMPORT PRIVATE KEY to untrusted users (at all), as this is an attack vector in ordinary wallets.
Which attack vector do you have in mind ? This function is used to work with an existing transaction (i.e. encrypt the private key with the context key so that the chip can sign a new input with it), but cannot be used to dump a private key.
|
|
|
|
Luke-Jr
Legendary
Offline
Activity: 2576
Merit: 1186
|
|
June 13, 2013, 06:00:18 AM |
|
It would make sense to support sending to any arbitrary script equally - not just the (semi-deprecated!) pubkeyhash form you can do that, but then lose the anti-malware protection you get when the card is able to check the content of the script - of course I'll gladly look into any better future proof format you can point me to provided it can be parsed easily - plus it'd be a great opportunity to test a firmware update How does checking the form of the script provide any malware protection? Malware can certainly use pubkeyhash just as easily as other scripts... BIP 16 describes the current P2SH standard. It might also be wise to *not* expose IMPORT PRIVATE KEY to untrusted users (at all), as this is an attack vector in ordinary wallets. Which attack vector do you have in mind ? This function is used to work with an existing transaction (i.e. encrypt the private key with the context key so that the chip can sign a new input with it), but cannot be used to dump a private key. Perhaps I'm misunderstanding your function here, but the attack vector on wallets would be something along the lines of: - Put some worthless amount on a key, trick some user to import it to "redeem" the key (or, in this case, just import it to some unsuspecting smartcard in "untrusted" mode!).
- Later, initiate a payment to said person. But instead of the address they give you, send it to the one you tricked them into importing.
- Play dumb and have the user/merchant verify your payment manually. It's in the wallet, so it's theirs, right?
- Attacker receives his goods, and uses his copy of the private key to redeem all the funds back to an address he controls exclusively, out from the user/merchant's wallet.
|
|
|
|
btchip (OP)
|
|
June 13, 2013, 06:33:14 AM |
|
How does checking the form of the script provide any malware protection? Malware can certainly use pubkeyhash just as easily as other scripts... BIP 16 describes the current P2SH standard.
Thanks, that'll be easy enough. In untrusted mode, we know the card always produces the same (simple) script given inputs + change address + payment address and does not take an arbitrary input script to sign, so this protects against something that would ask to sign "pay to X or oh by the way to me as well" instead of "pay to X" - granted this would likely be rejected by the client today, but I had the feeling it was safer to whitelist rather than to think about all possible scripting abuse here. We can still do that with BIP 16 by forcing the script we'll sign. And we can add a mode in which we still check the inputs and the amount / fees / change involved then have the user verify the provided script, the same way we have them optionally check the amount / fees / change / change address today with a signature of what the card has seen, for more open use cases. - Put some worthless amount on a key, trick some user to import it to "redeem" the key (or, in this case, just import it to some unsuspecting smartcard in "untrusted" mode!).
- Later, initiate a payment to said person. But instead of the address they give you, send it to the one you tricked them into importing.
- Play dumb and have the user/merchant verify your payment manually. It's in the wallet, so it's theirs, right?
- Attacker receives his goods, and uses his copy of the private key to redeem all the funds back to an address he controls exclusively, out from the user/merchant's wallet.
oh sure, makes sense. never forget good old social engineering I'll make sure this is disabled in untrusted mode (I think it already is but it can't hurt to double check and document it).
|
|
|
|
btchip (OP)
|
|
June 16, 2013, 05:05:03 PM |
|
The specification has been bumped to BTChip Specification 1.4.3 ( github link) to support submitting a transaction to a P2SH address. You can use this great opportunity to suggest new features and stuff you'd like to change, even if there's almost no space left
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1001
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
November 03, 2013, 04:12:32 PM |
|
So whats up with the BTChip project? I still have my "0.1" BTC cards from the conference, but the website looks more or less dead. Whats up with the project? I really like the idea- but has there been any progress?
|
more or less retired.
|
|
|
jonasbits
Newbie
Offline
Activity: 16
Merit: 0
|
|
November 14, 2013, 12:59:55 AM |
|
So whats up with the BTChip project? I still have my "0.1" BTC cards from the conference, but the website looks more or less dead. Whats up with the project? I really like the idea- but has there been any progress?
I really like this concept, is there any progress?
|
|
|
|
btchip (OP)
|
|
November 21, 2013, 12:12:35 AM |
|
Oops. Guess I should check that thread more often There have been some thoughts about improving the malware detection, which will be available in the next firmware version. Also, a lot of under the hood upgrades of the generic smartcard platform used to host BTChip (among those : code saving, RAM saving, more code saving, more RAM saving, migration from generic HID to WinUSB, did I mention code saving ?), and of course, significant yak shaving, such as an open source Java Card implementation that can be used for developers to play with the concept. The biggest remaining task right now is a clean integration into a few clients - we don't want to go on sale without that, and we need to find more free time to do it properly. Also yes, the website needs some serious redesign - it started out fine, then I touched it So, sorry guys, we're not dead, just a bit slow on the bitcoin topic.
|
|
|
|
btchip (OP)
|
|
December 25, 2013, 11:55:40 PM |
|
Big specification update at the usual location - BTChip Specification 1.4.3 ( github link) (yes, the version isn't bumped yet) Main new features : - HD Wallets
- New anti-malware method, using the dongle as a keyboard (similar to the Java Card contactless notification option)
- WinUSB support for integration in Chrome-family browsers without external plugins
- Partial transactions signing (for CoinJoin oriented projects, with still some user validation)
And a new form factor To be hopefully finalized during 30c3, come and get your sample if it's ready
|
|
|
|
btcusr
Sr. Member
Offline
Activity: 405
Merit: 255
@_vjy
|
|
December 27, 2013, 02:42:16 AM |
|
All the best!
|
|
|
|
|
btchip (OP)
|
|
December 29, 2013, 08:52:43 PM |
|
I think there is plenty of space for multiple secure hardware wallet implementations Trezor is fully open source while we are with open specifications. We are better protected than trezor against side channel attacks. Trezor has a screen and buttons while we plan to be the cheapest secure hardware wallet available so feel free to choose the best implementation for you, or even better, pick both That said I fully support the trezor project, ordered one, and I'm typing this while waiting for their 30c3 presentation
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1001
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
January 03, 2014, 05:09:33 PM |
|
I'm still waiting on when I can redeem my 0.1 BTC chips!
|
more or less retired.
|
|
|
btchip (OP)
|
|
January 04, 2014, 05:16:54 PM |
|
I'm still waiting on when I can redeem my 0.1 BTC chips!
oh ok, then I think I should have been a bit more clear with what what distributed, sorry - the printed amount was mostly to show what could be done with the product - none of the chips contained anything else that the (now outdated) code.
|
|
|
|
btchip (OP)
|
|
March 06, 2014, 11:10:02 PM |
|
A sample desktop video of an integration in KryptoKit : http://www.hardwarewallet.com/video.html (webm, so Chrome only ... just like KryptoKit ) This shows a bit better how the second factor works
|
|
|
|
apetersson
|
|
March 07, 2014, 01:54:49 AM |
|
how exactly did you obtain the pin that you had to enter later?
|
|
|
|
btchip (OP)
|
|
March 07, 2014, 05:30:20 AM |
|
how exactly did you obtain the pin that you had to enter later? and that's the interesting question it's obtained by removing and inserting the dongle again, which could not be shown just by recording the desktop. It then re-enumerate as a HID keyboard and types the transaction summary + unique transaction PIN (to be done on the same computer or on a different device supporting HID keyboard depending how confident/paranoid you feel )
|
|
|
|
Cactusizer
Newbie
Offline
Activity: 50
Merit: 0
|
|
March 07, 2014, 08:38:00 AM |
|
Good job.
|
|
|
|
jonasbits
Newbie
Offline
Activity: 16
Merit: 0
|
|
March 17, 2014, 02:09:26 AM |
|
This looks very good,
would it be possible to prepare a "emergency" transaction where the funds is sent to a cold storage paper wallet?
In case your Btchip is lost or stolen, you could have multiple ways to send this "emergency" transaction. On small problem is that this needs to be done every time you move coins in or out of your wallet.
|
|
|
|
btchip (OP)
|
|
March 17, 2014, 06:37:00 AM |
|
This looks very good,
would it be possible to prepare a "emergency" transaction where the funds is sent to a cold storage paper wallet?
In case your Btchip is lost or stolen, you could have multiple ways to send this "emergency" transaction. On small problem is that this needs to be done every time you move coins in or out of your wallet.
The good thing is that thanks to HD Wallets, you can do that off card - in case it's lost, you can enter your seed into a client that'll iterate through all indexes of the wallet up to a given number, check the balances of all addresses against the blockchain, then prepare the transaction.
|
|
|
|
|
btchip (OP)
|
|
May 11, 2014, 03:54:14 PM |
|
Any news? Yes, an upcoming firmware update in a few days adding most of the missing features, C test code, and new APIs for multisignature and prepaid cards as we're discussing distribution deals with a few exchanges / marketplaces, right for the opening of "La Maison du Bitcoin" (a new physical french hub for bitcoin startups) and Bitcoin 2014 (where I'll be on the Prismicide booth, BTChip being used as a prototype of that card) Getting closer to the commercial launch, for real this time you'll still be able to grab a few samples at the conference though
|
|
|
|
FlappySocks
|
|
May 11, 2014, 08:36:37 PM |
|
Could the btchip be used like the Yubikey for web site 2fa? If so, I think this would give additional value to my own customers.
|
|
|
|
btchip (OP)
|
|
May 11, 2014, 10:29:30 PM |
|
Yes, you could do something closer to Fido than OATH (so better, IMHO) with BitID as the new version supports message signing. It requires installing a browser extension though - it's not designed to just type OTPs (we have another unrelated product doing that)
|
|
|
|
spring.yu
Member
Offline
Activity: 115
Merit: 10
Cryptocurrencies is future
|
|
May 12, 2014, 08:16:07 AM |
|
Is it possible to use two different keys in such a way that either of those keys could sign? Just for the single key failover case / redundancy. Hope it would act like duplicate door keys..
yes, as long as two chips share the same context (triple DES) keys, they can be exchanged. If so , did it safe?
|
|
|
|
Search
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 13, 2014, 02:23:10 PM |
|
the same concern
|
|
|
|
|
|
|
btchip (OP)
|
|
June 04, 2014, 10:12:19 AM |
|
|
|
|
|
doof
|
|
June 12, 2014, 05:15:07 AM |
|
|
|
|
|
Peter R
Legendary
Offline
Activity: 1162
Merit: 1007
|
|
June 12, 2014, 07:15:43 PM Last edit: June 13, 2014, 01:51:22 AM by Peter R |
|
Cool project! I am new to this thread, so please excuse me if I'm slow but I want to make sure I understand the basic idea behind BTChip: 1. The smartcard stores a "context key" that is only known by the smartcard. 2. The smartcard can: a. read a cleartext private key, and return the cleartext public key and the "context key"-encrypted private key; b. generate a new keypair internally, and return the cleartext public key and the "context key"-encrypted private key; 3. The smartcard can also: a. decrypt a "context key"-encrypted private key (from the user) and use that to sign a hash (also from the user) b. verify an ECDSA signature. I know there is a lot of advanced functionality, but did I get that right? This has applications (like you point out) such as signing bitcoin transactions on a local machine in such a way that the private key decryption and hash signing is done "offline." Another application is to produce signatures at brick-and-mortar stores to authorize certain transactions (assuming the merchant could determine a valid cyphertext private key). I have a few questions: You mentioned using the ST23YT66 secure smartcard microcontroller. Was this chosen instead of a regular microcontroller so that you could take advantage of the security provisions, cryptographic primitives and user identification methods without having to write your own? You mentioned that "the smartcard wallet implementations will rely on GlobalPlatform concepts to define how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, optionally authenticate the card responses." Is this basically ISO/IEC 7816? I can understand adhering up to ISO/IEC 7816-4 (ADPUs) and in your case ISO/IEC 7816-12 (USB), but since a custom reader application will always be required, is there a need to adhere to any other sections? Basically, I am wondering if it would be possible to start with something like an ARMCore MCU, write firmware to support up to ISO/IEC 7816-4 (APDUs), add whatever cryptographic operations you need to Trezor-Crypto, and then define your own spec for "how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, etc." This would allow everything to be open-sourced too, if that was your desire. At the same time, I think you'd still be compatible with the majority of smart-card readers currently deployed in the field (as they'd need an update to their application software anyways to interface with BTChip).
|
|
|
|
btchip (OP)
|
|
June 13, 2014, 05:26:35 AM |
|
(Fry really wants to buy something)
I plan to keep talking while taking your money, how cool is that ? Cool project! I am new to this thread, so please excuse me if I'm slow but I want to make sure I understand the basic idea behind BTChip: No problem, welcome ! Also the whole thread is quite outdated and the technical description got stuck 2 years in the past, but let's see The best up to date references are the API https://btchip.github.io/btchip-doc/bitcoin-technical.html and C API https://github.com/btchip/btchip-c-api1. The smartcard stores a "context key" that is only known by the smartcard.
This was the old architecture when I couldn't generate BIP 32 keys. Now the "context key" only applies to "trusted input" - only a way to bind an amount to a prevout by having the card sign a specific output of a transaction. 2. The smartcard can: a. read a cleartext private key, and return the cleartext public key and the "context key"-encrypted private key; b. generate a new keypair internally, and return the cleartext public key and the "context key"-encrypted private key;
yup. Still, for the old version. 3. The smartcard can also: a. decrypt a "context key"-encrypted private key (from the user) and use that to sign a hash (also from the user) b. verify an ECDSA signature.
Still correct (also still for the old version). The new version fully parses the transaction. I know there is a lot of advanced functionality, but did I get that right? This has applications (like you point out) such as signing bitcoin transactions on a local machine in such a way that the private key decryption and hash signing is done "offline." Another application is to produce signatures at brick-and-mortar stores to authorize certain transactions (assuming the merchant could determine a valid cyphertext private key).
I have a few questions:
You mentioned using the ST23YT66 secure smartcard microcontroller. Was this chosen instead of a regular microcontroller so that you could take advantage of the security provisions, cryptographic primitives and user identification methods without having to write your own?
yes, especially because it is hardened by design. also because we write operating systems for smartcards during the bitcoinless parts of our professional lives You mentioned that "the smartcard wallet implementations will rely on GlobalPlatform concepts to define how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, optionally authenticate the card responses." Is this basically ISO/IEC 7816? I can understand adhering up to ISO/IEC 7816-4 (ADPUs) and in your case ISO/IEC 7816-12 (USB), but since a custom reader application will always be required, is there a need to adhere to any other sections?
this was done because parts of an old version of the operating system was reused for a quick prototype - it's no longer the case now. Basically, I am wondering if it would be possible to start with something like an ARMCore MCU, write firmware to support up to ISO/IEC 7816-4 (APDUs), add whatever cryptographic operations you need to Trezor-Crypto, and then define your own spec for "how keys are inserted into the card, authenticate the user to validate access rights to access specific keys, etc." This would allow everything to be open-sourced too, if that was your desire. At the same time, I think you'd still be compatible with the majority of smart-card readers currently deployed in the field (as they'd need an update to their application software anyways to interface with BTChip).
yes, and that's definitely the approach we're taking with one part of http://www.prismicide.com/ - the other part being a 95.8% (insert another random % here) open Operating System working on a regular smartcard, which still has some benefits considering getting a sane crypto stack that's not trivially vulnerable to SPA/DPA is a hard problem, both on the IP and technical side, and preventing trivial information recovery from a generic purpose microcontroller that you can touch is also a hard problem
|
|
|
|
btchip (OP)
|
|
June 18, 2014, 10:43:12 PM |
|
Cleaned up the first post a bit, posted a new firmware specification, added JS and Python APIs
|
|
|
|
|
|
flipperfish
Sr. Member
Offline
Activity: 350
Merit: 251
Dolphie Selfie
|
|
September 09, 2014, 06:42:40 PM |
|
How long do you plan to offer the 2 for 1 deal?
|
|
|
|
btchip (OP)
|
|
September 09, 2014, 07:01:05 PM |
|
around 1 month
|
|
|
|
zefir
Donator
Hero Member
Offline
Activity: 919
Merit: 1000
|
|
September 09, 2014, 07:17:16 PM |
|
Just ordered one after reading the related CoinDesk article - without knowing if it is exactly what I expect, but the API looks like you can waste quite some time playing with it. @OP: since this thread is where people are led to from your website, you should check your posts for outdated media / data. Most of the pictures and videos you link in your posts do not exist any more. Good Luck with the sales.
|
|
|
|
btchip (OP)
|
|
September 09, 2014, 08:57:54 PM |
|
Thanks - I think you won't get bored with it And yes, I should tidy up this thread a bit, you're right.
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 09, 2014, 09:53:15 PM |
|
Well, I couldn't resist so I ordered a HW-1 Hardware Wallet. I hope it arrives quickly, so that I can take some pictures of it and try it out Just wondering, is the Hardware Wallet engraved or something like that (like they did with the Trezor), since it's just launched?
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 09, 2014, 10:06:52 PM |
|
Nope sorry, we don't have a special edition at launch, but we'll probably have some limited editions from time to time. It should reach you quickly if you're in the EU, not so quickly outside
|
|
|
|
inBitweTrust
|
|
September 09, 2014, 11:08:31 PM |
|
interesting product... will pick up a few...
|
|
|
|
btchip (OP)
|
|
September 09, 2014, 11:34:48 PM |
|
thanks ! Considering a few starts at 2, everyone gets to have a few
|
|
|
|
sdersdf2
|
|
September 10, 2014, 01:21:50 PM |
|
nice to see positive innovation on this forum.
|
|
|
|
Muhammed Zakir
|
|
September 10, 2014, 04:36:19 PM |
|
Great project! Looking forward about it! I live in India. Can I use standard shipping? Is there any way to import private key? I mostly use vanity address, so it would help me. ~~MZ~~
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 10, 2014, 05:07:01 PM |
|
My payment has confirmed. How long does it take before it gets shipped out and what is the average shipping time to The Netherlands? Sorry, I am really excited, haha.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 10, 2014, 06:06:01 PM |
|
Great project! Looking forward about it! I live in India. Can I use standard shipping? Is there any way to import private key? I mostly use vanity address, so it would help me. ~~MZ~~ Thanks ! You can always try standard shipping, absolutely no warranties as I've never tried a standard delivery to India You cannot import a private key in regular wallet mode to avoid losing keys, but you can play with it in developer mode if you want (no wallet is supporting this mode for the time being though) - we might support sweeping a few keys in a future release if we get enough code space to add that feature. My payment has confirmed. How long does it take before it gets shipped out and what is the average shipping time to The Netherlands? Sorry, I am really excited, haha.
Shipments done today + those lagging behind should be done tomorrow - we have a bit of a backlog that should be solved by then.
|
|
|
|
ticoti
|
|
September 11, 2014, 01:50:14 AM |
|
this attracts me but actually Its uses are not clear I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online. can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?
|
|
|
|
btchip (OP)
|
|
September 11, 2014, 06:41:48 AM |
|
this attracts me but actually Its uses are not clear I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online. can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?
it's a Hierarachical Deterministic wallet - it derives an "infinity" of keys based from a seed. The whole point is that any private key never leaves the device. The seed leaves the device at one point to let you backup it in case you lose it, then it can never be accessed.
|
|
|
|
webbrowser
|
|
September 11, 2014, 06:44:33 AM |
|
Can this be used on an Android smartphone? ie, connect to phone via USB OTG cable. Any supported wallets on Android?
|
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 11, 2014, 07:15:28 AM |
|
That is awesome! My phone has OTG support, but I never used it, because I didn't need it. Now I have a purpose for it.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 11, 2014, 07:18:16 AM |
|
yeah, most recent Androids should support OTG
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 11, 2014, 07:24:38 AM |
|
yeah, most recent Androids should support OTG Yeah, they should. I didn't even know my phone had it until I used needed to connect one of my USB Storage keys to it. Also, please ship faster. You are making me way to excited for this little gadget.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 11, 2014, 07:31:27 AM |
|
Sorry, backlog will be done today
|
|
|
|
ticoti
|
|
September 11, 2014, 08:25:20 AM |
|
this attracts me but actually Its uses are not clear I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online. can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?
it's a Hierarachical Deterministic wallet - it derives an "infinity" of keys based from a seed. The whole point is that any private key never leaves the device. The seed leaves the device at one point to let you backup it in case you lose it, then it can never be accessed. So the seed is store anywhere else? Like computer or online server? Or only in the key?
|
|
|
|
webbrowser
|
|
September 11, 2014, 09:23:06 AM |
|
Looks great.
I noticed that you charged 20% VAT even though I'm outside of the EU. Is this correct?
|
|
|
|
btchip (OP)
|
|
September 11, 2014, 09:40:19 AM |
|
Looks great.
I noticed that you charged 20% VAT even though I'm outside of the EU. Is this correct?
Yes, it's a personal sale (unless you're a business, in which case you shouldn't order here according to the Terms & Conditions that nobody is reading anyway ), so it's fine to apply the VAT policy of the local country up to a given volume (usually in the 100k€ range, so we're not there yet in two days, maybe after a few more days)
|
|
|
|
btchip (OP)
|
|
September 11, 2014, 09:41:52 AM |
|
this attracts me but actually Its uses are not clear I understand this stores the private key,but when using it,is it neccessary that the private key is stored anywhere? I mean,in the pc that you use or online. can you erase the wallet and create new wallet? Can you use more this store more than one private key at the same time?
it's a Hierarachical Deterministic wallet - it derives an "infinity" of keys based from a seed. The whole point is that any private key never leaves the device. The seed leaves the device at one point to let you backup it in case you lose it, then it can never be accessed. So the seed is store anywhere else? Like computer or online server? Or only in the key? the seed (or rather the first derivation of the seed) is stored into the card and nowhere else after it is displayed the first time.
|
|
|
|
webbrowser
|
|
September 12, 2014, 08:39:32 AM |
|
Looks great.
I noticed that you charged 20% VAT even though I'm outside of the EU. Is this correct?
Yes, it's a personal sale (unless you're a business, in which case you shouldn't order here according to the Terms & Conditions that nobody is reading anyway ), so it's fine to apply the VAT policy of the local country up to a given volume (usually in the 100k€ range, so we're not there yet in two days, maybe after a few more days) I see. It is my understanding that exported goods are exempt from VAT.
|
|
|
|
Muhammed Zakir
|
|
September 13, 2014, 07:30:08 AM |
|
Great project! Looking forward about it! I live in India. Can I use standard shipping? Is there any way to import private key? I mostly use vanity address, so it would help me. ~~MZ~~ Thanks ! You can always try standard shipping, absolutely no warranties as I've never tried a standard delivery to India You cannot import a private key in regular wallet mode to avoid losing keys, but you can play with it in developer mode if you want (no wallet is supporting this mode for the time being though) - we might support sweeping a few keys in a future release if we get enough code space to add that feature. Can you tell me ETA of the shipment? I just want to enter the address according to it. ~~MZ~~
|
|
|
|
btchip (OP)
|
|
September 13, 2014, 10:07:55 AM |
|
Can you tell me ETA of the shipment? I just want to enter the address according to it. ~~MZ~~ According to french postal service, 1 week to deliver to India. So this is better than BFL, but with absolutely no commitment. (if you already ordered, then PM me the reference and I can tell you if it was shipped on our side - all orders passed before the 12th were shipped)
|
|
|
|
btchip (OP)
|
|
September 13, 2014, 11:43:30 AM |
|
it would be nice to be able to buy a card with bitcoin on it at the local stores
you already have some tested ways to buy a prepaid HW.1 card which are described in the specification - either remotely, by locking the card to a PIN before it's sent (see 'forward setup' in the setup command), or locally, by splitting the seed in two parts to make sure the merchant is honest (see 'point of sale' in the setup command) buying a prepaid card immediately available in a store is a bit more complex, because you have many parties to protect against, but it's quite possible to design a custom version for a specific vendor scheme.
|
|
|
|
ticoti
|
|
September 14, 2014, 02:50:54 AM |
|
when is expected to come out an app out of chrome working with btchip? i think electrum is expected soon
is there any way out of btchip to restore the btchip seed?
|
|
|
|
btchip (OP)
|
|
September 14, 2014, 06:13:32 AM |
|
when is expected to come out an app out of chrome working with btchip? i think electrum is expected soon
It's done already, just not released yet, but it works if you get it from github. is there any way out of btchip to restore the btchip seed?
You get an option to read the seed right after it's generated, then you can setup the card (or another card) with a seed you provide yourself.
|
|
|
|
ticoti
|
|
September 14, 2014, 12:55:02 PM |
|
when is expected to come out an app out of chrome working with btchip? i think electrum is expected soon
You get an option to read the seed right after it's generated, then you can setup the card (or another card) with a seed you provide yourself. I mean,imagine I don't have any card and I want to restore the seed,what can I do?
|
|
|
|
btchip (OP)
|
|
September 14, 2014, 01:23:35 PM |
|
you can use it with any software supporting deterministic wallets and the right derivation path (if you're using GreenAddress or Electrum, you can just restore the seed into a software wallet or another card)
|
|
|
|
ticoti
|
|
September 14, 2014, 03:28:36 PM |
|
you can use it with any software supporting deterministic wallets and the right derivation path (if you're using GreenAddress or Electrum, you can just restore the seed into a software wallet or another card)
So it just would be to copy the hw1 seed to a already existing electrum wallet when creating one,isn't is?
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 03:44:10 PM |
|
I have received my HW.1. I'm installing the drivers as we speak, let's hope this works
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 03:47:38 PM |
|
you can use it with any software supporting deterministic wallets and the right derivation path (if you're using GreenAddress or Electrum, you can just restore the seed into a software wallet or another card)
So it just would be to copy the hw1 seed to a already existing electrum wallet when creating one,isn't is? yes, with some minimal manual work (HW.1 outputs an hexadecimal seed that you'll need to convert to a mnemonic) I have received my HW.1. I'm installing the drivers as we speak, let's hope this works Good sorry the start page is not ready yet, I'm waiting for catchy videos, but GreenAddress setup should be straightforward - in any case don't hesitate to ask around if you're stuck.
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 03:52:24 PM |
|
Good sorry the start page is not ready yet, I'm waiting for catchy videos, but GreenAddress setup should be straightforward - in any case don't hesitate to ask around if you're stuck. First of all, redirect http://start.hardwarewallet.com to the https one. I got a nice error page because I visited the http one Also, I have troubles with keeping the thing inside my USB port... It keeps falling out/losing the connection because it moved. It's not thick enough to stay in..
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 03:59:09 PM |
|
Good sorry the start page is not ready yet, I'm waiting for catchy videos, but GreenAddress setup should be straightforward - in any case don't hesitate to ask around if you're stuck. First of all, redirect http://start.hardwarewallet.com to the https one. I got a nice error page because I visited the http one whoops, done. Also, I have troubles with keeping the thing inside my USB port... It keeps falling out/losing the connection because it moved. It's not thick enough to stay in..
mmh, that's weird, how did you fold the clip ? do you have some picture ?
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 04:00:46 PM |
|
Uhm, you need to keep the clip on the HW.1? Because well... I broke it off.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 04:02:06 PM |
|
Yes, the clip is basically what makes it thick enough to stay in the port you should be able to clip it back
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 04:04:26 PM Last edit: August 02, 2023, 10:33:06 PM by Mitchell |
|
Yes, the clip is basically what makes it thick enough to stay in the port you should be able to clip it back (picture coming soon) You can clip it back and breaking it off is quite hard. In my defence, I really thought I had to remove it.
It "works"
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 04:08:28 PM |
|
nicely done, we should package it with fine french knives for the collector edition
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 04:10:32 PM |
|
nicely done, we should package it with fine french knives for the collector edition Hahaha. You should! It's a great solution I am glueing it back together with superglue, so it should be fine after this "operation". Well, the drivers worked and my computer did recognize the HW.1 so I am going to do some more testing and write up a review (including pictures + my stupidity) as soon as I am done.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 04:14:09 PM |
|
thanks ! If you're testing on Windows, you'll probably miss the seed the first time it's typed as Windows takes some time to associate the second driver. In this case, just unplug / plug back twice (that's the kind of details that'll be mentioned on the start page)
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 04:21:48 PM |
|
Just a quick question, how do I setup the HW.1 wallet? With the KryptoKit Bitcoin Wallet (Unofficial HW1 BUILD)? I'm assuming it is, but I prefer to be sure.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
September 14, 2014, 04:25:57 PM |
|
You should give a try to greenaddress.it
|
|
|
|
btchip (OP)
|
|
September 14, 2014, 04:26:09 PM |
|
It's better to do it with GreenAddress or Electrum as this one is going deprecated. GreenAddress (from the Chrome application) should be easier.
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 04:27:03 PM |
|
You should give a try to greenaddress.it I am using GreenAddress.it right now (Chrome), but it says that my dongle isn't setup yet, which is why I asked. I want to have everything straight for my review, so that it's fair (and informative as well)
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 04:28:14 PM |
|
Yes, it will set it up. When you create your account you'll have the option to generate the seed on the dongle.
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 04:30:39 PM |
|
Ah, I see. So, generate a new wallet and let the dongle generate the seed itself. Got it.
EDIT: Sorry for all these questions. Never used hardware wallets in my life.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 04:42:41 PM |
|
Don't apologize and keep the questions going, it's good to know what can be improved
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 06:21:50 PM Last edit: September 17, 2014, 07:27:55 PM by bitcoininformation |
|
BitcoinInformation's review of the HW.1 PackagingThe cards arrived in a plain letter, which I like and dislike at the same moment. I love simplicity, but on the other hand, having some kind of casing or box would have been awesome as well. This might be safer, since mail isn't handled that carefully (nor carefull at all at some points).
The cards themselfThe cards look amazing if you ask me. It feels like someone spend a lot of time designing them and it paid off in my opinion. These look like something you could buy in a store, bring home and get started with (and I would love to see something like this).
I snapped one of the cards out of its "casing" and it felt nice and sturdy, even though it's tiny. After that I broke off the clip part and put the HW.1 inside my USB port. It wasn't recognized by Windows and it kept falling out. I asked btchip about this and he told me that the clip should be folded. At that moment I realized that I made a mistake, but some superglue, luckily, fixed it.
Using the HW.1Setting up the HW.1 is quite easy, once you get that you need to create a new wallet and use the HW.1 to generate the seed (which will be stored on the HW.1 as well). I first tried to use the KryptoKit that was made for the HW.1, but I was told that this was outdated and not recommended, so I switched to GreenAddress.it (which is the recommended software at this moment). I first installed the necarrasy driver from the website, after which I downloaded the GreenAddress.it extension for Chrome and selected that I wanted to create a new wallet. I plugged in the HW.1 wallet and it was quickly recognized by Windows and an extra option appeared on the GreenAddress.it wallet creation menu.
I set up a wallet and was able to login with the HW.1 wallet, so that worked perfectly. The next step is testing it with my Android phone (which happened to have OTG). I installed the GreenAddress.it for Android and plugged in my HW.1. It was instantly recognized by Android (4.2.2) and asked me if I wanted to open the GreenAddress.it app. This time I didn't want to create a new wallet, but simply login. It asked me for the Pin Code I set during the Wallet Creation and was then asked if I wanted to logout my computer, because you can only have one session at a time. I accepted that and was logged in successfully.
ConclusionIt's a fun thing to have with a lot of potential. The setup is a bit hard, but the btchip team is working on a startup page, so it should be more clear in the future. I think it's a very handy device for those Bitcoiners that can spend a little. NOTE: I'm not a professional reviewer and I never will be. Keep that in mind.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 06:52:54 PM |
|
thanks, I'll pin that to the first post
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 06:54:33 PM |
|
thanks, I'll pin that to the first post No problem! I hope you like it. Oh, by the way, I left you your first positive trust feedback
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 07:31:46 PM |
|
yes it's great thanks for the trust feedback, I'm not really trusting this feature of the forum given its great history but I guess it can't be harmful fun story about the packaging, as you probably guessed we're trying to ship at the lowest possible cost, which is 20 grams. Everything was made to reach that ... and we ended up at 21 grams. Which means more soul for the product, but also more failure
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 07:36:18 PM |
|
yes it's great thanks for the trust feedback, I'm not really trusting this feature of the forum given its great history but I guess it can't be harmful It's always good to have if you ask me. fun story about the packaging, as you probably guessed we're trying to ship at the lowest possible cost, which is 20 grams. Everything was made to reach that ... and we ended up at 21 grams. Which means more soul for the product, but also more failure I did guess that yes and damn, that must have sucked when you found out it was just 1 gram to heavy. Not sure what you could do to decrease the weight even more, I would even recommend to increase the weight by adding some stuffing to it. Mail is not always handled like it should. But well, that is my personal opinion
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 14, 2014, 08:26:49 PM |
|
I think that unless we find an awesome deal with DHL, UPS, Fedex and the like (which is somewhat unlikely) we'll stick with national post, which means that from my previous experience it's best to stick to the smallest possible package to maximize the chances of quick delivery (or delivery at all - although I'm eagerly waiting for the initial US delivery reports regarding our next decisions) - also it's quite hard to damage the cards, if you're stuck by lightning they'll probably outlive you
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 14, 2014, 08:32:34 PM |
|
I think that unless we find an awesome deal with DHL, UPS, Fedex and the like (which is somewhat unlikely) we'll stick with national post, which means that from my previous experience it's best to stick to the smallest possible package to maximize the chances of quick delivery (or delivery at all - although I'm eagerly waiting for the initial US delivery reports regarding our next decisions) - also it's quite hard to damage the cards, if you're stuck by lightning they'll probably outlive you Well, you make a legitimate point there. Shipping can be really expensive and the cards survived the trip to here, so it should be all good. Anyway, do as you think is best and keep it up. You are doing a great job!
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
bitllionaire
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
September 14, 2014, 11:24:42 PM |
|
great review bitcoininformation!
it would be great that the hw1 had its own enviroment like trezor with mytrezor
|
|
|
|
btchip (OP)
|
|
September 14, 2014, 11:33:26 PM |
|
it would be great that the hw1 had its own enviroment like trezor with mytrezor
that's not planned - as it, not in a production environment, rather as an integration test. It's good enough to get additional third party wallets support, in my opinion.
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4214
Merit: 1203
I support freedom of choice
|
|
September 15, 2014, 02:09:34 AM |
|
Will you ever make an NFC version?
|
|
|
|
dillpicklechips
|
|
September 15, 2014, 03:12:26 AM |
|
Will you ever make an NFC version?
If not, there is always Helioscard too.
|
|
|
|
btchip (OP)
|
|
September 15, 2014, 05:17:56 AM |
|
Will you ever make an NFC version?
it's very likely. We already have picked a vendor that can do USB + NFC in one single package (our trademark ), and might even have a test form factor. Let's see how popular this can be and how it works (NFC might also not prove to be reliable enough, power stability wise) If not, there is always Helioscard too.
that might be right when they have a specification, an HD Wallet, deterministic signatures and proof that the card understands what it's signing, at least to be able to use some hard limits such as maximum amount / maximum fees / maximum change if not using a second factor to display the full transaction information (which is totally doable with NFC only if you check the 'open source' link in my signature). sorry, I have huge respect for Trezor and what they built from the ground up only with community roots, but I'm going to go back to my old trolling self on Helioscard as we obviously come from the same world
|
|
|
|
gabridome
|
|
September 15, 2014, 09:26:16 AM |
|
If you guys are interested I also hve made a personal review of the product here.
|
|
|
|
btchip (OP)
|
|
September 15, 2014, 09:27:20 AM |
|
yes, already in first post, thanks
|
|
|
|
|
mmeijeri
|
|
September 15, 2014, 07:27:36 PM |
|
The firmware update for the 64 bit Windows drivers doesn't work, the zip file appears to be an HTML page saved under the wrong name. I also noticed that the FAQ is out of date, it says that the firmware cannot be updated.
|
ROI is not a verb, the term you're looking for is 'to break even'.
|
|
|
btchip (OP)
|
|
September 15, 2014, 10:05:30 PM |
|
It is telling that order is expired even after sending BTC. Can you tell me why it is showing like that? Is it because of the confirmation? Will it be okay after it get some confirmations? Order reference : 06e84be6-4dfc-454f-8f8f-6be1f368f521 . TX : 0fa9d42f3704b22796cd7c494d0dfa4de236f401de5b9fbc1cb26049ba0e2013. Thanks! ~~MZ~~ yes, that transaction seems weird. Was it "pushed" by blockchain.info ? It seems that's the only reference seeing it. The firmware update for the 64 bit Windows drivers doesn't work, the zip file appears to be an HTML page saved under the wrong name. I also noticed that the FAQ is out of date, it says that the firmware cannot be updated.
the driver part should be fixed, thanks
|
|
|
|
mmeijeri
|
|
September 15, 2014, 10:16:09 PM |
|
the driver part should be fixed, thanks
Thanks! I've installed the new driver, but I'm not sure how to upgrade the firmware with it.
|
ROI is not a verb, the term you're looking for is 'to break even'.
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
September 15, 2014, 10:45:09 PM |
|
Firmware update 1.4.10 successful So, it worked, for me at least, but I could have the latest firmware already, no idea (and I didn't check before updating). What did firmware update include by the way?
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
September 15, 2014, 10:47:23 PM |
|
Nothing if you received a fresh card - it's a way to update previously distributed test cards (after the San Jose 2013 conference - I still don't have a clean way to update those) to the latest firmware.
|
|
|
|
mmeijeri
|
|
September 15, 2014, 11:18:57 PM |
|
It works!!! I had to try it a couple of times, and reset my PC a couple of times, but it did work eventually. I also had to install the modified KryptoKit first in order to be able to block the device by entering an incorrect PIN three times in a row.
|
ROI is not a verb, the term you're looking for is 'to break even'.
|
|
|
zefir
Donator
Hero Member
Offline
Activity: 919
Merit: 1000
|
|
September 16, 2014, 10:43:23 AM |
|
@btchip: do you intend to use this thread also for support, or prefer to be bothered at your dedicated support email address? I'll start here, since it might be interesting for others - will delete if you prefer it done over other channels. Received my 2 HW.1 wallets and started playing with them using your btchip-c-api. As a first use case I want to test the recovery of the wallet (e.g. after entering wrong pin 3 times), but fail with interpreting the generated seed. The setup step for a wallet initiated by command ./btchip_setup "WALLET" "RFC6979" "" "" "31323334" "" "QWERTY" "" "" ""
returns as second factor a 129 digit key, which seems to be a 64 byte hex string followed by a capital X. Obviously this is not the seed parameter that is expected by the btchip_setup command to restore a wallet. Not sure if the c-api is kept up-to-date or there is some additional information for developers available (beside the API documentation). Thanks for feedback.
|
|
|
|
btchip (OP)
|
|
September 16, 2014, 11:46:09 AM |
|
No problem, you can use this thread, especially for information that's useful for everybody.
The second factor is indeed the 64 bytes seed that you can provide in the setup command.
The documentation might not be up to date regarding the final X, I'll have a look - this was added recently
|
|
|
|
SikoSoft
Newbie
Offline
Activity: 30
Merit: 0
|
|
September 16, 2014, 07:54:49 PM |
|
Sadly, I have not been able to get my BTChip to work. The setup says everything went fine and that it's ready to use, but when I restart the GreenAddress and try to log in via hardware wallet, it always rejects my pin code. I first tried with a 32 digit number, then a 4 digit; no luck with either. I've reset it various times but no matter what I do, I just cannot log in with it. I feel caught in a endless cycle of resetting it by pulling it out 3 times, setting it up again and hoping it works. So far no luck. Anyone else have this issue?
|
|
|
|
SikoSoft
Newbie
Offline
Activity: 30
Merit: 0
|
|
September 16, 2014, 09:13:54 PM |
|
Thought I'd post an update to clarify that I resolved the issue I was having.
I was under the impression when it said the setup was complete... that it was... well, complete. I didn't realize that I had to also continue farther in the process by ticking a box and clicking a button to continue once the hardware was setup. If you abort at the point of only configuring the chip it *will not work*, you need to finish the whole process. This was my goof.
However, I did seem to run into a different snag. In Green Address there is another icon (not pictured in the screen shots posted here) which allows you to use a hardware seed instead of the string of words. The process for configuring the hardware goes smooth, but then it tells you to unplug the chip (so you can backup the seed on another device). At this point, when you put the chip back in and click the button to continue, the process will hang on the logging-you-in part, where it says something about 2FA but just remains frozen saying it is logging you in. I was able to reproduce this each and every time I tried. I suspect there is a problem during this process after it needs you to remove the chip (this is when I suspect the process breaks, when the chip is inserted back in, the app presumably is back to the phase where the hardware is configured but the process wasn't finished so the login fails). It seems to be a catch 22 here.
Has anyone managed to use the hardware seed with success in Green Address?
|
|
|
|
mmeijeri
|
|
September 16, 2014, 09:50:24 PM |
|
Has anyone managed to use the hardware seed with success in Green Address?
I did manage to write my existing seed to a freshly blocked and upgraded dongle, but I haven't tried starting with a dongle that already had a seed on it.
|
ROI is not a verb, the term you're looking for is 'to break even'.
|
|
|
btchip (OP)
|
|
September 16, 2014, 09:51:55 PM |
|
works for me after you ask for the seed generation you'll end up with this screen you can then click the "confirm" box then continue (note that if you read the seed on the same computer, you need to disconnect / connect again the dongle after reading the seed) Are you going through the same steps ?
|
|
|
|
SikoSoft
Newbie
Offline
Activity: 30
Merit: 0
|
|
September 16, 2014, 10:21:44 PM |
|
Thanks for the response! I have absolutely no clue what is going on to be honest. I downloaded Fraps so I could record a video of the whole process for you and received inconsistent behavior during my recording. It didn't work the first time, whereas on the second time it did work (I suspected it was because I removed the chip prior to closing the popup that tells you to insert it in another device prior to removing this time around). So I tried once again thinking the problem was that you need to remove the chip prior to closing the popup; this time I left the chip in before closing the popup expecting it not to work. But it did work. >_< In any event it is working for me. I'll keep playing around with it and if the same behavior pops up again, I'll post a video showing the whole process. Thanks again for the help!
|
|
|
|
SikoSoft
Newbie
Offline
Activity: 30
Merit: 0
|
|
September 16, 2014, 10:36:07 PM |
|
And now I am unable to log in. This is a bummer because I sent myself 0.1 BTC and when I closed the wallet and reopen it, I cannot log in. I get "Dongle is not setup" I'm starting to get disappointed here because it's feeling like 0.1 BTC just vanished into thin air. Is there a way I can recover my private key from the seed? I did save this.
|
|
|
|
SikoSoft
Newbie
Offline
Activity: 30
Merit: 0
|
|
September 16, 2014, 10:42:31 PM |
|
Yup, the frigging thing is... god damn.
0.1BTC up in smoke because the stupid thing is now acting like it isn't set up. I was in the wallet. I was looking at the transaction that came in. I closed the program, reopened it and now the chip is not set up.
I can even attempt the first steps of setting up the chip and it says it is an empty chip.
Can someone please tell me there is a way to use these seeds to recover my key? I haven't seen anything on this which makes me wonder if it's useless altogether.
|
|
|
|
btchip (OP)
|
|
September 16, 2014, 11:09:16 PM Last edit: September 16, 2014, 11:46:19 PM by btchip |
|
If you kept the seed backup, yes, it can be recovered. I don't understand how you're reaching that state though (other than by typing invalid PINs in a row). Are you confortable with Python ? Here's how you can restore the seed to a dongle with Python after installing https://github.com/btchip/btchip-python and replacing YOUR_SEED by your hexadecimal seed backup, with PIN 1234 from btchip.btchip import * from btchip.btchipUtils import *
SEED = bytearray("YOUR_SEED".decode('hex'))
dongle = getDongle(True) app = btchip(dongle) app.setup(btchip.OPERATION_MODE_WALLET, btchip.FEATURE_RFC6979|btchip.FEATURE_NO_2FA_P2SH, 0x00, 0x05, "1234", None, btchip.QWERTY_KEYMAP, SEED)
Use the same dongle and if it doesn't work please provide the commands log also, GreenAddress will add a mechanism to log on with the raw seed and restore the seed to a dongle, so you can directly do it from the web interface. bottom line, if you keep your seed, your money is never lost.
|
|
|
|
SikoSoft
Newbie
Offline
Activity: 30
Merit: 0
|
|
September 17, 2014, 06:40:29 AM |
|
You are giving me some hope here, as I did in fact save the seed it spit out into my text editor.
I will give this approach a test once I setup python on this machine.
I wasn't clear if you meant I should use the pin as 1234 or if I should replace that with the pin I created as well.
Also, I thought the seed was hexadecimal, however the last character is an X. >_<
The whole string except the last character is hex; is this normal?
|
|
|
|
btchip (OP)
|
|
September 17, 2014, 06:41:49 AM |
|
Yes, you can skip the X - it just marks the end of the seed, making sure you got everything (I'll update the documentation regarding that)
Then you can use any PIN you want - the PIN protects access to the dongle and is not related to the seed in any way
|
|
|
|
vitruvio
|
|
September 17, 2014, 02:00:32 PM |
|
Hi I got some problems trying to login with BTChip option, in Chrome app, sometimes I get an unknown error and no % in access button and sometimes I get " an error force to close your session" or so , and access button reach 100%. Regards
|
|
|
|
btchip (OP)
|
|
September 17, 2014, 03:52:57 PM |
|
I'll pass it to GreenAddress to investigate. Did you create the seed on the device or externally ? Should not have any consequence though.
|
|
|
|
vitruvio
|
|
September 17, 2014, 05:45:51 PM |
|
I'll pass it to GreenAddress to investigate. Did you create the seed on the device or externally ? Should not have any consequence though.
The seed was created with chrome app and then stored on the device (I have seed and ecncrypted seed) , so I can login without the device and when I try to login with the device I have the problem. After that I've created a new wallet only hardware wallet seed and now I can login with this new wallet and the old one. So I think the problem was the seed stored that way or the app have problems having same wallet in both systems.
|
|
|
|
kdrop22
|
|
September 18, 2014, 01:34:23 AM |
|
Can someone explain to me how this improves the security of GreenAddress. As I am new to BTChip and GreenAddress.
Process to use GreenAddress/BTChip a) The GreenAddress seed is generated on the live machine. b) I store a backup of the seed and notedown PIN c) A copy of the seed is written to the BTChip d) BTChip is able to sign transactions e) However, the GreenAddress login can easily be done using the PIN. (without the need for a seed or BTChip). So, I assume the Green address seed is being stored somewhere on my PC. f) Even if you were to use the BTChip for login. The mnemonic can be easily accessed from the Green address GUI, once the login is accomplished. If it can be accessed using the GUI, I assume the malware can access it as well.
|
|
|
|
vitruvio
|
|
September 18, 2014, 05:51:56 AM |
|
This is one way if you use the mnemonic passphrase offered by the app and then you write it to the btchip, with the button "Write to a hardware wallet" But you can click in the arrows button at the bottom-right of the mnemonic passphrase (then you can see "Click to use hardware wallet seed instead", see picture above ) and then the seed will only be stored in the btchip. You have to configure your Btchip or empty it if was previously used, (be carefull if already have another seed in this btchip you will lose all) Then you can login with the btchip, if you lose the btchip you will lose all of course, for me it's easier to lose the btchip with my car keys than to lose a seed phase written in a paper and stored properly. Nobody explain it but I think this works that way, if I'm wrong please correct me show me a user manual and then I won't have to suppose how. Regards
|
|
|
|
btchip (OP)
|
|
September 18, 2014, 06:45:28 AM |
|
Can someone explain to me how this improves the security of GreenAddress. As I am new to BTChip and GreenAddress.
Process to use GreenAddress/BTChip a) The GreenAddress seed is generated on the live machine. b) I store a backup of the seed and notedown PIN c) A copy of the seed is written to the BTChip d) BTChip is able to sign transactions e) However, the GreenAddress login can easily be done using the PIN. (without the need for a seed or BTChip). So, I assume the Green address seed is being stored somewhere on my PC. f) Even if you were to use the BTChip for login. The mnemonic can be easily accessed from the Green address GUI, once the login is accomplished. If it can be accessed using the GUI, I assume the malware can access it as well.
e) the PIN is disabled if you create the account when using the card - and you can delete the PIN if you decide to onboard an existing account into the card, which solves the problem. f) that part might be a bit confusing - you see the mnemonic on wallet creation, because it's not disabled right away, but you won't see it if you log in using BTChip after that. Then you can login with the btchip, if you lose the btchip you will lose all of course, for me it's easier to lose the btchip with my car keys than to lose a seed phase written in a paper and stored properly.
I'm not sure I get what you mean here - that might be because I don't drive, but you keep a seed backup in any case (whether the seed is generated by the GreenAddress client during setup, or generated by the dongle), that you can use if you lose the card - the point is that you never have to type the seed or the PIN into a potentially vulnerable computer again to log in or move funds. Nobody explain it but I think this works that way, if I'm wrong please correct me show me a user manual and then I won't have to suppose how.
the user manual is a bit lagging behind, we'll update the FAQ with specific BTChip security details soon
|
|
|
|
kdrop22
|
|
September 18, 2014, 03:03:08 PM |
|
Thanks vitruvio and btchip.
|
|
|
|
btchip (OP)
|
|
September 18, 2014, 05:57:28 PM |
|
|
|
|
|
Muhammed Zakir
|
|
September 21, 2014, 04:23:19 PM |
|
It is telling that order is expired even after sending BTC. Can you tell me why it is showing like that? Is it because of the confirmation? Will it be okay after it get some confirmations? Order reference : 06e84be6-4dfc-454f-8f8f-6be1f368f521 . TX : 0fa9d42f3704b22796cd7c494d0dfa4de236f401de5b9fbc1cb26049ba0e2013. Thanks! ~~MZ~~ yes, that transaction seems weird. Was it "pushed" by blockchain.info ? It seems that's the only reference seeing it. Nope. Sorry, I was off for some days. I checked it just now. Summary: Size 438 (bytes) Received Time 2014-09-15 17:50:20 Included In Blocks 320943 (2014-09-16 09:33:48 +943 minutes) Confirmations 939 Confirmations P.S. I saw your PM. Thanks. I hope I will get it. You really are doing a good job. ~~MZ~~
|
|
|
|
Muhammed Zakir
|
|
September 21, 2014, 04:27:16 PM |
|
When I checked the order, it is saying 'Product shipped without tracking' , so does that it is shipped? So when was it shipped? I just want to know, so that I can calculate ETA. Thanks! ~~MZ~~
|
|
|
|
btchip (OP)
|
|
September 21, 2014, 06:18:17 PM |
|
sure, it shipped last wednesday 17
|
|
|
|
wosch76
Legendary
Offline
Activity: 942
Merit: 1026
|
|
September 22, 2014, 03:23:57 PM |
|
when is expected to come out an app out of chrome working with btchip? i think electrum is expected soon
It's done already, just not released yet, but it works if you get it from github. Do you know the date when this final version of electrum will be released?
|
|
|
|
btchip (OP)
|
|
September 22, 2014, 03:58:26 PM |
|
I only know that it'll happen shortly. Talking about weeks now, I won't say 2 for obvious reasons
|
|
|
|
ruins
Member
Offline
Activity: 98
Merit: 10
|
|
September 24, 2014, 06:19:57 AM |
|
Kick ass! Read half of your post and had to comment (goes back reading...) same here, a bit complicated. (goes back reading...)
|
|
|
|
btchip (OP)
|
|
September 24, 2014, 08:42:17 AM |
|
Kick ass! Read half of your post and had to comment (goes back reading...) same here, a bit complicated. (goes back reading...) good luck, don't forget that everything past the first part of the first post is a bit outdated. Also, videos are coming really soon now
|
|
|
|
webbrowser
|
|
September 30, 2014, 03:36:04 PM |
|
I've received my btchip too!
Yeah, a bit complicated. Need more reading.
|
|
|
|
|
JorgeStolfi
|
|
October 01, 2014, 08:17:13 PM |
|
[ Reposting some comments from the Trezor thread, somewhat edited ] 1.) [ The BTCchip] has no screen but offers a "hardened mode" which requires you to plug it into another computer (or the same one). It will emulate a keyboard and tell you the transaction info and a one-time PIN which you'll have to enter after re-plugging again into the main computer with the wallet. It's way less elegant than trezor in this regard, but this protects against malware sneaking in attackers address.
If you plug it into the same computer, which is compromised, the malware could intercept the keyboard signals coming from the device and replace the transaction details shown to the user, while retaining the PIN. Or is there a protection against that? How could there even be a protection against that ? It just raises the malware complexity from an application malware to a full OS compromise. If you are using someone else's computer, it may easily have a hacked OS. Ditto if the malware was installed in your computer by someone hacking into it with root access. The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there. (Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser. For that, the user must be careful to get the address from a secure source that cannot be easily hacked.) Hardware wallets are supposed to be most useful when one is traveling and must use a computer provided by the local shop, hotel, guide, cybercafe, etc.. In those scenarios, there is the possiility that the PC has malicious hardware as well as malicious software, that the devce will be stolen after the use, and that there are hidden cameras watching over the user's shoulder. One should make sure that they are safe in that scenario.
Then just use the next computer sitting nearby to view the second factor. Works well in a cybercafe and a hotel. I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are. Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place. 2.) The device requires the user to enter a PIN. If entered wrongly 3 times, device will delete wallet info.
I understand that it is a fixed PIN that must be entered in "non-hardened mode", or before starting the "hardened mode" procedure; correct? In that case, if malware on the computer captures that PIN, and the device is stolen some time later, would that captured PIN enable the thief to use the device? yes, the PIN is not an anti malware protection, it's an anti theft protection. If a chip-enabled credit/debit card gets stolen, the owner should worry that the PIN was captured visually (by a camera or person looking over his shoulder) or by a physically hacked CC reader at some store. If a BTCchip gets stolen, the owner should worry that the PIN may have been captured visually as he typed it on the computer's keyboard, OR by a keylogger in the computer. The latter is much more likely to occur than a hacked CC reader. If a Trezor gets stolen, the owner should worry only if there is a chance that the PIN scramble matrix was captured visually from the Trezor screen. Malware alone cannot capture the Trezor PIN. General comment: Stealing bitcoins by hacking may become a big issue, if it is not already. Hardware wallets like Trezor and BTCchip surely improve the security, but substantial risk will remain. Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections. Bitcoin theft seems more tempting than credit/debit card theft, for several reasons. For one thing, bitcoin transactions are instantaneous (even though confirmation may take 10 minutes on average) and final. Even if the victim uses Trezor or BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them, and they cannot be recovered (unless the thief is caught and convinced to return them). In comparison, when someone's credit/debit card is stolen, the owner can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card. Moreover, the bitcoin network provides no anti-theft barriers: no one will call the victim to confirm a transaction that moves a million BTC from his account to someone else's account. Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial. See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum. I do not expect that the manufacturers of hardware wallets will go out of their way to warn users of these remaining risks. The bitcoin media and the community should do that. However, manufacturers should put clear disclaimers in their warranties and ads, so that they are not blamed if bitcoins are stolen from clients.
|
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
btchip (OP)
|
|
October 01, 2014, 10:01:57 PM |
|
[ Reposting some comments from the Trezor thread, somewhat edited ]
thanks ! If you are using someone else's computer, it may easily have a hacked OS. Ditto if the malware was installed in your computer by someone hacking into it with root access.
The Trezor seems to protect against that risk, since the transaction details are displayed on the Trezor's screen and confirmed there.
similar thing here with the keyboard second factor (Neither device will protect against the user copying or scanning the wrong payment address from merchant's homepage that was hacked --- at the server, by IP/URL spoofing, or by a compromised browser. For that, the user must be careful to get the address from a secure source that cannot be easily hacked.)
End (server)-to-end (device) BIP 70 will protect against that in the future, providing the trusted CA list is sane - not going to be implementing it in the current device though. I am not clear yet on how BTCchip works, but if one computer in such a place is compromised, there is a high chance that all of them are. Especially if (a) the computer was compromised specifically to steal bitcoins from BTCchips (which is the assumption), or (b) the hacker may be an employee of the place.
Computers would have to be all infected and act together in order to exploit both the main client and the client displaying the second factor - highly unlikely in my opinion. If a chip-enabled credit/debit card gets stolen, the owner should worry that the PIN was captured visually (by a camera or person looking over his shoulder) or by a physically hacked CC reader at some store.
If a BTCchip gets stolen, the owner should worry that the PIN may have been captured visually as he typed it on the computer's keyboard, OR by a keylogger in the computer. The latter is much more likely to occur than a hacked CC reader.
If a Trezor gets stolen, the owner should worry only if there is a chance that the PIN scramble matrix was captured visually from the Trezor screen. Malware alone cannot capture the Trezor PIN.
A thief getting access to both the chip and the PIN is not a realistic threat in my opinion as well. General comment:
Stealing bitcoins by hacking may become a big issue, if it is not already. Hardware wallets like Trezor and BTCchip surely improve the security, but substantial risk will remain. Malicious hackers will be strongly motivated to use all their ingenuity to overcome the device's protections.
sure, security is about balancing risks / convenience / protection / cost, as always. Bitcoin theft seems more tempting than credit/debit card theft, for several reasons. For one thing, bitcoin transactions are instantaneous (even though confirmation may take 10 minutes on average) and final. Even if the victim uses Trezor or BTCchip, if the device is stolen after the thief got the PIN, the coins will probably be gone before the user gets the chance to move them, and they cannot be recovered (unless the thief is caught and convinced to return them). In comparison, when someone's credit/debit card is stolen, the owner can call the company to cancel it, and there is a good chance that it will be canceled before the thief has a chance to get value out of the card. Moreover, the bitcoin network provides no anti-theft barriers: no one will call the victim to confirm a transaction that moves a million BTC from his account to someone else's account.
Even if if the probability of success of some hacking attack mode is 0.1% or less, the per-target cost of such an attack is small, thousands of computers can be hacked automatically, and the payoff from one successful attemp may be quite substantial. See that Australian guy who was recently hacked out of 750 BTC, almost 300'000 USD. Note that the malware may be programmed to act only if the wallet has a large enough sum.
I have a different opinion about that - credit/debit card theft today comes mostly from exploitation of different security levels (copy the magnetic track of a chip card, clone it and use it in a country not using chip cards), or identity theft (order a real fake card from stolen credentials). Recovering from such thefts which cannot be identified easily before they happen takes quite a long time (talking about months here). With Bitcoin everyone plays on the same security level (which is already a nice improvement), and you can already have a second factor confirmation in multisignature wallets (GreenAddress is a good example - confirming each transaction using SMS to a feature phone is quite nice, even without a hardware wallet) I do not expect that the manufacturers of hardware wallets will go out of their way to warn users of these remaining risks.
I believe that the threat matrix should be clearly provided so that people can know what they're buying The bitcoin media and the community should do that.
I'd actually feel better if an independent security audit group was formed to specifically do that. That would keep the signal to noise ratio higher. However, manufacturers should put clear disclaimers in their warranties and ads, so that they are not blamed if bitcoins are stolen from clients.
No warranty claim can be placed for an amount greater than the price paid in Euros for the product – the Buyer acknowledges that while the best care has been applied to design a product suitable to store crypto currency assets securely, no warranty is made by the Seller that the product is free from software or hardware defects that could cause a loss of a part or the full assets stored on the products. The Buyer is advised to keep a safe backup of each asset stored in the product.
good enough ?
|
|
|
|
Muhammed Zakir
|
|
October 06, 2014, 07:58:32 AM |
|
Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck! ~~MZ~~
|
|
|
|
btchip (OP)
|
|
October 06, 2014, 08:01:46 AM |
|
Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck! ~~MZ~~ yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay.
|
|
|
|
Muhammed Zakir
|
|
October 06, 2014, 08:54:06 AM |
|
Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck! ~~MZ~~ yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay. So haven't you sent it? According to earlier post you said, it was shipped, so if you ship again and somehow both arrives, then won't you lose some money? Should I need to pay again if both arrives? ~~MZ~~
|
|
|
|
btchip (OP)
|
|
October 06, 2014, 09:24:59 AM |
|
yes I already shipped it. Of course you'll only pay once, I won't charge you for supporting my trial & error scheme
|
|
|
|
|
AussieHash
|
|
October 27, 2014, 09:19:35 AM |
|
Are we supposed to have received email confirmation for a completed order ? I made payment 7 days ago, and never received email confirmation. I made payment with electrum immediately, before the countdown timer expired. The browser screen never updated to say payment confirmed.
I don't have a screenshot of that browser window, I don't have a transaction ID and you use some strange BitID without the manual login option so I cannot BitID login from my address to check the order.
|
|
|
|
btchip (OP)
|
|
October 27, 2014, 09:27:05 AM |
|
Are we supposed to have received email confirmation for a completed order ?
No I made payment 7 days ago, and never received email confirmation. I made payment with electrum immediately, before the countdown timer expired. The browser screen never updated to say payment confirmed.
This happens sometimes. The best thing to do is to let me know immediately - but no order is lost. I don't have a screenshot of that browser window, I don't have a transaction ID and you use some strange BitID without the manual login option so I cannot BitID login from my address to check the order.
That wouldn't help if you didn't register it anyway, so you can PM me your payment address, and I can tell you your order reference.
|
|
|
|
AussieHash
|
|
October 27, 2014, 01:53:17 PM Last edit: November 05, 2014, 04:51:51 AM by AussieHash |
|
Thanks for the quick reply to my PM, I see it has been posted. Edit : Order arrived safely today, thank you very much Edit 2 : works perfectly with greenaddress and with Trezor 2.0beta (requiring a wipe when switching from one to the other) Edit 3 : using /python-trezor/mnemonic_check.py to generate a 24 word mnemonic, then loading it on Trezor (./cmdtr.py load_device) and btchip (electrum 2.0 beta). Both devices generate the same HD address tree. Edit 4 : Make sure you are running Chrome 38 or above for Greenaddress.
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 04, 2014, 01:43:42 PM |
|
Can I use HW1 on multiple computers and devices using the same wallet balances, etc? Or can it only be used on one computer or device at a time?
|
|
|
|
btchip (OP)
|
|
November 04, 2014, 10:33:24 PM |
|
Can I use HW1 on multiple computers and devices using the same wallet balances, etc? yes. It only holds the private keys and the associated balances are synchronized by the host computer.
|
|
|
|
Tafelpoot
|
|
November 13, 2014, 12:38:29 PM |
|
Is the following correct? - you can write a seed towards the btchip - you cannot read a seed from the btchip. - signing the tx is done on the chip.
Thanks in advance
|
|
|
|
btchip (OP)
|
|
November 13, 2014, 01:40:11 PM |
|
Is the following correct? - you can write a seed towards the btchip - you cannot read a seed from the btchip. - signing the tx is done on the chip.
Thanks in advance
yes exactly
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 13, 2014, 02:36:07 PM |
|
When I put the key into a USB port on my Windows 8.1 machine I hear the computer beep but I cannot find the device in device manager and it is not on the list for the hardware ejector. Is it listed somewhere and possible to eject? Or is it just okay to remove it without being able to stop it first?
|
|
|
|
Muhammed Zakir
|
|
November 13, 2014, 03:00:16 PM |
|
When I put the key into a USB port on my Windows 8.1 machine I hear the computer beep but I cannot find the device in device manager and it is not on the list for the hardware ejector. Is it listed somewhere and possible to eject? Or is it just okay to remove it without being able to stop it first?
There is no need of drivers in Win8 but you might want to try installing win drivers. Just try it or wait for btchip to come. ~~MZ~~
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 13, 2014, 03:03:12 PM |
|
When I put the key into a USB port on my Windows 8.1 machine I hear the computer beep but I cannot find the device in device manager and it is not on the list for the hardware ejector. Is it listed somewhere and possible to eject? Or is it just okay to remove it without being able to stop it first?
There is no need of drivers in Win8 but you might want to try installing win drivers. Just try it or wait for btchip to come. ~~MZ~~ What do you mean "wait for btchip to come?" I already have the chips. I want to know if safe to unplug from usb without ejecting it first. I cannot find a way to eject it like you can for a usb drive or other usb devices. Cannot find it in device mgr either but it works with green wallet.
|
|
|
|
btchip (OP)
|
|
November 13, 2014, 05:50:58 PM |
|
yes, it is safe to unplug it when you feel like it. This is only a problem for mass storage sticks because the system might have some write cache.
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 15, 2014, 04:59:14 AM |
|
I have a question about setup with Green Address wallet. I went through procedure to setup my BTCHIP HW1. It generated a mnemonic and I told it to write it to the card. All seemed to work okay but after that setting up the HW1 it showed me another mnemonic and told me to keep that one also. I was puzzled why I had two and which one was good so I save both. Then when it told me to confirm the mnemonic by entering five words, the five words that worked were from the first mnemonic written to the HW1. But if I use Green Address wallet without the HW1 and use the second mnemonic and password I entered I get the same wallet addresses. Is this normal behavior or did I do something wrong. I find it strange that two very different mnemonic can result in the exact same wallet.
|
|
|
|
troy112
|
|
November 15, 2014, 06:56:04 AM |
|
One chip holds only 1 address seed or it can hold more than 1??
|
|
|
|
Muhammed Zakir
|
|
November 15, 2014, 07:10:17 AM |
|
What do you mean "wait for btchip to come?" I already have the chips. I want to know if safe to unplug from usb without ejecting it first. I cannot find a way to eject it like you can for a usb drive or other usb devices. Cannot find it in device mgr either but it works with green wallet.
I mean user 'btchip'. One chip holds only 1 address seed or it can hold more than 1??
I think it can only hold 1 mnemonic. You will need to wipe to get a new mnemonic. ~~MZ~~
|
|
|
|
btchip (OP)
|
|
November 15, 2014, 09:47:19 AM |
|
I have a question about setup with Green Address wallet. I went through procedure to setup my BTCHIP HW1. It generated a mnemonic and I told it to write it to the card.
This part looks allright All seemed to work okay but after that setting up the HW1 it showed me another mnemonic and told me to keep that one also. I was puzzled why I had two and which one was good so I save both. Then when it told me to confirm the mnemonic by entering five words, the five words that worked were from the first mnemonic written to the HW1.
This is the weird part, I don't understand where this second mnemonic is coming from. It looks like you restarted the setup part at some point. But if I use Green Address wallet without the HW1 and use the second mnemonic and password I entered I get the same wallet addresses. Is this normal behavior or did I do something wrong. I find it strange that two very different mnemonic can result in the exact same wallet.
Yes, it should not happen. My guess is that you're still using a password associated to the first mnemonic (which is also written to the chip) so the second mnemonic is never used. That doesn't explain what is is though - maybe you can retrace everything you did. One chip holds only 1 address seed or it can hold more than 1??
only a single seed I think it can only hold 1 mnemonic. You will need to wipe to get a new mnemonic.
~~MZ~~
correct
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 15, 2014, 10:19:49 AM |
|
I have a question about setup with Green Address wallet. I went through procedure to setup my BTCHIP HW1. It generated a mnemonic and I told it to write it to the card.
This part looks allright All seemed to work okay but after that setting up the HW1 it showed me another mnemonic and told me to keep that one also. I was puzzled why I had two and which one was good so I save both. Then when it told me to confirm the mnemonic by entering five words, the five words that worked were from the first mnemonic written to the HW1.
This is the weird part, I don't understand where this second mnemonic is coming from. It looks like you restarted the setup part at some point. But if I use Green Address wallet without the HW1 and use the second mnemonic and password I entered I get the same wallet addresses. Is this normal behavior or did I do something wrong. I find it strange that two very different mnemonic can result in the exact same wallet.
Yes, it should not happen. My guess is that you're still using a password associated to the first mnemonic (which is also written to the chip) so the second mnemonic is never used. That doesn't explain what is is though - maybe you can retrace everything you did. One chip holds only 1 address seed or it can hold more than 1??
only a single seed I think it can only hold 1 mnemonic. You will need to wipe to get a new mnemonic.
~~MZ~~
correct No. Because if I use the second mnemonic without the HW1 it tells me to enter password for encrypted mnemonic and opens same wallet. HW1 with pin opens same wallet. I just did wallet setup step by step and after saving first mnemonic to card showed me a second one. Not a second wallet. They open the same wallet.
|
|
|
|
btchip (OP)
|
|
November 15, 2014, 11:22:51 AM |
|
ok - think I got it now.
The chip stores your unencrypted mnemonic - it doesn't need to encrypt it as everything related to private keys is processed internally.
If you encrypt your mnemonic, you'll end up with a different mnemonic, which decodes to the same seed as the first mnemonic after you provide the password.
so the chip, the unencrypted mnemonic, and the encrypted mnemonic + associated password are generating the same wallet.
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 15, 2014, 11:26:35 AM |
|
ok - think I got it now.
The chip stores your unencrypted mnemonic - it doesn't need to encrypt it as everything related to private keys is processed internally.
If you encrypt your mnemonic, you'll end up with a different mnemonic, which decodes to the same seed as the first mnemonic after you provide the password.
so the chip, the unencrypted mnemonic, and the encrypted mnemonic + associated password are generating the same wallet.
Yea, that is what I am pretty sure it is doing; but never heard of this happening with anyone else. It didn't ask me if I wanted another mnemonic to encrypt the original with a password, it just did it and showed me a second mnemonic. Was very confusing because then it asked me to confirm the mnemonic with five words and the second one was wrong, had to use the first one. Good thing I backed up both of them.
|
|
|
|
Muhammed Zakir
|
|
November 16, 2014, 04:02:24 PM |
|
Need help installing cython-hidapi. CMD output - Windows7. C:\Users\usrname\Downloads\Compressed\cython-hidapi-master>python setup.py install
running install running build running build_ext skipping 'hid.c' Cython extension (up-to-date) building 'hid' extension error: Unable to find vcvarsall.bat
C:\Users\usrname\Downloads\Compressed\cython-hidapi-master>
~~MZ~~
|
|
|
|
btchip (OP)
|
|
November 16, 2014, 05:57:41 PM |
|
It looks like Visual Studio is missing - maybe a free version can work
|
|
|
|
Muhammed Zakir
|
|
November 16, 2014, 07:05:16 PM |
|
It looks like Visual Studio is missing - maybe a free version can work
~~MZ~~
|
|
|
|
btchip (OP)
|
|
November 16, 2014, 08:35:48 PM |
|
ok, so a system path issue maybe - vcvarsall.bat should be located in your path when building
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 23, 2014, 06:53:14 AM |
|
I was using my btchip HW1 with Green Address both Chrome and Android. All of the sudden the Android one refused to accept it and told me to upgrade the firmware. The Chrome one did not say that but did not seem to be functioning properly. After a very long and frustrating time I finally got the device reset, updated and restored seed. Need better instructions on this process for people. I just goT them within two weeks. Why do they come with old firmware? Can't they be updated before being mailed?
|
|
|
|
btchip (OP)
|
|
November 23, 2014, 07:51:28 AM |
|
I was using my btchip HW1 with Green Address both Chrome and Android. All of the sudden the Android one refused to accept it and told me to upgrade the firmware. The Chrome one did not say that but did not seem to be functioning properly. I'm not that sure about the "all of a sudden" part as there have been no updates in the applications recently. I'd need more details to understand the process flow and how/when this occurred After a very long and frustrating time I finally got the device reset, updated and restored seed. Need better instructions on this process for people. I just goT them within two weeks. Why do they come with old firmware? Can't they be updated before being mailed?
I'd need more details about the issues you had when updating the firmware to improve it. Cards are usually shipped with the latest firmware, but there have been a lot of updates recently. They're not forced on the users though, so I don't really understand the problem.
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 23, 2014, 08:01:37 AM |
|
I was using my btchip HW1 with Green Address both Chrome and Android. All of the sudden the Android one refused to accept it and told me to upgrade the firmware. The Chrome one did not say that but did not seem to be functioning properly. I'm not that sure about the "all of a sudden" part as there have been no updates in the applications recently. I'd need more details to understand the process flow and how/when this occurred After a very long and frustrating time I finally got the device reset, updated and restored seed. Need better instructions on this process for people. I just goT them within two weeks. Why do they come with old firmware? Can't they be updated before being mailed?
I'd need more details about the issues you had when updating the firmware to improve it. Cards are usually shipped with the latest firmware, but there have been a lot of updates recently. They're not forced on the users though, so I don't really understand the problem. I used it yesterday with no problem. Today the Android app said I had to update to at least version 1.4.8 and would refuse to even let me input PIN number. Also to reset must be done on Chrome only, not app. And I hate to enter incorrect pin, remove card, insert card, incorrect pin again, remove card and incorrect pin again. That song and dance is not explained anywhere. Also, after installing the two required chrome extensions, the first time updater said could not read my version number. I had to remove it and start over and then it worked. Also, why does updating it require it to be removed and inserted so many times?
|
|
|
|
btchip (OP)
|
|
November 23, 2014, 08:38:05 AM |
|
I used it yesterday with no problem. Today the Android app said I had to update to at least version 1.4.8 and would refuse to even let me input PIN number. This is the part I don't get. If it happens again please let me know and I'll give you some tools to investigate before you update. Also to reset must be done on Chrome only, not app.
It should also work from the Android app once it's updated. For the time being it only works with older versions And I hate to enter incorrect pin, remove card, insert card, incorrect pin again, remove card and incorrect pin again. That song and dance is not explained anywhere.
I'll mention it in bolder later in the firmware update page, but this is a security measure against malware trying to DoS the card by sending wrong PINs in a row. It could be made easier by sending the wrong PINs for you. Also, after installing the two required chrome extensions, the first time updater said could not read my version number.
Might happen right after the chrome extensions are installed if you don't reload the page, or if another process is open and tries to access the dongle. I had to remove it and start over and then it worked. Also, why does updating it require it to be removed and inserted so many times?
the dongle cycles through 3 different operating systems during the update, it tries to reboot automatically between each steps but there could be race conditions in this process and the updater errs on the side of caution if the dongle doesn't answer fast enough.
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
November 23, 2014, 08:45:12 AM |
|
I used it yesterday with no problem. Today the Android app said I had to update to at least version 1.4.8 and would refuse to even let me input PIN number. This is the part I don't get. If it happens again please let me know and I'll give you some tools to investigate before you update.
Okay, will do. Also to reset must be done on Chrome only, not app.
Yes, after the update it works once again on both Android and Chrome apps. BTW, did you get my PM yesterday?
|
|
|
|
btchip (OP)
|
|
November 23, 2014, 08:51:13 AM |
|
Okay, will do.
Thanks. I'll publish a self test page soon. Yes, after the update it works once again on both Android and Chrome apps.
BTW, did you get my PM yesterday?
yes, happy to see that postal service is behaving
|
|
|
|
|
nomnomnom
|
|
November 27, 2014, 01:13:32 AM Last edit: November 27, 2014, 01:30:16 AM by nomnomnom |
|
Hello, I have a hw.1 and use it with electrum, it works fine overall, but now I have an address where I can't send anything from. It is this one: 1Jmv13FgTW1xeGGvATt2EP142efBq473bA The coins on this address came from a greenaddress wallet (address starts with 3) I've seen something about p2sh todo in the btchip plugin, not sure if relevant because I am not really a programmer, but maybe that could be the problem? If this is a btchip limitation it would suck, or is it an electrum bug? I added a "print tx" at the point where it fails and the transaction looks ok to me, I can load it with electrum and look at it, but it is obv unsigned Selecting send from other addresses works fine so it is no big deal, but if this is a bug it would be good if it could be fixed File "/home/user/electrum-git/electrum/gui/qt/util.py", line 37, in run self.result = self.run_task() File "/home/user/electrum-git/electrum/gui/qt/main_window.py", line 1156, in sign_thread self.wallet.sign_transaction(tx, password) File "/home/user/electrum-git/electrum/plugins/btchipwallet.py", line 330, in sign_transaction raise BaseException(tx.error) BaseException: byte must be in range(0, 256)
|
|
|
|
btchip (OP)
|
|
November 27, 2014, 06:56:08 AM |
|
There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips.
|
|
|
|
|
LOBSTER
|
|
November 28, 2014, 12:32:03 PM |
|
I'll order one. It's a good offer today...hope shipping is fast
|
|
|
|
btchip (OP)
|
|
November 28, 2014, 07:58:39 PM |
|
I'll order one. It's a good offer today...hope shipping is fast shipping is fast, but manufacturing is done on demand (this is one of my new tests ) so it'll ship end of next week, as stated on the website.
|
|
|
|
nomnomnom
|
|
November 29, 2014, 01:02:18 AM |
|
There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips. Ok sounds good. No hurry, take your time
|
|
|
|
artbatista
|
|
November 29, 2014, 02:55:48 AM |
|
I placed a couple of orders on your store. Am I supposed to get a confirmation email after I pay?
Art
|
|
|
|
|
btchip (OP)
|
|
November 29, 2014, 03:09:36 AM |
|
Hi
It's ok, you don't get an email confirmation.
TX #2 is ok and confirmed.
TX #1 is apparently not going to me
|
|
|
|
artbatista
|
|
November 29, 2014, 03:20:39 AM |
|
Hi
It's ok, you don't get an email confirmation.
TX #2 is ok and confirmed.
TX #1 is apparently not going to me
You are right, #1 is not yours, I made a mistake, but now that I know I won't get an email confirm, I won't bother you with the second order tx I.D. Have a good weekend, I'll wait patiently for my orders. Cheers Art
|
|
|
|
xgtele
|
|
November 30, 2014, 06:58:23 PM |
|
Ordered 2014 Black Friday promo
|
|
|
|
btchip (OP)
|
|
November 30, 2014, 10:10:25 PM |
|
Ordered 2014 Black Friday promo Thanks. It's available till Monday end of day PST
|
|
|
|
btchip (OP)
|
|
December 02, 2014, 01:59:44 PM |
|
There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips. Ok sounds good. No hurry, take your time This should have been addressed in my latest updates. Can you pull btchip-python and retest ?
|
|
|
|
Muhammed Zakir
|
|
December 02, 2014, 03:50:06 PM |
|
Not working... Output of cmd : Traceback (most recent call last): File "C:\Program Files\Electrum-2.0\gui\qt\installwizard.py", line 393, in run wallet.create_main_account(password) File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 217, in create_main_account self.create_account('Main account', None) #name, empty password File "C:\Program Files\Electrum-2.0\lib\wallet.py", line 1413, in create_account account_id, xpub, addr = self.get_next_account(password) File "C:\Program Files\Electrum-2.0\lib\wallet.py", line 1397, in get_next_account xpub, xprv = self.derive_xkeys(self.root_name, derivation, password) File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 221, in derive_xkeys xpub = self.get_public_key(derivation) File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 230, in get_public_key self.get_client() # prompt for the PIN before displaying the dialog if necessary File "C:\Program Files\Electrum-2.0\plugins\btchipwallet.py", line 204, in get_client raise Exception("Could not connect to your BTChip dongle. Please verify access permissions, PIN, or unplug the dongle and plug it again") Exception: Could not connect to your BTChip dongle. Please verify access permissions, PIN, or unplug the dongle and plug it again
~~MZ~~
|
|
|
|
btchip (OP)
|
|
December 02, 2014, 04:50:43 PM Last edit: December 02, 2014, 05:03:02 PM by btchip |
|
did the previous version work ?
(just rechecked, it works fine on Linux, unsurprisingly)
|
|
|
|
AussieHash
|
|
December 02, 2014, 05:56:49 PM |
|
@btchip is there a way to generate the xpub key for a specific path using any of the command line APIs ? In particular I am trying to manually sign "Coinkite" with "0'/0/0" to test their multisig, but I need the xpub key for that path. Thanks.
|
|
|
|
|
Muhammed Zakir
|
|
December 03, 2014, 03:57:55 PM |
|
did the previous version work ?
(just rechecked, it works fine on Linux, unsurprisingly)
I didn't do anything. I couldn't install the firmware which I downloaded from hardwarewallet website, so I chose windows to download and install automatically and it did. I already installed BTChip and electrum. But when I am trying to open, it isn't coming. P.S. I haven't installed linux on my system yet, probably, I will install on Saturday or Sunday. Anything I can do before that to work with Win7? AND, thanks for 2 for 1 offer! ~~MZ~~
|
|
|
|
btchip (OP)
|
|
December 04, 2014, 12:11:20 AM |
|
I'd need to retest on Windows at some point, there are a lot of reasons why accessing the dongle from Python could fail.
|
|
|
|
nomnomnom
|
|
December 04, 2014, 07:18:57 AM |
|
There shouldn't be an issue to use those funds, so I'm afraid the answer lies probably in the middle with a BTChip Python bug dealing with long input scripts (around here) . I'll test that, might take a few days due to long trips. Ok sounds good. No hurry, take your time This should have been addressed in my latest updates. Can you pull btchip-python and retest ? Sorry have just seen your post now, can confirm, seems to work fine! Thank you very much
|
|
|
|
Muhammed Zakir
|
|
December 04, 2014, 01:57:26 PM |
|
I'd need to retest on Windows at some point, there are a lot of reasons why accessing the dongle from Python could fail.
I am in no hurry. Take your time. Is there any way to import an address? Any developer options to do it? P.S. I tried BTChip with Greenaddress wallet but there is no option to send BTC to many address at a time. ~~MZ~~
|
|
|
|
btchip (OP)
|
|
December 05, 2014, 12:34:22 PM |
|
I'd need to retest on Windows at some point, there are a lot of reasons why accessing the dongle from Python could fail.
I am in no hurry. Take your time. Is there any way to import an address? Any developer options to do it? you can import an arbitrary key in developer mode, but then you have to do everything in developer mode (i.e. you are actually signing arbitrary data, without checking anything about the transaction) P.S. I tried BTChip with Greenaddress wallet but there is no option to send BTC to many address at a time. ~~MZ~~ I don't think there's support for that - also the dongle only supports verifying one payment output (+ one change output) when using the internal second factor (this is not an issue for GreenAddress considering its very specific use case) (edit : there's no support for it in the app, but it's supported in the API or through a BIP 70 request)
|
|
|
|
Muhammed Zakir
|
|
December 05, 2014, 12:44:07 PM |
|
you can import an arbitrary key in developer mode, but then you have to do everything in developer mode (i.e. you are actually signing arbitrary data, without checking anything about the transaction)
Sorry for asking a dump question : Which wallet should I use to do this? Or should I have to use BTChip-python/C/java - I am not used to this but I can give it a try? Any documentation? I don't think there's support for that - also the dongle only supports verifying one payment output (+ one change output) when using the internal second factor (this is not an issue for GreenAddress considering its very specific use case)
Why can't it verify the outputs/inputs one by one? Will it be supported in future? ~~MZ~~
|
|
|
|
btchip (OP)
|
|
December 05, 2014, 06:34:57 PM |
|
you can import an arbitrary key in developer mode, but then you have to do everything in developer mode (i.e. you are actually signing arbitrary data, without checking anything about the transaction)
Sorry for asking a dump question : Which wallet should I use to do this? Or should I have to use BTChip-python/C/java - I am not used to this but I can give it a try? Any documentation? You're basically on your own with that - the C API @ https://github.com/LedgerHQ/btchip-c-api is the most documented one with all developer mode functions implemented (btchip_importPrivateKey, btchip_deriveBip32Key, btchip_getPublicKey, btchip_signImmediate). All those functions are well described in the API documentation @ https://ledgerhq.github.io/btchip-doc/bitcoin-technical.html#_developer_mode_apdusI don't think there's support for that - also the dongle only supports verifying one payment output (+ one change output) when using the internal second factor (this is not an issue for GreenAddress considering its very specific use case)
Why can't it verify the outputs/inputs one by one? Will it be supported in future? ~~MZ~~ it doesn't verify outputs (not important for inputs as they're cumulated) one by one because then you'd have to remove / insert the dongle for each output, which is kind of annoying. It's not a technical limitation, more a design limitation. I plan to add this in a future firmware version, maybe not for this product though.
|
|
|
|
Muhammed Zakir
|
|
December 11, 2014, 01:39:40 PM |
|
Thanks! I used it. I could create a wallet in normal mode to test but now I want to change it to Developer mode and I am getting some errors. How can I wipe the dongle? I entered 3 invalid pins in a row but I didn't see anything about 'wipe'. What is developer key? P.S. I think 'wipe pin' can be used to create a new seed and what is the pin? Is wipe pin and user pin same but in different places when typing? I think btchip_setOperationMode can be used to change the mode, so this will suffice my need. I found this on the guide: The dongle must be physically reset following this command if switching to a different mode than the current mode.
How to reset the dongle physically? Additional description of setup parameters : When enabled, RFC 6979 deterministic signatures will be used for all operations in wallet, relaxed wallet and server modes. RFC 6979 deterministic signatures are always available in developer mode.
Note : Using deterministic signatures will make the signing process slower and could possibly create a larger side channel attack surface due to the way private keys are handled during the computation of the random value. We suggest to only enable this mode if you don’t trust the chip hardware Random Number Generator or are sure of understanding the risks.
Can you explain please? it doesn't verify outputs (not important for inputs as they're cumulated) one by one because then you'd have to remove / insert the dongle for each output, which is kind of annoying. It's not a technical limitation, more a design limitation. I plan to add this in a future firmware version, maybe not for this product though.
Hmm... Noob : Can I create a TX from online wallet and then sign the raw TX using BTChip? ~~MZ~~
|
|
|
|
btchip (OP)
|
|
December 19, 2014, 12:16:55 AM |
|
Thanks! I used it. I could create a wallet in normal mode to test but now I want to change it to Developer mode and I am getting some errors. How can I wipe the dongle? I entered 3 invalid pins in a row but I didn't see anything about 'wipe'. What is developer key?
Entering 3 invalid PINs in a row will wipe it (i.e. reset the seed and you start with a fresh dongle). The developer key is the Triple DES key used to encrypt private keys that go out of the dongle in developer mode. P.S. I think 'wipe pin' can be used to create a new seed and what is the pin? Is wipe pin and user pin same but in different places when typing? I think btchip_setOperationMode can be used to change the mode, so this will suffice my need. I found this on the guide:
You can ignore the wipe PIN as it'll be changed soon - for the time being, when entered, it changes the seed to a random value permanently. in order to use the developer mode, you need to setup the dongle with this mode authorized (i.e. WALLET+DEVELOPER if using the C API if you want to use both). Then you can switch modes with btchip_setOperationMode The dongle must be physically reset following this command if switching to a different mode than the current mode.
How to reset the dongle physically? That's the entering-3-wrong-PINs-thing Additional description of setup parameters : When enabled, RFC 6979 deterministic signatures will be used for all operations in wallet, relaxed wallet and server modes. RFC 6979 deterministic signatures are always available in developer mode.
Note : Using deterministic signatures will make the signing process slower and could possibly create a larger side channel attack surface due to the way private keys are handled during the computation of the random value. We suggest to only enable this mode if you don’t trust the chip hardware Random Number Generator or are sure of understanding the risks.
Can you explain please? RFC6979 uses an ECC private key as a message component passed to a HMAC, which is not something you usually do - it'll break the "balanced" algorithms, trying to mask the values of private keys as they go from flash to RAM to the cryptoprocessor on a smartcard. So it might open more subtle attacks, but it's too popular to be ignored in Bitcoin space, so it's always used it doesn't verify outputs (not important for inputs as they're cumulated) one by one because then you'd have to remove / insert the dongle for each output, which is kind of annoying. It's not a technical limitation, more a design limitation. I plan to add this in a future firmware version, maybe not for this product though.
Hmm... Noob : Can I create a TX from online wallet and then sign the raw TX using BTChip? ~~MZ~~ Depending how the wallet is implemented, you can. This is what's done with Coinkite co-signing solution for example (sample over there https://github.com/BitMEX/btchip-signing-tools)
|
|
|
|
viking02
|
|
December 19, 2014, 06:55:28 AM |
|
how is this compared to trezor?
how fast does it ship to east coast usa?
is it very easy for someone that is not computer savy?
|
|
|
|
,,,,╓╖µpp╖╖,,,, ,╓g▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄µ╖ ,╖ ,╓@▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓Ñ╖ ,@▓▌ ,á▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓µ╫▓▓▓▌ ╓@▓▓▓▓▓▓▓▓▓█▓▀╜╙ '╙▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ╓▓▓▓▓▓▓▓▓█▓▀` ╙▀▓▓▓███████▌ @▓▓▓▓▓▓▓█▀` ,,,,, ,g▓███████▀` ╓▓▓▓▓▓▓██▀ ,µ▄▓▓▓▓▓▓▓█▓▓▓▄@, ,@▓███████▀ ]▓▓▓▓███▓` ╓▄▓█▓▓▓▓▓▓▓▓▓▓▓█████████████▓╜ ]▓▓▓▓█▓█╝ ╓▓█████▓▓▓▓▓▓▓▓▓████████████▀╜ ▓▓▓▓███▌ ╙▓███████▓▒ "▀▓██████▀` ╫▓▓▓███▌ "▀████████▄ '▓██▀ ▓█▓███▓▒ `▀████████▄, ` ]▓█████▌ ╙████████▓, ]▓█████▌ ╙▓█▓█▓▓▓█▓╖ ]▓█████▌ ╙▀█▓▓▓▓▓▓▓╖ ▓█████▓[ ,, `▀▓▓▓▓▓▓▓▓▄ ▓██████[ ╓@ ╙▓▓▓▓▓▓▓▓▓╖ ╠██████▓ ╓▓▓▓▓m ╙▓█▓▓▓▓▓█▓@ ▓█████╜ ,g▓▓▓▓▓▓▓▓▓▄╖╖,,,╓╖▓▓██▓▓▓▓▓▓ └▓█▓╜ ,@▓▓▓▓▓▓▓▓▓▓▓▓████████████▓▓█▀ '" ╓@▓▓▓▓▓▓▓▓▀▓▓▓▓█████████████▀╙ , ╓▓▓▓▓▓▓▓▓▓╜ ╙▀▀▀▀▓▓▓▀▀▀▀╜ ╓▓▓▓╖ g▓█▓▓▓▓▓▓▓` ,g▓▓▓▓▓▓▓w ,g▓██████████▓▄, ,╓@▓▓█▓▓▓█▓██╜ ▓████████████████▓▄▄p╖,, ,,╓µ▄▄▓██████████▓╜ ▓█████╜╙▀███████████████████████████████████▀` ▓██▓╜ "▀▀███████████████████████████▀╜` ▓▀` ╙▀▀▀███████████████▀▀▀" | . COMSA ICO: Oct 2 - Nov 6 | █████ ▄▄▄ ███ ███ ▀▀▀ ███ ███ ███ ▀▀▀ ███ ███ ███ █████ | | █████ ▄▄▄▄▄ █████ █████ ▀▀▀▀▀ █████ █████ █████ ▀▀▀▀▀ █████ █████ █████ █████ |
|
|
|
btchip (OP)
|
|
December 19, 2014, 07:48:52 AM |
|
how is this compared to trezor?
it's cheaper, based on a smartcard, but doesn't have a screen or buttons. Functionally speaking it does the same thing differently. how fast does it ship to east coast usa?
between one and two weeks is it very easy for someone that is not computer savy?
it's reasonably easy (especially with GreenAddress) but for the easiest experience we offer the Ledger Wallet, based on the same technology with significantly more polish.
|
|
|
|
viking02
|
|
December 20, 2014, 03:52:36 AM |
|
whats the usd cost for ledger hw1 vs ledgerwallet?
|
|
|
|
,,,,╓╖µpp╖╖,,,, ,╓g▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄µ╖ ,╖ ,╓@▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓Ñ╖ ,@▓▌ ,á▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓µ╫▓▓▓▌ ╓@▓▓▓▓▓▓▓▓▓█▓▀╜╙ '╙▀▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ╓▓▓▓▓▓▓▓▓█▓▀` ╙▀▓▓▓███████▌ @▓▓▓▓▓▓▓█▀` ,,,,, ,g▓███████▀` ╓▓▓▓▓▓▓██▀ ,µ▄▓▓▓▓▓▓▓█▓▓▓▄@, ,@▓███████▀ ]▓▓▓▓███▓` ╓▄▓█▓▓▓▓▓▓▓▓▓▓▓█████████████▓╜ ]▓▓▓▓█▓█╝ ╓▓█████▓▓▓▓▓▓▓▓▓████████████▀╜ ▓▓▓▓███▌ ╙▓███████▓▒ "▀▓██████▀` ╫▓▓▓███▌ "▀████████▄ '▓██▀ ▓█▓███▓▒ `▀████████▄, ` ]▓█████▌ ╙████████▓, ]▓█████▌ ╙▓█▓█▓▓▓█▓╖ ]▓█████▌ ╙▀█▓▓▓▓▓▓▓╖ ▓█████▓[ ,, `▀▓▓▓▓▓▓▓▓▄ ▓██████[ ╓@ ╙▓▓▓▓▓▓▓▓▓╖ ╠██████▓ ╓▓▓▓▓m ╙▓█▓▓▓▓▓█▓@ ▓█████╜ ,g▓▓▓▓▓▓▓▓▓▄╖╖,,,╓╖▓▓██▓▓▓▓▓▓ └▓█▓╜ ,@▓▓▓▓▓▓▓▓▓▓▓▓████████████▓▓█▀ '" ╓@▓▓▓▓▓▓▓▓▀▓▓▓▓█████████████▀╙ , ╓▓▓▓▓▓▓▓▓▓╜ ╙▀▀▀▀▓▓▓▀▀▀▀╜ ╓▓▓▓╖ g▓█▓▓▓▓▓▓▓` ,g▓▓▓▓▓▓▓w ,g▓██████████▓▄, ,╓@▓▓█▓▓▓█▓██╜ ▓████████████████▓▄▄p╖,, ,,╓µ▄▄▓██████████▓╜ ▓█████╜╙▀███████████████████████████████████▀` ▓██▓╜ "▀▀███████████████████████████▀╜` ▓▀` ╙▀▀▀███████████████▀▀▀" | . COMSA ICO: Oct 2 - Nov 6 | █████ ▄▄▄ ███ ███ ▀▀▀ ███ ███ ███ ▀▀▀ ███ ███ ███ █████ | | █████ ▄▄▄▄▄ █████ █████ ▀▀▀▀▀ █████ █████ █████ ▀▀▀▀▀ █████ █████ █████ █████ |
|
|
|
Muhammed Zakir
|
|
December 27, 2014, 03:20:11 PM |
|
Please help me! BTChip is working with electrum now and I imported 2 private keys. After that, I tried to sign messages but I am getting errors. Any solution? ~~MZ~~
|
|
|
|
btchip (OP)
|
|
December 27, 2014, 07:30:07 PM |
|
whats the usd cost for ledger hw1 vs ledgerwallet?
around half of it Please help me! BTChip is working with electrum now and I imported 2 private keys. After that, I tried to sign messages but I am getting errors. Any solution?
~~MZ~~
that's weird, it shouldn't be using the chip to sign that as the keys are not in it. It should deny key imports for this wallet.
|
|
|
|
|
btchip (OP)
|
|
January 11, 2015, 03:38:19 PM |
|
still working here, what's your OS and Chrome version ?
|
|
|
|
Muhammed Zakir
|
|
January 11, 2015, 03:52:05 PM |
|
still working here, what's your OS and Chrome version ?
I'm on Windows 7 using Chrome latest version. I will check whether it is working with Chrome Canary. ~~MZ~~
|
|
|
|
btchip (OP)
|
|
January 11, 2015, 06:21:44 PM |
|
Did you try to remove it and reinstall it ? It looks like a filesystem corruption.
|
|
|
|
ddepker
Newbie
Offline
Activity: 24
Merit: 0
|
|
January 17, 2015, 07:18:36 AM |
|
There is an option for using security keys when trying to log in to Google. https://support.google.com/accounts/answer/6103523?hl=enIs it possible to use the HW.1 key to secure my Google account while also using it to secure my Bitcoin wallet?
|
|
|
|
Muhammed Zakir
|
|
January 17, 2015, 07:35:01 AM |
|
For your information : FYI it'll be possible to use the Ledger Wallet interface with HW.1 and the next firmware release with some additional setup. It'll also be possible to buy our next hardware wallets with a discount if you own a HW.1 or a Ledger Wallet.
~~MZ~~
|
|
|
|
Voltarius
Sr. Member
Offline
Activity: 294
Merit: 250
Mercurial
|
|
January 17, 2015, 07:55:32 AM Last edit: August 17, 2015, 07:25:00 PM by Voltarius |
|
Seems like a good project, keep it up and I hope these smart cards can get made!
|
|
|
|
btchip (OP)
|
|
January 18, 2015, 03:47:23 AM |
|
no, it's unfortunately not possible. The U2F implementation is done on a different firmware version requiring attestation keys that are installed at factory personalization time Seems like a good project, keep it up and I hope these smart cards can get made! well the cards are made and actually quite popular at TNABC
|
|
|
|
owlcatz
Legendary
Offline
Activity: 3626
Merit: 1967
|
|
January 18, 2015, 10:41:26 PM |
|
no, it's unfortunately not possible. The U2F implementation is done on a different firmware version requiring attestation keys that are installed at factory personalization time Seems like a good project, keep it up and I hope these smart cards can get made! well the cards are made and actually quite popular at TNABC I got one yesterday in the mail. can't get any computer to even recognize it. how do i tell if it's dead or something? spent like 2 hours with it, waste of time so far... Edit - two windows 7 64-bit - even tried old drivers etc. nothing seems to work ... Windows device manager sees nothing at all, no matter what usb port i try. 1 Dell laptop and 1 ASUS home built desktop. ps i tried on linux mint as well, but i didn't get very far at all before giving up there too. (Older laptop). thanks for any help.
|
. I C Λ R U S | | | | █████▄▄█████▄▄ ████████▀▀▀████ ██████▀█████▀███ ████████████████ ████████████████ ████████████████ ░▄█████████████████ ███████████████████ ███████████████████ ████████░░░▀▀▀▀▀▀▀▀ ████████▄▄▄████████ ███████████████████ █████████████████▀ | ░░░███ ▄▄▄███ ██████ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ▄████████ ███▌░▐███ ████████▀ | | | | | █████████████████████ █████████████████████ █████████████████████ ██████▀▀▀▀████▀▀█████ █████░░▄▄░░██░░░█████ █████▄▄██░░███░░█████ █████▀▀▀▀░░▀██░░█████ ████░░░░▄▄▄▄█▀░░▀████ ████░░░░░░░░█░▀▀░████ █████████████████████ █████████████████████ █████████████████████ █████████████████████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | | | | ████ ██
██ ████ | | ████ ██
██ ████ |
[/ce
|
|
|
btchip (OP)
|
|
January 18, 2015, 11:19:42 PM |
|
the card is supposed to appear as a usb device on 2581:2b7c on your system (using windows control panel / lsusb on Linux)
if it doesn't, check that you folded it properly
if it still doesn't work, contact support to get another one sent
|
|
|
|
owlcatz
Legendary
Offline
Activity: 3626
Merit: 1967
|
|
January 18, 2015, 11:50:25 PM |
|
the card is supposed to appear as a usb device on 2581:2b7c on your system (using windows control panel / lsusb on Linux)
if it doesn't, check that you folded it properly
if it still doesn't work, contact support to get another one sent
ok, thanks. i guess mine must be dead - I accidentally broke it off on the "clip" before reading the full instructions, but it's stuck back on there just fine so i'm not sure if that is the issue, i wouldn't think so, it fits fairly snug etc. i'll have a super-geek i work with give a try tomorrow before contacting support, maybe i'm missing something simple. Thanks again, i appreciate the quick response.
|
. I C Λ R U S | | | | █████▄▄█████▄▄ ████████▀▀▀████ ██████▀█████▀███ ████████████████ ████████████████ ████████████████ ░▄█████████████████ ███████████████████ ███████████████████ ████████░░░▀▀▀▀▀▀▀▀ ████████▄▄▄████████ ███████████████████ █████████████████▀ | ░░░███ ▄▄▄███ ██████ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ▄████████ ███▌░▐███ ████████▀ | | | | | █████████████████████ █████████████████████ █████████████████████ ██████▀▀▀▀████▀▀█████ █████░░▄▄░░██░░░█████ █████▄▄██░░███░░█████ █████▀▀▀▀░░▀██░░█████ ████░░░░▄▄▄▄█▀░░▀████ ████░░░░░░░░█░▀▀░████ █████████████████████ █████████████████████ █████████████████████ █████████████████████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | | | | ████ ██
██ ████ | | ████ ██
██ ████ |
[/ce
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
January 19, 2015, 02:48:33 AM |
|
In Windows Device Manager it will show up as an HID (Human Interface Device). The computer sees it as a keyboard. It will not show up under the USB tab.
|
|
|
|
btchip (OP)
|
|
January 19, 2015, 10:38:40 AM |
|
the card is supposed to appear as a usb device on 2581:2b7c on your system (using windows control panel / lsusb on Linux)
if it doesn't, check that you folded it properly
if it still doesn't work, contact support to get another one sent
ok, thanks. i guess mine must be dead - I accidentally broke it off on the "clip" before reading the full instructions, but it's stuck back on there just fine so i'm not sure if that is the issue, i wouldn't think so, it fits fairly snug etc. i'll have a super-geek i work with give a try tomorrow before contacting support, maybe i'm missing something simple. Thanks again, i appreciate the quick response. yes, might just be slightly off - try to nudge it a bit up in the USB port maybe.
|
|
|
|
GenTarkin
Legendary
Offline
Activity: 2450
Merit: 1002
|
|
March 05, 2015, 01:10:16 AM |
|
Are these things still being shipped? I put an order through on hardwarewallet.com and it never accepted my payment =( ... I sent the BTC and it confirmed and I confirmed the addresses were the same. I never received an email or anything. I emailed hardwarewallet bout it ... Anyone got ideas?
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
March 05, 2015, 03:08:21 AM |
|
Are these things still being shipped? I put an order through on hardwarewallet.com and it never accepted my payment =( ... I sent the BTC and it confirmed and I confirmed the addresses were the same. I never received an email or anything. I emailed hardwarewallet bout it ... Anyone got ideas?
How long ago did you buy? When I bought mine there is no confirmation or contact after paying. They just mail it out and you receive it by regular airmail or registered airmail depending on the country you live in.
|
|
|
|
AussieHash
|
|
March 05, 2015, 07:26:19 AM |
|
Are these things still being shipped? I put an order through on hardwarewallet.com and it never accepted my payment =( ... I sent the BTC and it confirmed and I confirmed the addresses were the same. I never received an email or anything. I emailed hardwarewallet bout it ... Anyone got ideas?
If everything goes through correctly, the payment page transforms in to a PDF confirmation receipt. One of my orders failed to progress normally, so I emailed support and they sorted it out. You could potentially also login to you payment history if the wallet you paid through supports BitID (probably only mycelium on android)
|
|
|
|
mistercoin
Legendary
Offline
Activity: 1038
Merit: 1000
https://r.honeygain.me/XEDDM2B07C
|
|
March 06, 2015, 02:45:00 PM |
|
It would be awesome if there was a piece of software that anyone could use to turn a normal USB drive into a hardware wallet. But until then, this will do very nice to secure me
|
|
|
|
WBF1
|
|
April 01, 2015, 09:19:10 PM |
|
Can I use greenbits on android to do all that is needed in wallet mode with the hw-1? I mean from initialization through usage? Or do I need to use a computer for some steps?
Also, does hw-1 use it's own rng? Or does it use that of the host? Or some combination? Is it possible to add your own salt?
Also is the 2fa via usb keyboard emulation required for every transaction or is that optional?
Is hw-1 basically the same as ledger with a different form factor? Or are there usability differences?
(sorry if these are answered elsewhere in this thread... I read back several pages and didn't see anything conclusive).
|
|
|
|
btchip (OP)
|
|
April 03, 2015, 02:45:51 AM |
|
Can I use greenbits on android to do all that is needed in wallet mode with the hw-1? I mean from initialization through usage? Or do I need to use a computer for some steps?
You'll need to use a computer for initialization. Also, does hw-1 use it's own rng? Or does it use that of the host? Or some combination? Is it possible to add your own salt?
It uses its own RNG, or a seed provided by the user. After that, the RNG is not used if using deterministic signatures. It's not possible to add your own salt. Also is the 2fa via usb keyboard emulation required for every transaction or is that optional?
It is required for every transaction - with the latest Ledger Wallet firmware, you can replace it by a security card lookup or a mobile second factor though. Is hw-1 basically the same as ledger with a different form factor? Or are there usability differences?
It's the same chip in a different form factor - with the latest firmware, both are exactly similar features wise.
|
|
|
|
WBF1
|
|
April 03, 2015, 03:12:05 AM |
|
Thanks very much for the reply. One more question: is it possible to export xpub from the device so you can generate receiving addresses without having the device plugged in? What I mean is using it with mycelium or BTCRecieve for watch only but also for generating receiving addresses.
|
|
|
|
btchip (OP)
|
|
April 03, 2015, 06:52:11 AM |
|
Thanks very much for the reply. One more question: is it possible to export xpub from the device so you can generate receiving addresses without having the device plugged in? What I mean is using it with mycelium or BTCRecieve for watch only but also for generating receiving addresses.
yes, it's possible. It's not widely used so far, but you can find some examples in https://github.com/BitMEX/btchip-signing-tools for example. Integration into Mycelium is also ongoing
|
|
|
|
WBF1
|
|
April 03, 2015, 01:48:26 PM |
|
Sounds great. Being able to easily load up xpub into mycelium, the ledger companion app, or btcrecieve (which the trezor folks have rebranded into the "my trezor lite" app) would make it much easier to receive funds to new addresses in the hd wallet without needing the device connected. Definitely something I would think most users would be interested in, especially if btchip-based devices are being used for cold storage and kept in a safe, not readily accessible place.
|
|
|
|
Muhammed Zakir
|
|
April 04, 2015, 07:39:39 AM |
|
Error. Obviously because of the slow internet. Processing dependencies for btchip-signer==0.1 Searching for python-dateutil Reading https://pypi.python.org/simple/python-dateutil/ error: The read operation timed out
Can anybody list the dependencies so that I can install them one by one? If the dependencies are pre-installed, it will be skipped when running the setup right? P.S. What can we do with signTxArmory?
|
|
|
|
WBF1
|
|
April 07, 2015, 09:26:47 PM |
|
Does hw1/ledger/greenaddress work on chromium instead of chrome? Wasn't sure if this is a btchip question or a greenaddress question...
|
|
|
|
btchip (OP)
|
|
April 07, 2015, 09:30:44 PM |
|
Can anybody list the dependencies so that I can install them one by one? If the dependencies are pre-installed, it will be skipped when running the setup right?
If nobody is at it before I do, I'll have a look in the coming weeks. The Python implementation has some annoying low level bugs (related to the HID support) that need to be addressed. P.S. What can we do with signTxArmory?
Initially perform multi signature with Armory lockboxes, but we run into an issue regarding compressed keys support in P2SH scripts when this was done (circa October 2014) which prevented us from moving forward. I don't know what's the status nowadays. Does hw1/ledger/greenaddress work on chromium instead of chrome? Wasn't sure if this is a btchip question or a greenaddress question...
yes, everything should work fine on Chromium. The USB connectivity extensions are present in both versions.
|
|
|
|
WBF1
|
|
April 08, 2015, 04:37:27 AM |
|
@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)
|
|
|
|
btchip (OP)
|
|
April 08, 2015, 05:48:56 AM |
|
@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)
yes, email would be preferred ( support@ledgerwallet.com)
|
|
|
|
Muhammed Zakir
|
|
April 08, 2015, 05:55:40 AM |
|
@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)
Hi! I maybe able to help you. Can you give more details please? • Which wallet are you trying to use with HW. 1? • Which OS? I suggest you to use Electrum 2.0 or Multibit beta wallet or GreenAddress. You may also use BTChip API.
|
|
|
|
LOBSTER
|
|
April 08, 2015, 10:06:38 AM |
|
When it's possible to order the cards? I prefer it more than the USB stick.
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
April 08, 2015, 02:08:42 PM |
|
When it's possible to order the cards? I prefer it more than the USB stick.
The cards have always been available but they are still a USB device. https://buy.hardwarewallet.com/hw1shop/
|
|
|
|
btchip (OP)
|
|
April 08, 2015, 02:53:46 PM |
|
I suggest you to use Electrum 2.0 or Multibit beta wallet or GreenAddress. You may also use BTChip API.
Multibit is not integrated yet. We did Mycelium first.
|
|
|
|
|
btchip (OP)
|
|
April 08, 2015, 03:28:15 PM |
|
Oh. A bit too early then Thanks for the heads up. ETA?
I'd say a few weeks. Everything is more or less done on my side regarding physical devices, just need to add support for our upcoming TEE application.
|
|
|
|
WBF1
|
|
April 08, 2015, 08:17:26 PM |
|
@btchip I got an hw1 in the mail. Tried everything and can't get it to work. You prefer troubleshooting here or by email or irc? (or are you even the right person to contact?)
Hi! I maybe able to help you. Can you give more details please? • Which wallet are you trying to use with HW. 1? • Which OS? I suggest you to use Electrum 2.0 or Multibit beta wallet or GreenAddress. You may also use BTChip API. I'll still email support, but basically greenaddress chrome app doesn't see my hw1 as being connected to have a seed written to it or to create its own entropy. I then did a firmware upgrade. I then tried greenaddress again and it didn't work. Since hw1 and ledger are identical after the latest firmware, I tried myledger. It sees the device then later says it's not supported. Support site/faq says this means it was flashed without a "security card" (which I believe is a ledger-specific thing). I tried reflashing with a security card seed but it didn't help. All was done initially on Linux with chromium (yes I added the udev rules). I then tried everything in Windows 8 with chrome and got the same result.
|
|
|
|
btchip (OP)
|
|
April 09, 2015, 04:20:24 AM |
|
Sorry, the update process is a bit flaky right now. Posting here since it can help other users. If you want to use it with GreenAddress, don't upgrade yet. The latest changes to support the new firmware have not been merged yet. That should happen soon. If you upgraded without a Security Card and want to use it with Ledger, you'll need to reset it the hard way. To do that, visit https://fupbeta.hardwarewallet.com/old/ledger - perform an update (without the security card), approve the override, then remove the dongle while the progress bar is moving in the longest "Flashing Application" sequence. Then go back to https://fup.hardwarewallet.com and enter a Security Card ID (that you can print yourself) before uploading. This will get sorted very soon.
|
|
|
|
WBF1
|
|
April 12, 2015, 03:08:59 AM |
|
Sorry, the update process is a bit flaky right now. Posting here since it can help other users. If you want to use it with GreenAddress, don't upgrade yet. The latest changes to support the new firmware have not been merged yet. That should happen soon. If you upgraded without a Security Card and want to use it with Ledger, you'll need to reset it the hard way. To do that, visit https://fupbeta.hardwarewallet.com/old/ledger - perform an update (without the security card), approve the override, then remove the dongle while the progress bar is moving in the longest "Flashing Application" sequence. Then go back to https://fup.hardwarewallet.com and enter a Security Card ID (that you can print yourself) before uploading. This will get sorted very soon. This more or less worked. Thanks.
|
|
|
|
btchip (OP)
|
|
April 12, 2015, 03:22:10 AM |
|
Glad to hear that. We'll make it easier for the next updates. Also GreenAddress support is moving forward, on time for the beginning of the week.
|
|
|
|
WBF1
|
|
April 12, 2015, 07:31:58 PM |
|
Sounds good. On the software side the only app I can use is myLedger. I really hope you guys get an android based client working over OTG cable. So far greenbits hasn't worked and greenaddress hasn't worked and I can't get electrum setup with btchip support.
My main use case is for cold storage so I don't have to keep making paper wallets. Being able to withdraw from that without a computer would still be nice though.
|
|
|
|
btchip (OP)
|
|
April 13, 2015, 12:45:02 AM |
|
Sounds good. On the software side the only app I can use is myLedger. I really hope you guys get an android based client working over OTG cable. So far greenbits hasn't worked and greenaddress hasn't worked and I can't get electrum setup with btchip support.
Both should work again with the update. But on a different wallet than the Ledger Wallet application of course. Mycelium support is also coming, that one will be fully compatible with Ledger Wallet (same addresses derived)
|
|
|
|
WBF1
|
|
April 13, 2015, 02:08:51 AM |
|
Both should work again with the update. But on a different wallet than the Ledger Wallet application of course.
Do you mean greenaddress and greenbits? And do you mean with the next update of the android and chrome apps or update of HW1 firmware?
|
|
|
|
btchip (OP)
|
|
April 13, 2015, 02:54:00 AM |
|
GreenAddress and GreenBits yes. Since they are multisig they operate on a different key hierarchy.
I mean the next update of those apps. The firmware is ok.
Actually, GreenAddress update has been pushed on desktop. So if you create/restore a new wallet with it, you should be able to use it on desktop, then to use it with GreenBits (GreenAddress Android is not pushed yet)
|
|
|
|
WBF1
|
|
April 14, 2015, 12:37:13 PM |
|
GreenAddress and GreenBits yes. Since they are multisig they operate on a different key hierarchy.
I mean the next update of those apps. The firmware is ok.
Actually, GreenAddress update has been pushed on desktop. So if you create/restore a new wallet with it, you should be able to use it on desktop, then to use it with GreenBits (GreenAddress Android is not pushed yet)
Sorry for so many questions, by do you mean greenaddress in chrome store?
|
|
|
|
Muhammed Zakir
|
|
April 15, 2015, 09:09:32 AM |
|
Yes, GreenAddress in Chrome store. Haven't you tried Electrum? It is easy and it works well.
|
|
|
|
WBF1
|
|
April 15, 2015, 11:30:30 AM |
|
Yes, GreenAddress in Chrome store. Haven't you tried Electrum? It is easy and it works well.
I was unable to get btchip support working.
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
April 15, 2015, 11:43:43 AM |
|
Yes, GreenAddress in Chrome store. Haven't you tried Electrum? It is easy and it works well.
I was unable to get btchip support working. It works with the older firmware. Apparently the new firmware broke it and Green Address has not updated the app yet to fix what is broken.
|
|
|
|
WBF1
|
|
April 15, 2015, 01:10:33 PM |
|
Been playing around with the newest greenaddress this morning and it works (version 0.0.66, downloaded directly from github).
After initializing with greenaddress, the hw1 then works fine in greenbits.
I then tried to log in with myLedger and it worked, but i think it uses a different address path.
Some questions: are the greenaddress and myLedger accounts/ addresses using the same seed? So that if I wiped then restored the seed, I could restore my addresses and balances on both myLedger and green address? And is the security card used with myLedger separate from the seed and not reset when entering PIN 3 times?
|
|
|
|
btchip (OP)
|
|
April 15, 2015, 02:58:38 PM |
|
It works with the older firmware. Apparently the new firmware broke it and Green Address has not updated the app yet to fix what is broken.
it's ok now, the new GreenAddress version fixes that. Been playing around with the newest greenaddress this morning and it works (version 0.0.66, downloaded directly from github).
After initializing with greenaddress, the hw1 then works fine in greenbits.
I then tried to log in with myLedger and it worked, but i think it uses a different address path.
Great, good to know everything is fine. Some questions: are the greenaddress and myLedger accounts/ addresses using the same seed? So that if I wiped then restored the seed, I could restore my addresses and balances on both myLedger and green address? And is the security card used with myLedger separate from the seed and not reset when entering PIN 3 times?
yes to all of that. If you want to change your security card, you either have to reflash the firmware, or to use a user side function which is not properly documented yet - https://ledgerhq.github.io/btchip-doc/bitcoin-technical.html#_set_user_keycard
|
|
|
|
WBF1
|
|
April 15, 2015, 04:14:43 PM |
|
Good to know. So it won't matter if I use greenaddress, myLedger, or the chip itself to generate the entropy and seed?
|
|
|
|
btchip (OP)
|
|
April 15, 2015, 07:39:46 PM |
|
Good to know. So it won't matter if I use greenaddress, myLedger, or the chip itself to generate the entropy and seed?
yes, same thing, even if you use some external API, you just need to make sure to include the feature NO_2FA_P2SH to be compatible with GreenAddress/GreenBits.
|
|
|
|
WBF1
|
|
April 24, 2015, 01:52:41 AM |
|
So I've been testing the HW1 with myLedger, greenaddress, and greenbits. So far I'm very happy with it. My only real sore point is not being able to generate receiving address without the device connected and unlocked. There needs to be an easy way to do this. Maybe integrating it into the Ledger 2FA app or at the very least a simple way to export xpub.
|
|
|
|
|
WBF1
|
|
April 24, 2015, 06:10:48 PM |
|
Cool. It's not a must have for me personally at this moment, but it will certainly make things easier.
|
|
|
|
|
|
Mrtimbrady
Newbie
Offline
Activity: 3
Merit: 0
|
|
May 06, 2015, 05:46:37 PM |
|
Sounds great!
|
|
|
|
jdebunt
Legendary
Offline
Activity: 1596
Merit: 1010
|
|
May 06, 2015, 06:33:44 PM |
|
A 15 eur device will be far more appealing to new/novice Bitcoin users I'd say
|
|
|
|
btchip (OP)
|
|
May 06, 2015, 07:46:00 PM |
|
A 15 eur device will be far more appealing to new/novice Bitcoin users I'd say yes, it has been hiding in plain sight for too long I guess
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
May 07, 2015, 02:27:28 AM |
|
Is there any way to get a security card for an original HW card so that it can be used with the ledger wallet chrome app?
|
|
|
|
WBF1
|
|
May 07, 2015, 02:54:55 AM |
|
Is there any way to get a security card for an original HW card so that it can be used with the ledger wallet chrome app?
You should be able to create one in the firmware update process.
|
|
|
|
btchip (OP)
|
|
May 07, 2015, 03:32:09 AM |
|
Is there any way to get a security card for an original HW card so that it can be used with the ledger wallet chrome app?
You should be able to create one in the firmware update process. Yes, there's a link to do that at https://fup.hardwarewallet.com/buildKeycard.html
|
|
|
|
alexrossi
Legendary
Offline
Activity: 3724
Merit: 1739
Join the world-leading crypto sportsbook NOW!
|
|
May 07, 2015, 04:32:45 PM |
|
I've bought a couple of HW1, both with the old firmware. I've tried to update one to the latest version with success (througt the fup.hardwarewallet.com tool). I've tried to initialize it, but now is stuck after the generation of the seed, in the part when i should unplug it and plug with an open text editor to backup my seed. Basically everytime that i try to plug in this HW1 it's recognized as keyboard, but it does not output the seed, or at least return in the standard mode :/
|
|
|
|
btchip (OP)
|
|
May 07, 2015, 05:18:00 PM |
|
Can you describe very precisely all steps you followed to end up with that and your system configuration ? (on Ledger support mail preferably). I've been tracking this one down and unable to reproduce it yet.
Thanks
|
|
|
|
alexrossi
Legendary
Offline
Activity: 3724
Merit: 1739
Join the world-leading crypto sportsbook NOW!
|
|
May 07, 2015, 05:25:50 PM |
|
Can you describe very precisely all steps you followed to end up with that and your system configuration ? (on Ledger support mail preferably). I've been tracking this one down and unable to reproduce it yet.
Thanks
Successfull firmware update > Setup with the internal seed generator > Backup the seed > Stuck Can i also ask a good APDU tool to communicate with the btchip? (for low level tweaking)
|
|
|
|
|
alexrossi
Legendary
Offline
Activity: 3724
Merit: 1739
Join the world-leading crypto sportsbook NOW!
|
|
May 09, 2015, 09:05:05 AM |
|
With which software ? On which OS ?
Electrum + ubuntu 15.04 Now i've a bricked btchip and one that is working flawlessy But my major concern is this (also posted on github): I've set my btchip in relaxed wallet mode, and now i should be able to sign transactions with how many outputs i want. But when i try to load a CSV range of address + amounts with the dedicated feature in electrum, the button "Sign" just does not appear. There is an already aviable tool that allows a complete use of the relaxed/developer mode?
|
|
|
|
|
btchip (OP)
|
|
May 09, 2015, 12:03:26 PM |
|
Now i've a bricked btchip and one that is working flawlessy I was able to unbrick a HW-1 with a firmware downgrade won't work here. That's why I'm asking the guy to contact support. I'll re-ping. Sorry, it's a bit difficult to get hold of people in France in May (about 2-3 bank holidays per week all month)
|
|
|
|
kalgecin
|
|
May 13, 2015, 01:11:31 PM |
|
Hi can I use the same wallet I use for my other ledger products on this easily?
|
|
|
|
Muhammed Zakir
|
|
May 13, 2015, 01:29:54 PM |
|
Hi can I use the same wallet I use for my other ledger products on this easily?
If you backup the seed, you can restore it in any of your HW.1.
|
|
|
|
Wotan777
Newbie
Offline
Activity: 37
Merit: 0
|
|
May 15, 2015, 05:38:17 PM |
|
I tried to install btchip-python under Win 7, 64 bit. - installed python-2.7.9.amd64.msi - added to PATH C:\Python27\;C:\Python27\Scripts\ - installed Microsoft Visual C++ VCForPython27.msi - pip install cython - pip install hidapi - downloaded https://github.com/walac/pyusb/archive/pyusb-master.zip- cd pyusb-master - python setup.py install - downloaded https://github.com/LedgerHQ/btchip-python/archive/btchip-python-master.zip- cd btchip-python-master - python setup.py install - cd samples - python getFirmwareVersion.py [hang up] I tried to run pyusb again: cd pyusb-master\tests python testall.py PyUSB ValueError: No backend available I Googled to this error, and found: http://stackoverflow.com/questions/5152133/pyusb-backend-not-accessibleIt said that "You need to install libusb-1.0, libusb-0.1, or openusb as a backend to pyusb." I downloaded libusb-win32-bin-1.2.6.0 cd libusb-win32-bin-1.2.6.0\bin inf-wizard.exe created a driver kit for Vendor ID Product ID Description 0x2581 0x2B7C Plug-up Then installed the created driver. Now pyusb tests run without errors. Also, btchip-python is operational, gets back the firmware version, but not always: btchip-python-master\samples>python getFirmwareVersion.py => e0c4000000 <= 010001040e014e9000 1.4.14 btchip-python-master\samples>python getFirmwareVersion.py => e0c4000000 Traceback (most recent call last): File "getFirmwareVersion.py", line 25, in <module> . . timeout File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 381, in _che ck raise USBError(errmsg, ret) usb.core.USBError: [Errno None] libusb0-dll:err [_usb_reap_async] reaping reques t failed, win error: "A device connected to the system doesn't operate properly" The next test runs only ONCE conrrectly, then gives an error, then gangs up. After pwercycle, the same... \btchip-python-master\tests>python testConnectivity.py btchip firmware version: => e0c4000000 <= 010001040e014e9000 {'compressedKeys': True, 'version': '1.4.14', 'specialVersion': 0} some random number from the dongle: => e0c0000014 <= f673c10e1ce482848366cbc75fe42cd61f41ea3f9000 ['0xf6', '0x73', '0xc1', '0xe', '0x1c', '0xe4', '0x82', '0x84', '0x83', '0x66', '0xcb', '0xc7', '0x5f', '0xe4', '0x2c', '0xd6', '0x1f', '0x41', '0xea', '0x3f'] \btchip-python-master\tests>python testConnectivity.py btchip firmware version: => e0c4000000 Traceback (most recent call last): File "testConnectivity.py", line 29, in <module> print(app.getFirmwareVersion()) File "C:\Python27\lib\site-packages\btchip_python-0.1.14-py2.7.egg\btchip\btch ip.py", line 363, in getFirmwareVersion response = self.dongle.exchange(bytearray(apdu)) File "C:\Python27\lib\site-packages\btchip_python-0.1.14-py2.7.egg\btchip\btch ipComm.py", line 79, in exchange self.device.write(0x02, tmp[offset:offset + 64], 0) File "C:\Python27\lib\site-packages\usb\core.py", line 898, in write self.__get_timeout(timeout) File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 499, in intr _write timeout) File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 552, in __wr ite timeout File "C:\Python27\lib\site-packages\usb\backend\libusb0.py", line 381, in _che ck raise USBError(errmsg, ret) usb.core.USBError: [Errno None] libusb0-dll:err [_usb_reap_async] reaping reques t failed, win error: Egy rendszerhez csatlakoztatott eszk÷z nem műk÷dik. btchip-python-master\tests>python testConnectivity.py btchip firmware version: => e0c4000000 [HANG UP] Please help! How to go on?
|
|
|
|
btchip (OP)
|
|
May 15, 2015, 06:01:18 PM |
|
Please help! How to go on?
The Python API is broken on Windows, and I didn't have the opportunity to have a look yet.
|
|
|
|
Muhammed Zakir
|
|
May 16, 2015, 07:22:57 AM |
|
Please help! How to go on?
The Python API is broken on Windows, and I didn't have the opportunity to have a look yet. It is working good for me. Was it broken after you made an commit(if any)?
|
|
|
|
Wotan777
Newbie
Offline
Activity: 37
Merit: 0
|
|
May 16, 2015, 07:57:09 AM |
|
@Muhammed Zakir: It is working good for me. Was it broken after you made an commit(if any)? In my case under Win7 64 bit btchip-python is unstable, can't be used together with Electrum. Did you use libusb-win32-bin-1.2.6.0? Did you compile cython with Microsoft Visual C++ VCForPython27? Or you used a MinGW environment?
|
|
|
|
Muhammed Zakir
|
|
May 16, 2015, 01:20:39 PM |
|
@Muhammed Zakir: It is working good for me. Was it broken after you made an commit(if any)? In my case under Win7 64 bit btchip-python is unstable, can't be used together with Electrum. Did you use libusb-win32-bin-1.2.6.0? Did you compile cython with Microsoft Visual C++ VCForPython27? Or you used a MinGW environment? Yes, I use libusb but don't remember the version and I installed Cython using Python setup.py command and it used Visual C++.
|
|
|
|
dasource
|
|
May 27, 2015, 08:32:40 PM Last edit: May 27, 2015, 08:51:16 PM by dasource |
|
Couple of questions... 1. How much more secure in the mobile app for second factor compared to the security card? (I can see the potential concern with the security card; is the Ledger team confident that the mobile app provides sufficient protection?) 2. I understand the second auth is not available if the nano/hw1 is used for multi-sig .. any plans to support that or is this a design decision? 3. What Key Derivation Paths are used by Ledger Wallet direct and Coinkite? should for example one need to manually pull those keys if said service is down etc. Keep up the great work Thanks
|
^ I am with STUPID!
|
|
|
jeannemadrigal2
|
|
May 27, 2015, 08:58:53 PM |
|
I just got a nano, it should come in the mail tomorrow and I am pretty excited about it.
I have a suggestion, I would like to see the support of altcoins, several different types of wallets, etc on the same device. I know maybe this is a hard thing to do but I am throwing it out there as and idea perhaps for a future product.
|
|
|
|
btchip (OP)
|
|
May 27, 2015, 10:01:27 PM |
|
Couple of questions...
1. How much more secure in the mobile app for second factor compared to the security card? (I can see the potential concern with the security card; is the Ledger team confident that the mobile app provides sufficient protection?)
the mobile app lets you verify the full transaction (including amount) so it's definitely better than the security card. Regarding its security a malware would have to compromise both the host and the phone simultaneously to trick you into signing something you didn't want to. 2. I understand the second auth is not available if the nano/hw1 is used for multi-sig .. any plans to support that or is this a design decision?
it's a design decision for this product as it'd make things awkward if for example you use your phone and the Ledger Nano for multi signature. On our next products supporting a screen (Trustlet, Blue) we'll be able to consistently verify the transaction. 3. What Key Derivation Paths are used by Ledger Wallet direct and Coinkite? should for example one need to manually pull those keys if said service is down etc.
Ledger Wallet uses standard BIP 44 on account 0 for the time being, Coinkite let you pick your own derivation path on the imported xpub then derives incrementally each key. I think you should be able to retrieve the current index on their signing page. Keep up the great work thanks, we'll do exactly that I just got a nano, it should come in the mail tomorrow and I am pretty excited about it.
I have a suggestion, I would like to see the support of altcoins, several different types of wallets, etc on the same device. I know maybe this is a hard thing to do but I am throwing it out there as and idea perhaps for a future product.
we plan to make it easier for people to support altcoins in the next firmware for third party wallets, if we get enough code space for that. Some people already worked on it with the current firmware, but it's not deployed yet.
|
|
|
|
dasource
|
|
May 27, 2015, 10:34:43 PM |
|
3. What Key Derivation Paths are used by Ledger Wallet direct and Coinkite? should for example one need to manually pull those keys if said service is down etc.
Ledger Wallet uses standard BIP 44 on account 0 for the time being, Coinkite let you pick your own derivation path on the imported xpub then derives incrementally each key. I think you should be able to retrieve the current index on their signing page. Thanks, in reference to the above; Not specific to Ledger but a general note. I noticed CoinKite starts its default at 1 ... going forward with more implementation and users being able to select which Subkey (at CK) on BIP44 path one could end up with clashes where addresses are being reused (say across multiple wallets using different implementations etc). Any thoughts on that?
|
^ I am with STUPID!
|
|
|
btchip (OP)
|
|
June 14, 2015, 03:19:39 PM |
|
Thanks, in reference to the above; Not specific to Ledger but a general note. I noticed CoinKite starts its default at 1 ... going forward with more implementation and users being able to select which Subkey (at CK) on BIP44 path one could end up with clashes where addresses are being reused (say across multiple wallets using different implementations etc). Any thoughts on that?
Sorry, missed your post. Yes, some implementations can reuse key paths. I don't think it's a major problem as that would happen in multisignature use cases with different signers. Now for the good news, I should have finally fixed Windows support properly and added some updated build instructions on https://github.com/LedgerHQ/btchip-python - also Electrum 2.3.2 binaries should work fine (when they're out) Electrum 2.3.2 also supports Ledger Security Card validation, allowing you to use it after a regular Ledger Wallet initialization.
|
|
|
|
AussieHash
|
|
June 15, 2015, 07:25:43 AM |
|
Are you at liberty to share whether we can expect a HW-2 or Nano-2 with upgraded specs, and perhaps integrated U2F support ?
|
|
|
|
btchip (OP)
|
|
June 15, 2015, 07:46:55 AM |
|
Integrated U2F is probably not going to happen for the Nano, as that would mean starting a new production run and have people buy the new one. So not very interesting. We're not working on a new Nano, we want to keep this one up to date with as many new features as we can.
We expect to have a Blue design available by the end of the year, beginning of the next, including U2F (and UAF if the specification is stable enough)
In the meantime the public TEE application beta should start in a few weeks (for Samsung Galaxy S6, Note 4 N910C/N910H owners), and probably another surprise during summer.
|
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
June 17, 2015, 09:53:44 PM |
|
I tried to update my old HW1 so that I could use the Ledger Wallet application and the firmware update got stuck after the bootloader part where you are ask to remove the device and reconnect it. I can't get passed the reconnet part as my device isn't seen/recognized anymore. The GreenAddress application on my Android phone doesn't recognize it either. Any ideas, hints, tips?
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
|
Mitchell
Copper Member
Legendary
Offline
Activity: 3906
Merit: 2197
Verified awesomeness ✔
|
|
June 18, 2015, 05:50:53 AM |
|
I've installed all the 64 bit drivers and everything worked before doing the update (I wouldn't be able to update without the drivers). I've refreshed the update page multiple times, rebooted my pc, removed and readded the HW1. All to no avail.
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
btchip (OP)
|
|
June 18, 2015, 05:55:21 AM |
|
I've installed all the 64 bit drivers and everything worked before doing the update (I wouldn't be able to update without the drivers). I've refreshed the update page multiple times, rebooted my pc, removed and readded the HW1. All to no avail.
the device changes completely when in bootloader mode, so it might be necessary to force the driver manually when this happens, or to use Zadig to force it again (the installer didn't really work for bootloader mode either)
|
|
|
|
gsupp
|
|
August 04, 2015, 10:25:58 PM Last edit: August 08, 2015, 07:04:47 PM by gsupp |
|
Has anyone used their HW.1 with Electrum 2.4 on Ubuntu? Is there a guide available anywhere?
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
August 11, 2015, 07:49:02 AM |
|
i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?
|
|
|
|
btchip (OP)
|
|
August 11, 2015, 10:32:24 AM |
|
Has anyone used their HW.1 with Electrum 2.4 on Ubuntu? Is there a guide available anywhere?
there is a (slightly outdated) guide here : https://www.reddit.com/r/coincode/comments/336f08/ledger_hw1_review_and_guide_for_use_welectrum/i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?
checking that with the right team and I'll let you know
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
August 13, 2015, 10:25:39 AM |
|
Has anyone used their HW.1 with Electrum 2.4 on Ubuntu? Is there a guide available anywhere?
there is a (slightly outdated) guide here : https://www.reddit.com/r/coincode/comments/336f08/ledger_hw1_review_and_guide_for_use_welectrum/i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?
checking that with the right team and I'll let you know thanks. also, I came across this article today http://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/. would our hd wallets and the 24 word secret phrase we use to generate the private key for ledger and hw.1 be affected by this?
|
|
|
|
btchip (OP)
|
|
August 13, 2015, 01:07:59 PM |
|
that's not a risk, brainwallets are easy to crack because the passphrase is the entropy of the seed, and we are not a very good source of entropy. The mnemonic phrase works the other way round : the words encode the entropy of the seed, which is chosen by a proper random generator.
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
August 13, 2015, 01:34:03 PM |
|
that's not a risk, brainwallets are easy to crack because the passphrase is the entropy of the seed, and we are not a very good source of entropy. The mnemonic phrase works the other way round : the words encode the entropy of the seed, which is chosen by a proper random generator. not being across the limitation of brainwallets I found that article illuminating and rather disturbing. thanks for the explanation on the differences. i can rest easy again
|
|
|
|
|
AussieHash
|
|
August 17, 2015, 11:38:45 PM |
|
I joined the mycelium beta program and just downloaded the latest release from the play store. This update is new since 12 hours ago, and lists Ledger Nana, HW1 and unplugged support, and coinapult support. I can confirm the coinapult support is there when I add an account, but I can't see Ledger support anywhere. The Cold storage option only has Sign with Trezor. With HW1 + OTG I get to Trezor okay - scanning accounts, and nothing happens from there .....
|
|
|
|
btchip (OP)
|
|
August 18, 2015, 05:16:25 AM |
|
Make sure you visited the other link after joining the group. It should be in Advanced / Ledger when you scan - also recheck the version number at the bottom of Mycelium app - Android betas are quite horrible to install if you have multiple accounts on your phone as the Play Store will point you to random versions depending which account you're signed on with (which you can't really control)
|
|
|
|
AussieHash
|
|
August 18, 2015, 08:13:15 AM Last edit: August 18, 2015, 08:35:20 AM by AussieHash |
|
Make sure you visited the other link after joining the group. It should be in Advanced / Ledger when you scan - also recheck the version number at the bottom of Mycelium app - Android betas are quite horrible to install if you have multiple accounts on your phone as the Play Store will point you to random versions depending which account you're signed on with (which you can't really control)
Running version 2.5.0 Under :. Settings At the very bottom is "Ledger Hardware Wallet", the only tick box there is "Disable TEE support" Settings > Advanced Settings only has "Use tor-Network" No Ledger option in :. Cold Storage Edit : helps if you read the manual ! Just uploaded a new version of the current 2.5.0 Beta, which now includes Ledger support - you can import accounts from Ledger Nano, HW.1 and (the not yet release) Ledger Unplugged (NFC card).
To test the new option, go to the Account-Tab, click the [add] Button and go to the [Advanced] section. Here youll find a new [Ledger] Button. Plug in your Ledger via an OTG-Cable and import an account. Works ! Is the Mycelium/Ledger GUI limited to 4 digit PINs, or if I have setup a longer one will it allow me to enter >4 digits ?
|
|
|
|
btchip (OP)
|
|
August 18, 2015, 08:40:31 AM |
|
I'd say it's limited to 4 digits since the Chrome app works with 4 digits, but I can't really remember.
|
|
|
|
btchip (OP)
|
|
August 27, 2015, 06:32:24 AM |
|
If you get the latest Greenbits or Mycelium beta and a Galaxy S6, S6 Edge, S6 Edge Plus, Note 5, or an Exynos CPU Note 4 (SM-N910C and SM-N910H), you can also test Ledger Trustlet, a virtual hardware wallet you can download for the Trusted Execution Environment of your smartphone - more details on https://www.ledgerwallet.com/beta/trustlet
|
|
|
|
japerry
|
|
August 29, 2015, 02:41:26 PM |
|
i have a duo hw1 and have set both up to use the same seed and can pair multiple devices to the wallet. however, it appears transaction authorisations are only push out successfully to the last paired device. is there a way to get this to work for more than one paired device?
Ahh!!! That's why it's not working with my tablet! It was working until I paired my new phone and now it only works with the phone.
|
|
|
|
Muhammed Zakir
|
|
August 30, 2015, 05:31:37 PM |
|
Still hasn't received my BTCChip. Any idea WHY? Was there any technical issues on the service you used to ship? OR will it receive soon? I had hope that it will but now it is approximately 1 month, my hope has gone. I have no complains on this company. Take that 0.05 BTC as my donation. Best Of Luck! ~~MZ~~ yeah, I'm afraid it looks like I'm beta testing the post office delivery to non European / US countries. I'll resend it tomorrow using a different service, sorry for the delay. Remember the one you send for first time? It reached its destination 2-3 months ago but the receiver informed me very recently. What should I do? Sending back is certainly not a good idea. Should I pay you or sell it to someone else and send you the money? * Edited.
|
|
|
|
btchip (OP)
|
|
August 31, 2015, 07:05:40 AM |
|
Ahh!!! That's why it's not working with my tablet! It was working until I paired my new phone and now it only works with the phone.
I thought that had been solved, will talk about it with the team Remember the one you send for first time? It reached its destination 2-3 months ago but the receiver informed me very recently.
it's ok, you can give it to someone needing it
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
October 05, 2015, 03:20:41 AM Last edit: October 05, 2015, 04:16:45 AM by tricass |
|
looks like i'm a victim of this malleability i read about here: http://cointelegraph.com/news/115374/the-ongoing-bitcoin-malleability-attackis there anything i can do to sync my hw1 ledgerwallet to show the correct amount? at the moment I have a transaction that has been duplicated. it was a simple funds movement between accounts on my hw1. one transaction has cleared and the other is unconfirmed. the consequence is one of my wallets reads as balance of 0.5 btc but has a usd balance of -118.38 (because of the duplicate spend) and the other obviously has too much funds in it. but i believe the total funds across all wallets are correct.
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
October 05, 2015, 11:23:31 AM |
|
looks like i'm a victim of this malleability i read about here: http://cointelegraph.com/news/115374/the-ongoing-bitcoin-malleability-attackis there anything i can do to sync my hw1 ledgerwallet to show the correct amount? at the moment I have a transaction that has been duplicated. it was a simple funds movement between accounts on my hw1. one transaction has cleared and the other is unconfirmed. the consequence is one of my wallets reads as balance of 0.5 btc but has a usd balance of -118.38 (because of the duplicate spend) and the other obviously has too much funds in it. but i believe the total funds across all wallets are correct. looks like an uninstall and reinstall of the ledger chrome app did the trick. thanks eric.
|
|
|
|
torusJKL
|
|
October 25, 2015, 08:30:16 AM |
|
Is there a way to create more than 1 new address (within the same account)? For example if I want to ask multiple people to pay later with each having his individual address so that I can track who actually paid.
I have tried with the Ledger Wallet Chrome app and Mycelium but they only give me the next address and as long as no transaction is registered on it I can't get a new one.
|
|
|
|
alexrossi
Legendary
Offline
Activity: 3724
Merit: 1739
Join the world-leading crypto sportsbook NOW!
|
|
October 25, 2015, 06:08:49 PM |
|
Is there a way to create more than 1 new address (within the same account)? For example if I want to ask multiple people to pay later with each having his individual address so that I can track who actually paid.
I have tried with the Ledger Wallet Chrome app and Mycelium but they only give me the next address and as long as no transaction is registered on it I can't get a new one.
You have a BIP32 xpub, so just use a tool like this: https://bitcore.io/playground/#/hdkeys
|
|
|
|
btchip (OP)
|
|
October 27, 2015, 06:26:36 AM |
|
Is there a way to create more than 1 new address (within the same account)?
you do it on Ledger Wallet Chrome app through the API - https://www.ledgerwallet.com/api/demo.html use "Get Xpub" with the BIP 44 path (44'/0'/0'/0/x with x being the index, for the first account)
|
|
|
|
torusJKL
|
|
October 27, 2015, 01:26:45 PM |
|
Thanks for your replies. This way I can create new pulic keys even without having the ledger wallet with me. On the other hand if my xpubkey is leaked then all the future public keys for all my accounts could be generated by a third party, right? This looks to me as the easiest and safest way to do it for now.
|
|
|
|
btchip (OP)
|
|
October 27, 2015, 03:16:32 PM |
|
On the other hand if my xpubkey is leaked then all the future public keys for all my accounts could be generated by a third party, right?
No, only one account privacy will be compromised as you have to get an xpub per account (the account index being an hardened BIP32 derivation)
|
|
|
|
torusJKL
|
|
October 31, 2015, 09:27:43 PM |
|
When signing a message I'm asked to use a different computer if the current one is compromised.
Let's assume the computer is compromised. What are the possibilities of a hacker? Could he change the text and trick me in signing a different message?
Are there other things a hacker could do?
Actually there is no way I can know with certainty if my computer is compromised. Thus best practice would be to use an air gaped computer to get the 2FA pin, or is this overkill?
|
|
|
|
btchip (OP)
|
|
October 31, 2015, 09:55:16 PM |
|
Could he change the text and trick me in signing a different message?
yes, that's the idea. Nothing else but that's bad enough. Actually there is no way I can know with certainty if my computer is compromised. Thus best practice would be to use an air gaped computer to get the 2FA pin, or is this overkill?
if you're signing something critical, that's the best option. Note that you can use anything that recognizes a HID keyboard - it could be a phone or a smart TV or a Windows PC with no session open for example. The next firmware version will provide an option to verify the message content on the paired smartphone when signing.
|
|
|
|
torusJKL
|
|
November 02, 2015, 01:41:49 PM Last edit: November 02, 2015, 02:44:18 PM by torusJKL |
|
if you're signing something critical, that's the best option. Note that you can use anything that recognizes a HID keyboard - it could be a phone or a smart TV or a Windows PC with no session open for example.
Would it make sense to have this functionality in the Ledger Starter distribution?
|
|
|
|
btchip (OP)
|
|
November 02, 2015, 07:15:02 PM |
|
Would it make sense to have this functionality in the Ledger Starter distribution?
I think it does it by default - you can boot starter, plug the device when it's supposed to write something and it'll just write it where the focus is currently set.
|
|
|
|
torusJKL
|
|
November 04, 2015, 06:07:25 AM |
|
A question regarding the upgrade process. I'm asked to enter the 32 letters of my security card.
As any computer could be compromised I have to assume that this input is intercepted and thus I loose another layer of security. The pin code and the security card would be known to the attacker.
Is there a better way to upgrade? Could the Ledger Starter be enhanced with the possibility to upgrade?
|
|
|
|
btchip (OP)
|
|
November 04, 2015, 09:47:10 AM |
|
Is there a better way to upgrade? Could the Ledger Starter be enhanced with the possibility to upgrade?
I think it can already do that
|
|
|
|
torusJKL
|
|
November 04, 2015, 10:13:00 AM |
|
I think it can already do that
Could you tell me how? I did not find any menu item to initiate the upgrade. Thanks.
|
|
|
|
torusJKL
|
|
November 05, 2015, 08:03:54 AM Last edit: November 05, 2015, 08:25:09 AM by torusJKL |
|
A short list of features I would like to see in the Ledger Starter distro: - update the Nano/HW.1 OS - generate the security card (like on https://www.ledgerwallet.com/wallet/keycard) - reprogram the Nano/HW.1 with a different security card (so that I could change the security card myself every x days) Would this be possible?
|
|
|
|
btchip (OP)
|
|
November 05, 2015, 02:16:17 PM |
|
definitely doable, I'll push that and the other question to the team dealing with Starter
|
|
|
|
Morveus
Newbie
Offline
Activity: 2
Merit: 0
|
|
November 05, 2015, 02:39:40 PM |
|
A short list of features I would like to see in the Ledger Starter distro: - update the Nano/HW.1 OS - generate the security card (like on https://www.ledgerwallet.com/wallet/keycard) - reprogram the Nano/HW.1 with a different security card (so that I could change the security card myself every x days) Would this be possible? Hi! The Starter can already be upgraded very simply: by dropping a new rootfs image on the flash drive. When we'll publish a new version, you will be able to download it (+ match the file with our signature) and then overwrite the previous one. Generating the security card will be very trivial, we'll start working on it asap. The two other features are doable but will require more work. The Chrome app team has an idea about that which could be very interesting if we can make it work, so stay tuned!
|
|
|
|
japerry
|
|
November 05, 2015, 05:43:17 PM |
|
definitely doable, I'll push that and the other question to the team dealing with Starter
Wow!! Very nice! I'll be looking forward to the new starter!
|
|
|
|
torusJKL
|
|
November 05, 2015, 06:04:21 PM |
|
definitely doable, I'll push that and the other question to the team dealing with Starter
Thanks for taking my feature requests to the team. Generating the security card will be very trivial, we'll start working on it asap.
Looking forward using the next release. The two other features are doable but will require more work. The Chrome app team has an idea about that which could be very interesting if we can make it work, so stay tuned!
Hopefully you can do it. In the mean time I'll reanimate my old notebook with a CD-ROM and update the ledger with a Live-System. :-)
|
|
|
|
torusJKL
|
|
November 18, 2015, 07:39:19 AM |
|
Would it be possible to request a specific address from the Ledger API? E.g. requesting the address of the path "44'/0'/0'/0/0" and get that specific address back. I opened an issues describing the details about this on github: https://github.com/LedgerHQ/ledger-wallet-api/issues/2
|
|
|
|
|
torusJKL
|
|
November 18, 2015, 09:11:49 AM Last edit: November 18, 2015, 11:45:58 AM by torusJKL |
|
Unfortunately I can't see how that answers my question. Could you please explain more in detail how I can get a specific address from the API?
|
|
|
|
gogxmagog
Legendary
Offline
Activity: 1456
Merit: 1009
Ad maiora!
|
|
November 19, 2015, 03:42:45 AM |
|
I've been using the ledger wallet for a while and am very happy. The low cost is what convinced me at first, and it looks like the bitchip is even cheaper. The one thing I would suggest is some sort of protective casing. I am confident to carry my ledger around in my pocket if need be because it is in a little slip case. If bit chip had something similar it would be perfect
|
|
|
|
Bridgewater
|
|
January 28, 2016, 09:56:28 AM |
|
For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)
|
|
|
|
btchip (OP)
|
|
January 29, 2016, 08:35:04 AM |
|
For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)
You only need to open port 443 on *.ledgerwallet.com
|
|
|
|
japerry
|
|
January 30, 2016, 10:43:04 AM |
|
For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)
You only need to open port 443 on *.ledgerwallet.com I looked at the traffic generated a while back. I thought chain.com was accessed by the app also?
|
|
|
|
btchip (OP)
|
|
January 30, 2016, 11:28:57 PM |
|
The application had a websocket open to Chain in the past, now we are using our own service.
|
|
|
|
Bridgewater
|
|
January 31, 2016, 09:42:24 PM |
|
For the Ledger Chrome app to work, what IP addresses/ports do I need to open for basic functionality (sync/spend/confirm on mobile device)
You only need to open port 443 on *.ledgerwallet.com Thank you! I have another question about security: I tried out Mycellium with Ledger for the first time yesterday. When using Mycellium, even though the Security Card is required to spend, the app is able to display the HW.1's complete list of mnemonics without the Security Card. Does this mean that someone in possession of just the Ledger Nano/HW.1 and the 4-digit pin can reconstruct the bip32 seed and spend without the security card?
|
|
|
|
btchip (OP)
|
|
January 31, 2016, 10:29:54 PM |
|
No, the app is probably displaying the mnemonic from your main account - not from the Ledger one. There is no way to recover the mnemonic from the chip, for security reasons obviously
|
|
|
|
japerry
|
|
February 01, 2016, 12:25:57 PM |
|
The application had a websocket open to Chain in the past, now we are using our own service.
Ahh ok. I haven't checked in a while.
|
|
|
|
Bridgewater
|
|
February 02, 2016, 09:16:11 AM |
|
No, the app is probably displaying the mnemonic from your main account - not from the Ledger one. There is no way to recover the mnemonic from the chip, for security reasons obviously Oh! you're right. The mnemonics were completely different. I guess the Mycellium interface takes a little getting used to. Are there plans to have mycellium support the secure screen verification, or a complete Ledger wallet app for Android that does?
|
|
|
|
mishax1
Legendary
Offline
Activity: 2898
Merit: 1017
|
|
February 19, 2016, 05:48:28 PM |
|
How do I empty a wallet without leaving any dust satoshi ?
|
|
|
|
btchip (OP)
|
|
February 19, 2016, 08:26:35 PM |
|
Are there plans to have mycellium support the secure screen verification, or a complete Ledger wallet app for Android that does?
It will be possible to do that with specific hardware - if there is a Trusted Execution Environment available with direct access to the UI, we can use that to prompt for a secure confirmation, or with our next wallets, but not with the Nano - otherwise we'd have to use another phone as a second factor. How do I empty a wallet without leaving any dust satoshi ?
we don't have an option to do that automatically yet, you have to substract the suggested fee value from your total amount.
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
April 22, 2016, 11:50:58 PM |
|
Have been using a duo hw.1 setup (one as a backup) for well over a year and find it an excellent and inexpensive hw solution especially when used with a smartphone as a second factor for improved convenience when spending. Have started looking into using copay and their multi sig support which also supports ledger hw.1/nano as a co-signer. The question I have is can I continue to use my hw.1 as a dedicated hardware wallet, as well as, have it function as a co-signer for the copay wallet? Or does this require or on security grounds a separate ledger hw?
|
|
|
|
btchip (OP)
|
|
April 23, 2016, 01:11:26 AM |
|
The question I have is can I continue to use my hw.1 as a dedicated hardware wallet, as well as, have it function as a co-signer for the copay wallet?
Yes, you can do that if it was properly initialized with the "allow multisig without confirmation" flag - it might not be if you were one of our first users. In this case, you'd just need to reset the HW.1 by entering a wrong PIN 3 times, and restore it with the latest Chrome application. But you can test it with Copay first. If it works, you're good to go.
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
April 23, 2016, 01:14:29 AM |
|
The question I have is can I continue to use my hw.1 as a dedicated hardware wallet, as well as, have it function as a co-signer for the copay wallet?
Yes, you can do that if it was properly initialized with the "allow multisig without confirmation" flag - it might not be if you were one of our first users. In this case, you'd just need to reset the HW.1 by entering a wrong PIN 3 times, and restore it with the latest Chrome application. But you can test it with Copay first. If it works, you're good to go. I don't recall seeing that option when I originally set it up. Good to know it should work so I'll give both suggestions a go now. Thanks
|
|
|
|
mocacinno
Legendary
Online
Activity: 3360
Merit: 4917
https://merel.mobi => buy facemasks with BTC/LTC
|
|
April 27, 2016, 07:37:26 AM |
|
I just bought a HW.1, and i wanted to quickly review the process and ask some extra questions. Process: - finding the website and the product: Really easy
- ordering and paying: since i expect BTC to rise pretty soon,so i didn't want to spend any BTC, so i was happy to being offered the option to pay with Paypal
- shipping, handling, packaging: I ordered on the 21st, chose the slow option, was supprised when i found the package in my letterbox on the 25th... WOW . Also: i was expecting a small letter containing a small piece of plastic, but i received a professionally wrapped big envelop, containing a sealed cardboard box... Shipping and handling was top-notch
- price/quality ratio: the stick itself looks a bit flimsy, but when you hold it, you can actually feal it reasonably durable. I don't think you'll find any HW wallet with such a good price/quality ratio
- initialising my ledger: i used the iso-image i found here https://www.ledgerwallet.com/files/ledger-secure-starter.iso on an usb-stick in order to initialise everything... went perfectly
- setting up my system: on my workpc (windows 7), it went like a breeze, on my homePC (openSuse), i needed to do this: http://support.ledgerwallet.com/knowledge_base/topics/ledger-wallet-is-not-recognized-on-linux
Here are my questions/remarks, maybe some of them were already answered, i didn't do the effort of plowing trough 19 pages of replys... i'm very sorry - at the moment, the ledger wallet is basically a chrome plugin... Will this always stay like this?
- maybe it's a good idear to put the linux tutorial on how to get the wallet working on a more prominent spot
- will there be an option to sign messages in the near future? I think this would be a great addition, since that way i could get rid of my electrum wallet
- speaking of electrum: would it be possible to get a newbie-friendly version of the installation manual for electrum? I found a tutorial, but it was so long i didn't bother following it
- a new address is being generated for each transaction (perfect), but at the moment, i'm transferring funds to my ledger with very low fees (i don't care if it takes days, even weeks before it's confirmed): i don't see unconfirmed transactions to the newly generated address, while in fact, there is an unconfirmed transaction viewable on blockchain.info (i'm not willing to share the tx because of privacy)... is this a feature or a bug?
|
|
|
|
btchip (OP)
|
|
April 28, 2016, 09:44:46 AM |
|
Thanks for the review, on to the questions - at the moment, the ledger wallet is basically a chrome plugin... Will this always stay like this?
On desktop yes, we don't plan to make it a standalone application (or maybe a standalone Electron application at some point, which doesn't change much) - maybe it's a good idear to put the linux tutorial on how to get the wallet working on a more prominent spot
yes, we'll think about it - will there be an option to sign messages in the near future? I think this would be a great addition, since that way i could get rid of my electrum wallet
this will be available in the next firmware update, when paired to a smartphone. - speaking of electrum: would it be possible to get a newbie-friendly version of the installation manual for electrum? I found a tutorial, but it was so long i didn't bother following it
yes, this is long overdue, but we didn't get an opportunity to write it yet. - a new address is being generated for each transaction (perfect), but at the moment, i'm transferring funds to my ledger with very low fees (i don't care if it takes days, even weeks before it's confirmed): i don't see unconfirmed transactions to the newly generated address, while in fact, there is an unconfirmed transaction viewable on blockchain.info (i'm not willing to share the tx because of privacy)... is this a feature or a bug?
it should be displayed, you can send your logs to support@ledgerwallet.com so the wallet team can have a look if it doesn't appear.
|
|
|
|
mocacinno
Legendary
Online
Activity: 3360
Merit: 4917
https://merel.mobi => buy facemasks with BTC/LTC
|
|
April 28, 2016, 09:57:52 AM |
|
it should be displayed, you can send your logs to support@ledgerwallet.com so the wallet team can have a look if it doesn't appear. It did appear as soon as the transaction was confirmed... As long as the transaction wasn't confirmed, it didn't show up in the wallet's transaction list. Can you tell me where i can find the standard log directory on windows?
|
|
|
|
btchip (OP)
|
|
April 28, 2016, 10:02:25 AM |
|
You should get them when clicking on Settings / Tools / Export Logs, but since it appeared, it might just have been a temporary mempool glitch, as we're still tweaking servers a bit.
|
|
|
|
mocacinno
Legendary
Online
Activity: 3360
Merit: 4917
https://merel.mobi => buy facemasks with BTC/LTC
|
|
April 28, 2016, 10:04:01 AM |
|
You should get them when clicking on Settings / Tools / Export Logs, but since it appeared, it might just have been a temporary mempool glitch, as we're still tweaking servers a bit.
I'll let you know if it ever happens again Great product, even better to see you're active on the forum, and responding to questions your users have: +1
|
|
|
|
Bridgewater
|
|
May 17, 2016, 11:02:00 PM Last edit: May 17, 2016, 11:52:42 PM by Bridgewater |
|
I have an HW.1 that is no longer recognized by the computer. Something must have gone wrong during initialization with Electrum. I think I had unplugged it as instructed and was trying to display the seed in my text editor on an offline computer, but nothing was ever displayed. Now it is not recognized in ANY computer. I've tried the chrome app, the ledger starter iso, and https://fup.hardwarewallet.com/ledger/, and none of them are aware that I have plugged the device in. My other two HW.1 are detected normally. Is there any way to recover it? Thanks
|
|
|
|
AussieHash
|
|
May 18, 2016, 04:42:37 AM |
|
What firmware version are/were you running on the HW-1 Can you show the USB bus report for the HW-1 Ledger Wallet: Product ID Power cycle your HW-1 and see if the Product ID changes.
|
|
|
|
cryptillian
|
|
November 16, 2016, 02:45:59 AM |
|
dont know if this is the official ledger forum but last week i tried to use my verified phone and ledger wallet to send some but it kept hanging on the last phase waiting on verify the phone. rebooted both the phone and pc but it kept the same. had to use the card any tips to fix this?
|
|
|
|
tricass
Sr. Member
Offline
Activity: 394
Merit: 250
Crypto enthusiast
|
|
November 16, 2016, 04:02:05 AM |
|
I usually have to re-pair my phone with the hw wallet when that happens with my hw.1. No longer an issue with my nano s
|
|
|
|
cryptillian
|
|
November 16, 2016, 04:27:40 PM |
|
ill try that
|
|
|
|
cryptillian
|
|
December 05, 2016, 01:18:05 AM |
|
it didnt work. tried to re-pair it gave an error then removed and installed again on my phone same error. just now rebooted phone and tried to pair phone but it just hangs on"pairing in progress" phone does give the security code lookups tho. any suggestions?
|
|
|
|
alexrossi
Legendary
Offline
Activity: 3724
Merit: 1739
Join the world-leading crypto sportsbook NOW!
|
|
February 26, 2017, 07:31:46 PM |
|
Till now, for me, this is hands down the best hardware wallet that offers security at a decent price. Security trade-off exists even with premium devices like trezor that use a proprietary controller, so to me it makes no sense to invest more money than 20 euros for a device that you should trust at least a little.
I'm trying to fix the compatibility issue with the last firmware and electrum (basically electrum btchip-python doesn't support the security card feature, so the device get stuck when signing a transaction). At the moment i need to use the python console to sign transaction and it's really a pain.
|
|
|
|
alexrossi
Legendary
Offline
Activity: 3724
Merit: 1739
Join the world-leading crypto sportsbook NOW!
|
|
March 10, 2017, 07:39:14 PM |
|
I've tried many times to setup the dongle via the python API but when i try to sign transactions with electrum I always get stuck. May I ask if the dev has a setup command that works with the standard verification via unplugging and plugging the btchip?
|
|
|
|
japerry
|
|
March 11, 2017, 01:00:06 AM |
|
I've been having this problem for several versions now. I can't use Electrum with my HW.1 at all.
|
|
|
|
mishax1
Legendary
Offline
Activity: 2898
Merit: 1017
|
|
May 20, 2017, 08:10:42 AM |
|
Why can't I sign a simple message with the Ledger ? I signed the same message using mycelium with no problem..
|
|
|
|
webbrowser
|
|
August 09, 2017, 12:40:42 AM |
|
I wanted to buy a Ledger Nano S to replace my HW1, but the only shipping option is UPS express for 179.04 € !
What's up with that? Can't remember the shipping cost on my HW1, but it was a lot more reasonable.
|
|
|
|
BitcoinNewsMagazine
Legendary
Offline
Activity: 1806
Merit: 1164
|
|
August 09, 2017, 12:51:35 AM |
|
I wanted to buy a Ledger Nano S to replace my HW1, but the only shipping option is UPS express for 179.04 € !
What's up with that? Can't remember the shipping cost on my HW1, but it was a lot more reasonable.
They may be having a glitch with their shopping cart or your country is one where shipping options are limited. Have you checked prices in Amazon?
|
|
|
|
webbrowser
|
|
August 14, 2017, 05:33:52 AM |
|
I wanted to buy a Ledger Nano S to replace my HW1, but the only shipping option is UPS express for 179.04 € !
What's up with that? Can't remember the shipping cost on my HW1, but it was a lot more reasonable.
They may be having a glitch with their shopping cart or your country is one where shipping options are limited. Have you checked prices in Amazon? Yeah, maybe there was a glitch with their shopping cart. Shipping is now down to €50.03, which is still crazy compared to the cost of the ledger itself, but is probably the correct order of magnitude for what UPS actually charges. The third party resellers on Amazon ask US$154. They probably only get away with this because direct purchases will only ship a month later, and cost so much in shipping. I wish Ledger offered lower cost shipping services to Asia.
|
|
|
|
mishax1
Legendary
Offline
Activity: 2898
Merit: 1017
|
|
November 21, 2017, 05:36:20 AM Last edit: November 21, 2017, 05:52:00 AM by mishax1 |
|
Is there any way to claim bitcoin gold from ledger nano / hw.1 segwit address ?
|
|
|
|
misc2012-de
Member
Offline
Activity: 105
Merit: 10
|
|
November 28, 2017, 07:44:20 AM |
|
Is there any way to claim bitcoin gold from ledger nano / hw.1 segwit address ?
Good question, i got in touch with ledger support, nobody was able to give a precise answer. I would not buy a ledger device again!!!
|
|
|
|
mishax1
Legendary
Offline
Activity: 2898
Merit: 1017
|
|
December 01, 2017, 08:37:16 AM |
|
Is there any way to claim bitcoin gold from ledger nano / hw.1 segwit address ?
Good question, i got in touch with ledger support, nobody was able to give a precise answer. I would not buy a ledger device again!!! They keep ignoring me. Well then.. Ordered the new Trezor T.
|
|
|
|
AlainC
Member
Offline
Activity: 91
Merit: 10
|
|
February 05, 2018, 04:24:09 PM |
|
Is there any support of java or C/C++ API for recent version : Ledger Nano S ? I've seen Javascript and chrome embeded version, not well documented, but for C/C++ or java, it is only BTChip obsolete version...
Github have much projects, but documentation is brutal... It seems all i need would be a "Howto" setup the dev env, a helloworld for the HID transport layer, and a reference documentation for the service (the app managing the secondary passphrase). BTChip java APi was good enought, so i could contact the Nano via WinUSB+usb4java, but even getFirmwareVersion is not compatible...
|
|
|
|
madgpt
Newbie
Offline
Activity: 38
Merit: 0
|
|
February 06, 2018, 06:05:42 AM |
|
In Windows Device Manager it will show up as an HID (Human Interface Device). The computer sees it as a keyboard. It will not show up under the USB tab.
|
|
|
|
AlainC
Member
Offline
Activity: 91
Merit: 10
|
|
February 07, 2018, 09:35:20 PM |
|
I'll try to play with the js API, then see if I can understand what is happening...
|
|
|
|
|