Rassah
Moderator
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
August 08, 2015, 06:48:05 PM |
|
I'll poke 'em about a fixed lowest fee. Maybe with a confirmation warning.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3514
Merit: 6985
Top Crypto Casino
|
|
August 08, 2015, 06:57:03 PM |
|
Just would like to say that I've been using the Mycelium wallet for a few months now, and it's great. Good job, guys.
|
|
|
|
SpartanBit
Newbie
Offline
Activity: 14
Merit: 0
|
|
August 08, 2015, 08:53:42 PM |
|
Here's a video showing the upcoming Ledger Unplugged Mycelium integration. https://youtu.be/ndr4POhQntk Should make a good wallet even better.
|
|
|
|
pm7
Newbie
Offline
Activity: 34
Merit: 0
|
|
August 09, 2015, 09:29:23 AM |
|
* Support for Cold Storage spending from masterseed keys
Very good. Would be better if one could type master seed in the cold storage spending instead of copying it from somewhere else Ah yes, I use master seed QR codes, but we should (and will likely soon) add the ability to just type the seed.
I would like to remind about that. Also, could you add the possibility of sending to/from password protected version of stored (main) master seed? I don't see why I should type/scan master seed when I want password version if it is stored by Mycelium anyway. There is no (or I don't know one) easy way to send to password version of master seed. I have to initialize Mycelium, or use some special tool to generate address.
|
|
|
|
RustyNomad
|
|
August 13, 2015, 09:30:06 AM |
|
Not sure about other users but my MyCelium is acting up again.
The balances on my two HD accounts are showing up correct but the transaction list is missing a number of transactions.
This has been like this for the past three days now.
|
|
|
|
mattiadeabtc
Sr. Member
Offline
Activity: 294
Merit: 250
★YoBit.Net★ 200+ Coins Exchange & Dice
|
|
August 14, 2015, 08:28:04 AM |
|
Not sure about other users but my MyCelium is acting up again.
The balances on my two HD accounts are showing up correct but the transaction list is missing a number of transactions.
This has been like this for the past three days now.
have you truied to reload all your hd accounts? For me this works
|
|
|
|
RustyNomad
|
|
August 14, 2015, 08:39:46 AM |
|
Not sure about other users but my MyCelium is acting up again.
The balances on my two HD accounts are showing up correct but the transaction list is missing a number of transactions.
This has been like this for the past three days now.
have you truied to reload all your hd accounts? For me this works No but guess I'll have to do that. Its just funny that it picks up several transactions, from the first to the last but in the middle area there is 3 or 4 transactions that do not show up in the transaction history. The balance on the account is correct, its just those couple of transactions that do not show up which is funny. If it was perhaps the oldest or the latest transactions I can maybe understand but transactions in the middle of the history?.....
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
August 18, 2015, 06:26:51 AM |
|
Are there any plans to offer secure encryption of private keys, such that a passphrase has to be entered before private keys can be decrypted? Something similar to what Bitcoin Core offers, where I can unlock my wallet for a specified time period. As I understand it the current 6 digit PIN code isn't an encryption key, and even if it was it is easily brute-force-able.
I read today about an exploit on Android which allows any unprivileged app to replace any other app and read its private storage: https://www.hackread.com/android-zero-day-vulnerability/ https://www.usenix.org/conference/woot15/workshop-program/presentation/pelesThis is another reason why it's important that Mycelium should allow the user to encrypt their secrets if it doesn't already. I've been unable to find any information about whether a patch is available for end users to fix this problem. The news reports seem to indicate that Google will include it in their monthly updates, but I don't know if that has already happened or not.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
pm7
Newbie
Offline
Activity: 34
Merit: 0
|
|
August 18, 2015, 03:32:34 PM |
|
I think that Cyanogenmod patched this. Encrypting secret is useless, as attacker can replace Mycelium with fake and just wait for user to enter PIN.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
August 18, 2015, 05:13:17 PM |
|
I think that Cyanogenmod patched this.
As I said, I heard that Google patched it too, but I don't know how to find their patch. Encrypting secret is useless, as attacker can replace Mycelium with fake and just wait for user to enter PIN.
Not entirely useless. I would enter my PIN maybe once a month, and not at all after hearing about an exploit like this until it was patched. As it stands I am vulnerable - I literally don't know where the master seed is stored or how to protect it from the malware threat. But I'm pretty sure it's sitting on my device in plain text just waiting to be stolen. The only thing I've been able to think of is moving most of the coins out of Mycelium until this is patched.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
StevenS
|
|
August 18, 2015, 07:36:46 PM |
|
The only thing I've been able to think of is moving most of the coins out of Mycelium until this is patched.
That's a wise move in all situations. Even after a patch, you still have the possibility of your device being lost or stolen, and then it's just a matter of a brute force search against your PIN. I treat my mobile wallet like my physical wallet: I keep about $100-$300 in it at a time, and replenish it when I need more. In the physical fiat case, I replenish it by visiting the ATM. In the Bitcoin case, I have paper wallets in my safe at home.
|
|
|
|
cetus
Newbie
Offline
Activity: 22
Merit: 0
|
|
August 18, 2015, 09:57:32 PM |
|
I don't see the point of encrypting a wallet.
How strong is your encryption key (pass phrase) going to be?
If it's short enough to be easy to enter every time you want to spend bitcoins (like a PIN), an attacker who's got your encrypted wallet data can brute force it in seconds on a home PC. The strength of PIN-based protection is in the app, which restricts the frequency and number of PIN entry attempts in order to thwart brute force attacks. As an encryption key, it is useless.
If your pass phrase is long enough to be secure, do you really want to type it in every time you need it? You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget. Then someone will request a feature to scan the pass phrase from a QR code. And then you will realise that something like that already exists in many wallets including Mycelium, and is called cold storage.
Cold storage is simpler and more secure than encryption.
|
|
|
|
unholycactus
Legendary
Offline
Activity: 1078
Merit: 1024
|
|
August 18, 2015, 10:11:23 PM |
|
I don't see the point of encrypting a wallet.
How strong is your encryption key (pass phrase) going to be?
If it's short enough to be easy to enter every time you want to spend bitcoins (like a PIN), an attacker who's got your encrypted wallet data can brute force it in seconds on a home PC. The strength of PIN-based protection is in the app, which restricts the frequency and number of PIN entry attempts in order to thwart brute force attacks. As an encryption key, it is useless.
If your pass phrase is long enough to be secure, do you really want to type it in every time you need it? You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget. Then someone will request a feature to scan the pass phrase from a QR code. And then you will realise that something like that already exists in many wallets including Mycelium, and is called cold storage.
Cold storage is simpler and more secure than encryption.
To add to your point, mobile wallets aren't meant to be safe. The price for security is inconvenience and it's not what you want from a wallet like Mycelium.
|
|
|
|
AussieHash
|
|
August 19, 2015, 10:39:38 AM |
|
For what it's worth, the latest Mycelium android beta 2.5.0 supports both Trezor and Ledger hardware wallets
|
|
|
|
Rassah
Moderator
Legendary
Offline
Activity: 1680
Merit: 1035
|
|
August 19, 2015, 11:37:06 AM |
|
And cheapest version of Ledger, the HW.1, is only something like $15.
|
|
|
|
sionsandman
|
|
August 19, 2015, 12:26:35 PM |
|
I don't see the point of encrypting a wallet.
How strong is your encryption key (pass phrase) going to be?
If it's short enough to be easy to enter every time you want to spend bitcoins (like a PIN), an attacker who's got your encrypted wallet data can brute force it in seconds on a home PC. The strength of PIN-based protection is in the app, which restricts the frequency and number of PIN entry attempts in order to thwart brute force attacks. As an encryption key, it is useless.
If your pass phrase is long enough to be secure, do you really want to type it in every time you need it? You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget. Then someone will request a feature to scan the pass phrase from a QR code. And then you will realise that something like that already exists in many wallets including Mycelium, and is called cold storage.
Cold storage is simpler and more secure than encryption.
To add to your point, mobile wallets aren't meant to be safe. The price for security is inconvenience and it's not what you want from a wallet like Mycelium. There are several degrees of safety/convenience. Mycelium can be somewhat safe and very convenient at the same time.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
August 19, 2015, 10:20:36 PM |
|
I don't see the point of encrypting a wallet.
It wouldn't be compulsory. If you don't want to encrypt your wallet then don't. How strong is your encryption key (pass phrase) going to be?
It's going to have over 100 bits of entropy, making it impossible to brute-force. Hopefully the encryption will use something CPU-intensive like scrypt, making brute force attempts less likely to be successful for shorter passphrases too. If your pass phrase is long enough to be secure, do you really want to type it in every time you need it?
Yes, that's exactly what I want. I want to be able to unlock my private keys for a specified amount of time by typing the passphrase. The same as Bitcoin Core does. I spend from Mycelium maybe once a month. I can handle typing my passphrase that often. I type it into Bitcoin Core more often than that, and it's not a problem at all. You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget.
I don't write my passwords on paper. That seems like a bad idea. I find that typing all my passwords at least once per month is enough to keep them in my memory. Cold storage is simpler and more secure than encryption.
I've not tried using cold storage with Mycelium. I prefer to keep my cold storage keys completely offline. How does it handle coin selection and change addresses? That seems like it would be a pain, if it's even handled at all.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
syndria
|
|
August 20, 2015, 10:55:31 AM |
|
Is this better than the bither? Apology for a dumb question but i want to know whats best suites me
|
|
|
|
RGBKey
|
|
August 21, 2015, 05:46:44 PM |
|
For what it's worth, the latest Mycelium android beta 2.5.0 supports both Trezor and Ledger hardware wallets
I don't even have a trezor, I clicked on it to see what it was and after 2 seconds it told me that it found a trezor and was connecting to it when I didn't do anything. I don't even have a trezor.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
August 21, 2015, 06:54:31 PM |
|
For what it's worth, the latest Mycelium android beta 2.5.0 supports both Trezor and Ledger hardware wallets
I don't even have a trezor, I clicked on it to see what it was and after 2 seconds it told me that it found a trezor and was connecting to it when I didn't do anything. I don't even have a trezor. Oh, same here. I have no Trezor but Mycelium says it's "OK", and has been scanning it for 20 minutes so far:
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
|