Mycelium Bitcoin Wallet

[Rassah]

Minor bug report:

In "Settings" the explanations are cut off after 4 lines of text. (look at "Expert mode" and "Aggregated View" for example)

I can see all 4 lines on my device. May be device specific (I'm on Nexus 4)

...here's a possible scheme:   generate the private key, encrypt it with gpg, import it to mycelium through the clipboard, and decrypt it in mycelium.

Would it help if we would accept BIP38 encrypted private keys from the clipboard?
I somehow feel like a "enter priv key" button is something which would never get used...

I was just about to suggest that. We already support importing BIP38 keys from QR codes, so why not from clipboard?

[gtraah]

Hi Guys,

I know this possibly was covered in the 40 pages somewhere...

I absolutely LOVE Mycelium.

I have a paper wallet cold storage, where the only time this has ever been online was on my Phone, for no more than 40 seconds and then removed again.

I have this cold storage in VIEW only mode. I have used it once to send a small amount out into my daily spending wallet. How I do this is : Open my SAFE, take out my paper wallet scan and the KEY QR code (This changes my cold storage from view mode to Send/Receive mode) I now send the small funds to my spending wallet and then DELETE the key rendering my cold storage wallet back to VIEW only mode.

My question is, this is pretty secure but if I had some trojan on my phone [I am pretty positive I do not]. BUT if there was a sophisticated trojan lying in wait that captures screenshots Eg; QR codes screenshots, then this is a Leak and can be compromised. (Is there some protection against this?) I know I am being a little paranoid , but it pays to be sometimes.

Is there somehow signing transactions offline.  I LOVE mycellium and would love to keep using this.

[Newar]

Minor bug report:

In "Settings" the explanations are cut off after 4 lines of text. (look at "Expert mode" and "Aggregated View" for example)

I can see all 4 lines on my device. May be device specific (I'm on Nexus 4)

I can see all 4 lines too. However if you try and read the text you'll notice that the sentence is cut off and doesn't make sense.

Code:

With aggregated view you
operate on all keys and
addresses in parallel. With
segregated view you operate

[trasla]

I absolutely LOVE Mycelium.

Great to hear, thanks!

Open my SAFE, take out my paper wallet scan and the KEY QR code (This changes my cold storage from view mode to Send/Receive mode) I now send the small funds to my spending wallet and then DELETE the key rendering my cold storage wallet back to VIEW only mode.

This works of course, but there will be a slightly better way. Currently at beta test is a cold spending button, it allows you to scan the key, spend, and it deletes the key again after sending, so you don't have to remember to make the address watch-only again on your own, and the priv key never gets persisted.

My question is, this is pretty secure but if I had some trojan on my phone [I am pretty positive I do not]. BUT if there was a sophisticated trojan lying in wait that captures screenshots Eg; QR codes screenshots, then this is a Leak and can be compromised. (Is there some protection against this?) I know I am being a little paranoid , but it pays to be sometimes.

It is pretty secure, but not 100%, malicious code could in fact attempt to read the camera data, especially on rooted phones. Besides making sure to use a non-rooted, malware-free phone, you could use a BIP38 encoded private key to add extra security. Even if someone got that QR code (in which way ever), he would not be able to use it without knowing your password. When scanning such an encrypted key, Mycelium will ask for your password to decrypt it.

Is there somehow signing transactions offline.  I LOVE mycellium and would love to keep using this.

Not yet

[birr]

I was just about to suggest that. We already support importing BIP38 keys from QR codes, so why not from clipboard?

Question
If you take the private key
5Karjv4pF57T9HFzqkS3Qe57KEhTAR1rfwF6YinWwcJJU8tAaci
and bip38 encrypt it with the phrase
crazy horse battery staple
You get the encrypted private key
6PRVsx6GBbcxgi2qoQ9GHAHAppRpX35Arv5eiJQet8GoPqPXCygYzYLL8G

Is that right?

[ffe]

I was just about to suggest that. We already support importing BIP38 keys from QR codes, so why not from clipboard?

Question
If you take the private key
5Karjv4pF57T9HFzqkS3Qe57KEhTAR1rfwF6YinWwcJJU8tAaci
and bip38 encrypt it with the phrase
crazy horse battery staple
You get the encrypted private key
6PRVsx6GBbcxgi2qoQ9GHAHAppRpX35Arv5eiJQet8GoPqPXCygYzYLL8G

Is that right?

I was able to decrypt the 6PRV address to get the 5Kar address using the given phrase. I used bit address.org on the wallet details tab.

[birr]

My vote goes for expanding the bip38 import function to include the text.
(I used bit2factor.org to encrypt the key.)

[gtraah]

I absolutely LOVE Mycelium.

Great to hear, thanks!

Open my SAFE, take out my paper wallet scan and the KEY QR code (This changes my cold storage from view mode to Send/Receive mode) I now send the small funds to my spending wallet and then DELETE the key rendering my cold storage wallet back to VIEW only mode.

This works of course, but there will be a slightly better way. Currently at beta test is a cold spending button, it allows you to scan the key, spend, and it deletes the key again after sending, so you don't have to remember to make the address watch-only again on your own, and the priv key never gets persisted.

My question is, this is pretty secure but if I had some trojan on my phone [I am pretty positive I do not]. BUT if there was a sophisticated trojan lying in wait that captures screenshots Eg; QR codes screenshots, then this is a Leak and can be compromised. (Is there some protection against this?) I know I am being a little paranoid , but it pays to be sometimes.

It is pretty secure, but not 100%, malicious code could in fact attempt to read the camera data, especially on rooted phones. Besides making sure to use a non-rooted, malware-free phone, you could use a BIP38 encoded private key to add extra security. Even if someone got that QR code (in which way ever), he would not be able to use it without knowing your password. When scanning such an encrypted key, Mycelium will ask for your password to decrypt it.

Is there somehow signing transactions offline.  I LOVE mycellium and would love to keep using this.

BINGO my friend you hit the nail in the head, until you offer offline signing (hope), I will use your Bip38 way for the times I want to spend parts of my cold storage, At least this this is more secure then what I was using.

I have an Idea for offline signing You have a separate app, when opening this app it automatically puts your phone in airplane mode, this app also blocks ANY outside app from reading it or tracing it, once the signing is done it sends it to the Mycellium folder so when you open mycellium you select process offline transaction which pulls it from the folder and BAM done..maybe I am just dreaming here lol

[trasla]

My vote goes for expanding the bip38 import function to include the text.
(I used bit2factor.org to encrypt the key.)

I did put that on the list of TODOs to consider.

[molecular]

what's the status of BIP-32?

I'd really like to use my trezor with mycelium... ;-)

[Rassah]

what's the status of BIP-32?

I'd really like to use my trezor with mycelium... ;-)

Almost there. Basic functionality is working in testnet. It just looks really clunky.

[molecular]

what's the status of BIP-32?

I'd really like to use my trezor with mycelium... ;-)

Almost there. Basic functionality is working in testnet. It just looks really clunky.

wooohooo!

I really love mycelium, but I tend to re-use addresses (easy of use) and that behaviour needs to go out the window.

[GenTarkin]

So, Ive been testing importing private keys into mycelium via phone camera and noticed something. Mycelium wont autofocus =(
Is there any way this can be fixed?
Blockchain.info app focuses camera on QR codes just fine....
Mycelium wont attempt to focus at all....

[Newar]

So, Ive been testing importing private keys into mycelium via phone camera and noticed something. Mycelium wont autofocus =(
Is there any way this can be fixed?
Blockchain.info app focuses camera on QR codes just fine....
Mycelium wont attempt to focus at all....

Do you have "Autofocus" ticked in Settings?

[apetersson]

if you have focus problems, try out the new beta channel release, there are new UI elements for controlling focus behavior.

[Rassah]

Crosspost from Reddit:

Mycelium has been running the Indiegogo fundraiser for the Entropy device for a few weeks now, and we were really trying to avoid something like preorders (this was more of a fundraiser to see if there is enough market demand), and using BTC (due to issues others have had where the price of BTC skyrocketed while devices were delayed).

However, we have received tons of requests from people wanting to support us using bitcoin, so we gave in and added bitcoin links to our Indiegogo site. I have also included them here directly for convenience:

* $15 - Get a Mycelium t-shirt
* $40 - Get a Mycelium Entropy device
* $50 - Get a Mycelium Entropy device, and a t-shirt

We were overwhelmed by the success of our Indiegogo campaign. We set modest goals, to be sure to reach them and start producing, but we still need help and support to get these devices made. We will absolutely make sure that this project succeeds, and are even willing to use our own personal funds to get this project done, but anything extra we can get will help us a lot. We are still on target to start shipping by October. Since Indiegogo sends you the money as soon as you hit the goal, instead of at the end of the campaign (like Kickstarter), we have already transferred the money to our European bank account, and are in the process of negotiating the manufacturing order.

In other Mycelium news:

Mycelium will be at the Cryptolina conference in Raleigh, NC this weekend, August 15-16th, where I will be demonstrating our Mycelium Entropy device live, and **showing off the new BIP32/HD wallet feature in our Mycelium Wallet.** For those who don't know, this will allow you to back up all your bitcoin addresses using only one key (as opposed to making a separate backup for each address), and will make the wallet use a different change address for every transaction, greatly improving security and anonymity. This should also make managing addresses easier, and will allow us to implement CoinJoin for greatly improved anonymity (what DarkWallet uses) and make implementing the BIP70 Merchant Payment Protocol possible (which will make paying for things much easier, resolve some issues with who pays the fees, and help make 0-conf transactions more secure). We are getting really close to finishing it, and I for one am very excited.

[blossbloss]

I'm new to the Mycelium Wallet.  It is a thing of beauty! Thank you.

I've read all 41 pages of posts in this thread, and did not see the description of something that is confusing me.

Background:
I have my wallet in expert mode, with two addresses that Mycellium created.  I made a backup, and the PDF has the encrypted private keys.  I recorded the password that was presented to me.  Let's call this Backup #1.

After playing around with the wallet for a week, I made a second backup of the same two keys.  I also recorded the new password.  Let's call this Backup #2.

Questions:
The two encrypted private keys look different between the two backups.  However the addresses on both backups are the same.  Is it safe to assume that the un-encrypted private keys are the same as well?

Now that I've made Backup #2, is Backup #1 still valid?  I am assuming that both Backups are valid, but I have to use the appropriate password with the two different sets of encrypted private keys.  If this is is true, I'd like to just get rid of my Backup #2 and stick with my original backup.  Can you please confirm that this will not be a problem?

Thanks!

[OnkelPaul]

Now that I've made Backup #2, is Backup #1 still valid?  I am assuming that both Backups are valid, but I have to use the appropriate password with the two different sets of encrypted private keys.  If this is is true, I'd like to just get rid of my Backup #2 and stick with my original backup.  Can you please confirm that this will not be a problem?

Non-authoritative answer:
You can verify a backup at any time to see whether it could be imported. So when you've done that with backup #1, and Mycelium says the backup is good, you can destroy backup #2.

Onkel Paul

[bernard75]

I would still wait for it to be imported.

[blossbloss]

I would still wait for it to be imported.

I'm still holding on to both Backup PDFs.  I'm just trying to understand whether the two are redundant because they both point to the same private/public keypairs on the blockchain.  I have not done anything with the keys on my phone's Mycelium wallet, but let me ask my question in another way:  If I were to trash my phone and try to start from scratch with my backup, does it matter which one I use (Backup #1 or Backup #2)?  My interpretation is that it does not matter since they both point to the same keys, but the encrypted keys on the backups have different passphrases, so they look different.

Sorry for being so anal about these distinctions, but sometimes they matter.

Thanks!