Bitcoin Forum
December 05, 2016, 08:39:55 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 [62] 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 ... 168 »
  Print  
Author Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics  (Read 414227 times)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
August 06, 2012, 01:16:09 PM
 #1221

Blockchain can not do full OTP validation on Mt.Gox Yubikeys and and only uses the 16 byte prefix. It's not ideal (Related: https://bitcointalk.org/index.php?topic=64300.0).
Damn. I was hoping that it would be an actual OTP, instead of something that is vulnerable to a replay attack.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480927195
Hero Member
*
Offline Offline

Posts: 1480927195

View Profile Personal Message (Offline)

Ignore
1480927195
Reply with quote  #2

1480927195
Report to moderator
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
August 06, 2012, 01:51:00 PM
 #1222

Does anyone know if this is the same format as Electrum? I am away from my laptop or I would check.
I don't think so, Electrum has a more sophisticated deterministic algorithm.
Do you have any plans to implement this?  If not what would you consider a decent bounty?  I see two very useful use cases for this:

 1. Import the master public key for watch only balance/notifications.  I *love* the MyWallet service and the iPhone app.  Being able to see my balance or if a payment has been confirmed / received is awesome.  However this breaks when using Electrum because of the way it handles payments and change addresses.  See http://acceptbit.com/

 2. Actually importing the wallet seed (hex or mnemonic) and using MyWallet as a backup/clone/whatever.  If you go this route please make sure that you don't limit yourself to the seed size that Electrum gives you, it actually supports much bigger seeds (I have successfully feed it a 512 bit seed and it worked).

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
RandomQ
Hero Member
*****
Offline Offline

Activity: 616



View Profile
August 06, 2012, 10:47:48 PM
 #1223

Got this interesting error.

Error pushing transaction Error Pushing. Previous Tx is Double Spend 13e4e79afb4eb0f32896c6b611c88b2799f4bf0fa027d6d2e255c39e45f297a0

That transaction was newly generated coins from p2pool.

Any insight whats going on here?

First time i've seen this error message

Bitcoin To Cash LLC Receive cash in the mail for Bitcoin!
[CryptoStocks] GREEN - GreenBTC - Mining Company on CryptoStocks
Clark
Hero Member
*****
Offline Offline

Activity: 540


So much code.


View Profile WWW
August 07, 2012, 06:25:23 PM
 #1224

Some interesting host name searches, showing Bitcoin clients running within these organizations:

Governments:
http://blockchain.info/ip-log?search_input=.gov
Contains foreign governments as well as US agencies (NOAA, NIH, USGS, Fermilab=FNAL).

Google (2 nodes):
http://blockchain.info/ip-log?search_input=google.com

Microsoft (26 nodes):
http://blockchain.info/ip-log?search_input=microsoft.com

Amazon AWS (464 Nodes):
http://blockchain.info/ip-log?search_input=amazonaws


Feature request: When the search returns no results, please don't send me back to the home page of the site. Just show a page with the proper 'no results' text. Thanks!

PGP KEY | 1Bitcoin3Tg2KWyAq3wzivdqwYqGwKYaGd
Kupsi
Legendary
*
Offline Offline

Activity: 1190


9.9.2012: I predict that single digits... <- FAIL


View Profile
August 07, 2012, 10:02:24 PM
 #1225

After reading the 2 million unspent bitcoin thread I started thinking of two charts that could be interesting...

1. Daily bitcoin days destroyd in percent of daily new bitcoin days. Yesterday it was 3497490 bitcoin days destroid and 9631650 (roughly estimate) new bitcoin days. That's 3497490 / 9631650 = 36,31%.

2. Total bitcoin days destroyd to date in percent of total bitcoin days to date.


Thoughts?



IveBeenBit
Sr. Member
****
Offline Offline

Activity: 448



View Profile
August 08, 2012, 04:19:58 PM
 #1226

Once I click "Login now" in the wallet section, the page formatting in Opera 12.01 on Windows 7 is all screwed up and it doesn't display correctly once logged in. It looks like all the text is crammed into a table on the left side of the screen, if that makes sense. Let me know if you'd like to see a screen shot.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
August 08, 2012, 04:38:17 PM
 #1227

Once I click "Login now" in the wallet section, the page formatting in Opera 12.01 on Windows 7 is all screwed up and it doesn't display correctly once logged in. It looks like all the text is crammed into a table on the left side of the screen, if that makes sense. Let me know if you'd like to see a screen shot.
Why on earth are you using Opera?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
ripper234
Legendary
*
Offline Offline

Activity: 1260


Ron Gross


View Profile WWW
August 09, 2012, 04:01:27 AM
 #1228

I just realized something - 2-factor auth in Blockchain.info doesn't really protect you from trojans!
At least, if you're using a Dropbox backup...

I mean, the wallet is synched to your Dropbox, where it is stored only encrypted with your main password. If a keylogger sniffs it, it can then find and decrypt your wallet.


I don't think there is a solution until proper m-of-n transactions are implemented.
Either the server has to know the full private key, or the client does:

If the server does, then it can run away with your money - this is not aligned with Blockchain.info's security model.
If the client does, trojans can sniff your key.


Bitcoin 0.7 ... we badly need you.

Please do not pm me, use ron@bitcoin.org.il instead
Mastercoin Executive Director
Co-founder of the Israeli Bitcoin Association
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
August 09, 2012, 04:40:59 AM
 #1229

I just realized something - 2-factor auth in Blockchain.info doesn't really protect you from trojans!
At least, if you're using a Dropbox backup...

I mean, the wallet is synched to your Dropbox, where it is stored only encrypted with your main password. If a keylogger sniffs it, it can then find and decrypt your wallet.


I don't think there is a solution until proper m-of-n transactions are implemented.
Either the server has to know the full private key, or the client does:

If the server does, then it can run away with your money - this is not aligned with Blockchain.info's security model.
If the client does, trojans can sniff your key.


Bitcoin 0.7 ... we badly need you.

Use email backup that also has two factor auth.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
ripper234
Legendary
*
Offline Offline

Activity: 1260


Ron Gross


View Profile WWW
August 09, 2012, 04:59:26 AM
 #1230

I just realized something - 2-factor auth in Blockchain.info doesn't really protect you from trojans!
At least, if you're using a Dropbox backup...

I mean, the wallet is synched to your Dropbox, where it is stored only encrypted with your main password. If a keylogger sniffs it, it can then find and decrypt your wallet.


I don't think there is a solution until proper m-of-n transactions are implemented.
Either the server has to know the full private key, or the client does:

If the server does, then it can run away with your money - this is not aligned with Blockchain.info's security model.
If the client does, trojans can sniff your key.


Bitcoin 0.7 ... we badly need you.

Use email backup that also has two factor auth.

Yeah, but:

1. For some reason I feel better with Dropbox backup ... I like seeing the files there. Not a good reason, I admit. I'm currently using both.
2. Email backup is still vulnerable, it just takes a bit more effort. It's not that hard to write a trojan that opens up your browser when you're away and downloads your email messages.

Please do not pm me, use ron@bitcoin.org.il instead
Mastercoin Executive Director
Co-founder of the Israeli Bitcoin Association
P4man
Hero Member
*****
Offline Offline

Activity: 504



View Profile
August 09, 2012, 09:53:36 AM
 #1231

I have to say, I absolutely love the blockchain.info wallet service. It allows me to monitor paper wallets, draws pretty charts, it works like a dream on my android, the features are fan-tas-tic.

I do have one obvious concern Id like some feedback on: security.
How hard would it be to write some malware or a browser expoit that would target blockchain.info wallets, duping the user in to entering his password and then stealing the coins?
Also, I understand blockchain itself doesnt have the private keys, but if someone manages to hack the server, it would still allow him to obtain the key from the user when he enters it, or not?

BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
August 09, 2012, 11:11:53 AM
 #1232

I have to say, I absolutely love the blockchain.info wallet service. It allows me to monitor paper wallets, draws pretty charts, it works like a dream on my android, the features are fan-tas-tic.

I do have one obvious concern Id like some feedback on: security.
How hard would it be to write some malware or a browser expoit that would target blockchain.info wallets, duping the user in to entering his password and then stealing the coins?
Also, I understand blockchain itself doesnt have the private keys, but if someone manages to hack the server, it would still allow him to obtain the key from the user when he enters it, or not?
You might want to install the browser plugin that checks the site javascript code against the github source. It gives you another layer of protection that makes it difficult to just hack the server or intercept and change code. I've noticed that despite piuk going to the effort of making that very few users have actually downloaded it (according to the count on the Firefox add-on page anyway).

https://www.blockchain.info/wallet/verifier

hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
August 09, 2012, 11:53:17 AM
 #1233

I've noticed that despite piuk going to the effort of making that very few users have actually downloaded it (according to the count on the Firefox add-on page anyway).

https://www.blockchain.info/wallet/verifier

The problem is it's not being advertised anywhere.. For instance if you go to blockchain.info and click the wallet link, you can't find the link you posted and I've said this to piuk before but it seems he hasn't had the time or perhaps forgot to address it.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
August 09, 2012, 01:06:37 PM
 #1234

I just realized something - 2-factor auth in Blockchain.info doesn't really protect you from trojans!
At least, if you're using a Dropbox backup...

I mean, the wallet is synched to your Dropbox, where it is stored only encrypted with your main password. If a keylogger sniffs it, it can then find and decrypt your wallet.


I don't think there is a solution until proper m-of-n transactions are implemented.
Either the server has to know the full private key, or the client does:

If the server does, then it can run away with your money - this is not aligned with Blockchain.info's security model.
If the client does, trojans can sniff your key.


Bitcoin 0.7 ... we badly need you.

Actually, if you are using a MtGox yubikey as 2FA, you are similarly not protected by keyloggers - they don't validate the whole token, they just use the first so many digits (the serial number of the key) as the second factor.  Angry
Unfortunately, LastPass does the same damn thing for offline access.  Angry

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
piuk
Hero Member
*****
Offline Offline

Activity: 910



View Profile WWW
August 09, 2012, 02:10:06 PM
 #1235

Does anyone know if this is the same format as Electrum? I am away from my laptop or I would check.
I don't think so, Electrum has a more sophisticated deterministic algorithm.
Do you have any plans to implement this?  If not what would you consider a decent bounty?  I see two very useful use cases for this:

 1. Import the master public key for watch only balance/notifications.  I *love* the MyWallet service and the iPhone app.  Being able to see my balance or if a payment has been confirmed / received is awesome.  However this breaks when using Electrum because of the way it handles payments and change addresses.  See http://acceptbit.com/

 2. Actually importing the wallet seed (hex or mnemonic) and using MyWallet as a backup/clone/whatever.  If you go this route please make sure that you don't limit yourself to the seed size that Electrum gives you, it actually supports much bigger seeds (I have successfully feed it a 512 bit seed and it worked).

I'll see what I can do.

Got this interesting error.

Error pushing transaction Error Pushing. Previous Tx is Double Spend 13e4e79afb4eb0f32896c6b611c88b2799f4bf0fa027d6d2e255c39e45f297a0

That transaction was newly generated coins from p2pool.

Any insight whats going on here?

First time i've seen this error message


This is a new error, blockchain will now refuse to relay transactions it deems as double spends. However in your case I think it was erroneously flagging the coinbase transaction as a double spend, it should be fixed now.

I mean, the wallet is synched to your Dropbox, where it is stored only encrypted with your main password. If a keylogger sniffs it, it can then find and decrypt your wallet.

You could setup a dedicated dropbox account. Blockchain should remember your dropbox login details for up to a month so you only need to login once to the dedicated account, mixing the window of opportunity for a keylogger to intercept your password.

But yes the only full-proof way is to keep a backup on an eternal USB drive or a paper wallet.

How hard would it be to write some malware or a browser expoit that would target blockchain.info wallets, duping the user in to entering his password and then stealing the coins?

The malware wouldn't be difficult to write, however getting it on your computer is more difficult. All bitcoin users need to be careful about what programs they install on their PC's. If any malware is installed that is able to modify the html of a page you are viewing virtually nothing is safe (including MT.Gox or other online wallets). The only practical solution to this is Multisig (paper wallets are good as well but not convient for everyday use).

Also, I understand blockchain itself doesn't have the private keys, but if someone manages to hack the server, it would still allow him to obtain the key from the user when he enters it, or not?

This is possible but would be very difficult in practice. There are lots of server side checks to ensure the the correct js is being served, if there are any unexpected file changes I get notified immediately. As hazek mentioned there is also https://www.blockchain.info/wallet/verifier which is a simple browser extensions that checks that the js being served is identical to the js at https://github.com/blockchain/My-Wallet.

The problem is it's not being advertised anywhere.. For instance if you go to blockchain.info and click the wallet link, you can't find the link you posted and I've said this to piuk before but it seems he hasn't had the time or perhaps forgot to address it.

I've added a link to it on the [Account Details] security page.

-----------------------------

Changes

- SMS Notifications Now available. Currently limited to 5 free SMS's per day, you'll be able to purchase more shortly.



- Lots of bug fixes (Websocket permissions error, Problem with orphaned coinbase transactions, Fix js error in old versions of FF, Fixed blockchain.co.uk redirect (affects facebook), Fixed error on claiming SMS).

- Offering 0.25 BTC bounty for all bug reports. Must be repeatable by me and an expected error.

hazek
Legendary
*
Offline Offline

Activity: 1078


View Profile
August 09, 2012, 02:17:39 PM
 #1236


The problem is it's not being advertised anywhere.. For instance if you go to blockchain.info and click the wallet link, you can't find the link you posted and I've said this to piuk before but it seems he hasn't had the time or perhaps forgot to address it.

I've added a link to it on the [Account Details] security page.

Awesome, thanks! Keep up the great work.

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
Khanduras
Full Member
***
Offline Offline

Activity: 168

Movin' on up.


View Profile
August 10, 2012, 03:00:08 AM
 #1237

So I just started working on a website which makes use of the My Wallet service from Blockchain.info for not only handling Bitcoin payments from the members of my site, but also for monitoring transactions sent to their deposit addresses.  In doing so, I seem to have run into a few issues with the service that I'm HOPING are just oversights on my part.

First thing's first - I'm using automatic payment notifications in order to know when a payment arrives to any of the addresses in my wallet.  Seems simple enough, I figured, but apparently it's a lot more complicated than I had originally thought.  I'm trying to return results of deposits into the wallet, but on parsing the JSON payload, it ends up never having that information in the same place.  Is there some more detailed documentation somewhere about parsing the data more accurately?

The second concern, also with the automatic HTTP payment notifications, is that I'm wanting to only receive notifications about confirmed payments.  I see an option to change this, but no matter what I set it to, it always falls back to "Instantly" instead of the 2 confirmations I would like to use.  I've tried everything from changing the order in which I fill out the form to switching browsers and even praying to every God known to mankind, and it still isn't changing.  If anyone can help me with this, it'd be greatly appreciated.

Bitcoin Address: 1N1sex4rktWdxBJcFTczYZF5Xa75C47j4c                 |
Mining Income Address: 15wgpV7fDN8fVYn1q9QaPb9XSLjGRhry5L    |
P4man
Hero Member
*****
Offline Offline

Activity: 504



View Profile
August 10, 2012, 09:27:01 AM
 #1238

This is possible but would be very difficult in practice. There are lots of server side checks to ensure the the correct js is being served, if there are any unexpected file changes I get notified immediately. As hazek mentioned there is also https://www.blockchain.info/wallet/verifier which is a simple browser extensions that checks that the js being served is identical to the js at https://github.com/blockchain/My-Wallet.

I installed it; is there any way to know its actually working? Does it check before or after entering my password?

BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
August 10, 2012, 10:39:37 AM
 #1239

This is possible but would be very difficult in practice. There are lots of server side checks to ensure the the correct js is being served, if there are any unexpected file changes I get notified immediately. As hazek mentioned there is also https://www.blockchain.info/wallet/verifier which is a simple browser extensions that checks that the js being served is identical to the js at https://github.com/blockchain/My-Wallet.

I installed it; is there any way to know its actually working? Does it check before or after entering my password?
You can open the Error Console in your browser and you'll see when it emits some messages about verifying. It happens when you load any wallet page including login. (It throws heaps of css warnings too so you have to set the console for "info messages only") On FF the Error console is Ctrl-Shift-J (Tools, Web Developer, Error Console).

nedbert9
Sr. Member
****
Offline Offline

Activity: 252

Inactive


View Profile
August 10, 2012, 07:09:42 PM
 #1240



Anyone have issue importing a private key and getting 'Error backing up wallet?"

Pages: « 1 ... 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 [62] 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 ... 168 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!