Blockchain.info - Bitcoin Block explorer & Currency Statistics

[teste]

If I go to Account Settings and change the preferred language, I'll be disconnected from my wallet, being necessary to login again. Why?

[piuk]

The problem of forgotten passwords

As Blockchain's user base is increasing and more non-technical users are joining there has been an increased amount of people forgetting their password. It is frustrating trying to explain why we cannot reset passwords each time.

To counter this all new wallets will now be shown a recovery Mnemonic. This should be written down and kept secure.



If you record this we will be able to recover the wallet should the password (or identifier) be forgotten. With a few caveats:

- When the wallet password is changed a new Mnemonic needs to be recorded.
- If Double encryption is enabled two Mnemonics must be recorded.

The mnemonic includes a checksum to verify it was copied correctly. For existing wallets the Mnemonic can be found in [Account Settings].



If you don't record the Mnemonic or make a paper backup and forget the password there is nothing we can do to help, the coins are lost.

-----------

Hi,
About export history. Do you think in add an advanced option to export with more informations, like: (value at time of transaction), the notes, fee paid,...

Can do.

I can't add notes to transactions using tablet (touchscreen). The popup disappear.
I think some parts of Blockchain.Info is not optimized for touchscreen use.

The tooltip requires a mouseover event to stay open. Seems it needs to be replaced with a click for touch screens.

Another request via the send API -the ability to add a comment.

There is now a note parameter in the send api.

If I go to Account Settings and change the preferred language, I'll be disconnected from my wallet, being necessary to login again. Why?

This isn't possible to change as it requires refreshing the page. Blockchain can never remember the password, since it's client side, so always requires re-logging when the page reloads.

[JWU42]

Piuk,

Thanks for the addition of note to the send API!

I realize an error in my request, however, I should have said the sendmany API.   

[whizter]

Hey, I have a theoretical technical question regarding the Wallet Service that I'm using for a few days now.

Let's assume the service is suddenly stopped or the website is not working or offline for whatever reasons.
I got a backup of wallet.aes.json stored offline. Is there a way to decrypt it using my password to gain access to my private keys without the website?
It must be possible somehow of course, but how could you do it without having access to the scripts?

[picobit]

The problem of forgotten passwords

For existing wallets the Mnemonic can be found in [Account Settings].

This worries me a little bit.  If I leave my computer while logged in (a stupid thing to do, I know) or if someone distract me on purpose, he can read off my password from that page.  I assume the mnemonic is created client-side, so it must be able to find the algorithm in the javascript, and inverse it.

If you don't record the Mnemonic or make a paper backup and forget the password there is nothing we can do to help, the coins are lost.

What is the difference between writing down the mnemonic and just writing down the password?

I am not sure if there is a better way to do it - it is a balance between loosing coins through being hacked or loosing them by forgetting the password, some compromise has to be made.  But password recovery always makes me uneasy - if my password can be recovered by me, it can in principle be recovered by somebody else.

[gbl08ma]

Is there a way to disable this new form of password recovery for a single wallet? I believe password recovery ability should be optional, for the reason picobit described:

if my password can be recovered by me, it can in principle be recovered by somebody else.

[hazek]

The problem of forgotten passwords

I also think a lot could be improved how this is communicated to new users. For example the warning "Don't Forget Your Password!
As your password is not shared with us it is extremely important to remember it, if necessary write it on a a post-it note now. There is no password recovery process! " Is in normal sized letters in dark blue color on a light blue background..

Why not make it BIG RED letters and in a pop up before they can even enter anything with a 3 second delayed close the popup button? And why not make this message more concise?

If I were you my message would read: WARNING: Lost passwords are UNRECOVERABLE and will results in LOSS of ALL of your bitcoins!

[Stephen Gornick]

Bug report:  The amount field needs some input validation performed.  If the value has a trailing space (e.g., "0.12 " instead of "0.12", that amount will be recognized as  Satoshis (0.00000012 BTC) and not BTC.

This occurs for both Quick Send as well as Custom.

[picobit]

If I were you my message would read: WARNING: Lost passwords are UNRECOVERABLE and will results in LOSS of ALL of your bitcoins!

And the continue as Armory does:

If you have understood this, you will have no problems entering your password a third time.  The the user "signs" that he understands with his password :-)

[hazek]

If I were you my message would read: WARNING: Lost passwords are UNRECOVERABLE and will results in LOSS of ALL of your bitcoins!

And the continue as Armory does:

If you have understood this, you will have no problems entering your password a third time.  The the user "signs" that he understands with his password :-)

Excellent idea.

[teste]

Piuk,

Could you add the (Date) when clicking on lines of charts? Something like what Coinbase does, see: https://coinbase.com/charts

Thanks.

[Mcoroklo]

Can anyone get the callback function in the API to work, when creating an address?

I've tried for over a week now, and the guys at Blockchain basically ignore my well written support cases..

The API is well written and documented, and I would love to get it too work.. But I don't get any callbacks when people have transfered money to the generated addresses...

EDIT (16-01-2013 14:13): Now the API seem to work.

[mila]

Hi Piuk,

the phone deposit for medium and large packages is broken for Luxembourg.
small works fine.
the two others I mention seem to be "test services"
they drop the connection after pressing any button (first button pressed  causes the service to repeat your choice)
it also says 'this is a test environment'
it was broken also last month but i did not bother to report

[piuk]

Lots of javascript changes deployed today. If your experiencing any javascript errors refresh the page a few times to ensure the latest version is loaded.

- The My Wallet chrome extension has be rewritten and is now a fully packaged app including all javascript and html. This means it is fully protected from server side javascript changes. Just a fallback to a 3rd party server such as electrum is needed now to make it fully resilient.

Chrome Store: https://chrome.google.com/webstore/detail/my-wallet/djjkppdfofjnpcbnkkangbhanjdnoocd
Source: https://github.com/blockchain/My-Wallet-Chrome-Extension

- A wallets' main password is now needed to view [Account Settings] if the password hasn't already been entered in the last minute.
- Wallet passwords are now stored in a closure object making them much harder (impossible?) to extract from a open wallet. You cannot do alert(password) anymore.
- After 5 minutes of inactivity (no mouse clicks or key presses) you will now automatically be logged out.
- Chinese transactions up.

------

I realize an error in my request, however, I should have said the sendmany API.  

This is available now.

Is there a way to decrypt it using my password to gain access to my private keys without the website?

The easiest way is to use Multibit (https://multibit.org) which can import blockchain wallets without any modification.

What is the difference between writing down the mnemonic and just writing down the password?

There is essentially no difference. But the mnemonic is case insensitive, never contains symbols and has a checksum so is more suitable for writing down.

But password recovery always makes me uneasy - if my password can be recovered by me, it can in principle be recovered by somebody else.

True, it is an optional feature. Viewing the mnemonic now requires entering the main and second password so anyone hoping to grab it would have to know the password anyway. Really I am just trying to noob proof the site a bit.

If I were you my message would read: WARNING: Lost passwords are UNRECOVERABLE and will results in LOSS of ALL of your bitcoins!

I have added that phrase on the signup page and in the mnemonic popup now. I think it is pretty clear now.
 

Could you add the (Date) when clicking on lines of charts? Something like what Coinbase does, see: https://coinbase.com/charts

Can do.

Can anyone get the callback function in the API to work, when creating an address?

I've tried for over a week now, and the guys at Blockchain basically ignore my well written support cases..

The API is well written and documented, and I would love to get it too work.. But I don't get any callbacks when people have transfered money to the generated addresses...

Sorry I did look into this briefly but could not find the problem immediately (I do receive the callback to a test script). I will fully test it by the end of the week.

Hi Piuk,

the phone deposit for medium and large packages is broken for Luxembourg.
small works fine.
the two others I mention seem to be "test services"
they drop the connection after pressing any button (first button pressed  causes the service to repeat your choice)
it also says 'this is a test environment'
it was broken also last month but i did not bother to report

This is handled by out payment processor (http://zaypay.com/). I don't know what would cause this problem but you will not have been charged.

[Binford 6100]

the phone deposit for medium and large packages is broken...

This is handled by out payment processor (http://zaypay.com/). I don't know what would cause this problem but you will not have been charged.

technically the phone number did not charged the full amount but since it is a premium number to call there costs money every time i check if it's still broken
nvmd i found another service where i can butcher my prepaid cards for bitcoin

[hazek]

- Chinese transactions up.

Translation!  ( Again piuk?)

If I were you my message would read: WARNING: Lost passwords are UNRECOVERABLE and will results in LOSS of ALL of your bitcoins!

I have added that phrase on the signup page and in the mnemonic popup now. I think it is pretty clear now.

Well, it's definitely better, could still be in red and as a pop up to make it impossible to miss but it is pretty hard to miss already.


Great job, you are an amazing developer because you listen.

[JWU42]

I realize an error in my request, however, I should have said the sendmany API.  

This is available now.

Excellent - will be using it this week and a tip is coming your way 

[ErebusBat]

What is the difference between writing down the mnemonic and just writing down the password?

There is essentially no difference. But the mnemonic is case insensitive, never contains symbols and has a checksum so is more suitable for writing down.

But password recovery always makes me uneasy - if my password can be recovered by me, it can in principle be recovered by somebody else.

True, it is an optional feature. Viewing the mnemonic now requires entering the main and second password so anyone hoping to grab it would have to know the password anyway. Really I am just trying to noob proof the site a bit.

I hear you piuk... I have to deal with users too and nothing turns people sour than when they forget their password to the new magic internet money site they heard about on the new hit CBS drama last week and now the site 'stole' their money... I hear your pain.

My gut agrees with some of the others for a way to 'disable' this for those of us who want a little more security.

However I would like some more information before I ask for change. 

How exactly is it implemented?  What strength does the mnemonic provide (bits etc)?  I assume you are using the electrum seed encoding (interactive en/decoder at brainwallet)?

I can think of one basic way this would work:  You generate a XXXbit random key (or derive it from my password) and my password encrypts that key.  The mnemonic is of the key.

My concern is that there is an addition of another way to decrypt my wallet (or worse, my password itself).  The reason it concerns me is if there is an attack vector discovered in the future.  Passwords are in closures now and that is great, but what if someone finds a way to extricate the mnemonic in the future?  Now we are trying to protect two things, rather than one.

I agree that for most people this probably wouldn't be an issue (probably isn't even for me, I am just a freak), but having the option of turning it off would be nice.  Even better would be a decoy option where the values are still there in memory, but just garbage so if an attacker ever found an exploit they would just get garbage.  However knowing what I know about the way the service works they would just be able to check the decoy flag and compensate, so that probably wouldn't work anyway.

I really do hear your pain with new users so I 100% understand and support why you did this.  I would even be in favor of a 'hidden' option where you had to enter a special #tagOption by hand or something so that the 'average' user (your target demographic with the mnemonic) wouldn't even see it as an option to turn it on.

[ErebusBat]

Lots of javascript changes deployed today. If your experiencing any javascript errors refresh the page a few times to ensure the latest version is loaded.

- The My Wallet chrome extension has be rewritten and is now a fully packaged app including all javascript and html. This means it is fully protected from server side javascript changes. Just a fallback to a 3rd party server such as electrum is needed now to make it fully resilient.

Chrome Store: https://chrome.google.com/webstore/detail/my-wallet/djjkppdfofjnpcbnkkangbhanjdnoocd
Source: https://github.com/blockchain/My-Wallet-Chrome-Extension

- A wallets' main password is now needed to view [Account Settings] if the password hasn't already been entered in the last minute.
- Wallet passwords are now stored in a closure object making them much harder (impossible?) to extract from a open wallet. You cannot do alert(password) anymore.
- After 5 minutes of inactivity (no mouse clicks or key presses) you will now automatically be logged out.
- Chinese transactions up.

BUG REPORT:  After autologout the extension will send you to the website, meaning that you are no longer using the extension JS after that.

Steps:
  1) Login, using the extension
  2) Wait 5 minutes
  3) Notice you were auto logged out, then click login again to access your wallet.
  4) Notice the URL.

BUG REPORT:  When signing up for SMS, two verifications messages are sent, with different OTP.

Are automatic dropbox backups no longer available?

[teste]

If I go to change my My Wallet password and I already have written something on password hint. Will I be warned to update my password hint? If no, I think It's important add it.