Blockchain.info - Bitcoin Block explorer & Currency Statistics

[teste]

Piuk,

Sometimes I see that exchange rate of btc on Send Money tab, stay not update for a long time.
Doesn't we have a button that is able to refresh the exchange rate? I thought that the button of refresh, that is near of logout button, was able to update the exchange rate information. But it's not. Could you implement it?

[piuk]

Bit of promo material on the chrome extension: https://blockchain.info/wallet/chrome-extension

-------

Translation!  ( Again piuk?)

Note to self: learn to proof read.

Great job, you are an amazing developer because you listen.

Thanks

Excellent - will be using it this week and a tip is coming your way 

Good to head, don't worry about the tip though.

How exactly is it implemented?  What strength does the mnemonic provide (bits etc)?  I assume you are using the electrum seed encoding (interactive en/decoder at brainwallet)?

It is almost the same encoding as electrum but with the addition of a checkum and version byte. https://github.com/blockchain/My-Wallet/blob/master/mnemonic.js the entropy provided will be the same as the password itself, the mnemonic will grow or shrink depending on the length of the password.

My concern is that there is an addition of another way to decrypt my wallet (or worse, my password itself).

It recovers the password itself.

if someone finds a way to extricate the mnemonic in the future?

Thinking out loud... To generate the mnemonic the password is extracted out of the private closure object using the getMainPassword() function (Line 1621 wallet.js). If you can extract the password then there is no point generating the mnemonic. But if the mnemonic is removed the getMainPassword() function can probably be removed as well.

Really the getMainPassword() should be changed not actually return the password but just confirm the user has typed it in recently. Then a separate modal dialog should be used to request the password for the mnemonic, that way it is being typed directly rather than being extract out of memory and is effectively permanently disabled if not actually using that feature.

BUG REPORT:  After autologout the extension will send you to the website, meaning that you are no longer using the extension JS after that.

BUG REPORT:  When signing up for SMS, two verifications messages are sent, with different OTP.

Are automatic dropbox backups no longer available?

First two should be fixed. Automatic dropbox backups should still be available, might first require doing a manual backup if the login has expired.

[c0dex]

Having an issue where when I try to login to my wallet, it never sends the authentication email.  Even after hitting the "resend email" button, no email is received.

Edit:  Fixed!

[c0dex]

Never mind -- after it automatically logged me out, it won't send the authentication email (again).

[tom1]

- After 5 minutes of inactivity (no mouse clicks or key presses) you will now automatically be logged out.

Is there any way to deactivate this "feature"? I find it very annoying.

[c0dex]

- After 5 minutes of inactivity (no mouse clicks or key presses) you will now automatically be logged out.

Is there any way to deactivate this "feature"? I find it very annoying.

Having this option would be great!

[piuk]

If no, I think It's important add it... But it's not. Could you implement it?

Agreed and yes.

Is there any way to deactivate this "feature"? I find it very annoying.

You can now adjust this in account settings:



What would people think to a remember password checkbox on the login page? The password could be stored in localStorage encrypted with a random string embedded in page itself.

[c0dex]

Great!  However, I selected "Never" and it still booted me after 5 minutes of inactivity.

[piuk]

Great!  However, I selected "Never" and it still booted me after 5 minutes of inactivity.

I think it might require logging in again after the option is changed. Does it still kick you if you login again?

[sunnankar]

- The My Wallet chrome extension has be rewritten and is now a fully packaged app including all javascript and html. This means it is fully protected from server side javascript changes. Just a fallback to a 3rd party server such as electrum is needed now to make it fully resilient.

Chrome Store: https://chrome.google.com/webstore/detail/my-wallet/djjkppdfofjnpcbnkkangbhanjdnoocd
Source: https://github.com/blockchain/My-Wallet-Chrome-Extension

Anyone else having a problem getting this loaded into Chromium?

Get an unknown error from the Chrome Web Store 'An error has occured: There was a problem adding the item to Chrome. Please refresh the page and try again.'

Having similar problems trying to add the folder via Developer mode just with a missing manifest file; which appears to be in the folder. I think I must be missing something obvious.

Any suggestions?

[piuk]

- The My Wallet chrome extension has be rewritten and is now a fully packaged app including all javascript and html. This means it is fully protected from server side javascript changes. Just a fallback to a 3rd party server such as electrum is needed now to make it fully resilient.

Chrome Store: https://chrome.google.com/webstore/detail/my-wallet/djjkppdfofjnpcbnkkangbhanjdnoocd
Source: https://github.com/blockchain/My-Wallet-Chrome-Extension

Anyone else having a problem getting this loaded into Chromium?

Get an unknown error from the Chrome Web Store 'An error has occured: There was a problem adding the item to Chrome. Please refresh the page and try again.'

Having similar problems trying to add the folder via Developer mode just with a missing manifest file; which appears to be in the folder. I think I must be missing something obvious.

Any suggestions?

Hmm do you have the verifier extension installed? Is chromium fully updated?

[hazek]

What would people think to a remember password checkbox on the login page? The password could be stored in localStorage encrypted with a random string embedded in page itself.

I wouldn't risk it. It opens up way too many attack vectors, especially for the less security inclined..

[tom1]

Is there any way to deactivate this "feature"? I find it very annoying.

You can now adjust this in account settings:

Great, thank you piuk.

[sunnankar]

Hmm do you have the verifier extension installed? Is chromium fully updated?

No verifier extension installed on this particular computer or Chromium and running Chromium Version 22.0.1215.0 (147829). Still cannot seem to get this to work for whatever reason.

[freeAgent]

If no, I think It's important add it... But it's not. Could you implement it?

Agreed and yes.

Is there any way to deactivate this "feature"? I find it very annoying.

You can now adjust this in account settings:



What would people think to a remember password checkbox on the login page? The password could be stored in localStorage encrypted with a random string embedded in page itself.

I don't think saving your password is a good option to have.  No banking website would ever allow that, and Blockchain.info is a similar type of site.  One thing that annoys me about the password input box, however, is that it doesn't work with Lastpass (ie, Lastpass can't automatically fill it in).  Additionally, you still have to click the login button after two-factor auth with a Yubikey, which isn't necessary on many sites.

[🏰 TradeFortress 🏰]

If no, I think It's important add it... But it's not. Could you implement it?

Agreed and yes.

Is there any way to deactivate this "feature"? I find it very annoying.

You can now adjust this in account settings:



What would people think to a remember password checkbox on the login page? The password could be stored in localStorage encrypted with a random string embedded in page itself.

How about a remember password checkbox for the session? Session, as in if you don't access it for 4 hours it is automatically logged out.

[hazek]

piuk I don't seem to be able to find the verifier link anywhere anymore: https://blockchain.info/wallet/support-pages

Did you remove it?

[chrisrico]

Didn't the full Chrome extension make the verifier extension obsolete?

Anyway, here's the Chrome web store link.

[MPOE-PR]

Is this some sort of bug? (1Ny5LAo8pW6kk2oLpXouXuEFHH6wgbYaTD)

[piuk]

No verifier extension installed on this particular computer or Chromium and running Chromium Version 22.0.1215.0 (147829). Still cannot seem to get this to work for whatever reason.

Sorry not sure what the problem would be. Anyone else running Chromium that can test it?

I don't think saving your password is a good option to have.  No banking website would ever allow that, and Blockchain.info is a similar type of site.  One thing that annoys me about the password input box, however, is that it doesn't work with Lastpass (ie, Lastpass can't automatically fill it in).  Additionally, you still have to click the login button after two-factor auth with a Yubikey, which isn't necessary on many sites.

Lastpass incompatibility is because the login fields are not wrapped in a <form> tag, it would be very easy to fix if it wasn't for the fact that the verifier disallows form tags. The yubikey issue will be fixed in the next update.

How about a remember password checkbox for the session? Session, as in if you don't access it for 4 hours it is automatically logged out.

Storing it in a server session or in cookies would violate the never share password with the server rule. It would have to be stored in localStorage which unfortunately does not have support for automatic expiry of values stored. I will heed the advice and forget remember password functionality for the time being.

piuk I don't seem to be able to find the verifier link anywhere anymore: https://blockchain.info/wallet/support-pages

Did you remove it?

The support link was removed but the page is still up (https://blockchain.info/wallet/verifier). Once the chrome extension is packaged for firefox (Easy bounty if someone wants to pick it up) the verifier will be depreciate. It's a hard sell convincing people the verifier is actually working and cannot be circumvent whereas a packaged extension is full proof.

Is this some sort of bug? (1Ny5LAo8pW6kk2oLpXouXuEFHH6wgbYaTD)

Seems to be a wrapping issue.