Bitcoin Forum
October 07, 2024, 01:39:30 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 [66] 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 »
  Print  
Author Topic: MultiBit  (Read 336254 times)
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 24, 2013, 09:54:56 PM
 #1301

The new site looks great!


Thanks - there is a bit of finishing off to do but we will probably make it the live version in a few days.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
April 25, 2013, 01:04:41 PM
 #1302

I just noticed the coins image has gone from the top left - is that intentional? The balance label looks a bit out of place now, it sort of hovers in space.
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 25, 2013, 03:32:46 PM
 #1303

Hi Mike,

Yeah it is due to the localisation of the 'Balance' and 'Available to spend' text. Having the coin bumped it over to the right and for languages with long text like Russian it just did not look right.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
April 25, 2013, 09:21:31 PM
 #1304

Mm, but now it doesn't look right in English either. It's not aligned with anything.
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 25, 2013, 10:14:22 PM
 #1305

Agreed it does not look right but it was the best I could come up with.
There are six visual elements:

<balance text> <amount BTC> <amount fiat>
<available to spend text> < avail to spend BTC> <avail to spend fiat>

Only the top left two are guaranteed to be present.
The user may not have fiat conversions switched on.
The available to spend may be the same as the balance, so the bottom row disappears.
The width of the localised text varies.

I ended up right aligning the text, left aligning the BTC and left aligning the fiat. With the point size smaller for available to spend so that the balance was dominant.

Everywhere else the BTC amount is followed by the fiat amount in brackets to the right of it so I wanted to keep the same layout in the header.

You can flick quickly between the wallets using shift-up and shift-down. You want the absolute positions of the elements to be the same otherwise everything shimmies around as you move between wallets.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
WilderedB
Member
**
Offline Offline

Activity: 93
Merit: 10


View Profile
April 26, 2013, 06:40:13 PM
 #1306

Forgive the silly question but where it says 'add password', is that the encryption? And is so just how strong is it? Is it the same kind of 256 bit thingy as the main bitcoin QT thingy?


Thanks
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 26, 2013, 06:56:38 PM
 #1307

Yes it really means "encrypt your wallet" but I have simplified the language a bit for new users.

The encryption on the wallets is:
  scrypt to convert your password to an AES key
then
  256 bit AES encryption of your private keys.


The encryption on the private key exports is also 256 bit AES but it uses an openssl algorithm for the key derivation. This is so that you can use the command line 'openssl' to encrypt and decrypt them.

I think both bitcoind and Armory use 256 bit AES but am not sure how they convert their passwords to AES keys TBH. There are various different algorithms to do it.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
WilderedB
Member
**
Offline Offline

Activity: 93
Merit: 10


View Profile
April 26, 2013, 07:01:34 PM
 #1308

OK, thanks.

Is there any way of importing an address?

I created an address offline with that bitaddress thing, and am keeping my key offline. Is it possible to use multibit to see my balance for that address, even if it can't send/spend?



jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 26, 2013, 07:11:56 PM
 #1309

You can import a single key, as outlined here:

https://multibit.org/en/help/v0.5/help_importASingleKey.html

It is not exactly what you want though as you want a watch-only address i.e. no private key present, only the public key/ address.
MultiBit does not support these yet.

You could import it into an encrypted wallet and the private key would be encrypted but that is not quite the same.

If you have a sizable amount in your offline address then I would not put the private key on your machine AT ALL for maximum safety. In which case MultiBit does not really give you what you want - probably Armory would be the best client for you as it has extensive offline capability.

Cheers

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
WilderedB
Member
**
Offline Offline

Activity: 93
Merit: 10


View Profile
April 26, 2013, 07:33:39 PM
 #1310

I don't own a single coin yet, just looking at my options before pulling the trigger and buying. Smiley

So if I disconnect this PC from the net, create a new wallet with Multibit, inc password, then reconnect to the net, is there *anything*, anywhere, in the way of an unencrypted key? Anything in any temp folder, cache, anything like that?

Or in simple terms, is Multibit now as secure as the QT client or not? Or more secure?

(and I cannot use armory for various technical reasons)



thanks
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 26, 2013, 08:14:16 PM
Last edit: April 27, 2013, 10:48:31 AM by jim618
 #1311

At the moment there is a 'chink in the armour' in that you cannot create an encrypted wallet directly, you create the wallet first, unencrypted and it has a single private key in it. Then you encrypt. This means in theory the first key could be read from your wallet unencrypted.

(I will be fixing this in the next round of UI work with a 'Create Wallet' wizard).  

To be sure that your private keys have never ever been written to disk unencrypted you have to:

1) create a wallet. This will have a single private key in.
2) add a label 'DO NOT USE' for that address just in case. Never use that address.
3) encrypt your wallet
4) add however many private keys you want.

Then when the wallet is saved the new private keys will be saved encrypted. They are only decrypted in memory when you do things like a spend or export private keys etc.

Other attack vectors you want to be aware of:
+ you accidentally install a Trojan wallet stealer (ie like from the fake MultiBit site I posted about today). Checking the installer signatures is a good way of spotting this.
+ an encrypted wallet gets stolen, and a keylogger sniffs your password. Malware getting onto your machine is the big problem here. If your machine is compromised then it is not safe to use Bitcoin on it IMO.
+ social attacks: you tell someone you trust your password and they break your confidence.
+ rubber hose attacks: someone knows you have a lot of BTC so they threaten violence against you.

For the last two I suggest you don't mention to anyone that you have that 1,000,000 BTC your Uncle Satoshi gave you for your birthday. Just don't mention it.


The other half of Bitcoin safety is BACKUPs.
I recommend:
+ add 'more than enough' addresses to your wallet (so your backups don't get invalidated by you creating more addresses)
+ close down MultiBit so all your wallets are written cleanly
+ make a TrueCrypt volume on a couple of USB drives.
+ copy all the .wallet, .info and .key files from your machine onto each of the USB drives.
+ store the backups somewhere safe, in two separate locations.

There are lots of variations you can do of course for backing up - the main thing is to have copies of your private keys somewhere safe.

Finally : Do not forget your password ! There is no backdoor to recover a wallet with a forgotten password.


MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
vints998
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile
April 27, 2013, 10:15:29 AM
 #1312

Norton has stopped blocking 0.5.9 and so I was able to install it today.
Thanks for simplifying the wallet encryption for people like me!
bitcoinspot.nl
Sr. Member
****
Offline Offline

Activity: 300
Merit: 250



View Profile WWW
April 28, 2013, 08:29:39 AM
 #1313

Hi Jim,

Will you be implementing a single-key import function somewhere in the future? so not how it currently is by exporting,editing and importing the file. But more how it works with mywallet, where you are just prompted for the private key and thats it.

Greets roland.

- bitcoinspot.nl - Alles over bitcoin! -
yacare
Hero Member
*****
Offline Offline

Activity: 1260
Merit: 500


In CryptoEnergy we trust


View Profile
April 28, 2013, 08:45:00 AM
 #1314

Hi,

This is a features request (two things), It seems that you are already working on it, but anyway, what I will like to see is:

1- Add the possibility to create a completely empty wallet (no address/key in it), so then I can import the keys I really want to use.
 As it is now, we have to use the label to "DO NOT USE" an address, but it will be nice to just don't have unwanted addresses.
Other possibility will be that you add an option to delete a key/address pair from an existing wallet.

2- Show/view balance per address.

With that two features included, Multibit may have all I want for a bitcoin client.

Congratulations for the new site!  Smiley Looks really nice.


Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
April 28, 2013, 10:21:00 AM
 #1315

Guys, importing keys is fraught with danger and there are lots of ways things can go wrong. If you want to switch from another wallet, the best way to do it is just send the money via a regular transaction.

There isn't an easy way to do what My Wallet does and just immediately show up a balance for an imported key, at least not in a purely peer-to-peer manner. It'd take a lot of work to change this unless Jim just relies on blockchain.info working and doing it for him. But then again, importing keys has many issues, so why would you want that?
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 28, 2013, 10:47:58 AM
 #1316

I plan that when you click on 'New Wallet' you get a new wallet wizard in a tab.

There you'll be able to create a new wallet and encrypt it straight away. I will probably add a combo box to choose the number of addresses to add initially too. Also set the description.

The balance per address I would like to do but I dont think it will go in the next round of UI work (it is a bit of work under the surface).

For private key import/ export I don't think it will change. As Mike says, the way MultiBit / bitcoinj works you cannot just 'press a button' to import a private key. It is *so* easy to get confused with private keys.

Also TBH Armory does such a good job with more advanced private key work there is little point in duplicating it. If you want to do more than just 'backup your keys' and 'restore your keys' I recommend installing bitcoind and Armory.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
yacare
Hero Member
*****
Offline Offline

Activity: 1260
Merit: 500


In CryptoEnergy we trust


View Profile
April 29, 2013, 09:14:52 PM
 #1317

Guys, importing keys is fraught with danger and there are lots of ways things can go wrong. If you want to switch from another wallet, the best way to do it is just send the money via a regular transaction.

There isn't an easy way to do what My Wallet does and just immediately show up a balance for an imported key, at least not in a purely peer-to-peer manner. It'd take a lot of work to change this unless Jim just relies on blockchain.info working and doing it for him. But then again, importing keys has many issues, so why would you want that?

For me, the main reason to import keys is: To use my own kind of deterministic keys. I know the dangers related to this approach, but I like the Idea that I can re-create (if I remember the how) my whole wallet, anytime, anywhere.
So, if for instance, someone completely loose access to the device were the wallet was installed, and lost all backups at the same time or event. That person can then, re-create, import keys, and have completely recovered the wallet.

The same situation applies if the person had the keys backed up somewhere (paper wallet for example).

So, for me, the ability to create a wallet completely from imported keys is a good feature to have.
And, If I know the approximate date when the keys where created, I can "Reset blockchain and transactions" from that date, and all transactions should be recovered.

Can someone correct me if I have something wrong?

Thank you!

jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 29, 2013, 09:51:18 PM
 #1318

Your technique will work yes if you have all the steps (key creation, key encoding etc) working 100% and reproducibly.

Your usage is much more advanced than the average user for whom the idea of 'private key' is a bit fuzzy. One little error or typo with a private key and money can be made permanently unspendable.

Unfortunately in some of the support emails I have had people have lost bitcoin where they, say, import a paper wallet, send some bitcoin from their paper wallet (and change is sent back to their wallet) and then they have deleted their MultiBit wallet. The change address private key was deleted too.

MultiBit is targeted to people who want to buy stuff with bitcoin and send it, say, to their friends.
A lot of people rely on learned behaviour rather than a deep understanding of things.
You don't have to grok how a rollercoaster works to enjoy it. This is who MultiBit is for.

If you are the sort of person that knows 'jerk' is the derivative of acceleration and IT'S derivative is called 'jounce' then sure private keys are another tool for you to use.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
yacare
Hero Member
*****
Offline Offline

Activity: 1260
Merit: 500


In CryptoEnergy we trust


View Profile
April 30, 2013, 01:07:53 AM
 #1319

Jim

Thank you very much for your answer.

So, at least for that kind of person who want's to spend a fraction of a paper wallet, it will be much safer if he can create a wallet where the only key/address pair corresponds to the imported key from the paper wallet.
That will eliminate the possibility of change being sent to some other address.
1 address, and no room for errors when using a paper wallet.

Maybe the wallet wizard can suggest to set number of addresses = 0 if the user is planning to import a key from a paper wallet.

The ideal (in my opinion) will be that the wizard had an option to import key right there on the wallet creation, so that the first address will correspond to that imported key.

Thank you again for your answer,
and congratulations for the good work.



jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
April 30, 2013, 05:18:39 AM
 #1320

Yeah I was going to put 0 as an option for the number of keys in the create wallet wizard.

I don't want to put the import key in the create wallet as it would just repeat the existing tab. 99% of the people going to a 'create wallet' wizard just want to create a wallet, if you see what I mean.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
Pages: « 1 ... 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 [66] 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!