Bitcoin Forum
May 20, 2018, 11:05:11 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 »
  Print  
Author Topic: Bitcoin Wallet for Android  (Read 120340 times)
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 483
Merit: 500


View Profile
August 11, 2013, 05:12:37 PM
 #361

Sorry for not replying for a few days, had to prepare the update. Please read:

https://bitcointalk.org/index.php?topic=271846.0


Forget about all those trivial issues above.  I think this is a much more important issue to discuss:

Hello,

The problem is that the bitcoin application generates bad signatures, reusing random numbers. In this case this transaction was the culprit:

https://blockchain.info/de/tx/54ac98e2301b9c7fdab5cfe93907032cc1248f9d5995cee70f38e98ba93d2d7f

Can you confirm that the transaction (sending 0.02 BTC to 1DzUV...) was generated by the android app?  You should send a bug report to the author of the app you used to generate this transaction.  The problem is that it uses the same r-value b8e6c364b50eada68923eb07930b294411826e6068f0dcbe7514154881d75812 twice in the signature, which is enough to break the ECDSA signature scheme and reveal the public key (5HrE9sgmeWu6mW...). Everyone can break the key with this information.

This problem occurs more and more frequently in recent times.  Usually there is a transaction to the 1Hkywx.. address within a few hours after the bad transaction, so it seems someone has a script that monitors this problem.  

At the moment there are 147 exposed keys.  The recent ones usually have a lot of transactions before the problem occurs, so it seems to occur rarely, but it occurs several times a month (worldwide).

I hope this post sheds some light into the problem.

Technical discussion of this specific issued moved to here:  https://bitcointalk.org/index.php?topic=271486.0
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1526814311
Hero Member
*
Offline Offline

Posts: 1526814311

View Profile Personal Message (Offline)

Ignore
1526814311
Reply with quote  #2

1526814311
Report to moderator
1526814311
Hero Member
*
Offline Offline

Posts: 1526814311

View Profile Personal Message (Offline)

Ignore
1526814311
Reply with quote  #2

1526814311
Report to moderator
Kupsi
Legendary
*
Offline Offline

Activity: 1191
Merit: 1000


9.9.2012: I predict that single digits... <- FAIL


View Profile
August 11, 2013, 07:03:56 PM
 #362

As soon as you upgrade, it will create a "rotate transaction", sending your funds over to a fresh, secure key.

Important: You need to backup your wallet again, because of the added key. The old keys will not be included in the backup, so keep your old backups around just in case.

You should allow the user to backup the new key before transferring the bitcoins.
kcirazy
Jr. Member
*
Offline Offline

Activity: 53
Merit: 0



View Profile
August 12, 2013, 11:59:35 AM
 #363

Any idea when the new version 3.15 will be rolled out on Google Play?

BitMessage Address: BM-2DAxdCKXtA8crWFEHrHdwCVRmN6aDbrFYc
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 483
Merit: 500


View Profile
August 12, 2013, 12:04:49 PM
 #364

Any idea when the new version 3.15 will be rolled out on Google Play?

Its already on 50% rollout. If you don't want to wait, you may want to install directly from

http://code.google.com/p/bitcoin-wallet/downloads/list
kcirazy
Jr. Member
*
Offline Offline

Activity: 53
Merit: 0



View Profile
August 12, 2013, 12:12:08 PM
 #365

Its already on 50% rollout. If you don't want to wait, you may want to install directly from
http://code.google.com/p/bitcoin-wallet/downloads/list
Ah yes, I see it in the Play Store.
But I don't get an update-option.
The app still says it's version 3.14 and that it's using bitcoinj 0.9
Did you update the About-info?

BitMessage Address: BM-2DAxdCKXtA8crWFEHrHdwCVRmN6aDbrFYc
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 483
Merit: 500


View Profile
August 12, 2013, 12:23:35 PM
 #366

Its already on 50% rollout. If you don't want to wait, you may want to install directly from
http://code.google.com/p/bitcoin-wallet/downloads/list
Ah yes, I see it in the Play Store.
But I don't get an update-option.
The app still says it's version 3.14 and that it's using bitcoinj 0.9
Did you update the About-info?

That's probably because of the staged rollout. I expect to increase percentage later today. If you don't want to wait, use the link above.
kcirazy
Jr. Member
*
Offline Offline

Activity: 53
Merit: 0



View Profile
August 13, 2013, 08:49:24 AM
 #367

That's probably because of the staged rollout. I expect to increase percentage later today. If you don't want to wait, use the link above.
I got the update notification today.

BitMessage Address: BM-2DAxdCKXtA8crWFEHrHdwCVRmN6aDbrFYc
jonathan
Member
**
Offline Offline

Activity: 81
Merit: 10


View Profile
August 13, 2013, 12:07:48 PM
 #368

Goonie, now that I have the 3.15 release on my phone, can I be sure that new transactions will not send change back to any of the old addresses that were generated by pre-3.15 versions?
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 483
Merit: 500


View Profile
August 13, 2013, 09:17:12 PM
 #369

Goonie, now that I have the 3.15 release on my phone, can I be sure that new transactions will not send change back to any of the old addresses that were generated by pre-3.15 versions?

Yes, you're safe. Insecure addresses are excluded from any of the internal operations, except for still showing them in the address list for reference.

By the way: Even if you receive more coins to one of the insecure addresses (which you should try to avoid), a new key rotate transaction will be created for that amount.
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 500


There is more to Bitcoin than bitcoins.


View Profile
August 14, 2013, 03:21:33 PM
 #370

Continued from another thread:

  • Unlike the Android Bitcoin Wallet, Mycelium does not connect directly to several nodes in the Bitcoin network. This means less bandwidth requirement for your mobile plan, less power consumption, and immediate availability, but also means that the server side could establish IP/address relations. (which it doesn't)

Can you reason this claim? Bitcoin Wallet also is "immediate available", has a very low bandwidth requirement and power consumption. The Bitcoin P2P protocol is very efficient (its binary), so how can Mycelium get any better than that?

Any plans for private key management from you guys? That is Mycelium's best "killer feature" right now.

I would also like to know. BWA is impressive at many levels, and priv key management would make it stunning!

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 483
Merit: 500


View Profile
August 14, 2013, 03:42:19 PM
 #371

Continued from another thread:

Can you reason this claim? Bitcoin Wallet also is "immediate available", has a very low bandwidth requirement and power consumption. The Bitcoin P2P protocol is very efficient (its binary), so how can Mycelium get any better than that?

Any plans for private key management from you guys? That is Mycelium's best "killer feature" right now.

I would also like to know. BWA is impressive at many levels, and priv key management would make it stunning!

Can you be more specific? Try to describe a usecase.
Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


Academy


View Profile WWW
August 14, 2013, 04:30:06 PM
 #372

Continued from another thread:

Can you reason this claim? Bitcoin Wallet also is "immediate available", has a very low bandwidth requirement and power consumption. The Bitcoin P2P protocol is very efficient (its binary), so how can Mycelium get any better than that?

Any plans for private key management from you guys? That is Mycelium's best "killer feature" right now.

I would also like to know. BWA is impressive at many levels, and priv key management would make it stunning!

Can you be more specific? Try to describe a usecase.

Delete private key and only keep public to monitor amount.
Import public and / or private key by scanning QR code, so you can monitor and/or spend
Keep private key on paper, and public key in wallet. To spend money, QR scan the private key, store only in memory, spend from private key, and wipe from memory, never saving to storage

These are things Mycelium does now

Another feature I would love to see is deterministic wallets. Back up only backs up the deterministic seed. Every time you spend from an address, all bitcoins are spent, with part going to the person receiving, and the change part going into a new address. The only empty address gets archived and is unused, but can be restored if needed.

elebit
Sr. Member
****
Offline Offline

Activity: 438
Merit: 250


View Profile
August 14, 2013, 06:25:56 PM
 #373

Can you be more specific? Try to describe a usecase.

Using a vanity address?

Generating a key offline for security reasons?

Claiming a cold storage wallet/physical coin/wallet prize?

Trying out several mobile wallet apps, using the same set of keys?

(Especially the last one; since Bitcoin Wallet for Android requires to to pay a fee every time you move your bitcoins, tiny wallets would otherwise slowly disintegrate every time to try another wallet.)
Syke
Legendary
*
Offline Offline

Activity: 2590
Merit: 1004


View Profile
August 15, 2013, 06:13:53 AM
 #374

Speaking of vanity addresses, I imported the private key for my nice firstbits vanity address and have been using it on my phone for a few months now. Is that vanity address now basically unusable?

Buy & Hold
CIYAM
Legendary
*
Offline Offline

Activity: 1876
Merit: 1000


Ian Knowles - CIYAM Lead Developer


View Profile WWW
August 15, 2013, 06:27:26 AM
 #375

Speaking of vanity addresses, I imported the private key for my nice firstbits vanity address and have been using it on my phone for a few months now. Is that vanity address now basically unusable?

It depends whether UTXOs for that address were part of txs that were signed on your phone (if you are not sure then probably best to not use it any more).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1005


View Profile
August 15, 2013, 09:36:48 AM
 #376

If your money wasn't already stolen the vanity address is probably safe (after you upgrade). However, the address will be marked as bad and any money sent to it will be rotated automatically, so in practice you'd need to re-import it.

BWA doesn't really support doing clever things with private keys at the moment. One reason is that it's easy for users to screw up and shoot themselves in the foot. For instance the suggestion to use paper wallets further up is a BAD IDEA. People have lost money doing that. Neither BWA or MultiBit support paper wallets. Trying to make them do so by abusing backup support or using direct key import is a fast way to accidentally send your money to a change address and then destroy it, rendering the paper wallet completely empty.

We need to get users away from directly fiddling with the keychain in their wallet. Each use case can be supported individually. Paper wallets do make sense as a last-ditch backup, but they need the app to understand that a particular thing it scanned is a "paper wallet" so it can manage change appropriately, which means deterministic wallets pretty much. Overall though paper wallets are not a replacement for real backups because with time wallet metadata will become more and more important.

Synchronizing multiple wallets together across apps is another use case that's easy to screw up if you aren't a protocol expert. You can end up creating spends that don't confirm very easily if they drift out of sync at all. It's something that's worth supporting, but again, it needs a real UI/wizard in the app and the app needs to know the wallet is in use in multiple places at once, so it can do the right things at the right times.
Jan
Legendary
*
Offline Offline

Activity: 1043
Merit: 1000



View Profile
August 15, 2013, 01:39:44 PM
 #377

The thing is, that in order to spend from an arbitrary private key you need to know the unspent outputs sent to its address. This means scanning the block chain from the first point in time (block) where the first transaction sent funds to it. If this point is not known you will have to scan all the way from the genesis block up till now.

Clients running in SVP mode were not meant for that, and cannot do that efficiently.

Instead they create a random key and track it from the point (block) where they were created. Because the key is a random 256 bit value it is unique beyond reasonable doubt, and it is safe to assume that previous blocks did not contain transactions that send any funds to it. This way SVP clients can do with much less storage and (with bloom filters) much less bandwidth than full bitcoin nodes, while still validating soundness.

Mycelium let's you hold your private keys private.
Krellan
Member
**
Offline Offline

Activity: 106
Merit: 10


View Profile
August 15, 2013, 10:08:26 PM
 #378

I LOVE this wallet and have been using it for a very long time.

However, I am THIS close to uninstalling it because it automatically starts up when I do not want it to.  Please add a checkbox/option so I can turn off this feature.  I want to start it up when I want to start it up.  When I plug in my phone to charge it, most of the time I do not want it to auto start.

Please, pretty please.

+1
I think there's an option for this already, I'm sure its disabled on my phone.

EDIT: 1st option in settings, "Sync on power". A disconnect on close option would be appreciated here though.
Thanks!  Sorry I missed that option.  I will give it a try.
The reason I missed that option is that it no longer exists!

I totally agree with this.  Really don't like the app running automatically at startup, with no way to disable it.  Why is this necessary?  At the very least, allow users to control this feature with a checkbox, so that it can be enabled or disabled as desired.  It's a great app, and it syncs to the Bitcoin network very quickly upon demand, so it shouldn't be necessary to have it always running.

(Edit) It's worse now!  Unfortunately, there has been an insidious new thing added to this app.  It now automatically starts up in the background, on a timer!  Every few minutes, it pops up.  That's maddening, to say the least.  This happens no matter if your phone is on battery or on charger, so not only will it waste your network, it will waste your battery as well.  Beyond frustrated.  The developer, unfortunately, does not understand that this would be a problem to many people.  I have no choice but to empty my wallet and delete this app.

1JUZr4TZ5zuB4WdEv4mrhZMaM7yttpJvLG Smiley
Andreas Schildbach
Moderator
Hero Member
*
Offline Offline

Activity: 483
Merit: 500


View Profile
August 16, 2013, 07:50:57 AM
 #379

It now automatically starts up in the background, on a timer!  Every few minutes, it pops up.  That's maddening, to say the least.  This happens no matter if your phone is on battery or on charger, so not only will it waste your network, it will waste your battery as well.  Beyond frustrated.  The developer, unfortunately, does not understand that this would be a problem to many people.  I have no choice but to empty my wallet and delete this app.

This is not new. After you last used the app, it will sync a couple of times in quick succession (15 mins). It will then fallback to sync once a day. It will always time syncs so it will sync at the same time as all other apps. This means there is little or no additional battery used, because your mail, social networks etc. already sync at that time.

In the prefs, I added a shortcut to the Data usage settings. If you really think your wallet should not be updated, go there and restrict data. I certainly recommend not doing that. Don't forget to restrict all the other apps - lots of them use much more data than Bitcoin Wallet.
elebit
Sr. Member
****
Offline Offline

Activity: 438
Merit: 250


View Profile
August 16, 2013, 08:45:27 AM
 #380

Ok, so apparently people are using addresses generated off-device with their Bitcoin Wallets for Android.

How did you do that? Did you write a BWA key backup file and imported it?

And, what does it mean that it's not "supported"? How can it fail me?
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 25 26 27 28 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!