BitcoinSpinner

[molecular]

wait, which do you recommend?  mycelium or spinner 0.8.3.   makes no diff to me.

since one shouldn't reuse addresses (for privacy and especially in recent light for higher security), mycelium is a step in the right direction.

[Jan]

• Unlike the Android Bitcoin Wallet, Mycelium does not connect directly to several nodes in the Bitcoin network. This means less bandwidth requirement for your mobile plan, less power consumption, and immediate availability, but also means that the server side could establish IP/address relations. (which it doesn't)

Can you reason this claim? Bitcoin Wallet also is "immediate available", has a very low bandwidth requirement and power consumption. The Bitcoin P2P protocol is very efficient (its binary), so how can Mycelium get any better than that?

Android Bitcoin Wallet connects to multiple nodes. Each node sends protocol messages containing inventory messages, blocks (filtered), transactions (filtered), ping and so forth. All this data is processed and which incurs a great deal of bookkeeping.  Each connection is kept alive (I guess also some time after the app has stopped).
Mycelium depends on a server, but it is updated in one or two messages.

[giszmo]

I switched back to Bitcoin wallet as it really is not that heavy and closer to how Bitcoin should work. I expect innovation from you guys though.

[molecular]

I switched back to Bitcoin wallet as it really is not that heavy and closer to how Bitcoin should work. I expect innovation from you guys though.

Andreas' bitcoin wallet doesn't offer pin, does it?. I know a pin is easily brute-forceable, but what the fuck... can't even go for a leak with my phone on the table?!?

[Andreas Schildbach]

Mycelium depends on a server, but it is updated in one or two messages.

Is the format of these messages (the protocol) documented somewhere?

Is the source code of the server side available? Can it be audited for security vulnerabilities?

Andreas' bitcoin wallet doesn't offer pin, does it?

Wallet encryption is planned, but its not ready yet. For now, you can use the Android lock screen. It should provide the same level of security as a simple PIN lock for the wallet.

[molecular]

Mycelium depends on a server, but it is updated in one or two messages.

Is the format of these messages (the protocol) documented somewhere?

Is the source code of the server side available? Can it be audited for security vulnerabilities?

Andreas' bitcoin wallet doesn't offer pin, does it?

Wallet encryption is planned, but its not ready yet. For now, you can use the Android lock screen. It should provide the same level of security as a simple PIN lock for the wallet.

Good to know it's planned.

It doesn't provide the same level of security, at least not in my case: I use PIN lock but consider that PIN to be easily compromised: I enter it often and it can easily be read "over my shoulder". This is even unecessarily made easier by the fact that the stupid lock screen actually displays the pin while entering it (albeit one digit at a time, but still it's very easy to read even when typing really fast). So I consider the lock-screen PIN quite insecure. To support this: my gf actually told me my lockscreen PIN a couple of days ago. She just read it when I entered it.

Wallet PIN is entered a lot less frequently. My one is longer, too and I take good care that noone watches (the whole sequence) when I enter it.

[Jan]

Andreas, it seems to me that you persistently want to complain about something today 

Is the format of these messages (the protocol) documented somewhere?

The wallet sources are available here: https://github.com/mycelium-com/wallet
The API interface is pretty straightforward: https://github.com/mycelium-com/wallet/blob/master/public/mbwapi/src/main/java/com/mrd/mbwapi/api/MyceliumWalletApi.java

Is the source code of the server side available? Can it be audited for security vulnerabilities?

The server side sources are not open, and they don't have to. As you can see from the API and wallet code, no matter how much the server cheats and lies, it cannot spend your coins. It basically tells you what the unspent outputs are for a given set of addresses. If it tells you something wrong your transactions will not get accepted by the network. If this happens users would quickly get unhappy and move their private keys somewhere else.
The server side contains no 'secrets', usernames, passwords, and whatnot. It is just a stunningly fast index on the blockchain and unconfirmed transactions.

[apetersson]

Wallet PIN is entered a lot less frequently. My one is longer, too and I take good care that noone watches (the whole sequence) when I enter it.

Please note that the pin protects you from a kid grabbing your smartphone while on the toilet. it can not protect against a dedicated attacked with physical access to the phone, or root-level malware, any 6-digit pin would be cracked in minutes anyways. what could work is server side pin support with 2-of-3 multisig. that could in fact help against root level malware (but we are not there yet)

therefore, the pin does NOT encrypt your private keys it is just a UI measure.

[giszmo]

While at the toilet the kids *have* to play pou so no way I could lock the screen with anything they don't know. The wallet pin they don't need to know and the backup saves me when the uninstall "stupid apps" to make room for more "cool" games.

[niko]

• Unlike the Android Bitcoin Wallet, Mycelium does not connect directly to several nodes in the Bitcoin network. This means less bandwidth requirement for your mobile plan, less power consumption, and immediate availability, but also means that the server side could establish IP/address relations. (which it doesn't)

Can you reason this claim? Bitcoin Wallet also is "immediate available", has a very low bandwidth requirement and power consumption. The Bitcoin P2P protocol is very efficient (its binary), so how can Mycelium get any better than that?

Any plans for private key management from you guys? That is Mycelium's best "killer feature" right now.

Wrong thread. Continued here: https://bitcointalk.org/index.php?topic=4384.msg2932680#msg2932680

[Richy_T]

I haven't noticed this stated explicitly though it seems to mean that it would be the case. Does this latest security issue mean that the Bitcoin address that I have been using from Bitcoinspinner should be retired permanently and not re-imported*?



(*With the possible exception of coins somehow getting sent to it somehow and then just to move them out)

[westkybitcoins]

I haven't noticed this stated explicitly though it seems to mean that it would be the case. Does this latest security issue mean that the Bitcoin address that I have been using from Bitcoinspinner should be retired permanently and not re-imported*?

Short answer: yes, unfortunately.

[Richy_T]

Is there any way to empty my wallet without having to play "chase the network fee"? Everytime I subtract 0.0005 from the amount I want to send, BitcoinSpinner calculates that I need 0.0005 more and I don't have enough to send. This has happened through five or six (now eight) iterations, I'm kinda getting fed up.

Edit: Finally went at 0.0055

[westkybitcoins]

Is there any way to empty my wallet without having to play "chase the network fee"? Everytime I subtract 0.005 from the amount I want to send, BitcoinSpinner calculates that I need 0.005 more and I don't have enough to send. This has happened through five or six (now eight) iterations, I'm kinda getting fed up.

I ran across this too. If you import the private key into Mycelium, it is able to sweep everything it can into one spend after it calculates the necessary fee. Then you can just archive the key in case someone sends funds to it.

[VeeMiner]

Is there any way to empty my wallet without having to play "chase the network fee"? Everytime I subtract 0.0005 from the amount I want to send, BitcoinSpinner calculates that I need 0.0005 more and I don't have enough to send. This has happened through five or six (now eight) iterations, I'm kinda getting fed up.

Edit: Finally went at 0.0055

I had the same problem, I had just a few fractions of mBTC left there and unluckilly I was unable to get them out due to the weird fee calculation system. Whatever, it was not even a dollar

[Rassah]

Can we have an option to force a transaction with zero fees please? Sometimes I just need to send money between accounts, and I don't care if it takes days to process.

[elebit]

Android Bitcoin Wallet connects to multiple nodes.

To be fair, that's a config option. You can lock it to a specified server. This makes it faster.

Both Mycelium and Bitcoin Wallet are fast enough from a user perspective. Both can be lifted out of the pocket and do a transaction in the blink of an eye.

It is probably true that Mycelium is a bit faster and transmits less data though. Does it matter? For some people it does, for example if you are roaming abroad, which is so expensive every megabyte counts.

[Jan]

Is there any way to empty my wallet without having to play "chase the network fee"? Everytime I subtract 0.005 from the amount I want to send, BitcoinSpinner calculates that I need 0.005 more and I don't have enough to send. This has happened through five or six (now eight) iterations, I'm kinda getting fed up.

I ran across this too. If you import the private key into Mycelium, it is able to sweep everything it can into one spend after it calculates the necessary fee. Then you can just archive the key in case someone sends funds to it.

You can also use the Cold Storage Spending feature in Mycelium. It basically allows you to do instant spending of any private key.

If you have two devices
BitcoinSpinner on one device: Click options button -> Settings -> Advanced -> Export Private Key
Mycelium on another device: Click options button -> Clod Storage -> QR-Code, and choose MAX for the amount (swiping)

If you are on the same device
In BitcoinSpinner: Click options button -> Settings -> Advanced -> Export Private Key -> Copy to clipboard
In Mycelium: Click options button -> Clod Storage -> Clipboard, and choose MAX for the amount (swiping)
Please note that the private key will be exposed to other apps on your device in the clipboard.
Alternatively you can use a camera to take a picture of the QR-code

[Jan]

Can we have an option to force a transaction with zero fees please? Sometimes I just need to send money between accounts, and I don't care if it takes days to process.

There is no guarantee that you transaction will ever get mined if you are below the relay fee, as it may never reach a miner. The 0.0001 fee pr 1000 bytes which Mycelium uses is already pushing the limits. With a zero fee feature, greed will make people enable it, and when it turns out that their transactions never confirm they will blame it on the wallet (or developer... shit, that's me) or simply say "Bitcoin sucks"

[Rassah]

Put about 15 "Are you sure?". "Are you really really sure?" confirmations in front of it 

Or just allow unconfirmed transactions to expire after a day or two, making the money available in the wallet again, and letting you try to create another transaction, maybe with a fee this time. That's the way blockchain.info does it. Or used to.