Bitcoin Forum
December 05, 2016, 08:40:14 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 [111] 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 ... 232 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 481843 times)
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
May 15, 2013, 06:13:29 PM
 #2201

Is there anything protection against the following attack?

Say I'm using an offline wallet, and I want to send some funds to an address. My offline wallet contains 1000 BTC at a single address, and I want to send 10 BTC to an address.

My online computer is infected. The Armory running here has been replaced with a malicious version. The malicious version of Armory creates a transaction that, correctly, sends the 10 BTC to my desired destination, but returns the 990 BTC change to an attacker's wallet.

Can the offline Armory version tell if an output is a change address, and thus deduce whether it's sending change back to an address owned by itself or to an attacker?

I can see when I make large transactions that online Armory hides the change address. If the attacker makes the online Armory version hide the change address (which belongs to the attacker), and the offline Armory doesn't know whether it's sending 10 BTC with 990 BTC change, or 10 BTC to one foreign address and 990 BTC to another foreign address, then it's very difficult for me to see in offline Armory what's really happening, since I don't know my own change address.

Is it possible to mark change addresses with some specific color in offline Armory, so I can see that a specific address is indeed a change address, or is this already done?

Thanks!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480927214
Hero Member
*
Offline Offline

Posts: 1480927214

View Profile Personal Message (Offline)

Ignore
1480927214
Reply with quote  #2

1480927214
Report to moderator
1480927214
Hero Member
*
Offline Offline

Posts: 1480927214

View Profile Personal Message (Offline)

Ignore
1480927214
Reply with quote  #2

1480927214
Report to moderator
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
May 15, 2013, 06:24:35 PM
 #2202

Is there anything protection against the following attack?

Say I'm using an offline wallet, and I want to send some funds to an address. My offline wallet contains 1000 BTC at a single address, and I want to send 10 BTC to an address.

My online computer is infected. The Armory running here has been replaced with a malicious version. The malicious version of Armory creates a transaction that, correctly, sends the 10 BTC to my desired destination, but returns the 990 BTC change to an attacker's wallet.

Can the offline Armory version tell if an output is a change address, and thus deduce whether it's sending change back to an address owned by itself or to an attacker?

I can see when I make large transactions that online Armory hides the change address. If the attacker makes the online Armory version hide the change address (which belongs to the attacker), and the offline Armory doesn't know whether it's sending 10 BTC with 990 BTC change, or 10 BTC to one foreign address and 990 BTC to another foreign address, then it's very difficult for me to see in offline Armory what's really happening, since I don't know my own change address.

Is it possible to mark change addresses with some specific color in offline Armory, so I can see that a specific address is indeed a change address, or is this already done?

Thanks!

Yes, the offline computer can see that.  Remember *always* to check the transaction on the offline computer, the change address will be marked with the label of the wallet.  If neither address is labeled, you are in trouble.  This is why Armory always tells you to double-check the transaction on the offline computer.

Recently, I did something like that myself.  I was combining a payment with moving some funds. I made a payment using a single input (coin control), and two outputs, one was my payment the other an address in my blockchain.info wallet.  So no change address.  Armory issued a warning that I could be falling victim to the attack you describe.  I cannot remember if it was the online or offline Armory that warned me.  Looks like etotheipi has thought about this vector Smiley
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
May 15, 2013, 07:02:10 PM
 #2203

Is there anything protection against the following attack?

Say I'm using an offline wallet, and I want to send some funds to an address. My offline wallet contains 1000 BTC at a single address, and I want to send 10 BTC to an address.

My online computer is infected. The Armory running here has been replaced with a malicious version. The malicious version of Armory creates a transaction that, correctly, sends the 10 BTC to my desired destination, but returns the 990 BTC change to an attacker's wallet.

Can the offline Armory version tell if an output is a change address, and thus deduce whether it's sending change back to an address owned by itself or to an attacker?

I can see when I make large transactions that online Armory hides the change address. If the attacker makes the online Armory version hide the change address (which belongs to the attacker), and the offline Armory doesn't know whether it's sending 10 BTC with 990 BTC change, or 10 BTC to one foreign address and 990 BTC to another foreign address, then it's very difficult for me to see in offline Armory what's really happening, since I don't know my own change address.

Is it possible to mark change addresses with some specific color in offline Armory, so I can see that a specific address is indeed a change address, or is this already done?

Thanks!

Yes, the offline computer can see that.  Remember *always* to check the transaction on the offline computer, the change address will be marked with the label of the wallet.  If neither address is labeled, you are in trouble.  This is why Armory always tells you to double-check the transaction on the offline computer.

Recently, I did something like that myself.  I was combining a payment with moving some funds. I made a payment using a single input (coin control), and two outputs, one was my payment the other an address in my blockchain.info wallet.  So no change address.  Armory issued a warning that I could be falling victim to the attack you describe.  I cannot remember if it was the online or offline Armory that warned me.  Looks like etotheipi has thought about this vector Smiley
Awesome!

I just checked it and the "Wallet ID" field for the destination address is filled out with the wallet ID for my offline wallet if it's a change address. That's brilliant. And it's even better that Armory pops up a warning if neither of the outputs are owned by me. Then an attacker has to make a three-output transaction in order to trick me, and I will definitely notice if I'm sending to a single address and there are three outputs.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 15, 2013, 07:08:35 PM
 #2204

Awesome!

I just checked it and the "Wallet ID" field for the destination address is filled out with the wallet ID for my offline wallet if it's a change address. That's brilliant. And it's even better that Armory pops up a warning if neither of the outputs are owned by me. Then an attacker has to make a three-output transaction in order to trick me, and I will definitely notice if I'm sending to a single address and there are three outputs.

It's pretty satisfying to see people discover--and get excited about!--a feature that I carefully implemented to try to fill in all these little holes, not knowing if they'd ever actually be a deterrent for anything.  I don't know if it's making any hackers' lives more difficult, but at least someone noticed the effort I put in to do it Smiley  Thanks!

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 16, 2013, 07:23:54 AM
 #2205

Some bounty-goodness, here:

https://bitcointalk.org/index.php?topic=206874.0

Yes, I finally got around to implementing this M-of-N backup stuff.  And it turned out pretty awesome (besides needing some polishing).  

The testing will be useful in general, but I especially need it in the next 24 hours so I can demo it at the conference.


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
May 16, 2013, 07:27:23 AM
 #2206

Some bounty-goodness, here:

https://bitcointalk.org/index.php?topic=206874.0

Yes, I finally got around to implementing this M-of-N backup stuff.  And it turned out pretty awesome (besides needing some polishing). 

The testing will be useful in general, but I especially need it in the next 24 hours so I can demo it at the conference.

I wish I could be of helpfulness and test. I do have to say, every time you post screenshots, you make me more and more excited for the next release.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
oakpacific
Hero Member
*****
Offline Offline

Activity: 798


View Profile
May 16, 2013, 07:42:31 AM
 #2207

So Alan how is it going with the usability issue? I don't mean to be demanding but would like it if you can give me some time frame. Smiley

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
flipperfish
Sr. Member
****
Offline Offline

Activity: 312


Dolphie Selfie


View Profile
May 16, 2013, 10:06:11 AM
 #2208

Is it already possible to have encrypted paper backup with a custom password? Does the encryption for the paper backup also use some key-stretching (like scrypt, pkbdf2)?
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 16, 2013, 02:55:51 PM
 #2209

So Alan how is it going with the usability issue? I don't mean to be demanding but would like it if you can give me some time frame. Smiley

I made a lot of progress on the persistent blockchain stuff, but when I realized I couldn't finish it before the conference, I decided I had to finish this feature instead.  I may not have mentioned it here, but a friend paid for an exhibitor booth at the conference, and he and his buddy are running (and I'll be there, too).  And we got a good location, too, by the door.  We'll be doing lots of demos.  I decided having the super-backup system (at least in demo) was worth delaying the persistent blockchain stuff by a week.

I made a lot of good progress on the persistent blockchain stuff, but it'll probably still be a couple weeks after the conference before it's ready.

Is it already possible to have encrypted paper backup with a custom password? Does the encryption for the paper backup also use some key-stretching (like scrypt, pkbdf2)?

(1) The encryption uses the same key-stretching as is used for wallet encryption which is a simpler (but less flexible) version of scrypt.  It's hardcoded to use 16 MB of RAM per thread, which means it must do 262,144 SHA512 invocations, and keep each step in RAM as a lookup table to use for 144k lookup operations.    This will take older computers a second or two, but it will be done so infrequently, I decided, I should err on the side of taking too long. 

(2) There is no custom passphrase.  However, the intention of M-of-N was to replace that.  An encrypted backup is just a 2-of-2 backup -- requiring the paper, and the password in your head.  You can, instead, do a 2-of-2 backup with the new utility, and think of one sheet being the encryption key for the other.  But with this, you get an extremely flexible tradeoff of security and redundancy.  M is how much "security" you want, and N is how much redundancy you want (well, N-M).   

I've ranted before about the dangers of having an encrypted paper backup option, because it's the one place where users should not always pick the "best-sounding" option .. i.e. "Oh yeah, encrypt everything, great!".   I have seen probably 200+ BTC lost to forgotten passphrases.  It's tough to have the encrypted backup option while still encouraging people to have at least one unencrypted backup, somewhere.  Or rather, prevent people from unwittingly creating brainwallets.


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
13Charlie
Full Member
***
Offline Offline

Activity: 214



View Profile
May 16, 2013, 03:08:15 PM
 #2210

The M-of-N feature is pretty awesome.
It has been in the works for a while now.

Thanks Alan.

Not ignoring anyone. . . . . Yet
Tip Jar - 18YWB8cQ8vb5s7PTGvxu1E6DqmQV3Srj2W
TierNolan
Legendary
*
Offline Offline

Activity: 1036


View Profile
May 16, 2013, 03:16:20 PM
 #2211

This is definitely a Bitcoin problem, not an Armory problem.  Armory is bound to the transaction fee "guidelines" built into the default Bitcoin-Qt/bitcoind apps.  I can let Armory try to send a zero-fee tx, but Bitcoin-Qt/bitcoind may not like it and the tx will be DOA -- it will never make it to the network, because it didn't have enough fee to even be relayed by Bitcoin-Qt/bitcoind.

You could have Armory have a system where it can connect to a given IP address for sending.  The user could enter a miner's IP directly.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 16, 2013, 03:17:52 PM
 #2212

The M-of-N feature is pretty awesome.
It has been in the works for a while now.

Thanks Alan.

Yeah, the logic has been in the code for a while, and I had all these great ideas for wrapping a GUI around it, but no time to do it.  The conference was the perfect excuse to get it done.   We want to showcase the advanced security features of Armory to people going by.  Of course, we have to warn them "This beta only works if you are on a 64-bit OS with 5+ GB of RAM".  Still, it should whet their appetite and give them the impression that Armory is the Cadillac of Bitcoin wallets.  Then when the resource issues are resolved, they'll be excited they can finally use it Smiley



Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 16, 2013, 03:20:18 PM
 #2213

This is definitely a Bitcoin problem, not an Armory problem.  Armory is bound to the transaction fee "guidelines" built into the default Bitcoin-Qt/bitcoind apps.  I can let Armory try to send a zero-fee tx, but Bitcoin-Qt/bitcoind may not like it and the tx will be DOA -- it will never make it to the network, because it didn't have enough fee to even be relayed by Bitcoin-Qt/bitcoind.

You could have Armory have a system where it can connect to a given IP address for sending.  The user could enter a miner's IP directly.

Yeah, but I don't know how many people would ever figure out how to use that feature.  There would be some, but it would be an underwhelming minority Smiley

However, the new auto-bitcoind feature has Armory connecting via RPC, so the sendrawtransaction command will fix this problem.  Bitcoin-Qt/bitcoind will broadcast the tx regardless of what it personally thinks about it.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
OpenYourEyes
Full Member
***
Offline Offline

Activity: 238



View Profile
May 16, 2013, 07:19:33 PM
 #2214

Real nice work, I'll give this a test in the next day or so.

Just out of interest, is it possible to implement some form of two factor authentication into Armory before a transaction is sent?

I do not have much understanding of the technical side of Bitcoin, but say a private key/wallet is encrypted with a bunch on "one-time passwords" that require the use of a phone running gAuth to complete the transaction.

takemybitcoins.com: Spend a few seconds entering a merchants email address to encourage them to accept Bitcoin
PGP key | Bitmessage: BM-GuCA7CkQ8ojXSFGrREpMDuWgv495FUX7
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 16, 2013, 07:23:29 PM
 #2215

Real nice work, I'll give this a test in the next day or so.

Just out of interest, is it possible to implement some form of two factor authentication into Armory before a transaction is sent?

I do not have much understanding of the technical side of Bitcoin, but say a private key/wallet is encrypted with a bunch on "one-time passwords" that require the use of a phone running gAuth to complete the transaction.

That kind of 2-factor auth requires a centralized server. Anything that I implement using, say, google-auth, would be purely security theatre.  It would add 2-factor auth for you using Armory, but someone who steals your wallet file wouldn't need it.  It's because the network doesn't care about google-auth.

However, if I ever get back to the new wallets, I will be implementing two-factor auth using multi-sig network scripts.   Then your phone would also have a bitcoin wallet, and the network would expect to see a signature from both.

I absolutely will be doing this, at some point, but I have a lot of priorities.  Not to mention, I need an Android app Undecided.  I have someone helping with Android stuff, but it's still a ways off.  This is exactly what you want.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
OpenYourEyes
Full Member
***
Offline Offline

Activity: 238



View Profile
May 16, 2013, 07:34:50 PM
 #2216

Great!

Quote from: etotheipi
I absolutely will be doing this, at some point, but I have a lot of priorities.  Not to mention, I need an Android app Undecided.  I have someone helping with Android stuff, but it's still a ways off.  This is exactly what you want.

Android Sad No Meego love?  Grin (Nokia N9 here).

Runs Qt and Python.

I'd give you a measly $150 for that.

Edit: One another thing, I know I've asked a lot already.

Is it possible for Amory to just watch an address? The reason I ask is I use a few paper backups, and send coins on occasion to them, so it would be nice to see the total balance/transactions of them.

takemybitcoins.com: Spend a few seconds entering a merchants email address to encourage them to accept Bitcoin
PGP key | Bitmessage: BM-GuCA7CkQ8ojXSFGrREpMDuWgv495FUX7
chrisrico
Hero Member
*****
Offline Offline

Activity: 496


View Profile
May 16, 2013, 11:00:24 PM
 #2217

Android Sad No Meego love?  Grin (Nokia N9 here).

What sort of user base does Meego have? It probably wouldn't make sense for etotheipi to spend a lot of resources on developing a client for a platform very few (relatively) people use. Given that Armory is open source though, you could develop one or pay to have one developed yourself.

Is it possible for Amory to just watch an address? The reason I ask is I use a few paper backups, and send coins on occasion to them, so it would be nice to see the total balance/transactions of them.

This is not possible with Armory currently. In the past he has expressed opposition to this idea based on the threat model that someone could insert a watching only public key into your wallet and you would have no way of telling it was not yours. Then, someone sends funds to it, making it look like you've been paid, but you have no way to spend those funds.
OpenYourEyes
Full Member
***
Offline Offline

Activity: 238



View Profile
May 16, 2013, 11:07:04 PM
 #2218

Android Sad No Meego love?  Grin (Nokia N9 here).

What sort of user base does Meego have? It probably wouldn't make sense for etotheipi to spend a lot of resources on developing a client for a platform very few (relatively) people use. Given that Armory is open source though, you could develop one or pay to have one developed yourself.

Is it possible for Amory to just watch an address? The reason I ask is I use a few paper backups, and send coins on occasion to them, so it would be nice to see the total balance/transactions of them.

This is not possible with Armory currently. In the past he has expressed opposition to this idea based on the threat model that someone could insert a watching only public key into your wallet and you would have no way of telling it was not yours. Then, someone sends funds to it, making it look like you've been paid, but you have no way to spend those funds.
The user base for Meego is quite low, but I think having (the only) wallet software available would be great.

Hmm. I see your point with the watching only. Perhaps the balance could be shown separate to the total balance, and displayed in red with a warning saying you don't own these funds.
Or maybe, the balance doesn't show at all until you click a "View watching only" button and then you are presented with a warning dialog before being presented with a new window show the watching balances.

takemybitcoins.com: Spend a few seconds entering a merchants email address to encourage them to accept Bitcoin
PGP key | Bitmessage: BM-GuCA7CkQ8ojXSFGrREpMDuWgv495FUX7
CanadianGuy
Full Member
***
Offline Offline

Activity: 182



View Profile
May 17, 2013, 01:28:01 AM
 #2219

was running .87 (i think?)  and started getting a runtime error.  Just updated to .88 and now armory won't open at all!! (I click on it and nothing happens.  Nothing.)
 Angry
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 17, 2013, 01:35:58 AM
 #2220

was running .87 (i think?)  and started getting a runtime error.  Just updated to .88 and now armory won't open at all!! (I click on it and nothing happens.  Nothing.)
 Angry

Do you have any non-ASCII characters in your username?  Like an "é"?  That became a problem in 0.88. 

If so, you might have to stick with 0.87.2 but switch to 64-bit version.  The 32-bit version has stopped working until the next release (with revamped engine). 
http://bitcoinarmory.googlecode.com/files/armory_0.87.2-testing_win64.msi


If you don't have any non-ASCII characters, your problem may simply be that you need to completely uninstall the previous version before installing the new version.  Try that first, then go back to 0.87.2 (64-bit) if it still doesn't work.  In all cases, you're going to have to uninstall the old version, and your wallets will be completely safe through the reinstallation cycle.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pages: « 1 ... 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 [111] 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 ... 232 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!