Bitcoin Forum
December 05, 2016, 08:39:52 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 [138] 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 ... 232 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 481830 times)
maaku
Legendary
*
Offline Offline

Activity: 905


View Profile
October 28, 2013, 11:42:26 PM
 #2741

It's also a very innocuous way to smuggle keys, using a pre-'shuffled' deck. See also: solitaire encryption algorithm.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
1480927192
Hero Member
*
Offline Offline

Posts: 1480927192

View Profile Personal Message (Offline)

Ignore
1480927192
Reply with quote  #2

1480927192
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480927192
Hero Member
*
Offline Offline

Posts: 1480927192

View Profile Personal Message (Offline)

Ignore
1480927192
Reply with quote  #2

1480927192
Report to moderator
Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
October 29, 2013, 05:10:31 PM
 #2742

Okay guys, I am sure this whole random source discussion is totally exaggerated.
Quit it.
Right now.

You see, I am already thinking about combining that rasbpi and that old radiation source from a smokedetector for a secure, true random, convenient randomness-server.
Which may or may not collect additional randomness sources and XOR them all together.

Any, wtf, they found a hardware rng in the rasbpi:
http://hsmmpi.wordpress.com/2013/09/05/enabling-the-hardware-random-number-generator/

..still want my very own source, though..

Alan, whatdaya think?

Ente
Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
October 29, 2013, 05:15:36 PM
 #2743

Also, on an unrelated note:
I split up funds from one address to several addresses in a different wallet. When entering the outputs, Armory wrote the wallet name at the first five output addresses, but then not any more for the next addresses. And finally, in the tx list of the main window, a wrong tx size is displayed.
Let's say it was 1.0005 BTC transferred to ten addresses, 0.1 BTC each, with 0.005 BTC fees. Then the main window only shows a tx of 0.9 BTC, missing the tenth one. Everything arrived where it should, though.
You can imagine these two symptoms got me slightly sweatin' ;-)

Ente
superbit
Hero Member
*****
Offline Offline

Activity: 693



View Profile
October 30, 2013, 12:41:02 AM
 #2744

I'm confused with all this entropy randomness stuff?  Can't I just use armory and encrypt my wallet?

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
October 30, 2013, 11:25:57 AM
 #2745

I'm confused with all this entropy randomness stuff?  Can't I just use armory and encrypt my wallet?
you can create a new encrypted armory wallet without to know/read anything from the above. the talk is more tech/freak related and not ment for normal end users Wink

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
October 30, 2013, 11:27:20 AM
 #2746

...
Any, wtf, they found a hardware rng in the rasbpi:
http://hsmmpi.wordpress.com/2013/09/05/enabling-the-hardware-random-number-generator/
...
Ente
{HW,T}RNG for Pi is awesome, ty for sharing!

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
flipperfish
Sr. Member
****
Offline Offline

Activity: 312


Dolphie Selfie


View Profile
October 30, 2013, 11:36:10 AM
 #2747

I'm confused with all this entropy randomness stuff?  Can't I just use armory and encrypt my wallet?

Actually, you can. The discussion is about the case, where the random number of which the private key is derived at the time the wallet is created is not so random as it should be. For example, if there is no input of random external events to the linux-kernel's /dev/random, it will spit out 00000... as random number. But fortunately on a usual desktop computer, there are external random events. Every movement of mouse, every keypress on the keyboard, every ethernet-package and the current time are considered. However there are ways to improve the randomness even further. For example one could use the audiorecording of the environment. Or a video of you jumping randomly in front of the camera.

In my opinion, these advanced measures are only needed, if there is demand for a high throughput of random numbers, which is not the case for the wallet creation. But on webservers for example, where there is a lot of ssl-traffic, the pool of randomness may deplete (of course this is also exacerbated by the fact, that usually there are no mouse or keyboard events on a server).
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
October 30, 2013, 11:46:18 AM
 #2748

In my opinion, these advanced measures are only needed, if there is demand for a high throughput of random numbers, which is not the case for the wallet creation.

Agreed, there should be more than enough entropy available on a normal desktop/laptop computer for wallet generation.  I guess part of the reason for generating the seed yourself is that some people worry that the NSA or others have subverted the random number generation process to generate less-than-ideally random numbers.  Such worries are in my opinion reasonably paranoid, but perhaps not totally without foundation.  NIST (the National Institute of Standards and Technology) recently withdrew one of their recommended random number generation algorithms due to worries about NSA subversion of it (incidentally, an algorithm partly based on the same math as bitcoin, elliptic curves.  Not that the NSA subversion would be relevant for bitcoin, it was just relating to using elliptic curves to generate random numbers).


etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
October 30, 2013, 03:03:44 PM
 #2749

Update:  0.89.99.8-testing

https://bitcointalk.org/index.php?topic=299684.msg3439894#msg3439894



With respect to entropy:  I think it's justified to want to supply your own high-quality entropy.  If the real, analog entropy is generated properly, there's almost no reason for a reasonably-paranoid user not to do it, besides convenience.  It may not be substantially better than the system RNG, but it wont' be worse (again, if you do it right).  You immediately remove all uncertainties about the PRNG algorithms, etc, and know that you are producing analog, memory-less entropy that can't be reproduced no matter how broken it turns out the system RNG is.

As such, I approve using your own entropy as long as you have made the process as high-quality as possible, and you don't mind the inconvenience.  However, I also don't believe that it's necessary for 99% of users.  Possibly 100%.  But it doesn't hurt.  

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
October 30, 2013, 04:17:30 PM
 #2750

I'm confused with all this entropy randomness stuff?  Can't I just use armory and encrypt my wallet?

It's only for people who don't trust their computer.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
go1111111
Full Member
***
Offline Offline

Activity: 182


View Profile
October 30, 2013, 07:51:37 PM
 #2751

Backing up your wallet to a shared service like Dropbox is like buying a bullet-proof vest, and then asking a random person to shoot you in the chest.  Yes, there's a very good chance your bullet-proof vest will survive, especially if you got a good one (strong passphrase), but if they happen to be hardcore and have military-grade firearms, you might be in trouble.  You'd be best not to test it.

Let's say that you had to give a wallet encrypted with Armory to the NSA, and you knew the NSA would spend their entire budget for one year on trying to crack your wallet and steal your bitcoins. All their employees would devote 100% of their time to this project, and all their computing resources would be used for this project. What's your estimate of the probability that they would succeed in stealing your bitcoins? Does that change if you were forced to create your wallet using Bitcoin-QT? (QT doesn't give options for encryption settings like Armory does, so many password guessing would be significantly faster with a QT wallet?).

I haven't switched to Armory yet, because it looks from this thread like the Armory code is in a lot of upheaval and the QT wallet code is more stable. I'm basically estimating that the increased chance of a bug in Armory which results in me somehow losing my money offsets any theoretical security benefit I'd get from it. I haven't really studied the risks though. What would you say to people who shared my concern?



cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
October 30, 2013, 08:53:11 PM
 #2752

I haven't switched to Armory yet, because it looks from this thread like the Armory code is in a lot of upheaval and the QT wallet code is more stable. I'm basically estimating that the increased chance of a bug in Armory which results in me somehow losing my money offsets any theoretical security benefit I'd get from it. I haven't really studied the risks though. What would you say to people who shared my concern?

The stable version of armory is fine.  It's just the beta version that's... beta.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
October 30, 2013, 09:28:36 PM
 #2753

Let's say that you had to give a wallet encrypted with Armory to the NSA, and you knew the NSA would spend their entire budget for one year on trying to crack your wallet and steal your bitcoins. All their employees would devote 100% of their time to this project, and all their computing resources would be used for this project. What's your estimate of the probability that they would succeed in stealing your bitcoins? Does that change if you were forced to create your wallet using Bitcoin-QT? (QT doesn't give options for encryption settings like Armory does, so many password guessing would be significantly faster with a QT wallet?).

It depends on the password size and the key-stretching settings.  Let's make some assumptions:

  • You use default Armory settings, which means it takes about 0.25 sec per guess on an i5-2500K CPU
  • The NSA has no real advantages or shortcuts -- no SHA512 shortcuts, no clue what your password is or might be
  • The password is 12 characters long, including all uppercase, lowercase, numbers and special symbols... so the password has an alphabet of approximately 70 letters.
  • Since passwords are usually chosen by humans (and not proper randomness), let's assume that your password is good but doesn't have full 12 characters of entropy.  Let's say 9 characters of real randomness spread across the 12 characters of password. (this is actually a tad optimistic, but we can scale the results based on any change in assumptions)
  • Armory's key-stretching is designed to be GPU-resistant, since it requires 4-32MB of dedicated RAM per process/thread doing password checking.  GPUs normally get something like 1,000x speedup at password guessing, but we'll assume 10x here.

Then to guess the password on a single GPU, it would require:

709 * 0.25sec / 10(GPUadvantage) = 1,008,840,175,000,000 seconds = 31,990,112 years

Okay, so 32 million years on a single strong GPU.   If we assume that they have 1,000,000 GPUs to throw at it, then it's 32 years to break that encryption using all of their resources for an entire generation of humans.  It's actually a bit longer if they don't know how many characters it is and have to search through passwords shorter than 12 letters.  That's fairly prohibitive, and requires the agency to divert all resources to you. 

If you up it to 16 characters with approximately 12 characters of entropy, then it goes from 32 years to 11,000,000 years.  At most points in this process, they have better things to do with their resources than attempt this.  In fact, they'd be much more likely to just go searching your house for paper backups or sticky notes that might just have the password on it, and then give up if they can't find it.


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
go1111111
Full Member
***
Offline Offline

Activity: 182


View Profile
October 30, 2013, 10:19:47 PM
 #2754

etotheipi, thanks for the detailed description of the math.

-How many ms/RAM per guess would be required on the same hardware, using the default Bitcoin-QT settings? I'm trying to get a sense of how much better the default Armory encryption settings are than the default QT encryption settings. I'm betting you know this off the top of your head. I'll handle all the math in the future now that you've shown me how Smiley

-I've noticed that when discussion security risks, no one ever talks about probabilities. People always use vague terms to express how likely something is. I am very curious what actual probabilities security experts assign to the events I asked about, taking into account unknowns (and the risk of unknown unknowns). The NSA may have a way to crack AES-256 encryption, even if the probability is small, so that has to be factored in. Can you give your actual estimate of the probability of the NSA cracking your encrypted wallet within a year if (a) you had to use the version of Armory on the main download page right now, and if (b) you used the default settings of QT client? You can use whatever process you want to generate passwords. Assume you simply have to give them a USB stick with the encrypted wallets on them 24 hours after you read this.

My estimates (without being any sort of crypto or security expert) are 0.1% chance of my bitcoins being stolen in both cases.

go1111111
Full Member
***
Offline Offline

Activity: 182


View Profile
October 30, 2013, 10:26:02 PM
 #2755

The stable version of armory is fine.  It's just the beta version that's... beta.

As mentioned in my last post, people are very vague about security risk probabilities. Words like "fine" aren't that helpful when we're talking about extremely low probabilities. In general, people are not designed to reason well about low probability events.

I would guess that the Armory wallet code is at least 2x as likely to contain a bug that will somehow result in me losing bitcoins than the QT code (without me looking at either codebase, just based on the # of eyeballs that have looked at each codebase and the fact that QT has had more usage). What I'm trying to figure out is if the added theoretical security of Armory is worth my estimated 2x bug risk, but it's hard because I haven't seen anyone do a detailed enough analysis when discussing this.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
October 30, 2013, 10:41:11 PM
 #2756

The stable version of armory is fine.  It's just the beta version that's... beta.

As mentioned in my last post, people are very vague about security risk probabilities. Words like "fine" aren't that helpful when we're talking about extremely low probabilities. In general, people are not designed to reason well about low probability events.

I would guess that the Armory wallet code is at least 2x as likely to contain a bug that will somehow result in me losing bitcoins than the QT code (without me looking at either codebase, just based on the # of eyeballs that have looked at each codebase and the fact that QT has had more usage). What I'm trying to figure out is if the added theoretical security of Armory is worth my estimated 2x bug risk, but it's hard because I haven't seen anyone do a detailed enough analysis when discussing this.

"2x as likely to contain a bug" is really meaningless.  Both applications have been around for a very long time, and have been thoroughly tested by thousands of people.  Armory is used by some of the biggest bitcoin investors and holders, because it was created for exactly that purpose.  I tested the bejeezuz out of the wallet code before I ever released it for use, and that code continues to remain almost entirely untouched without issue, even after  almost 2 years.  So far there's never been a report of any problems losing coins that couldn't have been avoided if the user had made a paper backup (and tested it).   Make a paper backup and test it.   

You can make your own decisions about it.  But it's got a pretty solid reputation for being secure and robust.  What's not awesome about it is the time needed to get it running and the resources it uses.   So far, I've swept that under the rug as "the cost of security."  Luckily, a lot of the usability issues should be resolved that soon.  But it's not stopping people who really want to use it, from using it. 

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
October 30, 2013, 10:59:18 PM
 #2757

The stable version of armory is fine.  It's just the beta version that's... beta.

As mentioned in my last post, people are very vague about security risk probabilities. Words like "fine" aren't that helpful when we're talking about extremely low probabilities. In general, people are not designed to reason well about low probability events.

I would guess that the Armory wallet code is at least 2x as likely to contain a bug that will somehow result in me losing bitcoins than the QT code (without me looking at either codebase, just based on the # of eyeballs that have looked at each codebase and the fact that QT has had more usage). What I'm trying to figure out is if the added theoretical security of Armory is worth my estimated 2x bug risk, but it's hard because I haven't seen anyone do a detailed enough analysis when discussing this.

Talk about not being designed to reason well about probabilities...

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
go1111111
Full Member
***
Offline Offline

Activity: 182


View Profile
October 31, 2013, 12:14:43 AM
 #2758

I tested the bejeezuz out of the wallet code before I ever released it for use, and that code continues to remain almost entirely untouched without issue, even after  almost 2 years. 

Good to hear -- thanks for the details.

Talk about not being designed to reason well about probabilities...

Any feedback about how you'd reason differently about this stuff?
RoadStress
Legendary
*
Offline Offline

Activity: 1470


View Profile
October 31, 2013, 11:10:40 AM
 #2759

Noob armory user here. I recently had some problems with the bitcoin-qt client and i would like to switch to Armory, but i need a bit of info first. From what i know using wallets from bitcoin-qt i need to make a backup every time i spend money from that wallet(is this true?). Does this apply to wallets from Armory? If not then all i need to backup is the .wallet file right?
I made 2 transactions to a newly created Armory wallet, but i only see one. Why? Was the first one sent without any fees or why i can't see it? Address is 1ARkEy4NMhEzvrSQCWCKnqBgBkN6fg2xb3
Can i choose from which address i send money?
Any other tips for wallet safety?
Thank you.

iCEBREAKER is a troll! He and cypherdoc helped HashFast scam 50 Million $ from its customers !
H/w Hosting Directory & Reputation - https://bitcointalk.org/index.php?topic=622998.0
wachtwoord
Legendary
*
Offline Offline

Activity: 1484



View Profile WWW
October 31, 2013, 11:34:16 AM
 #2760

From what i know using wallets from bitcoin-qt i need to make a backup every time i spend money from that wallet(is this true?). Does this apply to wallets from Armory? If not then all i need to backup is the .wallet file right?

It is true for QT (make a backup every 100 used addresses). It's isn't necessary for Armory because the wallet is deterministic (from the initial seed all future addresses can be calculated). Therefore you only have to make a backup of the wallet file OR make a paper backup which is directly supported in Armory in user friendly way.

I made 2 transactions to a newly created Armory wallet, but i only see one. Why? Was the first one sent without any fees or why i can't see it? Address is 1ARkEy4NMhEzvrSQCWCKnqBgBkN6fg2xb3

I see two? https://blockchain.info/address/1ARkEy4NMhEzvrSQCWCKnqBgBkN6fg2xb3 are you certain Bitcoin-QT is synced with the Bitcoin network?

Can i choose from which address i send money?

Yup. The functionality is coin control.

Any other tips for wallet safety?

For additional safety I would recommend configuring a cold wallet/watch only wallet combo. Install Armory on a old computer without access to the internet (EVER!). The export a watch only version of the wallet and import this in your normal computer. The every time you make a transaction you (1) make the transaction on your normal computer, (2) Sign the transaction on the offline computer (the only one with the private keys) and then (3) send the signed transaction to the Bitcoin network on any computer with internet access (and Armory installed). This adds a lot of security because your private keys (which control your Bitcoins) will never touch a computer with internet access!

Read: http://bitcoinarmory.com/about/using-our-wallet/#offlinewallet

Thank you.

You're welcome

Pages: « 1 ... 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 [138] 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 ... 232 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!